topic Re: SimpliVity VCSA security patching considerations in HPE SimpliVity

SimpliVity VCSA security patching considerations

jlangmead — Mon, 20 Nov 2023 03:47:23 GMT

I would please like to check I have the correct interpreation of what patching is supported for VCSA's within a SimpliVity environment.

I have 2 x 7.0 U2d VCSAs running in enhanced link mode and need to upgrade these to the very latest 7.x version. This is currently 7.0 u3o on the VMware download portal.

My understanding is this is acceptable for me to do as SimpliVity is supported on 7.0U3n [as detailed in the latest interoperability guide] for my current simpliVity version and firmware level, plus I have the 'option' to apply unlisted patches [eg 7.0 U3o] so long as I don't update to an unlisted mayor or minor VCSA version. There is a clause that states I need to accept this latest patch hasn't yet been qualified by HPE

I'm referring the statement on page 43 of the InterOperability guide

So I'm just asking for confirmation that I have interpreted this statement correctly for my environment and that have vCenter in Enhagnced link mode doesn't impact my ability to update.

many thanks

Re: SimpliVity VCSA security patching considerations

l_lang — Fri, 17 Nov 2023 13:00:31 GMT

Hi,

this is also my understanding. We are running 4.2 on 7 U3o without any problems.

Re: SimpliVity VCSA security patching considerations

jlangmead — Fri, 17 Nov 2023 13:19:02 GMT

That's great thanks -

I appreciate you sharing your experiences.

Re: SimpliVity VCSA security patching considerations

NeetSat — Fri, 17 Nov 2023 16:25:36 GMT

Hello,

Good day.
You should be good to proceed with the vCSA patch as long as per what we have in the Interop guide mentioned.
There should be no issues with that and also please make sure that you follow the best practices of what VMware follows before performing any upgrades on the vCSA.
Also one last thing, please make sure that the OVC version is on 4.2 or atleast on supported versions before you proceed with the above upgrades.

Regards,
Neet

Re: SimpliVity VCSA security patching considerations

jlangmead — Mon, 20 Nov 2023 03:55:53 GMT

@NeetSat HI Neet

Thanks for the confirmation - the OVC version is currently 4.1.1 U1 which is showing as compatible within the Interoperability Guide.

There is a plan to upgrade to VMware 8.x (once this is supported by SimpliVity) so we want to refrain on any updates to the OVCs until that time.

kind regards

Re: SimpliVity VCSA security patching considerations

jlangmead — Tue, 21 Nov 2023 08:19:27 GMT

@NeetSat

Please can you ellaborate on the recommendation to go to OVC 4.2? How strong a recommendation is that?

We're on 4.1.1 U1 currently with no plans to update the OVC version prior to adding this patch as it is still shoing with a 'C' entry in the Interoperability Guide - but as you hjave gone to the trouble of suggesting an update to 4.2 I didn't want to ignore that recommnendation with first asking the reason behind this. Are we safe to remain on 4.1.1U1 as per the guide?

kind regards

Re: SimpliVity VCSA security patching considerations

Kipp_Glover — Mon, 27 Nov 2023 03:17:48 GMT

There is a new Customer Notice for this issue:

Notice: HPE SimpliVity - VMware vCenter Server Appliance 7.0 U3o Now Supported on Active OmniStack Releases

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00135862en_us

/Kipp

Re: SimpliVity VCSA security patching considerations

jlangmead — Mon, 27 Nov 2023 11:30:50 GMT

Thanks Kipp

Do you know what the published status will be for SimpliVity 4.1.1U1?

Will it be "C = Compatible Version but not explicitly verified" or are HPE saying customer must update to 4.1.2 or higher to protect themselves against this vulnerability?

thanks

Re: SimpliVity VCSA security patching considerations

Kipp_Glover — Mon, 27 Nov 2023 19:35:40 GMT

There will be an updated Interop Guide posted at the end of this week. It will show the OmniStack version 4.1.1U1 as

C = Compatible Version but not explicitly verified

with VCSA 7.0 U3o