Tivoli Security Policy Manager Version 7.1, Fix Pack 4, 7.1.0-TIV-ITSPM-FP0004

Downloadable files


Abstract

This fixpack contains several fixes for problems in the various components that comprise the Tivoli Security Policy Manager software

Download Description

IBM® Tivoli® Security Policy Manager 7.1.0-TIV-ITSPM-FP0003 and 7.1.0-TIV-ITRTSS-FP0003 Readme

IBM® Tivoli® Security Policy Manager 7.1.0-TIV-ITSPM-FP0004 and 7.1.0-TIV-ITRTSS-FP0004 Readme


Abstract

The Fix Pack Readme topics describe the contents of the Tivoli Security Policy Manager Fix Pack 7.1.0.4

Readme file for: IBM Tivoli Security Policy Manager
Product/Component Release: 7.1.0
Update Name: Fix Pack 4
Fix ID: 7.1.0-TIV-ITSPM-FP0004
Fix ID: 7.1.0-TIV-ITRTSS-FP0004
Publication date: 18 November 2012
Last modified date: 18 November 2012

Alerts

Visit the IBM Product Security Incident Response site for a a full list of security alerts for WebSphere Application Server.

1) Denial of Service Security Exposure with Java JRE/JDK:

Description:

This Security Alert addresses security issue CVE-2010-4476 (Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number), which is a vulnerability in the Java Runtime Environment component.
Before updating Tivoli Security Policy Manager/Runtime Security Services with this fix pack, update the JRE/JDK to mitigate the security exposure.
This fix pack includes all versions of JRE/JDK that were installed with Tivoli Security Policy Manager/Runtime Security Services or Tivoli Integrated Portal/Tivoli Common Reporting (embedded WebSphere Application Server).
Note: The update process for the embedded WebSphere Application Server (that comes with Tivoli Integrated Portal/Tivoli Common Reporting) is same as the regular WebSphere® update.
Use the following link to update the appropriate version of your JRE/JDK with the WebSphere Application Server update:

Java Security Exposure (CVE-2010-4476) Flash for WebSphere Application Server (WSAS)

You might need to install the WebSphere Update Installer (WUI), which is at the following location: WebSphere Update Installer (WUI)

2) Potential security exposure with IBM WebSphere Application Server with Web Services using XML Encryption:

Problem Description:

If a Web Service (either JAX-WS or JAX-RPC) is configured to use WS-Security to encrypt data, that data might be vulnerable to a decryption attack.
If requests containing encrypted data can be intercepted, an attacker might be able to decrypt the encrypted
data in those requests. All versions of JAX-RPC and JAX-WS are vulnerable.
Use the following link to update the appropriate version of the installed WebSphere Application Server:

Potential security exposure with IBM WebSphere Application Server with Web Services using XML Encryption

3) Password to the plugin-key.kdb expires on April 26, 2012:

Problem Description:

The WebSphere Plugin comes with a plugin-key.kdb file upon installation. The password of WebAS is set to expire by April 26, 2012.
If IBM Tivoli Security Policy Manager/Runtime Security Services is deployed to a WebSphere Application Server cluster using the IBM HTTP Server using this certificate, all HTTP communication might be blocked.
Use the following link to update the certificate password and expiration date of the webSphere Plugin.

Password to the plugin-key.kdb will expire on April 26, 2012





Fixes

The fix pack provides fixes for a number of the APARs. Fixes are cumulative, meaning the latest fix pack also contains all the fixes contained in the previous fix packs.

