Hardware Management Console Readme For use with Version 8 Release 8.2.0 Date: 14 November 2014 Contents These special instructions contain the following information specific to HMC V8 R8.2.0 code level. * Description <#descrip> * Upgrade notes <#upgrade> * Enhancements and new function <#enhance> * General fixes <#fixes> * Known issues in HMC <#known> * Web browser requirements <#browser> * Installation <#install> * National Language Support <#nls> PTF MH01453 HMC V8 R8.2.0 Recovery Media and Mandatory PTF MH01454 This package represents the Recovery image that can be used to upgrade your HMC from HMC V7 R7.9.0 or higher to HMC V8R8.2.0. This package can also be used to install a clean version of HMC V8R8.2.0. You can also reference this package by APAR MB03835 and MH01453. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Recovery_V8R820_1.iso 3307886592 9262ad42fbdc8c3647e786d4d2ba128682b68894 MB03835 MH01453 MH01454.iso Mandatory PTF 1511927808 fc9500d704c6c1b653509cd52e292bffa8de73b0 MB03836 MH01454 Splash Panel information (or lshmc -V output) After installing the Recovery package "version= Version: 8 Release: 8.2.0 Service Pack: 0 HMC Build level 20141006.3 HMC Driver FRZ2_1441A (1007) Rev 1.0 ","base_version=V8R8.2.0 " After installing the Mandatory PTF "version= Version: 8 Release: 8.2.0 Service Pack: 0 HMC Build level 20141104.1 MH01454: Required fix for HMC V8R8.2.0 (11-05-2014) ","base_version=V8R8.2.0 " Upgrade notes * The following Power8 systems are supported by this level of HMC V8 R8.2.0: o IBM Power System S812L (8247-21L) o IBM Power System S822L (8247-22L) o IBM Power System S822 (8284-22A) o IBM Power System S814 (8286-41A) o IBM Power System S824 (8286-42A) o IBM Power System E870 Server (9119-MME) o IBM Power System E880 Server (9119-MHE) * HMC V8 R8.2.0 continues to provide support for Power6 and Power7 based systems. * POWER5 servers are not supported with HMC V8.820.0. Attempts to manage POWER5 servers will result in a connection state of Version Mismatch and connection_error_code *"Connection not allowed 0009-0008-00000000"*. * HMC V8 R8.2.0 supports the following HMC models: o Deskside: C08 o Rack Mount: CR5, CR6, CR7, and CR8 * HMC V8 R8.2.0 does _not_ support models CR2, CR3, CR4 and C03, C04, C05, C06, C07. * HMC V8 R8.2.0 requires 2GB memory; 4GB memory is recommended. If you run with *over 300 partitions*, it is recommended to have 8GB memory. * The HMC must be version V7 R7.9.0 or later to be upgraded to HMC V8 R8.2.0. This requirement is enforced at install. * When two HMCs manage the same server, both HMCs must be at the same version. * If a server is connected to two different versions of the HMC, the higher version HMC will upgrade the partition configuration (profile data of the system) to the latest version. After the partition configuration upgrade, lower levels of the HMC will not be able to interpret the data correctly. After the server is managed by the higher version of the HMC, you must first initialize the server before you can go back to the lower version of the HMC. You can restore a backup that is taken at the older level or re-create the partitions. If the server is not initialized, one of the following outcomes can occur depending on the version of the lower-level HMC: o HMC Version 7 Release 7.8.0 and later reports a connection error of Version mismatch with reference code Save Area Version Mismatch. o HMC Version 7 Release 7.7.0 and earlier might report a server state of Incomplete or Recovery. In addition, partition configuration corruption may occur. * It is recommended to have all connected VIOS servers on one of the latest levels i.e. VIOS level 2.2.3, 2.2.2 or 2.2.1. To have optimal performance from enhanced functions like Manage PowerVM, Manage VIOS, Template, Tech Preview, etc. make sure all VIOS are at 2.2.3.3 level or later. * It is recommended to have all running partitions (AIX Linux and VIOS) having RSCT levels 3.2.0.0/3.2.0.1 to be on the latest RSCT levels i.e. 3.2.0.3 or later. * HMC Version 8.2.0 supports managing a maximum of 48 servers (non Power 595/795 models) or 32 IBM Power 595/795 servers with a maximum of 1024 partitions across the managed servers. * HMC Version 8 Release 8.2.0 is the last HMC release that will support Call Home Out Bound Connectivity via modem and Internet VPN. Future releases will support only "Internet" Electronic Customer Care (ECC). Back to top <#ibm-content> Enhancements and new function Technology Preview of new HMC GUI * V8R8.2.0 includes a "technology preview" of a new, redesigned HMC GUI planned for an upcoming release. The technology preview is accessed at HMC log in by selecting a new login option 'Enhanced + Tech Preview (Pre-GA)'. The user is presented with a completely redesigned console user interface that features enhanced navigation and search features, updated look-and-feel and interactions, embedded system and partition utilization, and integrated PowerVM enhancements. It also includes a new system network diagram that provides an end-to-end and physical-to-virtual view of the network environment. * The technology preview GUI is not intended for managing production workloads. * New GUI and REST API jobs for activation and network boot of Logical partitions. Network boot is a mechanism to enable installation of operating system on a Logical partition over the network. * Users can find additional help and submit feedback on the technology preview's features using the HMC developer works community at: https://www.ibm.com/developerworks/community/groups/community/powerhmc New function or enhancement: * Addition of Simplified Remote Restart; a high availability function which preserves partition's resource configuration and restarts the partition with most recent configuration on another system when there is a failure on the system. The function removes the requirement for a reserved storage device required for the existing remote restart function. In lieu of a Reserved Storage Device; HMC persists the partition state. The user can enable the Simplified RR at partition create or thereafter. * Added support for PCIe3 Expansion Drawer Cable Card (http://www-01.ibm.com/support/knowledgecenter/POWER8/p8eab/p8eab_87x_88x_supported_pci.htm?cp=POWER8 Feature code: EJ07) for Power8 9119-MME, 9119-MHE systems. The cable card slots are un-assignable to partitions. The cable card slots are blocked in partition creation, partition profile creation, partition activation and dynamic logical partitioning. * Introduced support for OS shutdown for IBMi LPARs wherein existing applications can do IBMi OSShutdown via CLI, UI or REST API. IBMi LPARs require an update to latest 7.2 PTF release to get the support. * Enhancements to call-home agent that enables reporting of critical hardware events to the HMC that are detected by IMM/IMM2. The type of hardware conditions include temperature threshold exceeded, voltage threshold exceeded, power failure, hard disk drive failure, redundant power supply failure, fan failure, CPU error, memory error, etc. When the call-home agent is configured and a critical hardware event is detected by the HMC then a call-home action of the serviceable event is done. * After enabling auto_collection_enabled configuration, Management Console may automatically collect First Failure Data Capture (FFDC) data when a partition mobility operation (LPM) fails. User may also use CLI command to manually collect LPM FFDC data when they need it, regardless the auto_collection_enabled has been configured or not. * NIST 800-131a requires using RSA 2048 based keys for secure communication. With HMC V8 R8.2.0, HMC enabled support for using these ciphers for communications to all supporting LPARs (AIX and Linux). It is recommended to do co-management of a server and associated LPARs when both HMCs are at the same level HMC V8 R8.2.0 (with RMC NIST support). * Login panel option updates: There are four login options: * Classic ==> The Classic interface provides access to all traditional functions of the HMC with the addition of a new Performance and Capacity Monitoring (PCM) tool. * Enhanced ==> The Enhanced interface provides everything that the Classic interface provides. In addition, the enhanced UI includes redesigned tasks and functions, such as Manage PowerVM, new virtualization tasks and functions such as