hsm refresh – box replacement planning and replacement overview swift july 2013
TRANSCRIPT
HSM Refresh – box replacementPlanning and replacement overview
SWIFT
July 2013
New box replacement procedure is similar to existing box failure replacement procedure,
and new box is backward compatible
HSM Refresh- planning and replacement overview 2
HSM Refresh- planning and replacement overview
What’s new – IS6 HSM Box
3
Physical characteristics New hardware with enterprise class server-grade components Redundancy for critical components
Contains two hot-swappable power supply units rated at 450W each
Field replaceable cooling fans Standard 1U rack mount chassis Weight is 28lb (12.7kg) New decommission button on back of the box, mainly used in the
unlikely event of returning boxes to factory USB to serial adapter packaged along with the box
New sensor to monitor power supply Visual indicator (led) on back of HSM box and an audio alarm Sensor output accessible via HSM commands or new SNL rls7.0.25
Compatibility New box is backward compatible. It can interoperate with old boxes
and hence, no software upgrade or certificate migration is needed.
HSM Refresh- planning and replacement overview
What’s new – PIN Entry Device (PED)
4
PED used locally with HSM box IS6 HSM uses a new PED with similar physical characteristics as
the old one Old PEDs cannot be used with new HSM boxes New PED is backward compatible. Hence, new PEDs must be used
to operate new and old boxes.
PED used at remote offices New PED can be used locally or remotely. No separate remote PED
anymore. Customers can use PEDs packaged with HSM boxes at remote
office. This can reduce need for ordering additional PEDs for remote office.
New PEDs must be available at remote office before starting any HSM box refresh
HSM Refresh- planning and replacement overview
Deployment prerequisites
5
New devices All new boxes must be onsite and contents checked For remote PED users, new PED must be available at the remote
office. Old PEDs cannot be used with new boxes.
Existing HSM information Existing HSM boxes are running version 5.6.1 or 5.6.4 Password of HSM admin, monitor and operator accounts are available
and verified Keys and PINs for HSM SO/admin, domain and user are available and
verified For remote PED users
o Working remote PED workstationo Current remote PED key (orange key) and its PIN must be
available and verified
Infrastructure readiness Two power sources must be available for each HSM box PC or laptop with serial port within 1.8 metres of the HSM rack
HSM Refresh- planning and replacement overview
HSM box refresh scenarios
6
# Existing setup Future setup Procedure overview
1 Old 2-box cluster New 2-box cluster
1* Old 2-box cluster New 2-box cluster
2 Old 3-box cluster New 3-box cluster
3 Old 4-box cluster New 4-box cluster
4 Stand alone old box Stand alone new box
* For customers who prefer to keep at least 2 boxes in cluster at all times during refresh procedure, new box can be added to cluster before removing old ones. This will require additional network connection.
Click here (1B)
Click here (2B)
Click here (3B)
Click here (4B)
Click here (2B*)
Replacement can be performed in single or multiple downtime windows based on customer preference. Each procedure includes an intermediate checkpoint step which can be used to come out of the downtime window, and continue the
rest in next downtime window.
Replacement can be performed in single or multiple downtime windows based on customer preference. Each procedure includes an intermediate checkpoint step which can be used to come out of the downtime window, and continue the
rest in next downtime window.
HSM Refresh- planning and replacement overview 7
CurrentCurrent IntermediateIntermediate FinalFinal
2-box Cluster : Overview
• Stop all SNLs
• Disconnect & remove old secondary from cluster
• Add new HSM box to existing cluster as secondary, using existing network connection
• Promote new HSM as Primary
• Checkpoint – validate new HSM
• Disconnect & remove old secondary from cluster
• Add new HSM box to existing cluster as secondary, using existing network connection
• Re-register other SNLs
• Start all SNLs
• Verify MMF
• Verify and ensure all prerequisite’s are met.
• Necessary PED keys, their pins and account passwords are available and verified.
