Summary
An RFS system that has already been configured with a Security World needs to have its IP address changed.
Process
-
In Windows Explorer, navigate to the location of each HSM configuration file.
Note:
the default location is:
%NFAST_KMDATA%\hsm-<esn>\config - Make a new copy of the config file and edit the copy, updating it to reflect the IP address the RFS will move to:
-
The '
addr=' entry of the[hs_clients]section -
The '
remote_ip=' entry in the[rfs_client]and[config_op]sections
-
Open an administrative command prompt, and force push the edited HSM configuration file using the command:
cfg-pushnethsm -a <HSM IP> -n <edited config filename> - Update the IP address of the RFS system, and reboot the RFS server
-
On the RFS server, open an administrative command prompt and re-push the edited HSM configuration file using the command:
cfg-pushnethsm -a <HSM IP> <edited config filename> -
Confirm that the push of the edited configuration file succeeded by:
- Verifying that the last updated date/time of the HSM config file has changed to the current date/time
- Opening the file to verify that the changes made to the edited HSM configuration file in Step 2 are reflected in the current config file
-
Using the administrative command prompt, reboot the HSM using the command:
nethsmadmin -m <HSM module number> -r -
Restart the nFast Server service, then verify communication between the RFS and HSM using the administrative command prompt, and running the command:
nopclearfail -m <HSM module number> -n - Restart the Datacard HSM Server service
- Verify the status of the HSM in the HSM Management page of KMS
Note : if the RFS is installed on the same system as SQL Server and KMS (i.e. a single server configuration) the connection string for the SQL Server and the HSM Server registration may need to be updated if it not set as localhost or 127.0.0.1