Updating the ProtectServer 3 External appliance software image
Thales provides secure update packages on the Customer Support Portal that allow the appliance administrator to update the appliance software image on your ProtectServer 3 External and take advantage of new PSESH functionality.
The following procedure allows you to update the software image on your ProtectServer 3 External appliance using a secure package.
Prerequisites
-
Download the secure package file from the Thales Customer Support Portal. Refer to Support contacts.
Note
If you are updating the appliance software from ProtectServer 3 Network HSM Appliance Software 7.0.0 to ProtectServer 3 Network HSM Appliance Software 7.2.0 or newer, you must first download and install the secure package update for ProtectServer 3 Network HSM Appliance Software 7.1.0.
-
You must have admin access to the appliance.
-
Initialize the Admin token of the HSM. For more information about initializing this token, refer to ctconf.
To update the appliance software
-
Use scp (Linux/Unix) or pscp (Windows) to securely transfer the secure package file to the appliance filesystem. Enter the admin password when prompted.
pscp -scp <filepath>\<filename> admin@<appliance_hostname/IP>:<filename> scp <filepath>/<filename> admin@<appliance_hostname/IP>:<filename>
-
Connect to the appliance using a monitor and keyboard, serial connection, or SSH, and log on as admin.
-
(Optional) Confirm that the package is available to install with the following command:
psesh:>package listfile
-
Install the secure package, specifying the package filename and the authorization code. If the HSM is initialized, enter the Admin Token PIN when prompted.
psesh:>package install -spkgfile <filename> -authcode <authcode>
Caution
Do not interrupt the installation process. If the installation is interrupted, the HSM may be rendered unusable.
Note
The secure package supplied with ProtectToolkit 7.1.0 may take several minutes to finish installing. Installation times vary depending on which ProtectServer 3 HSM performance level variant is used.
-
Restart the appliance to complete the update.
psesh:>sysconf appliance reboot