IBM Support

QRadar Firmware 5.0 for xSeries M4 1U Appliances (USB local installs)

Release Notes


Abstract

This firmware update (5.0) provided by IBM is the latest firmware for your IBM® Security QRadar® M4 appliances. This update is only intended for M4 1U form factor QRadar appliances where administrators want to update appliances using a USB key. This firmware update is intended for local M4 hardware on QRadar 12xx, 13xx, 15xx, & 2100 appliances.

Content


Important: Select a tab to read each step of the firmware procedure.


Part 1: About the M4 firmware 5.0 update


To update the firmware on an M4 appliance, administrators can use a Windows host with the Bootable Media Creator (BoMC) software tool to create a USB drive that is suitable for applying firmware updates. Administrators must be on-site (on premise) with the appliance to complete this firmware update using a USB flash drive.

IMPORTANT: The version of the Bootable Media Creator utility that is packaged in the setup file is not compatible with Windows 8 or Windows 10. Administrators can use a Windows 7 operating system to create the USB key. Administrators can use a Windows 7 operating system to create the USB key. If you do not have access to a Windows 7 system, you can use IMM to update your QRadar appliance.


Supported appliances, types, and model information


This firmware update applies to the following IBM Security QRadar M4 (1U form factor) appliances, server type, or Machine type models:

Hardware Details Size
Appliance IBM Security QRadar 2100 G2
IBM Security Qflow Collector 1201
IBM Security Qflow Collector 1202
IBM Security Qflow Collector 1301
IBM Security Qflow Collector 1310
IBM Security Event Collector 1501 G2
1U
Server Type x3550 M4 1U
Server Machine Type 7914 1U
Machine type models (MTM) 4380-Q1C
4380-Q2C
4380-Q3C
4380-Q4C
4380-Q5C
4380-Q6C
1U



Important file changes and prerequisites in this firmware update


The table below lists important updates in the Base System Pack and HDD update. Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the pre-requisite versions outlined in the table below, the administrator will need to contact IBM QRadar Support to have a custom upgrade path defined for the M4 appliance.

IMPORTANT: Administrators might see a warning message about a required firmware update of uEFI to version 1.20(TCE108i) during installation. This is a benign error message and the administrator can click OK and ignore the message. See the installation tab of this release note for more information.


Component Prerequisite version Firmware version in this update File name 
IMM2 4.35 or later 1aoo80g-6.40 ibm_fw_imm2_1aoo80g-6.40_anyos_noarch
UEFI/BIOS  None d7e158d-2.40 ibm_fw_uefi_d7e158d-2.40_anyos_32-64
DSA  None dsytd8g-9.54 ibm_fw_dsa_dsytd8g-9.54_anyos_32-64
Emulex* None 15b-2.02x11-40 elx_fw_fc_15b-2.02x11-40_linux_32-64
RAID Controller M5210 None 5200-24.12.0-0024 ibm_fw_sraidmr_5200-24.12.0-0024_linux_32-64
RAID Controller M1110 None h1110-1.20.02 ibm_fw_mpt2sas_h1110-1.20.02_linux_32-64
HDD Update  None sas-1.23.02 ibm_fw_hddlenovo_sas-1.23.02_linux_32-64
For general firmware questions and information see our FAQ page at http://ibm.biz/qradarfirmware.


Notes:

  • Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.
  • The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages appear when the tool runs, but have a status of "undetected" and not selected to be updated.
  • This firmware update installs IMM2 firmware version 6.00. Administrators should be aware that IMM2 v6.00 requires Java version 8 to function properly. If administrators are not on Java version 8 or are unable to install Java version 8, then they might need to postpone this M4 appliance firmware update.

