000036163 - How to Update Firmware on Hardware Appliances used for Implementations of RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Mar 27, 2018Last modified by RSA Customer Support Employee on Jun 18, 2020
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000036163
Applies ToRSA Product Set/Version:
  • RSA Identity Governance & Lifecycle 7.2.0, 7.1.1, 7.1.0, 7.0.2, 7.0.1
  • RSA Via Lifecycle & Governance 7.0
  • RSA Identity Management & Governance 6.9.x
Platform: Hardware Appliance, Dell PowerEdge R730, R630, R720, R620
Operating System: SUSE Linux Enterprise Edition 12 SP4, SUSE Linux Enterprise Edition 12 SP2, SUSE Linux Enterprise Edition 11 SP3, Red Hat Enterprise Linux 6u6+ (includes 6u7, 6u8, etc.), Red Hat Enterprise Linux 5u8,

 
IssueThis RSA Knowledge Base Article explains how to update firmware on RSA Identity Governance & Lifecycle Hardware Appliances.
 
Resolution

How to Update Firmware on RSA Identity Governance & Lifecycle Hardware Appliances (Dell PowerEdge Servers)



Dell provides firmware updates as required to address security vulnerabilities. This guide describes how to download and install the current BIOS, iDRAC (Integrated Dell Remote Access Controller), and PERC (PowerEdge RAID Controller) firmware updates for an RSA Hardware Appliance (Dell PowerEdge server) that runs RSA Identity Governance & Lifecycle.

To update the firmware on an RSA Hardware Appliance, you need to download and apply one or more of the following updates:



  1. a BIOS firmware update,
  2. an iDRAC firmware update, and/or
  3. a PERC firmware update.

Firmware updates may be applied to an RSA Hardware Appliance through the iDRAC web interface or the command line interface. If you would like to apply updates through the iDRAC interface and iDRAC is not enabled/configured on the RSA Hardware Appliance, refer to the following Dell Knowledge Base Article on how to enable/configure iDRAC: How to Setup and Manage Your iDRAC or CMC for Dell PowerEdge Servers and Blades.

NOTE: The procedure to update firmware documented in this article has been validated only on the recent models (R730, R630, R720, and R620) of RSA Identity Governance & Lifecycle Hardware Appliances. These steps have not been verified on older models (R710 and R320) but may be used as guidelines for those models. Depending on the model, there may be minor differences in iDRAC menu options from what is documented in this RSA Knowledge Base Article.

For a list of supported Operating Systems on RSA Hardware Appliances, refer to the RSA Identity Governance and Lifecycle Platform Datasheet and Support Matrix documentation for your specific version.



  1. Determine the server model of your RSA Hardware Appliance

Determine the server model of the RSA Hardware Appliance whose firmware will be updated. Use the following method to find out the model of the appliance:


  1. Obtain the Service Tag identifier located on the back or bottom of the appliance.
  2. Alternatively, on an R730 or R630 for example, login to the iDRAC web interface. In the left pane, click Overview > Server. In the Properties Summary page, the Server Information section shows the Service Tag identifier.
  3. On the Dell Support page, enter the Service Tag identifier to find your Dell server model.

  1. Determine whether an update is required

Determine the firmware versions you are planning to install.  For example, the latest qualified firmware versions for the Dell R730 and R630 appliances might be the following that you are planning to install:


  • BIOS version: 2.4.3 (this is an example)
  • iDRAC version: 2.50.50.50 (this is an example)
  • PERC version: 25.5.3.0005 (this is an example)

Check the current firmware version of your RSA Hardware Appliance:


  1. Login to the iDRAC web interface.
  2. In the left pane, click Overview > Server. In the Properties Summary page, the Server Information section shows the following:
    • BIOS Version
    • iDRAC Firmware Version
    • PERC RAID Controller Firmware Version

If iDRAC is not enabled or not accessible, the current BIOS version can be checked by executing the following command as the root user through an SSH session:



dmidecode -s bios-version


The iDRAC and PERC firmware versions are not available through the dmidecode command, but can be obtained in one of the following two ways:


  • Reboot the appliance and get the information from the boot process.
  • If the firmware update is run from the Operating System command line, the update will display the currently installed version before upgrading.

If the current firmware versions on the appliance are older than the latest qualified versions, follow the next steps to download and install the latest qualified firmware updates.


  1. Download the firmware software

RSA publishes an advisory on RSA Link as latest firmware versions are qualified on RSA Identity Governance & Lifecycle Hardware Appliances (for example, see this advisory). The advisory provides links to the Dell website for downloading the qualified firmware software and related documentation. Download the qualified firmware software using the links provided in the advisory. Do NOT fetch firmware updates from the Dell website that are not qualified or not referenced in the advisories for RSA Identity Governance & Lifecycle.
 


The firmware software may be available in one, or both, of the following formats:


  • File extension .EXE self-extractable archive containing the firmware image file (such as R730-020403C.hdr, firmimg.d7, or FW0005.rom for BIOS, iDRAC, or PERC respectively) for upgrading the firmware through the iDRAC web interface. For example, listed below are sample firmware filenames for BIOS, iDRAC and PERC respectively:

  • BIOS_6YDCM_WN32_2.4.3.EXE (this is an example)
  • iDRAC-with-Lifecycle-Controller_Firmware_278FC_WN64_2.50.50.50_A00.EXE (this is an example)
  • SAS-RAID_Firmware_C58TW_WN64_25.5.3.0005_A11.EXE (this is an example)

  • File extension .BIN for upgrading the firmware from the command line interface. For example, listed below are sample firmware file names for BIOS, iDRAC and PERC respectively:

    • BIOS_6YDCM_LN_2.4.3.BIN (this is an example)
    • iDRAC-with-Lifecycle-Controller_Firmware_278FC_LN_2.50.50.50_A00.BIN (this is an example)
    • SAS-RAID_Firmware_C58TW_LN_25.5.3.0005_A11.BIN (this is an example)

  1. Update the firmware

Firmware updates can be applied on RSA Hardware Appliances through the iDRAC web interface (using a web browser on a Windows host) or the command line interface (using an SSH session). Follow steps in ONLY ONE of the following options to apply the updates. OPTION (a) via the iDRAC web interface or OPTION (b) via the command line interface.


OPTION (a) – Update firmware through the iDRAC web interface



Procedure:


  1. Login to the appliance as root using an SSH session.
  2. Stop all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to stop services).
  3. Copy the .EXE firmware file (for BIOS, iDRAC, or PERC) to any directory on a Windows machine where a web browser will be used to connect to the iDRAC web interface of the RSA Hardware Appliance. Verify the checksum value of the downloaded firmware file against the checksum posted on the Dell website.
  4. Double-click on the downloaded self-extracting .EXE file on the Windows machine to extract all files to a temporary folder. The extracted files will include firmware files such as R730-020403C.hdrfirmimg.d7, or FW0005.rom for BIOS, iDRAC, or PERC respectively.
  5. Connect to the iDRAC web interface using a web browser on the Windows machine where the firmware files were extracted in step 4.
  6. Login as root or another administrator-level account on the iDRAC web interface.
  7. Go to Overview > iDRAC Settings > Update and Rollback > Update. The Firmware Update page is displayed. (Note that the menu options may be different depending on the iDRAC version and/or server model.)
  8. Click Browse or Choose File and select the firmware image file that you extracted in step 4 and click Upload.
  9. Wait for the upload to complete. After the upload has completed, the Update Details section displays the firmware file uploaded to iDRAC and the status.
  10. Select the firmware file and click Next or Install.  When you click Next or Install, you will see a progress report of the update status displayed.
  11. When the update completes, close this browser window, wait two to five minutes for the iDRAC to reboot (when the iDRAC firmware is updated) and connect via a new browser window.
  12. Confirm on the iDRAC web interface that the firmware version is updated.
  13. Login to the RSA Hardware Appliance as root using an SSH session.
  14. Start all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to start services).

OPTION (b) – Update Firmware through the command line



Procedure:


  1. Login to the appliance as root using an SSH session.
  2. Stop all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to stop services).
  3. Transfer/copy the downloaded .BIN firmware file (for BIOS, iDRAC, or PERC) to any directory on the appliance. Verify the checksum value of the downloaded firmware file against the checksum posted on the Dell website.
  4. Change directory to the location of the downloaded file from step 3.
  5. Change permissions on the update file as follows: 

    chmod +x <firmware-filename>.BIN

  6. Read over the release information presented by executing the command with the --version option. For example: 

    ./<firmware-filename>.BIN --version

  7. Download and install any prerequisites identified in the above step before proceeding. 
  8. For BIOS updates: Install any necessary Embedded Systems Management firmware prior to the BIOS update.
  9. Run the update: 

    ./<firmware-filename>.BIN


Read the license information and all prompts carefully and respond to each prompt with the default response. The update will display the currently installed version of the firmware. Make sure you are applying the firmware version you intend to apply.  You may cancel the installation with Ctrl+C before responding to the final prompt.



  1. Wait for the update to complete. There is a simple progress indicator displayed on the screen during the update process and confirmation when completed.
  2. For the BIOS update: When the update completes, the BIOS will reset (or reboot) but this may not be obvious through the console. No further action is required.
  3. Start all Aveksa/AFX/Oracle Database services on the appliance (refer to RSA Identity Governance & Lifecycle Installation Guide for details on how to start services).

 

Attachments

    Outcomes