The following sections describe enhancements for BMC BladeLogic Server Automation version 8.7.00:
For information about issues corrected in this release, see Known and corrected issues.
The following enhancements have been introduced in BMC BladeLogic Server Automation 8.7.00 for Installation features:
During installation, the system stores temporary files in the /tmp directory. You can specify an alternate location to store the temporary files, if you do not have enough space or you do not have access to the /tmp directory.
When adding additional Application Servers to the environment, you can choose to use SSH, SSH + SU, or SSH + SUDO, execution protocols for executing commands on the additional Application Server machine. You must specify this protocol, because the additional Application Server machine does not have an agent installed on it.
The SSH+ SU execution protocol elevates your privileges to a root user by issuing the
SU command. The SSH + SUDO execution protocol elevates your privileges by appending
SUDO command as a prefix to all commands executed on the host machine. The SSH execution protocol simply executes the commands on the host machine without elevating your privileges to a root user. For steps on selecting the required execution protocol, see Adding additional Application Servers.
The following enhancements have been introduced in BMC BladeLogic Server Automation 8.7.00 for Compliance features:
The Compliance Job has been optimized and now performs better and faster. For more details, see the descriptions of Compliance-related improvements under Performance enhancements.
The following new developments have been introduced in BMC Server Automation 8.7.00 to enhance and improve the processing of compliance rules:
remediateoperator has been introduced to work with Command asset LHS operands, enabling you to apply a shell command as a remediation action at the end of compliance analysis.
You no longer need to manually run Component Discovery Jobs on component templates in order to generate components. Instead, you can now authorize a Compliance Job, Snapshot Job, or Audit Job to perform component discovery immediately before running:
BMC BladeLogic Server Automation now supports the following additional Compliance Content component templates:
|Operating system||OS Version||Benchmark version||Benchmark update||BMC version|
|Microsoft Windows Server||2012 R2||1.1.0||November, 2014||8.7.00|
|2008 R2||2.1.0||December, 2013||8.7.00|
|Red Hat Enterprise Linux||7||1.1.0||April, 2015||8.7.00|
|Oracle Solaris||11.1||1.0.0||October, 2013||8.7.00|
|Operating system||OS Version||BMC version|
|Microsoft Windows Server||2012||8.7.00|
|Red Hat Enterprise Linux||7||8.7.00|
Existing templates that are updated in version 8.7 are as follows:
|Policy||Operating system||OS version|
|DISA||Microsoft Windows Server||2012 Domain Controller|
|2012 Member Server|
|2008 R2 Domain Controller|
|2008 R2 Member Server|
|2003 Domain Controller|
|2003 Member Server|
|Red Hat Enterprise Linux ES/AS||6.x|
|Oracle Solaris||11 x86|
|CIS||Microsoft Windows Server||2008|
|HIPAA||Microsoft Windows Server||2003|
For complete list of available templates, see Compliance Content component templates.
BMC BladeLogic Server Automation now supports compliance analysis of Docker containers and images on containerized Linux servers (see also Automatic detection of containers on servers and a new containerization property). This compliance analysis is based on SCAP 1.2 content with configuration assessments in Open Vulnerability and Assessment Language (OVAL).
To perform SCAP compliance analysis of containers and images, target servers must meet the following requirements:
Several new depot objects and jobs are provided out-of-the-box in BMC BladeLogic Server Automation 8.7 for the compliance analysis of containers and images. Before you begin running a compliance analysis on your containers and images, you perform the following quick configuration tasks on these out-of-the-box items:
To run the Container Scan Job, the user who executes the job must be mapped to root on the target systems.
After running the Container Scan Job, results displayed in the BMC Server Automation Console connect you to a new HTML report that summarizes and aggregates the compliance statuses of all containers, and provides you with drill-down options to individual containers and images. This report is available for display in Internet Explorer (IE) and Firefox browsers.
For more information about performing container scans, see Scanning Docker containers for SCAP compliance and Walkthrough: Scanning containers for SCAP compliance.
The following enhancements have been introduced in BMC BladeLogic Server Automation 8.7.00 for patch management features:
Patching error messages now include the following:
The MITRE Corporation maintains a system for publicly known information security vulnerabilities and exposures. Each security vulnerability or exposure is referenced by a Common Vulnerabilities and Exposures (CVE) ID. BMC Server Automation includes the CVE ID of a patch in its properties. This allows you to create patch smart groups based on errata CVE IDs, and apply the patches on the RHEL servers based on specific vulnerabilities and exposures.
