Refer to the following topics for information on installing MCP Cryptographic Services on-premise, as appropriate for your system type.
Libra 4300/6300/8300 and FS600 System Types
| Note: | Before running MIM-update to update all modules with the new cryptography services, halt the system so that the in-use modules (on both the PMMs and ISMs) can be updated. |
On Libra 4300/6300/8300 and FS600 system types, the MCP Cryptographic Services are loaded on the ISM, which has the same functionality as the Crypto Co-Processor (CCP) on native MCP systems. MCP Cryptographic Services can also be installed onto the PMM. You can use the NA MCAPI CRYPTOALLOCATION command to customize the environments that are used for cryptography. Refer to Customizing Cryptography for information about customizing.
MCP Cryptographic Services on these systems are installed and updated by the Master Installation Manager (MIM), through commands entered to PowerShell. In each of these procedures, start PowerShell, and enter the MIM-update command at the PowerShell prompt.
Installing MCP Cryptographic Services
To install the MCP Cryptographic Services for the first time on your Libra 4300/6300/8300 or FS600 system type, perform the following steps:
-
Place the Unisys MCP Cryptographic Services CD into the drive on the Service Display Device (SDD).
If the SDD does not have a CD/DVD drive, you will have to copy the file “Unisys MCP Cryptographic Services x64.msi” from the SECURE-TRANSPORT release DVD to the directory C:\Unisys\Installation\Update\Cryptography\Crypto using other methods (network or USB transport).
-
Start the MIM-update by entering .\MIM-update.ps1 and select the update for cryptography.
-
If disk encryption will be running on the system, select all environments (select all PMMs and ISMs). If disk encryption will not be running on the system, you may select the environments for cryptography services installation to be only the ISM environments.
-
Install MCP Cryptographic Services onto each environment.
-
Exit the MIM-update.
-
Reboot each updated environments.
Upgrading and Downgrading MCP Cryptographic Services
| Note: | Before you can downgrade MCP Cryptographic Services, you must upgrade the MIM-update to a level above version 201701101.162000. |
To upgrade the MCP Cryptographic Services, for example, to a newer IC than what was originally installed, perform the following steps:
-
Re-enable cryptography installation (this is necessary since once you install the package, it is not allowed to be installed again).
-
Start a MIM-update with the reset option for Cryptography as follows:
.\MIM-update.ps1-reset Crypto
-
Follow the steps for installing MCP Cryptographic Services on the Libra 4300/6300/8300 or FS601 system (refer to “Installing MCP Cryptographic Services” in this subsection). You must select the same environments as the initial installation.
Libra 6400/8400, Libra 4500/6500/8500, FS601, and FS800 System Types
| Note: | Before running eMIM-update to update all modules with the new cryptography services, halt the system so that in-use modules (on both PMMs and ISMs) can be updated. |
On Libra 6400/8400, Libra 4500/6500/8500, FS601, and FS800 system types, the MCP Cryptographic Services are loaded on the ISM, which has the same functionality as the Crypto Co-Processor (CCP) on native MCP systems. MCP Cryptographic Services can also be installed onto the PMM. You can use the NA MCAPI CRYPTOALLOCATION command to customize the environments that are used for cryptography. Refer to Customizing Cryptography for information about customizing.
MCP Cryptographic Services on these systems are installed and updated by the eMIM-update, through commands entered to PowerShell. In each of these procedures, start PowerShell, and enter the eMIM-update command at the PowerShell prompt.
Installing MCP Cryptographic Services
To install the MCP Cryptographic Services for the first time on your Libra 6400/8400, Libra 4500/6500/8500, FS601, or FS800 system type, perform the following steps:
-
Download the latest SECURE-TRANSPORT Interim Correction (IC) to your system.
ICs are available from the Unisys Product Support site at www.support.unisys.com.
By default, you can find the unzipped IC files in the following location:
C:\Unisys\Installation folder
-
Start the eMIM-update by entering .\eMIM-update.ps1 and select the update for cryptography.
-
If disk encryption will be running on the system, select all environments (select all PMMs and ISMs). If disk encryption will not be running on the system, you may select the environments for Cryptography Services installation to be only the ISM environments.
-
Install MCP Cryptographic Services onto each environment.
-
Exit the eMIM-update.
-
Reboot each updated environment.
Upgrading and Downgrading MCP Cryptographic Services
| Note: | Before you can downgrade MCP Cryptographic Services, you must upgrade the eMIM-update to a level above version 2.2.0.944. |
To upgrade the MCP Cryptographic Services, for example, to a newer IC than what was originally installed, perform the following steps:
-
Start PowerShell on the Operations Server.
-
Enter the following eMIM-update command:
.\eMim-Update.ps1-configure
-
From the options available under the Update Configuration menu displayed in PowerShell, select the number corresponding with Configure Installed Updates.
-
The PowerShell window displays the “Select an Installed Update to Configure” option. Enter the number that corresponds with cryptography.
-
The Configure Update Cryptography menu displays the system’s cryptography has been installed and each should be marked as complete. Select the Reset option and press Enter.
-
After entering the Reset option, the status of the ISMs and PMMs changes to Pending.
-
Enter X at the PowerShell prompt until the script has been exited.
MCP Cryptographic Services may now be updated using the installation instructions provided in the “Installing MCP Cryptographic Services” section.
