23.1 enhancements and patches

Review the TrueSight Server Automation 23.1 enhancements and patches for features that will benefit your organization and to understand changes that might impact your users.

Version

Fixed issues

Updates and enhancements

23.1.00

Related topics

Downloading-the-installation-files

Release-notes-and-notices

Deprecated-and-discontinued-features


23.1

Support for additional platforms

Server Automation supports the following additional platforms: 

  • Microsoft Windows Server 2022 (Bare-metal and Physical provisioning)
  • Red Hat Enterprise Linux 9 x86-64 (Patching, Bare-metal and Physical provisioning, Guest OS Virtualization)
  • Red Hat Enterprise Linux 9 zSeries (s390x) (RSCD Agent, Smart Agent)
  • Red Hat Enterprise Linux 8 zSeries (s390x) (Patching)
  • Rocky Linux 8 and 9 (RSCD Agent)
  • SuSE 15.x (Unified Product Installer)
  • Ubuntu 22.04 (RSCD Agent, Patching)

For the complete list of supported operating systems, see Supported-platforms.


Patching enhancements

This release contains the following patching enhancements.

Support for live kernel patches (kpatch) for Red Hat Enterprise Linux

Apply security patches and other updates to a running (live) kernel without rebooting a server. It allows you to avoid downtime and improve server availability.

Server Automation supports kpatches for the existing RHEL repositories for RHEL versions 8 and 9.

To apply these patches, you need to create a Patch Analysis Job using the new option, KPatch Mode - Analyze only for kernel patches (kpatch) available for target server. For more information, see the Patching Job — Analysis Options for Red Hat Enterprise Linux, Oracle Linux Public Repo or SUSE Linux Enterprise section on Creating-a-Patching-Job.

After you upgrade to version 23.1, we recommend updating the existing patch catalogs to get the latest kernel patches.

Support for live kernel patches (Ksplice) for Oracle Linux ULN systems

Apply security patches and other updates to a running (live) kernel without rebooting a server. It allows you to avoid downtime and improve server availability.

Server Automation provides support for the following Oracle Linux ULN systems (OL ULN) Ksplice repositories:

  • Oracle-Linux-<version>-Ksplice
  • Oracle-Linux-<version>-Userspace_Ksplice

These repositories are available as new filters in the Catalog Update Jobs for the OL ULN versions 7 and 8. 

After you upgrade to version 23.1, ensure that you update the existing patch catalogs for the new options to take effect.

For more information, see Preparing-the-configuration-file-for-OL-ULN.

Availability of new out-of-the-box child channel for Red Hat Enterprise Linux 8

Server Automation provides patching support for Red Hat Satellite Tools 6.9 child channel on Red Hat Enterprise Linux 8. 

Availability of the installed patch count for RHEL servers

Starting from this version, count for the installed patches is available when the Patching Job is run on the Red Hat Enterprise Linux servers. The installed patch count is calculated based on the analysis options selected in the patch catalog, excluding the patches specified in the patch exclude list.

  • The Patch Analysis Job results display the count for the installed patches along with the missing patches. 
    installpatchcount.png
  • The output of the simpleExportPatchAnalysisRunSummary and simpleBatchWiseExportPatchAnalysisRun BLCLI commands includes the count of installed patches.

After you upgrade to version 23.1, we recommend you to run the Patching Job again to display this count.  For more information, see Viewing-Patching-Job-results.

As a reporting user, when creating a custom report in TrueSight Smart Reporting - Platform for the Patch domain, use the new attributes Patch Installed Date and Catalog - Installed Patch Count to fetch the installed date for patches and the installed patch count data for Red Hat Enterprise Linux servers. For more information, see Creating reports.

Support for Public repository

The Public repository is supported (offline mode only) for Oracle Linux 8.x.

Ability to add a new OS base version for AIX

When creating a patch catalog for AIX, the Server Update Management System (SUMA) download option is supported out-of-the-box for AIX versions 7.1 and 7.2.

Starting this version, you can add a new base version of AIX to the list of download options by modifying the AIX XML configuration file and importing it through the Patch Global Configuration dialog box. For more information, see Creating-a-patch-catalog-for-AIX.

REST API enhancements

The installed patch count is available in the response of the following REST API endpoints:

  • /api/v1/patching-jobs/{id}/jobruns/{run_id}/results 
  • /api/v1/patching-jobs/{id}/jobruns/{run_id}/results/analysis

New intrinsic server property

Use the new server property, IS_PENDING_REBOOT to determine whether a Windows server is in a pending reboot state. Possible values of this property are YES and NO.

