HP Smart Update Manager Version 6.0.0 User Manual
Page 13
The following table describes when typical HP SUM deployment scenarios are used.
Used when
Scenario
Graphical deployment on a local host
•
You are not familiar with command line tools.
•
You are deploying components on a local, single host.
•
Updates do not require scripting.
Scripted deployment on a local host
•
You are familiar with command line tools.
•
You are deploying components on a local, single host.
•
Updates require a customized, scripted deployment.
Graphical deployment to a remote host
•
You are not familiar with command line tools.
•
You are deploying components on one or more remote
hosts.
•
Updates do not require scripting.
Scripted deployment to a remote host
•
You are familiar with command line tools.
•
You are deploying components on one or more hosts.
•
Updates require a customized, scripted deployment to
one or more host systems.
Disabling BitLocker to permit firmware updates (Windows only)
The TPM, when used with BitLocker, measures a system state. Upon detection of a changed ROM
image, it restricts access to the Windows file system if the user cannot provide the recovery key.
HP SUM detects if a TPM is enabled in your system. For some newer models of HP ProLiant servers,
if a TPM is detected in your system or with any remote server selected as a target, HP SUM utilities
for HP iLO, Smart Array, NIC, and BIOS warn users prior to a flash. If the user does not temporarily
disable BitLocker and does not cancel the flash, the BitLocker recovery key is needed to access the
user data upon reboot.
A recovery event is triggered in the following situations:
•
You do not temporarily disable BitLocker before flashing the system BIOS when using the
Microsoft BitLocker Drive Encryption.
•
You have optionally selected to measure HP iLO, Smart Array, and NIC firmware.
If HP SUM detects a TPM, a warning message appears:
CAUTION: A Trusted Platform Module (TPM) has been detected in this system. Failure to perform
proper OS encryption procedures will results in loss of access to your data if recovery key is not
available. Recommended procedure for Microsoft Windows (R) BitLocker (TM) is to \”suspend\”
BitLocker prior to System ROM or Option ROM firmware flash. If you do not have your recovery
key or have not suspended BitLocker, exit this flash. Failure to follow these instructions will results
in loss of access to your data.
To enable firmware updates without the need to type in the TPM password on each server, the
BitLocker Drive Encryption must be temporarily disabled. Disabling the BitLocker Drive Encryption
keeps the hard drive data encrypted. However, BitLocker uses a plain text decryption key that is
stored on the hard drive to read the information. After the firmware updates have been completed,
Disabling BitLocker to permit firmware updates (Windows only)
13