8.6.00 enhancements and updates

Tip

For information about the updates included in service packs and patches for this release, see the following pages:

The following sections describe enhancements for BMC Server Automation version 8.6.00:

Tip

For information about issues corrected in this release, see Known and corrected issues.

Installation and upgrade enhancements

BMC Server Automation version 8.6 includes the following enhancements to installation functionality:

Unified product install and upgrade

BMC Server Automation 8.6 provides a single installer for most installation and upgrade scenarios within the BMC Server Automation environment. The unified product installer simplifies and improves the installation experience by providing a centralized UI for installation and upgrade of all BMC Server Automation components. For more information about the unified product installer, see Installing using the unified product installer and Upgrading on Windows using the unified product installer. 

The unified product installer installs and configures BMC Server Automation components by grouping them into functional units called nodes. The first node that is installed by the unified product installer is called the Default Application Server node. It comprises an Application Server, PXE server, database, network shell, file server, and BMC Server Automation Console.  To meet the demands of a larger data center, you can deploy additional Application Servers. The additional Application Server is used for improving the performance of BMC Server Automation. For more information about adding an Additional Application Server after the Default Application Server node is installed, see Adding additional Application Servers.

Maintaining all configuration data on the database

With the release of BMC Server Automation 8.6, the latest copy of all configuration data is now maintained on the database. When an Application Server is started, it uses the configuration data that is stored on the database. 

Migration of the configuration data is performed automatically by the unified product installer during upgrade. For cases where the unified product installer cannot be used, BMC Server Automation provides the configurator utility, which performs the database migration and persists configuration data into the database. You run the configurator on all Application Servers and PXE servers. For more information about migrating the configuration data manually, see Migrating the database and persisting configuration data to the database.

Quick start page

This is the first page that is displayed when you launch the BMC Server Automation Console after a fresh installation. It provides you a centralized access to options that execute most major use cases for Infrastructure ManagementCompliance, Provisioning, Patching, and Configuration Management. For more information about using each of these options, see Quick start page.

Support for installing agents behind a SOCKS proxy server

BMC Server Automation now supports the installation of RSCD Agents on target servers that are behind a SOCKS proxy. For more information about the necessary configuration, see the list of preliminary tasks in Agent installation overview.

Compliance Content, Compliance, and SCAP enhancements

The following enhancements have been introduced in BMC Server Automation 8.6.00 for Compliance features:

New templates in Compliance Content for supporting additional policies and platforms

BMC Server Automation version 8.6 supports following Compliance Content component templates:

Operating systemVersionDISAPCIv3CIS
  Bench - mark versionBench - mark updateBench - mark versionBench - mark updateBench - mark versionBench - mark update
Microsoft Windows Server2012 R2 Domain ControllerVersion 1/Release 4July, 2014    
 2012 R2 Member ServerVersion 1/Release 4July, 2014    

IBM® AIX®

7.1  3.0November, 20131.1.0September, 2013
 6.1Version 1/Release 2July, 2014    
 5.3  3.0November, 20131.1.0September, 2012
Novell SuSE Linux® Enterprise Server11  3.0November, 20131.0.0September, 2013
 10  3.0November, 20131.0.0September, 2013
Oracle™ Solaris™11 x86Version 1/Release 1April, 2014    
 11 SPARCVersion 1/Release 1April, 2014    
 10 x86Version 1/Release 5January, 2014    
 10 SPARCVersion 1/Release 5January, 2014    

For complete list of available templates, see Compliance policy standards supported by BMC Server Automation templates.

The CIS SUSE 10 template is derived from CIS SUSE 11. Following rules are unique to CIS SUSE 10 template:

  • 1.6 seccheck is active
  • 2.1.1 Disable Standard Services
  • 2.1.2 Disable Standard Services
  • 3.3 Disable remote SMTP connections
  • 3.4 Disable GUI Login If Possible
  • 3.5 Disable X Font Server If Possible
  • 3.6 Disable Standard Boot Services (not scorable)
  • 3.13 Only Enable ncpfs Script If Absolutely Necessary
  • 3.17 Only Enable SQL services If Absolutely Necessary
  • 5.1 syslog is active
  • 7.1 Remove .rhosts Support In PAM Configuration Files
  • 7.2 /etc/ftpusers (not scorable)
  • 7.6 Configure xinetd Access Control (not scorable)
  • 7.10 Restrict NFS Client Requests To Privileged Ports
  • 9.3 Create "authorized only" Banners For vsftpd, If Applicable
  • 12.1 Create Symlinks For Dangerous Files

Inclusion of commands as assets in a Compliance rule

The Rule Editor for compliance rules now has enhanced support for shell scripting commands.  A new Command asset is introduced, with various attributes for several forms of command outputs. Using this new asset type, you can create a rule condition that checks for a specific command output. This replaces the need to define such commands through a local configuration object in the component template. For more information see Defining a basic condition.