Table 1. Fixes contained in Fix Pack 7.1.0.4
APAR Problem summary
IV15661 CREATEPOLICY() AND MODIFYPOLICY() RETURN INCORRECT DATA IN SOMETRUE
IV15818 UNABLE TO EXPORT TSPM POLICY USING IE BROWSER
IV20522 TSPM CONSOLE ERRORS INTERNET EXPLORER 8
IV21909 TSPM 7.0 -> 7.1 MIGRATION FAILURE (PARTIAL)
IV22007 POLICY CHANGES DO NOT TAKE AFFECT UNTIL RTSS IS RELOADED
IV22638 SUPPRESS ERRORS LOG ENTRIES FOR NULL VALUE
IV25186 WRONG UPDATE MAPPING WHEN SORTING LIST
IV23845 7.1 DOCUMENTATION FIXPACK TYPO AND CLARIFICATION

Table 2. Fixes contained in Fix Pack 7.1.0.3
APAR Problem summary
IV02079 WSDL IMPORT FAILS IF XSD FILES ARE REFERENCED WITH RELATIVE PATH
IV03218 TSPM POLICY/DIRECTORY NOT GETTING PROPAGATED TO THE DMGR.
IV04689 MISSING TSPMREPORTS.SQL
IV06278 POLICY PENDING RETRIEVAL WHEN VALID TIMESTAMP NOT FOUND
IV07258 SEARCHING FOR MEMBERS OF A TSPM ADMIN GROUP TO ASSIGN POLICY OW
IV08352 ILLEGALSTATEEXCEPTION: SESSION HAD BEEN INVALIDATED:
IZ96492 TSPMRUNTIMEEXCEPTION: UNHANDLED EXCEPTION
IV05128 NULLPOINTER EXCEPTION WHEN RUNNING THE CREATEPOLICY API.

Table 3. Fixes contained in Fix Pack 7.1.0.2
APAR Problem summary
Stability Fixes Some Stability Fixes Went into FP02

Table 4. Fixes contained in Fix Pack 7.1.0.1
APAR Problem summary
IZ80883 RTSS LOCAL MODE IS FAILING WITH J2EE ENFORCEMENT
IZ87160 NULLPOINTEREXCEPTION IN STS ATTRIBUTE FINDER WHEN PARSING RTSR
IZ77364 JAX-WS PEP DOES NOT ENFORCE SERVICES USING MESSAGE LEVEL AUTHENTICATION
IZ87161 JAXWS PEP SHOULD LOOK IN MESSAGE CONTEXT FOR SUBJECT
IZ87166 JAXWS PEP SHOULD FALL BACK TO RUN-AS SUBJECT
IZ83168 PROBLEM ATTACHING POLICY VIA CLASSIFICATION
IZ81535 TSPM WILL GENERATE INDIVIDUAL POLICY AND POLICYATTACHEMENT DOCUMENTS

Prerequisites

TSPM 7.1.0 GA Version

Installation Instructions

Installation Instructions


Downloading the Fix Pack

Download and extract the fix pack files from the IBM Tivoli Security Policy Manager Support website.

About this task

Tivoli Security Policy Manager Fix Pack 7.1.0.4 consists of two compressed files. One file contains the policy manager packages. The other file contains the runtime security services packages. Download the compressed files that apply to your deployment.

Table 1. Fix pack packages and compressed files
Package Fix Pack compressed file
Tivoli Security Policy Manager 7.1.0-TIV-ITSPM-FP0004.zip
Tivoli Security Policy Manager Software Development Kit
Runtime Security Services Server 7.1.0-TIV-ITRTSS-FP0004.zip
Runtime Security Services Client
Runtime Security Services Software Development Kit

Procedure

  1. Access either the support website:
    1. Go to the IBM Tivoli Security Policy Manager Support website.
    2. Locate and download the fix pack compressed files:
      1. Click Download.
      2. In the Search field, enter the Policy Manager fix pack identifier:
        7.1.0-TIV-ITSPM-FP0004
      3. Download the compressed file.
      4. In the Search field, enter the runtime security services fix pack identifier:
        7.1.0-TIV-ITRTSS-FP0004
      5. Download the compressed file.
    • Extract the compressed files. Each compressed file contains packages of files.
      1. Extract the file or files with the packages you want to install.
      2. Make note of the directory where you downloaded each compressed file.

    Known Issues

    This topic documents the known issues with the fix pack. You can also query the tech notes database on the Customer Support website.

