HPE BladeSystem Onboard Administrator Release Notes 4.70

Similar documents
HP BladeSystem c-class Virtual Connect Support Utility Version Release Notes

HPE BladeSystem c-class Virtual Connect Support Utility Version Release Notes

Marvell BIOS Utility User Guide

HPE VMware ESXi and vsphere 5.x, 6.x and Updates Getting Started Guide

HPE StoreEver MSL6480 Tape Library CLI Utility Version 1.0 User Guide

HPE ProLiant Gen9 Troubleshooting Guide

HP ilo 3 Release Notes

Intelligent Provisioning 1.64(B) Release Notes

Intelligent Provisioning 1.70 Release Notes

HP VMware ESXi and vsphere 5.x and Updates Getting Started Guide

Active Health System Viewer Release Notes

HPE 3PAR OS MU2 Patch 53 Release Notes

Integrated Smart Update Tools for Windows and Linux User Guide

HPE 3PAR OS GA Patch 12

HP AutoPass License Server

HP UFT Connection Agent

Intelligent Provisioning 2.70 Release Notes

HPE FlexNetwork MSR Router Series

HP Intelligent Management Center Remote Site Management User Guide

QuickSpecs. HPE Insight Online. Overview. Retired

ilo Amplifier Pack User Guide

Intelligent Provisioning 3.00 Release Notes

HPE 3PAR OS GA Patch 20 Release Notes

HPE Insight Management Agents Installation Guide

Introduction to HPE ProLiant Servers HE643S

HPE OneView for VMware vcenter Release Notes (8.2 and 8.2.1)

Intelligent Provisioning 3.10 Release Notes

HPE Moonshot ilo Chassis Management Firmware 1.52 Release Notes

HPE Knowledge Article

HPE PSR300-12A & PSR300-12D1

HP Business Availability Center

Hewlett Packard Enterprise StoreOnce 3100, 3500 and 5100 System Installation and Configuration Guide

HPE OneView for Microsoft System Center Release Notes (v 8.2 and 8.2.1)

HPE ilo Federation User Guide for ilo 5

HPE BladeSystem c3000 Enclosure Quick Setup Instructions

HPE Insight Online User Guide

HPE StoreEver MSL6480 Tape Library Version 5.50 Firmware Release Notes

HPE Digital Learner Server Management Content Pack

HPE 3PAR OS MU5 Patch 49 Release Notes

HPE ProLiant Updates Catalog (v ) User Guide

HP BladeSystem Matrix Compatibility Chart

HP Virtual Connect for c-class BladeSystem Version 2.10 User Guide

HPE 1/8 G2 Tape Autoloader and MSL Tape Libraries Encryption Kit User Guide

HP integrated Citrix XenServer Online Help

HP Insight Remote Support Advanced HP StorageWorks P4000 Storage System

HPE StoreVirtual OS v13.5 Release Notes

HP Insight Control for Microsoft System Center Installation Guide

HP SCOM Management Packs User Guide

Intelligent Provisioning User Guide for HPE ProLiant Gen10 Servers and HPE Synergy

HPE ilo mobile app for ios

HPE 3PAR OS MU3 Patch 24 Release Notes

QuickSpecs. Available Packs and Purchase Information. ProLiant Essentials Vulnerability and Patch Management Pack v2.1. Overview.

HP 3PAR OS MU1 Patch 11

HPE 3PAR OS MU3 Patch 28 Release Notes

Moonshot Component Pack

HPE ALM Client MSI Generator

HPE StoreVirtual OS Update Guide

HPE Operations Bridge Reporter

HPE RDX Utility Version 2.36 Release Notes

QuickSpecs. HP Integrated Lights-Out Overview

HP OneView for VMware vcenter User Guide

HP Integrity Servers and HP 9000 Servers Firmware Update Options

HP Virtual Connect for c-class BladeSystem Version 3.01 User Guide

HPE 3PAR OS MU3 Patch 18 Upgrade Instructions

HPE OneView for VMware vcenter User Guide

HPE Virtual Connect for c-class BladeSystem Setup and Installation Guide Version 4.60

McAfee Network Security Platform 8.1

HP BladeSystem Management Pack (v 1.x) for Microsoft System Center User Guide

HPE Virtual Connect 4.62 Release Notes

HP Enterprise Collaboration

HPE Security ArcSight Connectors

BL ProLiant ML DL Admin HP ProLiant ProLiant agent HPE. HP ProLiant Gen8/9

Release Notes PK.1.34

HP ProLiant Agentless Management Pack (v 3.2) for Microsoft System Center User Guide

