This section contains information about enhancements in version 21.02 of the BMC Client Management product.
Recently a security issue was discovered in a component known as Log4Shell used in many software products. BMC Client Management utilizes this component and therefore requires a small update to patch this vulnerability. Please refer to knowledgebase article KA 000391376 to learn how to apply the fix attached to it. The vulnerable version of the Log4j file is located in the Vision64Database\data\scap\validation\lib folder on the BMC Client Management master server and is only used when validating SCAP packages. Apply the fix attached to the knowledgebase article referenced above to replace the vulnerable library version 2.8.2 with the updated safe version 2.16.0. These steps apply only to the BMC Client Management master server. We also recommend that you verify all other software systems in use in your environment to be sure they are free of this vulnerability as well.
Migration of MyApps to Angular ADAPT
To fix security issues and to enhance the maintainability and consistency of the user interface, MyApps is migrated from Ext JS to the Angular ADAPT framework. BMC Client Management also enables you to add a new language to the list of supported languages. For more information about MyApps, see Working with MyApps.
In addition, MyApps includes the following new features.
|Feature||Old MyApps||New MyApps|
|Add a custom language.|
|View details of the execution.|
|Cancel the download before the step execution completes.|
|Switch between the tabular and the list views.|
Support for SCAP 1.3
BMC Client Management 21.02 supports SCAP 1.3, however, it is not certified yet. The SCAP validation package that was removed from version 12.9 is now added back in version 21.02. Therefore, verifying an imported SCAP package is now possible, however, the new SCAP validation package can validate only SCAP 1.1, 1.2, and 1.3 packages. SCAP 1.0 packages cannot be validated. If SCAP 1.0 packages are submitted, an error message is displayed.
Sign the rollout packages
Rollout packages are properly signed executables that are later patched with the configuration changes. If these packages are not properly signed after patching, there is a possibility that Windows may identify these packages as unsafe. To secure these packages, it is essential to sign them after they are generated on the rollout server. BMC Client Management enables you to do that. For more information about this topic, see Signing the rollout packages.
Add account credentials to the remote control on request rollout packages
BMC Client Management enables you to add account credentials to the remote control on request rollout packages. It provides you with a remote control on request session that includes all the features and privileges. For more information about this topic, see Remotely controlling an unmanaged device.
Generate reports and queries on the deleted devices
BMC Client Management enables you to create queries and reports on the deleted devices. Each time a device is deleted, an entry is added to the DeletedDevices table in the master database. By default, these entries are deleted after three months. You can modify the time to live for these entries by changing the DeletedDevicesTimeToLive value in Vision64Database.ini. If there are multiple devices with the same name in the DeletedDevices table, all of them are returned by the query. If there are any unknown devices, they are not considered deleted devices.
The Deleted Device query type is available from the Java console. You can generate reports about the deleted device. The reports have four attributes; name, topology type, the user who has deleted the device, and the date of deletion.
Schedule the data synchronization on an Image Repository
For multisite OSD management, Image Repositories should be configurable to synchronize all or a part of the cached data by using the associated Image Repositories synchronization scheduler entry. To enable this scheduling, a new parameter Synchronize by default is added to the Image Repositories configuration. This parameter schedules the data synchronization. For more information about this parameter, see Managing image repository configuration.
Check whether a session is open before remotely controlling a device
BMC Client Management enables you to check whether a session is open before remotely controlling that device. The Check if a session is open parameter has been added to the remote control preferences. By selecting this parameter, you can avoid remotely controlling a device when someone is already logged in or when the RDP session is in progress. If a session is open on the device, you receive a pop-up message with choices to remotely control anyway or to abort. The client does not receive any notification until you choose to remote control the device. The pop-up message is not displayed if a screen saver is running on the remote device or if the session is locked. For more information about this new parameter, see Remote control preferences.
Use the same proxy configuration settings for all modules
The proxy settings are available in the agent, patch management, and update manager modules. The patch management uses the agent proxy settings. The update manager module has its own proxy settings. With this new feature, all these modules will use the agent proxy settings. In addition, a new parameter Protocol is added to configure the agent proxy. The possible protocol values are http and https. For more information about this topic, see Connecting to a Proxy Server.
Considerations when upgrading:
- If a proxy is not configured in either the agent or the update manager, nothing changes.
- If a proxy is configured in the agent and not in the update manager, the update manager uses the agent proxy parameters.
- If a proxy is configured in the update manager but not in the agent, the proxy parameters are copied to the agent and used by the agent.
- If a proxy is configured in both the agent and the update manager, the agent parameters are used.
Enhancements to OS Deployment
The OS Deployment wizard in BMC Client Management enables you to install the latest version of Windows ADK. The installation path for Windows ADK is changed to C:/Program Files (x86)/Windows Kits/10. After you upgrade to version 21.02, the project dashboard indicates whether the installed Windows ADK version is up-to-date or outdated. If you want to upgrade Windows ADK or fix the installation problems, you have to do it manually.
Enhancements to the security settings
- Support for SCRAM-SHA-256 encryption for the PostgreSQL passwords: BMC Client Management 21.02 uses the recent Postgres library version (13.1), which supports new cryptography. It enables you to change the password encryption to scram-sha-256. For more information about how to change the default cryptography to scram-sha-256, see Setting up PostgreSQL for installation.
