General guidelines for updating or converting of HA member partitions

For full HA functionality, all members of a working HA group should be identical in firmware version and partition type. For best results, the Client library, that enables HA among several HSM,

>Expect HA functionality (with some caveats) when members have been updated, but not during firmware update to version 7.7.0 (or newer) or during conversion of member partitions from V0 to V1.

>The kind of HA discussed here, is mediated by the Client library. If you are updating firmware from pre-7.7.0 to version 7.7.0 (or newer), while continuing to use a Client version earlier than 10.3.0, then as your HA group members are converted (by the firmware update) into V0 partitions, note these HA considerations:

•A V0 partition on an appliance with HSM firmware 7.7.0 (or newer) can be added to an existing HA group that already has HA members made up of partitions from HSM with pre-version-7.7.0 firmware .

–ha addMember command functions as expected.

–When cloning objects from HSM firmware earlier than 7.7.0 into V0 partition, the size of the object increases.

•ha createGroup functions as expected using V0 partition.

•ha deleteGroup functions as expected on a HA group containing V0 partition.

•A V0 partition on an appliance with HSM firmware 7.7.0 (or newer) can be removed from an existing HA group.

–ha removeMember command functions as expected.

•A V0 partition on an appliance with HSM firmware 7.7.0 (or newer) can be added as a standby member of an existing HA group.

–ha addStandby command functions as expected.

•After a V0 partition on an appliance with HSM firmware 7.7.0 (or newer) is added as a member of an existing HA group, it can be synchronized with other members of the HA group.

–ha syncrhonize command functions as expected.

–As described in ha addMember section above, synchronization from partition in pre-7.7.0-firmware HSM to V0 partition may fail due to storage limitation.

•When V0 partition in a HA group becomes a primary partition, synchronization with other members on a pre-7.7.0-firmware HSM is not supported.

•V1 partition can be added to an existing HA group that already has HA members made up of partitions from a pre-7.7.0-firmware HSM. However, when V1 partition becomes the primary member of the HA group, synchronization with remaining member of the HA group will no longer function.

>Cloning of keys and objects can proceed only from a lower-security environment (in this context, pre-7.7.0) to a higher-security environment (firmware 7.7.0 or newer), but not in the other direction.

>Members of HA groups must all be at the same level. Perform an update from pre-7.7.0 firmware to 7.7.0 (or newer) - which invokes conversion of partitions to V0 as an effect of the update - while the partition is not a member of an HA group.

>An HA group with V1 partitions must have all members at V1 and all members sharing the same SMK.

>A V1 partition cannot be a member of more than one HA group unless both groups have the same SMK.

>An HA group with V0 partitions should have all members at V0; the new, more secure cloning protocol, and changes to key attributes mean that attempting to mix pre-firmware-7.7.0 partitions with V0 partitions is not recommended and would not work as expected.

>If a member of an existing HA group is added to a different HA group with a different SMK, the new member takes on the SMK of the new HA group and ceases to function properly in its original group (and should be removed).

>Converting a partition from V0 to V1 preserves contents, and should be done while the partition is not in an HA group.

>Converting a partition from V1 to V0 is destructive, so the partition cannot remain an HA member.

>Similarly, cloning of keys and objects can proceed from partitions of an HSM that has had Functionality Modules enabled into partitions that have never had Functionality Modules enabled, but not in the other direction. Again, firmware updates should take place outside of HA groups.

NOTE Remove/ stop all ongoing operations with HA and update-or-convert members one at a time, leaving the primary member for last. Then resume using the HA group with all members now updated or converted.

An HA group functions properly when all member partitions are V0 (and the same firmware version).

An HA group functions properly when all member partitions are V1 (and the same firmware version).

An HA group functions properly when all members are FM-enabled, or all members are FM-never-enabled.