1. Field of the Invention
The present invention relates in general to the field of information handling firmware maintenance, and more particularly to in-band hypervisor-managed firmware updates.
2. Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
In order to more effectively manage information handling system resources, some enterprises have turned to virtual machines. Virtual machines use hardware virtualization techniques to support multiple operating system guests running on a common host hardware platform. A virtual machine manager, also known as a hypervisor, presents guest operating systems with a virtual operating platform to manage the execution of the guest operating systems. The hypervisor is essentially a type of operating system that coordinates physical processing resources to support operation of virtual machines in a secure manner. A type 1 hypervisor runs directly on the host platform hardware to control the hardware and manage the guest operating systems, which run as a second level over the hypervisor. Some examples of commercially-available type 1 hypervisors are the VMware ESX and ESXi hypervisors. A type 2 hypervisor runs at a second level within another operating system so that guest virtual machine operating systems run over the hypervisor at a third level. Dividing physical processing resources into multiple virtual machines provides efficient use of resources while introducing only minimal overhead to processing operations. Each guest operating system runs as a separate kernel on the host physical processing resources to provide secure separation of virtual machines from each other.
One difficulty with virtualization using a type 1 hypervisor is that the security measures of the hypervisor that separate virtual machines from each other tend to limit maintenance operations performed by in-band communications through the hypervisor to the physical processing resources. Hypervisor-based update tools, such as VMware Update Manager, allow updates to virtual machine software, such as patch maintenance to operating systems; however, security considerations limit access by tools running over the hypervisor to the hardware and firmware of the underlying physical host system. In some instances, installed firmware versions are not visible via hypervisor application programming interfaces, so hypervisor update tools are not able to determine what firmware is installed versus what is available, making it difficult to obtain reporting on systems that need updates. Instead, information technology professionals typically have to access the physical host system by shutting down the hypervisor or through an out-of-band network interface to perform firmware updates, such as re-flashing the BIOS or other firmware instructions. Physical access is performed with a keyboard that interfaces directly with the system or with a remote access keyboard supported by a chassis or server management processor, such as a baseboard management controller, a lifecycle controller and/or a chassis management controller. Remote access is supported via an out-of-band network interface used for system maintenance that is separate from normal in-band operations performed by the host. Performing firmware updates separate from software updates increases the complexity of system management and increases the risk that necessary updates will go undone for decreased system security.