    There are known issues with the Installation Manager application:

    • Do not install both IBM Tivoli Runtime Security Services Server Version 7.1.0.4 and IBM Tivoli Runtime Security Services Software Development Kit 7.1.0.4 in the same Installation Manager session. If you attempt to do so, the following message might be displayed:
      Packages IBM Tivoli Runtime Security Services Server 7.1.0.4 and 
      IBM Tivoli Runtime Security Services Software Development Kit 7.1.0.4 
      cannot coexist in the same package group
      If this message is displayed, install each package in a separate Installation Manager session.

    • Installation fails with an out of memory exception:
      Error during "pre-install configure" phase:
       java.lang.OutOfMemoryError: unable to allocate 60432017 bytes for native buffer
      The workaround is to increase the memory available to the Java Virtual Machine. Modify the <InstallationManager>/eclipse/IBMIM.ini file in IBM Installation Manager's installation directory to add an additional parameter, "-Xmx1024m", restart Installation Manager; and then perform the update.

    • On a 64bit Linux system, Installation Manager exits during installation without error. Installation Manager and Tivoli Integrated Portal require the 32bit compatibility libraries on 64bit Linux systems. Review the Supported Operating Systems section of the product documentation for specific requirements.

    • During update or installation, the EJB deploy step may fail with:
      Error executing deployment: java.lang.IllegalStateException. Error is Platform not running.
      java.lang.IllegalStateException: Platform not running
              at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:374)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
              at java.lang.reflect.Method.invoke(Method.java:611)
              at com.ibm.etools.ejbdeploy.batch.impl.BootLoaderLoader.run(BootLoaderLoader.java:494)
              at com.ibm.etools.ejbdeploy.batch.impl.BatchDeploy.execute(BatchDeploy.java:114)
              at com.ibm.etools.ejbdeploy.EJBDeploy.execute(EJBDeploy.java:107)
              at com.ibm.etools.ejbdeploy.EJBDeploy.deploy(EJBDeploy.java:348)
              at com.ibm.etools.ejbdeploy.EJBDeploy.main(EJBDeploy.java:310)
      EJBDeploy level: @build@
      ADMA5008E: The EJBDeploy program failed on file /tmp/app3860524633747861547.ear.  Exception: com.ibm.etools.ejbdeploy.EJBDeploymentException: Error executing EJBDeploy
      
      The problem and resolution are described in EJBDeploy command Exceptions on WebSphere Application Server and Eclipse OSGI cache purge issues. To resolve, update the <WAS>/deploytool/itp/ejbdepoy.sh script (or .bat for Windows) to always clear the OSGi cache by default (the "FOURTH" workaround in the referenced technote) by adding the " -Dosgi.clean="true" \" option to the com.ibm.tools.ejbdeploy.EJBDeploy invocation. Note that this option may add several seconds to the deployment operation.

    • The rollback feature does not present a graphical user interface for entering the required configuration settings, such as passwords. If you do not manually supply the necessary passwords, Installation Manager displays the following error:
      Error during "pre-install configure" phase:
      java.lang.ExceptionInitializerError
      This fix pack topic in the information center contains instructions for manually editing the required configuration files. See Rolling back Fix Pack 7.1.0.x.

    • The rollback feature does not save the response files that an administrator creates for the Tivoli Security Policy Manager configuration utility. The fix pack topic in the information center contains instructions for manually saving these files. See Rolling back the policy manager package.

    • For the rollback operation, two files located in the agent data location, installed.xml and installRegistry.xml will need to have certain properties updated for the rollback operation (as explained in the rollback section). In some instances, incorrect paths to the WebSphere and/or Tivoli Integrated Portal (TIP) profile paths may be recorded in these files. Ensure that the following entries are correct prior to performing the rollback.

