Updating the Appliance Software Image

Thales provides secure update packages on the Customer Support Portal that allow the appliance administrator to update the appliance software image on your ProtectServer Network HSM and take advantage of new PSESH functionality. If you are updating the appliance software from version 5.6.0 or earlier, you must first install the secure package update patch, also available from the Support Portal.

>Installing the Secure Update Package Patch

>Updating the Appliance Software

Installing the Secure Update Package Patch

The following procedure allows you to install the secure package update patch on your ProtectServer Network HSM appliance running appliance software 5.2.0 to 5.6.0. The procedure is different depending on your appliance's current software version. You only need to apply the patch once; future updates require Updating the Appliance Software only.

Prerequisites

>Download the patch (SPKG-0.1-1.i386.rpm) from the Thales Customer Support Portal (see Support Contacts).

>If you are installing the patch on a ProtectServer Network HSM running software version 5.2.0 or 5.3.0, ensure that you have root access.

>If you are installing the patch on a ProtectServer Network HSM running software version 5.4.0 or 5.6.0, ensure that you have admin access.

>If you are running appliance software version 5.7.0, you do not need to apply this patch. Continue to Updating the Appliance Software.

To install the secure package update patch on a ProtectServer Network HSM with appliance software 5.2.0 or 5.3.0

1.Use scp (Linux/UNIX) or pscp (Windows) to securely transfer the patch file to the appliance filesystem. Enter the root password when prompted.

pscp <filepath>\SPKG-0.1-1.i386.rpm root@<appliance_hostname/IP>:

scp <filepath>/SPKG-0.1-1.i386.rpm root@<appliance_hostname/IP>:

2.Connect to the appliance using a monitor and keyboard, serial connection, or SSH, and log in as root.

3.Update the RPM package.

# rpm -Uvh "SPKG-0.1-1.i386.rpm"

4.Log out as root.

To install the secure package update patch on a ProtectServer Network HSM with appliance software 5.4.0 or 5.6.0

1.Use scp (Linux/UNIX) or pscp (Windows) to securely transfer the patch file to the appliance filesystem. Enter the admin password when prompted.

pscp <filepath>\SPKG-0.1-1.i386.rpm admin@<appliance_hostname/IP>:

scp <filepath>/SPKG-0.1-1.i386.rpm admin@<appliance_hostname/IP>:

2.Connect to the appliance using a monitor and keyboard, serial connection, or SSH, and log in as admin.

3.[Optional] Confirm that the package is available by listing all packages on the appliance.

psesh:>package list all

4.Install the secure package update patch.

psesh:>package update –file SPKG-0.1-1.i386.rpm

5.Exit PSESH.

psesh:>exit

Updating the Appliance Software

The following procedure allows you to update the software image on your ProtectServer Network HSM appliance using a secure package.

Prerequisites

>Download the secure package file from the Thales Customer Support Portal (see Support Contacts).

>You must have admin access to the appliance.

>If the Admin Token is initialized, you require the Admin Token PIN.

To update the appliance software

1.Use scp (Linux/UNIX) or pscp (Windows) to securely transfer the secure package file to the appliance filesystem. Enter the admin password when prompted.

pscp <filepath>\<filename> admin@<appliance_hostname/IP>:

scp <filepath>/<filename> admin@<appliance_hostname/IP>:

2.Connect to the appliance using a monitor and keyboard, serial connection, or SSH, and log in as admin.

3.[Optional] Confirm that the package is available to install.

psesh:>package listfile

4.Install the secure package, specifying the package filename and the authorization code. If the HSM is initialized, enter the Admin Token PIN when prompted.

psesh:>package install –spkgfile <filename> –authcode <authcode>

5.Reboot the appliance to complete the update.

psesh:>sysconf appliance reboot