Presentation is loading. Please wait.

Presentation is loading. Please wait.

HSM Refresh – box replacement

Published byAaron Swinton Modified over 10 years ago

Similar presentations

Presentation on theme: "HSM Refresh – box replacement"— Presentation transcript:

1 HSM Refresh – box replacement
Planning and replacement overview SWIFT July 2013

2 New box replacement procedure is similar to existing box failure replacement procedure, and new box is backward compatible HSM Refresh- planning and replacement overview

3 What’s new – IS6 HSM Box Physical characteristics
New hardware with enterprise class server-grade components Redundancy for critical components Contains two hot-swappable power supply units rated at 450W each Field replaceable cooling fans Standard 1U rack mount chassis Weight is 28lb (12.7kg) New decommission button on back of the box, mainly used in the unlikely event of returning boxes to factory USB to serial adapter packaged along with the box New sensor to monitor power supply Visual indicator (led) on back of HSM box and an audio alarm Sensor output accessible via HSM commands or new SNL rls7.0.25 Compatibility New box is backward compatible. It can interoperate with old boxes and hence, no software upgrade or certificate migration is needed. HSM Refresh- planning and replacement overview

4 What’s new – PIN Entry Device (PED)
PED used locally with HSM box IS6 HSM uses a new PED with similar physical characteristics as the old one Old PEDs cannot be used with new HSM boxes New PED is backward compatible. Hence, new PEDs must be used to operate new and old boxes. PED used at remote offices New PED can be used locally or remotely. No separate remote PED anymore. Customers can use PEDs packaged with HSM boxes at remote office. This can reduce need for ordering additional PEDs for remote office. New PEDs must be available at remote office before starting any HSM box refresh HSM Refresh- planning and replacement overview

5 Deployment prerequisites
New devices All new boxes must be onsite and contents checked For remote PED users, new PED must be available at the remote office. Old PEDs cannot be used with new boxes. Existing HSM information Existing HSM boxes are running version or 5.6.4 Password of HSM admin, monitor and operator accounts are available and verified Keys and PINs for HSM SO/admin, domain and user are available and verified For remote PED users Working remote PED workstation Current remote PED key (orange key) and its PIN must be available and verified Infrastructure readiness Two power sources must be available for each HSM box PC or laptop with serial port within 1.8 metres of the HSM rack HSM Refresh- planning and replacement overview

6 HSM box refresh scenarios
# Existing setup Future setup Procedure overview 1 Old 2-box cluster New 2-box cluster 1* 2 Old 3-box cluster New 3-box cluster 3 Old 4-box cluster New 4-box cluster 4 Stand alone old box Stand alone new box Click here (2B) Click here (2B*) Click here (3B) Click here (4B) Click here (1B) * For customers who prefer to keep at least 2 boxes in cluster at all times during refresh procedure, new box can be added to cluster before removing old ones. This will require additional network connection. Replacement can be performed in single or multiple downtime windows based on customer preference. Each procedure includes an intermediate checkpoint step which can be used to come out of the downtime window, and continue the rest in next downtime window. HSM Refresh- planning and replacement overview

7 2-box Cluster : Overview
Current Intermediate Final Verify and ensure all prerequisite’s are met. Necessary PED keys, their pins and account passwords are available and verified. Stop all SNLs Disconnect & remove old secondary from cluster Add new HSM box to existing cluster as secondary, using existing network connection Promote new HSM as Primary Checkpoint – validate new HSM Disconnect & remove old secondary from cluster Add new HSM box to existing cluster as secondary, using existing network connection Re-register other SNLs Start all SNLs Verify MMF HSM Refresh- planning and replacement overview

