IBM Support

IBM Tivoli Composite Application Manager for Transactions Response Time 7.4 Interim Fix 09 README Tivoli Composite Application Manager for Transactions 7.4.0.1 7.4.0.1-TIV-CAMRT-IF0009 Readme

Fix Readme


Abstract

xxx

Content

Readme file for: 7.4.0.1-TIV-CAMRT-IF0009
Product/Component Release: 7.4.0.1
Update Name: 7.4.0.1-TIV-CAMRT-IF0009
Fix ID: 7.4.0.1-TIV-CAMRT-AIX-IF0009, 7.4.0.1-TIV-CAMRT-LINUX-IF0009, 7.4.0.1-TIV-CAMRT-WINDOWS-IF0009
Publication Date: 09 May 2016
Last modified date: 09 May 2016

Contents

Download location
Prerequisites and co-requisites

Installation information

   Installing

Additional information
List of fixes
Document change history

Download location

The information included in this document is published at product release time. For the latest updates on this release please refer to the on-line document: To download this update you must first login to IBM FixCentral. Once logged in, you may select from the individual download packages. HPUX and Solaris downloads are no longer provided.
http://www.ibm.com/eserver/support/fixes/

Below is a list of components, platforms, and file names that apply to this Readme file.

Fix Download for AIX

Product/Component Name: Platform: Fix:
Tivoli Composite Application Manager for Transactions AIX
 7.4.0.1-TIV-CAMRT-AIX-IF0009

Fix Download for Linux

Product/Component Name: Platform: Fix:
Tivoli Composite Application Manager for Transactions Linux
 7.4.0.1-TIV-CAMRT-LINUX-IF0009

Fix Download for Windows

Product/Component Name: Platform: Fix:
Tivoli Composite Application Manager for Transactions Windows
 7.4.0.1-TIV-CAMRT-WINDOWS-IF0009

Prerequisites and co-requisites

This upgrade for the Robotic Response Time agents , which is part of ITCAM for Transactions: Response Time, may be applied to the following base versions.

  • 7.3.0.x - AIX, Windows, Linux
  • 7.4.0.x - AIX, Windows, Linux
Notes:
  1. Supported base versions include interim fixes applied to any of the above release levels.

This patch replaces the two JREs shipped with the Robotics Response Time (T6) agent, bringing them to the latest level. This remediates multiple security issues.

This patch is applicable for T6 agents:

  • versions 7.4.0.x, 7.3.0.x
  • Windows, AIX and Linux platforms.
The T6's JREs are only used when playing back Rational Performance Tester (RPT) scripts, thus not available on Solaris and HPUX (RPT playback is not supported on Solaris and HPUX).
7.4 and 7.3 agents need to update both java60 and java 70 JREs.These variations are noted in the installation steps below.
Any customisations done to the existing JREs needs to be preserved. Since these JREs are product specific (ie only used by the T6 agent), there should only be at most one customisation as instructed by IBM support; which is to enable strong encryption by updating the JRE's encryption policy (see technote in Related Material).
After the patch, the Java versions will be:
  • Java 6.0 SR16 FP25
  • Java 7.0 SR9 FP40
  • Java 8.0 SR3

Related material:
Oracle Critical Patch Update Advisory - January 2016 - details vulnerabilities addressed
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Details on Strong Encryption keys
http://www-01.ibm.com/support/docview.wss?uid=swg21695474

Installation information

Before Installing

Validate pre-existing java is older than ones delivered in this IFix.
The RRT Agent's javas are located in

  • Windows:
    • java60: $ITMHOME\tmaitm6\java60
    • java70: $ITMHOME\tmaitm6\java70 - only in 7.3.0.1-LA2 and later
  • Unix:
    • java60: $ITMHOME/tmaitm6/java60
    • java70: $ITMHOME/tmaitm6/java70 - only in 7.3.0.1-LA2 and later

Check their versions, for example
C:\ibm\itm\TMAITM6> .\java70\jre\bin\java.exe -version

java version "1.7.0"
Java(TM) SE Runtime Environment (build pwi3270sr9fp40-20160422_01(SR9 FP40))
IBM J9 VM (build 2.6, JRE 1.7.0 Windows 7 x86-32 20160406_298397 (JIT enabled, AOT enabled)
J9VM - R26_Java726_SR9_20160406_0949_B298397
JIT - tr.r11_20160328_114192
GC - R26_Java726_SR9_20160406_0949_B298397
J9CL - 20160406_298397)
JCL - 20160421_01 based on Oracle jdk7u101-b14


