Hpe Synergy Next-Gen Management Modules: Tektalk

HPE Synergy Next-Gen
Management Modules
TekTalk
April 23, 2019 CDA Required

Housekeeping
March/April 2019 TekTalks
Topic Registration/Replay Link Date
Introducing Next-Generation HPE Superdome http://vshow.on24.com/vshow/HPETekTalks/content/1948200 March 26th 2019

Flex Server (Cascade Lake), Management,
and Workloads
HPE ProLiant Security Enhancements and http://vshow.on24.com/vshow/HPETekTalks/content/1974640 April 9th 2019
Accelerated Performance with 2nd Gen Intel
Xeon Scalable Processors and HPE DC
Persistent Memory
Infosight for Servers Update, Deep Dive, and http://vshow.on24.com/vshow/HPETekTalks/content/1966518 April 10th 2019
Roadmap
Use Data Center Infrastructure Advisor to http://vshow.on24.com/vshow/HPETekTalks/content/1966648 April 11th 2019
Select, Configure, and Evaluate Compute
Environments
HPE Synergy Next-generation Fabrics http://vshow.on24.com/vshow/HPETekTalks/content/1970246 April 18th 2019
HPE Synergy Next Generation Management http://vshow.on24.com/vshow/HPETekTalks/content/1970246 April 23rd 2019

Modules
Forward-looking statements
This is a rolling (up to three-year) roadmap and is subject to change without notice.
This document contains forward-looking statements regarding future operations, product development, product
capabilities, and availability dates. This information is subject to substantial uncertainties and is subject to change at
any time without prior notification. Statements contained in this document concerning these matters only reflect
Hewlett Packard Enterprise's predictions and/or expectations as of the date of this document, and actual results and
future plans of Hewlett Packard Enterprise may differ significantly as a result of, among other things, changes in
product strategy resulting from technological, internal corporate, market, and other changes. This is not a commitment
to deliver any material, code, or functionality and should not be relied upon in making purchasing decisions.
HPE Confidential
Hewlett Packard Enterprise confidential information
This is a rolling (up to three-year) roadmap and is subject to change without notice.
This Roadmap contains Hewlett Packard Enterprise Confidential Information.
If you have a valid Confidential Disclosure Agreement with Hewlett Packard Enterprise, disclosure of the Roadmap is
subject to that CDA. If not, it is subject to the following terms: for a period of three years after the date of disclosure,
you may use the Roadmap solely for the purpose of evaluating purchase decisions from HPE and use a reasonable
standard of care to prevent disclosures. You will not disclose the contents of the Roadmap to any third party unless it
becomes publically known, rightfully received by you from a third party without duty of confidentiality, or disclosed
with Hewlett Packard Enterprise’s prior written approval.
HPE Confidential
Our Presenters
– Bob Noller – Synergy Product Management

– Chris Bradley – Synergy Technical Enablement
6
Agenda
– What’s New in Synergy Management?

– Synergy Configurations Support
– Synergy Software Releases
– Synergy Update Processes: Best Practices
– Q&A
HPE Confidential 7
“When it comes to composable
infrastructure, ‘HPE Synergy is
the 800-pound gorilla’…”
Sumit Puri
Liqid CEO and co-founder
2,600+
Customers & Growing
April 23, 2019 HPE Confidential | CDA Required
Green Zone Targets
Lead with HPE Synergy… HPE Synergy
…for blades, mixed workloads,
BEST TARGETS
and private cloud environments
Tier-1 Service Providers (SPs)
Or
Tier 2-3 Cloud Service Providers (SPs)
which are investing in their own automation framework
Or
Current HPE Synergy or c-Class accounts
Which value flexibility in their infrastructure solutions

with:
 Locations in any HPE-supported country
 Enterprise FC storage (3PAR, Nimble), large volumes
 Mixed workload environments or bare-metal workloads
 Mission-critical or 4S compute
 Use cases requiring more than one Fabric
 Density-optimized for higher node counts
 VDI -- with or without graphics acceleration
 Cisco ACI deployed in leaf-spine layer

What’s New in Synergy
Management ?

Addressing real needs

C
m om
id in
-2 g
Synergy Product Enhancements 01
9
4-port FLM
• Controls and monitors the thermal and power

Composer2 Synergy 12000 Frame infrastructure resources in an HPE Synergy Frame.
• Reports the health status for each component
installed in a frame.
• Collects asset and inventory information of
components installed in a frame.
• Links frames together to create a management ring.
• Hosts the HPE Synergy Console user interface.
HPE Synergy Composer provides

native infrastructure management for
assembling and re-assembling fluid Virtual Connect / Switch
pools of compute, storage, and fabric Master-Satellite modules
resources to meet any workload.
• Virtual Connect / Switch Master modules (100Gb)

• Satellite module (25/50Gb)
April 23, 2019

TEK TALK from 18-April-2019
HPE Confidential | CDA Required
C
m om
id in
-2 g
HPE Synergy Composer2 management appliance 01
9
SKU# 872957-B21
Enhancements with Composer2
Performance
– Day 1 Deployments
– Day-to-day Operations
– Boot, Reboot, and Failover
– User Interface Responsiveness
Security
– Secure Boot
– iLO Remote Access
Reduce complexity Accelerate changes Simplify deployment Efficient scaling
Your Infrastructure as Code

C
m om
id in
-2 g
01
Synergy Composer enhancements 9
Secure, high-performance management of Composable Infrastructure
Composer2
Composer
Synergy Composer2
• Updated architecture with UEFI & iLO5
• Security enhancements
• Secure Boot
• iLO access for managing Remote
Datacenters
Synergy Composer • Two additional 10Gb network ports**
• • Processor: 8-core / 16-threads @ 2.0GHz
Processor: 2-core / 4-threads @ 2.4GHz
• • Memory: 64GB DDR4 SoDIMMs
Memory: 16GB
• • Storage: 400GB NVMe M.2
Storage: 240GB SATA SSD
• • Scaling: 21-frames*
Scaling: 21-frames
Manages Synergy with software-defined intelligence for integration, automation, and customization
** A later software release will enable the two additional ports
* As tested at release.
HPE Security -- Protection from Hardware to System
Recovery
Firmware
(iLO, UEFI, Innovation
Engine, & Option ROM)
Hardware Firmware System

(Silicon)
Custom Operating System
Firmware UEFI BIOS
HPE iLO Chip Boot loader
CPLD Innovation Engine Server Platform Option ROM

Firmware Firmware Services Firmware Firmware
Checking daily -- not just at boot-up

Secure Boot
Security functionality in Synergy Composer2
Secure Start Secure Boot
Hardware Firmware System (Appliance)

(Silicon)
HPE iLO Chip iLO5 FW UEFI BIOS OS Bootloader OS Kernel
Validate Validate Validate Validate

Additional Protections
• Limited access to HPE iLO5
• Lock-down of the UEFI BIOS
• Restricted re-imaging to hardware- & brand- validated functions
• Lock-down of the OS kernel
Management Operation validated to the Silicon Level !

Security for Synergy Composer management appliances
Enhancements coming with Synergy Composer2
Security capabilities exclusive to Synergy Composer2

– Secure Boot
– iLO access for Remote Datacenter management
– Composer remote power controls, remote console, and re-imaging using iLO Virtual Media
– Secure by default: Composer2 iLO always uses the strongest iLO security mode (CNSA mode)
Common Security capabilities to Composer management appliances
– FIPS 140-2 cryptography with CNSA (Commercial National Security Algorithm) algorithms
– Data-at-rest encryption
– TPM-ready (Trusted Platform Module)
– All compute module iLO security modes/states supported
– Transport Layer Security (TLS) -- customizable via REST API
– Digital Certificates
– Certificate Authority Hierarchies
– Detection of low-level Firmware corruption and system halt
– Platform’s identity chain of trust

C
m om
id in
-2 g
Synergy 4-port Frame Link Module 01
9
• Security for Synergy FLM

– Hardware Root of Trust
– Trusted Platform Module (TPM) circuitry
• Optical connections
– Four* SFP+ ports enable optical or copper connections
– Enables direct optical links to switches
– Capability for distant connections
• Compatibility with 2-port FLM
– MGMT & LINK ports
– USB-C-type connector (with DisplayPort connection via dongle)
Dongle
– Health LED, UID
Frame Manager -- “Gatekeeper to Synergy”

* A later software release will enable the two additional ports
C
m om
id in
-2 g
01
Synergy Frame Link Module enhancements 9
Secure frame management with data separated from management
4-port FLM
2-port FLM
4-port Frame Link Module
• Security enhancements
• Hardware Root of Trust
• Secure Start
2-port Frame Link Module • TPM File Encryption
• 2 ports (RJ45) for MGMT & LINK • 4 ports (SFP+) enable optical or copper connections
• 1GbE or 10GbE operation for MGMT • 2 ports (SFP+) for MGMT & LINK
connections • 2 ports (SFP+) direct to management
• 10GbE management rings using LINK appliances*
connections • User Interface
• User Interface • Synergy Console using DisplayPort (via USB-
• Synergy Console using DisplayPort C)
• USB, Health LED, UID • Health LED, UID
Frame Manager -- “Gatekeeper to Synergy”
* A later software release will enable the two additional ports
Extending Connectivity with Synergy 4-port FLM
Management connections at 10Gbps
Distance for Rings
Flexible Connectivity
‘Scattered’ Frames & Remote Subnets
DAC Cables
• Active DAC @ 10Gbps = 15 meters (max)
• Passive DAC ~ 5 meters
AOC Use
• With SR transceivers = 300m (max)
• With LR transceivers = 10km (max)
• With ER transceivers = 40km (max)
Synergy
4-port FLM
Direct SFP
Management
Connections Data Center Switches

Hardware Root of Trust
Security functionality in Synergy FLM 3.00.00 firmware
Hardware Firmware
FLM CPU FLM Bootloader FLM Firmware
Validate Validate
• Authenticates FLM firmware to prevent physical tampering

• Detection by CPU prevents FLM from booting
Validates that the Correct Firmware is in Use !

Secure Start
Hardware Firmware
FLM Bootloader FLM Bootloader FLM Firmware

FLM CPU
(Old) (New) (New)
Validate Validate Validate
• Previous firmware always validates new firmware before switching boot path
• Active FLM bootloader and firmware are always read-only for attack resilience
• No loadable modules are allowed
Secure Firmware Updates !

TPM 2.0 File Encryption for Synergy FLM Security
“Using security services at the hardware level provides better
protection than a software-only mechanism…
PHYSICAL ATTACKS …Aberdeen Group Inc. found organizations using this form of
Key REMOTE ATTACKS authentication to create a hardware root of trust had 50% fewer
Anti-tamper Management security incidents.”
Cyber-security Michael Cobb

CISSP-ISSAP, Security Author, Cobweb Applications Ltd.
Secure Start TPM security overview: Defining the benefits of TPM devices
CRYPTOGRAPHY
Data-at-rest
Supply chain Protection
integrity
Safety Critical
• Trusted Platform Module (TPM) is essentially a
secure crypto-processor that can store cryptographic
Reliability keys
HARDWARE & SOFTWARE RELIABILITY
• TPM 2.0 chip is built into every Synergy 4-port FLM
Robust device security using secure, validated encryption keys !

Security for Synergy Frame Link Modules
Enhancements coming with Synergy 4-port FLM
Security capabilities exclusive to Synergy 4-port FLM

– Hardware Root of Trust
– Secure Start
– Trusted Platform Module (TPM) 2.0 file encryption
Common Security features for 2-port FLM and 4-port FLM
– FIPS 140-2 Level 1
– PCI-DSS compliance
– Secure protocols
– CNSA (Commercial National Security Algorithm) Suite B
– General Data Protection Regulation (GDPR)
– Audit logs
– Authenticated updates
– Centralized platform security policy
– Certificate management
– No clear text passwords
– Scope based access control
– Secure erase of user data
– Secure out-of-the-box
– Verified boot

Product Structures: Synergy 12000 Frame and FLMs
Current Future
797740-B21 CTO 797740-B21 CTO
– (Qty 1) 2-port FLM included – (Qty 1) 2-port included
+ 804942-B21
P06011-B21 CTO
+ – (Qty 10) Fans
804942-B21
804942-B21 – (Qty 1 or 2) 2-port or 4-port

FLM as a Required Option
+ or
876852-B21
797740-B22 CTO TAA

– (Qty 2) 2-port FLM included
797740-B22 CTO TAA
– (Qty 2) 2-port FLM included 804942-B21
+
TAA
+ P06011-B22 CTO TAA
– (Qty 10) Fans
876852-B21
804942-B21 – (Qty 2) 4-port FLM included
+
System Configurations Support

C
Composer
Synergy configuration options
Composers and Frame Link Modules C2
Composer2
Current
C
Current Configurations EOL OBS EOSL* (C & 2p FLM) 2-port FLM

2p FLM
4p FLM
4-port FLM
2p FLM
C2
Operations Performance EOSL (2p FLM)
• Faster UI & Operational performance

• Enhanced security (Secure Boot, iLO Remote Access)
2p FLM
C
Adding More Frames &
EOSL (C)
Extending Connections
4p FLM • Addition of new frames into environment
• Longer distance connectivity
• Enhanced security (TPM)
C2
New Purchases Primary Product Path
4p FLM
• Faster UI & Operational performance
• Longer distance connectivity
• Enhanced security (Secure Boot, iLO Remote Access, TPM)
* Standard 5-year DSP (Division Support Period)

Support Matrix
System configurations: Synergy Composer/Composer2/Image Streamer with HPE OneView.next
Case# Use Case Composer Frames Frames Frames Frames Frames
version with without w/ Image Streamer w/ Image Streamer w/ Image Streamer
Composer Composer and Composer and Composer2
Composer-only configurations
1 Migrate: Composer-Composer2 Composer2 2-port FLM 2-port FLM Not Applicable Not Applicable Not Applicable
2 Migrate & Grow: Add new frames Composer2 2-port FLM Either Not Applicable Not Applicable Not Applicable
4 New deployments Composer2 4-port FLM 4-port FLM* Not Applicable Not Applicable Not Applicable
6 Current Configurations Composer 2-port FLM 2-port FLM Not Applicable Not Applicable Not Applicable
7 Grow: Add new frames Composer 2-port FLM Either Not Applicable Not Applicable Not Applicable
Image Streamer configurations
11 Migrate: Composer-Composer2 Composer2 2-port FLM 2-port FLM 2-port FLM Not Applicable 2-port FLM
14 New deployments Composer2 4-port FLM 4-port FLM* 2-port FLM Not Applicable Not Applicable
16 Current Configurations Composer 2-port FLM 2-port FLM 2-port FLM 2-port FLM Not Applicable
17 Grow: Add new frames Composer 2-port FLM Either 2-port FLM 2-port FLM Not Applicable
Foundational Requirements
• Composers of the same generation must be paired within a Management Ring.
• FLMs of the same generation must be used within a Frame.
• Frames within the same management ring can have mixed Frames of 2-port FLMs and/or 4-port FLMs .
• Frames with original Composers must use 2-port FLMs.
• Frames with Image Streamer appliances require 2-port FLMs.
* These frames are expected to work with 2-port FLMs, but have not been tested.
C Composer
Synergy FLM configurations with HPE OneView.next C2 Composer2

FLM 2-port FLM
Frame Link Modules FLM4 4-port FLM

Transceiver
Management
Network
C FLM C FLM
• MGMT & LINK ports of the 4-port FLM
C FLM C FLM function the same as in the 2-port FLM
• The two additional ports of the 4-port FLM
will be enabled in a future release
Synergy Frames
C FLM4 C FLM4
Appliance
Bays C FLM4 C FLM4
Management Ring
Requirements
• Frames with 2-port FLMs and Frames with 4-port FLMs can exist in the same Management
Ring
• The same FLM generation must be used within a Frame
C Composer
Synergy Composer configurations with HPE OneView.next C2 Composer2

FLM 2-port FLM
Examples (1 of 3) FLM4 4-port FLM

Transceiver
#6 Current Configurations #1 Migrate: Composer-to-Composer2
Management Ring with Composer pair (2-port FLMs) Management Ring with Composer2 pair (2-port FLMs)
Management Management
Network Network
C FLM C FLM C2 FLM C FLM
C FLM C FLM C FLM C FLM
C FLM C FLM C FLM C2

C FLM
Management Ring Management Ring

Requirements
• The same generation of Composers must be paired within a Management
Ring
• Original Composer appliances must have 2-port FLMs in that same Frame
C Composer

FLM 2-port FLM
Examples (2 of 3) FLM4 4-port FLM
#7
Grow: Add new Frames #2 Migrate & Grow: Add new Frames after Migration Transceiver
Management Ring with original Composer pair Management Ring with Composer2 pair
Management Management
Network Network
C FLM C FLM C2 FLM C

C2 FLM
C FLM4 C FLM4 C FLM4 C FLM4
C FLM4 C FLM4 C FLM4 C FLM4
Management Ring Management Ring

Requirements
Ring
C Composer

FLM 2-port FLM
Example (3 of 3) FLM4 4-port FLM
#4 New Deployment Transceiver
Management Ring with Composer2 pair (4-port FLMs)

Management
Network
C FLM4 C2 FLM4
C FLM4 C FLM4
C2 FLM4 C FLM4
C FLM4 C FLM4
Management Ring
Requirements
Ring
C Composer
Composer2
Synergy Image Streamer configurations with HPE OneView.next
C2
FLM 2-port FLM

Image
#16 Current Configurations IS
Streamer
Management
Network Transceiver
Logical Enclosure (LE)
C FLM C
C1 FLM
• Supports up to 10 Logical Enclosures (LEs)
IS FLM C FLM • Requires a 3-frame minimum HA
configuration
• Single-frame configurations can be used for
POC & Development
C FLM C FLM
C FLM IS FLM
Management Ring
Requirements
• Image Streamer pairs must be matched with 2-port FLM pairs
• Image Streamer is supported by pairs of the original Composer or by Composer2 pairs
• Frames without Composer or Image Streamer can have 2-port FLMs or 4-port FLMs
• LE’s with Image Streamer are 2-to-5 frame VC domains (3-frame minimum for HA, 2-frame for
incremental)
C Composer
Composer2
C2
FLM 2-port FLM

#11 Migrate: Composer -to- Composer2 IS
Image
Management Streamer
Network Transceiver
Logical Enclosure (LE)
C2 FLM C2
C1 FLM
• Supports up to 10 Logical Enclosures (LEs)
IS FLM C FLM • Requires a 3-frame minimum HA
configuration
• Single-frame configurations can be used for
POC & Development
C FLM C FLM
C FLM IS FLM
Management Ring
Requirements
incremental)
C Composer
Composer2
C2
FLM 2-port FLM

