Firmware 2.1.0 ISO Update for All QRadar M5 Appliances

Part 1: About the M5 Firmware v2.1.0 ISO Update

To install a firmware update on an M5 appliance, administrators must have IMM configured. This M5 firmware update v2.1.0 is a republish of the previous firmware update with new instructions for remotely updating firmware on appliances by updating IMM, then mounting an ISO file to complete the update. The installation instructions in tab Part 2 have been updated to guide customers through a remote upgrade of their firmware. Tab one of this technical note outlines firmware versions and general information about the M5 appliance firmware upgrade. The main change in this update is to address a reported issue in the M5210 Raid controller firmware. This update modifies the version of the RAID Controller to roll back to a more stable version. Administrators with M5 appliances should schedule a change window for their deployment to update these appliances. For M3 or M4 firmware, see our FAQ page at http://ibm.biz/qradarfirmware.

Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.

Supported appliances, types, and model information

This firmware update applies to the following IBM Security QRadar M5 appliances, server type, or Machine type models:

Appliance Name	Server Type	Lenovo Server Machine Type	IBM Machine Type-Model
IBM Security QRadar xx05 G3	x3550 M5	MT 8869	4412-Q1E
IBM Security QRadar Event Collector 1501 G3	x3550 M5	MT 8869	4412-Q4D
IBM Security QRadar Network Insights 1901	x3550 M5	MT 8869	4412-F4Y
IBM Security QRadar xx29	x3650 M5	MT 8871	4412-Q2A
IBM Security QRadar xx48	x3650 M5	MT 8871	4412-Q3B
IBM Security QRadar Incident Forensics	x3650 M5	MT 8871	4412-F1A
IBM Security QRadar Network Insights 1920	x3650 M5	MT 8871	4412-F3F
IBM Security QRadar Network Packet Capture	x3650 M5	MT 8871	4412-F2C

Table 1: List of appliances that the M5 appliance firmware 2.1.0 can update.

Important file changes and prerequisites in this firmware update

The core change in this release (2.1.0) is to update the 5210 RAID Controller to a stable version as administrators reported issues with an existing RAID firmware module. Administrators must ensure that their M5 appliance includes the minimum version outlined in the Prerequisites column, if any are required by this update.

Component	Prerequisites	Firmware versions installed by v2.1.0	File name
IMM2	None	tcoe26h-3.75	oem_fw_imm2_tcoe26h-3.75_anyos_noarch
UEFI/BIOS  (1U 8869)	None	tbeg28j-2.32	oem_fw_uefi_tbeg28j-2.32_anyos_32-64
UEFI/BIOS  (2U 8871)	None	tceg28j-2.32	oem_fw_uefi_tceg28j-2.32_anyos_32-64
DSA	None	dsaoa8n-10.2	oem_fw_dsa_dsaoa8n-10.2_anyos_anycpu
Emulex*	None	16b-2.03x7-42	elx-lnvgy_fw_fc_16b-2.03x7-42_linux_32-64
RAID Controller M1215	None	1200-24.12.0-0038	lnvgy_fw_sraidmr_1200-24.12.0-0038_linux_32-64
RAID Controller M5210	None	5200-24.12.0-0024	lnvgy_fw_sraidmr_5200-24.12.0-0024_linux_32-64
HDD Update	None	sas-1.22.05	lnvgy_fw_hdd_sas-1.22.05_linux_32-64

Table 2: Components, prerequisites, and software versions updated by the M5 firmware update v2.0.1.

Notes:

CVEs and change list information for firmware 2.1.0 updates


Change files (.chg) can be opened by any text editor. These files contain the full release notes provided by Lenovo to IBM for both CVEs and resolved issues that administrators might want to review.

Component	File name	CVEs resolved in this package
IMM2	oem_fw_imm2_tcoe26h-3.70_anyos_noarch	CVE-2016-3706, CVE-2016-1234, CVE-2016-2177, CVE-2016-2178, CVE-2016-6313, CVE-2016-6302, CVE-2015-2179, CVE-2016-2181, CVE-2016-6306, CVE-2015-8605
UEFI/BIOS  (1U 8869)	oem_fw_uefi_tbeg28j-2.32_anyos_32-64	None
UEFI/BIOS  (2U 8871)	oem_fw_uefi_tceg28j-2.32_anyos_32-64	None
DSA	oem_fw_dsa_dsaoa8n-10.2_anyos_anycpu	None
Emulex*	elx-lnvgy_fw_fc_16b-2.03x7-42_linux_32-64	None
RAID Controller M1215	lnvgy_fw_sraidmr_1200-24.12.0-0038_linux_32-64	None
RAID Controller M5210	lnvgy_fw_sraidmr_5200-24.12.0-0024_linux_32-64	None
HDD Update	lnvgy_fw_hdd_sas-1.22.05_linux_32-64	None
Other Security Fixes	None	Security vulnerabilities resolved in open source packages where there is no IMM exposure: CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908, CVE-2016-3115, CVE-2016-3075, CVE-2016-4429, CVE-2016-2774, CVE-2016-6153, CVE-2016-6304, CVE-2015-8872, CVE-2016-6263, CVE-2016-4804, CVE-2016-6318, CVE-2015-2059, CVE-2015-8948, CVE-2016-6261, CVE-2016-6262, CVE-2016-2180, CVE-2016-2182, CVE-2016-2183





Detailed Change for M5 Firmware Version 2.1.0


A change log summary is attached for the software installed by this firmware update. Administrators can use any text editor to review the attached change list. The EXE file also includes a change list (.chg file) for each individual firmware package. Administrators can navigate to the /workingdir folder after extracting the EXE to view individual firmware updates.