- For security reason, the certificate password is no longer stored in memory. As a result, if you use SSL=3 configuration, you have to re-enter the certificate password while entering the administrator password when the console is locked.
Configure the OS options for Live Chat agents
BMC Client Management enables you to configure the OS options that the Live Chat agents can choose from when they are remotely controlling a device. Using two new parameters, you can choose the OS and architecture to be displayed in the web console for the remote control on request session. For more information about this topic, see Configuring the remote control recording parameters.
This integration provides the Live Chat agent with the following capabilities:
- Save time in reading long chat or email conversations.
- Provide direct access to the end user's devices to resolve the issue quickly.
- Record a remote control session and store the recording.
For more information about integration with Live Chat, see Integrating with Live Chat.
Enhancements to Patch Management
BMC Client Management adds the following functionalities to Patch Management:
|Check whether a patch is signed and downloadable from HTTPS or HTTP in the console.|
The following new columns are added:
These columns are added in the following views:
|Identify the patch type.|
A new column Patch Type is added in the missing and installed patches inventory to display whether it is a security or non-security patch.
Display ISO names for Windows 10 Service Packs.
BMC Client Management enables you to view the ISO name for Windows 10 Anniversary service packs directly from the console. For more information about how to display the ISO file names, see Managing patches included in a patch group and Service Packs by Product.
Force reboot in case the full screen is activated.
|BMC Client Management enables you to force a reboot if an application is in full screen mode. For this feature, a new parameter Force Reboot with Full Screen Activated is added to the Reboot Management parameters of the agent configuration. This parameter is set to false by default. Set this parameter to true if you want to force the reboot when an application is in full screen mode. For more information about this parameter, see Setting the Reboot Management parameters.|
|Clean up the patch module if it is stuck and force update the knowledge base.||A new operational rule step Clean up the Patch Management module is added that cleans the patch management module of a device if it is stuck. This step can also be used to only update the patch knowledge base by selecting the Only force knowledge base update option. For more information about this step, see Patch Management steps.|
Patch job dashboard displays the next patch window execution date.
|To keep BMC Client Management users informed about the patch installation schedule, the patch job dashboard displays Next Window, which shows the next installation date.|
|Check whether the certificates required for patch scanning are installed.|
A new patch scanning certificate status Missing Patch Certificate is added to the console. You can view this status under the Status column in the Inventory Status view and the Module Status column in the patch group and patch job views. It is also possible to query on this status. For more information about this new column, see Inventory Status for a device and The Assigned Devices tab of a patch job.
|View more information about patch job and patch group details status.|
The Details column on the patch jobs and patch groups views shows the following status:
|View the patch log files from the Assigned objects menu.|
BMC Client Management enables you to view the patch group and patch job logs from the Device Topology node (Device Topology > Your device > Assigned Objects > Patch Groups/Patch Jobs).
|Check whether the downloaded patch is the correct one.|
BMC Client Management enables you to check whether the downloaded patches and service packs, including the non-signed ones, are correct. It is a security check to avoid downloading a patch that could have been corrupted on the server. This checksum is stored in the database when the data is ready. When the master requests the downloads, the checksums and download URLs are sent to the patch manager at the same time. After the patch or service pack is downloaded, the checksum is verified before it is sent to the master and a log message is stored on the patch manager.
Product name changes in Remedy platform, Remedy ITSM, and BMC Helix Platform applications
Consult the following tables for changes to the product and component names starting with version 21.02.
While the product names have changed in 21.02, some instances in the product UI and product documentation still refer to the previous product name.
Remedy platform and ITSM applications
Version 20.08 and earlier
Version 21.02 and later
Remedy AR System (Remedy AR System)
Remedy IT Service Management Suite (Remedy ITSM)
|Remedy with Smart IT|
|Remedy Smart Reporting|
|Remedy Change Management|
|Remedy Knowledge Management|
Remedy Asset Management
Remedy Service Desk
Remedy Single Sign-On
BMC Helix Platform and applications
Version 20.08 and earlier
Version 21.02 and later
BMC Helix Platform
BMC Helix Chatbot
What else changed in this release
Product behavior in versions earlier than 21.02
Product behavior in version 21.02
When you merge two devices, the data in the Notes field is not copied over.
|When you merge two devices, the data in the Notes field is copied to the new device if the Notes field is empty.|
|Upgrading Client Agent||After installing the patches, the devices are assigned to the Oneoff operational rule.|
Since the BMC Client Management patches delivered in November 2020, the Oneoff packages are no longer available. BMC Client Management supplies only the Upgrade packages and operational rules, therefore, the Oneoff operational rules should no longer be used.
|Operational Rule||Starting a program on the target device as a current user is not possible.|
The Run Program as Current User operational rule step is added to Process Management. This step allows you to start a program on the target device as a current user. For more information on this step, see Process Management.
|Rollout||The log file or output file specified in the agent configuration logging parameters is backed up by default at each start of the agent.||The default value of the Audit Log Clean Start rollout parameter is set to 'No'. As a result, the log file or output file specified in the agent configuration logging parameters is not backed up at each start of the agent.|