HSM Refresh - Society for Worldwide Interbank Financial

Download Report

Transcript HSM Refresh - Society for Worldwide Interbank Financial 

HSM Refresh – box replacement
Planning and replacement overview
SWIFT
July 2013
New box replacement procedure is
similar to existing box failure replacement procedure,
and new box is backward compatible
HSM Refresh- planning and replacement overview
2
What’s new – IS6 HSM Box
 Physical characteristics
 New hardware with enterprise class server-grade components
 Redundancy for critical components
 Contains two hot-swappable power supply units rated at 450W
each
 Field replaceable cooling fans
 Standard 1U rack mount chassis
 Weight is 28lb (12.7kg)
 New decommission button on back of the box, mainly used in the
unlikely event of returning boxes to factory
 USB to serial adapter packaged along with the box
 New sensor to monitor power supply
 Visual indicator (led) on back of HSM box and an audio alarm
 Sensor output accessible via HSM commands or new SNL rls7.0.25
 Compatibility
 New box is backward compatible. It can interoperate with old boxes
and hence, no software upgrade or certificate migration is needed.
HSM Refresh- planning and replacement overview
3
What’s new – PIN Entry Device (PED)
 PED used locally with HSM box
 IS6 HSM uses a new PED with similar physical characteristics as
the old one
 Old PEDs cannot be used with new HSM boxes
 New PED is backward compatible. Hence, new PEDs must be used
to operate new and old boxes.
 PED used at remote offices
 New PED can be used locally or remotely. No separate remote PED
anymore.
 Customers can use PEDs packaged with HSM boxes at remote
office. This can reduce need for ordering additional PEDs for remote
office.
 New PEDs must be available at remote office before starting any
HSM box refresh
HSM Refresh- planning and replacement overview
4
Deployment prerequisites
 New devices
 All new boxes must be onsite and contents checked
 For remote PED users, new PED must be available at the remote
office. Old PEDs cannot be used with new boxes.
 Existing HSM information
 Existing HSM boxes are running version 5.6.1 or 5.6.4
 Password of HSM admin, monitor and operator accounts are available
and verified
 Keys and PINs for HSM SO/admin, domain and user are available and
verified
 For remote PED users
o Working remote PED workstation
o Current remote PED key (orange key) and its PIN must be
available and verified
 Infrastructure readiness
 Two power sources must be available for each HSM box
 PC or laptop with serial port within 1.8 metres of the HSM rack
HSM Refresh- planning and replacement overview
5
HSM box refresh scenarios
#
Existing setup
Future setup
1
Old 2-box cluster
New 2-box cluster
1*
Old 2-box cluster
New 2-box cluster
2
Old 3-box cluster
New 3-box cluster
3
Old 4-box cluster
New 4-box cluster
4
Stand alone old box
Stand alone new box
Procedure overview
Click here (2B)
Click here (2B*)
Click here (3B)
Click here (4B)
Click here (1B)
* For customers who prefer to keep at least 2 boxes in cluster at all times during refresh procedure, new box can be
added to cluster before removing old ones. This will require additional network connection.
Replacement can be performed in single or multiple downtime windows based on customer preference.
Each procedure includes an intermediate checkpoint step which can be used to come out of the downtime window, and
continue the rest in next downtime window.
HSM Refresh- planning and replacement overview
6
2-box Cluster : Overview
Current
• Verify and ensure all
prerequisite’s are met.
• Necessary PED keys, their
pins and account passwords
are available and verified.
Intermediate
• Stop all SNLs
• Disconnect & remove old
secondary from cluster
• Add new HSM box to existing
cluster as secondary, using
existing network connection
Final
• Disconnect & remove old
secondary from cluster
• Add new HSM box to existing
cluster as secondary, using
existing network connection
• Re-register other SNLs
• Promote new HSM as Primary
• Start all SNLs
• Checkpoint – validate new HSM
• Verify MMF
HSM Refresh- planning and replacement overview
7
2-box cluster : Detailed steps (1/3)
1
1
2
Stop all SNL instances.
Manage replacement from SNL_1
SNL_1
2
HSMbox_1 (P)
SNL_2
Take backup of HSMbox_1
(for fallback purpose)
HSMbox_2 (S)
SNL_3
3
Disconnect HSMbox_2 from network
3
4
4
Remove HSMbox_2 from cluster configuration
SNL_1
5
Prepare IS6_HSMbox_1 and connect it to network, using
the network cable that was previously connected to
HSMbox_2
6
Configure IS6_HSMbox_1 with the same network
parameters as HSMbox_2
7
If HSMbox_1 is on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_1 to 5.6.1
HSMbox_1 (P)
SNL_2
SNL_3
5
SNL_1
8
9
Initialize IS6_HSMbox_1 with the Remote PED Secret
(For remote PED only)
Add IS6_HSMbox_1 to the cluster as a secondary HSM
box
HSMbox_1 (P)
SNL_2
6
IS6_HSMbox_1 (S)
SNL_3
7
8
9
HSM Refresh- planning and replacement overview
8
(P) Primary; (S) Secondary; (SB) Standby
2-box cluster : Detailed steps (2/3)
SNL_1
HSMbox_1 (P)
10
SNL_2
Promote IS6_HSMbox_1 to primary HSM box
IS6_HSMbox_1 (S)
Checkpoint - confidence test IS6_HSMbox_1 (optional)
Check
point **
11
a) Deregister all SNL instances except SNL_1
b) Register all SNL instances except SNL_1
c) Start all SNL and verify the message flow
d) Stop all SNL
10
SNL_1
IS6_HSMbox_1 (P)
Disconnect HSMbox_1 from network
SNL_2
HSMbox_1 (S)
12
SNL_3
Remove HSMbox_1 from cluster configuration
SNL_3
---------- Checkpoint ----------
13
Reset the cluster compatibility version of IS6_HSMbox_1
14
Prepare IS6_HSMbox_2 and connect it to network, using the
network cable that was previously connected to HSMbox_1
11
12
SNL_1
IS6_HSMbox_1 (P)
SNL_2
13
14
SNL_3
** In case replacement is planned over multiple downtime windows, break at checkpoint
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview
9
2-box cluster : Detailed steps (3/3)
SNL_1
IS6_HSMbox_1 (P)
SNL_2
15
16
Configure IS6_HSMbox_2 with the same network
parameters as HSMbox_1
Initialize IS6_HSMbox_2 with the Remote PED Secret
(For remote PED only)
17
Add IS6_HSMbox_2 to the cluster as a secondary HSM box
18
Deregister all SNL instances except SNL_1
15
IS6_HSMbox_2 (S)
SNL_3
16
17
SNL_1
IS6_HSMbox_1 (P)
SNL_2
IS6_HSMbox_2 (S)
19
Register all SNL instances except SNL_1
20
Start all SNL and verify the message flow
18
SNL_3
19
SNL_1
IS6_HSMbox_1 (P)
SNL_2
Return to list of
scenarios
Go to end of
all scenarios
IS6_HSMbox_2 (S)
SNL_3
20
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview
10
2-box Cluster : Overview
(using third network connection)
Current
• Verify and ensure all
prerequisite’s are met.
• Necessary PED keys, their
pins and account passwords
are available and verified.
Intermediate
• Stop all SNLs
• Add new HSM box to existing
cluster as standby, using a new
network connection
• Disconnect & remove old
secondary from cluster
Final
• Add new HSM box to existing
cluster as standby, using
existing network connection
• Disconnect & remove old
secondary from cluster
• Re-register other SNLs
• Promote new HSM as Primary
• Start all SNLs
• Checkpoint – validate new HSM
• Verify MMF
HSM Refresh- planning and replacement overview
11
2-box cluster : Detailed steps (1/3)
(using third network connection)
1
SNL_1
1
Stop all SNL instances.
