Updated HP Proliant DL and BL Drivers/Firmware

HP has released a new version (2012.08.0) of their “HP Service Pack for ProLiant”, a Sept 2012 revision. For those of you unfamiliar with their packaging changes, this is a consolidated bootable ISO that does both offline and online firmware/driver updates. It really simplifies the updating of HP firmware on ProLiant servers, and is much faster than previous methods. You can review the full release notes here. To download the HP Service Pack for ProLiant, go here.

Directly from the release notes the major changes are:

  • Added support for new HP ProLiant Gen 8 servers and options
    • HP ProLiant BL660c Gen8 Server
    • HP ProLiant DL560 Gen8 Server
    • HP ProLiant WS460c Gen8 Server (offline firmware only)
    • HP Smart Array P721m Controller
    • HP Ethernet 10Gb 2-port 560SFP+ Adapter
  • Added support for Red Hat Enterprise Linux 6.3
  • Added support for VMware vSphere 5.1
  • Updated to HP Smart Update Manager 5.2.0
  • UNC name for repositories on Microsoft Windows® systems
  • HP SUM is also delivered as an RPM package on the Linux SDR
Also hot off the presses is a major update to the HP C-class virtual connect BladeSystem. You can download the 3.70 release here. For the release notes, you can click here. As always with HP firmware updates, I would NOT run out and immediately update your production systems. I would wait a few weeks and monitor the forums to see if anyone has major issues. 
Version 3.70 of Virtual Connect contains support for the following enhancements:
  • Support for new hardware:
    • HP ProLiant BL660c Gen8 Server series
    • HP ProLiant WS460c Gen8 Workstation series
    • HP Virtual Connect Flex-10/10D Module
    • HP 7m C-series Active Copper SFP+ cables (QK701A)
    • HP 10m C-series Active Copper SFP+ cables (QK702A)
    • Cisco 7m copper active Twinax cables (SFP-H10GB-ACU7M)
    • Cisco 10m copper active Twinax cables (SFP-H10GB-ACU10M)
  • Virtual Connect Direct-Attach Fibre Channel for HP P10000 3PAR Storage Systems, HP 3PAR T-Class and F-Class Storage Systems
  • Manageability enhancements:
    • VCM GUI access to telemetry information
    • Advanced telemetry and statistics for Link Aggregation Groups and FlexNICs
    • GUI access to the FC Port Statistics for HP FlexFabric 10Gb/24-port Modules
    • Improvements to the Statistics Throughout display and data collection
    • Display of factory default MACs and WWNs in server profiles
    • Added an FC/FCoE “Connect To” field to help identify how server ports are connected to the uplink ports
    • LLDP enhancements to more easily identify VC Ethernet modules on the network
    • Improvements to the display of the MAC Address table to show the network name and VLAN ID where the MAC address was learned, as well as display of the LAG membership table
  • VCM GUI/CLI task progress activity indicator for predefined VCM operations
  • Security enhancements:
    • Support for 2048 bit SSL certificates and configurable SSL-CSR
    • Activity logging improvements for TACACS+ accounting
    • Option to disable local account access when LDAP, RADIUS, or TACACS+ authentication is enabled
    • Increased the default VCM local user account minimum required password length
    • SNMP access security to prevent access from unauthorized management station
  • SmartLink failover improvements
  • IGMP “NoFlood” option when IGMP snooping is enabled
  • Browser support:
    • Internet Explorer 8 and 9
    • Firefox 10 and 11
  • Firmware upgrade rollback from a previous firmware upgrade without domain deletion
There are also a number of bug fixes, but you can peruse the release notes for all of those gory details.

HP Virtual Connect Firmware Update v3.60

For all of you HP Bladesystem customers, here’s a heads up that HP released v3.60 of their Virtual Connect firmware package. You can download the full Release Notes here. Take note that this release fixes a couple of security issues, so even if the bug fixes don’t apply to you, consider updating to resolve the known security issues. Also, in the list of known issues there is an outstanding unresolved security issue for CVE-2010-4180 that you should be aware of, which is a cipher downgrade attack against OpenSSL. This was discovered 2010, so it’s a bit disappointing that HP can’t fix this in a more timely fashion.

The following issues have been resolved in the VC 3.60 release:

• Resolved an issue where the restore domain operation would fail if any of the storage blades were in
a power-on state.

• Resolved an issue with concurrent server hot-plug that could leave a server disconnected from assigned networks. Applied to servers with Flex-10 or Flex-Fabric ports with assigned profiles.

• Resolved an issue observed on multi-blade servers with a multi-port mezzanine card where HP-UX had an extended boot time and the EFI driver did not attach to the multi-port mezzanine card. This happened when a multi-port mezzanine card had only a single Ethernet connection assigned to a port and the other ports did not have connections assigned.

