000036163 - How to update firmware on RSA Identity Governance & Lifecycle hardware appliances

Document created by RSA Customer Support Employee on Mar 27, 2018Last modified by RSA Customer Support Employee on Mar 27, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000036163
Applies ToRSA Product Set/Version:
  • RSA Identity Governance & Lifecycle 7.1.0, 7.0.2, and 7.0.1
  • RSA Via Lifecycle & Governance 7.0
  • RSA Identity Management & Governance 6.9.x
Platform: Hardware appliance, Dell PowerEdge R730, R630, R720, R620
Operating System: SUSE Linux Enterprise Edition 11 SP3, SuSE Linux Enterprise Edition 12 SP2, Red Hat Enterprise Linux 5u8, Red Hat Enterprise Linux 6u6+ (includes 6u7, 6u8, etc.)
IssueThis article explains how to update firmware on RSA Identity Governance & Lifecycle hardware appliances.
Resolution

How to Update Firmware on RSA Identity Governance & Lifecycle Hardware Appliances (Dell PowerEdge Servers)



Dell provides firmware updates as required to address security vulnerabilities. This guide describes how to download and install the current BIOS, iDRAC (Integrated Dell Remote Access Controller), and PERC (PowerEdge RAID Controller) firmware updates for an RSA hardware appliance (Dell PowerEdge server) that runs RSA Identity Governance & Lifecycle.

To update the firmware on an RSA Appliance, you need to download and apply one or more of the following updates: (1) a BIOS firmware update, (2) an iDRAC firmware update, and/or (3) a PERC firmware update.

Firmware updates can be applied to RSA Appliance through iDRAC web interface or command line interface. If you would like to apply updates through iDRAC interface and iDRAC is not enabled/configured on RSA Appliance, refer to the following Dell knowledge base article on how to enable/configure iDRAC: How to Setup and Manage Your iDRAC or CMC for Dell PowerEdge Servers and Blades

NOTE: The procedure to update firmware, documented in this article, has been validated only on the recent models (R730, R630, R720, and R620) of RSA Identity Governance & Lifecycle hardware appliances.  These steps have not been verified on older models (R710 and R320) but may be used as guidelines for those.  Depending on the model, there may be minor differences in iDRAC menu options from what's documented in this article.

For a list of supported Operating Systems on RSA Hardware Appliances, refer to the RSA Identity Governance and Lifecycle Platform Datasheet and Support Matrix documentation.



Determine the server model of your RSA hardware appliance


Determine the server model of your RSA hardware appliance that you are planning to update the firmware on.  Use the following method to find out the model of your appliance:

  1. Obtain Service Tag identifier found on the back or bottom of your appliance
  2. Alternatively, on R730 or R630 for example, log in to iDRAC web interface. In the left pane, click Overview > Server. In the Properties Summarypage, the Server Information section shows the Service Tag identifier.
  3. On the Dell Support page, enter the Service Tag identifier to find your Dell server model.

Determine whether an update is required


Determine the firmware versions you are planning to install.  For example, the latest qualified firmware versions for Dell R730 and R630 might be the following that you are planning to install:

  • BIOS version: 2.4.3 (this is an example)
  • iDRAC version: 2.50.50.50 (this is an example)
  • PERC version: 25.5.3.0005 (this is an example)
Check the current firmware versions of your RSA Appliance:

  1. Log in to the iDRAC web interface
  2. In the left pane, click Overview > Server. In the Properties Summary page, the Server Information section shows the following:
    • BIOS Version
    • iDRAC Firmware Version
    • PERC RAID Controller Firmware Version
If iDRAC is not enabled or not accessible, the current BIOS version can be checked using the command dmidecode -s bios-version through SSH session. The iDRAC and PERC firmware versions are not available through dmidecode command, but can be obtained in one of the following two ways:

  • Reboot the appliance and get the information from the boot process
  • If the firmware update is run from the OS command line, the update will display the current installed version before upgrading

If the current firmware versions on the appliance are older than the latest qualified versions, follow the next steps to download and install the latest qualified firmware updates.


Download firmware software


RSA publishes an advisory on RSA Link as latest firmware versions are qualified on RSA Identity Governance & Lifecycle Hardware Appliances (for example, see this advisory).  The advisory provides links to the Dell website for downloading the qualified firmware software and related documentation. Download the qualified firmware software using the links provided in the advisory. Do NOT fetch firmware updates from Dell website that are not qualified or not referenced in the advisories for RSA Identity Governance & Lifecycle.

The firmware software may be available in one, or both, of the following formats:
  • File extension .EXE self-extractable archive containing firmware image file (such as R730-020403C.hdr, firmimg.d7, or FW0005.rom for BIOS, iDRAC, or PERC respectively) for upgrading the firmware through iDRAC web interface. For example, listed below are such firmware file names for BIOS, iDRAC and PERC respectively:

    • BIOS_6YDCM_WN32_2.4.3.EXE (this is an example)
    • iDRAC-with-Lifecycle-Controller_Firmware_278FC_WN64_2.50.50.50_A00.EXE (this is an example)
    • SAS-RAID_Firmware_C58TW_WN64_25.5.3.0005_A11.EXE (this is an example)
  • File extension .BIN for upgrading the firmware from command line interface. For example, listed below are such firmware file names for BIOS, iDRAC and PERC respectively:
    • BIOS_6YDCM_LN_2.4.3.BIN (this is an example)
    • iDRAC-with-Lifecycle-Controller_Firmware_278FC_LN_2.50.50.50_A00.BIN (this is an example)
    • SAS-RAID_Firmware_C58TW_LN_25.5.3.0005_A11.BIN (this is an example)


Update the firmware


Firmware updates can be applied on RSA Appliances through iDRAC web interface (using a web browser on a Windows host) or command line interface (using an SSH session).  Follow steps in ONLY ONE of the following sections to apply the updates via (a) iDRAC web interface or (b) command line interface.


OPTION (a) – Update firmware through iDRAC web interface


Procedure:

  1. Log in to the appliance as root using an SSH session.
  2. Stop all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to stop services).
  3. Copy the .EXE firmware file (for BIOS, iDRAC, or PERC) to any directory on a Windows machine where a web browser will be used to connect to iDRAC web interface of the RSA Appliance. Verify the checksum value of the downloaded firmware file against the checksum posted on Dell website.
  4. Double-click on the downloaded self-extracting .EXE file on the Windows machine to extract all files in a temporary folder.  The extracted files will include firmware files such as R730-020403C.hdr, firmimg.d7, or FW0005.rom for BIOS, iDRAC, or PERC respectively.
  5. Connect to iDRAC web interface using a web browser on the Windows machine where firmware files were extracted in step 4.
  6. Log in as root or another administrator level account on iDRAC web interface.
  7. Go to Overview > iDRAC Settings > Update and Rollback > Update. The Firmware Update page is displayed.  (Note that the menu options may be different depending on the iDRAC version and/or server model.)
  8. Click Browse or Choose File and select the firmware image file that you extracted in step 4 and click Upload.
  9. Wait for the upload to complete. After the upload is completed, the Update Details section displays the firmware file uploaded to iDRAC and the status.
  10. Select the firmware file and click Next or Install.  When you click Next or Install you will see a progress report of the update status displayed.
  11. When the update completes, close this browser window, wait two to five minutes for the iDRAC to reboot (when iDRAC firmware is updated) and connect via a new browser window.
  12. Confirm on the iDRAC web interface that the firmware version is updated.
  13. Log in to the RSA Appliance as root using an SSH session.
  14. Start all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to start services).


OPTION (b) – Update Firmware through command line


Procedure:

  1. Log in to the appliance as root using an SSH session.
  2. Stop all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to stop services).
  3. Transfer/Copy the downloaded .BIN firmware file (for BIOS, iDRAC, or PERC) to any directory on the appliance. Verify the checksum value of the downloaded firmware file against the checksum posted on Dell website.
  4. Change directory to the location of the downloaded file from step 3.
  5. Change permissions on the update file as follows: 

    chmod +x <firmware-filename>.BIN

  6. Read over the release information presented by executing the command with the --version option, for example: 

    ./<firmware-filename>.BIN --version

  7. Download and install any prerequisites identified in the above step before proceeding. 
  8. For BIOS updates: Install any necessary Embedded Systems Management firmware prior to the BIOS update.
  9. Run the update: 

    ./<firmware-filename>.BIN


Read the license information and all prompts carefully and respond to each prompt with the default response. The update will display the current installed version of the firmware. Make sure you are applying the firmware version you intend to apply.  You may cancel the installation with Ctrl+C before responding to the final prompt.



  1. Wait for the update to complete. There is a simple progress indicator displayed on the screen during the update process and confirmation when completed.
  2. For BIOS update: When the update completes, the BIOS will reset (or reboot) but this may not be obvious through the console. No further action is required.
  3. Start all Aveksa/AFX/Oracle Database services on the appliance (refer to RSA Identity Governance & Lifecycle Installation Guide for details on how to start services).

Attachments

    Outcomes