Archive

Archive for the ‘HP’ Category

HP Server software affected by HeartBleed: OA, SUM, SMH & iLO

April 16th, 2014 4 comments

Heartbleed BugUPDATE: 22/04/2014

A new issue has been spotted where although iLO devices are not affected by Heartbleed, running a vulnerability scanner against iLO and iLO2 ports can cause the device to lock up which requires you to physically remove the power or reset the blade to get back iLO functionality.

HP has also updated its advisories to include fixes for SMH, SUM and partly for OA.

 

 


 

The world has been scrambling to understand and mitigate the effects of the HeartBleed SSL vulnerability.

HP has released information about which of its server management products are affected by HeartBleed.

The good news is that the following products are NOT affected.

  • Virtual Connect
  • Integrated Lights Out (iLO) 2, 3, 4
  • HP Insight Control Server Provisioning
  • System Management Homepage (SMH) HP-UX
  • HP OneView
  • Systems Insight Manager
  • NonStop SSL
  • iTP WebServer for NonStop Servers
  • Onboard Administrator for NonStop Integrity Platforms
  • HP-UX
  • OpenVMS

The following products ARE affected and as yet there are no fixes.

Check back with the linked security bulletins or sign up to get HP Security Bulletin alerts at http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

HP System Management Homepage (SMH) Linux and Windows

HP has updated the advisory below with new versions of SMH

HPSBMU02998

The following versions are affected: 7.1.2, 7.2, 7.2.1, 7.2.2, 7.3, 7.3.1

No fix as yet, no suggestion from HP as to what to do, best not to access it then unless on a secure and isolated private management network.

If you’ve deployed HP agents to all your servers and include the SMH as is the default, get ready, you’re going to have to update all of your servers, if you thought your impact was limited, think again!

HP Onboard Administrator (OA)

HP has released a new 4.12 version, if you have 4.20 you can downgrade to 4.12 or wait for an update to 4.20. See the advisory below for the updated information.

HPSBMU02994

Versions 4.11 and 4.20 are affected, there is no fix as yet, the only current option is to downgrade your version.

HP Smart Update Manager (HP SUM)

HPSUM 6.3.1 has been released although the advisory has not yet been updated 

HPSBMU02997

Versions 6.0.0 through to 6.3.0 are affected, HP recommend limiting HP SUM usage to a secure and isolated private management network

Integrated Lights Out (iLO)

Document: c04249852

Although iLO devices are not affected by Heartbleed, there is another software bug which means if you run a vulnerability scanner against iLO and iLO2 ports it can cause the device to lock up which requires you to physically remove the power or reset the blade to get back iLO functionality. iLO3 and iLO4 are not affected.

Categories: HP Tags:

HP releases Virtual Connect 4.2, adds sFlow

April 14th, 2014 1 comment

HP has a minor but recommended update for its Virtual Connect firmware to 4.20 which adds sFlow monitoring support which didn’t make it into the final Virtual Connect 4.01 along with support for a new HP Virtual Connect FlexFabric-20/40 F8 Module.

Some of the older Virtual Connect switches are being retired from a software support perspective so be aware that beginning with VC 3.70, the HP 1/10Gb VC Enet Module (399593-B22) and the HP 1/10Gb-F VC Enet Module (447047-B21) are no longer supported. Beginning with VC 4.10, the HP 4Gb VC-FC Module (409513-B21) is no longer supported.

There are quite a few fixes in this release so make sure you read the Release Notes.

There is also a serious bug to do with file permissions which means the config may not be saved so ensure you have a look at OA Customer Advisory c02639172 to see if any changes you have made may not be kept.

If you have multiple enclosures linked together, you should NOT upgrade directly from VC 2.x but rather upgrade first to 3.7 or 4.1 and then on to 4.2. This is due to a big that can cause a network outage.

You will need to use the 1.9 Virtual Connect Support Utility update the firmware which was released last September.