HPE 3PAR OS MU3 Patch 23 Release Notes

HPE FlexFabric 5950 Switch Series

HP 3PAR OS MU3 Patch 17

10GbE Pass-Thru Module II for HPE BladeSystem c-class Enclosures User Guide

Guest Management Software V2.0.2 Release Notes

Guidelines for using Internet Information Server with HP StorageWorks Storage Mirroring

HPE Knowledge Article

Network Security Platform 8.1

HPE 3PAR OS MU2 Patch 36 Release Notes

HP Network Node Manager ispi Performance for Quality Assurance Software

Integrated Smart Update Tools for Windows and Linux Release Notes

HPE StoreOnce 3100, 3500, 5100, and 5500 System Installation and Configuration Guide

HPE Enterprise Integration Module for SAP Solution Manager 7.1

QuickSpecs. HPE Integrity Integrated Lights-Out (ilo) for HPE Integrity Servers. Overview

HP 3PAR OS MU3 Patch 18 Release Notes

HP Smart Update Manager User Guide

HPE StoreOnce 3.16.x Software Upgrade Guide

HP BLc Intel 4X QDR InfiniBand Switch Release Notes. Firmware Version

HPE XP7 Performance Advisor Software 7.2 Release Notes

HPE Direct-Connect External SAS Storage for HPE BladeSystem Solutions Deployment Guide

StoreOnce 6500 (88TB) System Capacity Expansion Guide

Microsoft Windows on HPE ProLiant WS460c Gen8 Workstation Blade with WS460c Graphics Expansion Blade Administrator Guide

Hewlett Packard Enterprise. HPE OmniStack for vsphere Upgrade Guide

HP Data Center Automation Appliance

HPE Integrity Superdome X and Superdome 2 Onboard Administrator Guide for Users

HPE Intelligent Management Center

Transcription:

HPE BladeSystem Onboard Administrator Release Notes 4.70 Abstract This document provides Onboard Administrator release information for version 4.70. This document supersedes the information in the documentation released with the previous version. This document is intended for the person who installs, administers, and troubleshoots the Onboard Administrator. Part Number: 778713-006 Published: August 2017 Edition: 7

Copyright 2014, 2017 Hewlett Packard Enterprise Development LP Notices The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website. Acknowledgments Intel, Itanium, Pentium, Intel Inside, and the Intel Inside logo are trademarks of Intel Corporation in the United States and other countries. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Adobe and Acrobat are trademarks of Adobe Systems Incorporated. Java and Oracle are registered trademarks of Oracle and/or its affiliates. UNIX is a registered trademark of The Open Group.

Contents Overview...4 Update recommendation... 4 Supersedes information...4 Product models...4 Firmware dependency...4 Operating systems...4 Languages...4 Important notes... 5 Enhancements... 6 Fixes... 7 Issues and workarounds... 8 Prerequisites...9 Installation instructions... 10 Support and other resources... 11 Accessing Hewlett Packard Enterprise Support... 11 Accessing updates...11 Related information...11 Documentation feedback...12 Acronyms and abbreviations... 13 Contents 3

Overview The HPE BladeSystem Onboard Administrator is the intelligence of the HPE BladeSystem c-class infrastructure (c3000 or c7000). It is the enclosure management processor, subsystem, and firmware base that supports the HPE BladeSystem c-class enclosure and all the managed devices contained within the enclosure. Onboard Administrator provides a single point where management tasks can be performed on server blades or switches within the enclosure. Management tasks can be performed using the Onboard Administrator GUI, command line interface, and the enclosure's display (HPE Insight Display). Onboard Administrator provides: Wizards for simple, fast setup and configuration. Highly available and secure access to the HPE BladeSystem infrastructure. Security roles for server, network, and storage administrators. Agent-less health, status, and thermal logic power/cooling information and control. Before proceeding with Onboard Administrator setup, Hewlett Packard Enterprise recommends seeing the HPE BladeSystem c3000 or c7000 Enclosure documentation in the Hewlett Packard Enterprise BladeSystem Information Library. The Onboard Administrator version 4.70 release provides several functionality enhancements and important security enhancements. For more information, see Enhancements. Update recommendation Optional - Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system. Supersedes information Replaces version 4.60. Product models This version of the Onboard Administrator is supported on the following BladeSystem c-class enclosures: c3000 enclosure c7000 enclosure Firmware dependency For firmware compatibility information, see the Service Pack for ProLiant Information Library. Operating systems The Onboard Administrator firmware operates in an embedded environment within each enclosure. No specific operating system installation dependency exists. Languages In addition to English, which is embedded in the firmware, the Onboard Administrator GUI supports the following language packs: Simplified Chinese Japanese 4 Overview

