IBM Support

Firmware 4.1.0 ISO Update for QRadar M4 (2U) Appliances (xx05 & xx28)

Release Notes


Abstract

This firmware update (4.1.0) provided by IBM is the latest firmware for your IBM® Security QRadar® M4 appliances with easier to follow installations procedures. This update is only intended for 2U form factor QRadar appliances.

Content

Important: Select a tab to read each step of the firmware procedure.


Part 1: About the M4 2U Firmware v4.1.0 ISO Update


To install a firmware update on an M4 appliance, administrators must have IMM configured. This M4 firmware update v4.1.0 is a republish of the previous firmware update with new instructions for remotely updating firmware on appliances by updating IMM, then mounting an ISO file to complete the update. Tab one of this technical note outlines firmware versions and general information about the M4 appliance firmware upgrade. The 2nd tab contains installation instructions that have been updated to guide customers through a remote upgrade of their firmware using IMM. The main change in this update is to address a reported issue in the M5210 Raid controller firmware. This update modifies the version of the RAID Controller to roll back to a more stable version. Administrators with M4 appliances should schedule a change window for their deployment to update these appliances. If you applied firmware version 4.1.0 using a USB drive, there is no need to install the ISO version. For M3 or M5 firmware, see our FAQ page at http://ibm.biz/qradarfirmware.

Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.

Supported appliances, types, and model information


This firmware update applies to the following IBM Security QRadar M4 (2U form factor) appliances, server type, or Machine type models:

Hardware Details Size
Appliance IBM Security QRadar xx05 G2
IBM Security QRadar xx28 G2
IBM Security QRadar Incident Forensics xx28
IBM Security QRadar Packet Capture xx28
IBM Security QRadar Packet Capture Data Node xx28
2U
Server Type x3650 M4 BD 2U
Server Machine Type 5466 2U
Appliance Machine type models (MTM) 4380-Q1E
4380-Q2E
4531-G1E
4531-G2E
4531-G3E
2U


Important file changes and prerequisites in this firmware update


The table below lists important updates in the Base System Pack and HDD update. Administrators must ensure that their M4 appliance includes the minimum version outlined in the Pre-requisite version column. If your M4 appliance does not meet the pre-requisite versions outlined in the table below, the administrator will need to contact IBM QRadar Support to have a custom upgrade path defined for the M4 appliance.

Component Pre-requisite version Firmware version in this update File name 
IMM2 4.35 or later 1aoo76i-6.00 ibm_fw_imm2_1aoo76i-6.00_anyos_noarch
UEFI/BIOS  None yoe118c-1.80 ibm_fw_uefi_yoe118c-1.80_anyos_32-64
DSA  None dsyte2t-9.65 ibm_fw_dsa_dsyte2r-9.65_anyos_32-64
Emulex* None 15b-2.02x11-32 elx_fw_fc_15b-2.02x11-32_linux_32-64
RAID Controller M5210 None 5200-24.12.0-0024 ibm_fw_sraidmr_5200-24.12.0-0024_linux_32-64
RAID Controller M5110 None 6gb-23.34.0-0018 ibm_fw_sraidmr_5100-6gb-23.34.0-0018_linux_32-64
HDD Update  None sas-1.23.01 ibm_fw_hddlenovo_sas-1.23.01_linux_32-64
Backplane None 6gb-v2-sas-52f5 ibm_fw_exp-6gb-v2-sas-52f5_linux_32-64

Full Release Notes from Lenovo for firmware 4.1.0 updates


Change files (.chg) can be opened by any text editor. These files contain the full release notes provided by Lenovo to IBM for both CVEs and resolved issues that administrators might want to review.
Component File name  CVEs resolved in this package
IMM2 ibm_fw_imm2_1aoo76i-6.00_anyos_noarch CVE-2016-3706, CVE-2016-1234, CVE-2016-2177, CVE-2016-2178, CVE-2016-6313, CVE-2016-6302, CVE-2015-2179, CVE-2016-2181, CVE-2016-6306, CVE-2015-8605
UEFI/BIOS  ibm_fw_uefi_yoe118c-1.80_anyos_32-64 None
DSA  ibm_fw_dsa_dsyte2r-9.65_anyos_32-64 None
Emulex* elx_fw_fc_15b-2.02x11-32_linux_32-64 None
RAID Controller M5210 ibm_fw_sraidmr_5200-24.12.0-0024_linux_32-64 None
RAID Controller M5110 ibm_fw_sraidmr_5100-6gb-23.34.0-0018_linux_32-64 None
HDD Update  ibm_fw_hddlenovo_sas-1.23.00_linux_32-64 None
Backplane ibm_fw_exp-6gb-v2-sas-52f5_linux_32-64 None
Other Security Fixes None Security vulnerabilities resolved in open source packages where there is no IMM exposure: CVE-2016-2180, CVE-2016-2182, CVE-2016-2183, CVE-2016-6304, CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908, CVE-2016-3115, CVE-2016-3075, CVE-2016-4429, CVE-2016-2774, CVE-2016-6153, CVE-2015-8872, CVE-2016-6263, CVE-2016-4804, CVE-2016-6318, CVE-2015-2059, CVE-2015-8948, CVE-2016-6261, CVE-2016-6262

NOTE: A full change log of all files that can be read by creating the USB drive and navigate to \BootableMediaCreatorv9_66_05\workingdir\.. This directory has a historical list of all files that are packaged with the firmware update, not just the latest changes as outlined below in the attached file. Administrators can use any text editor to review the attached change list.

