Category Archives: Server

HPE Hyper Converged 380 – A look under the hood

This posting is ~3 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

In March 2016, HPE CEO Meg Whitman announced a ProLiant-based HCI solution, that should be easier to use and cheaper than Nutanix.

This isn’t HPEs first dance on this floor. In August 2015, HP launched the Hyper Converged 250 System (HC250), which is based on the Apollo server platform. The HW design of the HC250 comes close to a Nutanix Block, because the Apollo platform supports up to four nodes in 2U. Let me say this clear: The Hyper Converged 380 (HC380) is not a replacement for the HC250! And before the HC250, HPE offered the Converged System 200-HC StoreVirtual and 200-HC EVO:RAIL (different models).

The HC380 is based on the ProLiant DL380 Gen9 platform. The DL380 Gen9 is one of the, if not the best selling x86 server on the market. Instead of developing everything from scratch, HPE build their new HC380 from different already available HPE products. With one exception: HPE OneView User Experience (UX). IT was developed from scratch and consolidates all management and monitoring tasks into a single console. The use of already available components was the reason for the low time-to-market (TTM) of the HC380.

Currently, the HC380 can only run VMware vSphere (HPE CloudSystem uses VMware vSphere). Support for Microsoft Hyper-V and Citrix XenServer will be added later. If you wish to run Microsoft Hyper-V, check the HC250 or wait until it’s supported with the HC380.

What flavor would you like?

The HC380 is available in three editions (use cases):

  • HC380 (Virtualization)
  • HC380 (HPE CloudSystem)
  • HC380 (VDI)

All three use cases are orderable using a single SKU and include two DL380 Gen9 nodes (2U). You can add up to 14 expansion nodes, so that you can have up to 16 dual-socket DL380 Gen9.

Each node comes with two Intel Xeon E5 CPUs. The exact CPU model has to be selected before ordering. The same applies to the memory (128 GB or 256 GB per node, up to 1,5 TB) and disk groups (up to three disk groups, each with 4,5 to 8 TB usable capacity per block, 8 drives either SSD/ HDD or all HDD with a maximum of 25 TB usable per node). The memory and disk group configuration depends on the specific use case (virtualization, CloudSystem, VDI). The same applies to the number of network ports (something between 8x 1 GbE and 6x 10 GbE plus 4x 1 GbE). For VDI, customers can add NVIDIA GRID K1, GRID K2 or Telsa M60 cards.

VMware vSphere 6 Enterprise or Enterprise Plus are pre-installed and licences can be bought from HPE. Interesting note from the QuickSpecs:

NOTE: HPE Hyper Converged 380 for VMware vSphere requires valid VMware vSphere Enterprise or higher, and vCenter licenses. VMware licenses can only be removed from the order if it is confirmed that the end-customer has a valid licenses in place (Enterprise License Agreement (ELA), vCloud Air Partner or unused Enterprise Purchasing Program tokens).

Hewlett Packard Enterprise supports VMware vSphere Enterprise, vSphere Enterprise Plus and Horizon on the HPE Hyper Converged 380.

No support for vSphere Standard or Essentials (Plus)! Let’s see how HPE will react on the fact, that VMware will phase out vSphere Enterprise licenses.

The server includes 3y/ 3y/ 3y onsite support with next business day response. Nevertheless, at least 3-year HPE Hyper Converged 380 solution support is requires according to the latest QuickSpecs.

What’s under the hood?

As I already mentioned, the HC380 was built from well known HPE products. Only HPE OneView User Experience (UX) was developed from scratch. OneView User Experience (UX) consolidates the following tasks into a single console (source QuickSpecs):

  • Virtual machine (VM) vending (create, edit, delete)
  • Hardware/driver and appliance UI frictionless updates
  • Advanced capacity and performance analytics (optional)
  • Backup and restore of appliance configuration details
  • Role-based access
  • Integration with existing LDAP or Active Directory
  • Physical and virtual hardware monitoring

Pretty cool fact: HPE OneView User Experience (UX) will be available for the HC250 later this year. Part of a 2-node cluster are not only the two DL380 Gen9 servers, but also three VMs:

  • HC380 Management VM
  • HC380 OneView VM
  • HC380 Management UI VM

The Management VM is used for VMware vCenter (local install) and HPE OneView for vCenter. You can use a remote vCenter (or a vCenter Server Appliance), but you have to make sure that the remote vCenter has HPE Oneview for vCenter integrated. The OneView VM running HPE OneView for for HW/ SW management. The Management UI VM is running HPE OneView User Experience.

