IBM Tivoli Composite Application Manager for Transactions Response Time 7.4 Interim Fix 32 README Tivoli Composite Application Manager for Transactions 7.4.0.0 7.4.0.0-TIV-CAMRT-IF0032 Readme

The information included in this document is published at product release time. For the latest updates on this release please refer to the on-line document: To download this update you must first login to IBM FixCentral. Once logged in, you may select from the individual download packages. HPUX and Solaris downloads are no longer provided.
http://www.ibm.com/eserver/support/fixes/

Below is a list of components, platforms, and file names that apply to this Readme file.

This upgrade for the Robotic Response Time agents , which is part of ITCAM for Transactions: Response Time, may be applied to the following base versions.

• 7.3.0.x - AIX, Windows, Linux
• 7.4.0.x - AIX, Windows, Linux

Notes:

1. Supported base versions include interim fixes applied to any of the above release levels.

This patch replaces the two JREs shipped with the Robotics Response Time (T6) agent, bringing them to the latest level. This remediates multiple security issues.

This patch is applicable for T6 agents:

• versions 7.4.0.x, 7.3.0.x
• Windows, AIX and Linux platforms.

The T6's JREs are only used when playing back Rational Performance Tester (RPT) scripts, thus not available on Solaris and HPUX (RPT playback is not supported on Solaris and HPUX).
7.4 and 7.3 agents need to update both java60 and java 70 JREs.These variations are noted in the installation steps below.
Any customisations done to the existing JREs needs to be preserved. Since these JREs are product specific (ie only used by the T6 agent), there should only be at most one customisation as instructed by IBM support; which is to enable strong encryption by updating the JRE's encryption policy (see technote in Related Material).
After the patch, the Java versions will be:

• Java 6.0 SR16 FP5
• Java 7.0 SR9 FP1

Related material:
Oracle Critical Patch Update Advisory - April 2015 - details vulnerabilities addressed
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Details on Strong Encryption keys
http://www-01.ibm.com/support/docview.wss?uid=swg21695474

Before Installing

Validate pre-existing java is older than ones delivered in this IFix.
The RRT Agent's javas are located in

• Windows:
  • java60: $ITMHOME\tmaitm6\java60
  • java70: $ITMHOME\tmaitm6\java70 - only in 7.3.0.1-LA2 and later
• Unix:
  • java60: $ITMHOME/tmaitm6/java60
  • java70: $ITMHOME/tmaitm6/java70 - only in 7.3.0.1-LA2 and later

Check their versions, for example
C:\ibm\itm\TMAITM6> .\java70\jre\bin\java.exe -version

java version "1.7.0"
Java(TM) SE Runtime Environment (build pwi3270sr7fp1-20140712_01(SR7 FP1))
IBM J9 VM (build 2.6, JRE 1.7.0 Windows 7 x86-32 20140627_204598 (JIT enabled, AOT enabled)
J9VM - R26_Java726_SR7_20140627_0924_B204598
JIT - r11.b06_20140409_61252.04
GC - R26_Java726_SR7_20140627_0924_B204598
J9CL - 20140627_204598)
JCL - 20140707_01 based on Oracle 7u65-b16

Installing

Notes

1. For 7.3 onwards agents, please unarchive both JREs.
2. If you have updated the T6 jre to use strong encryption, you must migrate the policy files to the new JREs. The two files are:
   • \lib\security\local_policy.jar
   • \lib\security\US_export_policy.jar

See:
http://www-01.ibm.com/support/docview.wss?uid=swg21245273

• Back up existing java
  1. Stop the T6 agent
  2. Backup existing java jres, for example
     > c:
     > cd c:\ibm\itm\tmaitm6\
     > move java60 java60.old
     > move java70 java70.old - only in 7.3.0.1-LA and later.
• Replace the JREs
  1. Unzip/Untar the archive to the same directory, for example, after unarchiving your directory structure should be like:
     c:\IBM\ITM\TMAITM6>dir java*
     

     Volume in drive C has no label.
     Volume Serial Number is 44AB-01FC
     
     Directory of c:\IBM\ITM\TMAITM6
     
     29/05/2013 02:02 PM <DIR> java60
     12/03/2012 04:08 PM <DIR> java60.old
     29/05/2013 02:04 PM <DIR> java70
     13/02/2013 02:14 PM <DIR> java70.old
     

     0 File(s) 0 bytes
     4 Dir(s) 30,808,731,648 bytes free
     

     
     
• Validate the update JRE version/function
  1. Check version number of JRE 6.0, for example
     > c:
     > cd c:\ibm\itm\tmaitm6
     > java60\jre\bin\java.exe -version
     java version "1.6.0"
     Java(TM) SE Runtime Environment (build pwi3260sr16fp5-20150602_01(SR16 FP5))
     IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows 7 x86-32 jvmwi3260sr16fp4-20150406_242976 (JIT enabled, AOT enabled)
     J9VM - 20150406_242976
     JIT - r9_20150402_88984
     GC - GA24_Java6_SR16_20150406_1410_B242976)
     JCL - 20150602_01
     > java70\jre\bin\java.exe -version
     java version "1.7.0"
     Java(TM) SE Runtime Environment (build pwi3270sr9fp1-20150602_01(SR9 FP1))
     IBM J9 VM (build 2.6, JRE 1.7.0 Windows 7 x86-32 20150406_242981 (JIT enabled, AOT enabled)
     J9VM - R26_Java726_SR9_20150406_1443_B242981
     JIT - tr.r11_20150401_88894
     GC - R26_Java726_SR9_20150406_1443_B242981
     J9CL - 20150406_242981)
     JCL - 20150601_01 based on Oracle 7u79-b14
     
• Restart Agent and ensure RPT Script playback works.
• (Optional) Delete the backup java runtimes.

The Secure Hash Algorithm 1 (SHA1) checksum of the images are as follows:

7.4.0.0-TIV-CAMRT-AIX-IF0032.tar 62f67922b4082072f460ec4818012ed4179e0f89
7.4.0.0-TIV-CAMRT-Linux-IF0032.tar 2a4f7d5c8c83f87379da0da4efec1dd3a59ff90d
7.4.0.0-TIV-CAMRT-Windows-IF0032.zip 2fa06dce171c443b267b266b34776657cc46c89a

A) APAR Content:
IV74412: PSIRT 3328 - CODE BLUE EXPEDITED: Logjam

B) Additional Non APAR Defects:
N/A

C) Enhancements
N/A

Version	Date	Description of change
1.0	1 Apr 2015	Initial Version