Welcome to the Endpoint Management Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
Here is some simple steps for new users. Let's take Patch Overview dashboard for example. First, enable Patching Support site: 1. Locate License Overview dashboard in BES Support site: 2. Ctrl+F to launch the Find window and type in Patching Support, it will help you to locate the Patching Support site in the License Overview dashboard. Then click Enable: 3. Wait until the site is up-to-date, currently the latest version is 26: Second, go to Patch Management... [More]
IBM is pleased to announce the next release of IBM Endpoint Manager for Mobile Devices. New Features in this release include: 1. Self-Service Portal End-users to manage their own devices. Users can login to the portal using their AD/LDAP credentials. They can view device details; and, in the event of loss or theft, they can issue wipe, lock, or reset password commands, among others. 2. Enhanced Enrollment Options Authenticated enrollment is now supported via AD/LDAP integration. Additionally, administrators can optionally present additional... [More]
In case anyone missed it, RHEL 5 and 6 patches can now be deployed using a new dependency resolution method that utilizes YUM to determine the dependencies (this means there should be better accuracy and reliability during patching). To take advantage of this new method enable and subscribe to the Patches for RHEL5 - Native Tools and Patches for RHEL6 - Native Tools sites as needed.
From: Announcements for BES Administrators firstname.lastname@example.org
Just a quick note to let you know that we have increased our deployment size upgrade recommendations to encourage deployments of less than 15,000 seats to begin the upgrade process. As always, we recommend that you upgrade your servers and consoles at the same time because older consoles will not be able to connect with the upgraded server. We'll be updating our deployment size recommendations more frequently now that the holidays are over, so please subscribe to the blog's RSS feed to make sure you're aware of the latest updates. We'll... [More]
We are currently working on the Sept 2012 out of band security bulletins. The English content will be out later today in the afternoon. We discovered that the patch for Internet Explorer 8 on Windows XP SP2 x64 doesn't exist yet from Microsoft. We will release the rest of the content and release this missing patch once Microsoft releases it. Thanks.
IBM has released several new features in the Mobile Device Management Fixlet Site for IBM Tivoli Endpoint Manager. 1. Nitrodesk Touchdown support The TEM Agent now integrates with Nitrodesk Touchdown. This allows TEM to control a richer set of configurations on Android devices, such as selective wipe, and security polices like password length, encryption etc. 2. Google Cloud Messaging The Android agent can now use Google Cloud Messaging to provide much quicker response times to action commands. 3. Proxy Agent enhancements The Proxy Agent... [More]
Just a quick post on some of the setup and configuration changes you can expect in version 8.2. On upgrade, all existing Console users will be migrated to local users. Console users will be asked to provide .pvk files on initial login for the purposes of verification only and will not be used for subsequent login attempts. Consoles in 8.2 connect to the Server through HTTPS 52313. This replaces the previous method of ODBC connections. This is configurable. Account provisioning is now handled by the Console, not the BESAdmin tool. However,... [More]
you look at the lifecycle management needs of distributed endpoints and
data center servers you quickly realize they are quite similar. They all need software distribution, patch management, OS deployment and inventory management. With
the delivery of IBM Endpoint Manager for Server Automation , which
builds upon IBM Endpoint Manager for Lifecycle Management, you can now
manage desktops, laptops and data center servers (both
physical and virtual) from a single user interface. With
task sequencing you can now perform... [More]
IBM is proud to announce that IBM License Metric Tool 9.0.1 and IBM Endpoint Manager for Software Use Analysis 9.1 Application Update 9.0.1 are published and available.
IBM License Metric Tool 9.0.1 comes with the new All-In-One installer for customers who require simple, robust and effective installation of the product in a streamlined process. This type of installation is appropriate for customers who have small to medium-size environments, when no complex setup is needed. The All-In-One installer provides the shortest possible Time to... [More]
The IBM Endpoint Manager SSL Heartbeat Vulnerability (CVE-2014-0160) Scanner, developed by the IEM AVP Team, is being made available to customers to assist in identifying potentially vulnerable systems through a distributed and automated approach. Customers can find the latest version of the scanner in the Bigfix Labs site version 35.
