How to Update Firmware on RSA Identity Governance & Lifecycle Hardware Appliances (Dell PowerEdge Servers)

Dell provides firmware updates as required to address security vulnerabilities. This guide describes how to download and install the current BIOS, iDRAC (Integrated Dell Remote Access Controller), and PERC (PowerEdge RAID Controller) firmware updates for an RSA Hardware Appliance (Dell PowerEdge server) that runs RSA Identity Governance & Lifecycle.

To update the firmware on an RSA Hardware Appliance, you need to download and apply one or more of the following updates:

1. a BIOS firmware update,
2. an iDRAC firmware update, and/or
3. a PERC firmware update.

Firmware updates may be applied to an RSA Hardware Appliance through the iDRAC web interface or the command line interface. If you would like to apply updates through the iDRAC interface and iDRAC is not enabled/configured on the RSA Hardware Appliance, refer to the following Dell Knowledge Base Article on how to enable/configure iDRAC: How to Setup and Manage Your iDRAC or CMC for Dell PowerEdge Servers and Blades.

NOTE: The procedure to update firmware documented in this article has been validated only on the recent models (R730, R630, R720, and R620) of RSA Identity Governance & Lifecycle Hardware Appliances. These steps have not been verified on older models (R710 and R320) but may be used as guidelines for those models. Depending on the model, there may be minor differences in iDRAC menu options from what is documented in this RSA Knowledge Base Article.

For a list of supported Operating Systems on RSA Hardware Appliances, refer to the RSA Identity Governance and Lifecycle Platform Datasheet and Support Matrix documentation for your specific version.

1. Determine the server model of your RSA Hardware Appliance

1. Obtain the Service Tag identifier located on the back or bottom of the appliance.
2. Alternatively, on an R730 or R630 for example, login to the iDRAC web interface. In the left pane, click Overview > Server. In the Properties Summary page, the Server Information section shows the Service Tag identifier.
3. On the Dell Support page, enter the Service Tag identifier to find your Dell server model.

2. Determine whether an update is required

• BIOS version: 2.4.3 (this is an example)
• iDRAC version: 2.50.50.50 (this is an example)
• PERC version: 25.5.3.0005 (this is an example)

1. Login to the iDRAC web interface.
2. In the left pane, click Overview > Server. In the Properties Summary page, the Server Information section shows the following:
   • BIOS Version
   • iDRAC Firmware Version
   • PERC RAID Controller Firmware Version

dmidecode -s bios-version

• Reboot the appliance and get the information from the boot process.
• If the firmware update is run from the Operating System command line, the update will display the currently installed version before upgrading.

3. Download the firmware software

• File extension .EXE self-extractable archive containing the firmware image file (such as R730-020403C.hdr, firmimg.d7, or FW0005.rom for BIOS, iDRAC, or PERC respectively) for upgrading the firmware through the iDRAC web interface. For example, listed below are sample firmware filenames for BIOS, iDRAC and PERC respectively:

• BIOS_6YDCM_WN32_2.4.3.EXE (this is an example)
• iDRAC-with-Lifecycle-Controller_Firmware_278FC_WN64_2.50.50.50_A00.EXE (this is an example)
• SAS-RAID_Firmware_C58TW_WN64_25.5.3.0005_A11.EXE (this is an example)

• File extension .BIN for upgrading the firmware from the command line interface. For example, listed below are sample firmware file names for BIOS, iDRAC and PERC respectively:
  • BIOS_6YDCM_LN_2.4.3.BIN (this is an example)
  • iDRAC-with-Lifecycle-Controller_Firmware_278FC_LN_2.50.50.50_A00.BIN (this is an example)
  • SAS-RAID_Firmware_C58TW_LN_25.5.3.0005_A11.BIN (this is an example)

4. Update the firmware

OPTION (a) – Update firmware through the iDRAC web interface

1. Login to the appliance as root using an SSH session.
2. Stop all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to stop services).
3. Copy the .EXE firmware file (for BIOS, iDRAC, or PERC) to any directory on a Windows machine where a web browser will be used to connect to the iDRAC web interface of the RSA Hardware Appliance. Verify the checksum value of the downloaded firmware file against the checksum posted on the Dell website.
4. Double-click on the downloaded self-extracting .EXE file on the Windows machine to extract all files to a temporary folder. The extracted files will include firmware files such as R730-020403C.hdr, firmimg.d7, or FW0005.rom for BIOS, iDRAC, or PERC respectively.
5. Connect to the iDRAC web interface using a web browser on the Windows machine where the firmware files were extracted in step 4.
6. Login as root or another administrator-level account on the iDRAC web interface.
7. Go to Overview > iDRAC Settings > Update and Rollback > Update. The Firmware Update page is displayed. (Note that the menu options may be different depending on the iDRAC version and/or server model.)
8. Click Browse or Choose File and select the firmware image file that you extracted in step 4 and click Upload.
9. Wait for the upload to complete. After the upload has completed, the Update Details section displays the firmware file uploaded to iDRAC and the status.
10. Select the firmware file and click Next or Install.  When you click Next or Install, you will see a progress report of the update status displayed.
11. When the update completes, close this browser window, wait two to five minutes for the iDRAC to reboot (when the iDRAC firmware is updated) and connect via a new browser window.
12. Confirm on the iDRAC web interface that the firmware version is updated.
13. Login to the RSA Hardware Appliance as root using an SSH session.
14. Start all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to start services).

OPTION (b) – Update Firmware through the command line

1. Login to the appliance as root using an SSH session.
2. Stop all Aveksa/AFX/Oracle Database services on the appliance (refer to your versions of the RSA Identity Governance & Lifecycle Installation Guide for details on how to stop services).
3. Transfer/copy the downloaded .BIN firmware file (for BIOS, iDRAC, or PERC) to any directory on the appliance. Verify the checksum value of the downloaded firmware file against the checksum posted on the Dell website.
4. Change directory to the location of the downloaded file from step 3.
5. Change permissions on the update file as follows: 

   
   chmod +x <firmware-filename>.BIN

6. Read over the release information presented by executing the command with the --version option. For example: 

   
   ./<firmware-filename>.BIN --version

7. Download and install any prerequisites identified in the above step before proceeding. 
8. For BIOS updates: Install any necessary Embedded Systems Management firmware prior to the BIOS update.
9. Run the update: 

   
   ./<firmware-filename>.BIN

Read the license information and all prompts carefully and respond to each prompt with the default response. The update will display the currently installed version of the firmware. Make sure you are applying the firmware version you intend to apply.  You may cancel the installation with Ctrl+C before responding to the final prompt.

10. Wait for the update to complete. There is a simple progress indicator displayed on the screen during the update process and confirmation when completed.
11. For the BIOS update: When the update completes, the BIOS will reset (or reboot) but this may not be obvious through the console. No further action is required.
12. Start all Aveksa/AFX/Oracle Database services on the appliance (refer to RSA Identity Governance & Lifecycle Installation Guide for details on how to start services).