      Incorrect:

      <property name='user.tipProfilePath' value='/opt/IBM/InstallationManager/eclipse/null'/>
      <property name='user.tipWsAdminScript' value='/opt/IBM/InstallationManager/eclipse/null/bin/wsadmin.sh'/>

      Correct (assuming the default TIP install location is /opt/IBM/tivoli/tip):

      <property name='user.tipProfilePath' value='/opt/IBM/tivoli/tip/profiles/TIPProfile'/>
      <property name='user.tipWsAdminScript' value='/opt/IBM/tivoli/tip/profiles/TIPProfile/bin/wsadmin.sh'/>

      Incorrect:

      <property name='user.wasProfilePath' value='/opt/IBM/InstallationManager/eclipse/null'/>
      <property name='user.wasWsAdminScript' value='/opt/IBM/InstallationManager/eclipse/null/bin/wsadmin.sh'/>

      Correct (assuming the default WebSphere profile creation location is /opt/IBM/WebSphere/AppServer/profiles):

      <property name='user.wasProfilePath' value='/opt/IBM/WebSphere/AppServer/profiles/<profileName>'/>
      <property name='user.wasWsAdminScript' value='/opt/IBM/WebSphere/AppServer/profiles/<profileName>/bin/wsadmin.sh'/>

    There are known issues with the Tivoli Integrated Portal application:

    • Some elements displayed by the Tivoli Integrated Portal console may incorrectly render text in the system locale instead of the browser locale. Fields in the login panel, banner are page bar areas may show text in the locale of the Tivoli Integrated Portal server.

    • When using the policy simulation panel with only one service defined, the content of the services selection box may not render properly. As a workaround, you can define another service, or use the keyboard navigation keys to select the resource.

    Tech notes on the IBM Software Support website document known problems and limitations:

    http://www.ibm.com/software/tivoli/support/security-policy-mgr/

    As limitations and problems are discovered and resolved, the IBM Software Support team updates the knowledge base. By searching the knowledge base, you can find workarounds or solutions to problems. The following link sends a customized query to the live Support knowledge base for Tivoli Security Policy Manager:

    http://www.ibm.com/support/search.wss?tc=SSNGTE&rank=8&atrn=SWVersion&atrv=7.1&dc=DB520+DB560

    To create your own query, go to the Advanced search page on the IBM Software Support website.

    Updating a previous version with Fix Pack 7.1.0.4

    You can update a Tivoli Security Policy Manager 7.1.0, 7.1.0.1, 7.1.0.2, or 7.1.0.3 deployment with the files in Fix Pack 7.1.0.4. Consult the IBM Tivoli Security Policy Manager information center for additional configuration and upgrade requirements.

    Tivoli Security Policy Manager Fix Packs

    Use the Installation Manager application to add the fix pack packages. The Installation Manager Update icon runs a wizard to guide you through adding fix pack packages to an existing deployment.

    Use Installation Manager to install the fix pack files. During the update, you can specify values for the same configuration properties that were used during installation or previous fix pack updates.

    • Installation Manager displays the current values for each configuration property.
    • Installation Manager does not display values for passwords. You must enter any required passwords, such as the administrative user password.
    • Review each property to ensure that it is correct. Modify any property that must change.
    1. Complete the prerequisite tasks:
      1. Download and extract the fix pack files. See Downloading the Fix Pack.
      2. Review known issues and limitations. See Known Issues.
    2. Identify the packages and features that you want to update.
      Package Features
      Tivoli Security Policy Manager Tivoli Policy Platform
      Tivoli Security Policy Manager server
      Tivoli Security Policy Manager administration console
      Tivoli Integrated Portal console
      Tivoli Security Policy Manager configuration utility
      Tivoli Security Policy Manager SDK Software Development Kit and Samples
      Runtime Security Services Server Authorization Service
      Runtime Security Services Client Authorization Service Runtime
      Policy Management Administration Agent
      Web Services Application Enforcement
      Runtime Security Services SDK Software Development Kit and Samples
      Portal Application Enforcement Software Development Kit
    3. Complete the instructions for the package that you want to update.
    4. Optional: Use the Installation Manager log viewer to verify that the installation was successful by reviewing the Installation Manager log files.
      • When you complete an installation, go to the Installation Manager landing page and click File -> View Log.
      • If you already closed Installation Manager or installed another product after Tivoli Security Policy Manager:
        1. Click File -> View Installation History.
        2. Select the package installation that you want to view. For example, Tivoli Security Policy Manager.
        3. Click View Log.

    Updating policy administration components

    You can update the policy administration components with the fix pack installation files that you downloaded from the Customer Support website. The policy administration components include the policy manager server, configuration tool, and policy manager console.

