330 likes | 735 Views
HSM Refresh – box replacement. Planning and replacement overview. SWIFT July 2013. New box r eplacement procedure is similar to existing box failure replacement procedure , and new box is backward compatible. What’s new – IS6 HSM Box. Physical characteristics
E N D
HSM Refresh – box replacement Planning and replacement overview SWIFT July 2013
New box replacement procedure is similar to existing box failure replacement procedure, and new box is backward compatible HSM Refresh- planning and replacement overview
What’s new – IS6 HSM Box • Physical characteristics • New hardware with enterprise class server-grade components • Redundancy for critical components • Contains two hot-swappable power supply units rated at 450W each • Field replaceable cooling fans • Standard 1U rack mount chassis • Weight is 28lb (12.7kg) • New decommission button on back of the box, mainly used in the unlikely event of returning boxes to factory • USB to serial adapter packaged along with the box • New sensor to monitor power supply • Visual indicator (led) on back of HSM box and an audio alarm • Sensor output accessible via HSM commands or new SNL rls7.0.25 • Compatibility • New box is backward compatible. It can interoperate with old boxes and hence, no software upgrade or certificate migration is needed. HSM Refresh- planning and replacement overview
What’s new – PIN Entry Device (PED) • PED used locally with HSM box • IS6 HSM uses a new PED with similar physical characteristics as the old one • Old PEDs cannot be used with new HSM boxes • New PED is backward compatible. Hence, new PEDs must be used to operate new and old boxes. • PED used at remote offices • New PED can be used locally or remotely. No separate remote PED anymore. • Customers can use PEDs packaged with HSM boxes at remote office. This can reduce need for ordering additional PEDs for remote office. • New PEDs must be available at remote office before starting any HSM box refresh HSM Refresh- planning and replacement overview
Deployment prerequisites • New devices • All new boxes must be onsite and contents checked • For remote PED users, new PED must be available at the remote office. Old PEDs cannot be used with new boxes. • Existing HSM information • Existing HSM boxes are running version 5.6.1 or 5.6.4 • Password of HSM admin, monitor and operator accounts are available and verified • Keys and PINs for HSM SO/admin, domain and user are available and verified • For remote PED users • Working remote PED workstation • Current remote PED key (orange key) and its PIN must be available and verified • Infrastructure readiness • Two power sources must be available for each HSM box • PC or laptop with serial port within 1.8 metres of the HSM rack HSM Refresh- planning and replacement overview
HSM box refresh scenarios Click here (2B) Click here (2B*) Click here (3B) Click here (4B) Click here (1B) * For customers who prefer to keep at least 2 boxes in cluster at all times during refresh procedure, new box can be added to cluster before removing old ones. This will require additional network connection. Replacement can be performed in single or multiple downtime windows based on customer preference. Each procedure includes an intermediate checkpoint step which can be used to come out of the downtime window, and continue the rest in next downtime window. HSM Refresh- planning and replacement overview
2-box Cluster : Overview Current Intermediate Final • Verify and ensure all prerequisite’s are met. • Necessary PED keys, their pins and account passwords are available and verified. • Disconnect & remove old secondary from cluster • Add new HSM box to existing cluster as secondary, using existing network connection • Re-register other SNLs • Start all SNLs • Verify MMF • Stop all SNLs • Disconnect & remove old secondary from cluster • Add new HSM box to existing cluster as secondary, using existing network connection • Promote new HSM as Primary • Checkpoint – validate new HSM HSM Refresh- planning and replacement overview
2-box cluster : Detailed steps (1/3) 1 SNL_1 2 HSMbox_1 (P) SNL_2 HSMbox_2 (S) SNL_3 3 4 SNL_1 HSMbox_1 (P) SNL_2 SNL_3 5 SNL_1 HSMbox_1 (P) SNL_2 6 IS6_HSMbox_1 (S) SNL_3 7 8 9 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
2-box cluster : Detailed steps (2/3) SNL_1 HSMbox_1 (P) SNL_2 IS6_HSMbox_1 (S) SNL_3 10 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_1 (S) SNL_3 ---------- Checkpoint ---------- 12 11 SNL_1 IS6_HSMbox_1 (P) 13 SNL_2 SNL_3 14 ** In case replacement is planned over multiple downtime windows, break at checkpoint (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview
2-box cluster : Detailed steps (3/3) SNL_1 IS6_HSMbox_1 (P) SNL_2 15 IS6_HSMbox_2 (S) SNL_3 16 17 SNL_1 IS6_HSMbox_1 (P) SNL_2 IS6_HSMbox_2 (S) SNL_3 19 18 SNL_1 IS6_HSMbox_1 (P) SNL_2 IS6_HSMbox_2 (S) Return to list of scenarios Go to end of all scenarios SNL_3 20 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview
2-box Cluster : Overview (using third network connection) Current Intermediate Final • Verify and ensure all prerequisite’s are met. • Necessary PED keys, their pins and account passwords are available and verified. • Add new HSM box to existing cluster as standby, using existing network connection • Disconnect & remove old secondary from cluster • Re-register other SNLs • Start all SNLs • Verify MMF • Stop all SNLs • Add new HSM box to existing cluster as standby, using a new network connection • Disconnect & remove old secondary from cluster • Promote new HSM as Primary • Checkpoint – validate new HSM HSM Refresh- planning and replacement overview
2-box cluster : Detailed steps (1/3)(using third network connection) 1 SNL_1 2 HSMbox_1 (P) SNL_2 HSMbox_2 (S) SNL_3 3 SNL_1 HSMbox_1 (P) HSMbox_2 (S) SNL_2 IS6_HSMbox_1 SNL_3 7 4 5 6 SNL_1 HSMbox_1 (P) SNL_2 HSMbox_2 (S) IS6_HSMbox_1 (SB) SNL_3 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
2-box cluster : Detailed steps (2/3)(using third network connection) 8 9 SNL_1 HSMbox_1 (P) SNL_2 IS6_HSMbox_1 (S) SNL_3 10 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_1 (S) SNL_3 ---------- Checkpoint ---------- 11 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_1 (S) SNL_3 IS6_HSMbox_2 13 12 ** In case replacement is planned over multiple downtime windows, break at checkpoint 14 15 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
2-box cluster : Detailed steps (3/3)(using third network connection) SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_1 (S) SNL_3 IS6_HSMbox_2 (SB) 16 17 SNL_1 IS6_HSMbox_1 (P) SNL_2 18 IS6_HSMbox_2 (S) SNL_3 19 20 SNL_1 IS6_HSMbox_1 (P) SNL_2 IS6_HSMbox_2 (S) SNL_3 Return to list of scenarios Go to end of all scenarios 21 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview
3-box Cluster : Overview Current Intermediate Final • Verify and ensure all prerequisite’s are met. • Necessary PED keys, their pins and account passwords are available and verified. • Disconnect & remove old standby from cluster • Add new HSM box to existing cluster as standby, using existing network connection • Repeat above 2 steps • Re-register other SNLs • Start all SNLs • Verify MMF • Stop all SNLs • Disconnect & remove old secondary from cluster • Add new HSM box to existing cluster as standby, using existing network connection • Promote new HSM as Primary. • Checkpoint – validate new HSM HSM Refresh- planning and replacement overview
3-box cluster : Detailed steps (1/4) 1 SNL_1 HSMbox_1 (P) 2 SNL_2 HSMbox_2 (S) SNL_3 HSMbox_3 (SB) 3 4 SNL_1 HSMbox_1 (P) SNL_2 HSMbox_3 (S) SNL_3 5 SNL_1 HSMbox_1 (P) SNL_2 HSMbox_3 (S) 6 SNL_3 IS6_HSMbox_1 7 8 9 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
3-box cluster : Detailed steps (2/4) SNL_1 HSMbox_1 (P) HSMbox_3 (S) SNL_2 IS6_HSMbox_1 (SB) SNL_3 10 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_3 (S) HSMbox_1 (SB) SNL_3 ---------- Checkpoint ---------- 12 11 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_3 (S) SNL_3 ** In case replacement is planned over multiple downtime windows, break at checkpoint 13 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview
3-box cluster : Detailed steps (3/4) SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_3 (S) SNL_3 14 IS6_HSMbox_2 15 16 17 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_3 (S) SNL_3 IS6_HSMbox_2 (SB) 18 19 SNL_1 IS6_HSMbox_1 (P) SNL_2 IS6_HSMbox_2 (S) 20 SNL_3 21 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview
3-box cluster : Detailed steps (4/4) SNL_1 IS6_HSMbox_1 (P) SNL_2 IS6_HSMbox_2 (S) IS6_HSMbox_3 SNL_3 22 23 24 SNL_1 IS6_HSMbox_1 (P) IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_3 (SB) SNL_3 26 25 SNL_1 IS6_HSMbox_1 (P) IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_3 (SB) Return to list of scenarios Go to end of all scenarios SNL_3 27 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview
4-box Cluster : Overview Current Intermediate Final • Verify and ensure all prerequisite’s are met. • Necessary PED keys, their pins and account passwords are available and verified. • Disconnect & remove old standby from cluster • Add new HSM box to existing cluster as standby, using existing network connection • Repeat above 2 steps for remaining boxes • Re-register other SNLs • Start all SNLs • Verify MMF • Stop all SNLs • Disconnect & remove old secondary from cluster • Add new HSM box to existing cluster as standby, using existing network connection • Promote new HSM as Primary. • Checkpoint – validate new HSM HSM Refresh- planning and replacement overview
