HSM REFRESH FAQ FOR RUSSIAN CUSTOMERS

HSM Refresh FAQ for russian customers



 


HSM Refresh Overview:


•    Hardware Security Modules (HSMs) play a critical security role in protecting SWIFT messaging. HSM devices (LAN or USB based) are mandatory for FIN, InterAct and FileAct traffic. Customers can choose their HSM device, depending on their volume, resilience and technology requirements.

•    SWIFT will start replacing all existing HSM boxes with newer models, starting May 2014. This is required because the existing HSM boxes are reaching end-of-life.

•    The HSM refresh campaign will run from 2013 through 2015. SWIFT will communicate the campaign timeline and guidelines in Q2 2013. SWIFT will start shipping new boxes towards Nov 2014  , and the rollout campaign will continue through Q3 2015. Support for old boxes will cease at the end of Sept 2015.

•    SWIFT has foreseen a number of enhancements for the new HSM boxes, including ‘drop-in’ replacement and dual field-replaceable power supplies. The new boxes were also rigorously tested by a third-party expert to confirm their ‘server-grade’ hardware reliability.

•    SWIFT will facilitate the HSM refresh process in several ways. This includes subsidising all or some of the cost of replacement units and using ‘drop-in compatible’ HSM boxes to minimise the implementation effort.

•    SWIFT will also offer a simpler, lower-TCO (Total Cost of Ownership) alternative for customers. Alliance Remote Gateway is a new cloud service that lets customers connect Alliance Access or Alliance Entry directly to the SWIFT network without having to operate their own Alliance Gateway, SWIFTNet Link or Hardware Security Modules (HSMs). This approach reduces the need to maintain SWIFT-specific technical knowledge in-house, letting customers focus resources on business-related activities.



Question & Answers:


1.    What is the impact on existing customers with box HSMs?


All customers currently using HSM boxes must refresh with new box or alternative.
Refresh campaign will run from Nov 2014 till Jan 2015. Customers will be segmented into groups and scheduled for refresh across this period. Most customers should expect to be scheduled for shipments in 2014.
Support for old boxes will end on 30-Sept-2015.

2.    Do the HSM boxes purchased recently also have to be refreshed, why?


Yes. IS5 model of HSM is reaching end of support. This applies to IS5 model irrespective of when the boxes were bought.


3.    How and when will SWIFT communicate more information?


SWIFT  informed customers about the HSM refresh campaign individually in 2013 and will use standard communication channels in advance. Customers will be contacted by their service manager or by the campaign management team. Also authorized suppliers could make an announcement approved by SWIFT’s Moscow office.


A dedicated swift.com page (www.swift.com > Products & Services > A to Z > Hardware Security Module > Refresh campaign) has been created to provide detailed information for the HSM Refresh campaign. Updates will also be provided via SWIFT Community forums, Premium Plus service meetings, newsletters, announcements from authorized suppliers, etc.
External communication to whole community has begun in early Q2-2013. This has covered most details needed by customers to plan their refresh, namely options, pricing, timeline, alternatives, ordering process etc.

4.    When will new boxes be available?

Customers can start ordering new IS6 HSM boxes from mid-November 2013, which will begin shipping in December 2013. Ordering of old IS5 HSM boxes will stop at mid-November 2013. Note that new order is to buy additional boxes and not to refresh existing boxes.
Shipment of refresh boxes (replace old IS5 with new IS6) will begin shipping from Nov-2014  till the end of Jan 2015 as per the schedule established per customer.


5.    How can customers validate their entitlements?

SWIFT will inform each customer about their entitlement based on their current active contracts only. Customers should verify that SWIFT information matches their usage.

Suggestions for verification:


•    Check SWIFT invoices and look for HSM maintenance fees which are billed in January 2014.
•    Check the number of boxes installed in all environments (development, test, production, DR) and any spares.
•    List of active HSM contracts is available under Terminate HSM Box Maintenance on swift.com.
•    Consider infrastructure changes (moves or consolidation) which may have impacted # of HSMs.
•    Do not use the list of serial numbers to calculate entitlement. This information could be misleading since it may include all boxes ever shipped and does not represent an absolute current view.