The shared storage is provided by HPE StoreVirtual VSA. A VSA is running on each node. As you might know, StoreVirtual VSA comes with an all-inclusive license. No need to buy additional licenses. You can have it all: Snapshots, Remote Copy, Clustering, Thin Provisioning, Tiering etc. The StoreVirtual VSA delivers sustainable performance, a good VMware vSphere integration and added value, for example support for Veeam Storage Snapshots.

When dealing with a 2-node cluster, the 25 TB usable capacity per node means in fact 25 TB usable for the whole 2-node cluster. This is because of the Network RAID 1 between the two StoreVirtual VSA. The data is mirrored between the VSAs. When adding more nodes, the data is striped accross the nodes in the cluster (Network RAID 10+2).

Also important in case of the 2-node cluster: The quorum. At least two StoreVirtual VSA build a cluster. As in every cluster, you need some kind of quorum. StoreVirtual 12.5 added support for a NFSv3 based quorum witness. This is in fact a NFS file share, which has to be available for both nodes. This is only supported in 2-node clusters and I highly recommend to use this. I have a customer that uses a Raspberry Pi for this…

Start the engine

You have to meet some requirements before you can start.

  • 1 GbE connections for each nodes iLO and 1 GbE ports
  • 1 GbE or 10 GbE connections for each node FlexLOM ports
  • Windows-based computer directly connected to a node (MacOS X or Linux should also work)
  • VMware vSphere Enterprise or Enterprise Plus licenses
  • enough IP addresses and VLANs (depending on the use case)

For general purpose server virtualization, you need at least three subnets and three VLANs:

  • Management
  • vMotion
  • Storage (iSCSI)

Although you have the choice between a flat (untagged) and a VLAN-tagged network design, I would always recomment a VLAN-tagged approach. It’s highly recommended to use multiple VLANs to get the traffic seperated. The installation guide includes worksheets and examples to help you planning the deployment. For a 2-node cluster you need at least:

  • 5 IP addresses for the management network
  • 2 IP addresses for the vMotion network
  • 8 IP addresses for the iSCSI storage network

You should leave space for expansion nodes. A proper planning saves you later trouble.

HP OneView InstantOn is used for the automated deployment. It guides you through the necessary configuration steps. HPE says that the deployment requires less than 60 minutes and all you need to enter are

  • IP addresses
  • credentials
  • VMware licenses

After the deployment, you have to install the StoreVirtual VSA licenses. Then you can create datastores and, finally, VMs.

hpehc380_ux

HPE/ hpw.com

Summary

Hyper-Converged has nothing to do with the form factor. Despite the fact that a 2-node cluster comes in 4U, the HC380 has everything you would expect from a HCIA. The customers will decide if HPE held promise. The argument for the HC380 shouldn’t be the lower price compared to Nutanix or other HCI players. Especially, HPE should not repeat the mistake of the HC200 EVO:RAIL: To buggy and to expensive. The HC380 combines known and mature products (ProLiant DL380 Gen9, StoreVirtual VSA, OneView). It’s now up to HPE.

I have several small and mid-sized customers that are running two to six nodes VMware vSphere environments. Also the HC380 for VDI can be very interesting.

HP ProLiant BL460c Gen9: MicroSD card missing during ESXi 5.5 setup

This posting is ~4 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Today, I was at a customer to prepare a two node vSphere cluster for some MS SQL server tests. Nothing fancy, just two HP ProLiant BL460c Gen9 blades and two virtual volumes from a HP 3PAR. Each blade had two 400 GB SSDs, two 64 GB M.2 SSDs and a 1 GB MicroSD card. Usually, I install ESXi to a SD card. In this case, a MicroSD card. The SSDs were dedicated for PernixData FVP. Although I saw the MicroSD card in the boot menu, ESXi doesn’t showed it as a installation target.

bl460_no_sdcard

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

I’ve read a lot about similar observations of other users, but no solution seemed to be plausible. It’s not a solution to switch from UEFI to legacy BIOS or play with power management settings. BIOS and ILO firmware were up to date. But disabling USB3 support seemed to be a possible solution.