• Resolved an issue with the HP VC 1/10Gb-F module when using mixed media types (RJ45 and SFP) in an LACP channel, where when the VC module was reset, the channels using SFP did not rejoin either channel.

• Previously, to enable SMIS you also had to enable SNMP. Now SNMP and SMIS can be independently enabled.

• Resolved an issue where the downlinks from some HP servers were shut down by SmartLink during a firmware upgrade.

• Resolved an issue where the CLI did not block restoring a configuration when any of the servers were still powered on.

• Resolved an issue where the VCM GUI did not allow ‘@’ and ‘#’ as part of a VCM user password, but the VCM CLI did not have these restrictions.

• Resolved an issue where VC or VCEM changed the boot order with the FC HBA boot parameters being configured, and the end result was not what was expected.

• Resolved an issue where VCM enabled server ports with no network connections. For example, if a simple server profile had only one Ethernet connection, which mapped to LOM1, then only LOM1
should be enabled. However both LOM1 and LOM2 were enabled.

• Resolved an issue where if a pair of FCoE connections were added or removed from a profile with
sufficient Ethernet network connections to be using subport2, unexpected behavior may have occurred for the subport2.

• Resolved an issue where using the HP BLc Virtual Connect 1Gb RJ-45 Small Form Factor Pluggable Option Kit (Part Number 453154-B21) or HP BLc VC 1Gb SX SFP (Part Number 453151-B21) on a HP VC Flex-10 10Gb Ethernet Module for c-Class BladeSystem caused Cyclic Redundancy Check (CRC) errors during normal operation after a period of time, and then the link might go down. This issue only occurred with the HP VC Flex-10 10Gb Ethernet Module. When the link went down, Virtual Connect reported the link as down; however, the link to the external switch was still maintained. This fix resolved the Engineering Advisory c03208179.

• Resolved an issue where OpenSSH used by VC was vulnerable to NIST alerts CVE-2008-5161 and

• Resolved an issue where the Apache HTTP Server used by VC was vulnerable to the NIST alert for
Denial Of Service Vulnerability CVE-2011-3192.

vSphere, HP Flex-10/Virtual Connect, and Cisco Nexus resources

I’m smack dab in the middle of designing a robust deployment of VMware vSphere using HP C-class blade chassis, HP Flex-10/Virtual Connect modules, and Cisco Nexus hardware and virtual switches (5000 and 1000v, respectively). This is a pretty forward leaning architecture and fairly complicated. After plowing through a ton of resources to help cement in my mind what I’m doing, I thought I’d share some resources that really helped me.

As my design starts to take shape, I’ll share more of my experiences. First, trying to find documents on HP’s web site is a real PITA. In order of helpfulness, here are a few links for HP Virtual Connect resources. The first one is really killer and got me focused on what I’m trying to accomplish.

HP Virtual Connect Ethernet Cookbook: Single and Multi Enclosure Domain (stacked) Scenarios.
— Note: Scenario 3:2 was perfect for my environment and really shed some light on what I was trying to do. Using mapped shared uplink set (SUS) fit exactly what I wanted to do.

HP BladeSystem Reference Architecture: Virtual Connect Flex-10 and VMware vSphere 4.0

Virtual Connect Multi-Enclosure Stacking Reference Guide

HP Virtual Connect for the Cisco Network Administrator

HP Virtual Connect 2.30 User Guide

If you will be using Cisco Nexus hardware switches in your architecture, be sure to check out the NX-OS vPC feature. This can increase availability and system throughput by enabling LACP across two phyiscal switches.

Virtual PortChannels: Building Networks without Spanning Tree Protocol

Virtual PortChannel Quick Configuration Guide

For additional Cisco documentation, check out my previous blog post.

My advice is first figure out whether you want to use Virtual Connect in mapped mode or trunked mode. That will determine the rest of your design. Check out my first link for the best material to help make that decision. After you make that determination, the rest of the solution starts to fall in place.

HP Flex-10 and Cisco Nexus 1000v reference documents and video

Cisco has created a good PowerPoint slide deck on how to configure the Cisco Nexus 1000v with the HP Virtual Connect Flex-10 blade interconnect. You can download the slides here. They also created a video which you can see here.

Over the coming months I’ll be working integrating both technologies with VMware vSphere 4.0. So you can count on more posts in the future on this topic.

Oh, and in case you didn’t know HP sells 1Gb copper SFP modules for their Flex-10 10Gb interconnect. So you aren’t required to have an upstream 10Gb switch. They don’t make this too clear in the QuickSpecs, but they do have a 1Gb RJ-45 SFP buried document that you can purchase.

Update: Cisco pulled the slides from the original link. But, Cisco has uploaded an even newer version to the VMware community forums here. So check that out..much cleaner presentation than the older version.