6.    What is the new HSM box? What improvements do they offer compared with the previous generation of boxes?


New HSM box is from the same company as today – SafeNet, and is referred to as IS6 HSM box.
It contains all new enterprise class server-grade components and is designed to be backward compatible with currently deployed IS5 HSM boxes. This combined with redundant critical components makes the new box more reliable than the existing ones.


New box includes:


•    New hardware with enterprise class server-grade components
•    Redundancy for critical components

o    Contains two hot-swappable power supply
o    Field replaceable cooling fans

•    New PED can be used locally or remotely
•    New decommission button on back of box, mainly used in the unlikely event of returning boxes to  supplier for further utilization.
•    USB to serial adapter packaged along with the box
•    Visual indicator (led) on back of HSM box and an audio alarm helps monitor power supplies
•    New box is backward compatible. It can be interoperate with old boxes and so software upgrade or certificate migration is not needed.



7.    What is the life span of the new IS6 HSM boxes?


The lifetime is around 6-7 years and SWIFT will provide end of support notice 24 months in advance of the same.

8.    What infrastructure changes are needed to use new box?


New HSM box is similar to the existing one with minimal changes as illustrated below.
Power:


•    New HSM box contains two built-in hot swappable redundant power supply units (PSU) and each one is capable of running the box alone.

o    Customers must provision for additional power input, preferably from a different power source to make effective use of the added redundancy.
o    Each power unit is rated at 450W (existing is rated at 250W)

•    Length of power cable is expected to remain same.
•    Power consumption of HSM box (typical under normal operating conditions)

 

Activity Draws

Standby (connected to AC electrical mains but not powered on)

36W

Power-on Input Surge

15A

Active

105W

 

 

 

 

Dimension:

•    New boxes are slightly longer (10 mm, front to back) than existing ones.
•    1U rack mount chassis ; 482,6 x 533,4 x 43,8 mm ; 12.7kg
Temperature:
•    Operating tempature = 35°C
•    Storage boxes in temperature below 35°C


9.    How will existing HSM boxes migrate to new HSM boxes?


The new HSM boxes are designed to be compatible with existing HSM boxes. This means that the new HSM boxes can function alongside the existing HSM boxes in the same HSM cluster. This feature will not only simplify the migration procedure, but also reduce operational risk since the procedure is very similar to current HSM replacement procedure.


Refresh can be done one box at a time and no big-bang is required. It is recommended however to complete the refresh of the HSM boxes in a cluster as soon as possible.


High level steps for 2 box cluster:
-    Replace secondary HSM in the cluster with new HSM. Verify.
-    Promote the new HSM as Primary. Verify.
-    Replace secondary HSM with new HSM
Refer to swift.com for an overview of replacement scenarios and main steps.

10.    What is the impact for customers using remote PEDs?


Old remote PEDs will NOT work with new boxes. Hence, customers with remote PEDs must upgrade their existing remote PEDs with new PEDs before adding any new box into the cluster. New PEDs are backward compatible and will work with old and new boxes.


New PEDs are designed to work locally or remotely and hence, there will be only one type of PED. It will be packaged along with the box and also available separately for remote use.  Customers with large number of boxes should be able to use few of their PEDs (packaged with box) at remote office, reducing the need for ordering additional PEDs.

11.    Will remote PED be supported on Windows 7?


Yes, IS6 remote PED will be supported on Windows 7.
In fact, existing IS5 remote PED is also supported on Windows 7 starting with SNL R7.0.

12.    Will any of the HSM box commands on SWIFTNet Link change?


There are no changes expected to the existing commands. However, new commands will be added by SWIFTNet Link patch 7.0.25 which    can be downloaded in the SWIFT Download Centre  since July 2013. Note that this patch is NOT mandatory for the HSM Refresh.


SWIFTNet Link patch 7.0.25 will include:

 

•    New command to show the status of hardware components, such as the power supplies and fans
•    New events generated in case of power supply or fan failure


13.    How will customers be informed of power supply or fan issues?


Power supply and fans are redundant and no proactive manual checks are mandated. In rare case of a problem with these components, use HSM documentation for troubleshooting tips.
Each power supply unit (PSU) has an indicator light (LED) which shows different behavior, depending upon the situation and the condition of the PS. It also sounds an audible alarm.


