Skip to main content

Hardware Knowledge Base

Start your search by choosing your product and article type:

Technotes
Bulletins
Discontinuation Notices
Error Codes

HSM - Changing the IP Address of an RFS System after the Security World has been created

Process

  1. In Windows Explorer, navigate to the location of each HSM configuration file. Note: the default location is: %NFAST_KMDATA%\hsm-<esn>\config
  2. Make a new copy of the config file and edit the copy, updating it to reflect the IP address the RFS will move to:
  • The 'addr=' entry of the [hs_clients] section
  • The 'remote_ip=' entry in the [rfs_client] and [config_op] sections
  1. Open an administrative command prompt, and force push the edited HSM configuration file using the command: cfg-pushnethsm -a <HSM IP> -n <edited config filename>
  2. Update the IP address of the RFS system, and reboot the RFS server
  3. On the RFS server, open an administrative command prompt and re-push the edited HSM configuration file using the command: cfg-pushnethsm -a <HSM IP> <edited config filename>
  4. Confirm that the push of the edited configuration file succeeded by:
    1. Verifying that the last updated date/time of the HSM config file has changed to the current date/time
    2. Opening the file to verify that the changes made to the edited HSM configuration file in Step 2 are reflected in the current config file
  5. Using the administrative command prompt, reboot the HSM using the command: nethsmadmin -m <HSM module number> -r
  6. Restart the nFast Server service, then verify communication between the RFS and HSM using the administrative command prompt, and running the command: nopclearfail -m <HSM module number> -n
  7. Restart the Datacard HSM Server service
  8. Verify the status of the HSM in the HSM Management page of KMS
Note: if the RFS is installed on the same system as SQL Server and KMS (i.e. a single server configuration) the connection string for the SQL Server and the HSM Server registration may need to be updated if it not set as localhost or 127.0.0.1
*