HSMbox_1 (P)
HSMbox_2 (S)
SNL_1
SNL_2
SNL_3
HSMbox_1 (P)
SNL_1
SNL_2
SNL_3
1
2
4
5
3
HSMbox_1 (P)
IS6_HSMbox_1 (S)
SNL_1
SNL_36
7
SNL_2
8 9
2-box cluster : Detailed steps (1/3)
1Stop all SNL instances. Manage replacement from SNL_1
2Take backup of HSMbox_1 (for fallback purpose)
3 Disconnect HSMbox_2 from network
4 Remove HSMbox_2 from cluster configuration
5Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2
6Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2
7If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1
8Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only)
9Add IS6_HSMbox_1 to the cluster as a secondary HSM box
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview 8
2-box cluster : Detailed steps (2/3)
10 Promote IS6_HSMbox_1 to primary HSM box
Checkpoint **
Checkpoint - confidence test IS6_HSMbox_1 (optional)
a) Deregister all SNL instances except SNL_1b) Register all SNL instances except SNL_1c) Start all SNL and verify the message flowd) Stop all SNL
11 Disconnect HSMbox_1 from network
12 Remove HSMbox_1 from cluster configuration
13 Reset the cluster compatibility version of IS6_HSMbox_1
14Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSMbox_1
HSMbox_1 (P)
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
IS6_HSMbox_1 (S)
IS6_HSMbox_1 (P)
12
10
11
13
HSMbox_1 (S)
SNL_1
SNL_2
SNL_3
IS6_HSMbox_1 (P)
---------- Checkpoint ----------
14
(P) Primary; (S) Secondary; (SB) StandbyHSM Refresh- planning and replacement overview 9
** In case replacement is planned over multiple downtime windows, break at checkpoint
2-box cluster : Detailed steps (3/3)
15Configure IS6_HSMbox_2 with the same network parameters as HSMbox_1
16Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only)
17 Add IS6_HSMbox_2 to the cluster as a secondary HSM box
18 Deregister all SNL instances except SNL_1
19 Register all SNL instances except SNL_1
20 Start all SNL and verify the message flow
IS6_HSMbox_2 (S)
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
19
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
IS6_HSMbox_1 (P)
15
17
20
16
18
(P) Primary; (S) Secondary; (SB) StandbyHSM Refresh- planning and replacement overview 10
Return to list of scenarios
Go to end of all scenarios
HSM Refresh- planning and replacement overview 11
CurrentCurrent IntermediateIntermediate FinalFinal
2-box Cluster : Overview (using third network connection)
• Stop all SNLs
• Add new HSM box to existing cluster as standby, using a new network connection
• Disconnect & remove old secondary from cluster
• Promote new HSM as Primary
• Checkpoint – validate new HSM
• Add new HSM box to existing cluster as standby, using existing network connection
• Disconnect & remove old secondary from cluster
• Re-register other SNLs
• Start all SNLs
• Verify MMF
• Verify and ensure all prerequisite’s are met.
• Necessary PED keys, their pins and account passwords are available and verified.
HSMbox_1 (P)
HSMbox_2 (S)
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
1
2
4 5
3
SNL_1
SNL_3
6 7
SNL_2
2-box cluster : Detailed steps (1/3)(using third network connection)
1Stop all SNL instances. Manage replacement from SNL_1
2Take backup of HSMbox_1 (for fallback purpose)
3Prepare IS6_HSMbox_1 and connect it to network using a new network connection
4 Configure network parameters of IS6_HSMbox_1
5If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1
6Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only)
7Add IS6_HSMbox_1 to the cluster as a standby HSM box
8 Disconnect HSMbox_2 from network
9 Remove HSMbox_2 from cluster configuration
(P) Primary; (S) Secondary; (SB) Standby
HSMbox_1 (P)
HSMbox_2 (S)
IS6_HSMbox_1
HSMbox_1 (P)
HSMbox_2 (S)
IS6_HSMbox_1 (SB)
HSM Refresh- planning and replacement overview 12
2-box cluster : Detailed steps (2/3)(using third network connection)
8 Disconnect HSMbox_2 from network
9 Remove HSMbox_2 from cluster configuration
10 Promote IS6_HSMbox_1 to primary HSM box
Checkpoint
**
Checkpoint - confidence test IS6_HSMbox_1 (optional)
a) Deregister all SNL instances except SNL_1b) Register all SNL instances except SNL_1c) Start all SNL and verify the message flowd) Stop all SNL
11Prepare IS6_HSMbox_2 and connect it to network using the network cable that was previously connected to HSMbox_2
12Configure IS6_HSMbox_2 with the same network parameters as HSMbox_2
13If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_2 to 5.6.1
14Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only)
15 Add IS6_HSMbox_2 to the cluster as a standby HSM box
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
10
11
SNL_1
SNL_2
SNL_3
---------- Checkpoint ----------
(P) Primary; (S) Secondary; (SB) Standby
HSMbox_1 (P)
IS6_HSMbox_1 (S)
HSMbox_1 (S)
IS6_HSMbox_1 (P)
8 9
HSMbox_1 (S)
IS6_HSMbox_1 (P)
IS6_HSMbox_2
12 13
14 15HSM Refresh- planning and replacement overview 13
** In case replacement is planned over multiple downtime windows, break at checkpoint
2-box cluster : Detailed steps (3/3)(using third network connection)
16 Disconnect HSMbox_1 from network
17 Remove HSMbox_1 from cluster configuration
18Reset the cluster compatibility version of IS6_HSMbox_1 and IS6_HSMbox_2
19 Deregister all SNL instances except SNL_1
20 Register all SNL instances except SNL_1
21 Start all SNL and verify the message flow
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
19
16
18
SNL_1
SNL_2
SNL_3
21
(P) Primary; (S) Secondary; (SB) Standby
HSMbox_1 (S)
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (SB)
17
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
20
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
HSM Refresh- planning and replacement overview 14
Return to list of scenarios
Go to end of all scenarios
HSM Refresh- planning and replacement overview 15
CurrentCurrent IntermediateIntermediate FinalFinal
3-box Cluster : Overview
• Stop all SNLs
• Disconnect & remove old secondary from cluster
• Add new HSM box to existing cluster as standby, using existing network connection
• Promote new HSM as Primary.