8 2-box cluster : Detailed steps (1/3)
Stop all SNL instances. Manage replacement from SNL_1 2 Take backup of HSMbox_1 (for fallback purpose) 3 Disconnect HSMbox_2 from network 4 Remove HSMbox_2 from cluster configuration 5 Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2 6 Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2 7 If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1 8 Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only) 9 Add IS6_HSMbox_1 to the cluster as a secondary HSM box SNL_1 2 HSMbox_1 (P) SNL_2 HSMbox_2 (S) SNL_3 3 4 SNL_1 HSMbox_1 (P) SNL_2 SNL_3 5 SNL_1 HSMbox_1 (P) SNL_2 6 IS6_HSMbox_1 (S) SNL_3 7 8 9 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

9 2-box cluster : Detailed steps (2/3)
SNL_1 10 Promote IS6_HSMbox_1 to primary HSM box Check point ** Checkpoint - confidence test IS6_HSMbox_1 (optional) a) Deregister all SNL instances except SNL_1 b) Register all SNL instances except SNL_1 c) Start all SNL and verify the message flow d) Stop all SNL 11 Disconnect HSMbox_1 from network 12 Remove HSMbox_1 from cluster configuration 13 Reset the cluster compatibility version of IS6_HSMbox_1 14 Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSMbox_1 HSMbox_1 (P) SNL_2 IS6_HSMbox_1 (S) SNL_3 10 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_1 (S) SNL_3 Checkpoint 11 12 SNL_1 IS6_HSMbox_1 (P) 13 SNL_2 SNL_3 14 ** In case replacement is planned over multiple downtime windows, break at checkpoint (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview

10 2-box cluster : Detailed steps (3/3)
SNL_1 IS6_HSMbox_1 (P) SNL_2 15 Configure IS6_HSMbox_2 with the same network parameters as HSMbox_1 16 Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only) 17 Add IS6_HSMbox_2 to the cluster as a secondary HSM box 18 Deregister all SNL instances except SNL_1 19 Register all SNL instances except SNL_1 20 Start all SNL and verify the message flow 15 IS6_HSMbox_2 (S) SNL_3 16 17 SNL_1 IS6_HSMbox_1 (P) SNL_2 IS6_HSMbox_2 (S) SNL_3 18 19 SNL_1 IS6_HSMbox_1 (P) SNL_2 IS6_HSMbox_2 (S) Return to list of scenarios Go to end of all scenarios SNL_3 20 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview

11 2-box Cluster : Overview
(using third network connection) Current Intermediate Final Verify and ensure all prerequisite’s are met. Necessary PED keys, their pins and account passwords are available and verified. Stop all SNLs Add new HSM box to existing cluster as standby, using a new network connection Disconnect & remove old secondary from cluster Promote new HSM as Primary Checkpoint – validate new HSM Add new HSM box to existing cluster as standby, using existing network connection Disconnect & remove old secondary from cluster Re-register other SNLs Start all SNLs Verify MMF HSM Refresh- planning and replacement overview

12 2-box cluster : Detailed steps (1/3) (using third network connection)
SNL_1 1 Stop all SNL instances. Manage replacement from SNL_1 2 Take backup of HSMbox_1 (for fallback purpose) 3 Prepare IS6_HSMbox_1 and connect it to network using a new network connection 4 Configure network parameters of IS6_HSMbox_1 5 If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1 6 Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only) 7 Add IS6_HSMbox_1 to the cluster as a standby HSM box 8 Disconnect HSMbox_2 from network 9 Remove HSMbox_2 from cluster configuration 2 HSMbox_1 (P) SNL_2 HSMbox_2 (S) SNL_3 3 HSMbox_1 (P) SNL_1 HSMbox_2 (S) SNL_2 IS6_HSMbox_1 SNL_3 4 5 6 7 SNL_1 HSMbox_1 (P) HSMbox_2 (S) SNL_2 IS6_HSMbox_1 (SB) SNL_3 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