Full Release Notes from Lenovo for firmware 5.0 updates


Change files (.chg) can be opened by any text editor. These files contain the full release notes provided by Lenovo to IBM for both CVEs and resolved issues that administrators might want to review.
Component File name  CVEs resolved in this package
IMM2 ibm_fw_imm2_1aoo80g-6.40_anyos_noarch CVE-2016-8616, CVE-2016-8617, CVE-2016-8619, CVE-2016-8624, CVE-2016-7431, CVE-2016-7433, CVE-2016-9318, CVE-2017-6214, CVE-2017-3744
UEFI/BIOS  ibm_fw_uefi_d7e158d-2.40_anyos_32-64 CVE-2017-5715
DSA  ibm_fw_dsa_dsytd8g-9.54_anyos_32-64 None
Emulex* elx_fw_fc_15b-2.02x11-40_linux_32-64 None
RAID Controller M5210 ibm_fw_sraidmr_5200-24.12.0-0024_linux_32-64 None
RAID Controller M5110 ibm_fw_mpt2sas_h1110-1.20.02_linux_32-64 None
HDD Update  ibm_fw_hddlenovo_sas-1.23.02_linux_32-64 None
Other Security Fixes None Security vulnerabilities resolved in open source packages where there is no IMM exposure: CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-8610, CVE-2017-3731, CVE-2016-8864, CVE-2016-2776, CVE-2016-7167, CVE-2016-8615, CVE-2016-8618, CVE-2016-8621, CVE-2016-8623, CVE-2016-5419, CVE-2016-5420, CVE-2016-7141, CVE-2016-9597, CVE-2016-4658, CVE-2015-5219, CVE-2015-8139, CVE-2015-8140, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2015-8325

NOTE: A full change log of all files that can be read by creating the USB drive and navigate to \BootableMediaCreatorv9_66_05\workingdir\.. This directory has a historical list of all files that are packaged with the firmware update, not just the latest changes as outlined below in the attached file. Administrators can use any text editor to review the attached change list.
Qradar_1U_M4_MT7914_Qflow_15xxEC_2100_Firmware_Update_5_0_0.chgQradar_1U_M4_MT7914_Qflow_15xxEC_2100_Firmware_Update_5_0_0.chg



Where do you find more information?



Installing firmware with the IBM Bootable Media Creator (BoMC)


This installation method uses the IBM Bootable media creator (BOMC) tool on a Windows host to create a bootable USB drive that is capable of installing the M4 firmware update for QRadar 1U appliances. The firmware update can take up to 60 minutes for each host. Use a USB drive of 4GB or larger to ensure enough free space to successfully create the bootable media.

You can use the IBM Bootable Media Creator to update the firmware on the following QRadar appliances:

Hardware Details Size
Appliance IBM Security QRadar 2100 G2
IBM Security Qflow Collector 1201
IBM Security Qflow Collector 1202
IBM Security Qflow Collector 1301
IBM Security Qflow Collector 1310
IBM Security Event Collector 1501 G2
1U
Server Type x3550 M4 1U
Server Machine Type 7914 1U
Machine type models (MTM) 4380-Q1C
4380-Q2C
4380-Q3C
4380-Q4C
4380-Q5C
4380-Q6C
1U


Before you begin


Creating your USB flash drive for the firmware update requires a Windows host and the administrator or USB drive must be on-site with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator will be required to reboot the appliance after the firmware install completes. The firmware upgrade procedures should only be done during a change window or during maintenance time for your QRadar appliances. A USB flash drive that is 4GB or larger is required to complete the installation procedures outlined in this article.

**IMPORTANT**: Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.


Required files
Download the QRadar M4 appliance firmware update (1U form factor appliances) from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=Linux&function=fixId&fixids=7.2.8-QRADAR-FIRMWARE-M4_1U_USB-QRadar-QNI-PCAP-QIF-5.0.0&includeSupersedes=0&source=fc

Preparing

  1. Copy the M4 appliance firmware EXE to a directory on the Windows host.

  2. To extract the file, right-click on Qradar_1U_M4_MT7914_Qflow_15xxEC_2100_Firmware_Update_5_0_0.exe and select Extract.