• Checkpoint – validate new HSM
• Disconnect & remove old standby from cluster
• Add new HSM box to existing cluster as standby, using existing network connection
• Repeat above 2 steps
• Re-register other SNLs
• Start all SNLs
• Verify MMF
• Verify and ensure all prerequisite’s are met.
• Necessary PED keys, their pins and account passwords are available and verified.
HSMbox_3 (SB)
HSMbox_1 (P)
HSMbox_2 (S)
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
1
2
4
5
3
IS6_HSMbox_1
SNL_1
SNL_36
7
SNL_2
8 9
3-box cluster : Detailed steps (1/4)
1Stop all SNL instances. Manage replacement from SNL_1
2Take backup of HSMbox_1 (for fallback purpose)
3 Disconnect HSMbox_2 from network
4 Remove HSMbox_2 from cluster configuration
5Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2
6Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2
7If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1
8Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only)
9Add IS6_HSMbox_1 to the cluster as a standby HSM box
HSMbox_3 (S)
HSMbox_1 (P)
HSMbox_3 (S)
HSMbox_1 (P)
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview 16
3-box cluster : Detailed steps (2/4)
10 Promote IS6_HSMbox_1 to primary HSM box
Checkpoint **
Checkpoint - confidence test IS6_HSMbox_1 (optional)
a) Deregister all SNL instances except SNL_1b) Register all SNL instances except SNL_1c) Start all SNL and verify the message flowd) Stop all SNL
11 Disconnect HSMbox_1 from network
12 Remove HSMbox_1 from cluster configuration
13Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSMbox_1
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
12
10
11
13
SNL_1
SNL_2
SNL_3
---------- Checkpoint ----------
IS6_HSMbox_1 (SB)
HSMbox_3 (S)
HSMbox_1 (P)
IS6_HSMbox_1 (P)
HSMbox_3 (S)
HSMbox_1 (SB)
IS6_HSMbox_1 (P)
HSMbox_3 (S)
(P) Primary; (S) Secondary; (SB) StandbyHSM Refresh- planning and replacement overview 17
** In case replacement is planned over multiple downtime windows, break at checkpoint
IS6_HSMbox_2 (SB)
3-box cluster : Detailed steps (3/4)
14Configure IS6_HSMbox_2 with the same network parameters as HSMbox_1
15If HSMbox_3 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_2 to 5.6.1
16Initialize IS6_HSMbox_2 with the Remote PED Secret(For remote PED only)
17 Add IS6_HSMbox_2 to the cluster as a standby HSM box
18 Disconnect HSMbox_3 from network
19 Remove HSMbox_3 from cluster configuration
20Reset the cluster compatibility version of IS6_HSMbox_1 and IS6_HSMbox_2
21Prepare IS6_HSMbox_3 and connect it to network, using the network cable that was previously connected to HSMbox_3
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
IS6_HSMbox_1 (P)
HSMbox_3 (S)
IS6_HSMbox_2
19
15 17
20
16
18
14
IS6_HSMbox_1 (P)
HSMbox_3 (S)
21
(P) Primary; (S) Secondary; (SB) StandbyHSM Refresh- planning and replacement overview 18
IS6_HSMbox_3 (SB)
3-box cluster : Detailed steps (4/4)
22Configure IS6_HSMbox_3 with the same network parameters as HSMbox_3
23Initialize IS6_HSMbox_3 with the Remote PED Secret (For remote PED only)
24 Add IS6_HSMbox_3 to the cluster as a standby HSM box
25 Deregister all SNL instances except SNL_1
26 Register all SNL instances except SNL_1
27 Start all SNL and verify the message flow
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
26
22
24
27
23
25
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
IS6_HSMbox_3
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
IS6_HSMbox_3 (SB)
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
(P) Primary; (S) Secondary; (SB) StandbyHSM Refresh- planning and replacement overview 19
Return to list of scenarios
Go to end of all scenarios
HSM Refresh- planning and replacement overview 20
CurrentCurrent IntermediateIntermediate FinalFinal
4-box Cluster : Overview
• Stop all SNLs
• Disconnect & remove old secondary from cluster
• Add new HSM box to existing cluster as standby, using existing network connection
• Promote new HSM as Primary.
• Checkpoint – validate new HSM
• Disconnect & remove old standby from cluster
• Add new HSM box to existing cluster as standby, using existing network connection
• Repeat above 2 steps for remaining boxes
• Re-register other SNLs
• Start all SNLs
• Verify MMF
• Verify and ensure all prerequisite’s are met.
• Necessary PED keys, their pins and account passwords are available and verified.
HSMbox_4 (SB)
HSMbox_3 (SB)
HSMbox_1 (P)
HSMbox_2 (S)
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
1
2
4
5
3
IS6_HSMbox_1
SNL_1
SNL_3
6
7
SNL_2
8 9
4-box cluster : Detailed steps (1/5)
1Stop all SNL instances. Manage replacement from SNL_1
2Take backup of HSMbox_1 (for fallback purpose)
3 Disconnect HSMbox_2 from network
4 Remove HSMbox_2 from cluster configuration
5Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2
6Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2
7If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1
8Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only)
9Add IS6_HSMbox_1 to the cluster as a standby HSM box
HSMbox_4 (SB)
HSMbox_3 (S)
HSMbox_1 (P)
HSMbox_4 (SB)
HSMbox_3 (S)
HSMbox_1 (P)
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview 21
4-box cluster : Detailed steps (2/5)
10 Promote IS6_HSMbox_1 to primary HSM box
Checkpoint **
Checkpoint - confidence test IS6_HSMbox_1 (optional)
a) Deregister all SNL instances except SNL_1b) Register all SNL instances except SNL_1c) Start all SNL and verify the message flowd) Stop all SNL
11 Disconnect HSMbox_1 from network
12 Remove HSMbox_1 from cluster configuration
13Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSMbox_1
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
12
10
11
13
SNL_1
SNL_2
SNL_3
---------- Checkpoint ----------
IS6_HSMbox_1 (SB)
HSMbox_4 (SB)
HSMbox_3 (S)
HSMbox_1 (P)
IS6_HSMbox_1 (P)
HSMbox_4 (SB)
HSMbox_3 (S)
HSMbox_1 (SB)
IS6_HSMbox_1 (P)
HSMbox_4 (SB)
HSMbox_3 (S)
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview 22
** In case replacement is planned over multiple downtime windows, break at checkpoint
4-box cluster : Detailed steps (3/5)
14Configure IS6_HSMbox_2 with the same network parameters as HSMbox_1
15If HSMbox_3 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_2 to 5.6.1
16Initialize IS6_HSMbox_2 with the Remote PED Secret(For remote PED only)
17 Add IS6_HSMbox_2 to the cluster as a standby HSM box
18 Disconnect HSMbox_3 from network
19 Remove HSMbox_3 from cluster configuration
20Prepare IS6_HSMbox_3 and connect it to network, using the network cable that was previously connected to HSMbox_3
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
19
15 17
20
16
18
14
IS6_HSMbox_1 (P)
HSMbox_4 (SB)
HSMbox_3 (S)
IS6_HSMbox_2
IS6_HSMbox_1 (P)
HSMbox_4 (SB)
HSMbox_3 (S)
IS6_HSMbox_2 (SB)
IS6_HSMbox_1 (P)
HSMbox_4 (S)
IS6_HSMbox_2 (SB)
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview 23
4-box cluster : Detailed steps (4/5)
21Configure IS6_HSMbox_3 with the same network parameters as HSMbox_3
22If HSMbox_4 s on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_3 to 5.6.1
23Initialize IS6_HSMbox_3 with the Remote PED Secret(For remote PED only)
24 Add IS6_HSMbox_3 to the cluster as a standby HSM box
25 Disconnect HSMbox_4 from network
26 Remove HSMbox_4 from cluster configuration
27Reset the cluster compatibility version of IS6_HSMbox_1, IS6_HSMbox_2 and IS6_HSMbox_3
28Prepare IS6_HSMbox_4 and connect it to network, using the network cable that was previously connected to HSMbox_4
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
26
22 24
28
23
25
21 IS6_HSMbox_3
IS6_HSMbox_1 (P)
HSMbox_4 (S)
IS6_HSMbox_3 (SB)
IS6_HSMbox_1 (P)
IS6_HSMbox_3 (SB)
IS6_HSMbox_1 (P)
HSMbox_4 (S)
IS6_HSMbox_2 (SB)
IS6_HSMbox_2 (SB)
27
IS6_HSMbox_2 (S)
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview 24
4-box cluster : Detailed steps (5/5)
29Configure IS6_HSMbox_4 with the same network parameters as HSMbox_4
