20.02.01: Patch 1 for TrueSight Server Automation 20.02

Patch 1 is now available for TrueSight Server Automation 20.02. This topic provides the enhancements and defect fixes in the patch and instructions to download and apply the patch.

Known and corrected issues

For information about the issues corrected in this patch, see Known-and-corrected-issues.

Enhancements

This patch provides the following enhancements:

You can now download and apply patches on CentOS systems using the out-of-the-box patching solution. For more information, see Getting-started-with-CentOS-patch-analysis.

The existing patching solution that uses the Vendor Patch Content (VPC) installer is also supported.

You can now manage target servers in private networks (in on-premises or cloud environments such as AWS). For more information, see Deployments-in-cloud-environments and Getting-started-with-Smart-Agents.

This release now supports the following new templates: CIS for RHEL 8, CIS for Oracle Linux 8, and CIS for CentOS 8

For information about downloading and importing these templates, see the following topics:

• CIS-Red-Hat-Enterprise-Linux-8
• CIS-Oracle-Linux-8
• CIS-CentOS-Linux-8

Also, updated the benchmarks for the following templates:

• CIS for Windows 2019
• DISA for Windows 2012 DC
• DISA for RHEL7
• DISA for Windows 2016

This release now supports Security Content Automation Protocol (SCAP) 1.3. For more information, see SCAP-compliance-analysis.

You can now use a new operations dashboard to know the overall status of jobs in your environment. For more information, see Ops-dashboard.

TrueSight Server Automation upgrade using the unified product installer no longer installs or upgrades the following artifacts by default:

• Zipkit
• blcontent script
• Script to create container compliance jobs
• Quick start page

If you want to install or upgrade any of these artifacts, you can provide the appropriate parameters to the upgrade command. For more information, see the following topics:

• Walkthrough-Upgrading-to-the-latest-version-for-Microsoft-Windows
• Walkthrough-Upgrading-to-the-latest-version-for-Linux
• Upgrading silently using the unified product installer
  
  

This release offers the following logging enhancements:

• Version of Log4j is updated from 1.x to Apache Log4j 2.
• Logging configuration is changed from the properties to XML format. Therefore, the configuration changes you have made in the properties files such as log4j.properties, rcp,cf, and blcli-log.cf are not retained after the upgrade.

For information about configuring the logs, see Controlling-Application-Server-logging.

While running ACL Push jobs, you can now exclude the target servers where the File Server or Repeaters are installed. For details, see ACL-Push-Job-General.

On Linux systems with systemd support, the systemctl commands are now the default commands to start or stop the RSCD and Smart Agents. For details, see Starting-and-stopping-TrueSight-Server-Automation-components and Managing-the-Smart-Agent.

This release now includes the job policy rules that are used to manage the following job-related parameters:

• Maximum targets that a job can run simultaneously
• Maximum targets that can be assigned to a job
• Job scheduling frequency

By default, these rules are assigned to all the user roles. For details, see Managing-job-policy-rules.

This release provides the following database enhancements:

• You can now schedule the automatic database cleanup for a later date or time. For details, see Scheduling-the-automatic-data-cleanup.
• You can now partition database tables by using the install_partitioning.sql script to improve and simplify database management functions, such as cleanup, storage, and performance. In this version, partitioning is supported for Oracle 12c R1, Enterprise Edition or later versions. For more information, see Table-partitioning.

You can now use the secure SMTP for a job complete notification email. For information about configuring the email settings, see Configuring-a-mail-server.

This release offers the following REST API enhancements:

• A new version of API to retrieve the list of all patches in catalogs.
• Support for patching on SUSE systems.
• Support to select logging levels.
• Support for Remedy Single Sign-On authentication. For details, see Implementing Remedy Single Sign-On authentication.
• Support to cancel and abort Patching, Deploy, and NSH Script jobs.

For more information, see Trying-out-the-REST-APIs and REST-API-endpoints.

This release offers the following security enhancements:

• Enabled TLS 1.2 as a default protocol for the new installation of TrueSight Server Automation. For more information, see Configuring-the-TLS-protocol.
• Upgraded JRE to version 1.8.0_252. 
• Added support for PBKDF2 to be used with the secure remote password (SRP) authentication. For more information, see Secure-remote-password-authentication.
  
  

TrueSight Server Automation now supports the following operating systems and databases:

• CentOS 8
• Oracle Enterprise Linux 8
• Ubuntu 20.04
• Oracle Exadata
• Debian 9 and 10
• SQL Server 2019

For information about the modules for which this support is added and for the complete list, see Supported-platforms.

Supported TrueSight Smart Reporting for Server Automation version

TrueSight Server Automation 20.02.01 supports TrueSight Smart Reporting for Server Automation version 20.02.01. If you are using TrueSight Smart Reporting for Server Automation, upgrade it to 20.02.01 prior to upgrading TrueSight Server Automation to 20.02.01. For the upgrade instructions, see Upgrading TrueSight Smart Reporting for Server Automation.

Downloading the patch

This patch includes the full installer of TrueSight Server Automation 20.02.01. For instructions, see Downloading the installation files of TrueSight Server Automation.

Applying the patch

The following table explains the various scenarios for applying the patch: