IBM Support

IBM Security Privileged Identity Manager fix pack 2.1.0-ISS-ISPIM-VA-FP0014

Download


Abstract

This fix pack for IBM Security Privileged Identity Manager, Version 2.1.0 contains new enhancements and fixes.

Download Description

The following versions can be upgraded to Fix Pack 14 directly:

From

To

Method
  • IBM Security Privileged Identity Manager version 2.1.0 GA
  • IBM Security Privileged Identity Manager Fixpack 3
  • IBM Security Privileged Identity Manager Fixpack 6
  • IBM Security Privileged Identity Manager Fixpack 7
  • IBM Security Privileged Identity Manager Fixpack 8
  • IBM Security Privileged Identity Manager Fixpack 10
  • IBM Security Privileged Identity Manager Interim Fixpack 11
  • IBM Security Privileged Identity Manager Fixpack 12
  • IBM Security Privileged Identity Manager Fixpack 13

IBM Security Privileged Identity Manager version 2.1.0 Fix Pack 14

· USB 
· FileUpload Tool

Note:

This fix pack corrects security vulnerabilities and the issues that are found in IBM® Security Privileged Identity Manager 2.1.0 release.

For more information on new features and enhancements, see New in Version 2.1.0.
 

Prerequisites

This fix pack contains the following files:

  • 2.1.0-ISS-ISPIM-VA-FP0014.pkg (The IBM Security Privileged Identity Manager v2.1.0, Fix Pack 14 file)
  • 2.1.0-ISS-ISPIM-VA-FP0014.pkg.md5 (md5 sum for the 2.1.0-ISS-ISPIM-VA-FP0014.pkg file)

Before you install Fix Pack 14, back up the existing Virtual Appliance:

  • Use the hypervisor or VMWare client to take a snapshot of the external data tier (Directory Server and Database system)
  • Take a snapshot of the Virtual Appliance by performing one of the following methods:
    - With the hypervisor or VMWare client
    - Via the Virtual Appliance Dashboard (LMI). See     Creating a snapshot of the primary virtual appliance.

Installation Instructions

IMPORTANT 
After you install the firmware with the Command Line Interface (CLI), ensure that the installation process is completed before you perform any of the following options:

  • Restart the virtual appliance
  • Apply a subsequent fix pack


You can verify that the installation process is completed by performing one of the following actions:

  • From the CLI: 
    Wait for the login prompt to be displayed on the CLI.
  • From the LMI:
    1. Login to the Appliance Dashboard.
    2. Navigate to Monitor > Logs > Event log. If the installation is successful, the log shows 

The update ispim_<pkg file name> was successful

Upgrading the standalone virtual appliance for deployments with VMware ESXi

See Installing the fix pack by using the FileUpload Tool

Upgrading the virtual appliance cluster for deployments with VMware ESXi

  1. Stop the member nodes.
  2. Remove member nodes from the cluster.
    a. In the primary node, from the Appliance Dashboard, click Configure > Manage Cluster.
    b. Select the nodes and remove them.
  3. Upgrade the primary node. See Installing the fix pack by using the FileUpload Tool
  4. Verify that the primary was successfully upgraded. 
  5. Create new member virtual appliances, with the same version as the upgraded primary node by performing the following steps: 
    a. Deploy IBM Security Privileged Identity Manager version 2.1.0.12 using 2.1.0-ISS-ISPIM-VA-FP0014.iso. 
    b. Perform the initial set up of the Virtual appliance : Set up the virtual appliance. 
    c. Connect the member node to the upgraded primary : Setup member node. 
  6. Modify the load balancer configuration with the changes, if required. 
       
Upgrading the standalone virtual appliance for deployments with Citrix XenServer
 

Installing the fix pack by using the FileUpload Tool

Procedure

  1. Copy the tool to a system where Java is already installed. Java version 1.7 is recommended. See IBM Security Identity Virtual Appliance Firmware Update Transfer Utility version 2.1.

    Note: You can use the Java version 1.7 installed with many IBM products, such as WebSphere Application Server.
  2. Copy the firmware update (pkg) file, obtained from IBM Fix Central to the file system. See IBM Security Identity Virtual Appliance Firmware Update Transfer Utility version 2.1.
  3. Run the the following command to upload the 2.1.0-ISS-ISPIM-VA-FP0014.pkg file. 
    java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin <password for admin account> <path to>/temptrust.jks WebAS <path to upgrade package>.pkg
    -
    For example:
    Windows
    C:\Upg>java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin admin c:\Upg\temptrust.jks WebAS c:\Upg\2.1.0-ISS-ISPIM-VA-FP0014.pkg

    Linux
    java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin admin /work/temptrust.jks WebAS /Downloads/2.1.0-ISS-ISPIM-VA-FP0014.pkg

    You see the following message when the upload is successful:
    Upload completed successfully.
  4. Once the 2.1.0-ISS-ISPIM-VA-FP0014.pkg file is transferred, use the following appliance CLI to install the firmware:
    ispim > upgrade > install
  5. When you are prompted, type the reboot command and press Enter to restart the virtual system by using Partition 2. Partition 2 is now the active partition.
    The results are as follows:
    - After the virtual appliance restarts from the Partition 2, all Partition 1 configuration information is applied to the Partition 2.
    - After the configuration is applied to the virtual appliance, the log in prompt is displayed in the CLI.
  6. Access the dashboard at https://<hostname>:9443. It indicates you must restart the virtual appliance.
  7. Restart the virtual appliance to complete the upgrade process.
  8. Verify the fix pack version of the virtual appliance by accessing https://<hostname>:9443/about.


 

Troubleshooting

After the ISO installation and CLI configuration, sometimes the appliance goes back to an unconfigured login state. This is an intermittent issue and to resolve it, try the CLI configuration a second time.

Important upgrade considerations

  • VHD installation and cluster upgrade on Xen server is NOT supported for 2.1.0-ISS-ISPIM-VA-FP0014.
  • Standalone upgrade on Xen Server is supported for 2.1.0-ISS-ISPIM-VA-FP0014.
  • Fresh configuration/reconfiguration of external user registry is NOT supported for 2.1.0-ISS-ISPIM-VA-FP0014.
  • Upgrading a setup to 2.1.0-ISS-ISPIM-VA-FP0014 with external user registry configured is supported.

Problems connecting to LDAP server over SSL

If you still have problems connecting to the LDAP server over SSL, after you apply the fix pack, complete the following steps: 

  1. Restart the appliance again and check for the directory server status on LMI. Check whether the application login is working too.
  2. If restarting the appliance does not help, restore the virtual appliance to the snapshot that was taken before Fix Pack 12 was applied.
  3. Reapply Fix Pack 12.

On
[{"DNLabel":"2.1.0-ISS-ISPIM-VA-FP0014","DNDate":"28 Jul 2021","DNLang":"US English","DNSize":"3122338523 B","DNPlat":{"label":"Platform Independent","code":"PF025"},"DNURL":"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.0&platform=All&function=fixId&fixids=2.1.0-ISS-ISPIM-VA-FP0014&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp","DNURL_FTP":"","DDURL":null}]
[{"Product":{"code":"SSRQBP","label":"IBM Security Privileged Identity Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"2.1.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
28 July 2021

UID

ibm16476170

Page Feedback