  3. Select or type a directory path for the M4 firmware update and click Extract.

    This will create a folder named Extract to path\Qradar_1U_M4_MT7914_Qflow_15xxEC_2100_Firmware_Update_5_0_0\BootableMediaCreatorv9_66_05\



>Creating your USB key


  1. Navigate to the directory containing the extracted M4 Firmware files.
    For example: C:\Qradar_1U_M4_MT7914_Qflow_15xxEC_2100_Firmware_Update_5_0_0\BootableMediaCreatorv9_66_05\
  2. Right-click ibm_utl_bomc_9.66_windows_i386.exe and select Run As Administrator.



    NOTE: Depending on your current permissions, you might be required to type the username and password for the local administrator account. Users might also be required to accept an updated license agreement.


  3. On the Welcome page, click Next.
    IMPORTANT: Do NOT select the Check for the latest version of this tool check box. These instructions are specific to IBM Bootable Media Creator 9.66, which is packaged with the EXE file.

  4. On the Media Purpose page, select the Updates check box and click Next.

  5. Select Look in a local directory.

    NOTE: The path to the local directory should be added automatically when you select the option Look in a local directory.
    If the path is not populated, the local directory can be browse to select the workingdir folder, for example: Extracted_Location\Qradar_M4_MT7914_Qflow_15xxEC_2100_Firmware_Update_5_0_0\BootableMediaCreatorv9_66_05\workingdir.

  6. Ensure that the USB has at least 4 GB of available space for the media format page and that your USB drive is inserted in to the Windows host.

  7. On the Media Format page, select USB as the Device Type, the Disk, select the Write directly to device option, and click Next.

  8. Select Do not use unattended mode option when prompted and click Next.

  9. Confirm the configuration for the USB drive and click Next.
    Important: Do NOT remove the USB device until the bootable media creation displays a notification that the process is complete. You might be prompted to erase the USB drive before you continue.


  10. RESULTS


    When complete, you are prompted to safely eject the USB drive, click Next, then click Finish.








Where do you find more information?




Installing the Firmware Update
The instructions below are intended for M4 appliances that are not configured as HA (high-availability) pairs. If your appliance is in a HA pair, you must use the High-Availability update instructions found here: http://www.ibm.com/support/docview.wss?uid=swg21981555.


    Procedure
  1. Insert the USB drive that has the bootable image into the QRadar appliance.

  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.

  3. From the command prompt, type: reboot.

  4. As the appliance is rebooting, press the F12 key to select a boot device.

  5. Select the bootable firmware image, for example, USB Storage and Press Enter.

  6. Results The IBM ToolsCenter software is booted.


IMPORTANT: Do not remove the USB flash drive until the IBM ToolsCenter completes the firmware installation.

Applying M4 firmware using the IBM Bootable Media Creator Tool

  1. The IBM ToolsCenter Welcome page is displayed.

  2. When prompted, select the Updates option.


  3. Verify that the bootable media shows the correct machine type for the appliance.
    Hardware Details
    Server Type x3550 M4
    Server Machine Type 7914

    NOTE: The image below is an example, administrators should ensure that x3550 M4 -- machine type 7914 is displayed in the updates list.


  4. To start the update link, select Click here to start update.

  5. Select your language and click I accept the terms in the license agreement to continue.



  6. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.



  7. From the list of selected firmware items, verify that the selected items match the firmware items to update. NOTE: The image below is an example and the updates installed will be different for each appliance.


  8. IMPORTANT: Some administrators are experiencing an issue where the UEFI firmware generates an error message stating that uEFI version 1.20(TCE108i) is required. The QRadar firmware ships with UEFI v2.x by default. Administrators who experience this message can click OK to ignore this message and continue the firmware update.

  9. To start applying the updates, click Next on the Update Options page.
    The updates begin to update software on the M4 appliance.


  10. Verify that all the firmware updates are applied, and click Next to complete the update.


  11. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.


  12. Select the USB flash drive and click OK.


  13. When all updates are complete, click Finish to reboot the appliance.

  14. The appliance reboots and starts up normally.



Where do you find more information?



Original Publication Date

22 March 2017

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Hardware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
23 June 2018

UID

swg27051188