IBM Support

IBM Security Privileged Identity Manager, Virtual Appliance fix pack 2.1.1-ISS-ISPIM-VA-FP0002

Download


Abstract

The IBM Security Privileged Identity Manager Virtual Appliance fix pack, Version 2.1.1 contains fixes and changes.

Download Description

The following versions can be upgraded to Fix Pack 2 directly:
From To Method
IBM Security Privileged Identity Manager Version 2.1.1 GA IBM Security Privileged Identity Manager Version 2.1.1 Fix Pack 2
  • USB
  • FileUpload Tool
This fix pack corrects security vulnerabilities and the following issues that are found in the IBM® Security Privileged Identity Manager 2.1.1 release: 
  • APAR IJ08528
    Restoring a snapshot in IBM Security Privileged Identity Manager 2.1 does not restore services on the virtual appliance.
  • APAR IJ04858
    HTTP error code: 411 - E configureFileSyncForCluster: primary_unreachable.
  • APAR IJ00391
    The IBM Security Privileged Identity Manager 2.1 VA Local Management Interface does not display all properties when the page size is less than the total number of properties.
  • APAR IJ12688
    HTTPS certificate is not in use on member node.
  • APAR IJ09014
    IBM Security Privileged Identity Manager - single Sign-on Server unavailable.
  • APAR IJ14170
    IBM Security Privileged Identity Manager - NTP sync issue with NTP server for IBM Security Privileged Identity Manager.
  • APAR IJ14828
    Unable to clear core dump from IBM Security Privileged Identity Manager 2.1.1 virtual appliance.

Prerequisites

This fix pack contains the following files:
  • 2.1.1-ISS-ISPIM-VA-FP0002.pkg
    The IBM Security Privileged Identity Manager v2.1.1, Fix Pack 2 file.
  • 2.1.1-ISS-ISPIM-VA-FP0002.pkg.md5
    md5 sum for the 2.1.1-ISS-ISPIM-VA-FP0002.pkg file.
Before you install Fix Pack 2, back up the existing Virtual Appliance:
  • Use the hypervisor or VMWare client to take a snapshot of the external data tier (Directory Server and Database system)
  • Take a snapshot of the Virtual Appliance by performing one of the following methods:

Installation Instructions

IMPORTANT
After you install the firmware with the Command Line Interface (CLI), ensure that the installation process is completed before you perform any of the following options:
•    Restart the virtual appliance
•    Apply a subsequent fix pack
You can verify that the installation process is completed by performing one of the following actions:
  • From the CLI:
    Wait for the login prompt to be displayed on the CLI.

  • From the LMI:
    1. Login to the Appliance Dashboard.
    2. Navigate to Monitor > Logs > Event log. If the installation is successful, the log shows

    The update ispim_<pkg file name> was successful.

Upgrading the standalone virtual appliance for deployments with VMware ESXi

See Installing the fix pack by using the FileUpload Tool.

Upgrading the virtual appliance cluster for deployments with VMware ESXi

Important: The required ISO files for clustered deployments are downloadable from updated images on Passport Advantage. Download the updated images from Passport Advantage and learn more from the April 2019 eAssembly update of the download document.
  1. Stop the member nodes.
  2. Remove member nodes from the cluster.
    1. In the primary node, from the Appliance Dashboard, click Configure > Manage Cluster.
    2. Select the nodes and remove them.
  3. Upgrade the primary node. See Installing the fix pack by using the FileUpload Tool.
  4. Verify that the primary was successfully upgraded.
  5. Create new member virtual appliances, with the same version as the upgraded primary node by performing the following steps:
    1. Deploy IBM Security Privileged Identity Manager version 2.1.1.2 using 2.1.1-ISS-ISPIM-VA-FP0002.iso.
    2. Perform the initial set up of the Virtual appliance : Set up the virtual appliance.
    3. Connect the member node to the upgraded primary : Set up member node.
  6. Modify the load balancer configuration with the changes, if required.

   

Upgrading the standalone virtual appliance for deployments with Citrix XenServer

Upgrading the virtual appliance cluster for deployments with Citrix XenServer

Important: The required ISO files for clustered deployments are downloadable from updated images on Passport Advantage. Download the updated images from Passport Advantage and learn more from the April 2019 eAssembly update of the download document.
  1. Stop the member nodes.
  2. Remove member nodes from the cluster.
    1. In the primary node, from the Appliance Dashboard, click Configure > Manage Cluster.
    2. Select the member nodes and remove them.
  3. Upgrade the primary node. See Upgrading the virtual appliance standalone for deployments with Citrix XenServer.
  4. Verify that the primary was successfully upgraded.
  5. Create new member virtual appliance(s), with the same version as the upgraded primary node by performing the following steps:
    1. Deploy IBM Security Privileged Identity Manager version 2.1.1.2 using 2.1.1-ISS-ISPIM-VA-FP0002_vhd.zip.
    2. Perform the initial set up of the Virtual appliance : Set up the virtual appliance.
    3. Connect the member node to the upgraded primary : Set up member node.
  6. Modify the load balancer configuration with the changes, if required.

   

Installing the fix pack by using the FileUpload Tool

  1. Copy the tool to a system where Java is already installed. Java version 1.7 is recommended. See IBM Security Identity Virtual Appliance Firmware Update Transfer Utility version 2.1.
    Note: You can use Java 1.7 that is installed with many IBM products, such as WebSphere Application Server.
  2. Copy the firmware update (pkg) file, obtained from IBM Fix Central to the file system. See IBM Security Identity Virtual Appliance Firmware Update Transfer Utility version 2.1.
  3. Run the the following command to upload the 2.1.1-ISS-ISPIM-VA-FP0002.pkg file.

    java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin <password for admin account> <path to>/temptrust.jks WebAS <path to upgrade package>.pkg
    For example:
    Windows
    C:\Upg>java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin admin c:\Upg\temptrust.jks WebAS c:\Upg\2.1.1-ISS-ISPIM-VA-FP0002.pkg
    Linux
    java -jar FileUpload_2.1.0.jar pimva.ibm.com:9443 admin admin /work/temptrust.jks WebAS /Downloads/2.1.1-ISS-ISPIM-VA-FP0002.pkg
    You see the following message when the upload is successful:
    Upload completed successfully.
  4. Once the 2.1.1-ISS-ISPIM-VA-FP0002.pkg file is transferred, use the following appliance CLI to install the firmware:
    ispim > upgrade > install
  5. When you are prompted, type the reboot command and press Enter to restart the virtual system by using Partition 2. Partition 2 is now the active partition.
    The following results are displayed
    - After the virtual appliance restarts from the Partition 2, all Partition 1 configuration information is applied to the Partition 2.
    - After the configuration is applied to the virtual appliance, the log in prompt is displayed in the CLI.
  6. Access the dashboard at https://<hostname>:9443. It indicates you must restart the virtual appliance.
  7. Restart the virtual appliance to complete the upgrade process.
  8. Verify the fix pack version of the virtual appliance by accessing https://<hostname>:9443/about.


Troubleshooting

If you still have problems connecting to the LDAP server over SSL, after you apply the fix pack, complete the following steps:
  1. Restore the virtual appliance to the snapshot that was taken before Fix Pack 2 was applied.
  2. Reapply Fix Pack 2.

On
[{"DNLabel":"2.1.1-ISS-ISPIM-VA-FP0002","DNDate":"29 Mar 2019","DNLang":"English","DNSize":"3358499853","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=Linux&function=fixId&fixids=2.1.1-ISPIM-VA-FP0002&includeRequisites=1&includeSup","DNURL_FTP":" ","DDURL":null}]
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRQBP","label":"IBM Security Privileged Identity Manager"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 April 2019

UID

ibm10877082

Page Feedback