HP Master ASE FlexNetwork Solutions

So I’m now a HP Master ASE! ūüôā

Now that I’ve achieved this I figured it would be a good idea to write down my thoughts on the recommended training courses for the exam, my preparation for it and the exam itself as well as my wider views on the certification as it currently stands. I had originally hoped to blog the journey but a combination of work pressures and a compressed timescale for this has prevented me from doing so.

Overview

HP have replaced the old Master ASE – Network Infrastructure [2011] with the new HP Master ASE – FlexNetwork Solutions V1 as of late last year and I’m one of the first people to go through the process from what I’ve been told – indeed, I’ve heard that the number in Europe that have passed the exam is possibly in the very low tens. The content is significantly different and this has presented some challenges and frustrations during the process – more on that in a bit.

I was asked to go through the training and certification as part of work’s requirement to retain HP Platinum Partner status and although HP Networking is a much smaller part of my job now than it was, it still ties in with the wider DC solutions piece that I deal with. As such I didn’t have any issues agreeing to do it, figuring that it would be good to get a much better understanding of some technologies like SPB, TRILL and MPLS whilst also being better informed about the HP view of the more emerging technologies in the networking world.

To do this certification you either need to have one of the pre-requisite certs from other vendors (i.e. CCIE) or have either the HP ASE FlexNetwork Architect or HP ASE FlexNetwork Integrator certs, depending on which path you’ve taken. I’ve got both of these ASEs for one reason and another which actually turned out to be pretty helpful.

HP recommend three training courses for this certification:

And then there is a requirement for one exam:

I passed the exam at the end of the third week of training so all in it took me 5 calendar weeks to complete.

The Training Courses

I took all of the training at Host Computers, based in Shifnal near Telford in the UK. This totalled three four day weeks with a week off in between each.

All of the training was led by Lester Dias and I have to say, as an instructor he is absolutely superb. His knowledge, patience, teaching style and sense of humour has to be given a huge amount of credit for me completing the certification in the time I did.

For the first couple of weeks I stayed in the hotel that the training centre is part of – Haughton Hall. Unfortunately this turned out to be a bad move as the hotel is quite dated with back-breaking beds, painfully slow Wi-Fi, cold rooms, noisy radiators and mediocre food. I spent the last week commuting from the Premier Inn – Telford International Centre which was infinitely better.
HP Master ASE Books
The courses themselves were the usual classroom delivered PowerPoint slog with a hefty number of text books and remote labs provided by Computer Data. On the whole there was a huge amount of content to deal with each week and the labs were buggy and slow at times but overall it worked (sort of).

Course 1 – Building HP FlexFabric Data Centers

This was my favourite course of the three as it covered what are for me the most relevant technologies to the real world – MCE (VRFs), Multi-device Context (MDC), EVI, MPLS L2VPN, VPLS, SPBM, TRILL, DCB & FCoE and VEPA/EVB. The pace was pretty brisk but the labs were thorough enough although at times they felt like an exercise in retyping commands from the book without much understanding of what you were doing. For me the best bits were when the lab didn’t work and you got to apply the knowledge to troubleshoot the issue which very much aligns with how I learn. Finding a weird bug in SPBM doing load balancing of VRRP packets in a particular code version wasn’t much fun though.

The lab environment itself did have issues for me and others with code versions and default configurations missing, links between devices not working and certain scenarios broken due to issues with class-wide components such as shared core switches having incorrect configurations.

Depth wise, I feel I could implement these technologies in straightforward deployments (I’ve already done a couple of them to a level beyond the course) but there are a lot of knobs and features that we just didn’t cover. If I had a complex deployment I’d still be looking either for guidance from HP or to build a decent PoC before committing to a working design.

I was pretty disappointed that VXLAN, NVGRE, EIRF and MPLS L3VPN were all relegated to an appendix and not covered during the course (or the exam). These are incredibly important technologies today and I feel they have been unfairly side-lined in order to squeeze the course into 4 days and to make room for the SDN side of things. The first two also don’t quite align with HP’s SDN push which might also have something to do with it.