30Initialize IS6_HSMbox_4 with the Remote PED Secret (For remote PED only)
31 Add IS6_HSMbox_4 to the cluster as a standby HSM box
32 Deregister all SNL instances except SNL_1
33 Register all SNL instances except SNL_1
34 Start all SNL and verify the message flow
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
33
29
31
34
30
32
IS6_HSMbox_1 (P)
IS6_HSMbox_3 (SB)
IS6_HSMbox_2 (S)
IS6_HSMbox_4
IS6_HSMbox_1 (P)
IS6_HSMbox_3 (SB)
IS6_HSMbox_2 (S)
IS6_HSMbox_4 (SB)
IS6_HSMbox_1 (P)
IS6_HSMbox_3 (SB)
IS6_HSMbox_2 (S)
IS6_HSMbox_4 (SB)
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview 25
Return to list of scenarios
Go to end of all scenarios
HSM Refresh- planning and replacement overview 26
CurrentCurrent IntermediateIntermediate FinalFinal
1-box Cluster : Overview
• Stop all SNLs
• Backup old box
• Disconnect old box from network
• Configure new HSM box as stand-alone HSM box, using existing network connection
• Restore backup
• Register all SNLs
• Start all SNLs
• Verify MMF
• Verify and ensure all prerequisite’s are met.
• Necessary PED keys, their pins and account passwords are available and verified.
HSMbox_1 (P)
SNL_1
SNL_2
SNL_3
1
2
4
5
3
IS6_HSMbox_1 (P)
6
7 8
1-box cluster : Detailed steps (1/2)
1 Deregister all SNL instances.
2 Take backup of HSMbox_1
3 Disconnect HSMbox_1 from network
4Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_1
5Configure IS6_HSMbox_1 with the same network parameters as HSMbox_1
6If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1
7Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only)
8 Configure IS6_HSMbox_1 as stand-alone HSM box
(P) Primary; (S) Secondary; (SB) Standby
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
HSM Refresh- planning and replacement overview 27
1-box cluster : Detailed steps (2/2)
9 Restore HSM backup on IS6_HSMbox_1
10 Reset the cluster compatibility version of IS6_HSMbox_1
11 Register all SNL instances
12 Start all SNL and verify the message flow
12
IS6_HSMbox_1 (P)
10
11
SNL_1
SNL_2
SNL_3
SNL_1
SNL_2
SNL_3
IS6_HSMbox_1 (P)
9
(P) Primary; (S) Secondary; (SB) StandbyHSM Refresh- planning and replacement overview 28
Return to list of scenarios
Go to end of all scenarios
Thank you
29HSM Refresh- planning and replacement overview
Backup
HSM Refresh- planning and replacement overview 30
HSM Refresh- planning and replacement overview
Budgeting for box replacement
31
Build inventory of HSM boxes (and remote PEDs) to be replaced Include all environments with HSM boxes, like development, test, production & DR Include all spare boxes Identify location and tier of each box Verify against entitlement information provided by SWIFT
Budget for box replacement HSM box fees
Subsidized one-time fees per box & recurring annual fees Refer to pricing and subsidy email from SWIFT or contact your SWIFT contact Deployment effort
Project planning Sanity testing of new boxes & deployment preparation Installation and verification Use of external resources or consultants Tip: Procedure is similar to failure replacement
Other costs Additional power source Decommission and destroy old boxes Incorporate best practices into operational procedures Attend training, e.g. new web class “Operating your HSM”
HSM Refresh- planning and replacement overview
Replacement approach – key points
32
Recommend customers to configure and use each new HSM box in their test environment as confidence test, before adding them to their production environment. This can help detect hardware or software problems before production deployment.
HSM boxes must be deployed in production environment during customer’s downtime window. This will avoid SPOF situation during business operations.
To avoid network changes in the production environment, new HSM boxes will re-use the network connections and IP addresses of the current HSM boxes. This will avoid the need for new network cables, IP addresses, routing rules, firewall/router updates etc.