09-26-2013 11:42 AM - edited 09-26-2013 12:19 PM
Potential security vulnerabilities are an ongoing issue with HP System Management Homepage (SMH) running on Linux and Windows . Hence the SMH is constantly being updated to address these new vunerabilities and Javier had some questions regarding these updates:
I have a question regarding new SMH v188.8.131.52 released several days ago.
in the download page states that is also available for Windows 2003 x86/x64 and it also appears in download page for Proliants running Win2K3 but I’m confused about the compatible versions of Management Agents because the last compatible version for Win2K3 is V8.70.
SMH v7.2.1 and earlier versions are affected for vulnerability solved in v184.108.40.206 so customers are asking for their non-actual servers.
My questions are:
- Is there a support matrix for SMH v220.127.116.11 (I’m unable to find it out)?
- What is the minimum Management Agent version (and perhaps ILO fw version) required to install SMH v18.104.22.168?
- Could SMH v22.214.171.124 be installed in all Win2K3 regardless Manangement Agent versions?
Install guide doesn’t mention above requirements.
The method we’ve been using to routinely provide updates to w2k3 on physical servers is to basically take the last PSP that supports w2k3 (meaning it includes HPSUM v4) and copy swpackages\cp*.exe from the current release into a copy of the old version. Then when running hpsum we enable the options to include additional bundles and non-bundle updates.
This has worked well for us in the past (although we don’t push updates to the servers, we run it on each server over the network). We also find that for w2k8 servers we can’t push updates to remote servers due to our clients hardening requirements, so in all cases we run hpsum directly on each server (over the network). It’s more time consuming, but it is what it is.
And we got some advice from Dave:
I’m not an SPP guru but these are my thoughts.
As Marilyn says SPP does not support and never has supported Windows 2003.
But HP SUM as part of SPP will deploy component packages that support Windows 2003/2008.
Also I think SPP 2011.09.0 does contain a lot of components that shipped with PSP 8.70 as it does for SMH (see table below)
There is another method you may wish to consider, but this carries the risk that the component packages you are deploying are not tested as a release set. Therefore I suggest you recommend to your customer to perform additional testing to ensure it works in their environment. Essentially use the latest SPP and HP SUM and add PSP 8.70 as a repository. You can generate a report before upgrading and look to see what components it will upgrade. But this way you will get the other later versions of Insight Agents etc.
Below is the method to run it remotely, but the principles would be the same if you did it locally.
Upgrading Windows 2003 Blade Server Firmware and Drivers Online from a Remote Workstation
- SPP doesn’t support Windows 2003 as a tested firmware/driver release set, but HPSUM can be used to deploy Windows 2003 Smart Components from either the SPP repository or a PSP repository e.g. PSP 8.70.
- From the SPP ISO run HPSUM (for Windows \hp\swpackages\hpsum.exe) on a workstation connected to the same network as the blades.
- On the ‘Source Selections’ screen click Add Repository and select a location that has the component packages from PSP 8.70. These can be copied from the PSP 8.70 ISO or from the ISO itself mounted virtually <CDROM>:\hp\swpackages.
- Add the IP address or DNS name of the blades network port as a remote host and enter Administrator credentials. If you wish to update multiple servers at a time you can select an input file when starting hpsum with a list of server details. See HPSUM user guide for more details.
- On the ‘Review/Install Updates’ screen click on ‘Select Components’ to review which components are from PSP 8.70 and which are from the SPP and ensure the components selected are correct for the blade being updated.
- Click Install to begin installing the updates and reboot the server when requested
- Confirm all the updates have been performed successfully.
Any comments or questions?