Control-M/EM PANFT.9.0.20.205

BMC Software is releasing patch PANFT.9.0.20.205 to correct a problem in version 9.0.20.200 of Control-M/Enterprise Manager.

Note

You can only install patch PANFT.9.0.20.205 if your original installation of Control-M/EM is version 9.0.20.x. If you have ever upgraded Control-M/EM from version 9.0.19.x or lower to 9.0.20.x, the patch is not effective as your database server is not compatible.

Corrected Problem

The following problem is fixed in patch PANFT.9.0.20.202:

Tracking number

Description

CTM-4669

SSL encryption is supported between Control-M/EM running on Linux and the following database servers:

  • AWS PostgreSQL Relational Database Service (RDS)
  • AWS PostgreSQL Aurora

Installing the Patch on Linux

This procedure describes how to install patch PANFT.9.0.20.205 on Linux.

Before You Begin

Begin

  1. Stop all Control-M components including Control-M Web.
  2. Install the patch by running one of the following scripts:

    •  <patch-location>/out/Unix/setup.sh

    •  <patch-location>/out/Unix/PANFT.9.0.20.205_INSTALL.BIN
  3. Follow the on-screen instructions until the installation is complete.
  4. Start Control-M/EM.
  5. Log out and log in to Control-M/EM.


Note

If Control-M/EM is installed on more than one host, such as High Availability and Control-M/EM Distributed, do the following:

  • Install the patch on each host
  • Ensure Control-M/EM is down on each host

Enabling SSL Encryption

This procedure describes how to enable SSL encryption after patch PANFT.9.0.20.205 is installed.

Before you begin

  • Install patch 9.0.20.205
  • Download a valid AWS certificate from the AWS website and save it to a location that is accessible to the Linux machine where your Control-M/EM account is installed.\

Begin

  1. Stop all Control-M components including Control-M Web.
  2. Execute the following command:

    ~/ctm_em/bin/DBUData/scripts/ssl_api.sh --ENABLE_SSL --DB_USER_PASSWD <password> --CERTIFICATE_FILE <certificate location>
  3. Test the connection with the following command:

    ~/ctm_em/bin/DBUData/scripts/ssl_api.sh --TEST_CONNECTION --DB_USER_PASSWD <password>

    If the test completed successfully, the following message appears:

    SSL is enabled
    SSL version: TLSv1.2
    Cipher: ECDHE-RSA-AES256-GCM-SHA384
    Bits: 256
  4. Start Control-M/EM.
  5. Log out and log in to Control-M/EM.


Note

  • If Control-M/EM is installed on more than one host , Enable SSL on each host after the patch is installed.
  • If SSL encryption is enabled, the following components are not supported:
  • Control-M Workload Archiving
  • Control-M Usage Reporting Tool

Disabling SSL Encryption

This procedure describes how to disable SSL encryption before uninstalling patch PANFT.9.0.20.205.

Begin

  1. Stop all Control-M components including Control-M Web.
  2. Execute the following command:

    ~/ctm_em/bin/DBUData/scripts/ssl_api.sh --DISABLE_SSL
  3. Start Control-M/EM.
  4. Log out and log in to Control-M/EM.

Note

 If Control-M/EM is installed on more than one host, Disable SSL on each host.

Uninstalling the Patch from Linux

This procedure describes how to uninstall patch PANFT.9.0.20.205 from Linux.

Begin

  1. Stop all Control-M/EM processes including Control-M Web.
  2. Change the directory to <EM_HOME>/patches/PANFT.9.0.20.205
  3. Run the following script:
    unInstall_PANFT.9.0.20.205.sh
  4. Follow the on-screen instructions until the uninstallation is complete.
  5. Start Control-M/EM components.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*