Installing

Notes

  1. For 7.3 onwards agents, please unarchive both JREs.
  2. If you have updated the T6 jre to use strong encryption, you must migrate the policy files to the new JREs. The two files are:
    • \lib\security\local_policy.jar
    • \lib\security\US_export_policy.jar
See:
http://www-01.ibm.com/support/docview.wss?uid=swg21245273

  • Back up existing java
    1. Stop the T6 agent
    2. Backup existing java jres, for example
      > c:
      > cd c:\ibm\itm\tmaitm6\
      > move java60 java60.old
      > move java70 java70.old - only in 7.3.0.1-LA and later.
  • Replace the JREs
    1. Unzip/Untar the archive to the same directory, for example, after unarchiving your directory structure should be like:
      c:\IBM\ITM\TMAITM6>dir java*
      Volume in drive C has no label.
      Volume Serial Number is 44AB-01FC

      Directory of c:\IBM\ITM\TMAITM6

      29/05/2013 02:02 PM <DIR> java60
      12/03/2012 04:08 PM <DIR> java60.old
      29/05/2013 02:04 PM <DIR> java70
      13/02/2013 02:14 PM <DIR> java70.old
      0 File(s) 0 bytes
      4 Dir(s) 30,808,731,648 bytes free

  • Validate the update JRE version/function
    1. Check version number of JRE 6.0, for example
      > c:
      > cd c:\ibm\itm\tmaitm6
      > java60\jre\bin\java.exe -version
      java version "1.6.0"
      Java(TM) SE Runtime Environment (build pwi3260sr16fp25-20160422_01(SR16 FP25))
      IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows 7 x86-32 jvmwi3260sr16fp25-20160413_299433 (JIT enabled, AOT enabled)
      J9VM - 20160413_299433
      JIT - r9_20160328_114196
      GC - GA24_Java6_SR16_20160413_1159_B299433)
      JCL - 20160421_01
      > java70\jre\bin\java.exe -version
      java version "1.7.0"
      Java(TM) SE Runtime Environment (build pwi3270sr9fp40-20160422_01(SR9 FP40))
      IBM J9 VM (build 2.6, JRE 1.7.0 Windows 7 x86-32 20160406_298397 (JIT enabled, AOT enabled)
      J9VM - R26_Java726_SR9_20160406_0949_B298397
      JIT - tr.r11_20160328_114192
      GC - R26_Java726_SR9_20160406_0949_B298397
      J9CL - 20160406_298397)
      JCL - 20160421_01 based on Oracle jdk7u101-b14
      > java80\jre\bin\java.exe -version
      java version "1.8.0"
      Java(TM) SE Runtime Environment (build pwi3280sr3-20160428_01(SR3))
      IBM J9 VM (build 2.8, JRE 1.8.0 Windows 7 x86-32 20160427_301573 (JIT enabled, AOT enabled)
      J9VM - R28_Java8_SR3_20160427_1620_B301573
      JIT - tr.r14.java.green_20160329_114288
      GC - R28_Java8_SR3_20160427_1620_B301573
      J9CL - 20160427_301573)
      JCL - 20160421_01 based on Oracle jdk8u91-b14
  • Restart Agent and ensure RPT Script playback works.
  • (Optional) Delete the backup java runtimes.

Additional information

The Secure Hash Algorithm 1 (SHA1) checksum of the images are as follows:

7.4.0.1-TIV-CAMRT-AIX-IF0009.tar 5fdb73fde319777cb8505e03283188350b48a33f
7.4.0.1-TIV-CAMRT-Linux-IF0009.tar 778bbbfe398f566d2356d3f795146c85a57f8a6a
7.4.0.1-TIV-CAMRT-Windows-IF0009.zip 00b0025968d79b92ddc67bb64ca7a4df1f51f9ea

List of fixes

A) APAR content:
IV84400 APARTEXT="PSIRT ALERT : 5154 CODE BLUE [SE-2012-01] Broken security fix in IBM Java"

B) Additional Non APAR Defects:
N/A

C) Enhancements
N/A

Document change history


Version Date Description of change
1.0 1 Jul 2015 Initial Version


















[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS5MD2","label":"Tivoli Composite Application Manager for Transactions"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
08 May 2016

UID

isg400002662

Page Feedback