Course 2 – HP Unified Wired-Wireless Networks and BYOD

This course broadly covers two parts; the first is a trip through all of the various aspects of wireless (and the Comware controllers with IMC WSM) and the second revolves around HP IMC User Access Manager [UAM].

The first half was pretty straightforward as it’s pretty much just book learning and if you’ve been dealing with HP wireless for a while, established knowledge.

The second half from a conceptual point of view generally makes sense although it took quite a bit to get there – it covers all of the different flavours of access that UAM can support from basic guest BYOD all the way through to EAP-TLS with self-service certificate enrolment. The labs though are where it all started to fall apart.

To start with, the environment was buggy and painfully slow (1 core and 4GB of RAM for an IMC server!) and the lab guides were very much an exercise in just adhering exactly to the book. Whilst this led to working configurations in the first course, UAM itself was unreliable with various issues including disconnecting a device, removing all access for it and reconnecting it to find it gets given full access!

Lab aside, I can’t believe how frustrating and unintuitive UAM as a product is to use. It is incredibly difficult to conceptualize how the building blocks of one endless configuration screen after another fit together, let alone how to troubleshoot it when things do go wrong (I ended up in the log files on a number of occasions). From what I have seen of it and heard from colleagues who have dealt with it, I would not want to put the solution in for a customer as whilst an experienced engineer may be able to navigate all of the options and coerce the system into doing what is required, a customer does not stand much chance operating the solution without issue and easily troubleshooting it if (when) something does go wrong.

I don’t have the space and patience here to go into depth on this here but if anyone from HP reads this, please do get in contact as myself and colleagues would love to sit down and look at this problem constructively and in contrast to the far better BYOD solutions out there.

Course 3 – Creating HP Software-defined Networks

This course started with a pretty detailed run down of OpenFlow-driven SDN and how it is implemented on HP switching and then went into the HP SDN Controller and some of its capabilities. It’s necessarily a huge amount of theory as it’s a new topic (labs weren’t involved until over halfway through) but to HP’s credit I did learn an awful lot from this, especially as I was completely new to OpenFlow.

The implementation of OpenFlow does seem pretty mature although there are the usual differences between Comware and ProVision to keep in mind. Unfortunately the HP SDN Controller isn’t brilliant; it just about functioned in the lab and requires a lot of command line to really get the most out of it. It also doesn’t really do very much. Path Daemon does give you a working topology by installing flows based on ARP as required but it has some scalability issues (no more than 200 endpoints) and doesn’t have much other functionality.

HP’s big sell is their SDN Appstore with the goal that it will offer a wide variety of controllers, applications and tools, both from a vendor and a community perspective. Unfortunately there’s not really much content there and few updates since it was launched which already make it feel a little stale. HP’s two flagship solutions are Net Optimizer for Microsoft Lync and Net Protector. The former integrates with the Lync front-end servers to understand Lync sessions on the network and dynamically install flows to prioritise this traffic whilst the latter pushes traffic (either DNS for blacklist checking or everything) through a tunnel into the app to run TippingPoint RepDV signatures against. They both feel like solutions looking for a problem and in the case of Net Protector, pales in comparison to other solutions on the marketplace.

Interestingly, the IMC VAN SDN module barely got a look-in during the course, other than a few screenshots in the textbook that show the monitoring capabilities. Clearly this isn’t quite as joined up yet as it should be.

I’ll probably do a separate post at some point covering why I’m not a big fan of HP’s SDN approach in general, particularly for the DC, but suffice to say that whilst I think it was technically interesting, I don’t see it being widely deployed.

Exam Preparation

Reading the sample questions in the exam prep guide scared me quite a lot as I was seeing questions about detail that was buried away in footnotes inside the massive pile of course books. This breadth and depth is pretty intimidating and an enormous mountain to climb. I’d taken pretty thorough notes throughout the courses but still found it helpful to re-read all of the books and double-check/update my notes as well as use the learning checks to test myself.

At the beginning of the last course I decided to try the exam at the end of the week so my evenings in the hotel were spent revising the previous two weeks while trying not to forget everything I’d learnt that day. This turned out to be a pretty big undertaking as physically reading that much in a week is massive ask. I also had to spend a decent amount of time making sure I was happy with how the building blocks for the configuration of each technology fit together (i.e. VSIs in SPBM and VPLS, X-Connect groups in L2VPN, etc.) as I knew from the guide that this would be tested.