The Scanner has 2 different operating modes available:
- Filesystem scan to locate executables and libraries that may contain affected versions of OpenSSL (including applications... [More]
IBM starts to support CPU fixlets for Solaris platform. Fixlets for Critical Patch Update(CPU) 2012 April were released in the Patches for Solaris site. The latest version of Solaris Download plugin, v1.7 and Solaris download cache v6.0 are available to support CPU fixlets. fixlets released: 20120403 Critical Patch Update 2012-04 - Solaris 10 20120404 Critical Patch Update 2012-04 - Solaris 10 - Outdated Packages 20120401 Critical Patch Update 2012-04 - Solaris 10_x86 20120402 Critical Patch Update 2012-04 - Solaris 10_x86 - Outdated... [More]
Content in the Patches for Windows non-English Fixlet Sites has been released. New Fixlet Messages: MS12-072: Vulnerabilities in Windows Shell Could Allow Remote Code Execution - Windows 8 Gold (ID: 1207223) MS12-072: Vulnerabilities in Windows Shell Could Allow Remote Code Execution - Windows 8 Gold (x64) (ID: 1207225) MS12-072: Vulnerabilities in Windows Shell Could Allow Remote Code Execution - Windows Server 2012 Gold (x64) (ID: 1207227) MS12-074: Vulnerabilities in .NET Framework Could Allow Remote Code Execution - .NET Framework... [More]
Be aware that currently TEM does not support migrating AD users to a different OU. When an AD user is moved to a different OU it prevents the AD user from logging into the console via LDAP. This article describes what you would need to do to restore an LDAP account. Question How to get Console LDAP operators to be able to login after moving the users to new OUs and groups? Cause Functionality not yet available. Answer Here's the workaround: 1. Backup the database. 2. Using SQL Server Management Studio by querying for the current... [More]
The IBM Mobile Device Management team is pleased to announce the release of Mobile Device Management 2.3 today.
New Major Features:
1. Enterproid Divide Integration Enhancements – You can now fully define and provision Divide policies through IEM for Mobile with our new Divide Policy Dashboard
2. Security Compliance Dashboard – Added a centralized view to help view and manage users who violate assigned security policies.
3. Refined UI for IBM Mobile Client for Apple iOS–... [More]
We've just released a new feature to
Labs- the Client Manager Builder. The Client Manager Builder can help you
manage anti-virus products from vendors that are not supported by the
Client Manager for Endpoint Protection (CMEP) site by generating
content for those unsupported anti-virus products. The CMEP site
currently supports the following vendors: McAfee, Symantec,
Trend Micro, Microsoft™, Sophos, Computer Associates, and IBM®.
For more information about how to use
this cool feature, please refer to this wiki: Using the... [More]
New content released
Reporting category: What info do I include when I open a Tivoli Endpoint Manager support case with IBM?
Problem determination category: Client level debug and data collection http://www.ibm.com/support/docview.wss?uid=swg21574306&lnk=uctug_tivoli_dw_2012-11-16_tivoli_iea
Hi All, We've just released a new Fixlet site to deploy and
manage Proventia Desktop and IBM Security Server Protection for Windows.
The site is named "Client Manager for Host Protection". "Client Manager for Host Protection" includes the following key capabilities: - Deploy and upgrade Server Protection and Proventia Desktop agents - Report on Server Protection and Proventia Desktop agent status and version Note
that as with other Client Manager content, this site is not a
replacement for the SiteProtector... [More]
There is currently a 0 day advisory from Microsoft in which Microsoft has not provided a downloadable patch for yet. However they, have provided a workaround to disable the vulnerability.
Important Note: The workaround is a registry setting will disable remote VPN access on an endpoint which is using NDProxy to authenticate. So if the IEM agent on the endpoint requires a VPN connection to reach its parent relay or server, applying the workaround would make the agent not reachable to its parent relay or server.
