This section contains information about enhancements in version 12.8 of the BMC Client Management product:
Replacement for Java Web Start
Oracle recently announced a major change to their licensing policy and release cadence for Java SE (Standard Edition including both JDK and JRE). BMC Client Management earlier included Oracle Java (JRE) for some server processes and the Administration Console. To minimize impact of the new Oracle licensing change for users, BMC Client Management now provides support for open JDK through the web start installer. The web start installer is a replacement for Java Web Start, and provides the following advantages:
- Provides an easier way to install the BMC Client Management Console, with fewer installation steps.
- Ensures that the console is always up-to-date.
BMC Client Management 12.8 patch 2 and later uses OpenJDK which is only supported on 64 bit platforms. BCM Java console cannot be launched on 32 bit platforms because they are no longer supported.
If you use BMC Remedyforce or BMC FootPrints with BMC Client Management, you must wait until the release of BMC Remedyforce Winter 19 or BMC FootPrints version 20.19.01 before upgrading to BMC Client Management 12.8 patch 2 in order to launch the BCM console from BMC Remedyforce and BMC FootPrints. The current releases of BMC Footprints and BMC Remedyforce are not compatible with BMC Client Management 12.8 patch 2, due to the introduction of the new BMC Client Management web start installer.
For more information, see Downloading and installing the BMC Client Management console.
Remotely controlling an unmanaged device
Support for FIPS140-2 compliant mode
BMC Client Management now supports the FIPS140-2 compliant encryption mode that uses only the most current version OpenSSL for encryption. The Federal Information Processing Standard (FIPS) Publication 140-2, is a computer security standard, developed by a U.S. Government and industry working group to validate the quality of cryptographic modules.
When an administrator enables FIPS mode ensures that BMC Client Management uses only FIPS compliant cryptographic algorithms and FIPS compliant keys. FIPS mode requires that the BMC Client Management administrator provides the FIPS-compliant SSL keys.
For more information, see Running BMC Client Management in FIPS-compliant mode.
Extend centralized account to manage Account Credentials and SNMP Credentials
Administrators don’t need to enter credentials multiple times. By using the Credentials functionality, they can reuse the account credentials for different functionalities in BMC Client Management. They do not need to manually enter the credentials multiple times for each functionality. Instead, you can simply select the credentials that you want to use. They can now enter their credentials only once and reuse them wherever the account credentials are required. For more information, see Managing account credentials and Managing SNMP credentials.
Account lock policy for a BMC Client Management administrator account
Ability to define parameters for an account lock policy for BMC Client Management administrator account. Administrators can enter values for the Account Locking Attempts and Account Automatically Unlocked (min) settings to define an account lock policy for BMC Client Management administrator account. For more information, see Security settings.
Enhancements to operational rules
Operational rules in 12.8 include the following enhancements:
- Ability to execute an operational rule before a patch job. Administrators can select and execute an operational rule before a patch job is run. For more information, see The Options tab of a patch job.
You can use the following new steps while creating a new operational rule:
- List of connected USB devices step under the Security Settings Inventory folder
- Join a computer to a domain under the Windows folder
- Update to the User management step for an operational rule. Administrators can select one of the check boxes from the two new parameters are added to the User management step for an operational rule:
- Change password at next logon
- Password never expires
Solaris option from the Linux and Mac section
WindowsNT, ME, 95, 98, and 2000 steps from the Pre-Windows 7 Versions section
- Discontinuation of steps in the Windows XP and 2003 Firewall folder. The steps under the Windows XP and 2003 Firewall folder are no longer available to create a new operational rule.
Enhancements to patch management
Patch management in 12.8 includes the following enhancements:
Update Microsoft Universal C Runtime (UCRT) before rolling out agents
To rollout or update an agent on devices with the following operating systems, administrator must install the Microsoft Universal C Runtime (UCRT) first:
- Windows Server 2012 R2
- Windows 8.1
- Windows RT 8.1
- Windows Server 2012
- Windows 8
- Windows RT
- Windows Server 2008 R2 Service Pack 1 (SP1)
- Windows 7 SP1
- Windows Server 2008 Service Pack 2 (SP2)
Note: The recent operating systems might include the new runtime but the administrator must install the patch on the older operating systems by using the KB2999226. For more information, see https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows.