Cisco Physical Access Manager Appliance User Guide, Release 1.1.0
Upgrading Software and Firmware
Downloads: This chapterpdf (PDF - 762.0KB) The complete bookPDF (PDF - 36.19MB) | Feedback

Upgrading Software and Firmware

Table Of Contents

Upgrading Software and Firmware

Contents

Upgrade Notes for Release 1.1.0

Generic Output Devices Installed Prior to Release 1.1 Must Be Rewired

Generic Output Device Command and Event Name Changes

Select All Options When Upgrading Gateway Firmware

Browser Time-out

Upgrade the Cisco PAM Desktop Client Software

Java Requirements

Stop EDI Projects Before Upgrading Cisco PAM

Change the Database Password Message

Upgrading the Cisco PAM Desktop Software

Upgrading the Cisco PAM Server Software

Reinstalling the Cisco PAM Server Software from a Recovery CD

Upgrading Gateway Firmware Images Using Cisco PAM

Uploading Firmware Images to a TFTP Server Using Image Manager

Upgrading or Downgrading Gateway Module Firmware Images


Upgrading Software and Firmware


This appendix describes how to upgrade or reinstall the Cisco PAM server software, desktop client software, and Gateway module firmware.

Contents

Upgrade Notes for Release 1.1.0

Upgrading the Cisco PAM Desktop Software

Upgrading the Cisco PAM Server Software

Reinstalling the Cisco PAM Server Software from a Recovery CD

Upgrading Gateway Firmware Images Using Cisco PAM

Uploading Firmware Images to a TFTP Server Using Image Manager

Upgrading or Downgrading Gateway Module Firmware Images

Upgrade Notes for Release 1.1.0

Generic Output Devices Installed Prior to Release 1.1 Must Be Rewired

Generic Output Device Command and Event Name Changes

Select All Options When Upgrading Gateway Firmware

Browser Time-out

Upgrade the Cisco PAM Desktop Client Software

Java Requirements

Stop EDI Projects Before Upgrading Cisco PAM

Change the Database Password Message

Generic Output Devices Installed Prior to Release 1.1 Must Be Rewired

All Generic Output devices installed in Cisco PAM systems prior to release 1.1.0, were connected to the Gateway, Reader, or Output modules with the wiring reversed. In Cisco PAM release 1.1.0, the wires for these Output devices must be reinstalled to match the device manufactures recommended connections.

Required Generic Output Device Connections in Cisco PAM release 1.1.0

Disconnect all Generic Output devices installed with Cisco PAM release 1.0.0, 1.0.1, or 1.0.3, and do the following:

Connect Normally Open devices to the N.O. and C connectors on the Gateway, Reader, or Output module.

Connect Normally Closed devices to the N.C. and C connectors on the Gateway, Reader, or Output module.

Failure to re-wire these devices will cause the devices to act in the opposite way intended.

See Cisco Physical Access Gateway User Guide for more information on module and device wiring.

Generic Output Device Command and Event Name Changes

The following generic output device command names were changed for Release 1.1.0. The functionality is the same:

Release 1.0 Command Name
Release 1.1 Command Name

Turn output off

Activate Relay

Turn output on

Deactivate Relay


The following generic output device event names were changed for Release 1.1.0. The functionality is the same:

Release 1.0 Event Name
Release 1.1 Event Name

Output Off

Output Deactivated

Output On

Output Activated


Select All Options When Upgrading Gateway Firmware

When upgrading Gateway firmware images to release 1.1.0 from any earlier release, select all available options, including the following:

Set as active image: (checked by default) make the firmware file new active image.

Delete credentials: delete the module credentials.

Delete configuration: delete the module configuration. The configuration is automatically reloaded when the module established communication with the Cisco PAM appliance.

Delete events: delete all events stored on the module.

Reset Gateway: (checked by default) perform a soft reset to powercycle the module. Changes to the active image are applied only after the Gateway is reset.


Note When all options are selected, wait approximately 10-15 minutes for the firmware upgrade to complete.


See Upgrading Gateway Firmware Images Using Cisco PAM for more information.

Browser Time-out

When upgrading to Cisco PAM Release 1.1.0 and higher, the web browser may display an error such as "Page Not Found" while the upgrade is in process. Wait approximately five minutes for the upgrade to complete, then refresh the browser to display the login page.

