HPE OneView

HP Smart Update Tools (SUT) and Bitlocker: best practice?

Occasional Visitor

HP Smart Update Tools (SUT) and Bitlocker: best practice?

I am using HP OneView 2.0 and Smart Update Tools 1.0

How should Smart Update Tools (SUT) be configured on a Windows server with Bitlocker?
In the user guide of SUT nothing is written on Bitlocker.

When performing updates through the HP SUM GUI you get a warning when it detects a TPM, and the SUM User Guide clearly mentions what you should do if you have Bitlocker enabled.

In contrast, when you perform updates trough HP OneView with SUT you don’t get this TPM warning. I am aware of the fact that the OV admin is only responsible for assigning the SPP base line in the server profile, and that the OS admin is in control of how these updates should be deployed on the server by configuring the SUT.

But which SUT modes can be used without any impact when Bitlocker is enabled? The default mode is “Auto deploy mode” which automatically stages and installs the updates, but reboot is done manually. I suppose this mode is not recommended with Bitlocker because of the installation part.
So I would simply:
1) configure SUT in “Auto stage mode” which only automatically downloads the updates
2) suspend Bitlocker manually
3) initiate manually the installation of the updates via SUT + reboot (cmd: “hpsut /deployreboot”)
4) enable Bitlocker manually after reboot