Configure update server settings

Configure the appliance to download update files from an update server.

We can configure multiple, ordered servers for failover. You cannot delete the IBM ISS Default License and Update Server. We can disable it.

Steps

  1. Click System > Updates and Licensing > Update Servers.

  2. In the Update Servers pane, take one of the following actions:

    • To add an update server, click New. The Add Server window is displayed.

    • To edit an update server, select the server, and then click Edit. The Edit Server window is displayed.

    • To delete an update server, select the server, and then click Delete.

  3. When we add or edit an update server, configure the following options on the General tab:

    Option Description
    Order Define the order in which update servers are queried for appliance software updates.

    The appliance uses the next server on the list when a server takes more than 24 hours to respond.

    Enable Enables the update server so that it can be used by the appliance.
    Name A name describing the update server.
    Server Address The IP address or DNS name of the update server.
    Port Port number the appliance uses to communicate with the update server.Tip: The port number for the IBM ISS Download Center is 443. The default port for internal update servers is 3994.
    Trust Level Defines how the appliance is authenticated with the update server.

      Explicit (user-defined)
      The appliance uses the local certificate that is pasted into the Certificate box to authenticate the connection to the update server. The certificate must be Base64 PEM-encoded data.

      Explicit trust is the most secure trust level. Explicit trust certificates must be Base64 PEM-encoded data.

      Explicit (xpu.iss.net)
      The appliance uses the local certificate for the IBM ISS update server to authenticate the connection to the update server. The IBM ISS update server certificate is installed on the appliance by default. The certificate is Base64 PEM-encoded data.

      Explicit trust is the most secure trust level. Explicit trust certificates must be Base64 PEM-encoded data.

      First Time Trust
      If a certificate is not on the appliance, the appliance downloads a certificate from the server when it connects to the server for the first time.

      First Time Trust is more secure than Trust All and less secure than Explicit Trust. After the appliance downloads the certificate, it reverts to explicit-trust functionality.

      Trust All
      The appliance trusts the update server, and does not use SSL certificates for authentication.

      Trust all trust is the least secure trust level. Attention: The Trust All trust level presents a security risk because the internal update server can be spoofed and redirected to a fake server.

  4. Optional: If we use a proxy server, configure the following settings on the Proxy Settings tab:

    Option Description
    Use Proxy Enables the appliance to use a proxy server for update servers.
    Server Address The IP address or DNS name of the proxy server. The Server Address field is displayed when we select the Use Proxy check box.
    Port Port number the proxy server uses to communicate with the update server. The Port field is displayed when we select the Use Proxy check box.
    Use Authentication Enables the appliance to authenticate to a proxy server.
    User Name User name required for authenticating to the proxy server. The User Name field is displayed when we select the Use Authentication check box.
    Password Password required for authenticating to the proxy server. The Password field is displayed when we select the Use Authentication check box.

  5. Click Submit.

Parent topic: Updates and licensing