Upgrade the Cisco PAM Desktop Client Software

Always upgrade the Cisco PAM desktop client when the server software is upgraded. If the versions are not the same, an error will occur when launching the desktop client. See Installing or Updating the Cisco PAM Desktop Software, page 5-2.

Java Requirements

Before upgrading the Cisco PAM server, upgrade your PC to Java 6.0 or higher (JDK 1.6 or higher), if necessary.

To install Java 1.6, log on to the Cisco PAM appliance, select Downloads, and then select JRE 1.6 (Windows).

To download the latest Java, go to http://www.java.com/en/download/manual.jsp

Stop EDI Projects Before Upgrading Cisco PAM

Stop any running EDI projects before upgrading the Cisco PAM appliance software. After the upgrade, re-import the project to EDI Administration and start it again. See Importing and Starting EDI Projects, page 14-26 for instructions to stop, start and import EDI projects.

If EDI projects are not stopped before a Cisco PAM upgrade, the project execution (or run) will not be successful. If this occurs, contact your Cisco support representative for assistance.

Change the Database Password Message

When the server restarts, a message appears asking if you want to change the database password. Click Cancel or OK. This password is a security measure used for troubleshooting and technical support. It does not impact user operation,

Upgrading the Cisco PAM Desktop Software

Always upgrade the Cisco PAM desktop client when the server software is upgraded. If the versions are not the same, an error will occur when launching the desktop client. See Installing or Updating the Cisco PAM Desktop Software, page 5-2.

Upgrading the Cisco PAM Server Software

To upgrade the Cisco PAM server software, you must first stop the server. If you are upgrading redundant (HA) servers, you must stop both servers, upgrade the server that was originally designated as the Active server, and then upgrade the Standby server.

The following conditions apply when upgrading the Cisco PAM server software:

Upgrading a non-redundant Cisco PAM appliance causes system downtime.

System downtime can result in a temporary loss of data. Log and other system messages sent from the Cisco Physical Access Gateways and other hardware devices may be dropped during the upgrade process. Cisco recommends performing a manual upgrade only when system usage is low.

Software downgrades are not supported.


Note The Cisco PAM server software is different from the desktop client software. The server software runs the appliance and provides a web administration interface used to configure and manage the server. The desktop (client) software runs on a PC and is used to configure devices and access control settings.


To upgrade the Cisco PAM server software, do the following:


Step 1 Review the Upgrade Notes for Release 1.1.0.

Step 2 Stop the Standby server, if installed:

a. Log on to the Standby appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 4-2.

b. Select the Commands tab, and then select Stop Server.

Step 3 Stop the Active server.

a. Log on to the Active appliance.

b. Select the Commands tab, and then select Stop Server.

Step 4 On the Active server, select the Setup tab, and then select Upgrade, as shown in Figure B-1. If upgrading redundant HA servers, you must first upgrade the server originally designated as the Active server. Upgrade the Standby server only after the Active is upgraded and operational.

Figure B-1 Upgrade Window in the Cisco PAM Server Administration Utility

Step 5 Click Browse to locate and select the upgrade image.

Step 6 Click Upgrade.

Step 7 Select the Commands tab, and then select Start Server.

Note When the server restarts, a message appears asking if you want to change the database password. Click Cancel or OK. This password is a security measure used for troubleshooting and technical support. It does not impact user operation,

Step 8 Wait approximately five minutes for the server to restart, and then refresh the browser. If a browser error message is shown, wait a few minutes and then refresh the browser again.

Step 9 Verify that the upgrade was successful.

a. Log on to the Active server.

b. Select Monitoring, and then Server Status.

c. Verify that the entry for Server Version is correct. For example: 1.1.0

Step 10 (Standby server only) Repeat the upgrade on the Standby server, if installed. Upgrade the Standby server only after the Active is upgraded and operational.

a. Log on to the Standby server.

b. Select the Setup tab, and then select Upgrade, as shown in Figure B-1.

c. Click Browse to locate and select the upgrade image.

d. Click Upgrade.

e. Select the Commands tab, and then select Start Server.

f. Click Cancel or OK for the database password message.

g. Wait approximately five minutes for the server to restart and then refresh the browser. If the Cisco PAM Server Administration utility disconnects, a browser error message may be shown.

h. Verify that the upgrade was successful.

Log on to the Active server.

Select Monitoring, and then Server Status.

Verify that the entry for Server Version is correct. For example: 1.1.0

Step 11 Perform a system backup, as described in Appendix A, "Backup the Cisco PAM Database".


Note Always perform a backup after upgrading the server software to preserve critical system data.



Reinstalling the Cisco PAM Server Software from a Recovery CD

Use the recovery CD/DVD included with the Cisco PAM appliance to completely erase the server hard disk and re-install the Cisco PAM server software.


Caution Reinstalling the server software from a CD/DVD using these instructions permanently erases all data and configurations on the Cisco PAM appliance. You must have at least one backup to restore the server software using the recovery CD. See Appendix A, "Backing Up and Restoring Data" for more information.


Step 1 Backup the data on your appliance. See Appendix A, "Backing Up and Restoring Data" for more information.


Tip Backup and restore the server to preserve critical system data and configurations.


Step 2 Insert the Cisco PAM recovery CD into the server DVD-ROM drive.

Step 3 Reboot the Cisco PAM appliance:

a. Log on to the Cisco PAM appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 4-2.

a. Select the Commands tab, and then select Reboot.

Step 4 Wait for the CD to install the Cisco PAM server software. When finished, the server will reboot again.

Step 5 After the server reboots, configure the server as described in Entering the Initial Server Configuration, page 4-4.

Step 6 Perform a system restore, as described in Appendix A, "Backing Up and Restoring Data".


Upgrading Gateway Firmware Images Using Cisco PAM

To upgrade Gateway firmware, upload the firmware image to a TFTP server (such as the built-in Cisco PAM TFTP server), and use the Hardware module to upgrade the firmware on the Gateway Controller.


Tip You can also upgrade firmware images using a PC directly connected to the Gateway module. See Cisco Physical Access Gateway User Guide for more information.


This section includes the following information:

Uploading Firmware Images to a TFTP Server Using Image Manager

Upgrading or Downgrading Gateway Module Firmware Images

Uploading Firmware Images to a TFTP Server Using Image Manager

Use Image Manager to load Gateway firmware images to a TFTP server so they can be accessed by Cisco PAM. You can then update the Gateway module firmware as described in Upgrading or Downgrading Gateway Module Firmware Images.


Tip You can use the built-in Cisco PAM TFTP server to store firmware images, or use a remote TFTP server. If using the built-in TFTP server, the server must be running. See Manually Disable or Enable the Cisco PAM TFTP Server, page E-2 for more information.


To load images to a TFTP server using Image Manager, do the following:


Step 1 Select Image Manager from the Admin menu, as shown in Figure B-2. See Table B-1 for field descriptions.

Step 2 To upload firmware images to the default Cisco PAM TFTP server:

a. Click Default to enter the Cisco PAM TFTP server IP address in the TFTP server field.

b. Select the file to be uploaded from the Local file browser. The selected file is automatically entered in the Image file field.

c. Use the Remote file browser to select the directory on the Cisco PAM TFTP server where files will be uploaded. This field is inactive if you are using a TFTP server other than the build-in Cisco PAM server.

Right-click within the Remote file browser to select the following menu options:

Create Directory: Creates a new directory on the Cisco PAM TFTP server.

Delete File/Directory: Deletes a selected file or directory.

d. In the Local file browser field, select the firmware file on a local drive to be uploaded. The directory path and filename are displayed in the Image File field.

e. Click Upload to add the file to the TFTP server specified in the TFTP server field.

Step 3 To upload firmware images to a TFTP server other than the default Cisco PAM server:

a. Enter the server IP address in the TFTP server field.

b. In the Remote Directory field, enter the TFTP server directory path where the image will be stored. If this field is left blank, then the root TFTP directory is used by default. The default Unix TFTP root directory is /tftpboot.


Note The TFTP server directory path entered in the Remote Directory field must be valid. Cisco PAM does not validate the existence of remote server directories.


c. In the Local file browser field, select the firmware file on a local drive to be uploaded. The directory path and filename are displayed in the Image File field.

d. Click Upload to add the file to the TFTP server specified in the TFTP server field.

Step 4 Complete the instructions in Upgrading or Downgrading Gateway Module Firmware Images.


Figure B-2 shows the Image Manager window. See Table B-1 for field descriptions.

Figure B-2 Image Manager

Table B-1 Image Manager Fields

 
Field
Description
1

TFTP server

The IP address of the TFTP server to store image files.

2

Default

Click this button to select the built-in Cisco PAM TFTP server (the server IP address is entered in the TFTP server field).

3

Image file

Read-only. Displays the directory path and filename for the file selected in the Local browser. This file will be uploaded to the specified TFTP server.

4

Remote directory

The directory path on the TFTP server where files will be uploaded. The directory is in relation to the TFTP server root directory.

If using the built-in Cisco PAM TFTP server., this field is read-only. The directory path is selected using the Remote browser.

If using a TFTP server other than the build-in Cisco PAM server, this field is editable and you must enter the directory path on the TFTP server where files will be uploaded. The directory path must be valid since Cisco PAM does not validate remote server directories.

Note If this field is empty the image file is uploaded to the TFTP root directory. The default TFTP root directory is /tftpboot for unix systems.

5

Local

The Local directory browser specifies the file on a local drive for upload to the TFTP server.

Click the Up button to navigate one level up.

Double-click a folder to view the folder contents.

Select a file to enter the file name and directory path in the Image file field and enable the Upload button.

6

Remote

Selects the directory where files will be uploaded on the built-in Cisco PAM TFTP server. This field is active only if you are using the build-in Cisco PAM server.

Right-click within the field to display and select the following menu options:

Create Directory: Creates a directory.

Delete File/Directory: Enabled when a file or directory is selected. Deletes the file or directory

7

Upload Button

Uploads the selected image file to the specified TFTP server and directory. This button is enabled only when a file is selected in the Local directory browser.


Upgrading or Downgrading Gateway Module Firmware Images


Step 1 (Optional) Upload a firmware file image file to the built-in Cisco PAM TFTP server using Image Manager.

Step 2 Open the Hardware module and right-click a Gateway Controller (blue icon).

Step 3 Select File Manager from the menu to open the window shown in Figure B-3.

Figure B-3 File Manager Window: Image Tab

Step 4 Select the Image tab to display a list of the firmware images currently loaded on the Gateway module.

Name: file name of the firmware image.

Version: the firmware version number.

Active: The image marked Yes is the currently active image on the Gateway. To change the active image, select an image name and click the Active Image button. This button is available only if the selected file is not the active image. The image is not active until the Gateway is reset. Right-click on the Gateway icon and select Reset Gateway.

Step 5 To download a new firmware image from a file located on a TFTP server, select the Initiate Download button and enter the download settings as shown in Figure B-4.

Figure B-4 Initiate Download Input Window

a. Click the Browse button to navigate the Cisco PAM appliance TFTP server and select a file. The file appears in the top Image Name field. You can also enter the directory path and filename manually.

b. Enter the TFTP Server IP address. The Cisco PAM appliance TFTP server IP address is entered by default.

c. Enter the directory Path on the TFTP server for the firmware image. Leave this field blank if using the default location for the built-in Cisco PAM appliance TFTP server. Be sure the path and filename are valid. The administration tool does not verify remote server paths.

d. Select the options that will occur after the image is loaded to the Gateway:


Note When upgrading Gateway firmware images to release 1.1.0 from any earlier release, select all available options.


Set as active image: (checked by default) make the firmware file new active image.

Delete credentials: delete the module credentials.

Delete configuration: delete the module configuration. The configuration is automatically reloaded when the module established communication with the Cisco PAM appliance.

Delete events: delete all events stored on the module.

Reset Gateway: (checked by default) perform a soft reset to powercycle the module. Changes to the active image are applied only after the Gateway is reset.

Reset time: enter the time in 24-hour notation that the Gateway will reset with the new firmware image. If this field is left blank, the Gateway will reload immediately when the new image is made active.

Step 6 Click OK to close the window and copy the firmware image to the Gateway module. Any actions selected in Step 5 are initiated, including the default selections to set the new image as the active image and reset the Gateway module. The Gateway must be reset to enable the new active image. When all options are selected, wait approximately 10-15 minutes for the firmware upgrade to complete.