This has come up before but don't think a solution was found. I'm guessing your VSPs don't talk home to HPE for fault reporting either if secured site?
I know HPE have a process which allows them to auto push certain updates out to dial home SPs but they only seem to use it occasionally from what I've observed (couple of times a year maybe).
For obvious reasons I'd like to think they wouldn't advertise the api and allow 3rd parties to use that as I'm sure someone would use it as a way to remote break arrays.
Have had to use the 3parcli method a couple of times but I'd be careful of that as it doesn't seem to clean up files or track changes as well as via the SP.
The small Pxx patches are normally straight forward for local install via the SP, the release notes contain any additional commands needed if required. Just need to check on ordering.
The MU or version upgrades really aren't designed for end user install and often have manual tasks before, during and after for a safe install. That seems to be improving over the years but I'd still be careful on live systems if trying to automate them.
I've not looked (haven't had the need) at web automate tools but as 3PAR was never designed for self updating it just seems like a great way to break a lot of things overnight.
I'm wondering if they have made any changes in this regard to the Primera line, if so might be things that'll filter back into the 3PAR code going forward.