Manage replacement from SNL_1
2
Take backup of HSMbox_1
(for fallback purpose)
3
Prepare IS6_HSMbox_1 and connect it to network using
a new network connection
4
Configure network parameters of IS6_HSMbox_1
5
If HSMbox_1 is on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_1 to 5.6.1
6
2
HSMbox_1 (P)
SNL_2
HSMbox_2 (S)
SNL_3
3
SNL_1
HSMbox_2 (S)
SNL_2
IS6_HSMbox_1
SNL_3
Initialize IS6_HSMbox_1 with the Remote PED Secret
(For remote PED only)
4
7
HSMbox_1 (P)
5
6
7
Add IS6_HSMbox_1 to the cluster as a standby HSM
box
SNL_1
HSMbox_1 (P)
8
Disconnect HSMbox_2 from network
9
Remove HSMbox_2 from cluster configuration
HSMbox_2 (S)
SNL_2
IS6_HSMbox_1 (SB)
SNL_3
HSM Refresh- planning and replacement overview
12
(P) Primary; (S) Secondary; (SB) Standby
2-box cluster : Detailed steps (2/3)
(using third network connection)
8
9
SNL_1
8
Disconnect HSMbox_2 from network
9
Remove HSMbox_2 from cluster configuration
HSMbox_1 (P)
SNL_2
IS6_HSMbox_1 (S)
SNL_3
10
Promote IS6_HSMbox_1 to primary HSM box
10
Checkpoint - confidence test IS6_HSMbox_1 (optional)
Check
point
**
SNL_1
a) Deregister all SNL instances except SNL_1
b) Register all SNL instances except SNL_1
c) Start all SNL and verify the message flow
d) Stop all SNL
11
Prepare IS6_HSMbox_2 and connect it to network using the
network cable that was previously connected to HSMbox_2
12
Configure IS6_HSMbox_2 with the same network parameters
as HSMbox_2
13
If HSMbox_1 is on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_2 to 5.6.1
14
Initialize IS6_HSMbox_2 with the Remote PED Secret
(For remote PED only)
15
Add IS6_HSMbox_2 to the cluster as a standby HSM box
IS6_HSMbox_1 (P)
HSMbox_1 (S)
SNL_2
SNL_3
---------- Checkpoint ----------
11
SNL_1
IS6_HSMbox_1 (P)
HSMbox_1 (S)
SNL_2
IS6_HSMbox_2
SNL_3
12
13
14
15
** In case replacement is planned over multiple downtime windows, break at checkpoint
HSM Refresh- planning and replacement overview
(P) Primary; (S) Secondary; (SB) Standby
13
2-box cluster : Detailed steps (3/3)
(using third network connection)
SNL_1
IS6_HSMbox_1 (P)
16
Disconnect HSMbox_1 from network
17
Remove HSMbox_1 from cluster configuration
18
Reset the cluster compatibility version of IS6_HSMbox_1 and
IS6_HSMbox_2
HSMbox_1 (S)
SNL_2
IS6_HSMbox_2 (SB)
SNL_3
16
17
SNL_1
IS6_HSMbox_1 (P)
SNL_2
18
19
Deregister all SNL instances except SNL_1
IS6_HSMbox_2 (S)
SNL_3
20
Register all SNL instances except SNL_1
19
21
20
Start all SNL and verify the message flow
SNL_1
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
Return to list of
scenarios
Go to end of
all scenarios
SNL_2
SNL_3
21
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview
14
3-box Cluster : Overview
Current
• Verify and ensure all
prerequisite’s are met.
• Necessary PED keys, their
pins and account passwords
are available and verified.
Intermediate
• Stop all SNLs
• Disconnect & remove old
secondary from cluster
• Add new HSM box to existing
cluster as standby, using existing
network connection
Final
• Disconnect & remove old
standby from cluster
• Add new HSM box to existing
cluster as standby, using
existing network connection
• Repeat above 2 steps
• Promote new HSM as Primary.
• Re-register other SNLs
• Checkpoint – validate new HSM
• Start all SNLs
• Verify MMF
HSM Refresh- planning and replacement overview
15
3-box cluster : Detailed steps (1/4)
1
1
2
3
Stop all SNL instances.
Manage replacement from SNL_1
HSMbox_1 (P)
2
Take backup of HSMbox_1
(for fallback purpose)
HSMbox_2 (S)
SNL_2
HSMbox_3 (SB)
SNL_3
Disconnect HSMbox_2 from network
3
4
SNL_1
4
Remove HSMbox_2 from cluster configuration
SNL_1
5
Prepare IS6_HSMbox_1 and connect it to network, using
the network cable that was previously connected to
HSMbox_2
6
Configure IS6_HSMbox_1 with the same network
parameters as HSMbox_2
7
If HSMbox_1 is on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_1 to 5.6.1
HSMbox_1 (P)
SNL_2
HSMbox_3 (S)
SNL_3
5
SNL_1
8
HSMbox_1 (P)
Initialize IS6_HSMbox_1 with the Remote PED Secret
(For remote PED only)
HSMbox_3 (S)
9
Add IS6_HSMbox_1 to the cluster as a standby HSM
box
6
IS6_HSMbox_1
7
8
SNL_2
SNL_3
9
HSM Refresh- planning and replacement overview
16
(P) Primary; (S) Secondary; (SB) Standby
3-box cluster : Detailed steps (2/4)
10
Promote IS6_HSMbox_1 to primary HSM box
Checkpoint - confidence test IS6_HSMbox_1 (optional)
Check
point **
a) Deregister all SNL instances except SNL_1
b) Register all SNL instances except SNL_1
c) Start all SNL and verify the message flow
d) Stop all SNL
11
Disconnect HSMbox_1 from network
12
Remove HSMbox_1 from cluster configuration
HSMbox_1 (P)
SNL_1
HSMbox_3 (S)
SNL_2
IS6_HSMbox_1 (SB)
SNL_3
10
IS6_HSMbox_1 (P)
SNL_1
HSMbox_3 (S)
SNL_2
HSMbox_1 (SB)
SNL_3
---------- Checkpoint ----------
13
Prepare IS6_HSMbox_2 and connect it to network, using the
network cable that was previously connected to HSMbox_1
11
12
SNL_1
IS6_HSMbox_1 (P)
HSMbox_3 (S)
SNL_2
SNL_3
** In case replacement is planned over multiple downtime windows, break at checkpoint
13
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview
17
3-box cluster : Detailed steps (3/4)
IS6_HSMbox_1 (P)
14
Configure IS6_HSMbox_2 with the same network parameters
as HSMbox_1
15
If HSMbox_3 is on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_2 to 5.6.1
16
14
15
SNL_1
HSMbox_3 (S)
SNL_2
IS6_HSMbox_2
SNL_3
16
17
Initialize IS6_HSMbox_2 with the Remote PED Secret
(For remote PED only)
SNL_1
IS6_HSMbox_1 (P)
17
Add IS6_HSMbox_2 to the cluster as a standby HSM box
HSMbox_3 (S)
SNL_2
SNL_3
18
Disconnect HSMbox_3 from network
IS6_HSMbox_2 (SB)
19
Remove HSMbox_3 from cluster configuration
18
20
Reset the cluster compatibility version of IS6_HSMbox_1 and
IS6_HSMbox_2
IS6_HSMbox_1 (P)
21
Prepare IS6_HSMbox_3 and connect it to network, using the
network cable that was previously connected to HSMbox_3
19
SNL_1
20
IS6_HSMbox_2 (S)
SNL_2
SNL_3
21
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview
18
3-box cluster : Detailed steps (4/4)
IS6_HSMbox_1 (P)
22
IS6_HSMbox_2 (S)
SNL_2
IS6_HSMbox_3
SNL_3
Configure IS6_HSMbox_3 with the same network
parameters as HSMbox_3
22
23
Initialize IS6_HSMbox_3 with the Remote PED Secret
(For remote PED only)
24
Add IS6_HSMbox_3 to the cluster as a standby HSM box
25
Deregister all SNL instances except SNL_1
23
24
IS6_HSMbox_1 (P)
SNL_1
IS6_HSMbox_2 (S)
SNL_2
IS6_HSMbox_3 (SB)
26
Register all SNL instances except SNL_1
27
Start all SNL and verify the message flow
25
IS6_HSMbox_2 (S)
Go to end of
all scenarios
SNL_3
26
IS6_HSMbox_1 (P)
Return to list of
scenarios
SNL_1
SNL_1
SNL_2
IS6_HSMbox_3 (SB)
SNL_3
27
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview
19
4-box Cluster : Overview
Current
• Verify and ensure all
prerequisite’s are met.