    Before you begin

    Complete the prerequisite tasks in Updating Version 7.1.0, 7.1.0.1, 7.1.0.2 or 7.1.0.3 with Fix Pack 7.1.0.4. The tasks include extracting the fix pack compressed files.

    Procedure

    1. Start Installation Manager.

      Note: If you are installing the fix pack into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX®, Linux, Linux on System z®, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows®
      Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
    2. Click File -> Preferences.
    3. Configure a repository connection. This step specifies the location of the fix pack installation files.
      1. Click Add Repository.
      2. Browse to the directory containing the extracted files from the archive file.
      3. Locate the repository configuration file. For example, if you extracted the fix pack files on a Windows system in C:\Temp:
        C:\Temp\policy\delta.7104\repository.config
      4. Click OK to add the location as a repository.
      5. Optional: Click Test Connections. Verify that you receive the message:
        All repositories are connected
    4. Verify that the fix pack repository that you want to install is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
    5. Click OK.
      Note:
      Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
    6. Click Update.
    7. The Update Packages panel displays package groups. The Tivoli Security Policy Manager package group is highlighted. Click Next.
    8. On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
    9. After reading the license agreement:
      • To continue the installation, select I accept the terms in the license agreement and click Next.
      • To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
    10. Installation Manager displays a list of installed components. Each installed component is selected. These components are updated. Verify that the list is correct and click Next.

      Components can include:

      • Policy manager server
      • Policy manager console
      • Configuration tool
    11. Confirm the values in the Connection Details panel and click Next.

      Installation Manager displays current values for:

      SOAP port
      Specifies the port value for WebSphere Application Server for SOAP communications.
      Security enabled
      Specifies whether communication with WebSphere Application Server occurs only over secure connections.
      Note:
      Clear Security enabled only if instructed to do so by IBM Support personnel.
    12. If you are updating the policy manager server, specify the required passwords on the Security Details panel.
    13. Verify that the supplied values for the other properties are correct. Click Next.
    14. Supply a password for the administrative user and for the truststore. If your deployment uses the keystore, supply a password for it.
      Note:
      If your deployment does not have security enabled, you cannot specify these values.
      Administrative user name
      Required. Specifies the user name of the administrator that manages the WebSphere Application Server instance. The default value is wasadmin.
      Administrative user password
      Required. Specifies the password for the WebSphere Application Server administrator.
      Truststore location
      Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
      Truststore password
      Required. Specifies the password for the truststore.
      Keystore location
      Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you use the default keystore, the location is blank.
      Keystore password
      Optional. Specifies the password for the keystore if a location was specified.
    15. In the Queried WebSphere Server Information panel, verify that the listed values are correct for the WebSphere Application Server instance.
    16. Perform one of the following actions:
      Note:
      If you are installing in a WebSphere cluster, the displayed text shows the correct cell name, but incorrectly shows the server name as one of the nodes.
      • If the information is correct, click Next.
      • If this information is not correct, an error indicates that the data cannot be confirmed with WebSphere Application Server.
        1. Exit and restart Installation Manager. Click Cancel -> File -> Exit.
          Note:
          Do not use Back to return to the data-entry panel.
        2. You do not have to reenter the repository information. Continue with Step 6.
    17. In the Server Or Cluster To Deploy panel, select the WebSphere environment where you want to update the product components.
    18. Click Next.
    19. If you are updating the policy manager console, specify the password in the Tivoli Integrated Portal Install Details panel.
    20. Confirm that the other values are correct and click Next.
      User name
      Specifies the name of the administrator for the console. The default value is tipadmin.
      User password
      Specifies a password for the administrator.
      Verify user password
      Specifies the password again for verification.
      Console HTTP port
      Specifies the port number for connecting to the console with a web browser. You can specify a specific port number or accept the default. The default port number is 16310.
      Location to install Tivoli Integrated Portal (TIP)
      Specifies the fully qualified name of the directory where the Tivoli Integrated Portal is installed.

      The default installation directory is:

      AIX, Linux, Linux on System z, or Solaris
      /opt/IBM/tivoli/tip
      Windows
      C:\Program Files\tivoli\tip
    21. Review the summary information and click Update. Installation Manager starts gathering files.
    22. Click Finish to complete the installation.
    23. Exit Installation Manager by clicking File -> Exit.
    24. Continue with the appropriate action:
      • If you installed the update on a stand-alone server, continue with step 26.
      • If you installed the update in a clustered environment, complete the following steps to ensure that the repository plug-in files are available to all the shared nodes in your cluster:
        1. Locate the plug-in JAR files.

          After you install Tivoli Security Policy Manager, the plug-ins are on the deployment manager server:

          Windows
          • TSPM_INSTALL_DIR\plugins\com.ibm.ws.repository_6.2.0.jar
          • TSPM_INSTALL_DIR\plugins\com.ibm.tspm.repository.datasource_7.1.0.jar
          AIX, Linux, or Solaris
          • TSPM_INSTALL_DIR/plugins/com.ibm.ws.repository_6.2.0.jar
          • TSPM_INSTALL_DIR/plugins/com.ibm.tspm.repository.datasource_7.1.0.jar
        2. Copy both JAR files to the following path on each WebSphere Application Server installation that contains a node profile in the cell:
          Windows
          WAS_HOME\plugins
          AIX, Linux, or Solaris
          WAS_HOME/plugins
    25. If you installed the upgrade in a clustered environment, verify that the WS-Notification and Tivoli Security Policy Manager modules are mapped:
      1. Log in to the WebSphere Application Server console for the Deployment Manager and take the action for your version of WebSphere:
        • On WebSphere Application Server 6.1, click Enterprise Applications.
        • On WebSphere Application Server 7.0, click Applications -> Applications Types -> WebSphere Enterprise Applications.
      2. For each of the following applications, click the module name and then click Manage Modules.
        IBM Tivoli Security Policy Manager
        The Tivoli Security Policy Manager module.
        TsmEPListener. cluster1
        TsmEPListener is the module name and cluster1 is the name of your cluster.
        sibws. cluster1
        sibws is the module name and cluster1 is the name of your cluster.
      3. Ensure that each module shows a mapping to the cluster and the web server. If any applications are not mapped, complete the steps in Mapping the WS-Notification and Tivoli Security Policy Manager modules to the cluster. Then, return to this topic.
      4. Continue with step 21.
    26. Refresh the WebSphere OSGi cache:
      1. Stop the WebSphere Application Server for the policy manager. In a cluster, stop the cluster, including the node agents and the deployment manager. See the stopping topics in the WebSphere Application Server information center:
      2. Run the OSGi configuration script to refresh the WebSphere OSGi cache. In a cluster, run the script on each node.
        • AIX, Linux, Linux on System z, or Solaris
          WAS_HOME/profiles/profile_name/bin/osgiCfgInit.sh
        • Windows
          WAS_HOME\profiles\profile_name\bin\osgiCfgInit.bat
      3. Start the WebSphere Application Server for the policy manager. In a cluster, start the cluster, including the node agents and the deployment manager. See the starting topics in the WebSphere Application Server information center:
      4. In a cluster, stop and restart the IBM HTTP Server. See your IBM HTTP Server documentation for instructions.
      5. Stop and restart the server where the Tivoli Integrated Portal component is installed.
        Windows:
        Go to C:\Program Files\IBM\tivoli\tip\profiles\TIPProfile\bin
        1. Stop the server with the following command:

          stopServer.bat -server1 -username adminname -password adminpassword

        2. Start the server with the following command:

          startServer.bat server1

        AIX, Linux, or Solaris
        Go to /opt/IBM/tivoli/tip/profiles/TIPProfile/bin
        1. Stop the server with the following command:

          stopServer.sh -server1 -username adminname -password adminpassword

        2. Start the server with the following command:

          startServer.sh server1

    What to do next

    Continue with the updates that are appropriate for your environment:

    Updating the Tivoli runtime security services server

    You can update the Tivoli runtime security services server package with the fix pack installation files that are downloaded from the Customer Support website.

