6 min Security

HPE iLO Security: From remote management to quantum-safe security

HPE iLO Security: From remote management to quantum-safe security

HPE’s iLO management controller is far more than a remote access tool, it is the cornerstone of server security for thousands of enterprise deployments worldwide. At HPE Discover in Las Vegas, Scott Sheffer, VP and Chief Technologist for Compute at HPE, explains how iLO works, why Silicon Root of Trust matters, and how HPE Gen12 servers are already prepared for the quantum computing era.

What started back in the day as an IPMI solution, is now a lot more than just remote access, it offers observability, quantum safe security, a silicon root of trust and it’s all cloud managed. HPE’s iLO has come a long way and is one of the most trivial parts of HPE hardware.

What is iLO and why does it matter?

iLO (Integrated Lights-Out) is HPE’s embedded management controller, built into every ProLiant, Synergy, Edgeline, and Superdome server. It provides a dedicated management interface that covers the full lifecycle of a server. From initial operating system deployment to ongoing health monitoring, firmware updates, and telemetry collection.

Rather than requiring administrators to connect individually to thousands of servers, iLO aggregates data and feeds it into higher-level management platforms. HPE’s own Compute Ops Manager is a prime example: it collects iLO data from across an entire server fleet and presents it in a single cloud-based dashboard. This gives IT teams visibility into firmware versions, health status, and security posture at scale.

Also read: HPE’s private cloud AI strategy for enterprises

Silicon Root of Trust: locking down firmware from the factory

One of the most significant security features underpinning iLO is Silicon Root of Trust, introduced with HPE’s Gen10 server line. The principle is simple: only authentic HPE firmware is allowed to run on iLO, and this is enforced at the hardware level.

HPE achieves this by designing and manufacturing its iLO ASIC in-house. During the manufacturing process, HPE embeds its own cryptographic hash, a digital signature, directly into the chip. When the server boots, the firmware is checked against that signature before it is allowed to load. If anything has been tampered with, or if unauthorized firmware attempts to run, it is blocked at the very first stage of the boot sequence.

This approach means that even a sophisticated attacker who gains access to a server cannot substitute malicious firmware for iLO. The root of trust is simply baked into silicon.

Network architecture: isolating management traffic

iLO connects to the network through its own dedicated port, but HPE also supports a sideband interface using the server’s NIC. Sheffer notes that most enterprise customers today prefer a physically separate management network. A dedicated management switch at the top of the rack that is completely isolated from production traffic.

This physical separation keeps all management functions, tool sets, and control plane traffic on a distinct network. This allows production workloads to run on high-performance 10, 25, or 100 Gigabit Ethernet infrastructure without interference. Management networks typically run at 1 Gigabit Ethernet or 10 Gigabit Ethernet at most, making the additional infrastructure relatively cost-effective.

While software-defined approaches, such as HPE’s self-driving network to automatically identify and segment management traffic, are technically feasible, physical isolation remains the dominant choice for security-conscious organizations.

Cloud-based management and security dashboards

HPE Compute Ops Manager extends iLO’s capabilities to the cloud. Each iLO controller establishes a connection back to the cloud platform, which enables administrators to view and manage thousands of servers from a single interface. Common use cases include initial deployment, firmware update management, and basic health monitoring.

A particularly valuable feature is the integrated security dashboard. Administrators can review the security posture of every server in their fleet. They can check whether security settings meet defined standards and identify systems that require remediation. If adjustments are needed, they can take corrective action from the same interface. For more complex issues, iLO provides remote keyboard, video, and mouse access directly from a browser. This enables full hands-on control without physical presence.

Post-quantum cryptography: preparing for tomorrow’s threats today

With HPE’s Gen12 servers, iLO takes a significant step forward with the addition of support for post-quantum cryptography. The motivation is a well-documented concern in the security community: quantum computers, once sufficiently powerful, will be able to break traditional RSA-based encryption by factoring the large prime numbers on which it relies. While no quantum computer currently exists that can do this at scale, cryptographic experts broadly agree that the mathematical vulnerability is real.

More immediately, a threat known as “save now, decrypt later” is already in play. Adversaries are collecting encrypted data today with the intention of decrypting it once quantum computing capability matures. This underscores the importance of implementing quantum-resistant encryption now, even before the threat is fully realized.

LMS and MLDSA: two algorithms for two layers

HPE implements post-quantum cryptography in iLO using two distinct algorithms, each protecting a different layer of the firmware stack:

LMS (Leighton-Micali Signatures) operates at the lowest level, ensuring that the firmware boots securely. Once the system has booted, the protection transitions to MLDSA (Module-Lattice-Based Digital Signature Algorithm). MLDSA is based on lattice mathematics rather than prime factoring and protects the remainder of the firmware. Both algorithms are drawn from the post-quantum standards defined by NIST, a US government agency.

HPE describes this approach as “quantum resistant” rather than “quantum proof”, a deliberate choice reflecting intellectual honesty. The new algorithms are based on mathematical approaches that, to the best of current knowledge, cannot be broken by a quantum computer. However, the field continues to evolve, and the terminology reflects that ongoing uncertainty.

Government mandates and industry adopts

The urgency of quantum-resistant security is underscored by policy. The US government requires that all systems it purchases from 2027 onward must be quantum-resistant. NIST has defined the specific algorithms required. HPE’s current Gen12 implementation is quantum-resistant and therefore one of the government’s options. Sheffer does note that interest is by no means limited to the public sector.

Financial services organizations are already prioritizing quantum resistance, and healthcare customers are beginning to raise it as a concern. Ultimately, any organization that needs to ensure long-term data privacy must address this transition.

ASIC roadmap: hardware and firmware evolution

Looking ahead, HPE’s approach to the iLO ASIC is both confident and pragmatic. The Gen12 ASIC design meets current post-quantum cryptography requirements. HPE is confident it can protect servers against currently known threats using its existing hardware. At the same time, HPE is not treating this as a finished solution. The company plans to continue advancing the iLO ASIC to address emerging threats, including those yet to be identified.

For customers, this means that a server purchased today is built to be protected now. The underlying platform will evolve to remain secure into the future. New firmware can be deployed to existing servers as requirements change, and the hardware roadmap will evolve in parallel to ensure the silicon keeps pace with the threat landscape.