I didn’t spend any time doing lab work to revise as although I’ve got a decent Simware environment at home I knew that there wouldn’t be any simulations in the exam and that it’d be a lot of theory. I’d also just about had enough of labs after the frustrating experiences during the course.

Exam

I’m not going to say too much about the exam because obviously there’s the NDA in place when you take it but I will say that I found it did cover the breadth and depth that I was expecting but as I went through it I felt pretty confident. HP have a wonderful habit of putting in a “destructor” into the possible answers – an answer that looks close enough to be correct but isn’t and so trips you up – and there were a number of these but overall I finished the exam in a little over an hour through the 1 hour 55 minutes allowed.

The pass mark for the exam is 65% which I’ll admit was reassuringly low as it meant I could get 21 of the 60 questions wrong and still pass but in the end I scored 85% which I’m really pleased with.

Afterthoughts

I’ve had a long weekend and a good few glasses of wine since I did this to relax and mull on it somewhat and I feel pretty ambivalent about it now.

On the one hand, I’ve wanted to achieve this for a while and I’m really glad that I have and amazed that I managed to do it in the timescales I did. It’s a great thing to add to my CV, regardless of its direct relevance to my current day job and it’s also taught me some new technologies and cemented my knowledge of some old ones.

Oh the other, I went into this feeling apprehensive about the change from pure routing and switching into the amalgamation of three very different technologies and I do still feel that this is a mistake. It is far too much content to push into one certification and much of it isn’t relevant to most people’s world. Those who are looking to demonstrate their depth of experience in datacentre R&S for example are going to be switched off by SDN and wireless and similarly vice versa.

It also suffers from being unable to go into the proper depth on any of the technologies as a result of the amount of content it tries to fit in. Whereas certifications like the CCNP and CCIE will actually test detailed understanding of the implementation of the technologies in that world, this felt at times like a glorified marketing exercise; attempting to teach us about the HP things that people don’t know about.

Perhaps this is a symptom of HPN having a much smaller market share and maybe HP feel that this is what’s required to help grow that (I don’t think it is) but I don’t feel that the Master ASE is the accomplishment it should be.

That said, it’s still an accomplishment and still not an easy one at that which I’m proud to have achieved. I look forward to seeing how others get on with this as they recertify when their 2011 certs come up for renewal.

Microsoft TechEd Europe 2014 Day 2

This post is probably a bit more for my own records than anything as it’s a bit session specific but those sessions are obviously related to my interests and thus this blog so here we go anyway.

Next Version of Hyper-V:

Lots and lots of new features in here, pretty much all covered by the post on Technet however there was also some news about changes to the way VMs are backed up, specifically:

  • Backup is decoupled from the underlying infrastructure – not reliant on VSS
  • Not dependent on hardware snapshots on the SAN – good for large LUNs
  • Built-in change tracking rather than relying on third party backup agent

Couple of other bits as well:

  • Ability to name NICs in Hyper-V and have the name show up in the OS
  • Can modify static memory allocation for VMs running Technical Preview
  • Hot-add of VHDs doesn’t break replication

No one big feature across all the lists but plenty of polish which shows just how far Hyper-V has come.

System Center OM and Azure Operational Insights

Much was made of protecting the existing investment in Operations Manager, particularly MPs, as OM continues to be developed. Support for OSS platforms was also highlighted which is becoming more and more important. There’s also a few shiny things including new dashboards in 2012 R2 U2, monitoring O365, a new Exchange MP and so on.

The main focus though is definitely Azure Operational Insights (previously called System Center Advisor). It’s able to take data both directly from systems or from an existing OM deployment and do big-data analytics using the power of Azure.

This opens up a lot of new functionality including the ability to do amazing drill downs into data at great speed from a wide variety of devices. It’s natively multi-tenant and is designed to work Partners which is particularly useful. At the moment there are only a few integration packs available for it but MS are actively developing this (the system is still in preview) and it’ll be good to see the pace of release of these.

