Hello all,
The latest SSMC update v3.8.2.1 is now available for download.
This version includes important security fixes and adheres to NIST SP 800-53 guidelines. It addresses the log4j vulnerability (CVE-2021-44228) as well.
https://myenterpriselicense.hpe.com/cwp-ui/free-software/SSMC_CONSOLE
Regards,
Srinivas Bhat
If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.
I am an HPE Employee
Hello @aireynol,
I don't have any updates yet. Are you finding it vulnerable to log4j in your tests?
Regards,
Srinivas Bhat
If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.
I am an HPE Employee
The *.star file is in the iso-file.
If you are on 3.7.x, then you will need to.
0. Create a snapshot on your ESX/vmware/hyperV environment as a backup.
1. download the 3.8.0 iso-file
2. mount the 3.8.0 iso-file on the PC.
3. There you will find the 3.8.0*.star file that you can pick up for the upgrade.
4. download the 3.8.2.1 iso-file
5. mount the 3.8.2.1 iso-file
6. pickup the 3.8.2.1.* star file and do the upgrade.
You may also directly go to 3.8.2.1. But I have not tested this.
Hope that helps.
A general comment about SSMC upgrade from older versions. Version 3.4.x and 3.5.x (not the windows 3.3.1 version !!)
First: You can find the version of your SSMC appliance in the right-bottom corner of the SSMC-appliance page.
If your current version is 3.6.x or above, then you can stop reading this post.
If your current version is 3.4.x or 3.5.x then you won´t be able to directly upgrade to version 3.8.2.1.
You either need to first upgrade to version 3.6, or you need to do a new installation of SSMC 3.8.
I would recommend that you do a new installation of SSMC 3.8.0 followed by an upgrade to SSMC 3.8.2.1. A new installation usually does not last more than 30 minutes. Also note that it is possible to run 2 SSMC-instances in parallel, So you can let the old-version running, while the new one is setup. That way you can test the new version. The old instance should then be disconnected as any additional instance adds load the connected arrays.
The upgrade limitation is also documented in the administration guide:
While upgrading from version 3.4.0.x, SSMC does not display any minimum version error message but generally
fails. Hewlett Packard Enterprise recommends you to upgrade to 3.6.0.0 version before upgrading to later
versions. To upgrade to HPE SSMC 3.8.0.0, you must have a minimum version of HPE SSMC 3.6.0.0.
If you have a complex setup (many arrays and many self-created reports) and you prefer to upgrade to SSMC 3.8.2.1 via the interim version of 3.6, then you should open a support case, as the 3.6 version is not available on the HPE-download center.
For those who decide to do this, or who have an 3.6.x version available i also want to emphasize on an important change that came with SSMC 3.6, also mentioned in the administration guide:
Unified Login credentials for Administrative Access from SSMC 3.6 onwards
From HPE SSMC 3.6 release onwards, the web administrator account is merged with the appliance administrator
account. As a result, there is a single locally defined unified application administrator account for all SSMC.
If you are upgrading from a version prior to HPE SSMC 3.6 release, then the web administrator credentials, if
defined already, expires and you have to use ssmcadmin (same password that you use for appliance access)
to log in to the web GUI as well.
The single local account ( ssmcadmin ) remains as the only emergency account for all SSMC
Why this is important:
We had a couple of customers who could not remember the ssmcadmin password. They never, or only once have logged in to the SSMC-TUI and then forgot the password, as with SSMC 3.4.x and SSMc 3.5.x the Web-based-administrator login, the one you use when adding an array, or when upgrading SSMC is a different user, and the TUI access once the SSMC is completly setup, is never used.
So what happened was this:
1. customer logged in via the GUI-admin user and started the upgrade to SSMC 3.6
2. SSMC 3.6 during the upgrade removes the GUI-admin account and merges it with the TUI-ssmcadmin acount.
3. Since the customer forgot about the TUI-ssmcadmin password, they were not able to upgrade further or to add any array. Resetting the password at that point is NOT possible as you need the TUI-ssmcadmin credentials to do this.
HPE-support is also not able to reset the password because there is no root-access on the appliance.
To prevent this from happening you should do this:
Prior to the upgrade from version 3.4.x or 3.5.x to the interim version 3.6.x: Check if you can ssh-login as the "ssmcadmin" user to the TUI . Keep the password in mind as you will need it to do the further updates via the ssmcadmin user.
(One addtional note: Starting with SSMC 3.6, the appliance allows the configuration of a password-recovery via email)
I hope that this was not too confusing.
As i wrote, instead of an upgrade from 3.4.x or 3.5.x, you can do a new installation of 3.8.0 plus an upgrade to 3.8.2.1.
