8.6.00 enhancements and updates
The following sections describe enhancements for BMC Server Automation version 8.6.00:
For information about issues corrected in this release, see Known and corrected issues.
Installation and upgrade enhancements
BMC Server Automation version 8.6 includes the following enhancements to installation functionality:
Unified product install and upgrade
BMC Server Automation 8.6 provides a single installer for most installation and upgrade scenarios within the BMC Server Automation environment. The unified product installer simplifies and improves the installation experience by providing a centralized UI for installation and upgrade of all BMC Server Automation components. For more information about the unified product installer, see Installing using the unified product installer and Upgrading on Windows using the unified product installer.
The unified product installer installs and configures BMC Server Automation components by grouping them into functional units called nodes. The first node that is installed by the unified product installer is called the Default Application Server node. It comprises an Application Server, PXE server, database, network shell, file server, and BMC Server Automation Console. To meet the demands of a larger data center, you can deploy additional Application Servers. The additional Application Server is used for improving the performance of BMC Server Automation. For more information about adding an Additional Application Server after the Default Application Server node is installed, see Adding additional Application Servers.
Maintaining all configuration data on the database
With the release of BMC Server Automation 8.6, the latest copy of all configuration data is now maintained on the database. When an Application Server is started, it uses the configuration data that is stored on the database.
Migration of the configuration data is performed automatically by the unified product installer during upgrade. For cases where the unified product installer cannot be used, BMC Server Automation provides the configurator utility, which performs the database migration and persists configuration data into the database. You run the configurator on all Application Servers and PXE servers. For more information about migrating the configuration data manually, see Migrating the database and persisting configuration data to the database.
Quick start page
This is the first page that is displayed when you launch the BMC Server Automation Console after a fresh installation. It provides you a centralized access to options that execute most major use cases for Infrastructure Management, Compliance, Provisioning, Patching, and Configuration Management. For more information about using each of these options, see Quick start page.
Support for installing agents behind a SOCKS proxy server
BMC Server Automation now supports the installation of RSCD Agents on target servers that are behind a SOCKS proxy. For more information about the necessary configuration, see the list of preliminary tasks in Agent installation overview.
Compliance Content, Compliance, and SCAP enhancements
The following enhancements have been introduced in BMC Server Automation 8.6.00 for Compliance features:
New templates in Compliance Content for supporting additional policies and platforms
BMC Server Automation version 8.6 supports following Compliance Content component templates:
|Bench - mark version||Bench - mark update||Bench - mark version||Bench - mark update||Bench - mark version||Bench - mark update|
|Microsoft Windows Server||2012 R2 Domain Controller||Version 1/Release 4||July, 2014|
|2012 R2 Member Server||Version 1/Release 4||July, 2014|
|7.1||3.0||November, 2013||1.1.0||September, 2013|
|6.1||Version 1/Release 2||July, 2014|
|5.3||3.0||November, 2013||1.1.0||September, 2012|
|Novell SuSE Linux® Enterprise Server||11||3.0||November, 2013||1.0.0||September, 2013|
|10||3.0||November, 2013||1.0.0||September, 2013|
|Oracle™ Solaris™||11 x86||Version 1/Release 1||April, 2014|
|11 SPARC||Version 1/Release 1||April, 2014|
|10 x86||Version 1/Release 5||January, 2014|
|10 SPARC||Version 1/Release 5||January, 2014|
For complete list of available templates, see Compliance policy standards supported by BMC Server Automation templates.
The CIS SUSE 10 template is derived from CIS SUSE 11. Following rules are unique to CIS SUSE 10 template:
- 1.6 seccheck is active
- 2.1.1 Disable Standard Services
- 2.1.2 Disable Standard Services
- 3.3 Disable remote SMTP connections
- 3.4 Disable GUI Login If Possible
- 3.5 Disable X Font Server If Possible
- 3.6 Disable Standard Boot Services (not scorable)
- 3.13 Only Enable ncpfs Script If Absolutely Necessary
- 3.17 Only Enable SQL services If Absolutely Necessary
- 5.1 syslog is active
- 7.1 Remove .rhosts Support In PAM Configuration Files
- 7.2 /etc/ftpusers (not scorable)
- 7.6 Configure xinetd Access Control (not scorable)
- 7.10 Restrict NFS Client Requests To Privileged Ports
- 9.3 Create "authorized only" Banners For vsftpd, If Applicable
- 12.1 Create Symlinks For Dangerous Files
Inclusion of commands as assets in a Compliance rule
The Rule Editor for compliance rules now has enhanced support for shell scripting commands. A new Command asset is introduced, with various attributes for several forms of command outputs. Using this new asset type, you can create a rule condition that checks for a specific command output. This replaces the need to define such commands through a local configuration object in the component template. For more information see Defining a basic condition.