New SNL release 7.0.25 will include monitoring of power supply and fans. It generates an event when problem is detected and also provides a new command to show health. This release is not mandatory for HSM refresh.

14.    Are there changes to the best practice for number of boxes needed per customer?


Current recommendation is documented in SN Resilience Guide and, there is no change to it.
For customers who are not running optimum configuration, HSM refresh is a good opportunity to review and implement optimum setup, which may lead to additional boxes or reduction of unused boxes.


Summary of current recommendations:


•    All production and DR clusters must at least have 2 boxes. Test environments may use single box clusters.
•    For customers running critical or high volume infrastructures, it is strongly suggested to have 3 or 4 box cluster to maintain redundancy even after a box failure.
(Internal customer resiliency requirements and architecture plays an important role in the choice between 3 or 4 boxes.)
•    Spares:


o    Customers having spare boxes should plan to deploy them, to increase the cluster resiliency or dismantle them.
o    If customers still want to maintain a spare box, such boxes must be connected to a power source and started before the “use by” date listed on the package. This is required to maintain the hardware properly for their intended life span.


15.    What is the best practice for number of (new) PEDS required per customer?

New PEDs can now be used locally or remotely and hence, recommendation is offered to help customers plan and order optimum number of PEDs which will reduce hardware waste and associated inventory and asset management effort.


Recommendation: Customers must maintain minimum 2 set of PEDs per site (locally or remotely).


Example customer setup:  2-box cluster in test; 3-box cluster each in PRD US & EU; 2-box cluster in DR; 1 spare each in PRD-US, PRD-EU and DR; 1 remote admin site
# of HSM boxes = 13
# of PEDs = 2 in test + 2 in PRD US + 2 in PRD EU + 2 in DR + 2 in remote site = 10 PEDs


Ordering: HSM box refresh forms will allow customers to choose lower # of PEDs. For remote setups, PEDs can be shipped to a different location.
No change is planned to the SN Resilience Guide.


16.    Should the new boxes be rebooted periodically?

Yes, customers should continue to reboot boxes every 12 months.


17.    When will support for new boxes start?


Support for new boxes starts as soon customer receives it. No formal end of support is defined yet.


18.    When will support for old boxes stop?


Support for old boxes will end on 30-Sept-2015. Until this time, SWIFT will continue to support old boxes. After this, no support for old boxes will be provided. 
Replacement of old boxes for a given customer will end six months after all the refresh boxes are shipped (if shipment for the end-customer devided in parts).
 
19.    What happens if old box fails during refresh period?


As a general policy, SWIFT will continue to support and repair old boxes until Sept-2015. However, specific policies will apply per customer based on their refresh status

3 scenarios exist:
1)    If an old box fails before new boxes are shipped, SWIFT will replace old box with old box as is today. If the customer wants to replace with new boxes, they can request SWIFT to accelerate their refresh shipment. Request will be processed manually based on the available capacity.
2)    Once refresh boxes are shipped, SWIFT will recommend customers to use the new box at customer premises as a replacement of the failed old box. Customers can still ask for an old box.
3)    Six months after all the boxes are shipped; SWIFT will stop replacing old boxes. This applies since customers are expected to install new boxes and decommission old ones within six months. For customers with multiple shipments, six months will be calculated from the last shipment.


20.    What is expected from old boxes after they are removed from cluster?


Old boxes will have go through cleanup and destroy process. SWIFT will provide documented guidelines for this.

21.    Will SWIFT offer services to help refresh?


SWIFT is interested in offering services to help the customer. Please contact your account manager.

 

 


 

 

HSM Refresh FAQ for russian customers

HSM Refresh Overview:

·         Hardware Security Modules (HSMs) play a critical security role in protecting SWIFT messaging. HSM devices (LAN or USB based) are mandatory for FIN, InterAct and FileAct traffic. Customers can choose their HSM device, depending on their volume, resilience and technology requirements.

·         SWIFT will start replacing all existing HSM boxes with newer models, starting Nov 2014. This is required because the existing HSM boxes are reaching end-of-life.

·         The HSM refresh campaign will run from 2013 through 2015. SWIFT will communicate the campaign timeline and guidelines in Q2 2013. SWIFT will start shipping new boxes towards Nov 2014[RS1] [MZ2] , and the rollout campaign will continue through Q3 2015. Support for old boxes will cease at the end of Sept 2015.

 

·         SWIFT has foreseen a number of enhancements for the new HSM boxes, including ‘drop-in’ replacement and dual field-replaceable power supplies. The new boxes were also rigorously tested by a third-party expert to confirm their ‘server-grade’ hardware reliability.

·         SWIFT will facilitate the HSM refresh process in several ways. This includes subsidising all or some of the cost of replacement units and using ‘drop-in compatible’ HSM boxes to minimise the implementation effort.

·         SWIFT will also offer a simpler, lower-TCO (Total Cost of Ownership) alternative for customers. Alliance Remote Gateway is a new cloud service that lets customers connect Alliance Access or Alliance Entry directly to the SWIFT network without having to operate their own Alliance Gateway, SWIFTNet Link or Hardware Security Modules (HSMs). This approach reduces the need to maintain SWIFT-specific technical knowledge in-house, letting customers focus resources on business-related activities.


 

Question & Answers: 

1.       What is the impact on existing customers with box HSMs?

All customers currently using HSM boxes must refresh with new box or alternative.

Refresh campaign will run from Nov 2014 till Jan 2015. Customers will be segmented into groups and scheduled for refresh across this period. Most customers should expect to be scheduled for shipments in 2014.

Support for old boxes will end on 30-Sept-2015.

2.      Do the HSM boxes purchased recently also have to be refreshed, why?

Yes. IS5 model of HSM is reaching end of support. This applies to IS5 model irrespective of when the boxes were bought.

3.      How and when will SWIFT communicate more information? 

SWIFT  informed customers about the HSM refresh campaign individually in 2013 and will use standard communication channels in advance. Customers will be contacted by their service manager or by the campaign management team. Also authorized suppliers could make an announcement approved by SWIFT’s Moscow office.

A dedicated swift.com page (www.swift.com > Products & Services > A to Z > Hardware Security Module > Refresh campaign) has been created to provide detailed information for the HSM Refresh campaign. Updates will also be provided via SWIFT Community forums, Premium Plus service meetings, newsletters, announcements from authorized suppliers, etc.

External communication to whole community has begun in early Q2-2013. This has covered most details needed by customers to plan their refresh, namely options, pricing, timeline, alternatives, ordering process etc.

 

4.      When will new boxes be available?

Customers can start ordering new IS6 HSM boxes from mid-November 2013, which will begin shipping in December 2013[RS3] [MZ4] . Ordering of old IS5 HSM boxes will stop at mid-November 2013. Note that new order is to buy additional boxes and not to refresh existing boxes.

Shipment of refresh boxes (replace old IS5 with new IS6) will begin shipping from Nov-2014  till the end of Jan 2015 as per the schedule established per customer.

5.      How can customers validate their entitlements?

SWIFT will inform each customer about their entitlement based on their current active contracts only. Customers should verify that SWIFT information matches their usage.

Suggestions for verification:

·         Check SWIFT invoices and look for HSM maintenance fees which are billed in January 201[RS5] 4[MZ6] .

·         Check the number of boxes installed in all environments (development, test, production, DR) and any spares.

·         List of active HSM contracts is available under Terminate HSM Box Maintenance on swift.com.

·         Consider infrastructure changes (moves or consolidation) which may have impacted # of HSMs.

·         Do not use the list of serial numbers to calculate entitlement. This information could be misleading since it may include all boxes ever shipped and does not represent an absolute current view.

6.      What is the new HSM box? What improvements do they offer compared with the previous generation of boxes?

New HSM box is from the same company as today –SafeNet, and is referred to as IS6 HSM box.

It contains all new enterprise class server-grade components and is designed to be backward compatible with currently deployed IS5 HSM boxes. This combined with redundant critical components makes the new box more reliable than the existing ones.

New box includes:

·         New hardware with enterprise class server-grade components

·         Redundancy for critical components

o   Contains two hot-swappable power supply

o   Field replaceable cooling fans

·         New PED can be used locally or remotely

·         New decommission button on back of box, mainly used in the unlikely event of returning boxes to  supplier for further utilization.

·         USB to serial adapter packaged along with the box

·         Visual indicator (led) on back of HSM box and an audio alarm helps monitor power supplies

·         New box is backward compatible. It can be interoperate with old boxes and so software upgrade or certificate migration is not needed.

7.      What is the life span of the new IS6 HSM boxes? 

The lifetime is around 6-7 years and SWIFT will provide end of support notice 24 months in advance of the same.

8.      What infrastructure changes are needed to use new box?

New HSM box is similar to the existing one with minimal changes as illustrated below.

Power:

·         New HSM box contains two built-in hot swappable redundant power supply units (PSU) and each one is capable of running the box alone.

o   Customers must provision for additional power input, preferably from a different power source to make effective use of the added redundancy.

o   Each power unit is rated at 450W (existing is rated at 250W)

·         Length of power cable is expected to remain same.

·         Power consumption of HSM box (typical under normal operating conditions)

Activity 

Draws 

Standby (connected to AC electrical mains but not powered on)

36W

Power-on Input Surge

 

15A

Active

105W

Dimension:

·         New boxes are slightly longer (10 mm, front to back) than existing ones.

·         1U rack mount chassis ; 482,6 x 533,4 x 43,8 mm ; 12.7kg

Temperature:

·         Operating tempature = 35°C

·         Storage boxes in temperature below 35°C

9.      How will existing HSM boxes migrate to new HSM boxes?

The new HSM boxes are designed to be compatible with existing HSM boxes. This means that the new HSM boxes can function alongside the existing HSM boxes in the same HSM cluster. This feature will not only simplify the migration procedure, but also reduce operational risk since the procedure is very similar to current HSM replacement procedure.

Refresh can be done one box at a time and no big-bang is required. It is recommended however to complete the refresh of the HSM boxes in a cluster as soon as possible.

High level steps for 2 box cluster:

-          Replace secondary HSM in the cluster with new HSM. Verify.

-          Promote the new HSM as Primary. Verify.

-          Replace secondary HSM with new HSM

Refer to swift.com for an overview of replacement scenarios and main steps.

10.   What is the impact for customers using remote PEDs?

Old remote PEDs will NOT work with new boxes. Hence, customers with remote PEDs must upgrade their existing remote PEDs with new PEDs before adding any new box into the cluster. New PEDs are backward compatible and will work with old and new boxes.

New PEDs are designed to work locally or remotely and hence, there will be only one type of PED. It will be packaged along with the box and also available separately for remote use.  Customers with large number of boxes should be able to use few of their PEDs (packaged with box) at remote office, reducing the need for ordering additional PEDs.

11.    Will remote PED be supported on Windows 7?

Yes, IS6 remote PED will be supported on Windows 7.

In fact, existing IS5 remote PED is also supported on Windows 7 starting with SNL R7.0.

12.   Will any of the HSM box commands on SWIFTNet Link change?

There are no changes expected to the existing commands. However, new commands will be added by SWIFTNet Link patch 7.0.25 which    can be downloaded in the SWIFT Download Centre  since July 2013. Note that this patch is NOT mandatory for the HSM Refresh.

SWIFTNet Link patch 7.0.25 will include:

·         New command to show the status of hardware components, such as the power supplies and fans

·         New events generated in case of power supply or fan failure

13.   How will customers be informed of power supply or fan issues?

Power supply and fans are redundant and no proactive manual checks are mandated. In rare case of a problem with these components, use HSM documentation for troubleshooting tips.

Each power supply unit (PSU) has an indicator light (LED) which shows different behavior, depending upon the situation and the condition of the PS. It also sounds an audible alarm.

New SNL release 7.0.25 will include monitoring of power supply and fans. It generates an event when problem is detected and also provides a new command to show health. This release is not mandatory for HSM refresh.

14.   Are there changes to the best practice for number of boxes needed per customer?

Current recommendation is documented in SN Resilience Guide and, there is no change to it.

For customers who are not running optimum configuration, HSM refresh is a good opportunity to review and implement optimum setup, which may lead to additional boxes or reduction of unused boxes.

Summary of current recommendations:

·         All production and DR clusters must at least have 2 boxes. Test environments may use single box clusters.