Please note that the RPM Patching Dashboard (as well as other content) has moved to the Patching Support site from the Linux RPM Patching site. Action Required: Subscribe to the Patching Support site in the console to ensure you have continued access to this dashboard. *************ANNOUNCEMENT************** From: Announcements for BES Administrators < email@example.com > To: firstname.lastname@example.org , Date: 01/24/2013 02:46 PM Subject: [BESAdmin-Announcements] Content Modification in Linux... [More]
Detecting installations of a particular software on Windows is a simple job, but things get worst in case of Linux and UNIX, especially if the software was not installed using native binaries like rpm or deb packages. Windows has the registry (start -> run -> regedit.exe) to list all the required details of a product like install path, product version, locale or product type etc., but on Linux or UNIX it may not be that easy. There's a similar problem about detecting DB2 installations on Non-Windows OS without running ab IBM DB2... [More]
Many companies look at Software Asset Management (SAM) as
something they can manage with spreadsheets and home grown software. Until a software company performs a license
audit and they find their spreadsheets are out of date and then the CEO wants
to know why the company is faced with a huge unplanned software bill. Or maybe their software costs are consuming
more and more of their limited IT budget and management wants to know if all
these software licenses are really being used.
Seems like a good question, but they can’t even... [More]
New flash training released for Tivoli Endpoint Manager v 8.2
This module is titled: Manually adding new software titles to the software usage analysis catalog
See all Tivoli IEA content here:
Content in the Patches for Windows (English) Fixlet Site has been released.
New Fixlet Messages:
Fixlet messages for Microsoft Security Bulletins:
Reason for Update:
Microsoft has released 7 Security Bulletins... [More]
SCM Content has been updated for the DISA UNIX Checklists! * Only the Linux OS's are affected by this update -- here are the new versions of the checklists: Self-Parameterizing Checklists: DISA STIG Checklist for AIX 5.1 ---------- now site version 6 DISA STIG Checklist for AIX 5.2 ---------- now site version 5 DISA STIG Checklist for AIX 5.3 ---------- now site version 5 DISA STIG Checklist for AIX 6.1 ---------- now site version 5 DISA STIG Checklist for HPUX 11.00 --- now site version 5 DISA STIG Checklist for HPUX... [More]
Content in the Patches for Windows (English) has been released: New Fixlet Messages: - 279422001 2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution - Enable MSHTML Shim Workaround - IE 6/7/8 - 279422003 2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution - Disable MSHTML Shim Workaround - IE 6/7/8 Reason for Update: - Microsoft has released Security Advisory 2794220. Actions to Take: - None Published site version: - Patches for Windows (English), version 1699 Additional links: - None... [More]
We've added a lot of great features and enhancements in the 8.x platform releases, with even more fantastic new capabilities to come in future platform versions. However, in order for our products to fully take advantage of all of these great benefits, we need migrate deployments off version 7.2. That's why we're pre-announcing end of support for 7.2, with plenty of advance notice to our users. Here are some reasons to upgrade:
I ntegration with Microsoft Active Directory and LDAP - Provision and authenticate Console users through... [More]
If you are an MDM customer integrating your MDM and MaaS360 deployments, please see the updated instructions for acquiring Fiberlink Web Services access on the DevWorks IEM Wiki, at https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/IBM%20MaaS360%20Integration%20for%20Unified%20Reporting .
In connection to Apple's recent security advisory ( http://support.apple.com/kb/HT5660 ) on the Java Web plug-in, we are advising all Mac users to upgrade to Java 6 update 51 and Java 7 update 25.
We have provided the following Fixlets for such purpose:
73130601 UPDATE: Java for Mac OS X 10.6 Update 16
73130603 UPDATE: Java for Mac OS X 2013-004
74130618 UPDATE: Java Runtime Environment 7 update 25 Available