• Necessary PED keys, their
pins and account passwords
are available and verified.
Intermediate
• Stop all SNLs
• Disconnect & remove old
secondary from cluster
• Add new HSM box to existing
cluster as standby, using existing
network connection
• Promote new HSM as Primary.
• Checkpoint – validate new HSM
Final
• Disconnect & remove old standby
from cluster
• Add new HSM box to existing
cluster as standby, using existing
network connection
• Repeat above 2 steps for remaining
boxes
• Re-register other SNLs
• Start all SNLs
• Verify MMF
HSM Refresh- planning and replacement overview
20
4-box cluster : Detailed steps (1/5)
1
1
2
Stop all SNL instances.
Manage replacement from SNL_1
HSMbox_1 (P)
SNL_1
HSMbox_2 (S)
2
Take backup of HSMbox_1
(for fallback purpose)
HSMbox_3 (SB)
HSMbox_4 (SB)
3
4
Remove HSMbox_2 from cluster configuration
HSMbox_1 (P)
5
SNL_3
Disconnect HSMbox_2 from network
3
4
SNL_2
Prepare IS6_HSMbox_1 and connect it to network, using
the network cable that was previously connected to
HSMbox_2
6
Configure IS6_HSMbox_1 with the same network
parameters as HSMbox_2
7
If HSMbox_1 is on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_1 to 5.6.1
HSMbox_3 (S)
SNL_1
SNL_2
HSMbox_4 (SB)
SNL_3
5
HSMbox_1 (P)
8
9
Initialize IS6_HSMbox_1 with the Remote PED Secret
(For remote PED only)
Add IS6_HSMbox_1 to the cluster as a standby HSM
box
HSM Refresh- planning and replacement overview
HSMbox_3 (S)
SNL_1
SNL_2
HSMbox_4 (SB)
SNL_3
6
IS6_HSMbox_1
7
8
9
21
(P) Primary; (S) Secondary; (SB) Standby
4-box cluster : Detailed steps (2/5)
HSMbox_1 (P)
SNL_1
HSMbox_3 (S)
10
Checkpoint - confidence test IS6_HSMbox_1 (optional)
Check
point **
SNL_2
Promote IS6_HSMbox_1 to primary HSM box
a) Deregister all SNL instances except SNL_1
b) Register all SNL instances except SNL_1
c) Start all SNL and verify the message flow
d) Stop all SNL
HSMbox_4 (SB)
IS6_HSMbox_1 (SB)
SNL_3
10
IS6_HSMbox_1 (P)
SNL_1
HSMbox_3 (S)
11
Disconnect HSMbox_1 from network
SNL_2
HSMbox_4 (SB)
12
Remove HSMbox_1 from cluster configuration
13
Prepare IS6_HSMbox_2 and connect it to network, using the
network cable that was previously connected to HSMbox_1
HSMbox_1 (SB)
---------- Checkpoint ----------
11
12
IS6_HSMbox_1 (P)
HSMbox_3 (S)
** In case replacement is planned over multiple downtime windows, break at checkpoint
SNL_3
SNL_1
SNL_2
HSMbox_4 (SB)
SNL_3
13
HSM Refresh- planning and replacement overview
22
(P) Primary; (S) Secondary; (SB) Standby
4-box cluster : Detailed steps (3/5)
IS6_HSMbox_1 (P)
SNL_1
HSMbox_3 (S)
14
Configure IS6_HSMbox_2 with the same network parameters
as HSMbox_1
15
If HSMbox_3 is on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_2 to 5.6.1
16
Initialize IS6_HSMbox_2 with the Remote PED Secret
(For remote PED only)
14
15
HSMbox_4 (SB)
SNL_2
IS6_HSMbox_2
SNL_3
16
17
IS6_HSMbox_1 (P)
SNL_1
17
Add IS6_HSMbox_2 to the cluster as a standby HSM box
HSMbox_3 (S)
HSMbox_4 (SB)
18
Disconnect HSMbox_3 from network
IS6_HSMbox_2 (SB)
19
SNL_3
Remove HSMbox_3 from cluster configuration
18
20
SNL_2
Prepare IS6_HSMbox_3 and connect it to network, using the
network cable that was previously connected to HSMbox_3
19
IS6_HSMbox_1 (P)
HSMbox_4 (S)
SNL_1
SNL_2
IS6_HSMbox_2 (SB)
SNL_3
HSM Refresh- planning and replacement overview
20
(P) Primary; (S) Secondary; (SB) Standby
23
4-box cluster : Detailed steps (4/5)
IS6_HSMbox_1 (P)
SNL_1
HSMbox_4 (S)
21
Configure IS6_HSMbox_3 with the same network parameters
as HSMbox_3
22
If HSMbox_4 s on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_3 to 5.6.1
23
21
22
Initialize IS6_HSMbox_3 with the Remote PED Secret
(For remote PED only)
IS6_HSMbox_2 (SB)
SNL_2
IS6_HSMbox_3
SNL_3
23
24
IS6_HSMbox_1 (P)
SNL_1
24
HSMbox_4 (S)
Add IS6_HSMbox_3 to the cluster as a standby HSM box
IS6_HSMbox_2 (SB)
25
Disconnect HSMbox_4 from network
IS6_HSMbox_3 (SB)
26
SNL_2
SNL_3
Remove HSMbox_4 from cluster configuration
25
27
Reset the cluster compatibility version of IS6_HSMbox_1,
IS6_HSMbox_2 and IS6_HSMbox_3
28
Prepare IS6_HSMbox_4 and connect it to network, using the
network cable that was previously connected to HSMbox_4
IS6_HSMbox_1 (P)
IS6_HSMbox_2 (S)
27
HSM Refresh- planning and replacement overview
26
SNL_1
SNL_2
IS6_HSMbox_3 (SB)
SNL_3
28
(P) Primary; (S) Secondary; (SB) Standby
24
4-box cluster : Detailed steps (5/5)
IS6_HSMbox_1 (P)
SNL_1
IS6_HSMbox_2 (S)
29
Initialize IS6_HSMbox_4 with the Remote PED Secret
(For remote PED only)
31
Add IS6_HSMbox_4 to the cluster as a standby HSM box
32
Deregister all SNL instances except SNL_1
SNL_3
IS6_HSMbox_4
29
30
SNL_2
IS6_HSMbox_3 (SB)
Configure IS6_HSMbox_4 with the same network
parameters as HSMbox_4
30
31
IS6_HSMbox_1 (P)
SNL_1
IS6_HSMbox_2 (S)
SNL_2
IS6_HSMbox_3 (SB)
SNL_3
33
Register all SNL instances except SNL_1
34
Start all SNL and verify the message flow
IS6_HSMbox_4 (SB)
32
33
IS6_HSMbox_1 (P)
SNL_1
IS6_HSMbox_2 (S)
SNL_2
Return to list of
scenarios
Go to end of
all scenarios
HSM Refresh- planning and replacement overview
IS6_HSMbox_3 (SB)
SNL_3
IS6_HSMbox_4 (SB)
34
(P) Primary; (S) Secondary; (SB) Standby
25
1-box Cluster : Overview
Current
Intermediate
Final
• Verify and ensure all
prerequisite’s are met.
• Stop all SNLs
• Necessary PED keys, their
pins and account passwords
are available and verified.
• Backup old box
• Configure new HSM box as
stand-alone HSM box, using
existing network connection
• Disconnect old box from network
• Restore backup
• Register all SNLs
• Start all SNLs
• Verify MMF
HSM Refresh- planning and replacement overview
26
1-box cluster : Detailed steps (1/2)
1
SNL_1
HSMbox_1 (P)
1
SNL_2
Deregister all SNL instances.
SNL_3
2
Take backup of HSMbox_1
3
2
SNL_1
3
Disconnect HSMbox_1 from network
SNL_2
4
Prepare IS6_HSMbox_1 and connect it to network, using
the network cable that was previously connected to
HSMbox_1
5
Configure IS6_HSMbox_1 with the same network
parameters as HSMbox_1
6
If HSMbox_1 is on software version 5.6.1, set cluster
compatibility version of IS6_HSMbox_1 to 5.6.1
SNL_3
4
SNL_1
IS6_HSMbox_1 (P)
7
Initialize IS6_HSMbox_1 with the Remote PED Secret
(For remote PED only)
8
Configure IS6_HSMbox_1 as stand-alone HSM box
SNL_2
SNL_3
5
7
6
8
HSM Refresh- planning and replacement overview
27
(P) Primary; (S) Secondary; (SB) Standby
1-box cluster : Detailed steps (2/2)
9
Restore HSM backup on IS6_HSMbox_1
9
SNL_1
10
SNL_2
IS6_HSMbox_1 (P)
10
Reset the cluster compatibility version of IS6_HSMbox_1
11
Register all SNL instances
12
Start all SNL and verify the message flow
SNL_3
11
SNL_1
IS6_HSMbox_1 (P)
SNL_2
SNL_3
12
Return to list of
scenarios
Go to end of
all scenarios
(P) Primary; (S) Secondary; (SB) Standby
HSM Refresh- planning and replacement overview
28
Thank you
HSM Refresh- planning and replacement overview
29
Backup
HSM Refresh- planning and replacement overview
30
Budgeting for box replacement
 Build inventory of HSM boxes (and remote PEDs) to be replaced




Include all environments with HSM boxes, like development, test, production & DR
Include all spare boxes
Identify location and tier of each box
Verify against entitlement information provided by SWIFT
 Budget for box replacement
 HSM box fees
 Subsidized one-time fees per box & recurring annual fees
 Refer to pricing and subsidy email from SWIFT or contact your SWIFT contact
 Deployment effort
 Project planning
 Sanity testing of new boxes & deployment preparation
 Installation and verification
 Use of external resources or consultants
 Tip: Procedure is similar to failure replacement
 Other costs
 Additional power source
 Decommission and destroy old boxes
 Incorporate best practices into operational procedures
 Attend training, e.g. new web class “Operating your HSM”
HSM Refresh- planning and replacement overview
31
Replacement approach – key points
 Recommend customers to configure and use each new HSM box in their
test environment as confidence test, before adding them to their production
environment. This can help detect hardware or software problems before
production deployment.
 HSM boxes must be deployed in production environment during customer’s
downtime window. This will avoid SPOF situation during business
operations.
 To avoid network changes in the production environment, new HSM boxes
will re-use the network connections and IP addresses of the current HSM
boxes. This will avoid the need for new network cables, IP addresses,
routing rules, firewall/router updates etc.
HSM Refresh- planning and replacement overview
32