HP SUM requires that certain network ports are available for proper operation. If you lock down network ports, make sure that the ports listed in the network port tables are open so that HP SUM works correctly when connecting to remote node servers and hosts. If you are unable to unlock these network ports, you must run HP SUM locally and update network-based hosts, such as the OA, iLO, and VC modules, through their web interfaces.
|
|
|
![[NOTE: ]](images/note.png) |
NOTE: Use the |
|
|
Updates for most node types require network traffic in both directions between the server running HP SUM and the node. The server running HP SUM creates a local HTTP server, which is used to serve firmware binaries to the node and to communicate node status. The remote node issues HTTP requests and posts status updates to the server running HP SUM during the update process. If there is a routing problem or firewall blocking traffic back from the remote node to the system running HP SUM, firmware updates might be blocked, status updates blocked or delayed, or both.
HP SUM Windows network ports
| Ports | Description |
|---|---|
|
Port 22 |
Establishes a connection to a remote node via SSH to perform node inventory. |
|
Port 443 |
A secure data port used to transfer information. |
|
Ports 445 and 137/138/139 (Port 137 is used only if you are using NetBIOS naming service.) |
Connects to the remote ADMIN$ share on node servers. These are the standard ports Windows servers use to connect to the remote file shares. If you can connect remotely to a remote Windows file share on the node server, you have the correct ports open. |
|
Port 5989 |
This port is used for VMware WBEM discovery. Make sure this port is not blocked on the VMware ESXi or VMware vSphere host. |
|
Ports 63001–63002 |
Updates are passed to the node and retrieved through an internal web server that runs by default on port 63001 for localhost http traffic and port 63002 for local and remote secure https traffic. This allows iLO and VC firmware updates without having to access the host server. It also allows the servers to run VMware or other virtualization platforms to update the iLO firmware without requiring a server reboot or a migration of the virtual machines to other servers. Remote HP Integrity iLO and Superdome 2 updates require these ports to be open on systems for network traffic in both directions to transfer firmware files. |
|
Ports 21 or 63006–63010 |
You can use these FTP ports to perform switch updates. |
HP SUM Linux network ports
| Ports | Description |
|---|---|
|
Port 22 |
Establishes a connection to a remote node via SSH to perform node inventory. |
|
Port 443 |
A secure data port used to transfer information. |
|
Port 5989 |
This port is used for VMware WBEM discovery. Make sure this port is not blocked on the VMware ESXi or VMware vSphere host. |
|
Ports 63001–63002 |
Updates are passed to the node and retrieved through an internal web server that runs by default on port 63001 for localhost http traffic and port 63002 for local and remote secure https traffic. This support allows iLO and VC firmware updates without having to access the host server. It also allows servers running VMware or other virtualization platforms to update their iLO without having to reboot their server or to migrate their virtual machines to other servers. Remote HP Integrity iLO and Superdome 2 updates require these ports to be open on systems for network traffic in both directions to transfer firmware files. |
|
Ports 21 or 63006–63010 |
You can use these FTP ports to perform switch updates. |
Changing the port address in the hpsum.ini file
You can change the default ports in the hpsum.ini file, instead of using the /port or /ssl_port parameters.
-
Navigate to the
hpsum.inifile in the temp directory,%temp%\HPSUM(Windows) or/tmp/HPSUM(Linux).
NOTE: HP SUM creates this directory the first time you launch HP SUM. If you have not launched HP SUM, launch it and then shut it down.
-
Open the file in a text editor, and edit the following items in the [HTTP] section.
Enabling HP SUM ports for VMware nodes
By default, outgoing connections are blocked in VMware servers, except ports 80 and 443. Use the following steps to enable the default ports of 63001 and 63002. You need to enable these outgoing ports on the VMware server.
-
Create an httpHPSUM firewall rule that enables outgoing connection via port 63001.
-
Create the file
httpSUM.xmlin the/etc/vmware/firewalldirectory. Type the following into the file:/etc/vmware/firewall # cat httpHPSUM.xml
<!-- Firewall configuration information for FDM -->
-
Refresh by using the command, esxcli network firewall refresh.
Special network configuration note for HP Integrity servers
HP Integrity servers have management network and production interfaces. These are usually kept on separate subnets in an installation. To perform full remote administration of the server, access is required for both networks. If you keep both networks isolated, you need to perform management and operating systems tasks separately.