Defining variables in Compliance rules

You can now define a variable within a Compliance rule by assigning a value to a local property of the component template. You can then use your property-based variable in subsequent conditions in the same rule. The following new operators have been introduced to support this new feature:

  • The assign operator (represented by the := combination of characters) can be used to assign a transient value that is not saved to the database, but rather temporarily stored only for the duration of rule execution. Use this operator if you want to avoid unnecessary storage of data in the database and do not plan to perform remediation based on the results of the compliance rule analysis.
  • The persist operator can be used to assign a value that is persisted in the database. Use this operator if you plan to perform remediation based on the results of the compliance rule analysis.

For more information see Defining a basic condition.

New file/directory properties

The following file/directory properties have been added in BMC Server Automation. These properties can be used in a BLPackage, can be viewed in Live Browse, and can also be used in Compliance rules.

Property NameTypeDescription
User Owner Name StringThe name of the user owning the file/directory.
Group Owner NameStringThe name of the group owning the file/directory.
Unix ACLBoolean (true/false)Whether an Access Control List (ACL) is defined on the file (true or false).

Note

These properties are not visible for a directory in Live Browse.

Info

If you are using the following new artifacts, you will not be able to import their templates in versions prior to BMC Server Automation 8.5 SP1:

  • Command Support
  • List[String], String/Integer Enumeration  using LOOP_ATTR_FOR_COMPLIANCE_STR/ LOOP_ATTR_FOR_COMPLIANCE_INT

  • Assign Operator (:=)

Added new configuration files

BMC Server Automation includes new configuration files for following operating systems:

Operating SystemConfiguration files
IBM® AIX®

/etc/security/user

/etc/dt/config/Xconfig

/etc/dt/config/en_US/sys.resources

/etc/hosts.deny

/var/adm/cron/at.allow

/var/adm/cron/cron.allow

Oracle™ Solaris™

/etc/default/login

/etc/security/policy.conf

/etc/security/audit_control

/etc/inet/inetd.conf

/etc/shells

/etc/dfs/sharetab

/etc/nfssec.conf

/etc/default/nfs

/usr/aset/asetenv

/var/spool/cron/crontabs/root

/etc/hosts.deny

/etc/hosts.allow

/etc/sfw/smb.conf

/etc/ssh/sshd_config

/etc/vfstab

/etc/default/passwd

/boot/grub/menu.lst

/usr/aset/masters/uid_aliases

/etc/security/audit_user

/etc/user_attr

/etc/pam.conf

/etc/coreadm.conf

/etc/default/inetinit

/etc/rmmount.conf

/etc/security/crypt.conf

/etc/dumpadm.conf

/etc/system

/var/sadm/install/admin/default

/etc/ftpd/ftpaccess

For complete list of configuration files, see Configuration files.

Examples for creation of compliance rules added in the documentation

See Examples for creating compliance rules for detailed examples of rules that use command and variable support.

New reports available for export from compliance results

Changes were introduced in the formats of reports that you can generate by exporting results of a Compliance Job. The following types of reports are now available:

  • View-friendly and print-friendly HTML report that is based on JavaScript Object Notation (JSON) data files —
    This new report format is generated from Compliance Job results using the Export Compliance Results menu option. The report summarizes the levels of rule compliance on the target servers, and enables you to drill down to details about any individual rule at any server, so that you can learn more about the deviation of the actual rule results from the expected results.

    The report provides you with two views:

    • Summary by Servers — a list of the servers, with statistics about the rules that failed or were compliant on each server
    • Summary by Rules — a list of the rules, with statistics about the servers where each rule failed or was compliant

Support for SCAP 1.2

BMC Server Automation now supports compliance analysis for the most recent Security Content Automation Protocol (SCAP) version 1.2 in addition to the existing support for SCAP 1.0. Two different import options now exist, depending on the type of SCAP object — whether an SCAP data stream collection (a single XML file) for SCAP 1.2, or an SCAP benchmark (several XML files).

The imported SCAP 1.2 content is displayed in the BMC Server Automation Console through 3 hierarchical nodes — an SCAP data stream collection, one or more data streams contained in the collection, and finally one or more benchmarks within each data stream.

As part of the support for SCAP 1.2, BMC Server Automation now also supports the import of SCAP 1.2 content that contains tailoring files, which are used to temporarily tweak benchmark rules by customizing profiles in an XCCDF file. During SCAP compliance analysis, BMC Server Automation applies the changes captured in the tailoring file to rule evaluation.

After running a SCAP Compliance Job the following new options are available for the export of SCAP compliance results:

  • During an export of an XCCDF results file (using the Export SCAP Compliance menu option), you can now choose which rules to include in the export — all rules, failed rules, or passed rules.
  • The Export Other SCAP Formatsmenu option now offers the following new report formats that are compliant with SCAP 1.2 (in addition to the formats previously provided for SCAP 1.0):
    • Asset identification (AI) version 1.1
    • Asset Reporting Format (ARF) version 1.1

Deploy functionality enhancements

New BLPackage object attributes enable you to deploy a BLPackage with the objective of manipulating the properties of Windows user accounts at the target servers. User asset attributes enable you to set user account control flags or disable the user account. For more information, see Manipulating Windows user account properties through a BLPackage.