Templates. * Enhanced + Technical Preview ==> In addition to the function of the enhanced UI, this interface adds an early preview of an entirely redesigned HMC management interface. This new interface that allows you to view and manage the resources on your systems more quickly and easily. This is English only version in this release. * Last Log In ==> This option opens the UI in the last Log In type. At installation, this option defaults to Classic mode. Back to top <#ibm-content> General fixes This package provides the following fixes: * Fixed an issue where the HMC showed a system in Incomplete state after performing a firmware upgrade from 740 to 790 * Fix for Timezone (Russia, Turks, Caicos Islands) * Fix for ethtool collection for pedbg * Fixed an issue where a system plan would fail with an exception to setBackingDeviceMapping for POWER 595 systems * Fixed an issue to prevent the report of SRC E212E161 * Fixed an issue with lpar activation after firmware upgrade resulting in error HSCL151E - Cannot have multicast mac address ethernet adapter. * Fixed an issue where the GUI splash panel did not display all fixes installed * HMC V8R8.2.0 is _not_ affected by *CVE-2014-6271* and *CVE-2014-3566*. Command line changes * The following commands have been enhanced to support PowerVM Simplified Partition Remote Restart (remote restart without using a reserved storage device): *chsyscfg*, *lssyscfg*, *mksyscfg*, *refdev*, *rrstartlpar*. * Enhanced the *lssyscfg *command adding a new attribute *remote_osshutdown_capable* for OS Shutdown capability for AIX, Linux and IBMi LPARs. No syntax change for c*hsysstate -o osshutdown* command * The *lsmigrdbg *and *migrdbg *commands have been added to provide additional debug tools for Live Partition Mobility. * The *chsysstate *command has been enhanced to allow IPv6 addresses to be used when performing the network install of an IBM i partition. * The *chsysstate *command has been enhanced to support operating system shutdowns for IBM i partitions, and the *lssyscfg *command has been enhanced to display whether or not a partition's operating system currently supports this function (*lssyscfg -r lpar -m -Fremote_osshutdown_capable*). * The HMC provides the ability to route syslog content to a remote client/computer. This release added ability to control (reduce) the syslog content through *chhmc *command. * Enable / disable Dynamic Power Saver (favors power) mode & Dynamic Power Saver (favors performance) mode using *chpwrmgmt *command and *lspwrmgmt *command to list power management settings. * Command *diagrmc *has been enhanced to identify more setup issues that could prevent RMC connection on the Management Console. * USB support has been added to the *cpdump *command. Back to top <#ibm-content> Known issues in HMC * After installing mandatory PTF MH01454 SRC E212E112 may be reported as a Serviceable Event against the IBM.ServiceRMd process. The SRC in this instance has no impact on the HMC and can be closed, no further action is necessary. * When a remote restart partition is configured with virtual fiber channel adapter(s), remote restart validation can be performed only if the partition is in the shutdown state. * In a scenario when simplified remote restart partitions are remote restarted on a remote system and if the source system goes into Recovery state due to some issue, as part of the recover operation to get the system back into Operating state, HMC sets the remote restart status of the partition to Profile Restored. In such cases, even though the partition(s) have been successfully remote restarted on another system, the cleanup operation on source system fails because the remote restart status is set to Profile Restored and user would have to manually delete the remote restarted partitions and cleanup the virtual IO mappings. * In NIST mode, * Local HMC GUI console will not be available, the admin should ensure remote connectivity is available via 'ssh' and remote browser prior to enabling NIST mode. * Firefox ESR version 24 is not supported. * Oracle JRE 7 does not have matching NIST cipher so client browser using Oracle JRE 7 will not be able to open virtual