You can disable USB3 support in the RBSU.

bl460_rbsu

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

After a reboot, the MicroSD card appeared as installation target during the ESXi setup.

bl460_with_sdcard

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

I never noticed this behaviour with ProLiant DL360 Gen9, 380 Gen9, 560 Gen9 or 580 Gen9. I only saw this with BL460c Gen9. The affected blade servers had System ROM I36 05/06/2015 and I36 09/24/2015, as well as ILO4 2.30 installed.

Exchange Management Shell (EMS) and new PowerShell releases

This posting is ~4 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Some day ago, I installed a new Exchange 2013 CU11 for some test ins my lab. Nothing fancy, just a single server deployment on a Windows Server 2012 R2 VM. I deployed this Windows Server from a template, which was updated with the latest Windows Patches and WMF some days ago. The Exchange setup went smooth. I updated the SSL certificates and the internal and external URLs for the virtual directories. Then I started the Exchange Management Shell (EMS), to update the Autodiscover URL in the service connection point (SCP) of the Active Directory.

Well… that doesn’t look successful. I quickly switched to a PowerShell windows and imported the Exchange snap-in manually.

Looks better, isn’t it?

I compared my lab setup to a running Exchange 2013 single server deployment and I stumbled over the PowerShell version. In addition, I found the Windows Management Framework 5 Production Preview (KB3066437) on my freshly deployed Windows Server 2012 R2 VM.

After checking the Exchange Server Supportability Matrix, it was clear what had happened: WMF 5 is not supported (Source). Not supported with Exchange 2013, and also not supported with Exchange 2016.

exchange_supported_wmf

After I had removed KB3066437 from my Exchange server, the EMS loaded successfully.

You should ALWAYS check if installed applications are supported with newer version of PowerShell/ WMF! Currentyl, no Exchange version is supported with PowerShell 5/ WMF 5.

Reset the HP iLO Administrator password with hponcfg on ESXi

This posting is ~4 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Sometimes you need to reset the ILO Administrator password. Sure, you can reboot the server, press F8 and then reset the Administrator password. If you have installed a HP customized ESXi image, then there is a much better way to reset the password: HPONCFG.

Check the /opt/hp/tools directory. You will find a binary called hponcfg.

All you need is a simple XML file. You can use the VI editor or you can copy the necessary file with WinSCP to the root home directory on your ESXi host. I prefer VI. Change the directory to /opt/hp/tools. Then open the pwreset.xml.

Press i to switch to the insert mode. Then paste this content into the file. You don’t have to know the current password!

Press ESC and then :wq<ENTER> to save the file and leave the VI. Now use HPONCFG together with the XML file to reset the password.

That’s it! You can now login with “Administrator” and “password”.

HP Service Pack for ProLiant 2015.04

This posting is ~4 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

Some weeks ago, HP has published an updated version of their HP Service Pack for ProLiant (SPP). The SPP 2015.04.0 has added support for

  • new HP ProLiant servers and options,
  • support for Red Had Enterprise Linux 6.6, SUSE Linux Enterprise Server 12, VMware vSphere 5.5 U2 and (of course) VMware vSphere 6.0,
  • HP Smart Update Manager v7.2.0 was added,
  • the HP USB Key Utility for Windows v2.0.0.0 can now handle downloads greater than 4GB (important, because this release may not fit on a standard DVD media…)
  • select Linux firmware components is now available in rpm format

In addition, the SPP covers two important customer advisories:

