HSM - Changing the IP Address of an RFS System after the Security World has been created

Process

1. In Windows Explorer, navigate to the location of each HSM configuration file. Note: the default location is: %NFAST_KMDATA%\hsm-<esn>\config
2. Make a new copy of the config file and edit the copy, updating it to reflect the IP address the RFS will move to:

• The 'addr=' entry of the [hs_clients] section
• The 'remote_ip=' entry in the [rfs_client] and [config_op] sections

3. Open an administrative command prompt, and force push the edited HSM configuration file using the command: cfg-pushnethsm -a <HSM IP> -n <edited config filename>
4. Update the IP address of the RFS system, and reboot the RFS server
5. On the RFS server, open an administrative command prompt and re-push the edited HSM configuration file using the command: cfg-pushnethsm -a <HSM IP> <edited config filename>
6. Confirm that the push of the edited configuration file succeeded by:
   1. Verifying that the last updated date/time of the HSM config file has changed to the current date/time
   2. Opening the file to verify that the changes made to the edited HSM configuration file in Step 2 are reflected in the current config file
7. Using the administrative command prompt, reboot the HSM using the command: nethsmadmin -m <HSM module number> -r
8. Restart the nFast Server service, then verify communication between the RFS and HSM using the administrative command prompt, and running the command: nopclearfail -m <HSM module number> -n
9. Restart the Datacard HSM Server service
10. Verify the status of the HSM in the HSM Management page of KMS

Note: if the RFS is installed on the same system as SQL Server and KMS (i.e. a single server configuration) the connection string for the SQL Server and the HSM Server registration may need to be updated if it not set as localhost or 127.0.0.1