Introduction
This document describes the process to install the TPM module on SNS3700 servers that got a replacement of the chassis.
Considerations
The Trusted Platform Module (TPM) is a hardware component that improves the security of the server by storing encryption keys.
Nevertheless, the server can run the Identity Services Engine (ISE) without its presence.
Caution: If you have ISE application installed and running on a server without a TPM, you need to execute the process documented here to install the module and make it usable by the system.
-
This server supports TPMversion 2.0 (UCSX-TPM-002C) as defined by the Trusted Computing Group (TCG). TheTPMis also SPI-based.
-
Field replacement of aTPMis not supported; you can install aTPMafter-factory only if the server does not already have aTPMinstalled.
-
If a server with aTPMis returned, the replacement server must be ordered with a newTPM.
-
If TPM2.0 becomes unresponsive, reboot the server.
Problem
SNS 3700 series or higher, shipped from Cisco Manufacturing, have a TPM included.
However, SNS 3700 series chassis replacements, shipped from Cisco Service Depots, do not have such device included.
The next process must be executed to install the TPM and enable both hardware and software to leverage the benefits of the module.
Image 1. Location of the TPM Module in the SNS 3700 Series Appliance
Solution
Execute the next steps in the given order to install the module, initialize it, and leverage the security features provided by it.
-
Install theTPMHardware.
-
Enable theTPMin the BIOS.
- Re-install ISE.
Use this article to complete Steps 1,2 and 3: Cisco UCS C220 M6 Server Installation and Service Guide - Maintaining the Server
The process is finished after completing the steps in the Enabling the TPM in the BIOS chapter.
To complete Step 4, navigate to the next link and access the installation guide for the ISE version you need to install on the server:
Install and Upgrade Guides - Install Cisco ISE
Once in the installation guide, navigate to the Install Cisco ISE section.
Verification
After completing this step, you must have ISE installed and running.
Open the ISE command line and run the next command. If you get the output presented here then it means you have a properly installed TPM.
ISE/user#show tech-support | include TPM
TPM: Module Present