When working with HPE server systems, we come across terms like SUM and SUT.
So, today we will go through the basics and differences among those two. Most of us know SUM, which stands for Smart Update Manager. HP Smart Update Manager is a product which updates firmware and software on HPE Synergy Compute Modules, HPE ProLiant servers, and firmware on HPE Integrity and HPE ProLiant Moonshot servers. HP SUM has a browser-based GUI; as well as a scriptable interface using legacy command line interface, input file, and interactive command line interface modes. Typically this ISO is burned into a DVD or flash drive. Once the media has been created we typically boot from that media and carry out the installation as required.
Integrated Smart Update Tools (iSUT) is the smart update solution for performing online firmware and driver updates. iSUT is used with iLO 4, iLO 5, and with update solutions (management appliances such as iLO Amplifier Pack or HPEOneView and Smart Update Manager (SUM) to stage, install, and activate firmware and driver updates.
This solution basically reduces the downtime and manual work which is required by the IT support personnel. In order to SUT work, the toolkit should be installed on the host Operating System (ex: esxi, windows, linux). SUT is really useful if your environment is having multiple servers. Unlike in SUM, the SUT configuration requires additional steps and some knowledge on FIPS security levels. HPE provides a great guide on SUT configuration, if need to learn more about FIPS, you may have a quick look on that as well.
As IT professionals we are suposed to work on server systems. Also there are instances where we need to harden the server hardware infrastrcture. With HPE iLO 5 standard edition, included with every ProLiant Gen10 Server, customers get the ability to configure their servers in one of three security modes. The default is the “Production Mode”
Production Mode, High Security Mode, and FIPS Mode. With the iLO Advanced Premium Security Edition license, customers who need the highest-level encryption capabilities have a fourth mode available to them: CNSA Mode
Lets deep dive into the FIPS modes that most of the vendors support.
When set to this security mode, iLO uses the factory default encryption settings. The system maintenance switch setting to bypass iLO security (sometimes called the iLO Security Override switch) disables the password requirement for logging in to iLO.
High Security Mode
This locks down the host interface by requiring authentication from the host OS side. High security mode enforces stricter security policies such as requiring valid iLO 5 credentials to use RBSU or other host-based utilities.
FIPS Mode not only implements validated encryption ciphers (as High Security Mode does) but also closes down insecure interfaces that do not meet the government standard. Because interfaces like IPMI and SNMP v1 are shut off, potential attack surfaces are reduced. When entering FIPS mode, all the iLO 5 settings are reinitialized to operate as a FIPS validated environment.
CNSA is a suite of cryptographic algorithms approved for use by the US National Security Agency for protecting secret and top secret information with the U.S. government, and is the highest-level cryptographic algorithm available for commercial systems.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
1 year 24 days
Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
5 months 27 days
This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.