The IBM Security Identity Manager Virtual Appliance allows performing firmware upgrade via USB device only. Lot of organizations have a strict policies on using USB devices and requires multiple approvals before you use a physical USB device in your lab.
Firmware upgrades for IBM security appliances like ISIM (IBM Security Identity Manager), ISIG (IBM Security Identity Governance) and PIM (Privileged Identity Manager) are of size 2GB+ and can take hours to deploy via USB in a virtual environment.
Starting firmware release ISIM 7.0.0.2 (7.0.0-ISS-SIM-FP0002), PIM 2.0.2 and IGI 5.2 firmware upgrades (pkg) files can be uploaded using a standalone java tool: FileUpload.jar. The pkg file can be uploaded from any system to the appliance by providing the appliance admin credentials. (NOTE: This is not a scp command wrapped in the form of a tool, but it actually sends "multipart chunked data" to the appliance using the appliance's file upload REST API).
So finally, a USB device is no longer needed to upgrade the appliance. With a good network, fileupload process should be done in few minutes.
You must install firmware release ISIM 7.0.0.2 (7.0.0-ISS-SIM-FP0002) or later before you can upload firmware release ISIM 7.0.0.3 or later using this awesome tool.
Steps to run this tool for uploading the pkg file:
Copy the FileUpload.jar (Download) to a system where Java is already installed. Java version 1.7 is recommended. You can use the Java version 1.7 installed with many IBM products, such as WebSphere Application Server also.
Copy the firmware update (pkg) file, obtained from IBM Fix Central, and a keystore temptrust.jks (Download) to the file system (password: WebAS). This is used to trust the certificate presented by the appliance before the tools begins sending data to the appliance.
Run the java command, as specified below, to upload the pkg file. Use the temptrust.jks file supplied, else create one using any certificate management tool like ikeyman or keytool.
Usage:
java -jar FileUpload.jar <Hostname:PORT> <AdminId> <AdminPassword> <Truststore Filepath> <Truststore Password> <Absolute path to pkg file>
Examples:
ISIMVA
java -jar FileUpload.jar isimva.ibm.com admin admin /work/temptrust.jks WebAS /Downloads/isimva_7.0.1.pkg
IGIVA
java -jar FileUpload.jar igiva.ibm.com:9443 admin admin /work/temptrust.jks WebAS /Downloads/igiva_5.2.pkg
PIMVA 2.0.1
java -jar FileUpload.jar pimva.ibm.com admin admin /work/temptrust.jks WebAS /Downloads/pimva_2.0.2.pkg
PIMVA 2.0.2
java -jar FileUpload.jar pimva.ibm.com:9443 admin admin /work/temptrust.jks WebAS /Downloads/pimva_2.0.2.pkg
java -jar FileUpload.jar <Hostname:PORT> <AdminId> <AdminPassword> <Truststore Filepath> <Truststore Password> <Absolute path to pkg file>
Examples:
ISIMVA
java -jar FileUpload.jar isimva.ibm.com admin admin /work/temptrust.jks WebAS /Downloads/isimva_7.0.1.pkg
IGIVA
java -jar FileUpload.jar igiva.ibm.com:9443 admin admin /work/temptrust.jks WebAS /Downloads/igiva_5.2.pkg
PIMVA 2.0.1
java -jar FileUpload.jar pimva.ibm.com admin admin /work/temptrust.jks WebAS /Downloads/pimva_2.0.2.pkg
PIMVA 2.0.2
java -jar FileUpload.jar pimva.ibm.com:9443 admin admin /work/temptrust.jks WebAS /Downloads/pimva_2.0.2.pkg
Once the pkg file is uploaded to the appliance, use the appliance CLI to install the firmware.
ISIMVA: isim > firmware_update > install_firmware
ISPIMVA: ispim > firmware_update > install_firmware
IGIVA: igi > upgrade > install
ISPIMVA: ispim > firmware_update > install_firmware
IGIVA: igi > upgrade > install