Qradar_2U_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_4_1_0.chg



Where do you find more information?




Before you begin


  • This installation method uses the hardware's integrated management module (IMM) to remotely update files.
  • Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.
  • If your appliances are in a HA pair, you must prepare your high-availability appliances using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.

  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.

  • The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages appear when the tool runs, but have a status of "undetected" and not selected to be updated.

  • Administrators should be aware that IMM2 v6.00 requires Java version 8 to open remote consoles. If administrators do not have Java version 8 installed on the workstation, the alternate option is to use ActiveX. Before you are able to take remote control of an appliance, a Java check is completed and instructions are provided to the administrator if Java 8 is not available.

Downloading and extracting the firmware update


  1. Download the QRadar M4 2U appliance firmware update v4.1.0 from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.3.0-QRADAR-FIRMWARE-M4-xx05-xx28-QVM-QRM-QIF-PCAP-4.1.0&includeSupersedes=0&source=fc

  2. Copy the M4 appliance firmware EXE to a directory on the Windows host.

  3. Double-click on the file:Qradar_2U_M4_ISO_MT5466_Firmware_Update_4_1_0.exe.

  4. Select or type a directory path for the M4 firmware update and click Extract.

  5. The following files are extracted to the Windows host.

Updating the IMM firmware


  1. Log in to the IMM interface on your QRadar M4 appliance.

  2. Select Server Management > Server Firmware from the menu.

  3. Click Update Firmware

  4. Click Select File and choose the IMM2 firmware update ibm_fw_imm2_1aoo76i-6.00_anyos_noarch.uxz downloaded for your M4 appliance.

  5. Click Next to upload and verify the IMM2 firmware file.

  6. In the Additional Options, select to update the primary and secondary firmware banks.

  7. Wait for the update the primary and secondary firmware banks to complete.

  8. Click Restart IMM and clear your browser cache.

  9. Results
    After the IMM interface reboots, log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.


Mounting the M4 Firmware ISO


  1. Click on Remote Control.

  2. To start the Remote Control session click on use Active X for Internet Explorer or Java for all other Browsers.

  3. Click on Start Remote Control in Single User Mode.
    NOTE: Administrators should always use single user mode for remote connections for updates.

  4. Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session for firmware updates.

  5. From the menu, select Virtual Media > Activate.

  6. From the menu, select Virtual Media > Select Devices to Mount.

  7. From the Devices window click on Add Image.

  8. Locate the ISO image you wish to use. Click Open.

  9. Select the CD/DVD QRadar_All_M4 is highlighted and verify that the Mapped check box is selected.

  10. Click Mount Selected.

  11. Power Up or Reboot the system to start the software installation process.

  12. As the appliance is rebooting, press the F12 key to select a boot device.


  13. At the Boot Devices Manager window use the arrow keys to navigate.

  14. Administrators must clear the Legacy Mode check box, then select the CD/DVDM option and press ENTER.

  15. The boot screen for the appliance is displayed. The IBM ToolsCenter Welcome page is displayed.

  16. When prompted, select the Updates option.

  17. Verify that the bootable media shows the correct machine type for the appliance.
    Hardware Details
    Server Type x3650 M4 BD
    Server Machine Type 5466

  18. To start the update, select Click here to start update.
    NOTE: Verify that the Updates list contains x3650 M4 BD -- machine type 5466 in the updates list.

  19. Select your language and click I accept the terms in the license agreement to continue.

  20. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.

  21. From the list of selected firmware items, verify that the selected items match the firmware items to update.

  22. To start applying the updates, click Next on the Update Options page.
    The bootable media creator starts to install firmware on the M4 appliance.

  23. Verify that all the firmware updates are applied, and click Next to complete the update.

  24. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.

  25. Select the USB flash drive and click OK.


  26. When all updates are complete, click Finish to reboot the appliance.

  27. The appliance reboots and starts up normally.



Emulex Update Error Messages


This update might issue an Emulex installation warning to administrators that can be ignored. Not all QRadar M5 pr M4 appliances ship with an Emulex card. The firmware update contains software to attempt to update the Emulex drivers; however, if the appliance does not include an Emulex, an installation error will be displayed, "Install did not succeed" as shown below.


Where do you find more information?



[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Hardware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
10 May 2019

UID

swg27050466