HPE OneView

I can't install enclosure to OneView

 
SOLVED
Go to solution
joe_mama
Occasional Visitor

I can't install enclosure to OneView

Hello all,

I've been task with creating an a new OneView appliance ( I upgrade to firmware 7.00.00-0460837) hoping that I'd be able to add my c7000 enclosure to it.  

I applied a license to my new appliance,  unfortunately the guided setup doesn't offer me the option to add my enclosure.

How do I added my enclosure to Oneview?

Do I use powershell?

Thanks in advance.

-joe-

10 REPLIES 10
DanCernese
HPE Pro
Solution

Re: I can't install enclosure to OneView

In order to monitor or manage c7000, you must use HPE OneView 6.60 LTS.  Check the release notes, the compatibility matrix, and this explanation https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00117617en_us

They all cover the same topic.   "An HPE OneView long-term support (LTS) release extends support for select HPE hardware platforms."

 

I am an HPE Employee
Accept or Kudo
Stephan G
Regular Advisor

Re: I can't install enclosure to OneView

Thanks for your reply. Maybe i just missed the patch

We installed OneView 7 because of a security flaw in the software during our vulnerability check process. 

  1. There was no mention in the release notes that we cannot add enclosures anymore. Are they EOL? I found some information that EOS was around 2019. So +5 years is not over yet?
  2. Is there a fix for OneView 6.6 that patches this security flaw? And where can we download?
  3. Can we downgrade?

We (and hopefully no other company in the world) cannot run any software with an open security issue in our network. 

BR 

Stephan

DanCernese
HPE Pro

Re: I can't install enclosure to OneView

Release Notes:  https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=sd00001371en_us

Removed support for HPE OneView 6.6 long-term support (LTS) legacy hardware platforms

HPE OneView 7.0 removes support for the following HPE LTS legacy platforms:
  • HPE BladeSystem c-Class

    • Enclosures

    • HPE ProLiant G7, Gen8, Gen9, and Gen10 server blades

    • Interconnects

    • Onboard Administrators

    • Power supplies and fans

I am an HPE Employee
Accept or Kudo
DanCernese
HPE Pro

Re: I can't install enclosure to OneView

RE: Is there a fix for OneView 6.6 that patches this security flaw? And where can we download?

  • HPE plans to release critical security fixes to OneView 6.6 LTS.

RE: Can we downgrade?

  • HPE OneView does not provide the ability to downgrade.  You must install a fresh appliance and restore a valid backup for that version.
I am an HPE Employee
Accept or Kudo
Mark-S
HPE Pro

Re: I can't install enclosure to OneView

Hi Stephan,

Is the question on these 3 identified in the 7.0 Release Notes? And if these will be fixed in 6.60 LTS patch?

Resolved security vulnerability issues related to the following Common Vulnerabilities and Exposures (CVE) IDs:

  • CVE-2022-23706—Remote Cross-Site Scripting (XSS).

  • CVE-2022-28616—Remote Cross-Site Request Forgery (CSRF).

  • CVE-2022-28617—Remote Bypass Security Restrictions.


I am an HPE Employee

Accept or Kudo

Stephan G
Regular Advisor

Re: I can't install enclosure to OneView

Ok. OneView 7 came out... End of May. We installed on May 20.

Resolved security vulnerability issues related to the following Common Vulnerabilities and Exposures (CVE) IDs:

  • CVE-2022-23706—Remote Cross-Site Scripting (XSS).

  • CVE-2022-28616—Remote Cross-Site Request Forgery (CSRF).

  • CVE-2022-28617—Remote Bypass Security Restrictions.

The one in the middle has a CVE of 9.8 NVD - CVE-2022-28616 (nist.gov)

If that is not critical. What is?

So there is a known security flaw in a supported software and instead to fix it in a LTS, a fix is deployed in a new version that removes a NOT EOL product from the supported list?! 

Way to treat your customers.

DanCernese
HPE Pro

Re: I can't install enclosure to OneView

HPE does not publish future release plans.

c7000 is being supported by the HPE OneView 6.6 LTS release path.  

 

I am an HPE Employee
Accept or Kudo
Mark-S
HPE Pro

Re: I can't install enclosure to OneView

Hi Stephan,

The current OV 6.6 (LTS) was released in March 2022, prior to the identifcation.
Our OV 7.0 released in May 2022 and was able to include these security patches unrelated to the removal of the unsupported hardware.

What Dan tried to explain in a previous post is that HPE takes any security issues very seriuosly and that HPE plans to release critical security fixes to OneView 6.6 LTS. This is part of extending support for select HPE hardware platforms including the c7000 Enclosures.

ProductCycle.JPG

Any patches to LTS 6.6 release would be considered future plans and as Dan noted HPE does not publish future release plans. 

Regards-

Mark

 


I am an HPE Employee

Accept or Kudo

Stephan G
Regular Advisor

Re: I can't install enclosure to OneView

Hi Mark,

i understand that. But do you also understand my point? We are using OneView for monitoring - so at this moment our only solution is: Not to monitor the enclosure because we needed to install OneView 7 to be compliant with our vulnerability policy

Then wait for 6.6 LTS patch to arrive and set up a new installation with this. Until next time another security problem comes up. Then we shutdown the OneView 6.6 and use the OneView 7.1

What is the solution at all? Not to use OneView anymore and use PRTG or stuff like that because this is not a good enterprise process.