TrueSight Server Automation, one of BMC's digital enterprise automation solutions, allows you to quickly and securely provision, configure, patch, and maintain physical, virtual, and cloud servers.
Release notes and notices
updated 25 Feb
This section provides information about what is new or changed in TrueSight Server Automation, including urgent issues, documentation updates, feature packs, and fix packs.

Date

Title

Summary

September 30, 2022Notification of a critical issue with partitioned databases

Identifies the corrective action for a problem related to offline or online database cleanup utility on partitioned tables. 

June 14, 2022Notification of a critical issue with the blcli Delete cleanupObsoleteFilesFromFileServer commandAlerts users of TrueSight Server Automation 21.3 to a critical issue that occurs with the blicli Delete cleanupObsoleteFilesFromFileServer command.
December 19, 2021Fix available for Apache Log4j vulnerabilitiesMitigation for the Apache Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
December 13, 2021Rolling Update 1 for version 21.3Support for Windows Server 2022 for Agent and Patching
October 21, 202121.3 enhancements

Includes the following enhancements and updates:

  • Use subscription certificates from the repository server for Red Hat Enterprise Linux

  • Access subscription certificates from a non-standard location on the repository server

  • Verification of Smart Hub and Smart Hub Gateway by Application Servers and Smart Agents

  • Secure TLS communication between the Application Server and RSCD Agents using server-side, CA-signed certificates

  • Analyze RPMs flagged as security updates for Red Hat Enterprise Linux patch catalogs

  • Database cleanup performance improvement

  • Operations Dashboard UI enhancements

  • Password updates for the Live Reporting dashboard

  • Installer updates

  • Third-party software updates

  • PKI authentication updates

  • Additional Compliance Content templates

  • Assign multiple managed servers to an existing server group using a text file
    Improved job run logging for Patching and Deploy Jobs

  • Configure additional number of errors and warnings in logs for a target and job run

  • Change in the system authorization notification mechanism for audit trails
    REST API enhancements

Tip

  • To stay informed of changes to this list, click the  icon on the top of this page.
  • Ready-made PDFs are available on the PDFs page. You can also create a custom PDF.

    The BMC Documentation portal gives you the ability to generate PDF and Microsoft Word documents of single pages, and to create PDF exports of multiple pages in a space.  

    Creating PDF and Word exports

    You can create a PDF of a page or a set of pages. (Non-English page exports are not supported.) You can also create a Word document of the current page.

    To export to PDF or Word

    1. From the Tools menu in the upper-right, select a format:
      • Export to Word to export the current page to Word format
      • Export to PDF to export the current page or a set of pages to PDF
    2. If exporting to PDF, select what you want to export:
      • Only this page to export the current page
      • This page and its children to export a set of pages
      For example, selecting This page and its children from the home page exports the entire space to PDF.


     

Related topics

Known and corrected issues

Getting started

Planning 

Installing 

Upgrading


Planning

 

Concepts, architecture, deployment, planning, and system requirements.

Installing

 

Information about installing the product and migrating product data.

Configuring after installation

 

Required post-installation configuration.

Upgrading

 

Upgrade process, migration, and configuration.

Troubleshooting

 

Issues resolution, error messages, logs, and contacting Support.

Using

 

Interface descriptions, using the product.

Administering

 

Security, system administration, maintenance.

Developing

 

Development interfaces and toolkits.

Integrating

 

Integrations with other products.
What's new?



Review the TrueSight Server Automation 21.3 enhancements for features that will benefit your organization and to understand changes that might impact your users.


Use subscription certificates from the repository server for Red Hat Enterprise Linux

In earlier versions, whenever Red Hat reissued any subscription certificates, you had to update the Patch Global Configuration settings (online mode) and the offline downloader's XML configuration file (offline mode) so that the patch catalogs could use the latest certificates.

Starting with this version, TrueSight Server Automation provides support for using certificates from the repository server in addition to the Patch Global Configuration settings and the XML configuration file. While creating a patch catalog if you select the Use Certificates From Repository Server option (online mode), TrueSight Server Automation uses certificates from the repository server instead of the Patch Global Configuration settings. If you set the <use-repo-server-cert> element to 1 in the XML configuration file, TrueSight Server Automation uses certificates from the repository server instead of the file. If the repository server does not have the latest certificates or if those certificates are not working, TrueSight Server Automation makes an attempt to refresh the certificates on the repository server by using the subscription-manager refresh command. 