terminal applet. As a workaround, upgrade to Oracle JRE 8. * RMC code on partition does not support two HMC connections with mixed configuration i.e. one HMC running in NIST mode and other one in non-NIST mode. Both the HMCs must be in the same mode. * HMC uses RSA 2048 type keys to communicate with LPARs. When user remove HMC V8 R8.2.0 and connect an older level HMC (i.e HMC V8 R8.1.0 or before), it will drive NIST mode on the LPARs to be disabled. However the LPARs would continue to use RSA 2048 type keys so there would be connection establishment issue. To resolve this problem, the LPAR admin should run '/usr/sbin/rsct/bin/chsecmode -c none -m rsa512' command on all the corresponding LPARs (This command can't be run if LPAR is running any HA software like TSA, PowerHA). * In non-NIST mode, * Following ciphers are not supported although the available cipher list shows them. o TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA o SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA o SSL_RSA_FIPS_WITH_DES_CBC_SHA * HMC uses Secure Socket Layer (SSL) 3.0 for various server ports, as well as communication with managed servers. To mitigate the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, HMC 8.2 uses OpenSSL that implements the TLS Fallback Signaling Cipher Suite Value. Please see https://alpacapowered.wordpress.com/2014/10/20/ssl-poodle-attack-what-is-this-scsv-thingy/ for more info. All supported browsers should be updated with this fix as available to mitigate a POODLE attack. An upcoming HMC PTF will replace SSLv3 usage with TLSv1.0 in non-NIST mode as further mitigation. * The following PowerVM functionality is currently not supported on all Power 8 machine model types: * Suspend/Resume or hibernation of a LPAR Note this function is fully supported for all other Power systems assuming that the appropriate HMC, firmware and PowerVM levels. * To open remote *Virtual Terminal *task, * In non-NIST mode, enable Use SSL 2.0 compatible ClientHello format in Java Advanced Security Settings on the browser machine if you're accessing HMC using the fully qualified hostname. * In NIST mode, use the non-qualified hostname or IP address to access the HMC and do not enable Use SSL 2.0 compatible ClientHello format in Java Advanced Security Settings. * To ensure that the keyboard mapping is working properly for non-English keyboards, the codeset for the locale must be set to UTF-8. You can change the codeset by using the chhmc command. Example: Set the locale to French with UTF-8 codeset for use with French keyboard. *chhmc -c locale -s modify -l fr_FR.UTF-8* Set the locale to English with UTF-8 codeset for use with French keyboard. *chhmc -c locale -s modify -l en_US.UTF-8* * HMC V8 810.1 to V8 820.0 upgrade script replaces the default templates during the upgrade process. Any changes performed on the V8 810.1 default template will be over- written. * You cannot use the GUI to set a new master HMC for a Power enterprise pool when the new master HMC is not configured as the backup master HMC for the pool or if the new master HMC does not have valid backup data for the pool. You can perform this operation by running one of the following HMC commands: *chcodpool -o setmaster --mc this -p -v -f * or *chcodpool -o setmaster --mc this --id -v -f * * In Enhnaced UI, Manage VIOS -> Add Logical Host Ethernet Adapter page once user has performed add and remove of same HEA port, the HMC does not display the port again for addition. As workaround launch the Add Logical Host Ethernet Adapter page again. * DVD-RAM write support has been removed. No change in the read support. * Floppy diskette support has been removed. * Pressing F10 key on the HMC console when a virtual terminal window is open can hang the X server, causing keyboard or mouse input to be ignored. Ctrl-Alt-Backspace will restart the X server and allow it to receive input again. Back to top <#ibm-content> Web browser requirements Learn about the requirements your web browser must meet to monitor and control the HMC. HMC web browser support requires HTML 2.0, JavaScript 1.0, Java™ Virtual Machine (JVM), Java Runtime Environment (JRE) Version 7, and cookie support in browsers that will connect to the HMC. Contact your support personnel to assist you in determining if your browser is configured with a Java Virtual Machine. The web browser must use HTTP 1.1. If you are using a proxy server, HTTP 1.1 must be enabled for the proxy connections. Additionally, pop-ups must be enabled for all HMCs addressed in the browser if running with pop-ups disabled. The following browsers have been tested: *Google Chrome* HMC Version 8.2 supports Google Chrome Version 36. Microsoft Internet Explorer HMC Version 8.2 supports Internet Explorer 11.0. * If your browser is configured to use an Internet proxy, then local Internet addresses are included in the exception list. Consult your network administrator for more information. If you still need to use the proxy to get to the Hardware Management Console, enable *Use HTTP 1.1 through proxy connections* under the *Advanced *tab in your Internet Options window. * It is recommended to have: * Browser security setting in internet zone. If you are running security mode in "Local intranet" mode, make sure you do not have any setting to detect intranet network; disable Compatibility view. * Browser zoom setting to 100%. Mozilla Firefox HMC Version 8.2 supports Mozilla Firefox Version 24 and Mozilla Firefox Version 31 Extended Support Release (ESR). Ensure that the JavaScript options to raise or lower windows and to move or resize existing windows are enabled. To enable these options, click the *Content *tab in the browser's Options dialog, click *Advanced *next to the Enable JavaScript option, and then select the Raise or lower windows option and the Move or resize existing windows options. Use these options to easily switch between HMC tasks. For more information about the latest Mozilla Firefox ESR levels, see Security Advisories for Firefox ESR . If you get certificate error while connecting Firefox to HMC, then change the certificate verification library by toggling the preference "security.use_mozillapkix_verification" to false in the about:config of Firefox browser. Refer below recommendation from Firefox forum https://support.mozilla.org/en-US/questions/1012036 Other web browser considerations Session cookies need to be enabled in order for ASMI to work when connected to HMC remotely. The ASM proxy code saves session information and uses it. Internet Explorer 1. Click *Tools > Internet Options.* 2. Click the Privacy tab and select *Advanced*. 3. Determine whether *Always allow session cookies* is checked. 4. If not checked, select *Override automatic cookie handling* and *Always allow session cookies*. 5. For the First-party Cookies and Third-party Cookies, choose block, prompt, or accept. Prompt is preferred, in which case you are prompted every time a site tries to write cookies. Some sites need to be allowed to write cookies. Firefox 1. Click *Tools > Options*. 2. Click the *Cookies *Tab. 3. Select *Allow sites to set cookies.* If you want to allow only specific sites, select Exceptions, and add the HMC to allow access. Installation Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Back to top <#ibm-content> National Language Support (Supported languages) *Languages* *Locales* English en_US,en_AU,en_BE,en_BE@preeuro,en_CA,en_GB,en_GB@euro,en_HK,en_IE,en_IE@preeuro,en_IN,en_NZ,en_PH,en_PK,en_SG,en_ZA Catalan ca_ES, ca_ES@preeuro German de_DE, de_DE@preeuro, de_CH, de_AT, de_AT@preeuro, de_LU, de_LU@preeuro French fr_FR, fr_FR.UTF-8, fr_CH, fr_CA, fr_BE, fr_BE@preeuro, fr_LU, fr_LU@preeuro Italian it_IT, it_IT@preeuro, it_CH Spanish es_ES, es_ES@preeuro, es_AR, es_BO, es_CL, es_CO, es_CR, es_DO, es_EC,es_SV, es_GT, es_HN, es_MX, es_NI, es_PA, es_PY,es_PE, es_PR, es_US, es_UY,es_VE Brazilian Portuguese pt_BR Portugal Portuguese pt_PT, pt_PT@preeuro Polish pl_PL, pl_PL.UTF-8, pl_PL@euro,pl_PL@preeuro Japanese Ja_JP Simplified Chinese zh_CN, zh_SG Traditional Chinese zh_TW, zh_HK Korean ko_KR Hungarian hu_HU, hu_HU.UTF-8,hu_HU@euro,hu_HU@preeuro Dutch nl_NL, nl_NL@preeuro, nl_BE, nl_BE@preeuro Russian ru_RU Czech cs_CZ, cs_CZ.UTF-8,cs_CZ@euro,cs_CZ@preeuro Slovakian sk_SK, sk_SK.UTF-8,sk_SK@euro,sk_SK@preeuro Back to top <#ibm-content>