Deploy Embedded Security solution - One-time process

You must have a system system-specific recovery disk image of the computer on which you are doing the Embedded Security one-time process.
Note: A re-image of the computer might be necessary if the Embedded Security one-time process is done incorrectly. Follow instructions carefully.
This is a two-phase task:
  1. Run a script on the local system to which you are deploying software.
  2. Deploy software with SiteConfig.
Note: You must carefully read and verify that you have completed each step in the task. Do not assume the task is the same as other software install tasks with which you are familiar.

On the computers in your system that are running the Grass Valley Embedded Security solution, you must do a one-time initial deployment process, as instructed by this task. This task isolates the steps required for the one-time process. If you have sufficient knowledge of systems and upgrades, you can modify your software upgrade steps as necessary to do the one-time process at the same time as your other software upgrades, rather than as isolated steps. After you have done this one-time process, you can do future upgrades using the normal upgrade process.

This applies to the following:
  • K2 Summit system system
  • All types/roles of K2 Media Server
  • All types/roles of GV STRATUS server

After doing the one-time process, all of these devices receive the benefit of doing future software upgrades using the normal upgrade process. However, only devices with a full Windows Operating System (not an embedded Operating System) receive the benefit of doing Windows Updates, because Windows updates are not supported on devices with an embedded Operating System. For example, K2 Summit system systems have an embedded Operating System so you should never do a Windows update on these systems, regardless of the one-time process, except as directed by Grass Valley support or specific documented procedures.

  1. Determine the status of the Embedded Security solution on the computer. You can use SiteConfig check/view software to make this determination or on the local computer you can use the Programs and Features Control Panel to make this determination. Proceed as follows:
    • If the computer does not have McAfee Solidifier, which is a component of the Embedded Security solution, do not continue with these steps. The computer must already have the Embedded Security solution before the one-time process is applied.
    • If the computer has McAfee Solidifier at version 6.1.1.369, do not continue with these steps. That version indicates that the computer already has the one-time process applied, through either a software installation or a disk image process.
    • If the computer has McAfee Solidifier at a version lower than 6.1.1.369, continue with these steps.
  2. Procure the McAfee script from the software download page on the Grass Valley website. The filename to download is McAfee-6.1.1.zip.
  3. Use Embedded Security Manager and put the local computer in Update Mode.
  4. Unzip and copy the directory containing the McAfee script files to any location on the local computer.
  5. On the local computer, in the directory of McAfee script files that you downloaded from the Grass Valley website, run UpdateMcAfee.cmd.
  6. Delete the directory of McAfee script files from the local computer.
  7. In SiteConfig, do the following:
    1. Add the GV Embedded Security Manager role to the device.
    2. Add cab file as necessary to the device's deployment group so that the GVEmbeddedSecurityManager cab file is available for deployment.
    3. Do a Check Software operation on the device.
    4. Deploy software to the device.
  8. Use Embedded Security Manager and leave the Update Mode. Embedded Security Manager now reports Enabled.
  9. Restart the system.
  10. Do Windows updates on the local computer if it has a full Windows Operating System. Do not do Windows updates on a system with an embedded Operating System. You can now install Windows updates KB2859537 and KB2872339, which were previously not allowed, on Grass Valley systems with a full Windows Operating System.
    Note: Do not do Windows Updates on K2 Summit system systems.
  • For future Windows updates, it is no longer necessary to exclude KB2859537 and KB2872339.
  • For future deployment of K2 and GV STRATUS software using SiteConfig, it is no longer necessary to put Embedded Security in Update Mode.
    Note: If not using SiteConfig, it can still be necessary to put Embedded Security in Update Mode. Refer to your product's software install/upgrade instructions.

Copyright © 2020 Grass Valley Canada. All rights reserved. Specifications subject to change without notice. K2 Summit 10.1.3 gvtp_20200819_01:49:13