Important notes Firmware upgrade The OA 4.50 release introduces a standardized code signing and validation mechanism that enhances the firmware image authenticity. For customers using ROM image to upgrade OA: For OA with firmware version earlier than 3.50, first upgrade to OA 3.50 and then continue upgrading to OA 4.50 or later versions. For customers using Smart Component to upgrade OA: OA firmware update mechanisms that rely on HPE Smart Component (for example, EFM) are not be affected by this new code-signing mechanism. For OA firmware versions earlier than 3.50, the Smart Component automatically performs the intermediate upgrade to OA 3.50 before performing the upgrade to OA 4.50 or later. Flash Disaster Recovery Flash Disaster Recovery to OA 4.50 or later is not supported. The change is due to the implementation of a new firmware image signing mechanism in OA firmware version 4.50 and later, which causes the Flash Disaster Recovery mechanism to identify the firmware image as an invalid image. The workaround for this is to use the Flash Disaster Recovery procedure to recover to a firmware version prior to 4.50 and then perform a firmware upgrade to the intended version (4.50 or later). EFM The OA only supports SPP ISO images that are less than 4GB in size, whether hosted directly via the Enclosure DVD feature or an attached USB key, or mounted remotely via a specified URL. If an ISO image exceeds 4 GB, the CLI SHOW FIRMWARE MANAGEMENT command displays ISO URL Status as Invalid URL. For SPP ISO images that are greater than 4GB in size, you must create a custom ISO image that excludes components not required for the OA EFM blade firmware update process. At minimum, the custom ISO image must contain the firmware components for HPE ProLiant BL servers. (When using HPE SUM to create the custom ISO image, select Firmware as Component Type, and select HPE ProLiant BL Series as Server Type.) For information about creating a custom ISO image compatible for OA EFM functionality, see the HPE BladeSystem Onboard Administrator User Guide. For more information on HPE SUM, see the HPE Smart Update Manager online help or the Hewlett Packard Enterprise Information Library. FIPS Onboard Administrator 3.71 has received FIPS 140-2 Certification. For more information, see the NIST CSRC Cryptographic Module Validation Program website. Important notes 5

Enhancements Onboard Administrator 4.70 provides support for the following enhancements: Hardware additions BL460c Gen10 HPE 10GbE Pass-Thru Module Qualified support for HPE Integrity BL8x0c i6 server blade Features: Additions and Changes General Added support for Gen10 servers and ilo5 features. Added support for the enhanced KCM functionality in ilo5 Added support for HTTP boot option in the server boot options. Added support for the HPE 10GbE Pass-Thru interconnect module. Added support for the HPE Integrity BL8x0c i6 server blade. GUI, CLI, Smart components, help files, URLs, and product names rebranded to align with HPE branding guidelines. Added a new SNMP trap to indicate that the power redundancy is restored in the enclosure. Enhanced "SHOW ENCLOSURE TEMP" command output to display temperature readings like Current, Caution, and Critical temperature threshold values for interconnect modules. Added a provision to make sysname field to be set to DNS host name for the traps sent from Onboard Administrator. Security Added support for CNSA approved algorithms and a new security mode - TOP_SECRET. Added the ability to Enable/Disable cipher/protocol in FIPS OFF mode. Added support for secured communication between HPE Embedded Remote Support functionality and the HPE Support Datacenters with the use of SHA-2 certificates. 6 Enhancements

Fixes General Addressed an issue where OA "update ilo all" command fails in an enclosure with maximum blades. Addressed an issue where a Warning Alert was wrongly sent when a fan was reseated in an enclosure. Addressed an issue where the port mapping information for the HPE 560M Ethernet adapter was not displayed correctly. Addressed an issue where Remote Syslog logging would fail when OA failover happened in an IPv6-only environment. Enhanced OA to recover from the condition detailed in c05347224, in which servers may experience reduced performance if both OA-s are removed from the tray at the same time. More details are in the advisory. Fixed an issue where the Active and Standby OAs can have the same IP address in some rare situations, which could lead to a report of VC-OA no_comm. Resolved an issue where a Gen9 server's host name gets cleared when the blade is rebooted. Addressed an issue where server blade Power On will be delayed in enclosures with OA Firmware Version 4.60 and managed by HPE OneView, when the OneView appliance cannot be reached. Security The following security vulnerabilities were fixed: CVE-2016-5387 - Addressed a vulnerability that could allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request. CVE-2016-2183 - Addressed a vulnerability against TLS ciphers with 64bit block size that made it easier for remote attackers to obtain cleartext data via an attack against a long-duration encrypted session. NOTE: DES and Triple DES ciphers can be disabled using a new QA 4.70 feature to Enable/Disable cipher/ protocol in FIPS OFF mode. CVE-2016-6515 - Addressed a vulnerability in OpenSSH which did not limit password lengths for password authentication, which allows remote attackers to cause a denial of service via a long string. CVE-2015-8215 - Addressed a vulnerability IPv6 stack which does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service. Addressed issue where Onboard Administrator was vulnerable to Buffer overflow. Added HSTS (HTTP strict transport security) support in OA. Addressed a memory corruption vulnerability in the post-authentication ssh process. Fixes 7