Access subscription certificates from a non-standard location on the repository server

By default, the repository server stores subscription certificates for the Red Hat Enterprise Linux patch catalogs in a standard directory. TrueSight Server Automation accesses certificates from this directory while creating a patch catalog. Now you can store certificates in a non-standard directory and configure the psu-patch.properties file so that TrueSight Server Automation can access certificates from the non-standard directory. For more information about configuring the file, see Creating a patch catalog for Red Hat Enterprise Linux (online mode) and Preparing the configuration file for Red Hat Enterprise Linux (offline mode).


Verification of Smart Hub and Smart Hub Gateway by Application Servers and Smart Agents

A TrueSight Server Automation Application Server and Smart Agent can now verify whether they are communicating with a legitimate Smart Hub and Smart Hub Gateway. For more information about the verification process, see Smart Hub to Application Server and Smart Agent.


Secure TLS communication between the Application Server and RSCD Agents using server-side, CA-signed certificates

You can now secure the TLS communication between RSCD Agents and an Application Server by using the server-side, CA-signed certificates on the RSCD Agents.

To use the CA-signed certificates for the server-side verification process, complete the following tasks:

  1. Configure the Application Server for the CA bundle, which contains root and intermediate CA certificates.
  2. Generate a CA-signed certificate for the RSCD Agent.
  3. Provision the RSCD Agent with the CA-signed certificate and enable certificate verification.

For more details about these tasks, see TLS with server-side, CA-signed certificates - Securing a Windows Application Server (Windows) or TLS with server-side, CA-signed certificates - Securing a UNIX Application Server (UNIX).


Analyze RPMs flagged as security updates for Red Hat Enterprise Linux patch catalogs

While creating or modifying a Red Hat Enterprise Linux Patching Job, you can now perform an analysis only for those RPMs that are flagged as security updates.

The new option, Security Mode - Analyze for security updates available for installed RPMs on target server for performing analysis is available for the Red Hat Enterprise Linux versions 7 and 8 Patching Jobs. For more information, see the Patching Job - Analysis Options panel on Creating a Patching Job.

After you upgrade to version 21.3, ensure that you update the existing patch catalogs for the new option to take effect.


Database cleanup performance improvement

The underlying structure of how object overflow data is stored in the COMPLIANCE_RULE_RESULT and JOB_RUN_EVENT tables has been changed and new columns have been added to these tables in version 21.3. The number of rows in the OBJECT_OVERFLOW_DETAIL table has reduced. These changes might result in a cleanup performance improvement in certain environments.

BMC recommends that you perform upgrade in a test environment first, using a copy of the production database, to better estimate the downtime window.


Operations Dashboard UI enhancements

The Operations Dashboard has been enhanced with the following features:

  • On the TrueSight Server Automation tab, the legends to indicate deployments have been moved to the right pane. So you can now navigate through a large number of deployments easily.
    . In addition, the color scheme has been improved, and each deployment has been assigned a unique color.
  • On the Configuration tab, the Dashboard Refresh interval has been reduced to 60 seconds. 
  • The position of the tooltip for a deployment has been changed for better readability.

For more information, see Operations dashboard.


Password updates for the Live Reporting dashboard

Starting from this release, when you launch the Live Reporting dashboard from the TrueSight Server Automation console for the first time, you are prompted to set the dashboard password. Once you set the password, you will not be prompted for a password on subsequent launches.

You will also need to use this password the first time you launch the dashboard from a browser as you can no longer use the default password. For more information, see Launching the Live Reporting dashboard.


Installer updates

This release contains the following installer updates.

Ability to compare subjects of CA-signer and Smart Hub server certificates 

When installing or upgrading the Smart Hub, the subjects of the CA-signer and Smart Hub server certificates are compared. If the subjects match, you are prompted to regenerate the Smart Hub server certificate.

When installing or upgrading the Smart Hub using the installation script, you can regenerate the server certificate by providing different inputs on the Smart Hub server certificate panel.

During silent installation or upgrade of the Smart Hub, the following parameters enable you to regenerate the certificates with different values:

  • ca-cert-subject: Indicates the values used for generating the CA-signer certificate. 
  • server-cert-subject: Indicates the values used for generating the Smart Hub server certificate.

Availability of 64-bit installers on Windows for various components

TrueSight Server Automation provides 64-bit installers for the following components on Windows:

  • PXE Server
  • Network Shell

During upgrade to 21.3, the installation directory for these components remains the same even when using the 64-bit installers. For example, if Network Shell (32-bit) was installed in the C:\Program Files (x86) directory, Network Shell is upgraded in the same directory.

TrueSight Server Automation no longer provides 32-bit installers for the following components on Windows:

  • Application Server
  • Network Shell  
  • Console

RPM-based installer for the Linux, ppc64le architecture

This release provides RPM-based installer for the Linux, ppc64le architecture. For the complete list of installers available in TrueSight Server Automation, see Supported platforms for native installers.


Third-party software updates

This release contains the following third-party software updates.

Support for updated version of Java Runtime Environment (JRE)

This version is shipped with 64-bit JRE, AdoptOpenJDK version 11.0.12+7.

Support for PsExec version 2.34

TrueSight Server Automation now supports PsExec version 2.34.

Note that PsExec versions 2.32 and 2.33 are not supported.


Enabling Smart Agent in RSCD Agents

If you are using RSCD Agents that don't have the Smart Agent feature enabled, ensure that you enable this feature while upgrading to 21.3. Enabling this feature now will prepare your deployed agents for automatic upgrade in a future version.

For instructions on enabling this feature, see Upgrading the RSCD agent on Windows or Upgrading the Network Shell or the RSCD agent using RPM.


PKI authentication updates

TrueSight Server Automation no longer supports 32-bit DLLs when using ActivClient or 90meter for PKI authentication. Therefore, after you upgrade the TrueSight Server Automation console to 21.3, update the sunpkcs11.cfg file to store the path to the 64-bit DLLs. For instructions, see Implementing PKI authentication.


Additional Compliance Content templates

This version adds support for the following Compliance templates:


Assign multiple managed servers to an existing server group using a text file

Now you can assign multiple managed servers to an existing server group simultaneously through a text file by using the Add only existing servers to the group option in the Import Servers wizard. For more information, see Assigning multiple managed servers to a server group using a text file.


Improved job run logging for Patching and Deploy Jobs

The job run logs are improved for the Patching and Deploy Jobs:

  • The command exit code for the Patching and Deploy Jobs now shows the full executable path. For example, "C:\temp\stage\c8258c8160668a62\bldeploycmd-1.bat": Item '<Item name>' returned exit code 0.
  • The Deploy end status event is now logged at ERROR level instead of DEBUG. For example, 08/14/21 11:48:10.086 DEBUG bldeploy - [1][Q4093119 Deploy Job2021-04-22 17-32-24-599+0530] Sending deploy end status event: The service cannot be started


Configure additional number of errors and warnings in logs for a target and job run

You can set the additional number of errors and warnings that can be stored in the logs for a target and job run by using the following attributes in the jrelog component of the blasadmin utility:

  • PerTargetErrorWarningBufferLimit: Sets the number of errors and warnings that can be stored for a target in addition to the limit specified in blasadmin by using the LogLimit attribute.
  • JobRunErrorWarningBufferLimit: Sets the numbers of errors and warnings that can be stored for a job run in addition to the limit specified in blasadmin by using the LogLimit attribute.

For more information about these attributes, see Controlling the size of job logs.


Change in the system authorization notification mechanism for audit trails

In earlier releases, no audit trail notification was sent if the notification was configured on the .* (parent) authorization. For example, if the notification was configured on the Server.* authorization and a user live browsed a server object, no notification was sent.

Starting with this release, to enable audit trail notifications on the parent authorizations, use the following blasadmin command:

set RBAC UseParentAuthNotifications true

Now if the notification is configured on the Server.* authorization and a user live browses a server, notification is sent as configured.

The default value for this setting is false.

For more information, see Defining audit trails.


REST API enhancements

This version provides the following REST API enhancements:

  • The REST API support is available for Patching Jobs on the Ubuntu platform. 
  • You can add a server to the system by using the POST method. For more information about this method, see servers.
  • You can decommission a server with the specified ID by using the DELETE method. For more information about this method, see servers.
  • The REST API logs display the unique session ID for each API call invoked and the time taken to complete the call (in milliseconds). The following example displays session id and total time taken for the POST call.

    [04 Aug 2021 16:50:27,746] [https-jsne-jio-9843-exec-6] [INFO] [BLAdmin:BLAdmins:10.133.76.186] Response Status:- POST ->  https://tssa-qa:9843/rest/api/v1/patching-jobs, status code 400, session id [4463AD18C034XA6F09F8A7BD7507UI], total time taken [391]ms

For the complete list of supported operating systems and API details, see REST API endpoints.

Was this page helpful? Yes No Submitting... Thank you

Comments