HPE Gen12 servers introduce enhanced security by supporting only High Security modes (SecureStandard, CNSA, FIPS). This impacts how you configure Intelligent System Update Tool (iSUT) and Agentless Management Service (AMS) for vSphere Lifecycle Manager (vLCM) based firmware updates.

Unlike previous generations, configuration through the HPE OneView for VMware vCenter (OV4VC) and HPE Compute Ops Management plug-in for VMware vCenter (COM4VC) vLCM Pre-Check page is not available in these modes, as iLO credentials are now required. Instead, you must manually configure AMS and iSUT by creating an application account and providing valid HPE iLO credentials.

In this blog post, I’ll show you how to configure iSUT and AMS to enable vLCM-based firmware updates on HPE Gen12 servers.

Prerequisites

• HPE Gen12 server with iLO 7
• vSphere environment with vLCM enabled
• iLO credentials with sufficient privileges
• Access to server CLI (SSH or local console)

Step 1: Create an Application Account on iLO 7

Application accounts are service accounts in iLO 7, used by host applications (like iSUT and AMS) to securely authenticate and communicate with iLO.

To create an application account using CLI:

sut appaccount create -u <ilo_username> -p <ilo_password>

Alternatively, to proceed without creating an application account, provide the iLO credentials using the following CLI command:

sut -set ilousername=<ilo_username> ilopassword=<ilo_password>

Step 2: Set iSUT Mode to AutoDeploy

Set the iSUT mode to AutoDeploy to enable automated firmware updates:

sut -set mode=AutoDeploy

Step 3: Configure AMS Application Account (for VMware)

For VMware environments, create the AMS application account:

/opt/amsdv/bin/amsdCli appaccount create -u <iLO_username> -p <iLO_password>

Step 4: Verify Application Account in iLO

1. Open the iLO GUI
2. Navigate to iLO Settings > User Management > Users
3. Select Application Account
4. Confirm the application account details are present

Step 5: Check AMS status in iLO GUI

• Ensure AMS status is reported as Available in the iLO GUI.

Step 6: Verify iSUT and AMS status in vSphere

1. Log in to VMware vSphere.
2. Select the required cluster and click the Configure tab.
3. In the left panel, go to Cluster > Configure > HPE Server Hardware.
4. On the vLCM Pre-Check panel, check the iSUT mode and AMS state.
5. Refresh the page and confirm both statuses are green.

Conclusion

With AMS and iSUT properly configured, you are ready to proceed with vLCM-based firmware updates on HPE Gen12 servers, including both ProLiant and Synergy models. This ensures secure, automated, and compliant lifecycle management in high-security environments.

Tip: Always refer to the latest HPE and VMware documentation for updates on security practices and supported configurations.