Download
Abstract
This fix pack for IBM Security Privileged Identity Manager, Version 2.0.2 contains new enhancements and fixes.
Download Description
The following versions can be upgraded to Fix Pack 13 directly:
| From | To | Method |
|---|---|---|
| IBM Security Privileged Identity Manager 2.0.2 Fix pack 3, Interim Fix 4, Fix pack 6, Fix pack 8 and Interim Fix 10, Fix pack 11. | IBM Security Privileged Identity Manager 2.0.2 Fix Pack 13 |
|
Note:
- For more information on upgrading via a USB device, see Upgrading the IBM Security Privileged Identity Manager virtual appliance from a USB device.
- For more information on upgrading via firmware update transfer utility, see Upgrading the IBM Security Privileged Identity Manager virtual appliance with firmware update transfer utility.
This fix pack corrects security vulnerabilities and the following issues that are found in IBM Security Privileged Identity Manager 2.0.2 release:
- APAR IJ26816
Error message "CTGIMS009E You do not have the authority to perform this operation" is vague and not useful.
Prerequisites
This fix pack contains the following files:
- 2.0.2-ISS-ISPIM-VA-FP0013.pkg (The IBM Security Privileged Identity Manager v2.0.2, Fix Pack 13 file)
- 2.0.2-ISS-ISPIM-VA-FP0013.pkg.md5 (md5 sum for the 2.0.2-ISS-ISPIM-VA-FP0013.pkg file)
Before you install Fix Pack 13, back up the existing Virtual Appliance:
- Use the hypervisor or VMWare client to take a snapshot of the external data tier (Directory Server and Database system)
- Take a snapshot of the Virtual Appliance by performing one of the following methods:
- With the hypervisor or VMWare client
- Via the Virtual Appliance Dashboard (LMI). See Creating a snapshot of the primary virtual appliance.
Installation Instructions
Important
After you install the firmware with the Command Line Interface (CLI), ensure that the installation process is completed before you perform any of the following options:
- Restart the virtual appliance
- Apply a subsequent fix pack
You can verify that the installation process is completed by performing one of the following actions:
- From the CLI:
Wait for the login prompt to be displayed on the CLI.
- From the LMI:
1. Login to the Appliance Dashboard.
2. Navigate to Monitor > Logs > Event log. If the installation is successful, the log shows
2. Navigate to Monitor > Logs > Event log. If the installation is successful, the log shows
The update ispim_<pkg file name> was successful.
Upgrading the standalone virtual appliance for deployments with VMware ESXi
See Installing the fix pack by using the FileUpload Tool.
Upgrading the virtual appliance cluster for deployments with VMware ESXi
- Stop the member nodes.
- Remove member nodes from the cluster.
- In the primary node, from the Appliance Dashboard, click Configure > Manage Cluster.
- Select the nodes and remove them.
- Upgrade the primary node. See Installing the fix pack by using the FileUpload Tool .
- Verify that the primary was successfully upgraded.
- Create new member virtual appliances, with the same version as the upgraded primary node by performing the following steps:
- Deploy IBM Security Privileged Identity Manager version 2.0.2.13 by using the IBM Security Privileged Identity Manager v2.0.2 Virtual Appliance for VMware ESXi with Fix Pack 13 image (2.0.2-ISS-ISPIM-VA-FP00013.iso).
- Perform the initial set up of the Virtual appliance : Set up the virtual appliance .
- Connect the member node to the upgraded primary : Setup member node .
- Modify the load balancer configuration with the changes, if required.
Installing the fix pack by using the FileUpload Tool
Procedure
- Copy the tool to a system where Java is already installed. Java version 1.7 is recommended. See IBM Security Identity Virtual Appliance Firmware Update Transfer Utility version 2.1 .
Note: You can use the Java version 1.7 installed with many IBM products, such as WebSphere Application Server. - Copy the firmware update (pkg) file, obtained from IBM Fix Central to the file system. See IBM Security Identity Virtual Appliance Firmware Update Transfer Utility version 2.1 .
- Run the the following command to upload the 2.0.2-ISS-ISPIM-VA-FP0013.pkg file.
java -jar FileUpload.jar pimva.ibm.com:9443 admin <password for admin account> <path to>/temptrust.jks WebAS <path to upgrade package>.pkg
-
For example:
Windows
C:\Upg>java -jar FileUpload.jar pimva.ibm.com:9443 admin admin c:\Upg\temptrust.jks WebAS c:\Upg\2.0.2-ISS-ISPIM-VA-FP0013.pkg
Linux
java -jar FileUpload.jar pimva.ibm.com:9443 admin admin /work/temptrust.jks WebAS /Downloads/2.0.2-ISS-ISPIM-VA-FP0013.pkg
You see the following message when the upload is successful:
Upload completed successfully.
- After the 2.0.2-ISS-ISPIM-VA-FP00013.pkg file is transferred, use the following appliance CLI to install the firmware:
ispim > upgrade > install - When you are prompted, type the reboot command and press Enter to restart the virtual system by using Partition 2. Partition 2 is now the active partition.
The results are as follows:
- After the virtual appliance restarts from the Partition 2, all Partition 1 configuration information is applied to the Partition 2.
- After the configuration is applied to the virtual appliance, the log in prompt is displayed in the CLI. - Access the dashboard at
https://<hostname>:9443. It indicates you must restart the virtual appliance. - Restart the virtual appliance to complete the upgrade process.
- Verify the fix pack version of the virtual appliance by accessing
https://<hostname>:9443/about.
Troubleshooting
After ISO installation and command line interface configuration, the appliance might revert to an unconfigured login state. This issue is intermittent and configuring the CLI a second time resolves the issue.
Fresh configuration or reconfiguration of external user registry in SSL is not supported for 2.0.2-ISS-ISPIM-VA-FP0013. However, upgrading a setup to 2.0.2-ISS-ISPIM-VA-FP0013 with a configured external user registry, either in SSL or non-SSL, is supported.
If you still have problems connecting to the LDAP server over SSL, after you apply the fix pack, complete the following steps:
- Restart the virtual appliance again and check for the directory server status on the Local Management Interface. You also want to check whether the application login is working.
- If restarting the virtual appliance does not help, restore the virtual appliance to the snapshot that was taken before Fix Pack 13 was applied.
- Reapply Fix Pack 13.
On
[{"DNLabel":"2.0.2-ISS-ISPIM-VA-FP0013","DNDate":"10 Aug 2020","DNLang":"English","DNSize":"3136703195 B","DNPlat":{"label":"Platform Independent","code":"PF025"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.0.2&platform=Linux&function=fixId&fixids=2.0.2-ISS-ISPIM-VA-FP0013&includeRequisites=1&includeSup","DNURL_FTP":"","DDURL":null}]
[{"Product":{"code":"SSRQBP","label":"IBM Security Privileged Identity Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.0.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
10 August 2020
UID
ibm16256512