BMC Server Automation 8.7 now provides the user with more detailed logging information in the results view of patch remediation jobs for Windows target servers. You can now see reboot status, shavlik status, and other information related to the status of patch remediation on the target along with other errors and warnings.
For steps on accessing the patch remediation job results view, see Viewing Remediation Job results.
For offline Windows patching, you can now download patches from Shavlik to a Linux machine using the windows_downloader.sh offline downloader. For more information about using the offline downloader on a Windows or UNIX machine, see Patch Downloader utility for Microsoft Windows.
Although BMC Server Automation 8.6 supports patching for RHEL 7, the online and offline patch catalogs can only be created using channel-level filters.
BMC Server Automation 8.7 now supports errata type and errata ID filters for RHEL 7, while creating online and offline patch catalogs. For more information about the type of filters that you can use for RHEL 7, see Patch catalog - Red Hat Catalog. For steps on creating a configuration file for an offline RHEL 7 catalog with errata ID and errata type filters, see Preparing the configuration file for Red Hat Enterprise Linux.
Note that although we now support errata-based filters for RHEL 7, you still cannot use update-level filters for RHEL 7 in online and offline catalogs.
BMC Server Automation 8.7 automatically creates the required pre-installation and post-installation environment on a Windows target server for patching Java installation files. The SafeReboot file is deployed on the Windows target server, whenever a Java installation files is patched.
Note that BMC Server Automation does not decide whether to reboot the Windows target server. This option has to be manually selected by the user (if required), while creating a Deploy Job, see Deploy Job - Job Options.
The following enhancements have been introduced in BMC BladeLogic Server Automation 8.7.00 for the Provisioning feature:
For information about the provisioning process, see Implementation process for provisioning.
The following enhancements have been introduced in BMC BladeLogic Server Automation 8.7.00 for virtualization features:
With BMC BladeLogic Server Automation 8.7.00, you can now provision an IBM AIX LPAR that uses a shared storage pool.
New options have been added to the automatic management Storage tab of the virtual guest package (VGP) for AIX LPARs to enable this support. When creating the VGP, you can now create a virtual disk on a shared storage pool that you select, and then assign it to the LPAR.
To do so, select Add Disk from the Storage tab of the VGP. On the Virtual Disk panel, you can make the following selections:
You can provision the LPAR from the BMC BladeLogic Server Automation console or by using the BLCLI. See IBM - Storage (automatic management).
With BMC BladeLogic Server Automation 8.7.00, you can now set up and provision a Microsoft Hyper-v generation 2 virtual machine (VM) from a Hyper-V generation 2 template. For Hyper-v generation 2 VMs, the following capabilities are supported:
Note the following requirements for creating Microsoft Hyper-v generation 2 VMs:
(RFE QM001876319) In previous versions, bare-metal provisioning in Windows 2012 R2 with VMWare 5.5 environments did not complete, and produced an SCSI load driver error. This failure occured because, by default, BMC Server Automation passes the LSI Logical Parallel SCSI type, and VMWare takes the LSI Logical SAS SCSI controller type.
In version 8.7, the VGP checks if the OS is Windows 2012 or 2012 R2, and if the adapter type is something other than LSI Logic SAS, then a warning message is sent and the adapter type is set to the LSI Logic SAS adapter type.
The following enhancements have been made to VMware support in version 8.7:
You can now create nested smart groups to help you organize servers, jobs, depot items, and other assets more efficiently. For example, you can create a smart group for Windows servers and then, within that smart group, you can nest smart groups for Windows 2008 and 2012.
There is no limit to the number of levels you can nest. However, you may experience a performance degradation when you create deep structures, for example, nesting more than six levels deep.
For more information, see Walkthrough: Dynamically organizing assets with smart groups.
For every Red Hat Linux server that you enroll, BMC BladeLogic Server Automation now automatically scans the server host for the existence of containers. Currently only Docker containers on Red Hat Enterprise Linux (RHEL) are supported. The containers can be based on RHEL or CentOS base images. If containers are detected, the new property SERVER_CONTAINER_TYPE in the built-in Server property class is populated with a value (currently the only value is RHEL Docker Container). You can then use this property to create smart groups of containerized servers.
Enhancements to product performance have been introduced into various areas of the product. The following product areas, in particular, now exhibit improved performance:
Parts associated with the Compliance Job are collected dynamically at job run time, so that only relevant parts need to be collected.
