Introduction
A good reason for using a VDI solution with the use of the HP ThinPro thin client devices is security. The devices are highly secure - the ThinPro OS provides layers of security with signed OS components and a read only and encrypted file system. And oftentimes, for this reason, they will be located in air-gapped highly secure environments. HP Device Manager (HPDM) is used to manage these systems and HPDM does not require internet connectivity. Thus the solution is a very good fit for environments that are sealed off from external threats. HPDM does require updating from time to time. When a new version of HPDM is released, all vulnerabilities address by the new release are resolved when the upgrader/installer file is executed on the offline installation of HPDM.
In-between patches and updates, that is, updates to various components of HPDM, such as OpenSSL for instance - these are normally installed through the HPDM Configuration Center. The administrator can click on the HPDM HTTPS Repository, click on Check for Updates, and then click on Download if updates are available.
The Problem
This updating solution is only suitable for HPDM installations on servers that have internet access. Where there is no internet access, the Check for Update action will fail and the status will be Update Check Failed.
The Workaround
Such fixes and updates can be downloaded from an internet facing device and imported into the offline instance of HPDM. Here is the process:
1) On the internet facing device, open a browser and go to https://ftp.hp.com/pub/hpdm/dmcatalog.xml. Save this page locally as dmcatalog.xml.
2) Search the dmcatalog.xml file for .zip entries and download each of them by navigating to https://ftp.hp.com/pub/hpdm/Patches/HTTPS_Updates/<name of zip file> For example:
https://ftp.hp.com/pub/hpdm/Patches/HTTPS_Updates/OpenSSL.zip
At the time of writing the dmcatalog.xml file contains the following .zip entries
Apache.zip
OpenSSL.zip
PHP.zip
These three files can be downloaded from the following URLs.
https://ftp.hp.com/pub/hpdm/Patches/HTTPS_Updates/OpenSSL.zip
https://ftp.hp.com/pub/hpdm/Patches/HTTPS_Updates/PHP.zip
https://ftp.hp.com/pub/hpdm/Patches/HTTPS_Updates/Apache.zip
Note: The name of the .zip file is case sensitive.
3) Copy your downloaded files and the dmcatalog.xml file to a USB key and copy into the configuration center directory on your air-gapped HPDM server. In this case I copy the files into c:\Program Files\HP\HP Device Manager\Configuration Center
4) Open a command prompt as Administrator and navigate to the Configuration Center directory, containing the updates and the dmcontrol.xml file.
5) Run the following command: HTTPSUpgrade.exe -l (as in lima)
Conclusion
As can be seen from the screen grab, all three components have been upgraded on a HPDM installation. Further, this installation of HPDM does not have internet connectivity - thus the above process is ideal for highly secure, air-gapped environments.
I hope you have enjoyed this little blog, and I wish you much success in your own updating requirements.
No comments:
Post a Comment