It obviously has a long way to go, particularly as one of the hugely valuable aspects of OM is the third party MP development and integration but MS are building a third party ecosystem into the platform. Definitely one to watch.

I’ve already been asked “Will this replace OM?” and I’m not sure. My feeling at the moment is that customers will be running OM for a long time to come and that new OM deployments are still sensible. There’s a clear commitment to OM and to get Operational Insights to leverage existing on-premises OM deployments so I can’t see any risk there.

Storage Replica:

The new functionality to replicate storage is quite exciting. There’s clearly a lot of work still to do to get the UI (and some of the Powershell) to where it needs to be and there are a few nasty bugs that people are likely to hit but it’s very promising. I’ll be getting it into a lab when I get back and covering it there so I won’t go into too much detail here.

One thing that did disappoint me though is that although it can do synchronous replication, it’s asymmetric, meaning that only one of the two sides can be active at a time – this is true of both cluster to cluster and server to server. I’m quite keen to find a replacement for the HP VSA-style network RAID to allow small, cost effective shared-nothing clusters to be built on branch offices and this doesn’t quite fit the bill as a result. Still much to like though!

General

So far, a really good event and been impressed by how well it’s organised and run. (Un)fortunately there’s an awful lot of content to see and I can see myself needing to spend another week just watching videos of all the sessions I’ve missed. Last night was also some great light relief at Carpe Diem on Barcelonetta beach which was a good opportunity to meet some people (including customers as it turned out) and relax.

Microsoft TechEd Europe 2014 Day 1

I’m fortunate to be at TechEd Europe this year (at slightly short notice) and wanted to share some of the things that I’m picking up on at the event. There’s a few topics I’ll do specific blog posts about but here’s a general overview of Day 1 and some of the bits I’ve seen.

Themes:

The keynote was good; couple of hours but kept reasonably fast paced with some interesting announcements and demos. What was interesting was the areas that were touched on and what was left out. The key areas are:

  • Data
  • Consistent Device Experience
  • Cloud (Hybrid and Public)
  • Software Defined Datacentre

There was nothing really on traditional on-premises systems such as Exchange, SharePoint, etc which depending on your perspective is either because we’ve just gone through a major release of these products or because it’s a strong focus on cloud.

Data:

People who don’t understand the value of data often fail to understand why Microsoft is playing in the search space with Bing when Google has so much of the market covered however this is extremely short sighted. As pointed out in the keynote, there are now more connected devices on the planet than people and with the Internet of Things taking off, the ability for Microsoft to understand the internet and the huge amount of data contained becomes really crucial to delivering valuable services to users and this is what Bing enables. Cortana’s brain, for example, is effectively Bing.

Consistent Device Experience:

Obviously there’s a lot of information coming out about Windows 10 and Joe Belfiore did a great job of showing some of the features there and it’s a good middle ground between Windows 7 and 8. It’s also worth noting that security was a huge part of this. The subtext though is that Microsoft is clearly trying to push the experience right across the device spectrum from phones to the largest PCs. This also encompasses other breeds of devices including iOS and Android; Office is a good example.

Cloud:

Microsoft is showing a clear commitment to making every part of the software defined datacentre integrate with the public cloud as much as possible and to make that as easy as possible, whether it’s backup or remote desktop. Here are the areas from the Keynote:

  • Management
  • Virtualisation
  • Identity
  • Networking
  • Data
  • Development

SDDC:

Given my focus, this one has me really excited. The next versions of Windows Server and the System Center suite will have significantly enhanced capabilities in many areas, building on foundations that have been laid already. Of particular note:

I’ll be posting my thoughts about CPS in the next day or as I think it’s a very strategic play by Microsoft. More to come!