  • ProLiant Gen9 Servers – SYSTEM ROM UPDATE REQUIRED to Prevent Memory Subsystem Anomalies on Servers With DDR4 Memory Installed Due to Intel Processor BIOS Upgrades (c04542689)
  • HP Virtual Connect (VC) – Some VC Flex-10/10D Modules for c-Class BladeSystem May Shut Down When Running VC Firmware Version 4.20 or 4.30 Due to an Erroneous High Temperature Reading (c04459474)

Two CAs fixed, but another CA arised (and it’s an ugly one..):

  • HP OneView 1.20 – Upgrading Virtual Connect Version 4.40 with Service Pack for ProLiant (SPP) 2015.04.0 Will Result in a Configuration Error and an Inability to Manage the HP Virtual Connect 8Gb 24-Port Fibre Channel Module (c04638459)

If you are using HP OneView >1.10 and 1.20.04, you will be unable to manage HP Virtual Connect 8Gb 24-port Fibre Channel Modules after updating the module to firmware version 3.00 or later. This is also the case, if you use the smart components from Virtual Connect  firmware version 4.40! After the update, the VC module will enter a “Configuration Error” state. Currently there is no fix. The only workaround is not to update to HP Virtual Connect 8Gb 24-port Fibre Channel Module firmware version 3.00. This will be fixed in a future HP OneView 1.20 patch.

Important to know: With this release, the SPP may not fit on standard DVD media! But to be honest: I’ve never burned the SPP to DVD, I always used USB media.

Check the release notes for more information about this SPP release. You can download the latest SPP version from the HP website. You need an active warranty or HP support agreement to download the SPP.

Logon problems after demoting a branch office Domain Controller

This posting is ~5 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

A customer of mine is currently refreshing his branch office server infrastructure. A part of this project is to demote the Active Directory Domain Controllers, that are currently running in each branch office. The customer has multiple branch offices and each branch office has an Active Directory Domain Controller which is acting as file-/ print- and DHCP server. Each branch office has its own Active Directory site. The Domain Controller and the used IP subnets are assigned to the corresponding AD site. Due to this configuration the clients at the branch office choose the site-local Domain Controller as logon server. This works totally flawless since a couple of years. Over the year bandwidth of site connection has increased and even small branch offices have a redundant MPLS connection to the HQ. And no one likes single domain AD forests with 20 or more Domain Controllers…

j4mib

After demoting the Domain Controller in the first branch office I visited, my colleague and I discovered an interesting behaviour: The removal of the Domain Controller was flawless. Everything went fine. But when we tried to logon at a client, we got no GPOs and no network drives mapped. The name resolution was fine, so this was not our problem. I checked the content of the % LOGONSERVER% variable and discovered that it contained the name of the (now) demoted Domain Controller. After another logout and login, everything was fine. The client had chosen a new domain controller, now from the HQ AD site. This was correct and an expected behaviour. The branch office IP subnets were changed at the same time and the new IP subnets were assigned to the HQ AD site days before we demoted the DC.

Assumption: The client (Windows 7 Enterprise) used cached credentials to logon. These credentials included the old Domain Controller. During the second logon, a new Domain Controller is discovered based in the AD site.

To the lab!

Because I had to do the same in other branch offices, I searched for a solution. I used a couple of VMs to create a similar situation.

  • 2 sites
  • Each site has its own port group
  • 1 IP subnet per site
  • Router VM routes traffic between IP subnets
  • Subnets were assigned to AD sites
  • 1 DC per AD site
  • Client gets IP address from a DHCP in the site
  • Client is moved from one site to another site by switching port group
  • Client uses “last” logonserver (from the old site)
  • After the second logon, the site-local DC is chosen
  • nltest shows the correct DC for the site
  • If usage of cached credentials is disabled, client uses the site-local DC at every logon

I took some screenshots to clarify this. Logon as [email protected] on client2 in site 2.

client_ad_site_logon_server_01

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

I powered off the VM, switched the port group and powered on the VM. I logged on as [email protected] on client2 in site 1. You can see, that the client still uses DC2 as logon server. The client got an IP from site 1.

client_ad_site_logon_server_02

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Logout and logon as [email protected] on client2 in site 1. Now the client uses DC als logon server.

client_ad_site_logon_server_03

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

I tried this several times. The behaviour was always the same. Then I disabled cached credentials using a GPO (“Interactive logon: Number of previous logons to cache” set to 0). Now the client always chose the site-local DC on the first attempt.