4-box cluster : Detailed steps (1/5) 1 HSMbox_1 (P) SNL_1 2 HSMbox_2 (S) SNL_2 HSMbox_3 (SB) SNL_3 HSMbox_4 (SB) 3 4 HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 5 HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 6 IS6_HSMbox_1 7 8 9 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
4-box cluster : Detailed steps (2/5) HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 IS6_HSMbox_1 (SB) 10 IS6_HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 HSMbox_1 (SB) ---------- Checkpoint ---------- 12 11 SNL_1 IS6_HSMbox_1 (P) HSMbox_3 (S) SNL_2 HSMbox_4 (SB) ** In case replacement is planned over multiple downtime windows, break at checkpoint SNL_3 13 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
4-box cluster : Detailed steps (3/5) IS6_HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 14 IS6_HSMbox_2 15 16 17 IS6_HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 IS6_HSMbox_2 (SB) 18 19 SNL_1 IS6_HSMbox_1 (P) HSMbox_4 (S) SNL_2 IS6_HSMbox_2 (SB) SNL_3 20 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
4-box cluster : Detailed steps (4/5) IS6_HSMbox_1 (P) SNL_1 HSMbox_4 (S) SNL_2 IS6_HSMbox_2 (SB) SNL_3 21 IS6_HSMbox_3 22 23 24 IS6_HSMbox_1 (P) SNL_1 HSMbox_4 (S) SNL_2 IS6_HSMbox_2 (SB) SNL_3 IS6_HSMbox_3 (SB) 25 26 SNL_1 IS6_HSMbox_1 (P) IS6_HSMbox_2 (S) SNL_2 27 IS6_HSMbox_3 (SB) SNL_3 28 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
4-box cluster : Detailed steps (5/5) IS6_HSMbox_1 (P) SNL_1 IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_3 (SB) SNL_3 IS6_HSMbox_4 29 30 31 SNL_1 IS6_HSMbox_1 (P) IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_3 (SB) SNL_3 IS6_HSMbox_4 (SB) 33 32 IS6_HSMbox_1 (P) SNL_1 IS6_HSMbox_2 (S) SNL_2 Return to list of scenarios Go to end of all scenarios IS6_HSMbox_3 (SB) SNL_3 IS6_HSMbox_4 (SB) 34 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
1-box Cluster : Overview Current Intermediate Final • Verify and ensure all prerequisite’s are met. • Necessary PED keys, their pins and account passwords are available and verified. • Configure new HSM box as stand-alone HSM box, using existing network connection • Restore backup • Register all SNLs • Start all SNLs • Verify MMF • Stop all SNLs • Backup old box • Disconnect old box from network HSM Refresh- planning and replacement overview
1-box cluster : Detailed steps (1/2) 1 SNL_1 SNL_2 HSMbox_1 (P) SNL_3 3 2 SNL_1 SNL_2 SNL_3 4 SNL_1 SNL_2 IS6_HSMbox_1 (P) SNL_3 6 5 7 8 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby
1-box cluster : Detailed steps (2/2) 9 10 SNL_1 SNL_2 IS6_HSMbox_1 (P) SNL_3 11 SNL_1 IS6_HSMbox_1 (P) SNL_2 SNL_3 12 Return to list of scenarios Go to end of all scenarios (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview
Thank you HSM Refresh- planning and replacement overview
Backup HSM Refresh- planning and replacement overview
Budgeting for box replacement • Build inventory of HSM boxes (and remote PEDs) to be replaced • Include all environments with HSM boxes, like development, test, production & DR • Include all spare boxes • Identify location and tier of each box • Verify against entitlement information provided by SWIFT • Budget for box replacement • HSM box fees • Subsidized one-time fees per box & recurring annual fees • Refer to pricing and subsidy email from SWIFT or contact your SWIFT contact • Deployment effort • Project planning • Sanity testing of new boxes & deployment preparation • Installation and verification • Use of external resources or consultants • Tip: Procedure is similar to failure replacement • Other costs • Additional power source • Decommission and destroy old boxes • Incorporate best practices into operational procedures • Attend training, e.g. new web class “Operating your HSM” HSM Refresh- planning and replacement overview
Replacement approach – key points • Recommend customers to configure and use each new HSM box in their test environment as confidence test, before adding them to their production environment. This can help detect hardware or software problems before production deployment. • HSM boxes must be deployed in production environment during customer’s downtime window. This will avoid SPOF situation during business operations. • To avoid network changes in the production environment, new HSM boxes will re-use the network connections and IP addresses of the current HSM boxes. This will avoid the need for new network cables, IP addresses, routing rules, firewall/router updates etc. HSM Refresh- planning and replacement overview