·         For customers running critical or high volume infrastructures, it is strongly suggested to have 3 or 4 box cluster to maintain redundancy even after a box failure.
(Internal customer resiliency requirements and architecture plays an important role in the choice between 3 or 4 boxes.)

·         Spares:

o   Customers having spare boxes should plan to deploy them, to increase the cluster resiliency or dismantle them.

o   If customers still want to maintain a spare box, such boxes must be connected to a power source and started before the “use by” date listed on the package. This is required to maintain the hardware properly for their intended life span.

15.   What is the best practice for number of (new) PEDS required per customer?

New PEDs can now be used locally or remotely and hence, recommendation is offered to help customers plan and order optimum number of PEDs which will reduce hardware waste and associated inventory and asset management effort.

Recommendation: Customers must maintain minimum 2 set of PEDs per site (locally or remotely).

Example customer setup:  2-box cluster in test; 3-box cluster each in PRD US & EU; 2-box cluster in DR; 1 spare each in PRD-US, PRD-EU and DR; 1 remote admin site
# of HSM boxes = 13
# of PEDs = 2 in test + 2 in PRD US + 2 in PRD EU + 2 in DR + 2 in remote site = 10 PEDs

Ordering: HSM box refresh forms will allow customers to choose lower # of PEDs. For remote setups, PEDs can be shipped to a different location.

No change is planned to the SN Resilience Guide.

16.   Should the new boxes be rebooted periodically?


Yes, customers should continue to reboot boxes every 12 months.

17.   When will support for new boxes start?

Support for new boxes starts as soon customer receives it. No formal end of support is defined yet.

18.   When will support for old boxes stop?

Support for old boxes will end on 30-Sept-2015. Until this time, SWIFT will continue to support old boxes. After this, no support for old boxes will be provided[RS7] [MZ8] . [MZ9] 

Replacement of old boxes for a given customer will end six months after all the refresh boxes are shipped (if shipment for the end-customer devided in parts).
 

19.   What happens if old box fails during refresh period?

As a general policy, SWIFT will continue to support and repair old boxes until Sept-2015. However, specific policies will apply per customer based on their refresh status

3 scenarios exist:

1)      If an old box fails before new boxes are shipped, SWIFT will replace old box with old box as is today. If the customer wants to replace with new boxes, they can request SWIFT to accelerate their refresh shipment. Request will be processed manually based on the available capacity.

2)      Once refresh boxes are shipped, SWIFT will recommend customers to use the new box at customer premises as a replacement of the failed old box. Customers can still ask for an old box.

3)      Six months after all the boxes are shipped; SWIFT will stop replacing old boxes. This applies since customers are expected to install new boxes and decommission old ones within six months. For customers with multiple shipments, six months will be calculated from the last shipment.

20.  What is expected from old boxes after they are removed from cluster?

Old boxes will have go through cleanup and destroy process. SWIFT will provide documented guidelines for this.

21.   Will SWIFT offer services to help refresh?

SWIFT is interested in offering services to help the customer. Please contact your account manager.

 [RS1]Doesn’t match previous bullet. Can we change both to Q4-2014 since refresh boxes cannot be sent before that.

 [MZ2]I thought that doesn’t limit only refresh and mens that New orders could be ordered from that Q1 2014, as well.

This is my misunderstanding, we can match all bullets together in such manner.

 [RS3]For new orders, we did ship in Dec-2013. Why change to Jan?

 [MZ4]Then we have to change the next sentence is such manner. As announced in SWIFTS newsletter.

 [RS5]2014 may be more appropriate since it will show latest contracts

 [MZ6]I’ve put 2013 because I didn’t know actually when you’ve made your plan with customers, that you have send me during conference call some weeks ago.

If it is ok for your part we can state 2014 here. Or completely delete.

 [RS7]No support means customer cannot contact SWIFT for any problems associated with IS5, which includes access to KB, support staff etc.

 [MZ8]Ok.

 [MZ9]Maybe, tere is necessity to explain what does this statement means in detail.

HSM Refresh FAQ for customers – Produced by SWIFT on 30 April 2014



Stay connected
           

© ROSSWIFT 2018,  eng.rosswift.ru.
Russia, 119048, Moscow, Kooperativnaya street, 4-15.  Tel.: +7 (499) 272-02-32, Fax: +7 (495) 782-14-03