Accessing a cloud-hosted trial

A trial of WebSphere Automation is available that can be used for seven calendar days at no cost. You can register provided servers for security monitoring, apply a fix for a CVE, revert the fix, and register your own server.

1. In a browser, open the WebSphere Automation cloud-hosted trial page.
2. Complete and submit the registration form.
   
   If you already have an IBMid, click the Log in link next to Already have an IBM account?. Log in using the information that is associated with your IBMid.
   If you are registering for a new IBMid, complete the information forms and look for an email from IBM Security (ibmacct.iam.ibm.com) with a confirmation code. Finish the forms with the confirmation code from the email to create your IBMid.
3. Check for the email from support@open-trial-labs.ibm.com with the subject line Your trial login information (save this email!) - WebSphere Automation. It contains the credentials to use for your trial.
   The email appears similar to the following image.

   
   Until you receive this email, the URL https://cloud.open-trial-labs.ibm.com/openlabs/dashboard/websphere-automation only shows a Loading... indicator.
   Depending on the number of registered users in the queue, it might take as many as seven business days to receive this email. Most users receive the email and can start their trial within 24 hours.
   Your trial is for seven calendar days and begins on the day that you receive the email.
4. Click Access your 7 day trial in the Your trial login information... email.
   If your browser displays certificate warnings, choose to accept the risk and continue to the trial page. The Log in to IBM Cloud Pak page appears.
   
5. On the Log in to IBM Cloud Pak page, select IBM provided credentials (admin only), enter the provided credentials, and click Log in.
   The Welcome page appears.
   
6. Follow the Learning Guide on the side of the page to learn about how to use your hosted trial of WebSphere Automation.
   Do the steps in the order in which they are presented.
   The Learning Guide include the following sections or courses.

   • Start here. Open and explore the various pages within WebSphere Automation.
   • Add traditional and Liberty servers. Learn how to add WebSphere Application Server and WebSphere Application Server Liberty servers to WebSphere Automation so that they can be monitored for security and health.
   • Patch a server. Apply a fix to a monitored server to see automatic updates and notifications from WebSphere Automation.
   • Liberty config aware. Learn how Liberty CVEs are aware of the configuration of WebSphere Application Server Liberty, so that vulnerabilities that affect Liberty components that are not in use are not reported against that server.
   • Bring your own server. Add a server on one of your own machines for security and health monitoring.
   • Thank you. Access links to additional information about WebSphere Automation.
   Click the screen capture icon () in the Learning Guide to see an image of the hosted trial screen that assists with the current step.
   When you complete a course or a portion of a course, check I'm done! to log your progress. You can return to sections marked complete at any time until your trial ends. Click the Learning Guide title to return to the list of courses.
7. Work through the Start here course.
   1. Follow the instructions to open WebSphere Automation in the user interface (UI).
   2. Explore the UI by clicking the navigation icons in the WebSphere Automation UI.

      Notice that there are no servers currently being monitored and that no email addresses are configured for notifications.

   3. Add your email address using the controls in the Notification settings page so that you can receive example notification emails about events in WebSphere Automation as you progress through the steps in the hosted trial.
   4. When you are finished exploring the WebSphere Automation UI, click Learning Guides to return to the list of courses.
8. Work through the Add traditional and Liberty servers section.
   1. Access the terminal. In the browser window, click the Terminal tab. The Terminal tab is located next to the currently selected Service tab that shows the IBM Cloud Pak framework with the Welcome page open.

      The Learning Guide shows three terminal window commands in code blocks. To use the scripts, you can click them in the Learning Guide, copy them and paste them into a command prompt in the terminal page, or type them into the command prompt (student$) in the terminal page. The three scripts provide listings of scripts that are available for you to use as part of your hosted trial.

      
   2. Get configuration information. To register a server to be monitored by WebSphere Automation, you must configure that server with the following three pieces of information:
      • URL: the WebSphere Automation registration URL
      • API key: the API key that the server uses to securely authenticate with WebSphere Automation
      • SSL Trust: a keystore must contain the TLS/SSL certificate to establish a secure connection

      Use the provided scripts to set environment variables for the URL and the API key. The TLS/SSL certificate is extracted and saved during registration.

      
      Note: This hosted trial uses WebSphere Automation 1.4. In the currently available version of WebSphere Automation, configuration information is provided through the UI. For more information, see the current documentation about registering servers.
   3. Register a Liberty server. Run the provided configuration script to add the correctly configured usage metering feature to a Liberty server.
      

      Click the Services tab and notice that information about the newly registered server appears in the Security and Server management pages.

      

      If you provided an email address in the Notification settings page, check for a notification email from WebSphere Automation about the newly registered server.

      Scripts are also provided that show the updated configuration information for the Liberty server and the successful registration message in the log file.

   4. Register a WebSphere Application Server traditional server. Run the provided configuration script to add the correctly configured usage metering feature to a WebSphere Application Server traditional server.
      

      Click the Services tab and notice that information about the newly registered server appears in the Security and Server management pages.

      

      If you provided an email address in the Notification settings page, check for a notification email from WebSphere Automation about the newly registered server.

      Scripts are also provided that show the updated configuration information for the server and the successful registration message in the log file.

9. Work through the Patch a server section.
   1. Identify server to patch. In the Service window, use the Security page to locate the server affected by the Apache Log4J vulnerability (CVE-2021-44228).
   2. Patch CVE. In the Security page, open the CVE details page in WebSphere Automation for CVE-2021-44228. In the Servers tab, you can click the CVE-2021-44228 entry in the Unresolved CVEs column for server1; or, in the CVEs tab, you can click the CVE-2021-44228 entry in the CVE column.
      

      On the CVE details page, scroll to the Affected servers section. The server1 server is listed as a server affected by this vulnerability. Click the Prepare fix link for server1. It might be necessary to scroll the table horizontally to see the link.

      

      In the Prepare fix dialog, select the interim fix PH42728 to resolve this vulnerability and click Fetch then install fix.

      
   3. See update. You can watch the progress of the status updates in the Fix management tab of the Security page for server1. When the status is Succeeded, open the Servers tab and confirm that CVE-2021-44228 is not listed as a vulnerability for server1.

      Click the Server management page and then click the entry for server1. Notice the installed fixes listed on the server information page. Next, click the Vulnerabilities tab and notice the updated information in the Fix history and Fix management sections.

   4. Revert patch. You can uninstall fixes that have been applied to servers. If you are not already on the Fix management page for server1, click Server management > server1 > Vulnerabilities > Fix management. Click Uninstall latest package to remove the most recently installed fix. In the Uninstall package dialog, note the information about the fix to be uninstalled, then click Uninstall.

      After the fix is uninstalled, take notice of the changes in the various information pages for server1.

      If you configured an email for notifications, check for a new email from WebSphere Automation about the vulnerability that is exposed by the removal of the fix.

   5. Patch Liberty. In the Security page, click the entry in the Unresolved CVE column for liberty-server that indicates a number of additional CVEs in parentheses. The side panel opens with a list of all of the individual CVEs that affect the server. Select a CVE to fix, and click it to open its CVE details page. In the Affected servers section, find liberty-server and use its Prepare fix link to install the fix. Follow the status updates and take notice of the changes in the informational pages after the installation completes.
10. Work through the Liberty config aware section.
    1. Modify configuration. When assessing the impact of a CVE for Liberty servers, WebSphere Automation takes into consideration the components that are actually installed. Follow the instructions in the Learning Guide to use a text editor to remove the adminCenter-1.0 feature from the Liberty server.
    2. See update. After updating the Liberty server configuration, notice that the server is no longer vulnerable to CVE-2021-23450, which only applies to the adminCenter-1.0 feature.
11. Work through the Bring your own server section.
    1. Bring your own server to WebSphere Automation. Follow the steps provided to register your WebSphere Application Server or WebSphere Application Server Liberty server that you control with this instance of WebSphere Automation. You must have administrator access to change the configuration of your server. Collect the configuration information that you need, then click the link in the Learning Guide to the product documentation for the type of server that you want to register. Follow those manual steps. After the server restarts, look for the notification email and note the changes in the WebSphere Automation UI.
12. View the Thank you section.
    1. Thanks for using the hosted trial. Use the links to learn more about WebSphere Automation or to contact an IBM expert by email.
    2. Open feature requests. If you have ideas for changes that you would like to see in WebSphere Automation, click the link to the Cloud Platforms Ideas portal and create a new feature request.