HSM - Changing the IP Address of an RFS System after the Security World has been created
Process
- In Windows Explorer, navigate to the location of each HSM configuration file. Note: the default location is: %NFAST_KMDATA%\hsm-<esn>\config
- Make a new copy of the config file and edit the copy, updating it to reflect the IP address the RFS will move to:
- The 'addr=' entry of the [hs_clients] section
- The 'remote_ip=' entry in the [rfs_client] and [config_op] sections
- Open an administrative command prompt, and force push the edited HSM configuration file using the command: cfg-pushnethsm -a <HSM IP> -n <edited config filename>
- Update the IP address of the RFS system, and reboot the RFS server
- On the RFS server, open an administrative command prompt and re-push the edited HSM configuration file using the command: cfg-pushnethsm -a <HSM IP> <edited config filename>
- Confirm that the push of the edited configuration file succeeded by:
- Verifying that the last updated date/time of the HSM config file has changed to the current date/time
- Opening the file to verify that the changes made to the edited HSM configuration file in Step 2 are reflected in the current config file
- Using the administrative command prompt, reboot the HSM using the command: nethsmadmin -m <HSM module number> -r
- Restart the nFast Server service, then verify communication between the RFS and HSM using the administrative command prompt, and running the command: nopclearfail -m <HSM module number> -n
- Restart the Datacard HSM Server service
- Verify the status of the HSM in the HSM Management page of KMS
Note: if the RFS is installed on the same system as SQL Server and KMS (i.e. a single server configuration) the connection string for the SQL Server and the HSM Server registration may need to be updated if it not set as localhost or 127.0.0.1