Issues and workarounds Browsers OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383. This issue was caused by a "regression" in Chrome (or WebKit). To work around this, use an alternative browser like Firefox or Internet Explorer, or try a different version of Chrome. SSO-to-iLO connection from the OA using an ilo host name fails with Microsoft Internet Explorer 11 on Windows 8. On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an ilo windowing using SSO from the OA web GUI might result in the ilo page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer's settings. This issue occurs only on Internet Explorer browsers. FIPS Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware, starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI FIPS tab will fail and show an error message saying, "The selected FIPS mode is already enabled." When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. The OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with noncompliant 1024-bit LDAP certificates installed in the OA. IRC Unable to open.net IRC console for Gen10 blades. Gen9 blades also have the same issue. The Java applet and Webstart loads, however the virtual media mounting fails. The workaround is to launch the IRC through the IRC application (HPE Lights-Out Stand Alone Remote Console) which is installed on terminal client. EFM To use EFM on Gen10 blades, select options/filters "Make Bootable ISO file" and "Enclosure Firmware Management" while creating custom SPP ISO on HPSUM 8.0.0. For further details, see the HPSUM 8.0.0 user guide. 8 Issues and workarounds

Prerequisites To access the OA web interface, you must have the OA IP address and a compatible web browser. You must access the application through HTTPS (HTTP packets exchanged over an SSL/TLS-encrypted session). The OA web interface requires an XSLT-enabled browser with support for JavaScript 1.3 or the equivalent. Supported browsers include: Microsoft Internet Explorer 8, 9, 10, 11 Mozilla Firefox ESR 17 and ESR 24 Google Chrome Before running the web browser to access the OA GUI, you must enable the following browser settings: ActiveX (for Microsoft Internet Explorer) Cookies JavaScript If you use an installed language pack with the OA GUI, and the browser does not display all characters correctly, make sure the operating system has the corresponding language support installed. Prerequisites 9

Installation instructions For installation instructions, see the HPE BladeSystem Onboard Administrator User Guide. 10 Installation instructions

Support and other resources Accessing Hewlett Packard Enterprise Support For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: http://www.hpe.com/assistance To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: http://www.hpe.com/support/hpesc Information to collect Technical support registration number (if applicable) Product name, model or version, and serial number Operating system name and version Firmware version Error messages Product-specific reports and logs Add-on products or components Third-party products or components Accessing updates Some software products provide a mechanism for accessing software updates through the product interface. Review your product documentation to identify the recommended software update method. To download product updates: Hewlett Packard Enterprise Support Center www.hpe.com/support/hpesc Hewlett Packard Enterprise Support Center: Software downloads www.hpe.com/support/downloads Software Depot www.hpe.com/support/softwaredepot To subscribe to enewsletters and alerts: www.hpe.com/support/e-updates To view and update your entitlements, and to link your contracts and warranties with your profile, go to the Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/accesstosupportmaterials IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HPE Passport set up with relevant entitlements. Related information The latest documentation for the Onboard Administrator is available in the Hewlett Packard Enterprise Information Library. In the Products & Solutions section, select BladeSystem. Then, under Models/ Subcategories, select Onboard Administrator. Support and other resources 11

Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page. 12 Documentation feedback

Acronyms and abbreviations CMVP Cryptographic Module Validation Program EFM Enclosure Firmware Management FIPS Federal Information Processing Standard HP SUM HP Smart Update Manager HPE SIM HPE Systems Insight Manager HTTPS hypertext transfer protocol secure sockets ilo Integrated Lights-Out IPv6 Internet Protocol version 6 ISO International Organization for Standardization LDAP Lightweight Directory Access Protocol NIST National Institute of Standards and Technology OA Onboard Administrator PSU power supply unit RSA Rivest, Shamir, and Adelman public encryption key RTC real-time clock SSL Secure Sockets Layer SSO single sign-on SSP Selective Storage Presentation Acronyms and abbreviations 13

UEFI Unified Extensible Firmware Interface USB universal serial bus 14 Acronyms and abbreviations

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback