HP warns customers of defective firmware on its G2 to G7 series servers
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
April 25, 2014
Earlier today, HP has warned its customers that one of its firmware updates can accidentally crash the network interface cards (NICs) in 100 Series
ProLiant Server models. The Service Pack for ProLiant 2014.02.0 can potentially kill HP Broadcom-based network adapters in G2 to G7 series servers, HP
A machine relying on a dead NIC is not much use at all and may very well require a motherboard swap to fix if the slain silicon is a
built-in component. The affected adapters range from PCIe cards to integrated controllers.
HP's online support centre admitted that applying the firmware upgrade on some vulnerable systems could have a disastrous effect, rendering
the server useless in communicating with the outside world.
"On certain HP ProLiant servers, certain HP Broadcom-based network adapters listed may become non-operational when they are updated with
the Comprehensive Configuration Management firmware Version 7.8.21 using our firmware smart component, HP Smart Update Manager or the HP Service
Pack for ProLiant 2014.2.0," HP warned.
It also added that, in extreme cases, such a network adapter may require a hardware replacement to fully recover the NIC.
System admins who download and install the patch on a vulnerable machine will shortly discover that the server cannot detect its own
network adapter, which will be an issue to fix correctly, especially when trying to subsequently load in the replacement firmware.
For some admins, the warning HP tacked onto the service pack's web page came too late in the day-- the firmware was released on April 18, giving
unsuspecting IT departments plenty of time to crash the affected servers.
Richard Brain, technical director at security firm ProCheckup says that he was advised by HP to swap out a bug-hit motherboard-- the
network adapter is embedded on it, but this was not a cheap nor a quick solution to the problem.
"To replace a server motherboard in a G2 to G7 series Proliant machine takes the best part of half a day," he said, pointing out the
fans, the fan tray, the drives and drive bays, power controllers, PCIe cards, CPUs, and memory, and so on must be removed.
An HP spokeswoman told us that upon becoming aware of the issue, "HP removed the components causing the failure", but didn't give any
technical details of the screwup.
She said that customers that completed the firmware update on the at-risk systems should contact HP for remediation as "in this case the
components causing the failure many need to be removed".
"HP expects that, due to the nature of the issue, some customers could experience this problem," she said, adding that it is confident the response
team handles problems quickly and efficiently.
HP added that it's still trying to work out how many customers are at risk with this problem, and will issue an update by April 30.
In other IT news
AuDA wants to introduce DNSSEC into the Australian domain name space, signing the .au domain in its production environment as the first step in a 4-month
.au Domain Administration Ltd (auDA) is the governing authority and industry self-regulatory body for the .au domain segment in Australia.
DNSSEC has been possible for years, but has been held back by industry inertia. Under DNSSEC, a DNS (domain name system) record is
signed, allowing resolvers to authenticate the relationship between domain names and IP addresses where they are hosted.
But the slowly evolving rollout has gathered some small momentum in response to the increasing use of DNS as an attack vector (for example, via redirections).
In 2013, Google began validating DNSSEC records in its public DNS resolvers. The issue for the typical system admin is that DNSSEC is
needed all the way up the chain, from their own site back to the root zone, meaning that the AuDA rollout is a vital step in the deployment
of the protocol for .au domains.
AuDA explains that it has taken a cautious approach over the last 1 1/2 year because the protocol introduces a new level of risk for
registry operators. DNSSEC requires the inclusion of cryptographic keys in the DNS and at times frequent editing of a zone file. This
level of interaction and the complexity of cryptographic keys largely increase the risk of error during a zone change or update.
A DNS error made to a signed zone can cause a zone to appear offline or bogus to validating resolvers, the organisation writes.
Right now, the body says, the signed .au zone is simply experimental. Over the next four months, the group plans to use the signed
domain to finish testing its own processes for supporting signed domains, including production load tests, testing signing events, and
helping second-level domain owners add their own signed records into the .au zone.
The plan is that on August 28, 2014, AuDA will submit its record to IANA, and DNSSEC will then be available for .au domain owners.
In other IT news
The OpenPOWER Consortium was formed by IBM a year ago, at a time when Big Blue and other IT companies were seeing their hardware
divisions cut down by a serious drop in spending from enterprise clients.
The drop in sales was also attributed to low-cost servers that could still be customized by low-cost manufacturers in Asia.
Also, Intel's x86 architecture continued to dominate the market in both typical servers and high-performance computing, putting
alternate architecture providers like Oracle, IBM and, to a lesser extent HP, in a very tough position.
So the question is, how should IBM keep its POWER chips alive and guarantee them a larger market in a changing world? Big Blue's answer
to this weird situation was OpenPOWER, which seeks to do for its chip architecture what British company ARM's licensing model did for its
eponymous chips, causing them to become the fundamental technology to the vast majority of the world's phones and tablets.
IBM is seeking with OpenPOWER to do to 'hyperscale' servers what ARM did to phones, and in doing so create itself a huge stream of
low-margin revenue that it can rely upon in years to come.
And although no one has said it so far, a helpful side effect is that this may cut down Intel's large business in huge data
IBM's hope is that by licensing the innards of its POWER chips to companies like Google, Canonical, Nvidia, Tyan and Suzhou PowerCore Technology,
it may be able to create new markets for the chip beyond Big Blue's traditional mainframes and high-end enterprise systems.
The OpenPOWER Consortium is, in many ways, where the guerrilla development approach of open source meets the expensive, complex
world of chip hardware.
IBM and its partners are betting that the architecture is good enough to meet their expectations. Giving the enthusiastic mood
that existed throughout the press conference, it was only natural that Intel would point out some of the possible drawbacks of the
"The OpenPOWER Foundation may hope to someday create an open solution, but it also faces a complex multi-year effort to establish
an ecosystem around the design, manufacturing and software," an Intel spokesperson said.
"Most data centers today run on Intel and we are not slowing down. Businesses recognize the value and there is a
large and growing x86 ecosystem (established over many years) that isn't going away. Creating an ecosystem is not an easy feat and
could take several years and a significant investment of time and money in porting architectures," he added.
By comparison, Intel competitor ARM was much more upbeat about the whole matter. "Across the server market, even within non-volume
servers, users are ready to move beyond the 'one size fits all' approach for servers and OpenPOWER is further validation of this as
well as the ARM business model," an ARM spokesperson said.
"Server customers are demanding choice and differentiation which is why ARM and its partners are already well underway with our work
to move the volume server market beyond the limitations associated with a proprietary architecture."
With OpenPOWER's 26 partners ranging from equipment makers to rich potential customers like Google, the scheme has a chance of
working. Maybe ARM has a new potential partner in its plan to pull Intel's chips out of the biggest data centers? We shall see.
Get the most dependable SMTP server for your company. You will congratulate yourself!
Share on Twitter.
Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.