Categories: Flex-10, HP Tags: , ,

HP charging for firmware updates is shortsighted

February 20th, 2014 No comments

HP has decided that going forward it will only provide firmware updates to customers who have a valid warranty for their equipment which normally means purchasing a support agreement or HP Care Pack.

hpfw

The server market is a tough one with low margins. IBM has decided they can’t be bothered and have flogged their x86 business to Lenovo. HP has been going through a tough time recently with widespread redundencies and is obviously under pressure both to get a handle on costs and increase revenue so is looking to ensure it can extract maximum extra value from its hardware sales.

HP’s announcement says:

This decision reinforces our goal to provide access to the latest HP firmware, which is valuable intellectual property, for our customers who have chosen to maximize and protect their IT investments. We know this is a change from how we’ve done business in the past; however, this aligns with industry best practices and is the right decision for our customers and partners.

Our customers under warranty or support coverage will not need to pay for firmware access, and we are in no way trying to force customers into purchasing extended coverage. That is, and always will be, a customer’s choice.

This is a shortsighted and misguided change which will hurt HP and is certainly not the “right decision” for their customers and partners.

Read more…

Categories: Flex-10, HP Tags: , , ,

HP updates Virtual Connect to 4.10 and OA to 4.01, adds IPv6, SR-IOV, hiding FlexNics

October 28th, 2013 2 comments

Virtual Connect

HP has released a new version 4.10 of its Virtual Connect firmware for use in HP Blade Chassis. 4.10 is a minor update compared to the release of Virtual Connect 4.01 which added major functionality.

Virtual Connect 4.10 add IPv6 functionality which requires HP Service Pack for Proliant (SPP) 2013.09.0 (B), Onboard Administrator firmware 4.01 and minimum iLO firmware of 1.30.

The ability to hide unused FlexNics from the OS has been added which is very helpful. FlexNics that don’t have a mapping to any server profile connections are not presented to the OS. This means even if you have a full complement of 8 FlexNics defined in your profile but only map 4, your OS will only see 4 Nics rather than 8.

There is a new auto-deployment feature which allows you to configure a Virtual Connect domain from a centralised location using DHCP and TFTP.

SR-IOV support has also been added for direct VM access bypassing the vSwitch on certain FLBs and mezz cards for Gen 8 servers as well as BL620c G7 and BL680c G7.

There are a number of bug fixes as well including some Cisco DAC cables reporting as “Linked/Uncertified” when they should work.

Make sure to read the Release Notes in case there is anything else that may trip you up.

There is also an updated Virtual Connect Support Utility which can be used to update the firmware.

Onboard Administrator

HP has also released an update to the Onboard Administrator firmware to 4.01 which adds IPv6 support, a few new hardware models and a list of bug fixes.

There is a problem with Emulex firmware prior to version 4.1.450.7 that can result in SmartLink otherwise known as Device Control Channel (DCC) not working with a 10Gb physical link when you have full height blades. When you upgrade the OA, you may lose network connectivity. Update the NIC firmware and look at Customer Advisory c03600027 before upgrading the OA.

Categories: Flex-10, HP Tags: , ,

HP updates its customised images for VMware ESXi 5.5/5.1

October 25th, 2013 No comments

HP has updated its ESXi customised images to reflect the recent release of ESXi 5.5 as well as its September 2013 Service Pack for Proliant.

HP’s customised images are fully integrated sets of specific drivers and software that are tested to work together. You can see the list of Driver Versions in HP supplied VMware ESX/ESXi images.

I have done an extensive update of my HP Virtual Connect Flex-10 & VMware ESX(i) pre-requisites post which includes these new customised images.

HP Custom Image for VMware ESXi 5.5.0 GA – September 2013:

HP Custom Image for VMware ESXi 5.1 Update 1 – September 2013:

The new and updated features for the HP vSphere 5.5 /5.1 customised Images for September 2013 include:

  • Provider Features
    • Report Smart array driver name and version.
    • Report SAS driver name and version.
    • Report SCSI driver name and version
    • Report Firmware version of ‘System Programmable Logic Device’.
    • Report SPS/ME firmware.
    • Added SCSI HBA Provider.
    • Report IdentityInfoType and IdentityInfoValue for PowerControllerFirmware class.
    • IPv6 support for OA and iLO.
    • Report Memory DIMM part number for HP Smart Memory.
    • Added new ‘Test SNMP Trap’.
    • Updated reporting of memory configuration to align with iLO and health Driver.
  • AMS features
    • Report running SW processes to HP Insight Remote Support.
    • Report vSphere 5.5 SNMP agent management IP and enable VMware vSphere 5.5 SNMP
    • agent to report iLO4 management IP.
    • IML logging for NIC, and SAS traps.
    • Limit AMS log file size and support log redirection as defined by the ESXi host parameter:
    • ScratchConfig.ConfiguredScratchLocation
  • Utilities features
    • HPTESTEVENT – New utility to generate test WBEM indication and test SNMP trap.
    • HPSSACLI – New utility to replace hpacucli
    • HPONCFG – HPONCFG utility, displays the Server Serial Number along with the Server Name when using hponcfg –g switch, to extract the Host System Information.
Categories: ESX, Flex-10, HP, VMware Tags: , ,

HP refreshes server management with HP OneView

September 30th, 2013 No comments

HP has announced a new product to manage HP BladeSystem and ProLiant G7/Gen 8 infrastructure called HP OneView which is due to be released in October.

HP thinks the existing way of deploying and managing servers is built on models from 20 years ago and is in need of an update. This is certainly true particularly with HP servers despite HP having a number of tools such as HP Systems Insight Manager (HP SIM), HP Virtual Connect Enterprise Manager (VCEM), HP Insight Control and HP Intelligent Provisioning.

HP OneView has been built from the ground up to simplify and speed up the server deployment and management process for servers, networking and storage. OneView runs as a self contained virtual appliance and you connect via a web browser.

HP says the user interface is a “consumer-inspired user experience” built on a “software-defined architecture” with an “open extensible platform”. HP says it has been four years in the making and has been built with the input of more than 150 of HPs biggest customers.

OneView will be a licensed product per physical server it manages starting at about £571 for a single license including three years support and updates. There will be an upgrade available from iLO Advanced, Insight Control and VCEM.

Read more…

The VMworld Fringe Tech Talks by #vBrownbag

August 22nd, 2013 No comments

vbrownbag VMworld starts next week and up to 22,000 people are descending on San Francisco.

VMware as expected has a massive schedule of talks, discussion groups and labs for you to attend all carefully orchestrated to ensure VMware and their partners get their message out.

But VMware does have a wild side that isn’t just the parties.

The fabulous #vBrownbag crew have put together a schedule of lightning 10 minute talks which are not part of the official program. This means VMware or even the #vBrownbag crew don’t get to decide what is said, the only rule is there isn’t any blatant company marketing.

So, you can get independent community content from your peers who feel they have something to contribute to VMworld that could be unsupported, unconventional, uncensored and unbelievable!

There are some serious industry titans presenting so make time in your official schedule to see them.

The list of talks is in this post which is being refreshed as presenters confirm their times.

I’ve been very lucky to be accepted for 2 talks:

  • Help, my VDI project is hell! on Monday at 17:15
  • HP Virtual Connect Quick Deep Dive on Tuesday at 15:00

A few generous sponsors are contributing to make this possible so have a look at their products which help to keep independent community content alive.

BTW the reference to the fringe is from the city of Edinburgh which hosts is a huge official Edinburgh International Festival in August. The Edinburgh Fringe Festival is not part of the official program and is now the largest arts festival in the world. The Society that runs the fringe festival is not allowed to vet the festival’s program so anyone with a story to tell and a venue willing to host them can take part resulting in the weird and the wonderful having their say.

Categories: Flex-10, HP, VDI, VMware, VMworld Tags: , , , ,

HP Virtual Connect Firmware upgrade may cause Server Profiles to be unassigned causing a network outage

July 25th, 2013 2 comments

HP has released a serious advisory that upgrading certain Virtual Connect firmware may cause server profiles to be unassigned which will cause a a network outage for your blades.