Click the .chg file and open document in a text editor program: Qradar_All_M5_1U_MT8869_x3550_2U_MT8871_x3650_Qradar_QNI_PCAP_QIF_2_1_0.chg




Where do you find more information?


---

Before you begin

• This installation method uses the hardware's integrated management module (IMM) to remotely update files.
• Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.
• If your appliances are in a HA pair, you must prepare your high-availability appliances using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.


• A number of hard disk drive updates can be installed by this firmware. The HDD update tool examines the hard disk drive types that are present and selects the most current firmware level that is available based on the drive type automatically.


• The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages are displayed during the update with a status of "undetected" and not selected to be updated. The administrator can disregard any packages labeled as undetected


• If the Emulex card firmware does not install as intended or you experience an issue, you can continue the firmware installation and any Emulex issues will be addressed in the next firmware update. If you do not have an Emulex card with your appliance, the installation instructions include a screen capture of the error message that is generated during the firmware install.

Downloading and extracting the firmware update

1. Download the QRadar M5 appliance firmware update from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.3.0-QRADAR-FIRMWARE-M5-QRadar-QNI-PCAP-QIF-2.1.0&includeSupersedes=0&source=fc


2. Copy the M5 appliance firmware EXE to a directory on the Windows host.


3. Double-click on the file:Qradar_All_M5_ISO_MT8869_x3550_MT8871_x3650_2_1_0.exe.


4. Select or type a directory path for the M5 firmware update and click Extract.
   


5. The following files are extracted to the Windows host.
   

Updating the IMM firmware

1. Log in to the IMM interface on your QRadar M5 appliance.


2. Select Server Management > Server Firmware from the menu.
   


3. Click Update Firmware
   


4. Click Select File and choose the IMM2 firmware update oem_fw_imm2_tcoe26o-3.75_anyos_noarch.uxz downloaded for your M5 appliance.
   


5. Click Next to upload and verify the IMM2 firmware file.
   


6. In the Additional Options, select to update the primary and secondary firmware banks.
   


7. Wait for the update the primary and secondary firmware banks to complete.
   


8. Click Restart IMM and clear your browser cache.

Results
After the IMM interface reboots, log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.

Mounting the M5 Firmware ISO

1. Click on Remote Control.
   


2. To start the Remote Control session click on use Active X for Internet Explorer or Java for all other Browsers.


3. Click on Start Remote Control in Single User Mode.
   NOTE: Administrators should always use single user mode for remote connections for updates.


4. Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session for firmware updates.


5. From the menu, select Virtual Media > Activate.
   


6. From the menu, select Virtual Media > Select Devices to Mount.
   


7. From the Devices window click on Add Image.
   


8. Locate the ISO image you wish to use. Click Open.
   


9. Select the CD/DVD QRadar_All_M5 is highlighted and verify that the Mapped check box is selected.
   


10. Click Mount Selected.
    


11. Power Up or Reboot the system to start the software installation process.


12. As the appliance is rebooting, press the F12 key to select a boot device.



13. At the Boot Devices Manager window use the arrow keys to navigate.


14. Administrators must cleart the Legacy Mode check box, then select the CD/DVDM option and press ENTER.
    


15. The boot screen for the appliance is displayed. The IBM ToolsCenter Welcome page is displayed.
    


16. When prompted, select the Updates option.
    


17. Verify that the Updates list shows the correct machine type for the appliance.
    

    Hardware	Details
    Server Type	x3550 M5 x3650 M5
    Server Machine Type	MT 8869 MT 8871

    
    NOTE: For example, System x3650 M5 -- machine type 8871.
    
18. To start the update link, select Click here to start update.
    


19. Select your language and click I accept the terms in the license agreement to continue.
    


20. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
    


21. From the list of selected firmware items, verify that the selected items match the firmware items to update.
    


22. If your appliance has a secondary firmware bank, select the Target the secondary firmware bank check box and Click Next. If you do not have an alternate firmware bank, this option is ignored.


23. To start applying the updates, click Next on the Update Options page.

The bootable media creator starts to install firmware on the M5 appliance.


24. Verify that all the firmware updates are applied, and click Next to complete the update.
    

(Click to enlarge image)

25. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
    

(Click to enlarge image)

26. Select the USB flash drive and click OK.
    


27. When all updates are complete, click Finish to reboot the appliance.


28. The appliance reboots and starts up normally.

Emulex Update Error Messages

This update might issue an Emulex installation warning to administrators that can be ignored. Not all QRadar M5 pr M4 appliances ship with an Emulex card. The firmware update contains software to attempt to update the Emulex drivers; however, if the appliance does not include an Emulex, an installation error will be displayed, "Install did not succeed" as shown below.

Where do you find more information?

---