Solution?

I don’t know if this is willed behavior. It’s reproducible and I don’t think that this is the result of a misconfiguration or a bug. If you demote a Domain Controller in a branch office, and it’s the only Domain Controller, the clients will try to reach it on the next logon. If the Domain Controller is still available, maybe because you moved it to another site, everything’s fine. But if it’s gone, you will get in trouble due to cached credentials.

In my case, the customer and I decided to assign all used IP subnets from the branch offices to the HQ AD site. Even if the branch offices still have a Domain Controller, the clients now chose the Domain Controller from the HQ. The Domain Controller in the branch offices now acts as only as DHCP and DNS until they are demoted.

HP Service Pack for ProLiant 2014.06

This posting is ~5 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

I’m a bit late, but HP released a new version of their HP Service Pack for ProLiant in June 2014. This version of the SPP supersedes the version 2014.02.0(B). This release adds support for HPs new 20 GbE adapter

and contains new firmware (v4.20b) for HP BladeSystem c-Class Virtual Connect, 4/8Gb 20-port and 8Gb 24-port FC components. HP also added the following firmware and software components to this release:

  • HP ProLiant Converged Network Utility for Windows Server 2008
  • HP ProLiant Converged Network Utility for Windows Server x64 Editions
  • Online ROM Flash Component for Windows – HP ProLiant XL220a Gen8 v2 (P94) Servers
  • HP ProLiant Converged Network Utility for Linux x86_64
  • HP ProLiant Converged Network Utility for Linux x86
  • Online ROM Flash Component for Linux – HP ProLiant XL220a Gen8 v2 (P94) Servers
  • Online ROM Flash Component for VMware ESXi – HP ProLiant XL220a Gen8 v2 (P94) Servers
  • HP Firmware Flash for Emulex Fibre Channel Host Bus and Converged Network Adapters – VMware 5.0/5.1
  • HP Firmware Flash for Emulex Fibre Channel Host Bus and Converged Network Adapters for VMware vSphere 5.5
  • HP Firmware Flash for QLogic Fibre Channel Host Bus Adapters – Vmware
  • HP Firmware Flash for QLogic Fibre Channel Host Bus Adapters for VMware vSphere 5.5

This release of the SPP is the last release, that will support ProLiant G5 (and earlier) models, as also the last release that will contain support for Red Hat Enterprise Linux 5 (RHEL5). Needless to say that HP fixed CVE-2014-0224 with this release. The SPP 2014.06 includes HP SUM 6.4.1.

HP marked the following updates as critical updates. An update is strongly recommended:

  • HP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port and 8Gb 24-port FC Edition Component for Windows
  • HP ProLiant Dynamic Smart Array RAID Controller Driver for Windows Server 2008
  • HP ProLiant Dynamic Smart Array RAID Controller Driver for Windows 2008 x64 Editions
  • HP ProLiant Dynamic Smart Array RAID Controller Driver for Microsoft Windows Server 2012 and Microsoft Windows 2012 R2 x64 Editions

Please take a look into the release notes. You can download the ISO image here. A HP Passport login is required.

Replace HP iLO security certificates

This posting is ~5 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

When you access the HP iLO webinterface, you will be redirected to a HTTPS website. This connection is usually secured by a self-signed SSL certificate. To replace this certificate with a certificate that was issued by your own CA, you have to complete several steps. I will guide you to the steps. I focused on HP ilO 2, but the steps are similar for iLO 3 or iLO 4.

The requirements

We need:

  • an iLO interface that is connected to the network and that has an ip address assigned
  • access to this iLO interface
  • a CA and access to it
  • a web browser

Create the Certificate Signing Request (CSR)

Before we can issue the certificate, we need to create a certificate signing request. This request is used by the CA to create the digital certificate. The CSR contains information to identifying the applicant. This is e.g. the distinguished name (DN), which is the FQDN for a webserver. To create a CSR we have to login into the iLO webinterface.

