There is another option for onsite. The vm server has a KVM on it. A technician can pull out the keyboard, hit the right combination to get to the vmserver and select the display option for the instance of the vHMC and use it from there. I prefer the ergonomics of using my laptop.
Original Message:
Sent: Wed February 12, 2025 03:00 PM
From: Robert Berendt
Subject: Remote HMC disconnect during a managed system firmware update
If they are onsite they have a few choices. I normally have to go to that site too in the few cases that this has happened.
Normally the first choice is they can use my laptop. I'm normally there solely to work on this issue. I normally don't like the wifi at the data center as then I would have to vpn into the equipment. So we have a spare wire hanging off the switch that any employee who goes to the DC can use to hook up their laptop while they are there. I've already had to pass through four retinal scanners just to get into the DC. Then I have to use a physical metal key to get into the cage surrounding our racks and get access to that wire.
One time, while the IBM guy was on site and I was out of state I got in remotely and he talked me through clicking stuff on my laptop.
Let me ask you this: If someone at your company wants to pull up customer history do you only let them use a separate PC on a special segment of the company network with FW rules only allowing access to special ports on your lan connection to your Power system? No? Then why the abject paranoia regarding the HMC port to your Power system?
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Wed February 12, 2025 07:47 AM
From: Lech Szychowski
Subject: Remote HMC disconnect during a managed system firmware update
> I am using vHMC or virtual HMC.
Out of curiosity: how do you deal with the cases when IBM tech support people have to do something that requires them to use HMC console? Separate PC connected to some segment of the company network with FW rules allowing only access to selected ports on vHMC IP?
------------------------------
Lech Szychowski
Original Message:
Sent: Mon February 10, 2025 08:04 AM
From: Robert Berendt
Subject: Remote HMC disconnect during a managed system firmware update
I am using vHMC or virtual HMC. I have zero complaints about that. Our data centers are geographically remote from me. One is two hours south and the other is 3 hours north.
I got tired of playing the upgrade game of trying to keep the physical HMC in step with the latest version of HMC. And the hardware maintenance, etc.
Now I use vHMC.
- Prior to an HMC upgrade I can do a snapshot. If it goes south I can restore the snapshot and do it right this time.
- Using the web interface from my PC I can do most HMC functions.
- For starting 5250 shared console sessions I can use the vmware server access to that box. If you allocated 5GB of video memory (not more, not less) it works pretty well.
- If I'm concerned about losing connection I use that same vmware connection. My home internet is very unreliable.
- I have redundant vmware servers at both DC's. Each with a vHMC. Either vHMC can access the Power server(s) in the data center it is in and the Power server(s) in the other DC.
- With shared 5250 console sessions, and Console Takeover enabled, I can reboot the HMC and not experience any interruption in system console usage from my laptop.
- ASMI remote is a breeze.
Back when I have a physical box for HMC I could access that directly by plugging the keyboard, video and mouse into a KVM with remote access. It was a little odd however with weird things like dual mouse pointers appearing on the screen.
I simply would not go back to a physical HMC.
There are those, however, who feel, while it is ok to have Personnel info, budget info, proprietary engineering designs, customer pricing negotations, missle launch codes, etc on the corporate network it is curtains for the free world if they don't have a dedicated wire between their HMC and their Power system. I just can't get my head around that mentality.
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Sun February 09, 2025 04:48 PM
From: Marc Rauzier
Subject: Remote HMC disconnect during a managed system firmware update
Hello Jozsef
The availability of this BMC feature might depend on your HMC model, but, take a look at "Section 1. OpenBMC Consoles, Keyboard Video Mouse (KVM)" section on https://www.ibm.com/support/pages/openbmc-consoles-and-virtual-media-7063-cr2-hmc You will see that there is the HMC local login screen.
You can get remote full control with the BMC feature, including "mirroring the local console", as they write. You connect to the BMC with a browser and initiate any activity (such as an HMC upgrade including reboots, for example) you want on the HMC just like if you were locally residing. If you loose the access to the BMC, or even if you disconnect, any action previously initiated will continue.
This is a nice feature for IBM i users so that they can start a shared local 5250 console on a partition in order to remove the risk of loosing the connection to the 5250 console during vital operations such as IBM i upgrades, and remotely connect to this shared 5250 console to be more comfortable.
------------------------------
Marc Rauzier
Original Message:
Sent: Sun February 09, 2025 03:40 PM
From: Jozsef Torok
Subject: Remote HMC disconnect during a managed system firmware update
Hi Marc, thank you for responding.
I take it you are referring to Console Redirection via the HMC's IPMI?
If we did that remotely via a VPN connection don't we still have the same risk of the VPN connection dropping during an update install? Or does running the update process as if working on the local HMC negate that where when the VPN connection drops the process on the 'local' Console carries on?
Thanks Marc,
Jozsef
------------------------------
=====================
Jozsef Torok
IT Engineer
Spark New Zealand Trading Ltd
=====================
Original Message:
Sent: Fri February 07, 2025 09:32 AM
From: Marc Rauzier
Subject: Remote HMC disconnect during a managed system firmware update
To remove this kind of risks, you may want to connect to a local HMC through IPMI for x86 based HMC or BMC for Power based HMC. Using this way, you initiate any process just like if you were close to the local HMC.
------------------------------
Marc Rauzier
Original Message:
Sent: Thu February 06, 2025 10:01 PM
From: Jozsef Torok
Subject: Remote HMC disconnect during a managed system firmware update
Hi folks,
I am seeking confirmation on the implications of a remote HMC connection (over a VPN connection) failing while a managed system firmware update initiated by this remote HMC is in progress.
A question submitted to ChatGPT provided the following response:
In summary, while losing the remote connection to the HMC during a firmware update or upgrade can limit your ability to monitor and control the process, the update or upgrade itself should continue as long as the local HMC console is active. The local HMC console does not need to be signed on for the update or upgrade to proceed, but having it signed on can be helpful for monitoring and troubleshooting. Ensure you have contingency plans and clear communication channels with local staff to handle any potential issues.
Is anyone able to verify please the validity of that response?
Has anyone experienced this situation?
Thank you,
------------------------------
========================
Jozsef Torok
IT Engineer - IBM i and Power
Spark New Zealand Trading Ltd
========================
------------------------------