#17 Grow: Add new Frames IS
Image
Management Streamer
Network Transceiver
Logical Enclosure (LE) Logical Enclosure (LE)
C FLM C
C1 FLM C2 FLM C2 FLM4
IS FLM C FLM IS
C FLM IS2 FLM4
C FLM4 C FLM C FLM C FLM4
C FLM4 IS FLM IS2

IS FLM C FLM4
Management Ring
Requirements
Add Frame to existing Logical Enclosure (LE) Add a new Logical Enclosure (LE)
incremental)
C Composer
Composer2
C2
FLM 2-port FLM

Image
#14 New Deployments IS
Streamer
Management [ Other variants are possible ]
Network Transceiver
C2 FLM FLM C2 FLM C2 FLM
IS FLM IS FLM IS
C FLM IS
IS2 FLM
C2 FLM4 C2 FLM4 C FLM4 C FLM4
C FLM4 FLM4 IS2 FLM4 C FLM4
Management Ring
Requirements
incremental)
C Composer
Composer2
C2
FLM 2-port FLM
Bonus#14
Examples New Deployment
[ Supported variant with poor HA ]
#11 ‘Migrate’ #11 ‘Migrate’ FLM4 4-port FLM
[ Supported variant with poor HA ] [ Supported 3-frame HA ] Image
IS
Management Management Management
Streamer
Network Network Network Transceiver
Logical Enclosure (LE) Logical Enclosure (LE) Logical Enclosure (LE)
C2
C1 FLM4 C2
C1 FLM C2
C1 FLM
C2 FLM4 C2 FLM IS FLM
FLM FLM C2 FLM
IS FLM IS FLM FLM
C FLM C FLM C FLM
IS FLM IS FLM IS FLM

Synergy Software Releases

HPE Synergy Software Releases
Basic Elements TESTED as a SOLUTION
Synergy Management Appliances Synergy Management HPE

– HPE Synergy Composer (running HPE OneView) combination: OneView
HPE Composer release
– HPE Synergy Image Streamer
HPE Image Streamer
HPE Image
Streamer
release
Synergy Frame Elements
– Synergy 12000 Frame
– Synergy Compute Modules (e.g. SY480, SY660)
Synergy Custom SPP
– Interconnect Modules (e.g. VC, adapters)
– Frame Link Modules
ADD REMOVE
• Synergy Frame components • Non-Synergy components
(Frame Link Modules, Interconnect • c-Class Virtual Connect &
Modules, SAS & D3940 Storage OnBoard Administrator (OA)
Modules) • Non-Synergy ROMs & Storage
• Hotfixes (as necessary) Arrays
Base SPP
( ProLiant )
HPE Synergy Software Releases
Nomenclature for Basic Elements www.hpe.com/downloads/synergy
Synergy Management Appliances

Synergy Management combination
– HPE Synergy Composer (running HPE OneView) Paired version releases of
– HPE Synergy Image Streamer HPE Composer + HPE Image Streamer
SAMPLE NOMENCLATURE -- SYNERGY MANAGEMENT

Synergy Composer 4.20.01 + Synergy Image Streamer 4.20.00
Synergy Frame Elements

– Synergy 12000 Frame
– Synergy Compute Modules (SY480, SY660, etc.) Synergy Custom SPP
– Interconnect Modules (Virtual Connect, adapters, etc.)
– Frame Link Modules
SAMPLE NOMENCLATURE -- SYNERGY CUSTOM SPP
Synergy Custom SPP = 2019.03.20190401
Base SPP (ProLiant) = 2019.03.__________ March-2019 Base SPP
Custom SPP Date = ________.20190401 01-April-2019 (approx. release)

C
m om
TEK TALK on 16-May-2019 id in
-2 g
HPE Synergy Composer based on OneView.next 01
9
Synergy Hardware Storage Supportability
– 100Gb Interconnect Modules – Nimble Fibre Channel direct attach – Cancel firmware update task
– Composer2 management appliance – Brocade REST API (FOS) for BNA – ‘Global secondary contact’ added in
– 4-port Frame Link Module replacement HPE OneView Remote Support
– Preview Support Dump
Voice of the Customer

Networking & Fabric Templates/Profiles
VoC
– Advanced L2 Features for 100Gb – Cluster profile ‘rolling cluster update’ – Enhanced ‘noisy alert’ suppression
Synergy VC Interconnect Module for VMware vSAN – Fine-grained progress indicators during
– Synergy IPv6 support with device – Consistency Reporting for firmware update process
assignment/address pools FW+BIOS (Server Profile to Server – Improved Logical Interconnect (LI)
– Support for large network sets Hardware) ‘Update from Group’ progress indicators
– Arista ToR support – Display-of-progress reporting
enhancements for long-running tasks
Firmware – Server firmware ‘retries during failure’
iLO Integration enhancements
Management
– WCAG 2.0 Accessibility standards for
Keyboard Operations
– iLO Configuration for Hostname & – Firmware compliance dashboard
Key manager setup for Gen10-based servers
See the NDA Presentation in the OneView Briefcase in Seismic for

details April 23, 2019 HPE Confidential | CDA Required
Follow Revenue Recognition Rules on HPE Roadmaps for Software

© Copyright 2019 Hewlett Packard Enterprise. The information contained herein is subject to change without notice. Hewlett Packard Enterprise Confidential
Synergy Update Processes:
Best Practices

Migration of Synergy Composer management appliances
Synergy Composer to Synergy Composer2
Foundational requirement: Composer appliances within a Synergy management ring must be of the same generation.
Process Planning
– Requires HPE Composer (HPE OneView) downtime and a maintenance window.
– HPE Composer management will be lost during this process, resulting in no communication of performance data, activities, or event
alerts.
– Servers & applications are expected to be able to run during this process if the systems have already been provisioned.
– There will be no expansion of applications that are ‘elastic’ (like DevOps, or those which are based on automation ‘run books’)
during this process because HPE Composer is offline.
Component Migration Process

– HPE Composer pair must be updated to the HPE OneView.next release.
– Execute a Backup of the HPE Composer pair.
– HPE Composer pair are powered down and removed from the Synergy Frame.
– HPE Composer2 pair are installed in the Synergy Frame and powered-on.
– Set up the HPE Composer2 pair to operate on the HPE OneView.next release.
– Execute a Restore to the HPE Composer2 pair. Composer Pair Composer2 Pair
– And an update of the Synergy Custom SPP is required.

2-port FLM 4-port FLM
Migration of Synergy FLM components
Synergy 2-port FLM to 4-port FLM
Foundational requirement: Frame Link Modules within a Synergy Frame must be of the same generation.
Process Planning
– Recommend HPE Composer (HPE OneView) downtime and a maintenance window as a precaution.
– There is a known issue with the SAS switch and D3940 Storage Module.
– NOTE: Remote frames require modified processes. (See slide notes.)
– FLM upgrades must be done one-frame-at-a-time and must complete successfully before proceeding to the next frame.
– Loss of management LAN access can be expected for that frame (but not other frames) while the FLMs are removed from
the frame. Loss of production traffic is not expected.
Component Migration Process
– Upgrade to HPE Composer (HPE OneView.next) and the new Synergy Custom SPP which supports the 4-port FLM.
– For any Synergy Frame which DOES NOT contain Composer:
– 1) Remove both 2-port FLM units from the Synergy Frame, then 2) Insert both 4-port FLM units into the Synergy Frame.
– HPE Composer (HPE OneView) communicates appropriate settings to the new 4-port FLM units
– Any frame in a functioning ring managed by HPE OneView will be automatically claimed and brought back under management.
– For any Synergy Frame which DOES contain Composer:
– 1) Migrate from Composer-to-Composer2, if desired, 2) Upgrade to the new Synergy Custom SPP, 3) Migrate FLMs in frames with
Composers

REFERENCES
HPE Synergy Software Releases and Update Processes
HPE Synergy Software Releases – Overview http://www.hpe.com/downloads/synergy
– Maps supported Synergy management combinations to supported Synergy Custom SPPs.
Upgrade Paths for Synergy Management combinations www.hpe.com/info/synergy-fw-upgrade-table

– Allows you to identify starting versions and ending versions available for Composer and Image Streamer
HPE Synergy Firmware Comparison Tool www.hpe.com/info/synergy-fw-comparison-tool

– Allows you to compare the contents of HPE Synergy Custom SPPs for supported management combinations.
Best Practices for HPE Synergy Firmware and Driver Updates www.hpe.com/info/synergy-docs
– Provides instructions on updating HPE Synergy firmware and drivers.
HPE SPOCK https://spock.corp.int.hpe.com/spock/Pages.internal/spock2Html.aspx?htmlFile=hw_virtual_connect.internal.html

– Single Point of Connectivity Knowledge for HPE Storage Products
– Drivers for HPE products and some partner products
VMware Support for HPE Synergy Software Releases

– Provides guidance for VMware versions and vSAN support.
– For VMware support: https://www.vmware.com/resources/compatibility/search.php
– For VMWare vSAN support: https://www.vmware.com/resources/compatibility/search.php?deviceCategory=vsan

Backup the Appliance(s)
HPE OneView Backups are important
Automated backup to Linux or Windows repositories
Don’t forget Image Streamer backups*
* Caution: OS Volumes can’t be backed up from Composer (HPE OneView)

Composer health
Ensure the Composers are in a healthy state

Check the Dashboard for Critical Errors
Resolve any critical issues on:

– Server Profiles
– Logical Enclosures
– Logical Interconnects

Ensure all Interconnects are in a Configured State

Order of Operations Matter
HPE OneView/Composer Updates

Logical Enclosure / Logical Interconnects
Server Profiles
– Server Profile Templates
– Individual Server Profiles
Always match firmware and drivers

Q&A
51
Thank you
HPE Confidential Information
REFERENCE SLIDES

HPE Synergy Documentation Overview
for use with HPE OneView.next
Product User Docs What’s New System Level Doc Highlights

Full set of content
HPE OneView.next  YES for HPE OneView.next  Simplify Document Offering
 Synergy Migration Guide (detailed guide)
 Synergy Cabling Guide with new use cases
Composer2
Synergy Composer2  YES User Guide  Synergy Release information (One Stop shop)
 FW Comparison Tool
 Upgrade Paths
Synergy 4-Port  YES 4-Port FLM
 SW Features
User Guide 3.0
Frame Link Module  Best Practices for Synergy FW and
Driver Updates (new title coming soon)
Synergy 100Gb VC SE YES Install Card, Setup and
Installation Guide
Interconnect Module
Synergy Management Components
REFERENCE: HPE Part Numbers
HPE Part HPE Description Comments
Number
HPE Synergy 12000 Frame with ten (10) Fans & with either one (1) or two (2) FLMs --
P06011-B21* HPE Synergy 12000 CTO Frame 10x Fan of 2-port FLM or 4-port FLM variety.
NOTE: Orders default to 4-port FLM and 2650W Power supplies.
P06011-B22* HPE Synergy 12000 TAA CTO Frame 2x4FL10F HPE Synergy 12000 TAA Frame with ten (10) Fans & with two (2) 4-port FLMs
872957-B21* HPE Synergy Composer2 Appliance

872957-B22* HPE Synergy TAA Composer2 Appliance TAA
876852-B21* HPE Synergy 4-port Frame Link Module 4-port FLM
P06458-B21* HPE SY 4p Frame Link Module USB Adapter ‘Dongle’ for USB-C to DisplayPort for 4-port FLM
804942-B21 HPE Synergy Frame Link Module 2-port FLM
804353-B21 HPE Synergy Composer

804353-B22 HPE Synergy TAA Composer TAA
804937-B21 HPE Synergy Image Streamer

804937-B22 HPE Synergy TAA Image Streamer TAA
* Available mid-2019 April 23, 2019 HPE Confidential | CDA Required

Synergy Composer2
Secured management appliance
iLO5 - limited access BIOS/UEFI – locked down
• RBSU actions disabled
OS Kernel – locked down
• Remote console • securelevel 1 enforced with secure boot
• Remote re-image • UEFI Key DB modification disabled
• Remote power • BIOS REST API disabled
• Read only access to iLO config
Synergy Composer2
Synergy Appliance OS Synergy OS OS Kernel

Public signed Boot OS Kernel Drivers &
Validation Modules
Key DB OS SHIM Loader
BIOS HPE OneView

iLO5 UEFI ‘Brand’ ‘Brand’
Validation
ProLiant
Public
Key DB IP OS
Validation
System Firmware Intelligent
Provisioning
Signature validation during appliance start and secure boot Intelligent Provisioning – re-image only
• Re-image zip file validation for Synergy only
– Synergy public key is used for appliance OS secure boot validation appliance
– ProLiant public keys only used for appliance re-imaging (IP OS secure boot validation) • HW version (v1 or v2) validation
• ‘Brand’ validation, Composer or Image Streamer
‘Brand’ check to ensure correct appliance software is installed and started on matching HW
– Composer or Image Streamer on matching HWApril 23, 2019 HPE Confidential | CDA Required
HPE Synergy 2900W – 3400W Hot Plug Platinum Power Supply
SKU# 876929-B21
What
− 13% - 28% larger capacity than existing HPE Synergy power supplies
− Flexible VAC input range supported from 200VAC to 240VAC.
− Efficiency comparable with existing HPE Synergy Titanium power supplies
− Works with existing frame
Why
− Component power (e.g. CPU, memory, storage) continues to rise for foreseeable future
Output
Input voltage
− Allows full frame compute capacity with higher powered Synergy modules power
200VAC 2900W
208VAC 3000W
When 220VAC 3200W
− Currently supported for 240V AC 230 - 240VAC 3400W
− Future support for 200-220V AC, July 2019 240VAC 3400W
Always verify Synergy configurations with HPE Power Advisor!

