IBM Support

IBM Security Privileged Identity Manager, Virtual Appliance fix pack 2.1.1-ISS-ISPIM-VA-FP0004

Download


Abstract

The IBM Security Privileged Identity Manager Virtual Appliance fix pack, Version 2.1.1 contains fixes and changes.

Download Description

The following versions can be upgraded to Fix Pack 4 directly:
From To Method
IBM Security Privileged Identity Manager Version 2.1.1 GA IBM Security Privileged Identity Manager Version 2.1.1 Fix Pack 4
  • USB
  • FileUpload Tool
This fix pack corrects security vulnerabilities and the following issues that are found in the IBM® Security Privileged Identity Manager 2.1.1 release: 
  • APAR IJ16912
    Time Format 12 hours does not include AM or PM.
  • APAR IJ10787
    Credential Tag not getting updated using bulk uploader. 
  • APAR IJ16100
    SSH sessions do not work through the session gateway (PSGW) if PIM VA host names contain uppercase letters. 
    Note: Irrespective of whether VA hostname is in uppercase or lowercase, the “referrer” value of authorized_clients property from PSG response file must be in lowercase. 
  • APAR IJ11994 
    ISPIM 2.1.1 help pages for non-English language give a 404 error.
  • APAR IJ14285
    CTGIMU551E an application error occurred while uploading identity provider file for Solaris profile.
  • APAR IJ14424 
    API, it gives error CTGIMF007E the specified object cannot be found in the directory server. 

Prerequisites

This fix pack contains the following files:
  • 2.1.1-ISS-ISPIM-VA-FP0004.pkg
    The IBM Security Privileged Identity Manager v2.1.1, Fix Pack 4 file.
  • 2.1.1-ISS-ISPIM-VA-FP0004.pkg.md5
    md5 sum for the 2.1.1-ISS-ISPIM-VA-FP0004.pkg file.
Before you install the fix pack, back up the existing Virtual Appliance:
  • Use the hypervisor or VMware client to take a snapshot of the external data tier (Directory Server and Database system)
  • Take a snapshot of the Virtual Appliance by performing one of the following methods:

Installation Instructions

IMPORTANT
After you install the firmware with the Command Line Interface (CLI), ensure that the installation process is completed before you perform any of the following options:
•    Restart the virtual appliance
•    Apply a subsequent fix pack
You can verify that the installation process is completed by performing one of the following actions:
  • From the CLI:
    Wait for the login prompt to be displayed on the CLI.

  • From the LMI:
    1. Login to the Appliance Dashboard.
    2. Navigate to Monitor > Logs > Event log. If the installation is successful, the log shows

    The update ispim_<pkg file name> was successful.

Upgrading the standalone virtual appliance for deployments with VMware ESXi

See Installing the fix pack by using the FileUpload Tool.

Upgrading the virtual appliance cluster for deployments with VMware ESXi

Important: The required ISO files for clustered deployments are downloadable from updated images on Passport Advantage. Download the updated images from Passport Advantage and learn more from the April 2019 eAssembly update of the download document.
  1. Stop the member nodes.
  2. Remove member nodes from the cluster.
    1. In the primary node, from the Appliance Dashboard, click Configure > Manage Cluster.
    2. Select the nodes and remove them.
  3. Upgrade the primary node. See Installing the fix pack by using the FileUpload Tool.
  4. Verify that the primary was successfully upgraded.
  5. Create new member virtual appliances, with the same version as the upgraded primary node by performing the following steps:
    1. Deploy IBM Security Privileged Identity Manager version 2.1.1.4 by using 2.1.1-ISS-ISPIM-VA-FP0004.iso.
    2. Perform the initial set up of the Virtual appliance : Set up the virtual appliance.
    3. Connect the member node to the upgraded primary : Set up member node.
  6. Modify the load balancer configuration with the changes, if required.

   

Upgrading the standalone virtual appliance for deployments with Citrix XenServer

Upgrading the virtual appliance cluster for deployments with Citrix XenServer

Important: The required ISO files for clustered deployments are downloadable from updated images on Passport Advantage. Download the updated images from Passport Advantage and learn more from the April 2019 eAssembly update of the download document.
  1. Stop the member nodes.
  2. Remove member nodes from the cluster.
    1. In the primary node, from the Appliance Dashboard, click Configure > Manage Cluster.
    2. Select the member nodes and remove them.
  3. Upgrade the primary node. See Upgrading the virtual appliance standalone for deployments with Citrix XenServer.
  4. Verify that the primary was successfully upgraded.
  5. Create new member virtual appliance(s), with the same version as the upgraded primary node by performing the following steps:
    1. Deploy IBM Security Privileged Identity Manager version 2.1.1.4 by using 2.1.1-ISS-ISPIM-VA-FP0004_vhd.zip.
    2. Perform the initial set up of the Virtual appliance : Set up the virtual appliance.
    3. Connect the member node to the upgraded primary : Set up member node.
  6. Modify the load balancer configuration with the changes, if required.

   

Installing the fix pack by using the FileUpload Tool

  1. Copy the tool to a system where Java is already installed. Java version 1.7 is recommended. See IBM Security Identity Virtual Appliance Firmware Update Transfer Utility version 2.1.
    Note: You can use Java 1.7 that is installed with many IBM products, such as WebSphere Application Server.
  2. Copy the firmware update (pkg) file, obtained from IBM Fix Central to the file system. See IBM Security Identity Virtual Appliance Firmware Update Transfer Utility version 2.1.
  3. Run the the following command to upload the 2.1.1-ISS-ISPIM-VA-FP0004.pkg file.

    java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin <password for admin account> <path to>/temptrust.jks WebAS <path to upgrade package>.pkg
    For example:
    Windows
    C:\Upg>java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin admin c:\Upg\temptrust.jks WebAS c:\Upg\2.1.1-ISS-ISPIM-VA-FP0004.pkg
    Linux
    java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin admin /work/temptrust.jks WebAS /Downloads/2.1.1-ISS-ISPIM-VA-FP0004.pkg
    You see the following message when the upload is successful:
    Upload completed successfully.
  4. Once the 2.1.1-ISS-ISPIM-VA-FP0004.pkg file is transferred, use the following appliance CLI to install the firmware:
    ispim > upgrade > install
  5. When you are prompted, type the reboot command and press Enter to restart the virtual system by using Partition 2. Partition 2 is now the active partition.
    The following results are displayed
    - After the virtual appliance restarts from the Partition 2, all Partition 1 configuration information is applied to the Partition 2.
    - After the configuration is applied to the virtual appliance, the log in prompt is displayed in the CLI.
  6. Access the dashboard at https://<hostname>:9443. It indicates you must restart the virtual appliance.
  7. Restart the virtual appliance to complete the upgrade process.
  8. Verify the fix pack version of the virtual appliance by accessing https://<hostname>:9443/about.


Troubleshooting

If you still have problems connecting to the LDAP server over SSL, after you apply the fix pack, complete the following steps:
  1. Restore the virtual appliance to the snapshot that was taken before Fix Pack 4 was applied.
  2. Reapply Fix Pack 4.

On
[{"DNLabel":"2.1.1-ISS-ISPIM-VA-FP0004","DNDate":"13 Dec 2019","DNLang":"English","DNSize":"3607870171 B","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=Linux&function=fixId&fixids=2.1.1-ISPIM-VA-FP0004&includeRequisites=1&includeSup","DNURL_FTP":"","DDURL":null}]
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRQBP","label":"IBM Security Privileged Identity Manager"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
13 December 2019

UID

ibm11135678

Page Feedback