TPM Myths – You need firmware upgrades

A shield with a padlock design, in front of a laptop with a bug on the screen, against an orange background

Posted on Wednesday, August 10, 2016

One of the major reasons for continuing with OEM support and maintenance contracts is the provision of firmware patches. As security problems are identified, OEMs develop and release new firmware releases that plug each hole, preserving the overall security of the system and your data.

As you might expect, these patches are only available to customers in possession of a valid maintenance contract. For OEMs, this is one of their most powerful persuasive tools for encouraging their users to renew expensive contracts.

But as hardware reaches end of service live (EoSL), is firmware really that important?

No support, no firmware

The reality is that storage systems reaching end of service life do not receive firmware updates anyway. No matter which vendor you approach – EMC, IBM, NetApp, HPE - none of them offer firmware updates for post-warranty hardware. Even if you did take out a very expensive custom support contract.

The OEM solution to this problem is recommend another round of upgrades, replacing end of life equipment – whether you want to or not. And of course, this new equipment will need its own cycle of upgrades and patches once deployed.

No firmware, no problem

By the time hardware reaches EoSL, early bugs will have been identified and rectified, creating an extremely stable platform. Your applications and data will have been running on that platform for several years, proving the stability. So are firmware updates that vital?

CTOs favor stability over functionality, and most will stick with a software version that has proven to be solid and reliable. A quick check of your own environment will probably reveal that the majority of storage arrays are running at least one version behind the most recently released. So if you are already running on firmware N-1 or older, updates are probably less important than the OEM claims.

It is also important to realise that security patches are typically made available to all of their users, regardless of whether they have a current maintenance contract or not.

It could be the case that rather than retiring EoSL hardware, you use it to replace even older legacy systems – something we call a cascade-down IT program. This would see your post-warranty systems re-used in non-mission critical roles, for which it is impossible to justify an expensive custom support contract. Similarly, with the stability of the platform proven, would you want to install new firmware updates anyway?

Without the need (or option) for firmware upgrades, the responsible choice is to take out a maintenance contract with a third party provider. This gives you the assurance that your storage continues to perform optimally, is protected in the event of a problem and offers support cost reductions of up to 70 percent.

To learn more about post-warranty maintenance, and the reason you should stop worrying about firmware support, please get in touch.