13 2-box cluster : Detailed steps (2/3) (using third network connection)
8 9 SNL_1 8 Disconnect HSMbox_2 from network 9 Remove HSMbox_2 from cluster configuration 10 Promote IS6_HSMbox_1 to primary HSM box Check point ** Checkpoint - confidence test IS6_HSMbox_1 (optional) a) Deregister all SNL instances except SNL_1 b) Register all SNL instances except SNL_1 c) Start all SNL and verify the message flow d) Stop all SNL 11 Prepare IS6_HSMbox_2 and connect it to network using the network cable that was previously connected to HSMbox_2 12 Configure IS6_HSMbox_2 with the same network parameters as HSMbox_2 13 If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_2 to 5.6.1 14 Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only) 15 Add IS6_HSMbox_2 to the cluster as a standby HSM box HSMbox_1 (P) SNL_2 IS6_HSMbox_1 (S) SNL_3 10 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_1 (S) SNL_3 Checkpoint 11 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_1 (S) SNL_3 IS6_HSMbox_2 12 13 ** In case replacement is planned over multiple downtime windows, break at checkpoint 14 15 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

14 2-box cluster : Detailed steps (3/3) (using third network connection)
SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_1 (S) 16 Disconnect HSMbox_1 from network 17 Remove HSMbox_1 from cluster configuration 18 Reset the cluster compatibility version of IS6_HSMbox_1 and IS6_HSMbox_2 19 Deregister all SNL instances except SNL_1 20 Register all SNL instances except SNL_1 21 Start all SNL and verify the message flow IS6_HSMbox_2 (SB) SNL_3 16 17 SNL_1 IS6_HSMbox_1 (P) SNL_2 18 IS6_HSMbox_2 (S) SNL_3 19 20 SNL_1 IS6_HSMbox_1 (P) SNL_2 IS6_HSMbox_2 (S) Return to list of scenarios Go to end of all scenarios SNL_3 21 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview

15 3-box Cluster : Overview
Current Intermediate Final Verify and ensure all prerequisite’s are met. Necessary PED keys, their pins and account passwords are available and verified. Stop all SNLs Disconnect & remove old secondary from cluster Add new HSM box to existing cluster as standby, using existing network connection Promote new HSM as Primary. Checkpoint – validate new HSM Disconnect & remove old standby from cluster Add new HSM box to existing cluster as standby, using existing network connection Repeat above 2 steps Re-register other SNLs Start all SNLs Verify MMF HSM Refresh- planning and replacement overview

16 3-box cluster : Detailed steps (1/4)
Stop all SNL instances. Manage replacement from SNL_1 2 Take backup of HSMbox_1 (for fallback purpose) 3 Disconnect HSMbox_2 from network 4 Remove HSMbox_2 from cluster configuration 5 Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2 6 Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2 7 If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1 8 Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only) 9 Add IS6_HSMbox_1 to the cluster as a standby HSM box SNL_1 HSMbox_1 (P) 2 HSMbox_2 (S) SNL_2 HSMbox_3 (SB) SNL_3 3 4 SNL_1 HSMbox_1 (P) SNL_2 HSMbox_3 (S) SNL_3 5 SNL_1 HSMbox_1 (P) SNL_2 HSMbox_3 (S) 6 IS6_HSMbox_1 SNL_3 7 8 9 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

17 3-box cluster : Detailed steps (2/4)
SNL_1 HSMbox_1 (P) 10 Promote IS6_HSMbox_1 to primary HSM box Check point ** Checkpoint - confidence test IS6_HSMbox_1 (optional) a) Deregister all SNL instances except SNL_1 b) Register all SNL instances except SNL_1 c) Start all SNL and verify the message flow d) Stop all SNL 11 Disconnect HSMbox_1 from network 12 Remove HSMbox_1 from cluster configuration 13 Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSMbox_1 HSMbox_3 (S) SNL_2 IS6_HSMbox_1 (SB) SNL_3 10 SNL_1 IS6_HSMbox_1 (P) HSMbox_3 (S) SNL_2 HSMbox_1 (SB) SNL_3 Checkpoint 11 12 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_3 (S) SNL_3 ** In case replacement is planned over multiple downtime windows, break at checkpoint 13 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview

18 3-box cluster : Detailed steps (3/4)
SNL_1 IS6_HSMbox_1 (P) 14 Configure IS6_HSMbox_2 with the same network parameters as HSMbox_1 15 If HSMbox_3 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_2 to 5.6.1 16 Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only) 17 Add IS6_HSMbox_2 to the cluster as a standby HSM box 18 Disconnect HSMbox_3 from network 19 Remove HSMbox_3 from cluster configuration 20 Reset the cluster compatibility version of IS6_HSMbox_1 and IS6_HSMbox_2 21 Prepare IS6_HSMbox_3 and connect it to network, using the network cable that was previously connected to HSMbox_3 SNL_2 HSMbox_3 (S) 14 IS6_HSMbox_2 SNL_3 15 16 17 SNL_1 IS6_HSMbox_1 (P) SNL_2 HSMbox_3 (S) IS6_HSMbox_2 (SB) SNL_3 18 19 SNL_1 IS6_HSMbox_1 (P) SNL_2 20 IS6_HSMbox_2 (S) SNL_3 21 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview

19 3-box cluster : Detailed steps (4/4)
SNL_1 IS6_HSMbox_1 (P) IS6_HSMbox_2 (S) SNL_2 22 Configure IS6_HSMbox_3 with the same network parameters as HSMbox_3 23 Initialize IS6_HSMbox_3 with the Remote PED Secret (For remote PED only) 24 Add IS6_HSMbox_3 to the cluster as a standby HSM box 25 Deregister all SNL instances except SNL_1 26 Register all SNL instances except SNL_1 27 Start all SNL and verify the message flow IS6_HSMbox_3 SNL_3 22 23 24 SNL_1 IS6_HSMbox_1 (P) IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_3 (SB) SNL_3 25 26 IS6_HSMbox_1 (P) SNL_1 IS6_HSMbox_2 (S) SNL_2 Return to list of scenarios Go to end of all scenarios IS6_HSMbox_3 (SB) SNL_3 27 (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview

20 4-box Cluster : Overview
Current Intermediate Final Verify and ensure all prerequisite’s are met. Necessary PED keys, their pins and account passwords are available and verified. Stop all SNLs Disconnect & remove old secondary from cluster Add new HSM box to existing cluster as standby, using existing network connection Promote new HSM as Primary. Checkpoint – validate new HSM Disconnect & remove old standby from cluster Add new HSM box to existing cluster as standby, using existing network connection Repeat above 2 steps for remaining boxes Re-register other SNLs Start all SNLs Verify MMF HSM Refresh- planning and replacement overview

21 4-box cluster : Detailed steps (1/5)
Stop all SNL instances. Manage replacement from SNL_1 2 Take backup of HSMbox_1 (for fallback purpose) 3 Disconnect HSMbox_2 from network 4 Remove HSMbox_2 from cluster configuration 5 Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2 6 Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2 7 If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1 8 Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only) 9 Add IS6_HSMbox_1 to the cluster as a standby HSM box HSMbox_1 (P) SNL_1 2 HSMbox_2 (S) SNL_2 HSMbox_3 (SB) HSMbox_4 (SB) SNL_3 3 4 HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 5 HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 6 IS6_HSMbox_1 7 8 9 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

22 4-box cluster : Detailed steps (2/5)
HSMbox_1 (P) SNL_1 HSMbox_3 (S) 10 Promote IS6_HSMbox_1 to primary HSM box Check point ** Checkpoint - confidence test IS6_HSMbox_1 (optional) a) Deregister all SNL instances except SNL_1 b) Register all SNL instances except SNL_1 c) Start all SNL and verify the message flow d) Stop all SNL 11 Disconnect HSMbox_1 from network 12 Remove HSMbox_1 from cluster configuration 13 Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSMbox_1 SNL_2 HSMbox_4 (SB) SNL_3 IS6_HSMbox_1 (SB) 10 IS6_HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 HSMbox_1 (SB) Checkpoint 11 12 IS6_HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) ** In case replacement is planned over multiple downtime windows, break at checkpoint SNL_3 13 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