HPE Synergy Software Support Policy
Synergy Management combinations -- of Composer (HPE OneView) and Image Streamer

Support policy is the same as HPE OneView policy:
– Major releases are supported for 2 releases back.
– Example: Composer 4.10, 4.00, and 3.10 are supported.
– Patch updates for each HPE OneView are supported for each release stream for ‘12 months after the first release of the next HPE OneView release’.
– Example: HPE OneView 4.1 was first released in June 2018, so HPE will provide patches on the previous release, HPE OneView 4.0, until June 30, 2019.
– NOTE: For a version that is in the "End of Support" phase, HPE Pointnext will continue to take calls from customers with active support contracts, but there will be no new fixes provided
for this release.
– Exceptions may be made in specific cases.
Synergy Composer (HPE OneView) and Image Streamer release in lockstep -- as ‘Management combinations’
– Only supported combinations of Composer (HPE OneView) and Image Streamer releases can be used, and these are specified by the Synergy Management combinations
in Synergy Software Releases.
– Timing: Synergy Composer releases at approximately the same time as the HPE OneView virtual appliance (OVA).
Synergy Custom SPP releases are supported for one year.

Support policy is based on HPE core Service Pack for ProLiant (SPP) policy.
Only HPE Synergy Custom SPPs developed & qualified by the HPE Synergy Program are recommended.
Synergy Custom SPPs can only be customized in compliance with a supported release from within HPE Composer (HPE OneView).
Synergy Software Support Policy (02-April-2019)
“The information contained herein is subject to change without notice. HPE shall not be liable for technical or editorial errors or omissions
contained herein.” April 23, 2019 HPE Confidential | CDA Required
END

Hpe Synergy Next-Gen Management Modules: Tektalk

Uploaded by

Copyright:

Available Formats

Hpe Synergy Next-Gen Management Modules: Tektalk

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hpe Synergy Next-Gen Management Modules: Tektalk

Uploaded by

Copyright:

Available Formats

HPE Synergy Next-Gen

April 23, 2019 CDA Required

Introducing Next-Generation HPE Superdome http://vshow.on24.com/vshow/HPETekTalks/content/1948200 March 26th 2019

HPE Synergy Next Generation Management http://vshow.on24.com/vshow/HPETekTalks/content/1970246 April 23rd 2019

– Bob Noller – Synergy Product Management

– What’s New in Synergy Management?

Which value flexibility in their infrastructure solutions

April 23, 2019 HPE Confidential | CDA Required

April 23, 2019 HPE Confidential | CDA Required

April 23, 2019 HPE Confidential | CDA Required

• Controls and monitors the thermal and power

HPE Synergy Composer provides

• Virtual Connect / Switch Master modules (100Gb)

April 23, 2019

Reduce complexity Accelerate changes Simplify deployment Efficient scaling

Your Infrastructure as Code

Hardware Firmware System

CPLD Innovation Engine Server Platform Option ROM

Checking daily -- not just at boot-up

April 23, 2019 HPE Confidential | CDA Required

Hardware Firmware System (Appliance)

HPE iLO Chip iLO5 FW UEFI BIOS OS Bootloader OS Kernel

Validate Validate Validate Validate

Management Operation validated to the Silicon Level !

Security capabilities exclusive to Synergy Composer2

April 23, 2019 HPE Confidential | CDA Required

• Security for Synergy FLM

Frame Manager -- “Gatekeeper to Synergy”

April 23, 2019 HPE Confidential | CDA Required

FLM CPU FLM Bootloader FLM Firmware

• Authenticates FLM firmware to prevent physical tampering

Validates that the Correct Firmware is in Use !

April 23, 2019 HPE Confidential | CDA Required

FLM Bootloader FLM Bootloader FLM Firmware

Validate Validate Validate

Secure Firmware Updates !

April 23, 2019 HPE Confidential | CDA Required

Cyber-security Michael Cobb

Robust device security using secure, validated encryption keys !

Security capabilities exclusive to Synergy 4-port FLM

April 23, 2019 HPE Confidential | CDA Required

804942-B21 – (Qty 1 or 2) 2-port or 4-port

797740-B22 CTO TAA

April 23, 2019 HPE Confidential | CDA Required

Current Configurations EOL OBS EOSL* (C & 2p FLM) 2-port FLM

Operations Performance EOSL (2p FLM)

• Faster UI & Operational performance

* Standard 5-year DSP (Division Support Period)

Synergy FLM configurations with HPE OneView.next C2 Composer2

Frame Link Modules FLM4 4-port FLM

Synergy Composer configurations with HPE OneView.next C2 Composer2

Examples (1 of 3) FLM4 4-port FLM

C FLM C FLM C2 FLM C FLM

C FLM C FLM C FLM C FLM

C FLM C FLM C FLM C2

C FLM C FLM C FLM C FLM

Management Ring Management Ring

Synergy Composer configurations with HPE OneView.next C2 Composer2

Examples (2 of 3) FLM4 4-port FLM