Create the CSR, issue and install the certificate

I use a Microsoft Windows Server 2012 R2 CA in my lab. This CA is integrated into my Active Directory and I use it to issue certificates for my lab infrastructure. Because it’s my lab, I don’t use a two-tier CA with an offline root CA. ;) But if you are interested in how to setup this, I recommend this two excellent articles written by Derek Seaman and posted on his blog: Windows Server 2012 R2 Two-Tier PKI CA Pt. 1 & Windows Server 2012 R2 Two-Tier PKI CA Pt. 2.

To create a CSR we have to login into iLO and access the “Administration” tab. Then select “Security” from the left menu.

ilo2_ssl_cert_1

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Usually the lower fields are greyed out, so you have to enable “Customized CSR”. Then you can fill the lower, now enabled fields, with values. Don’t forget to hit apply.

A little further down the page, you can create a certificate request.

ilo2_ssl_cert_2

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Click the “Create Certificate Request” button. The certificate request will be generated and you will forwarded to the next page. Now you have to copy the request into a text file or you can past it directly into you CA. I use a W2K12 R2 CA which is running on another host. So I copied the text into a file and saved the file as ilo-esx1.csr.

ilo2_ssl_cert_3

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

No it’s time to issue the certificate. I copied the CSR to my CA into a temp directory. Open an elevated CMD, switch to the directory with the CSR and run the following command:

A windows will pop up where you have to chose the CA. Because I only have on CA, I can’t choose much… Select you CA and click “OK”. Copy the pem file to you client (or whereever you have the browser with the iLO open), click “Next Step” and then paste the content of the pem file into the text field.

ilo2_ssl_cert_4

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

Click “Install Certificate”.

ilo2_ssl_cert_5

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

If you click “Restart” a counter will appear. After 60 seconds you will be redirected to the login page. Please note, that you have to access the login page via the FQDN. Otherwise you will get a certificate error.

Summary

Essentially there is nothing special. It’s much more easier as to do this for a VMware environment… It’s a simple three-step plan: 1. Create the CSR, 2. issue a certificate by using the CSR and 3. install the certificate. Don’t forget to import the CA certificate into you browser. Otherwise you will furthermore get this nasty security warning…

Trouble with Broadcom NetXtreme II and VMware ESXi

This posting is ~5 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

I faced today a really nasty problem. I have four HP ProLiant DL360 G6 in my lab. This server type has two 1 GbE NICs with the Broadcom NetXtreme II BCM5709 chip onboard, which are usually claimed by the bnx2 driver. While applying a host profile to three of the hosts, one hosts reported an error. Supposedly the host hasn’t a vmnic0 and because of this the host profile couldn’t be applied. Okay, quick check in the vSphere Web Client: Only three NICs. C# client showed the same result. Now it was interesting:

Okay… lspci shows four NICs, esxcfg-nics only three.

Okay, vmnic0 is claimed by a driver. Quick check with another DL360 G6. Same firmware and driver. Lets dig deeper.

Ah, okay. That looks interesting:

At this point I asked Google and found a discussion in the VMTN, at which @VirtuallyMikeB had participated. Unfortunately the posted solution (power off the server and pull the power cables) didn’t helped (would have surprised me…). This solution was found in this blog article. Although this was not the solution, but it prompted me to start another attempt: A firmware update, because this may reset the NIC as well. I started the server from a USB stick with the current SPP 2014.02. The automatic firmware update updated the BIOS, the ILO board, NICs, the Smart Array controller, the whole damn server, every part of it. Okay, the server was a “bit” outdated… To make a long story short: The firmware update did the trick.

EDIT: And it seems that I’m not the only one…

A word of warning: Julian Wood wrote a blog article about a firmware update that kills Broadcom NICs in HP ProLiant G2 up to G7 servers. He also links to a customer advisory from HP. Following NICs are affected:

  • HP NC373T PCIe Multifunction Gig Server Adapter
  • HP NC373F PCIe Multifunction Gig Server Adapter
  • HP NC373i Multifunction Gigabit Server Adapter
  • HP NC374m PCIe Multifunction Adapter
  • HP NC373m Multifunction Gigabit Server Adapter
  • HP NC324i PCIe Dual Port Gigabit Server Adapter
  • HP NC326i PCIe Dual Port Gigabit Server Adapter
  • HP NC326m PCI Express Dual Port Gigabit Server Adapter
  • HP NC325m PCIe Quad Port Gigabit Server Adapter
  • HP NC320i PCIe Gigabit Server Adapter
  • HP NC320m PCI Express Gigabit Server Adapter
  • HP NC382i DP Multifunction Gigabit Server Adapter
  • HP NC382T PCIe DP Multifunction Gigabit Server Adapter
  • HP NC382m DP 1GbE Multifunction BL-c Adapter
  • HP NC105i PCIe Gigabit Server Adapter

Don’t update the affected NICs with the HP Smart Update Manager (HP SUM) or the HP Service Pack for ProLiant (HP SPP) 2014.2.0. If you update one of the affected NICs with the firmware smart component be sure to avoid updating the Comprehensive Configuration Management (CCM) firmware to version 7.8.21.

EDIT: Hewlett-Packard published HP Service Pack for ProLiant (SPP) Version 2014.02.0(B), which addresses several issues, not only the Issue with Broadcom NICs. This is taken from the HP website:

This updated version of the SPP was released to address the OpenSSL issue.  See HPN Customer Notice: OpenSSL HeartBleed Vulnerability.  Additionally for Red Hat Enterprise Linux 6 customers, please reference the Red Hat knowledge base article, OpenSSL CVE-2014-0160.  Products affected:

  • HP Onboard Administrator for Windows and Linux version 4.12 replaced 4.11
  • HP System Management Homepage for Windows and Linux version 7.3.2 replaced 7.3.1.4
  • HP Integrated Lights-Out 2 for Windows and Linux version 2.25 replaced 2.23
  • HP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port and 8Gb 24-port FC Edition Component for Windows and Linux version 4.10(b) replaced 4.10
  • HP Smart Update Manager version 6.3.1 replaced 6.2.0

This release also resolves the Broadcom Comprehensive Configuration Management Firmware issue with version 7.8.21 found in the Service Pack for ProLiant 2014.02.0.  See Customer Advisory c04258304 for additional information.

Thanks to Rotem Agmon, who has posted a comment with this information.

HP Service Pack for ProLiant 2014.02

This posting is ~6 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.

After nearly 5 months released HP a new version of the HP Service Pack for ProLiant (SPP). The latest release is now 2014.02.

What is the HP Service Pack for ProLiant?

Back in the days there were two software products to update a ProLiant server with the latest firmware, drivers & agents.

  • HP Smart Update Firmware DVD
  • HP ProLiant Support Pack

the first one was bootable for offline firmware, and also contained Online ROM flash components for online firmware updates. The second was to install/ update the latest drivers and agents. The HP Service Pack for ProLiants (SPP) replaces both. The SPP is a comprehensive software and it’s delivered as a ISO. It can be burned to DVD, installed on a USB stick or extracted and run from the directory. The SPP used the HP Smart Update Manager (SUM) as deployment tool. The HP SUM can be used as a standalone product.

What’s new in SPP 2014.02?

  • Added new support for the HP ProLiant DL580 Gen8 Server
  • Enhanced support (processor update) for the following HP ProLiant servers:
    • HP DL380e Gen8 Server
    • HP DL360e Gen8 Server
    • HP BL420 Gen8 Server Blade
    • HP SL4540/SL4545 Gen8 Server
    • HP ML350e Gen8 V2 Server
  • Added operating system support for:
    • Microsoft Windows Server 2012 R2
    • Red Hat Enterprise Linux 5.10
    • Red Hat Enterprise Linux 6.5
    • VMware ESXi 4.1 U2
    • VMware ESXi 5.0 U3
    • VMware vSphere 5.1 U2
    • VMware vSphere 5.5
  • Contains HP Smart Update Manager v6.2.0
  • Added Simplified Chinese language support

For more information take a look into the Release Notes. The supported server models can be found in the HP Service Pack for ProLiant Server Support Guide.