Defining variables in Compliance rules
You can now define a variable within a Compliance rule by assigning a value to a local property of the component template. You can then use your property-based variable in subsequent conditions in the same rule. The following new operators have been introduced to support this new feature:
- The assign operator (represented by the := combination of characters) can be used to assign a transient value that is not saved to the database, but rather temporarily stored only for the duration of rule execution. Use this operator if you want to avoid unnecessary storage of data in the database and do not plan to perform remediation based on the results of the compliance rule analysis.
- The persist operator can be used to assign a value that is persisted in the database. Use this operator if you plan to perform remediation based on the results of the compliance rule analysis.
For more information see Defining a basic condition.
New file/directory properties
The following file/directory properties have been added in BMC Server Automation. These properties can be used in a BLPackage, can be viewed in Live Browse, and can also be used in Compliance rules.
|User Owner Name||String||The name of the user owning the file/directory.|
|Group Owner Name||String||The name of the group owning the file/directory.|
|Unix ACL||Boolean (true/false)||Whether an Access Control List (ACL) is defined on the file (true or false).|
These properties are not visible for a directory in Live Browse.
If you are using the following new artifacts, you will not be able to import their templates in versions prior to BMC Server Automation 8.5 SP1:
- Command Support
List[String], String/Integer Enumeration using LOOP_ATTR_FOR_COMPLIANCE_STR/ LOOP_ATTR_FOR_COMPLIANCE_INT
- Assign Operator (:=)
Added new configuration files
BMC Server Automation includes new configuration files for following operating systems:
|Operating System||Configuration files|
For complete list of configuration files, see Configuration files.
Examples for creation of compliance rules added in the documentation
See Examples for creating compliance rules for detailed examples of rules that use command and variable support.
New reports available for export from compliance results
Changes were introduced in the formats of reports that you can generate by exporting results of a Compliance Job. The following types of reports are now available:
This new report format is generated from Compliance Job results using the Export Compliance Results menu option. The report summarizes the levels of rule compliance on the target servers, and enables you to drill down to details about any individual rule at any server, so that you can learn more about the deviation of the actual rule results from the expected results.
The report provides you with two views:
- Summary by Servers — a list of the servers, with statistics about the rules that failed or were compliant on each server
- Summary by Rules — a list of the rules, with statistics about the servers where each rule failed or was compliant
Support for SCAP 1.2
BMC Server Automation now supports compliance analysis for the most recent Security Content Automation Protocol (SCAP) version 1.2 in addition to the existing support for SCAP 1.0. Two different import options now exist, depending on the type of SCAP object — whether an SCAP data stream collection (a single XML file) for SCAP 1.2, or an SCAP benchmark (several XML files).
The imported SCAP 1.2 content is displayed in the BMC Server Automation Console through 3 hierarchical nodes — an SCAP data stream collection, one or more data streams contained in the collection, and finally one or more benchmarks within each data stream.
As part of the support for SCAP 1.2, BMC Server Automation now also supports the import of SCAP 1.2 content that contains tailoring files, which are used to temporarily tweak benchmark rules by customizing profiles in an XCCDF file. During SCAP compliance analysis, BMC Server Automation applies the changes captured in the tailoring file to rule evaluation.
- During an export of an XCCDF results file (using the Export SCAP Compliance menu option), you can now choose which rules to include in the export — all rules, failed rules, or passed rules.
- The Export Other SCAP Formatsmenu option now offers the following new report formats that are compliant with SCAP 1.2 (in addition to the formats previously provided for SCAP 1.0):
- Asset identification (AI) version 1.1
- Asset Reporting Format (ARF) version 1.1
Deploy functionality enhancements
New BLPackage object attributes enable you to deploy a BLPackage with the objective of manipulating the properties of Windows user accounts at the target servers. User asset attributes enable you to set user account control flags or disable the user account. For more information, see Manipulating Windows user account properties through a BLPackage.
Patch management enhancements
BMC Server Automation version 8.6 includes the following enhancements to patch management:
AIX patching support for SUMA
You can now download AIX patches from Fix Central servers using IBM Service Update Management Assistance (SUMA). You can select the SUMA download option while creating an AIX patch catalog. For more information about enabling this option, see Patch catalog - AIX Catalog.
Removal of dependency on Windows Helper Server location
For creating a Windows patch catalog in versions earlier than 8.6, you had to define a Windows Helper Server location. BMC Server Automation used the Windows Helper server to decrypt shavlik metadata files that are downloaded from the vendor site.
However, in BMC Server Automation 8.6, the shavlik metadata files are decrypted on the Application Server itself and there is no requirement of defining a separate Windows Helper Server location.
To create a patch catalog in offline mode, you must download the oemcatalog.zip file Shavlik Technologies and save it in the depot workspace. You must provide the depot location of the file while creating the Windows patch catalog, as described in the Repository Options section of Patch catalog - Windows Catalog.
Patching support for multibos and alternate disk on AIX
AIX has the capability of maintaining multiple instances of Base Operating Systems (BOS). The additional instance of the BOS can be maintained in the same root volume group (multibos) or on a separate disk on a separate root volume group (alternate disk). The user can boot any one instance of the BOS which is called the active instance.The instances which have not been booted remains as stand by instances.
BMC Server Automation 8.6 supports multibos and alternate disk patching, which allows user to access, install, maintain, update, and customize the standby BOS during setup and customization operations. Installation, maintenance, or technology level updates to the standby BOS do not change system files on the active BOS. This allows concurrent update of the standby BOS, while the active BOS remains in production, thus reducing downtime while patching. For more information, see How to perform AIX patching on an alternate disk (altdisk) or on multiple boot operating system (multibos).
Patch management support for Red Hat Enterprise Linux 7
BMC Server Automation now supports patch management on Red Hat Enterprise Linux 7. However, before you create a patch catalog ensure that you performed the prerequisite procedures as described in thesection of .
BMC Server Automation now also supports patch analysis and remediation on Red Hat Enterprise Linux 7 with native yum (instead of blyum). If yum is installed in a non-default location, ensure that you set this location at the server level in the PATCHING_TOOL_INSTALL_LOCATION server property.
Automatic support for IAVA ID attribute
In BMC Server Automation 8.5, the value of the IAVA ID property is not populated by the catalog update job automatically. You must set it manually in the Bulletin DepotSoftware of the catalog by running an NSH script.
However in BMC Server Automation 8.6 the values of this IAVA ID property is populated automatically by the catalog.
BMC Server Automation version 8.6 supports the following new platforms:
- RHEL 7
- Ubuntu 12.04
For information about the provisioning process, see Implementation process for provisioning.
During the setup a VMware vSphere environment in BMC Server Automation, you can now choose between adding a vCenter server as an agent-based managed server or adding it as an agentless managed object (AMO) that communicates with some other agent-based Windows proxy server. A new menu option was added to server groups, Virtualization > Add VMware Virtual Center, to enable adding the vCenter server as an AMO. For more information, see Adding the vCenter server to BMC Server Automation.
Integration with BladeLogic Dashboard
Version 8.6 includes an integration with the BladeLogic Dashboard, which provides a view into your overall BMC Server Automation environment and offers tips for optimizing BladeLogic installations. The dashboard is not a monitoring tool. Instead, it is a mechanism for quickly assessing the health of all BladeLogic system components. The BladeLogic Dashboard can also show savings that your organization is experiencing by using BladeLogic. For more information about using the dashboard, see Using the Health and Value Dashboards.
The following BLCLI commands are new in version 8.6.00:
Automation Academy content
The Automation Academy introduces you to a key BladeLogic use case (for example, provisioning), and then provides several step by step, cookbook-style examples that walk you through a specific aspect of that use case. For example, in the case of provisioning, one walkthrough might show you how to provision a bare-metal Windows system, while another might show how to provision a VM on VMware. The content for the Automation Academy is included in the new Getting Started branch.
The initial release of Automation Academy focuses on introducing you to the concepts of automation, provisioning, and configuration management, and includes the following sections:
- Getting started with automation
- Getting started with provisioning
- Getting started with configuration management