Updating the Luna Network HSM Appliance Software

The Luna Network HSM appliance software consists of the LunaSH command-line shell and its underlying software components. Use the following procedure to install the Luna Network HSM 7.7.1 appliance software update.

The update package includes an image of the latest HSM firmware, which you must install to take advantage of all the new features in this release. When you install the appliance software update, the latest firmware image is stored on the appliance file system but not installed. The system can only hold one firmware version in reserve at a time.

Firmware installation is a separate procedure (see Updating the Luna HSM Firmware).

NOTE   The appliance software update cannot be rolled back directly. You can re-image to a predetermined configuration and then update to a desired appliance software version (see Re-Imaging the Appliance to Factory Baseline). The HSM firmware, however, can be rolled back to the previously-installed version (see Rolling Back the Luna HSM Firmware).

CAUTION!   Before updating to appliance 7.7, you must install lunasa-reboot-patch-3.spkg first - the package is bundled with the Luna Network HSM 7.7 update package, and prevents an intermittent appliance boot issue that could have serious consequences if it occurred during a firmware update procedure. See Network HSM Appliance BIOS and BMC Firmware Update Patch.

NOTE   If the package lunasa-reboot-patch-3.spkg is not installed before you begin the Luna Network Appliance 7.7 update, the software update process halts with a message directing you to install the reboot fix.  

To update the appliance software and firmware, you must transfer and apply a secure package file to the Luna Network HSM. You require:

>Luna Network HSM 7.7.1 appliance software update package file (<filename>.spkg)

>the secure package authentication code, provided in a text file accompanying the update package

To upgrade the Luna Network HSM appliance software

CAUTION!   A change to network routing when updating to Network HSM appliance version 7.7.0 or newer, from any prior 7.x version, can cause your appliance to become unreachable via network connection. Older appliance versions permitted the existence of multiple default routes. Beginning with appliance version 7.7.0, only one instance of the default route can exist.

Options for a successful update with minimal disruption are:

Remove all but one instance of the ‘default route’, using the network route delete command, before upgrading from any pre-7.7.0 appliance software version.
OR

Connect locally via serial cable to perform the update, so your access to the network appliance is not lost when network connection becomes temporarily unavailable (pending proper network configuration).

Note also that if you reimage, going back to a pre-7.7.0 version, the routing table goes back to the old format and you must apply one of the above precautions again, to update.

1.Transfer the secure package update file to the Luna Network HSM using pscp or scp.

pscp <path>/<filename>.spkg admin@<appliance_host/IP>:

2.Stop all client applications to the Luna Network HSM appliance.

3.Using a serial or SSH connection, log in to the appliance as admin (see Logging In to LunaSH).

4.Log in as HSM SO (see Logging In as HSM Security Officer).

lunash:> hsm login

5.[Optional Step] Verify that the secure package file is present on the Luna Network HSM.

lunash:> package listfile

6. [Optional Step] Verify the package file, specifying the authorization code you received from Thales.

lunash:> package verify <filename>.spkg -authcode <code_string>

7.For update from pre-7.7.0 appliance to 7.7.0, the lunasa-reboot-patch-3.spkg is a prerequisite. It is included in the appliance software update bundle. Install it now, if you have not already done so. See Network HSM Appliance BIOS and BMC Firmware Update Patch.

8.Install the update on the Luna Network HSM.

lunash:> package update <filename>.spkg -authcode <code_string>

The installation/update process takes approximately one and a half minutes. A series of messages shows the progress of the update. At the end of this process, a message “Software update completed!” appears.

NOTE   If the package lunasa-reboot-patch-3.spkg is not installed before you begin the Luna Network Appliance 7.7 update, the software update process halts with a message directing you to install the reboot fix.  

9.Reboot the Luna Network HSM appliance.

lunash:> sysconf appliance reboot

NOTE   If you are updating the appliance software from version 7.4.x or older to version 7.7.0 or newer, the appliance reboots automatically.

The latest firmware update package is now stored in reserve on the appliance, waiting to be installed. See Updating the Luna HSM Firmware to install the firmware.