Unable To Delete Hyper-V Root Snapshot in Hyper-V Manager

During a build-out for a customer it became necessary to move some virtual machines between a Hyper-V 2012 cluster and a Hyper-V 2012 R2 cluster but when trying to do so, all sorts of nasty errors came cropping up:

Live Migration Error Due To Differencing Disk

Error (12700)
VMM cannot complete the host operation on the host1.contoso.com server because of the error: Virtual machine migration operation for ‘MachineToMove.contoso.com’ failed at migration destination ‘host2.contoso.com’. (Virtual machine ID 1D5042AA-1A93-4635-9F0A-F7C7B0D10BDD)

Failed to access disk ‘C:\ClusterStorage\Volume2\MachineToMove.contoso.com\Windows Server 2012 DC with SP1_disk_1_3F40B5A6-E8DC-4752-873C-D9742C9419F4.avhdx’: ‘The system cannot find the file specified.'(‘0x80070002’).
Unknown error (0x800b)

Error (23753)
The virtual machine or tier load balancer configuration requires an IP pool and there are no appropriate IP pools accessible from the host.

Recommended Action
Select a host with access to an appropriate IP pool and try the operation again.

Live Migration Error Due To Differencing Disk 2

Error (12700)
VMM cannot complete the host operation on the MachineToMove.contoso.com server because of the error: Virtual machine migration operation for ‘MachineToMove.contoso.com’ failed at migration source ‘Host1’. (Virtual machine ID 1D5042AA-1A93-4635-9F0A-F7C7B0D10BDD)

Virtual machine migration for ‘MachineToMove.contoso.com’ failed because configuration data root cannot be changed for a clustered virtual machine. (Virtual machine ID 1D5042AA-1A93-4635-9F0A-F7C7B0D10BDD)
Unknown error (0x8005)

Recommended Action
Resolve the host issue and then try the operation again.

You may notice in the top error that the disk path is pointing to an odd file name. Looking at the settings for the machine in Hyper-V Manager and inspecting the disk, we find:

Live Machine Properties

Lo and behold, it’s a differencing disk. Let’s try removing the snapshot that created it:

Hyper-V Snapshot Missing Delete

And there’s the problem – no delete option!

Let’s look at the snapshot in PowerShell. To do so, open an elevated PowerShell session on a Machine with the Hyper-V PowerShell tools installed and run:

Get-VMSnapshot -VMName MachineToMove.contoso.com -ComputerName host1.contoso.com | fl

Here’s the output for the above VM:

SnapshotType : Recovery
VMId : 1d5042aa-1a93-4635-9f0a-f7c7b0d10bdd
VMName : MachineToMove.contoso.com
State : Off
Key : Microsoft.HyperV.PowerShell.SnapshotObjectKey
IsDeleted : False
ComputerName : host1.contoso.com
Id : 4382dc53-2fdd-476f-91b8-81963c292d24
Name : MachineToMove.contoso.com - Backup - (1/16/2014 - 6:00:19 PM)
Version :
Notes : #CLUSTER-INVARIANT#:{434c76e7-5581-463a-b1b4-71027d39770f}
Generation :
Path : C:\ClusterStorage\Volume2\MachineToMove.contoso.com
CreationTime : 16/01/2014 20:22:24
IsClustered : True
SizeOfSystemFiles : 49254
ParentSnapshotId :
ParentSnapshotName :
MemoryStartup : 8589934592
DynamicMemoryEnabled : False
MemoryMinimum : 536870912
MemoryMaximum : 1099511627776
ProcessorCount : 4
RemoteFxAdapter :
NetworkAdapters : {MachineToMove.contoso.com}
FibreChannelHostBusAdapters : {}
ComPort1 : Microsoft.HyperV.PowerShell.VMComPort
ComPort2 : Microsoft.HyperV.PowerShell.VMComPort
FloppyDrive : Microsoft.HyperV.PowerShell.VMFloppyDiskDrive
DVDDrives : {DVD Drive on IDE controller number 1 at location 0}
HardDrives : {Hard Drive on IDE controller number 0 at location 0, Hard Drive on SCSI controller
number 0 at location 0}
VMIntegrationService : {Time Synchronization, Heartbeat, Key-Value Pair Exchange, Shutdown...}

Time to remove it:

Get-VMSnapshot -VMName MachineToMove.contoso.com -ComputerName host1.contoso.com | Remove-VMSnapshot

You can run this command while the machine is running and if you look in Hyper-V after running this you’ll see that the differencing disk will quickly merge into the parent and then the recovery-point snapshot will be removed. Migrating the VM in this state should go without a hitch.

What caused this?

In this instance, the environment is running HP Data Protector 8.0 which is HP’s incredibly powerful (albeit rather old-looking) backup platform. The environment had been configured to back up the machines in the Hyper-V cluster using the HP StoreVirtual P4000 VSS/VDS Providers along with Application Aware Snapshot Manager. As I understand it, this uses the differencing disks so that incremental backups can be achieved – they’re merged and renewed during each Full backup. This is why you see the word “Backup” in the snapshot name along with the data and time that Data Protector took the backup.

HP IMC Firewall Rules

I use HP’s Intelligent Management Center a reasonable amount as I often install it as the NMS of choice for HP network deployments. As a result, I’m often caught by problems with things hitting the Windows Firewall and breaking.

Here’s a list of the exceptions that you need to add to the Windows Firewall for IMC. This list is incomplete but I’ll add to it as I find more:

Base Platform:

  • HTTPS – TCP 443 – This is assuming you’ve changed from the default of 8443 which I recommend
  • SNMP Traps – UDP 162 – <ServerInstallDir>\server\bin\imcfaultdm.exe
  • TFTP – <ServerInstallDir>\server\bin\tftpserver.exe – This fixes issues such as IMC not being able to back up HP ProCurve switch configurations

Wireless Services Manager [WSM]:

  • WLAN – (<ServerInstallDir>\server\bin\imcwlandm.exe) – This fixes a MSM not being able to connect to the Mobility Manager IP set in the Web Administration. For reference, this port is TCP 7668.

If you know of any others, please do let me know!

Updates:

2014-01-17 – SNMP Traps

Hyper-V 2012 -> 2012 R2 Cluster Migration Issues

Quick post more to document an oddity than anything…

Migrating machines from a 2012 cluster to a 2012 R2 cluster using¬†VMM 2012 R2¬†with mixed results. In particular, I’m seeing the machines duplicated in Failover Cluster Manager – one of the two seems to be the live machine and the second, prefixed with SCVMM (as all VMM created machines are) seems to be broken with various errors such as ID 21502 “Missing or invalid virtual machine¬†ID resource property”. Simply removing the duplicate starting with SCVMM and all seems to be ok.

Odd though.

HP Systems Insight Manager Firewall Rules

As part of a deployment of HP Systems Insight Manager (HP SIM) onto Windows Server 2012, it was necessary to allow the required ports through the Windows Firewall to pass the pre-requisites check.

Unfortunately, HP SIM seems to be somewhat annoying and has a list of 52 (yes, you read that right!) ports that need opening. What’s more, you can’t use ranges as this causes the pre-requisites checker to fail. HP’s solution is to disable the firewall (they also tell you to disable UAC – which is similarly mad but that’s another rant) but obviously this isn’t good enough for any half-way secure infrastructure.

The solution is to use netsh to create the required rules. With a bit of magic, here are the commands you need to run to add all 52 rules in one easy copy and paste:

netsh advfirewall firewall add rule name="HP SIM - FTP (TCP 21)" dir=in protocol=tcp localport=21 action=allow
netsh advfirewall firewall add rule name="HP SIM - SSH (TCP 22)" dir=in protocol=tcp localport=22 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 67)" dir=in protocol=tcp localport=67 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 68)" dir=in protocol=tcp localport=68 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 69)" dir=in protocol=tcp localport=69 action=allow
netsh advfirewall firewall add rule name="HP SIM - HTTP (TCP 80)" dir=in protocol=tcp localport=80 action=allow
netsh advfirewall firewall add rule name="HP SIM - SNMP (TCP 161)" dir=in protocol=tcp localport=161 action=allow
netsh advfirewall firewall add rule name="HP SIM - SNMP Trap (TCP 162)" dir=in protocol=tcp localport=162 action=allow
netsh advfirewall firewall add rule name="HP SIM - Web server for HP Systems Insight Manager; Web agent auto-start port (TCP 280)" dir=in protocol=tcp localport=280 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 401)" dir=in protocol=tcp localport=401 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 402)" dir=in protocol=tcp localport=402 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 405)" dir=in protocol=tcp localport=405 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 406)" dir=in protocol=tcp localport=406 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 407)" dir=in protocol=tcp localport=407 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 415)" dir=in protocol=tcp localport=415 action=allow
netsh advfirewall firewall add rule name="HP SIM - Harris Stat Scanner Engine (TCP 443)" dir=in protocol=tcp localport=443 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 505)" dir=in protocol=tcp localport=505 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control server migration (TCP 1080)" dir=in protocol=tcp localport=1080 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control virtual machine management Control (TCP 1124)" dir=in protocol=tcp localport=1124 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control virtual machine management Agent (TCP 1125)" dir=in protocol=tcp localport=1125 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control virtual machine management Agent (TCP 1126)" dir=in protocol=tcp localport=1126 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 1758)" dir=in protocol=tcp localport=1758 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 1759)" dir=in protocol=tcp localport=1759 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Migration (TCP 1779)" dir=in protocol=tcp localport=1779 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP ProLiant agents (TCP 2301)" dir=in protocol=tcp localport=2301 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP SIM RMI connection (TCP 2367)" dir=in protocol=tcp localport=2367 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP ProLiant agents (TCP 2381)" dir=in protocol=tcp localport=2381 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 4011)" dir=in protocol=tcp localport=4011 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 5001)" dir=in protocol=tcp localport=5001 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 5002)" dir=in protocol=tcp localport=5002 action=allow
netsh advfirewall firewall add rule name="HP SIM - WBEM Service (TCP 5988)" dir=in protocol=tcp localport=5988 action=allow
netsh advfirewall firewall add rule name="HP SIM - WBEM Service (TCP 5989)" dir=in protocol=tcp localport=5989 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 8080)" dir=in protocol=tcp localport=8080 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Server Deployment (TCP 8081)" dir=in protocol=tcp localport=8081 action=allow
netsh advfirewall firewall add rule name="HP SIM - Matrix Operating Environment (TCP 9143)" dir=in protocol=tcp localport=9143 action=allow
netsh advfirewall firewall add rule name="HP SIM - Matrix Operating Environment (TCP 9617)" dir=in protocol=tcp localport=9617 action=allow
netsh advfirewall firewall add rule name="HP SIM - Matrix Operating Environment (TCP 9618)" dir=in protocol=tcp localport=9618 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Matrix infrastructure orchestration (TCP 16443)" dir=in protocol=tcp localport=16443 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control Virtual Machine Management (TCP 40420)" dir=in protocol=tcp localport=40420 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP ProLiant agents (TCP 49400)" dir=in protocol=tcp localport=49400 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Systems Insight Manager web server (TCP 50000)" dir=in protocol=tcp localport=50000 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Systems Insight Manager SOAP (TCP 50001)" dir=in protocol=tcp localport=50001 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Systems Insight Manager SOAP with client certificate authentication (TCP 50002)" dir=in protocol=tcp localport=50002 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Systems Insight Manager SOAP (TCP 50003)" dir=in protocol=tcp localport=50003 action=allow
netsh advfirewall firewall add rule name="HP SIM - WBEM event receiver (configurable) (TCP 50004)" dir=in protocol=tcp localport=50004 action=allow
netsh advfirewall firewall add rule name="HP SIM - WBEM Events (TCP 50005)" dir=in protocol=tcp localport=50005 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control virtual machine management Web Service (TCP 50010)" dir=in protocol=tcp localport=50010 action=allow
netsh advfirewall firewall add rule name="HP SIM - Matrix Operating Environment (TCP 51001)" dir=in protocol=tcp localport=51001 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control server migration (TCP 51124)" dir=in protocol=tcp localport=51124 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control server migration (TCP 51125)" dir=in protocol=tcp localport=51125 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Insight Control server migration (TCP 51126)" dir=in protocol=tcp localport=51126 action=allow
netsh advfirewall firewall add rule name="HP SIM - HP Matrix infrastructure orchestration (TCP 51443)" dir=in protocol=tcp localport=51443 action=allow

Add those and the pre-requisites checker should no longer fail on the firewall step.