Patch management enhancements

BMC Server Automation version 8.6 includes the following enhancements to patch management:

AIX patching support for SUMA

You can now download AIX patches from Fix Central servers using IBM Service Update Management Assistance (SUMA). You can select the SUMA download option while creating an AIX patch catalog. For more information about enabling this option, see Patch catalog - AIX Catalog.

Removal of dependency on Windows Helper Server location

For creating a Windows patch catalog in versions earlier than 8.6, you had to define a Windows Helper Server location. BMC Server Automation used the Windows Helper server to decrypt shavlik metadata files that are downloaded from the vendor site.

However, in BMC Server Automation 8.6, the shavlik metadata files are decrypted on the Application Server itself and there is no requirement of defining a separate Windows Helper Server location.

To create a patch catalog in offline mode, you must download the oemcatalog.zip file Shavlik Technologies and save it in the depot workspace. You must provide the depot location of the file while creating the Windows patch catalog, as described in the Repository Options section of Patch catalog - Windows Catalog.

Patching support for multibos and alternate disk on AIX 

AIX has the capability of maintaining multiple instances of Base Operating Systems (BOS). The additional instance of the BOS can be maintained in the same root volume group (multibos) or on a separate disk on a separate root volume group (alternate disk). The user can boot any one instance of the BOS which is called the active instance.The instances which have not been booted remains as stand by instances.

BMC Server Automation 8.6 supports multibos  and alternate disk patching, which allows user to access, install, maintain, update, and customize the standby BOS during setup and customization operations. Installation, maintenance, or technology level updates to the standby BOS do not change system files on the active BOS. This allows concurrent update of the standby BOS, while the active BOS remains in production, thus reducing downtime while patching. For more information, see How to perform AIX patching on an alternate disk (altdisk) or on multiple boot operating system (multibos).

Patch management support for Red Hat Enterprise Linux 7

BMC Server Automation now supports patch management on Red Hat Enterprise Linux 7. However, before you create a patch catalog ensure that you performed the prerequisite procedures as described in the Before you begin section of Creating a patch catalog.

BMC Server Automation now also supports patch analysis and remediation on Red Hat Enterprise Linux 7 with native yum (instead of blyum). If yum is installed in a non-default location, ensure that you set this location at the server level in the PATCHING_TOOL_INSTALL_LOCATION server property.

Automatic support for IAVA ID attribute 

In BMC Server Automation 8.5, the value of the IAVA ID property is not populated by the catalog update job automatically. You must set it manually in the Bulletin DepotSoftware of the catalog by running an NSH script. 

 However in BMC Server Automation 8.6 the values of this IAVA ID property is populated automatically by the catalog.

Provisioning enhancements

BMC Server Automation version 8.6 supports the following new platforms:

  • RHEL 7
  • Ubuntu 12.04

For information about the provisioning process, see Implementation process for provisioning.

Virtualization enhancements

During the setup a VMware vSphere environment in BMC Server Automation, you can now choose between adding a vCenter server as an agent-based managed server or adding it as an agentless managed object (AMO) that communicates with some other agent-based Windows proxy server. A new menu option was added to server groups, Virtualization > Add VMware Virtual Center, to enable adding the vCenter server as an AMO. For more information, see Adding the vCenter server to BMC Server Automation.

Integration with BladeLogic Dashboard

Version 8.6 includes an integration with the BladeLogic Dashboard, which provides a view into your overall BMC Server Automation environment and offers tips for optimizing BladeLogic installations. The dashboard is not a monitoring tool. Instead, it is a mechanism for quickly assessing the health of all BladeLogic system components. The BladeLogic Dashboard can also show savings that your organization is experiencing by using BladeLogic. For more information about using the dashboard, see Using the Health and Value Dashboards.

BLCLI enhancements

The following BLCLI commands are new in version 8.6.00:

Automation Academy content

The Automation Academy introduces you to a key BladeLogic use case (for example, provisioning), and then provides several step by step, cookbook-style examples that walk you through a specific aspect of that use case. For example, in the case of provisioning, one walkthrough might show you how to provision a bare-metal Windows system, while another might show how to provision a VM on VMware. The content for the Automation Academy is included in the new Getting Started branch.

The initial release of Automation Academy focuses on introducing you to the concepts of automation, provisioning, and configuration management, and includes the following sections:

Related topics

Downloading the installation files
Known and corrected issues

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Sanjay singh Dhami
    Under 'Defining variables in Compliance rules', it is mentioned that:
    "You can now define a variable within a Compliance rule by assigning a value to a local property of the component template. You can then use your property-based variable in subsequent conditions in the same rule."
    This is incorrect for persist operator.
    For persist operator it is a required to use PSC (property set class) & not a local property.
    May 09, 2017 07:30
    1. Moiz Nalwalla

      We'll work on addressing this issue in the docs.

      May 09, 2017 07:37