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%253Demr_na-c03708135-2%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&ac.admitted=1373876123412.876444892.492883150

The issue occurs when you have both single dense and double dense servers in your chassis and you are upgrading from Virtual Connect firmwares 3.10-3.60 up to Virtual Connect firmwares 3.70-3.75.

The upgrade process will complete successfully however the single dense server profiles will become unassigned which will cause a network outage for those specific server blades.

In order to fix this you will need to power down the affected blades, reassign the server profiles and power on the blades again! Ouch!

This doesn’t affect you if you are upgrading  from Virtual Connect firmware 3.70 to later firmware or going from Virtual Connect firmware 3.10 to anything below 3.70 such as 3.60 and won’t affect you if you only have single dense servers or double dense servers but not a mixture.

Virtual Connect firmware 4.01 which has been recently released fixes this but has a whole raft of new features that you may not be ready to implement so its worth being aware of this issue.

Categories: Flex-10, HP Tags: , , ,

HP G7/Gen8 Blades: New Emulex firmware 4.2.401.2215 released

July 25th, 2013 No comments

HP has released a new firmware version 4.2.401.2215 of its Emulex OneConnect 10Gb Ethernet Controller which is used in HP G7 and Gen8 Blades.

The built in LOM adapter names on a G7 Blade server are NC553i or NC551i and the Mezz card is NC554m. The CNA LOM added to a Gen8 Blade server is HP554FLB.

This firmware is required if you are going to be using the new dual hop FCoE features in Virtual Connect 4.01.

The firmware update process is offline and requires you to boot from an Emulex OneConnect bootable .ISO which can be downloaded from:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=329290&prodSeriesId=5033632&prodNameId=5033634&swEnvOID=54&swLang=8&mode=2&taskId=135&swItem=co-117280-1

The following issues have been resolved from the previous firmware version 4.2.401.605

  1. Fixed VMware PSOD ESX 4.1/5.0/5.1 seen on BL465cG7, BL685cg7 servers with BE2 based card. For more details see the following Customer Advisory
  2. Fixed FW memory leak with multiple logins to a redirected target
  3. Fixed FW to allow setting Speed/Duplex to Auto/Auto
  4. Fixed Fw to allow Bonding with Citrix platforms
  5. Fixed FW to allow upgrades of version 4.x to 4.x+ without requiring cold boot
  6. Fixed UEFI to not require 2nd reset
  7. Fixed UEFI driver version reported
  8. Fixed FW to prevent LOMS at 10G from negotiating 1G with Blade switches
  9. Fixed FW for BE3 to report correct values of ethernet stat “In Range” error
  10. Fixed FW to boot from secondary iSCSI when selected
  11. Fixed FW iSCSI boot failure from secondary target when primary target given is incorrect
  12. Fixed UEFI NIC default settings retention
  13. Fixed FW hang during boot with SLES 10 SP4
  14. Fixed FW error while performing Shared Uplink Set port remove/add test

I’ve updated my post: HP Virtual Connect Flex-10 & VMware ESX(i) pre-requisites

Categories: Flex-10, HP Tags: , , , ,

HP Virtual Connect 4.01 Update: RBAC and Multicast + some more

July 24th, 2013 2 comments

HP has released a significant firmware update to its Virtual Connect line of HP Blade chassis switches.

This is part 6 of a 6 part post on HP Virtual Connect 4.01:

  1. HP Virtual Connect 4.01: What’s New
  2. HP Virtual Connect 4.01: Dual-hop FcOE support
  3. HP Virtual Connect 4.01: Min/Max Bandwidth Optimisation
  4. HP Virtual Connect 4.01: Priority Queue QoS
  5. HP Virtual Connect 4.01: SNMP and sFlow enhancements
  6. HP Virtual Connect 4.01: RBAC and Multicast + some more

Custom role-based configuration

VC 4.01 now also adds more options for role customisation.

You can split your administration into Storage Admin, Server Admin, Network Admin and Domain User.

image

You can now configure more operational permissions for these users and the GUI will show you what will change when you are about to apply the new permission.

image

Read more…

Categories: Flex-10, HP Tags: , ,