The version-neutral import mechanism for importing component templates can now handle the import of multiple component templates in parallel.
Connections to Application Servers of type NSH_Proxy, minimizing the number of handshakes necessary for connections between client and NSH proxy.
As part of this enhancement, a new mechanism of SSL sessions was introduced for connections from RSCD agents to the NSH proxy. In addition, a new blasadmin command, NshProxyApplicationSessionTimeOut, enables you to control the timeout for these connection sessions to the NSH proxy.
This mechanism generates temporary files that contain encrypted session information. These temporary files accumulate in the RSCD/sessions folder on the agent.
Several key icons in the user interface have been updated. In particular, note the following changes:
You can now control the amount of data stored in job run logs, using the new blasadmin component
jreLog. This new blasadmin component enables you to perform the following configuration tasks:
LogLevelparameter of the
jreLogcomponent. You configure the log level separately for each job type or group of job types.
LogLimitparameter of the
jreLogcomponent. Configuration of this log limit depends on the type of messages:
The job log settings that you configure through blasadmin are saved in the BMC Server Automation database and are applied to all Application Servers during job execution. You do not need to restart the Application Server after performing these tasks.
For more information, see Controlling the size of job logs.
The following enhancements have been introduced in BMC BladeLogic Server Automation 8.7.00 for integration:
This new integration, available in version 8.7, enables you to leverage Chef-solo content without having to provision a full-fledged Chef infrastructure in you environments. This feature enables you to:
Two new wizards enable you to execute NSH Scripts and NSH Script Jobs that are installed out of the box with BMC Server Automation version 8.7.
The scripts import Chef cookbook(s), roles, environment, databags and pre-requisites (such as Ruby) and generate Depot Objects such as Software Depot Objects and BLPackages as well as the corresponding Deploy Jobs to help users deploy a Chef cookbook (and if needed, its prerequisites) on servers managed by BMC Server Automation.
Also, BMC Server Automation system administrators can perform additional activities after execution of Chef cookbooks on the nodes without having knowledge of the Ruby code, which is required to write additional cookbooks and recipes. Additionally, if the same BMC Server Automation system administrators are performing regulatory compliance and patching activities on these servers and if they perform the application deployment activities through BMC Server Automation, the entire process provides stronger control of servers in your environment. Further, cookbooks can be reused into your production environment.
For more information, see Integrating BMC Server Automation with Chef-solo..
The online database cleanup mechanism, which enables you to delete old database rows while the Application Server is running and the database is online, was enhanced with a new module to support the cleanup of historical database rows from Deploy Jobs. The BLCLI command Delete cleanupHistoricalData now includes a new object type, Deploy, to enable this functionality.
In previous versions, the BladeLogic Health and Value Dashboard provided only the current view of the BMC Server Automation environment status, which did not include any historic data.
In version 8.7, the Health and Value dashboard provides the overall status of all Infrastructure components (such as Application Servers, agents, the file server, and the database) over a period of time. You also now have the ability to monitor status with respect to key product usage trends. New features for the dashboard include:
Walkthrough topics introduce you to a key BMC Server Automation use case (for example, compliance), and provide step by step, cookbook-style examples that demonstrate a specific aspect of that use case. The following walkthrough topics were adeed in 8.7:
For a full list of available walkthrough topics, see FAQs and additional resources.
Option added to return the permissions contained in the policy along with the policy name.
New BLCLI commands in 8.7.00
Namespace Command Description AuthorizationProfile listAllAuthorizationProfiles Lists all Authorization Profiles in the system, one profile on each line. ExecutionTask deleteExecutionTaskByGroupAndName Deletes an Execution Task by group and name. Job executeJobAndReturnScheduleID Executes a job and returns the schedule ID. PropertyInstance applyAclPolicy Applies an ACL Policy to a Property Instance and returns the DBKey of the updated instance. RBACRole deleteRole Deletes an existing role. Template listPropertyInstanceNamesByGroupAndName Lists the names of all local property instances for a Component Template. Utility exportDeployRunStatusWithUndoByGroup Exports the server/phase status of the latest run of all Deploy Jobs in a specified group including undo. It places this status information in a CSV file.
Updated BLCLI commands in 8.7.00
Namespace Command Description ComponentException createComponentExceptionWithOneRule Updated to include the rule reference number in the input. Delete cleanupHistoricalData Option added for deleting historical data from Deploy Jobs. Job showPermissions
Option added to return the permissions contained in the policy along with the policy name.