    Procedure

    1. Start Installation Manager.

      For a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
    2. Click File -> Preferences.
    3. Configure a repository connection. This step specifies the location of the fix pack installation files.
      1. Click Add Repository.
      2. Browse to the directory containing the extracted files from the archive file.
      3. Locate the repository configuration file. For example, if you extracted the fix pack files in C:\Temp on a Windows system:
        C:\Temp\policy\delta.7104\repository.config
      4. Click OK to add the location as a repository.
      5. Optional: Click Test Connections.
      6. Verify that you get the message:
        All repositories are connected
    4. Verify that the Fix Pack repository you want to install now is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
    5. Click OK.
      Note:
      Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
    6. Click Update.
    7. The Update Packages panel displays package groups. The RTSS package group is highlighted. Click Next.
    8. On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
    9. After reading the license agreement:
      • To continue the installation, select I accept the terms in the license agreement and click Next.
      • To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
    10. The Update Packages panel displays the features to update. The Authorization Service package is highlighted. Click Next.
    11. Confirm the values in the Connection Details panel and click Next.

      Installation Manager displays current values for:

      SOAP port
      Specifies the port value that is used by WebSphere Application Server for SOAP communications.
      Security enabled
      Specifies whether communication with WebSphere Application Server occurs only over secure connections.
      Note:
      Clear Security enabled only if instructed to do so by IBM Support personnel.
    12. Specify the necessary passwords on the Security Details panel.
    13. Verify that the supplied values for the other properties are correct and click Next.
    14. Supply a password for the administrative user and for the truststore. If your deployment uses the keystore, supply a password for it.
      Note:
      If your deployment does not have security enabled, you cannot specify these values.
      Administrative user name
      Required. Specifies the user name of the administrator that is managing the WebSphere Application Server instance. The default value is wasadmin.
      Administrative user password
      Required. Specifies the password for the WebSphere Application Server administrator.
      Truststore location
      Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
      Truststore password
      Required. Specifies the password for the truststore.
      Keystore location
      Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, the location is blank.
      Keystore password
      Optional. Specifies the password for the keystore if a location was specified.
    15. In the Queried WebSphere Server Information panel, verify that the listed values are correct for the WebSphere Application Server instance and perform one of the following actions:
      Note:
      If you are installing in a WebSphere cluster, the displayed text shows the correct cell name, but incorrectly shows the server name as one of the nodes.
      • If the information is correct, click Next.
      • If this information is not correct, an error indicates that the data cannot be confirmed with WebSphere Application Server:
        1. Exit and restart Installation Manager. Click Cancel -> File -> Exit.
          Note:
          Do not use Back to return to the data entry panel.
        2. You do not need to add the repositories to Installation Manager. Continue with Step 6.
    16. In the Server Or Cluster To Deploy panel, select the WebSphere environment where you are installing the product components. Click Next.
    17. Review the summary information and click Update to begin the installation.
    18. Click Finish to complete the installation.
    19. Exit Installation Manager by clicking File -> Exit.

    What to do next

    1. Verify that you can issue administration commands to the runtime security services server.

      For example, you can use the administration console to verify that the runtime security services audit settings are visible.

    2. Verify that you can distribute policy to a policy distribution target.

      See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.

    3. Update the runtime security services clients.

    Updating the Tivoli runtime security services client

    You can update the Tivoli runtime security services package with the fix pack installation files that are downloaded from the Customer Support website.

    Procedure

    1. Start Installation Manager.

      For a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
    2. Click File -> Preferences.
    3. Configure a repository connection. This step specifies the location of the fix pack installation files.
      1. Click Add Repository.
      2. Browse to the directory containing the extracted files from the archive file.
      3. Locate the repository configuration file. For example, if you extracted the fix pack files in C:\Temp on a Windows system:
        C:\Temp\policy\delta.7104\repository.config
      4. Click OK to add the location as a repository.
      5. Optional: Click Test Connections. Verify that you get the message:
        All repositories are connected
    4. Verify that the fix pack repository you want to install now is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
    5. Click OK.
      Note:
      Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
    6. Click Update.
    7. The Update Packages panel displays package groups.
      1. