Hardware Management Console Readme For use with Version 7 Release 7.8.0 Date: 25 Nov 2013 Contents The information in this Readme contains fix list and other package information about the Hardware Management Console. * Description <#descrip> * Upgrade notes <#upgrade> * Enhancements and new function <#enhance> * General fixes <#fixes> * Known issues <#known> * Web browser requirements <#browser> * Installation <#install> * National Language Support <#nls> PTF MH01377 HMC V7 R7.8.0 Recovery Media and Mandatory PTF This package represents the Recovery image that can be used to upgrade your HMC from HMC V6R1.3.0 or higher to HMC V7R7.8.0. This package can also be used to install a clean version of HMC V7R7.8.0. You can also reference this package by APAR MB03715. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Recovery_V7R780_1.iso HMC_Recovery_V7R780_2.iso 2274955264 885702656 27ad6da211e614cd77a58415c7d0f1ad62a485eb b61a1f5d78950406a9b35c1393180f2c1c8625f9 MB03715 MH01377 MH01388.iso Mandatory PTF 1402920960 f09c6aad75b6bc5e95872172aa5fd42994bc6484 MB03754 MH01388 APAR MB03754 / PTF MH01388 supersedes APAR MB03720 / PTF MH01378 APAR MB03754 / PTF MH01388 is required for use with the PowerVC product. Splash Panel information (or lshmc -V output) After installing the Recovery package Version: 7 Release: 7.8.0 Service Pack: 0 HMC Build level 20131102.1 ","base_version=V7R7.8.0.0 " After installing the Mandatory PTF Version: 7 Release: 7.8.0 Service Pack: 0 HMC Build level 20131123.1 MH01388: Required fix for HMC V7R7.8.0 (11-25-2013) ","base_version=V7R7.8.0.0 " Upgrade notes 1. IBM has identified an issue with certain HMC configuration where, after an upgrade to HMC 780, all GUI logon attempts fail. For further information on the problem, including how to prevent the issue prior to an upgrade and recovering from the issue after a failed upgrade, see: http://www-01.ibm.com/support/docview.wss?uid=nas8N1019887 2. Prior to upgrading, users with many partitions and partition profiles must verify that their current server configuration is compatible with HMC Version 7 Release 7.8.0. The HMC uses a storage area on each managed server to persist the server configuration. HMC V7R7.8.0 increases the usage of this storage area. Servers already containing a large number of profiles may not have sufficient space to allow an upgrade to HMC Version 7 Release 7.8.0. For further information and detailed instructions on validating existing configurations see: http://www.ibm.com/support/docview.wss?uid=nas8N1019821 3. Verify server firmware is compatible with HMC Version 7 Release 7.8.0 Prior to upgrading the HMC, determine if any managed server or flex node is at one of the following server firmware levels: * 01Ax770 levels 032 (GA) to 064 * 01Ax773 levels 033 to 051 * 01Ax780 levels 040 (GA) to 050 If any Power Server is at an impacted level then concurrently update the server firmware to the latest available fix before upgrading the HMC. For further information on this restriction see IBM Support document N1020088 at http://www.ibm.com/support/docview.wss?uid=nas8N1020088 4. When two HMCs manage the same server, both HMCs must be at the same version. Once the server is connected to the higher version of the management console, the partition configuration is migrated to the latest version. Lower management consoles will not be able to understand the data properly and may fail. Before upgrading an HMC, you must disconnect the redundant HMC from the managed systems. Once the first upgrade is complete, you can upgrade the disconnected HMC, then reconnect it to the managed systems when the HMCs are at the same level again. For further information and detailed upgrade instructions see: http://www-912.ibm.com/s_dir/SLKBase.nsf/DocNumber/690048653?OpenDocument 5.*Once the server is managed by N level of management console version, should you want to go back with N-1 management console version, then you must initialize the server. *You can restore a backup taken at the older level or recreate the partitions. If the server is not initialized, partition configuration corruption can occur when you use lower levels of management consoles and Incomplete or Recovery state may be displayed as a result. 6. A new port, *12443*, is opened in the HMC firewall when "remote access" is enabled. For remote web browser connectivity to HMC V7R7.8.0 this port must also be opened in any firewall that is between a remote client and the HMC. * HMC Version 7.7.8 requires model CR3 or later model rack-mount HMC or C05 or later deskside HMC. Models CR2, C03, and C04 are not supported. o Model C05 is not supported when the HMC is managed by IBM Systems Director. * HMC Version 7.7.8 requires a minimum of 1Gig of memory; 4Gig is recommended. * Additional memory requirements include: o 2Gig minimum when using the Power Enterprise Pools GUI o 3Gig minimum when using IBM Systems Director to manage an HMC or if the HMC manages more than 254 partitions. * HMC Version 7 will be the last version to support HMCs with 1 GB of RAM. * The "enabled routed" feature (RIP protocol) will be removed in a future version of the HMC. * HMC Version 7.7.8 supports managing a maximum of 48 servers (non Power 590/595 models) or 32 IBM Power 590/595 servers with a maximum of 1024 partitions across the managed servers. * The following HMC System plan functions are not implemented for POWER7 servers: o Create system plan (mksysplan) capture of VIOS provisioning info (storage pools, etherchannels, shared ethernet adapters) o Deploy system plan Auto-install of VIOS, AIX and Linux partitions. o Auto-provisioning of storage pools, shared ethernet adapters and etherchannels by system plan deployment. o Power blades are not support for any system plan operation. * Upgrading from HMC V6R1.3 requires the installing of PTF MH01127 (APAR MB02828). * Upgrading from HMC V7R3.1.0 requires PTF MH01135 (APAR MB02661). * The DHCP range choices of 9.6.24.x and 9.6.25.x are no longer available as DHCP server range selections in the HMC GUI for V7. The POWER 595 FHA/FHB system internal network utilizes this range. If a V6 HMC is upgraded to V7 and a POWER 595/FHA system addition is planned, change the range to an alternate available selection prior to introducing the system to the HMC. For all other system environments the range can still be used but is not visible in the GUI. * Certificates and keyring files generated by the System Manager Security application (on HMC Version 6) will not be migrated to HMC Version 7. Applications such as remote 5250, which import the public key ring file to establish a secure connection with HMC, will need to import a new public key. For further information on how to setup remote 5250 using SSL, see support document located on the System i Technical Support website at the URL: http://www.ibm.com/support/docview.wss?uid=nas8N1018887 Back to top <#ibm-content> Enhancements and new function This package provides the following enhancements and fixes: * Added support for Capacity on Demand (CoD) Power Enterprise Pools. A Power enterprise pool is a group of servers that can share Mobile Capacity on Demand (CoD) processor resources and memory resources. * Added support for a new dump type; Performance Dumps. * Enhanced Dynamic Platform Optimization: o Added support to query affinity scores for partitions in a managed system. An affinity score is a measure of how good the processor-memory affinity is for a partition. This function is only available through the HMC command line interface (*lsmemopt* command). o Add support to scheduled operations for DPO validation. * Added support for group based LDAP authentication. LDAP users and HMCs can be assigned to hmcgroup(s) to further control log in. Once being assigned to a certain group(s), LDAP users are permitted to log in HMC(s) of the same group(s). Conversely, if a HMC is assigned to a certain group(s), it would allow users of the same group to log in. * Added support for "current configuration" profiles. * DVD_RAM is no longer supported for backup and restore of console data. * HMC will query the managed servers for deconfigured resources and open new serviceable events as a reminder that a previous problem has not been repaired. During repair operations, the HMC will check for other previously garded hardware and, if found, remind the operator of pending repair actions. * Added support to disable a virtual ethernet adapter. System administrators are able to disable/enable the individual Virtual Ethernet Adapter (VEA) from the management console. With this ability a particular partition can be cut off from the network when disabled and can be enabled to connect it back to the network when using virtual ethernet bridged via SEA in VIOS. The current status of the VEA can also be queried at any point of time. The operations enable/disable and query will be exposed as command lines in the Management Console and no Graphical User Interface is available in the current release. * Support single command to migrate all the AIX, Linux and IBM i partitions from one server to another server. o Command to start migration of all AIX, Linux and IBM i partitions: *migrlpar -o m -m -t --all* o Command to stop migration of all AIX, Linux and IBM i partitions: *migrlpar -o s -m --all* * Enhancements to partition configuration management. There are two components to this enhancement, both are CLI only: o When in recovery state, users can re-generate the current configuration from the hypervisor runtime configuration o An XML conversion tool - This tool lets a user to convert the save area backup file to readable XML file, which can be used by end user to have an offline look at the configuration of the system. * The default setting for a new install of HMC V7R7.8.0 disables weak and anonymous ciphers (legacyhmccomm is disabled). This setting prevents communication to all HMCs at V7R7.6.0 (7.7.6) and earlier. HMC functions disabled to older HMCs includes HMC data replication and discovery (and use) of call home servers. * Added new verifications and new checks for SaveArea data integrity checks based on file sizes for verifying V7R7.8.0.0 support. * Added support for query to FSP if post-install accept is required. * Added a new feature/function to force a refresh of the operating system level information on the HMC once AIX is upgraded on the partitions : o The command syntax is: *lssyscfg -r lpar -m --osrefresh* --osrefresh When listing partitions, specify this option to refresh the cur- rent operating system version information for the partitions first. If a partition does not have an active RMC connection to the management console, Unknown will be displayed for that par- tition's operating system version information. Specifying this option may cause this command to take a long time to complete if many partitions are being listed or there are network issues. Back to top <#ibm-content> General fixes This package provides the following fixes: * Fixed an issue with LPM failure resulting in RC=1021 during migmover command with error message "Unknown partition for the class action. This is because of invalid lpar ID or the MC does not have RMC connection to the lpar due to network setup". * Fixed an issue with cross-HMC partition migration failing with message HSCL9001 The operation has failed on the managed system when multiple virtual scsi and fc adapters are configured some as redundant and others as non-redundant. * Fixed multiple issues with POWER5 servers when creating virtual ethernet adapters with default vswitch in some configurations during lpar create wizard, profile properties and dynamic partitioning. * Fixed an issue with creating a virtual ethernet adapter that resulted in a Task Error: An internal error has occurred and message ACT01503. * Fixed a timing issue when consecutive reboots are performed on the HMC that may leave the HMC hung on shutdown requiring a local power off and on of the server. * Fixed issue during concurrent migration of 16 lpars, one of the lpars could fail with error codes HSCL003D and HSCLA2CF. * Fixed a rare issue with multiple local lpar migrations that could fail with an empty error message. * Fixed a problem where viewing serviceable event E32F0200 causes an abend and a new serviceable event. * Fixed a problem with the chsyscfg command where a value specified with the "min_mem-=" operator was added to the existing min_mem value instead of subtracted. * Enhanced dump handling to prevent loss of large dumps when dump size is greater than 40% of the size of /extra. * Fixed a problem with '-v' verbose option on updlic.command. * Fixed an issue with Create Storage pool panel where size of Physical volume did not specify the unit. * Fixed an issue where displaying virtual adapters on the partition properties or dynamic lpar panels may intermittently be very slow on vswitch capable cecs. * Fixed a problem where performing group lpar migration using CLI with the destination MSP selected but the source MSP is not specified results in error "HSCL8016 An unknown error occurred." * Fixed an issue where NTP may fail to update the time during boot if the time is too far off. * Fixed a rare issue where attempting to view partition properties fails with HSCL07E1. * Fixed an issue where after upgrade, users may have duplicate UIDs causing issues with security compliance checks. * Fixed an issue where dlpar remove of a virtual fibre channel adapter in VIOS was successful even though the adapter has an active mapping. If the adapter is mapped the HMC will now return an error. * Fixed an issue where some panels do not display correctly in Japanese locale. * Fixed an intermittent issue where numlock does not working correctly. * Fixed a problem where the command "lshmc -r kerberos_keyfile_present" is returning null when kerberos is configured and keyfile is present. * Fixed an issue where chhmc fails to change the graphics driver. * Fixed an issue when an NTP server is added from the CLI using `chhmc -c xntp -s add -a `, the ntp.name firewall ports are opened for all interfaces. This does not happen if -h is used instead of -a or if the NTP server is added via the GUI by name or IP. * Fixed an issue where using the command mkauthkeys to add an ssh key up to 4096 in length completes without error but authorized_keys2 is zero length and the timestamp has not been updated. * Updated the description of the QoS field to clarify that QoS is "Maximum QoS". * saveupgdata -r diskusb fails if there are no partitions on the USB flash drive, and the SaveHSCSystemUpgradeData.tar file is copied to / instead of USB mount point. * Fixed a problem where the chhmc command does not support add/remove of NTP versions 3 and 4; the option was ignored. * Fixed a problem where certain errors occurring on a dlpar add of a virtual adapter using the chhwres command may not be reported; the command incorrectly returns success. Repair and Verify fixes for POWER 750, 755, 770, and 780 servers (POWER7-based technology) * Fixed an issue with serviceable events that call out more than one FRU where, if after exchanging the first FRU the problem is not fixed, the user is not prompted to go to the next FRU. * Fixed an issue with repair procedure for SRC 14022082 on models 9119-FHx. * Updated FSP Cable Install/Remove instructions for better clarity in the case of a single-node system for 9117 models. Security * Disabled Medium Strength Ciphers for Pegasus server (port 5989). * Fixed an issue with port 2301 failing security scan due to a possible vulnerability to a "CRIME attack": SSL / TLS compression is enabled; TLS advertises the SPDY protocol earlier than version 4. * Qualys scan reports the CVE-2010-5107 vulnerability exists in the V7R780 level due to the HMC level using the openssh 6.1 version of code even though the 6.1 version of openssh has been updated to include the fix for CVE-2010-5107. Command line changes * The following commands have been added to support Capacity on Demand (CoD) Power Enterprise Pools: o *chcodpool* - performs CoD Power enterprise pool operations. o *lscodpool* - lists CoD Power enterprise pool information. o *mkcodpool* - creates a CoD Power enterprise pool. * The mkprofdata command has been added to allow a user to recreate profile data for a managed system based on the current configuration of the managed system. Note that this operation will overwrite the current profile data for the managed system and should only be performed if the profile data for the managed system is corrupted. * A new option (--*lastvalidcfg*) has been added to the *lssyscfg* command to include the last valid configuration partition profiles, which are new in 7.8, when displaying partition profiles. * A new option (--*osrefresh*) has been added to the *lssyscfg* command to refresh the current operating system version information for partitions before displaying partition information. * The following commands have been enhanced to support synchronization of a partition's current configuration with its current active profile: *chsyscfg*, *lssyscfg*, and *mksyscfg*. * The *chhwres* and *lshwres* commands have been enhanced to configure and display virtual networks. * The *chhwres* command has been enhanced to disable virtual Ethernet adapters, and the *lshwres* command has been enhanced to display the current setting. * The *lshwres* command has been enhanced to display the next virtual slot number that is available to assign to a new virtual I/O adapter for a partition. * The *lsmemopt* command has been enhanced to display partition affinity scores. * A new option (--*all*) has been added to the *migrlpar* command to allow the user to migrate all AIX, Linux, and IBM i partitions with a single command. * A new option (--*nodetails*) has been added to the *migrlpar* command to suppress the display of detail messages. * A new option (--*vsi*) has been added to the *chlparstate* command to allow the user to specify whether a partition's virtual Ethernet adapter Virtual Station Interface (VSI) profiles are required to be configured when resuming the partition. * The *chhmcldap* and *lshmcldap* commands have been enhanced to configure and display LDAP user groups allowed to log into the HMC. * A new option (-*i*) has been added to the *bkconsdata* command to include performance monitoring data (new in 7.8) in the backup data. * DVD support has been removed from the *bkconsdata* command. * The *chhmc* command has been enhanced to support NTP versions 3 and 4. Back to top <#ibm-content> Known issues This package has the following known issues: * Creating a new virtual adapter may result in a missing association to the expected trunk adapter and in the load group missing from the network bridge. * After an upgrade, security settings are set to their default. * You cannot use the GUI to view the history log for a Power enterprise pool. You can view the history log for a Power enterprise pool by running one of the following HMC commands: *lscodpool -t hist -p* or *lscodpool -t hist --id* * You cannot use the GUI to set a new master HMC for a Power enterprise pool when initiating the operation on the new master HMC. You can perform this operation by running one of the following HMC commands (the configuration file for the Power enterprise pool must be specified if the new master HMC is not configured as the backup master HMC for the pool or if the new master HMC does not have valid backup data for the pool): *chcodpool -o setmaster --mc this -p* *-v* [*-f* //] or *chcodpool -o setmaster --mc this --id* *-v* [*-f* //] * HMC users with a custom managed resource role cannot use the Power Enterprise Pools GUI. To use the Power Enterprise Pools GUI, an HMC user must have access to all system resources. * You cannot use the GUI to add Mobile CoD resources to, or remove Mobile CoD resources from, a server that has a state of No Connection, Pending Authentication, or Failed Authentication. You can use the HMC chcodpool command to perform the operation. * After upgrading to HMC Version 7 Release 780, users must use Recovery Media (and not getupgfiles) to re-install and go back to previous version (*e.g *HMC Version 7 Release 770 and older) * When logging into the local HMC console, two warning pop-up windows will be displayed in succession with the title "This Connection is Untrusted." o Select, "I Understand the Risks" o Next, select, "Add Exception". This will be required after every HMC reboot." Back to top <#ibm-content> Web browser requirements The following browsers have been tested. Microsoft Internet Explorer * Internet Explorer 8.0 and 9.0 are supported. * Internet Explorer 10.0 and later are not supported; however all known issues are resolved by running Internet Explorer in compatibility mode. Firefox * Firefox 3, 3.5.19 and 3.6.4 are no longer supported. * Firefox 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 and 24 are supported. Installation Installation instructions for HMC Version 7 upgrades, updates and corrective service can be found at these locations: Installation methods for HMC Version 7 updates and fixes Upgrading or restoring HMC Version 7 Instructions and images for upgrading via a remote network install can be found here (for all HMC releases): HMC network installation images Back to top <#ibm-content> /National Language Support (Supported languages)/ Languages Locales English en_US, en_US.UTF-8, en_AU, en_AU.UTF-8, en_BE, en_BE.UTF-8, en_BE@preeuro, en_CA, en_CA.UTF-8, en_GB, en_GB.UTF-8, en_GB@euro, en_HK, en_HK.UTF-8, en_IE, en_IE.UTF-8, en_IE@preeuro, en_IN, en_IN.UTF-8, en_NZ, en_NZ.UTF-8, en_PH, en_PH.UTF-8, en_PK, en_SG, en_SG.UTF-8, en_ZA, en_ZA.UTF-8 Catalan ca_ES, ca_ES.UTF-8, ca_ES@preeuro German de_DE, de_DE.UTF-8, de_DE@preeuro, de_CH, de_CH.UTF-8, de_AT, de_AT.UTF-8, de_AT@preeuro, de_LU, de_LU.UTF-8, de_LU@preeuro French r_FR.UTF-8,fr_FR, fr_CH,fr_CH.UTF-8, fr_CA,fr_CA.UTF-8, fr_BE, fr_BE.UTF-8,fr_BE@preeuro, fr_LU, fr_LU.UTF-8,fr_LU@preeuro Italian it_IT, it_IT.UTF-8,it_IT@preeuro, it_CH, it_CH.UTF-8 Spanish es_ES,es_ES.UTF-8, es_ES@preeuro, es_AR,es_AR.UTF-8, es_BO, es_BO.UTF-8,es_CL, es_CL.UTF-8,es_CO, es_CO.UTF-8,es_CR, es_CR.UTF-8,es_DO, es_DO.UTF-8,es_EC,es_EC.UTF-8,es_SV, es_SV.UTF-8,es_GT, es_GT.UTF-8,es_HN, es_HN.UTF-8,es_MX, es_MX.UTF-8,es_NI,es_NI.UTF-8, es_PA, es_PA.UTF-8,es_PY,es_PY.UTF-8,es_PE, es_PE.UTF-8,es_PR, es_PR.UTF-8,es_US, es_US.UTF-8,es_UY,es_UY.UTF-8,es_VE,es_VE.UTF-8 Brazilian Portuguese pt_BR,pt_BR.UTF-8 Portugal Portuguese pt_PT, pt_PT.UTF-8,pt_PT@preeuro Polish pt_PL.UTF-8,pl_PL, pl_PL@euro,pl_PL@preeuro Japanese ja_JP.UTF-8 Simplified Chinese zh_CN.UTF-8,zh_CN, zh_SG, zh_SG.UTF-8 Traditional Chinese zh_TW, zh_TW.UTF-8,zh_HK, zh_HK.UTF-8 Korean ko_KR.UTF-8 Hungarian hu_HU.UTF-8,hu_HU, hu_HU@euro,hu_HU@preeuro Dutch nl_NL, nl_NL.UTF-8,nl_NL@preeuro, nl_BE,nl_BE.UTF-8, nl_BE@preeuro Russian ru_RU,ru_RU.UTF-8 Czech cs_CZ.UTF-8,cs_CZ, cs_CZ@euro,cs_CZ@preeuro Slovakian sk_SK.UTF-8,sk_SK, sk_SK@euro,sk_SK@preeuro Back to top <#ibm-content>