Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Updates included in Service Pack 2


BMC BladeLogic Decision Support for Server Automation version 8.2 SP2 provides the updates described in the following sections:

Support for Active Directory

BMC BladeLogic Decision Support for Server Automation supported Active Directory for the 8.1.x versions. However, support for Active Directory was removed in versions 8.2.00 and 8.2.01. From version 8.2.02, BMC BladeLogic Decision Support for Server Automation again provides support for Active Directory and you can see Active Directory data in the reports.

Warning

Note

After upgrading to version 8.2 SP2, Active Directory data snapshots taken for the period from version 8.2.00 or version 8.2.01 till version 8.2.02 is installed are not reflected in the reports.

To ensure that the Active Directory data is reflected in the reports, you must re-baseline and re-execute the existing Snapshot Jobs for Active Directory or obtain a fresh Snapshot for Active Directory data.

Support for Public Key Infrastructure (PKI)

BMC BladeLogic Decision Support for Server Automation now provides support for PKI.

Warning

Note

Once you swipe your Common Access Card (CAC) and select the Authentication type as PKI, you do not need to specify any other credentials to access the product.

To configure the product to use PKI, perform the following steps:

  1. Configure the Web Server to use the HTTPS protocol.
  2. Navigate to the REPORTS_HOME/webserver/conf/extra folder.
  3. Open the httpd-ssl.conf file and remove commenting before the following tags:

    SSLVerifyClient require
    SSLVerifyDepth 10
  4. Add the following tags to the http-ssl.conffile:

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars +ExportCertData
    SSLUserName SSL_CLIENT_S_DN_CN
    RequestHeader add X-Forwarded-User %{REMOTE_USER}e
    </FilesMatch>
    <Directory "/usr/local/bmc/reports/webserver/cgi-bin">
    SSLOptions +StdEnvVars +ExportCertData
    SSLUserName SSL_CLIENT_S_DN_CN
    RequestHeader add X-Forwarded-User %{REMOTE_USER}e
    </Directory>
    Error
    Warning

    Before modifying the httpd-ssl.conf file, BMC recommends that you make a backup copy.

  5. Generate the dod-root-certs.pem file and copy it to the REPORTS_HOME/webserver/conf folder.
  6. Modify the Certificate Authority section in the httpd-ssl.conf file to include the path for the dod-root-certs.pem file.
  7. Generate the dod-root.jks file and copy it to the REPORTS_HOME/br folder. 
  8. Access the Application Server Administration console:
    • Microsoft Windows:REPORTS_HOME\bin
    • UNIX: REPORTS_HOME/br
  9. Run the following commands:

    Blasadmin a set set Pki TruststorePass password
    Blasadmin a set Pki TruststorePath DoDRoot.jks
    Blasadmin a set Pki TruststoreType JKS
    Blasadmin a set Pki UseCommon true
    Warning

    Note

    Alternatively, you can open the blasadmin prompt and run the commands inside the utility.

  10. Restart the Apache Web Server.
  11. Restart the Authentication and Cognos services.

New versions for Apache web server and OpenSSL

BMC BladeLogic Decision Support for Server Automation now uses Apache web server version 2.2.22 and OpenSSL version 0.9.8r.

Security enhancements for Apache web server

The following security related enhancements have been made in BMC BladeLogic Decision Support for Server Automation:

  • The product upgrade now takes a backup of the existing HTTP configuration files by renaming the existing files with a .bak extension appended.
  • The HTTP trace method is disabled for the default Apache web server configuration.
  • The Options directive for the Apache web server is set to None for security purposes.
  • The limitexcept directive for the Apache web server is set to allow only the GET, HEAD, and POST HTTP request methods.
  • To prevent clients from modifying unauthorized files on the web server, the Web-based Distributed Authoring and Versioning (WebDAV) feature of the Apache web server is disabled.
  • The bundled Apache web server now supports the TLSv1 SSL protocol.
  • The Apache web server now has minimal statically linked modules.

New query subjects and query items

The following sections list the new query subjects and query items that are added to various domains.

New query subject and query items in the Compliance domain

The Compliance Server Result query subject, consisting of the following query items, is added to the Compliance domain folder:

Query item

Description

Rules Checked

Displays the number of rules checked for a server for a policy in a job run.

Rules Compliant

Displays the number of rules compliant for a server for a policy in a job run.

Rules Compliant With Exception

Displays the number of rules compliant with exception for a server for a policy in a job run.

Rules Non Compliant

Displays the number of non compliant rules for a server for a policy in a job run.

Rules Unknown

Displays the number of rules unknown for a server for a policy in a job run.

% Compliance

Displays % compliance as a ratio of compliant to rules checked for a server for a policy in a job run. Aggregation rule is AVG.

Server Is compliant

Displays 1 if server is compliant for a policy in a job run.

Server Is Non Compliant

Displays 1 if server is non compliant for a policy in a job run.

Server Is Unknown

Displays 1 if server has all its rules indeterminate for a policy in a job run.

New query subject and query items in the Audit domain

The Audit Server Result query subject, consisting of the following query items, is added to the Audit domain folder:

Query item

Description

Total On source

Displays the number of items on source against which an Audit Job is run.

Extra On Target

Displays the number of items found extra on a target.

Changed On Target

Displays the number of items changed on a target

Missing On Target

Displays the number of items missing on a target.

Total Differences

Displays the total differences found on a target.

% Audit Compliance

Displays the % audit compliance for a server in a run calculated as 100 - ( Total differences*100/( Total on source+ Extra on Target)).

Server Is Compliant

Displays 1 if there are no differences found in audit.

Server Is Non Compliant

Displays 1 if there are differences found in audit.

Server Unknown/Error

Displays 1 if there were errors in audit.

New query items in the Patch domain

In the Patch domain folder, the Patch Analysis Result query subject now includes the following query items:

Query item

Description

Compliant Server Count

Displays the number of compliant servers (Server count on which missing patches are 0 (zero).

Non Compliant Server Count

Displays the number of non-compliant servers (Server count on which missing patches are > 0 (zero).

New query item and filter in the Inventory domain

In the Inventory domain folder, the following query item is added to the Local Users query subject (under Windows folder):

Query item

Description

Member Of (Groups)

Displays the groups, which a user belongs to.

In the Inventory domain folder, a new Show Latest Server Attributes filter is added. This filter allows you to filter reports with the latest values for all server attributes.

For more information, see the Excel sheet containing the query items and query subjects at PDFs.

Change in depot folder name for Report Scripts

The depot folder name is changed to Bladelogic Report Scripts.

Warning

Note

You must change the NSH Script field for all older Jobs to point to the Bladelogic Report Scripts folder, instead of the existing BSARA Report Scripts 8.1.0.15 or BSARA Report Scripts 8.1.5.25 folder. Additionally, you must reset the script parameters after changing the script location.

Updates in the Report Authoring Guide

The BMC BladeLogic Decision Support for Server Automation User Guide: Report Authoring at PDFs now contains illustrated examples of how to combine specific query items from the specified query subjects in a domain. BMC recommends that you combine only these query items to generate meaningful ad hoc reports.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Decision Support for Server Automation 8.2