23 4-box cluster : Detailed steps (3/5)
IS6_HSMbox_1 (P) SNL_1 HSMbox_3 (S) 14 Configure IS6_HSMbox_2 with the same network parameters as HSMbox_1 15 If HSMbox_3 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_2 to 5.6.1 16 Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only) 17 Add IS6_HSMbox_2 to the cluster as a standby HSM box 18 Disconnect HSMbox_3 from network 19 Remove HSMbox_3 from cluster configuration 20 Prepare IS6_HSMbox_3 and connect it to network, using the network cable that was previously connected to HSMbox_3 SNL_2 HSMbox_4 (SB) 14 IS6_HSMbox_2 SNL_3 15 16 17 IS6_HSMbox_1 (P) SNL_1 HSMbox_3 (S) SNL_2 HSMbox_4 (SB) SNL_3 IS6_HSMbox_2 (SB) 18 19 SNL_1 IS6_HSMbox_1 (P) HSMbox_4 (S) SNL_2 IS6_HSMbox_2 (SB) SNL_3 20 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

24 4-box cluster : Detailed steps (4/5)
IS6_HSMbox_1 (P) SNL_1 HSMbox_4 (S) 21 Configure IS6_HSMbox_3 with the same network parameters as HSMbox_3 22 If HSMbox_4 s on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_3 to 5.6.1 23 Initialize IS6_HSMbox_3 with the Remote PED Secret (For remote PED only) 24 Add IS6_HSMbox_3 to the cluster as a standby HSM box 25 Disconnect HSMbox_4 from network 26 Remove HSMbox_4 from cluster configuration 27 Reset the cluster compatibility version of IS6_HSMbox_1, IS6_HSMbox_2 and IS6_HSMbox_3 28 Prepare IS6_HSMbox_4 and connect it to network, using the network cable that was previously connected to HSMbox_4 SNL_2 IS6_HSMbox_2 (SB) 21 IS6_HSMbox_3 SNL_3 22 23 24 IS6_HSMbox_1 (P) SNL_1 HSMbox_4 (S) SNL_2 IS6_HSMbox_2 (SB) SNL_3 IS6_HSMbox_3 (SB) 25 26 SNL_1 IS6_HSMbox_1 (P) IS6_HSMbox_2 (S) SNL_2 27 IS6_HSMbox_3 (SB) SNL_3 28 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

25 4-box cluster : Detailed steps (5/5)
IS6_HSMbox_1 (P) SNL_1 IS6_HSMbox_2 (S) SNL_2 29 Configure IS6_HSMbox_4 with the same network parameters as HSMbox_4 30 Initialize IS6_HSMbox_4 with the Remote PED Secret (For remote PED only) 31 Add IS6_HSMbox_4 to the cluster as a standby HSM box 32 Deregister all SNL instances except SNL_1 33 Register all SNL instances except SNL_1 34 Start all SNL and verify the message flow IS6_HSMbox_3 (SB) SNL_3 29 IS6_HSMbox_4 30 31 IS6_HSMbox_1 (P) SNL_1 IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_3 (SB) SNL_3 IS6_HSMbox_4 (SB) 32 33 IS6_HSMbox_1 (P) SNL_1 IS6_HSMbox_2 (S) SNL_2 Return to list of scenarios Go to end of all scenarios IS6_HSMbox_3 (SB) SNL_3 IS6_HSMbox_4 (SB) 34 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

26 1-box Cluster : Overview
Current Intermediate Final Verify and ensure all prerequisite’s are met. Necessary PED keys, their pins and account passwords are available and verified. Stop all SNLs Backup old box Disconnect old box from network Configure new HSM box as stand-alone HSM box, using existing network connection Restore backup Register all SNLs Start all SNLs Verify MMF HSM Refresh- planning and replacement overview