The Update Server Properties Job and the Auto USP feature of Smart Agents set the value of this property to Yes if any of the following registry values exists:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

For information about the Update Server Properties Job, see Creating-or-modifying-Update-Server-Properties-Jobs. For information about the Auto USP feature, see Auto-update-of-server-properties.


Security enhancements

This release contains the following security enhancements.

Ability to control permissions on the files and subdirectories in the Transactions directory

Starting this version, use the Umask property to control the permissions on all the files and subdirectories in the Transactions directory. 

For more information, see Controlling permissions on the Transactions directory.

Support for stronger cipher suites

Server Automation supports the following stronger cipher suites for the client calls made to the web services (RESTful Web Services and REST APIs):

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

After upgrading to version 23.1, the existing weak cipher suites are retained for compatibility with existing versions and the new strong ciphers are added to the existing cipher list.

In addition, Server Automation supports Elliptic Curve Digital Signature Algorithm (ECDSA). For more information, see Implementing-private-certificates-in-TrueSight-Server-Automation.

ECDSA certificate is used only for the client calls made to web services, and not used for the Server Automation communication. For example, this certificate is not used when RCP client communicates with the Application Server or when the Application Server communicates with an RSCD Agent.

For information see Session-layer-security and Deprecated-and-discontinued-features.

Restrict access to the file server file system

Role-based access control (RBAC) users create TrueSight Server Automation objects (for example, scripts and packages) that are stored on the file server. To create these objects, users need read and write permissions on the file server. With the read and write permissions, RBAC users have unrestricted access to the file server file system.

Starting with this version, you can restrict access to the file server file system by using the EnableFileServerAccessRestriction parameter and configuring the file server Agent ACLs.

For the fresh installation of version 23.1, the EnableFileServerAccessRestriction parameter is set to True by default. You only need to configure the file server Agent ACLs to restrict access. For more information, see Configure the file server Agent ACLs.

After you upgrade to version 23.1, the EnableFileServerAccessRestriction parameter is set to False by default. Set this parameter to True and configure the file server Agent ACLs. For more information, see Restricting-access-to-the-file-server-file-system.


Database enhancements

This release contains the following database enhancements.

Support for Fast Application Notification for Oracle RAC databases

Starting this version, TrueSight Server Automation supports the Fast Application Notification (FAN) for a TrueSight Server Automation Application Server. FAN is a high availability notification mechanism that Oracle RAC uses to notify the TrueSight Server Automation Application Servers about status-level information, including status changes such as NODE UP or NODE DOWN events.

In an Oracle RAC environment, whenever a node goes down or there is network issue between nodes, FAN events are generated. In the Application Server connection pool, these events are captured and the connections to those DOWN nodes are marked as broken and those connections are returned to the available pool. 

For instructions about configuring the Oracle Cluster and Application Servers for the FAN support, see Configuring the Oracle Cluster and Application Servers for FAN support.

Offline database cleanup utility available for partitioned databases

The offline database cleanup utility is now enabled for partitioned databases.

For more information, see Table-partitioning.


Support for Compliance Content templates

This version supports the following Compliance Content templates:


Logging enhancements

This release contains the following logging enhancements.

blasadmin utility logs

Starting this version, logs for various activities performed through the blasadmin utility are written to the blasadmin.log file, located in the AppServer_INSTALL_DIR\br directory.

For more information, see Logs-for-the-blasadmin-utility.

Application Server profile logs

The changes that you make to an Application Server's attributes are logged in the AppServerLauncher.log file, located in the AppServer_INSTALL_DIR/br directory. 

For more information, see Viewing-and-editing-an-Application-Server-profile.

Package logs for the Application Server configuration changes

Use the Application Server Configuration Change Logs option to package the logs generated for the changes happened to an Application Server's attributes.

For more information, see Generating-data-for-support.

GenerateDataForSupport.png


Live Reporting updates

Live Reporting UI has been updated as follows:

  • In the Live Reporting console, in the Schedule Management > Administration section, Source filter type has been renamed to Access filter. For more information, see Populating the reports.
    AccessFilter.png
  • The new Reset button on the Live Reporting Dashboard enables you to fetch and display the latest values of server groups, patch catalogs, etc. on the dashboard. For more information, see Using-the-Live-Reporting-dashboard.


Integration with BMC Helix Discovery and BMC Discovery

TrueSight Server Automation supports integration with BMC Helix Discovery 23.1 and BMC Discovery 22.1.

For more information, see Integrating-TrueSight-Server-Automation-with-TrueSight-Server-Configuration-Discovery.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*