In today’s post, we will take a look at patching HPE Proliant Gen 10 servers running vSphere ESXi using HPE iSUT. This patching method allows sysadmins to install firmware updates to the server components directly from the ESXi SSH. This is a handy solution that provides an easy way of patching firmware and maintaining an overview.
Of course, I can see you thinking about why I’m writing a blog on a traditional way of patching while we have a vSphere lifecycle manager (vLCM).
It indeed is a great solution for patching and lifecycle management but it currently has one major limitation. vLCM has a hard requirement on using uniform hardware from the same vendor and the same hardware version. Meaning a cluster with Gen 9 and Gen 10 is not supported.
More info on the requirements can be found here.
Unfortunately, this was the case for my customer, running a large vSAN cluster combined with G9 and G10 nodes. So SUM and iSUT to the rescue for patching our HPE gen 10 ESXi nodes!
What is iSUT?
Integrated Smart Update Tools (iSUT) is the smart update solution for performing online firmware and driver updates. iSUT is used with Smart Update Manager (SUM) to stage, install, and activate firmware and driver updates. SUM is the local update manager launched from an HPE SPP ISO (Service Pack Proliant), where you select the desired firmware you wish to install on the servers. Meaning, you create a baseline for a specific set of ESXi nodes that you wish to remediate.
iSUT will then utilize the baseline, to stage all individual firmware as individual tasks on the ESXi server and perform them one by one.
There is also the setting to “auto stage and reboot” but I do not recommend setting this by default. Just to make sure you are in total control of all reboots in the environment.
Creating a baseline in SUM
As mentioned before, we can stage any firmware on any server we need to create a baseline.
Download the latest or desired HPE SPP ISO from the HPE site for the hardware generation (currently iSUT is only supported with Gen 10).
On a management server or endpoint, attach the ISO and launch the SUM_LAUNCH.bat file to start SUM.
Log in using the username and credentials that you are currently logged into on the machine.
This will open SUM and present you with 3 options to continue:
Select “Baseline Libary” to start creating a new baseline for our ESXi nodes.
But for my customer, a specific firmware version included in the SPP was currently not supported by VMware. (VMware HCL)
Therefore we need to ensure that this is not updated automatically. The Baseline that is created automatically with the SPP does include this by default, so we needed to create our own custom baseline.
Based on the default baseline, we will create our own, Select the default baseline, and select create a custom option on the right (actions dropdown).
Provide a new name for this custom baseline as well as the Output location. Make sure the SPP automatically generated baseline is selected as the source baseline. Next, we need to select all the required components that we want to include. This can be done using the filters:
Select or deselect the components you want to include in your baseline.
Attaching Baseline to ESXi nodes
With our custom baseline created, we can attach this to our ESXi servers that we want to do the lifecycle management on.
Open the node overview and add the ESXi node to SUM.
With the node added in SUM, we can apply our newly created baseline to the specific node.
This is the screen is normally directly prompted once a node has been added:
Preparing ESXi node for iSUT
The Integrated Smart Update tool (iSUT) is by default not installed on a vanilla ESXi node. Only when using the HPE Customized ISO when installing vSphere ESXi onto the server, will SUT be present. (more info: HPE VIB Depot – ESXi releases).
Or by manually installing the SUT component on the ESXi node by downloading and installing the offline VIB. These can also be downloaded via the same link as above from the HPE VIB Depot.
Deploying updates from SUM
With our baselines and nodes added in SUM, we can start patching our servers. Open the node page of the node you wish to update.
I strongly advise always start with a single server, to validate the interoperability and stability of the server with ESXi. You don’t want your entire production cluster going down because of PSOD issues, due to a mistake you made with the compatibility between some exotic HBA and ESXi.
On the page click on “Ready for deployment” to start the staging and installation of all updates.
You receive a nice overview of all identified updates applicable for the node you have selected on the deployment page.
Below that you will see the entire overview of all selected components that will be installed with the deployment.
Make sure that you only have selected the components that can be upgraded, Hardware compatibility-wise.
With everything ready, click on the Deploy option. This will start patching the servers.
SUM will start with upgrading all firmware on the server ( ILO, BIOS, HBA’s, NIC’s,…) and do the necessary reboots.
Running iSUT on ESXI
But when it comes to drivers, SUM will require iSUT to be utilized to patch the necessary drivers. SUM will give the following message during the upgrade process depending on the iSUT config. But by default, it should mention the following: waiting for iSUT to pick the component
This is because iSUT by default is configured to run in ondemand mode, where all actions need to be triggered manually.
iSUT has the following modes available: OnDemand, AutoDeploy, AutoDeployReboot.
More info on all iSUT commands and troubleshooting can be found here:
Integrated Smart Update Tools 2.8.0 User Guide forWindows, Linux, and VMware ESXi
As I’m not a big fan of unattended patching of drivers and firmware without your knowing, I always leave it in “ondemand” mode.
So to kick off the iSUT actions. Open SHH session to the ESXi node and run the following command sut -deployreboot
This will start downloading and installing the component upgrades from SUM.
With the SUT launched, it will contact SUM and stage all upgrades locally, installs them. If you have used the sut -deployreboot command, this will allow iSUT to automatically reboot the ESXi server when it requires a reboot. This will not restart or continue the deployment, so additional sut -deployreboot commands may be needed until all components are upgraded successfully. SUM will prompt that the install is fully done.
Your server should now be fully compliant with the customer baseline you have created that is compatible with the VMware Hardware compatibility list.
I hope this guide, has helped you in any way of patching your existing HPE Gen 10 ESXi servers using SUM and iSUT. Thank you for reading!
Some other of my blogs: VCAP DTM design session – VMUG Belgium