27 1-box cluster : Detailed steps (1/2)
SNL_1 1 Deregister all SNL instances. 2 Take backup of HSMbox_1 3 Disconnect HSMbox_1 from network 4 Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_1 5 Configure IS6_HSMbox_1 with the same network parameters as HSMbox_1 6 If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1 7 Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only) 8 Configure IS6_HSMbox_1 as stand-alone HSM box HSMbox_1 (P) SNL_2 SNL_3 2 3 SNL_1 SNL_2 SNL_3 4 SNL_1 SNL_2 IS6_HSMbox_1 (P) SNL_3 5 6 7 8 HSM Refresh- planning and replacement overview (P) Primary; (S) Secondary; (SB) Standby

28 1-box cluster : Detailed steps (2/2)
9 Restore HSM backup on IS6_HSMbox_1 10 Reset the cluster compatibility version of IS6_HSMbox_1 11 Register all SNL instances 12 Start all SNL and verify the message flow 9 10 SNL_1 SNL_2 IS6_HSMbox_1 (P) SNL_3 11 SNL_1 IS6_HSMbox_1 (P) SNL_2 SNL_3 12 Return to list of scenarios Go to end of all scenarios (P) Primary; (S) Secondary; (SB) Standby HSM Refresh- planning and replacement overview

29 Thank you HSM Refresh- planning and replacement overview

30 Backup HSM Refresh- planning and replacement overview

31 Budgeting for box replacement
Build inventory of HSM boxes (and remote PEDs) to be replaced Include all environments with HSM boxes, like development, test, production & DR Include all spare boxes Identify location and tier of each box Verify against entitlement information provided by SWIFT Budget for box replacement HSM box fees Subsidized one-time fees per box & recurring annual fees Refer to pricing and subsidy from SWIFT or contact your SWIFT contact Deployment effort Project planning Sanity testing of new boxes & deployment preparation Installation and verification Use of external resources or consultants Tip: Procedure is similar to failure replacement Other costs Additional power source Decommission and destroy old boxes Incorporate best practices into operational procedures Attend training, e.g. new web class “Operating your HSM” HSM Refresh- planning and replacement overview

32 Replacement approach – key points
Recommend customers to configure and use each new HSM box in their test environment as confidence test, before adding them to their production environment. This can help detect hardware or software problems before production deployment. HSM boxes must be deployed in production environment during customer’s downtime window. This will avoid SPOF situation during business operations. To avoid network changes in the production environment, new HSM boxes will re-use the network connections and IP addresses of the current HSM boxes. This will avoid the need for new network cables, IP addresses, routing rules, firewall/router updates etc. HSM Refresh- planning and replacement overview

Download ppt "HSM Refresh – box replacement"

Similar presentations

Page 1 Shipping and Billing for Related (Owned) Factories By MIS Department.

Page 1 Shipping and Billing for Related (Owned) Factories By MIS Department.
Follow the instruction to install the PC Suite from the SD card: 1.Go to the settings -> SD Card & phone storage -> Enable the mass storage only mode 2.Connect.

Follow the instruction to install the PC Suite from the SD card: 1.Go to the settings -> SD Card & phone storage -> Enable the mass storage only mode 2.Connect.
Zhongxing Telecom Pakistan (Pvt.) Ltd

Zhongxing Telecom Pakistan (Pvt.) Ltd
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
State of New Jersey Department of Health and Senior Services Patient Safety Reporting System Module 2 – New Event Entry.

State of New Jersey Department of Health and Senior Services Patient Safety Reporting System Module 2 – New Event Entry.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.

Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.
Create an Application Title 1A - Adult Chapter 3.

Create an Application Title 1A - Adult Chapter 3.
Custom Services and Training Provider Details Chapter 4.

Custom Services and Training Provider Details Chapter 4.
Child Health Reporting System (CHRS) How to Submit VHSS Data

Child Health Reporting System (CHRS) How to Submit VHSS Data
Multiplying binomials You will have 20 seconds to answer each of the following multiplication problems. If you get hung up, go to the next problem when.

Multiplying binomials You will have 20 seconds to answer each of the following multiplication problems. If you get hung up, go to the next problem when.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Year 6 mental test 10 second questions

Year 6 mental test 10 second questions
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.

1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.

Similar presentations

Ads by Google