1.1.0.1-ISS-VSP-host-FP001 - Host Fix Pack for VSP 1.1.0.1

IBM Security Virtual Server Protection for VMware 1.1.0.1

=====================================================================
Last modified: 12/04/2012

PLEASE READ THIS DOCUMENT IN ITS ENTIRETY.

© Copyright IBM Corporation 2009, 2012.
U.S. Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

=====================================================================
CONTENTS
=====================================================================

- Description
- Compatibility
- Applying the Update
- MD5 of included files
- Customer Support
- Reporting product issues


DESCRIPTION
=====================================================================

This patch contains enhancements for
IBM Security Virtual Server Protection for VMware V1.1.0.1

Details
--------

This patch provides VSP with the ability to recover from certain
anomalous conditions in the DVFilter subsystem on the ESX/ESXi host.
The patch also provides enhancements that prevent IPS engine failures
and ESX/ESXi host failures that might occur in specific
circumstances.

This patch contains a VMware certified kernel module for ESXi 5.0.
The patch also applies to ESX/ESXi 4.1.


COMPATIBILITY
=====================================================================
This update applies only to:
IBM Security Virtual Server Protection for VMware V1.1.0.1.


APPLYING THE UPDATE
=====================================================================
To apply the update:

Important: You must have root user permissions to perform the steps
in this procedure.

Prerequisite:
All guest VMs on the ESX/ESXi host must be migrated to another host
to ensure business continuity. If the guest VMs are not migrated,
then you must shut them down before you follow these instructions.
These instructions assume that VSP V1.1.0.1 is running on the
ESX/ESXi host.

NOTE: If you have never performed ESX Server Configuration in
provVSetup on the host (e.g., with a new installation), then start at
Step 3.

1. Uninstall the agent from the provVSetup menu.
Important: After the agent is uninstalled, turn off the SVM. Do not
delete the SVM.

2. Reboot the ESX/ESXi host.

3. Copy the patch file to the /root directory of the SVM
(1.1.0.1-ISS-VSP-host-FP001.sh).

4. On the SVM, run the patch installation script:

sh 1.1.0.1-ISS-VSP-host-FP001.sh

5. Start the Network Configuration / ESX Server Configuration in
provVSetup. The updated module is pushed and installed on the ESX
host.

6. Use the VMware vSphere client to go to the SVM settings and select
the "Connected" and the "Connect at power on" check boxes for network
adapters 2, 3 and 6.

7. On the SVM, issue the following command to verify that the new
kernel module is installed and loaded:

grep "Version of ibm-iss-vmkmod" /var/iss/engine1.log

If the new kernel module is installed and loaded successfully, the
following output is displayed:

On ESX/ESXi 4.1:

2012/11/13 11:59:14.627 T:3083397824 Version of
ibm-iss-vmkmod: [2.0.0.20121107] Version of IPS Engine:
[2.0.0.20121107]

On ESXi 5.0:

2012/11/13 11:23:22.486 T:3083270848 Version of
ibm-iss-vmkmod: [2.0.0.20121024] Version of IPS Engine:
[2.0.0.20121107]

Note: The version string of the IPS Engine contained in this patch is
2.0.0.20121107. The version string for the ibm-iss-vmkmod kernel
module for ESX/ESXi 4.1 is also 2.0.0.20121107, while the version
string for the VMware certified ibm-iss-vmkmod kernel module for ESXi
5.0 is 2.0.0.20121024. You might see a warning in engine1.log about
this version difference for the ESXi 5.0 platform. You can safely
ignore this warning.


TROUBLESHOOTING
=====================================================================

Refer to the following Technote for troubleshooting information if
the procedure is not successful:

http://www-01.ibm.com/support/docview.wss?uid=swg21610899


MD5 OF INCLUDED FILES
=====================================================================
BA4DBC7F56DB1E157F806F605894F36A 1.1.0.1-ISS-VSP-host-FP001.sh


CUSTOMER SUPPORT FOR NORTH AMERICA
=====================================================================
IBM Security Solutions provides technical support to customers that
are entitled to receive support.

The IBM Support Portal
--------
Before you contact IBM Security Solutions about a problem, see the
IBM Support Portal at http://www.ibm.com/software/support

The IBM Software Support Guide
--------
If you need to contact technical support, use the methods described
in the IBM Software Support Guide at
http://www14.software.ibm.com/webapp/set2/sas/f/handbook/home.html

The guide provides the following information:
- Registration and eligibility requirements for receiving support
- Customer support telephone numbers for the country in which you
are located
- Information you must gather before contacting customer support


INFORMATION REQUIRED FOR REPORTING PRODUCT ISSUES
=====================================================================
If you encounter a problem with this product, please make notes that
are as detailed as possible about the following:

- Version of IBM Security Virtual Server Protection for VMware
- IBM Security Virtual Server Protection for VMware configuration
- Network deployment
- Specific failure symptoms or undesirable behavior

This information helps us reproduce the problem and resolve it as
quickly as possible.

1.1.0.1-ISS-VSP-host-FP001_Readme.txt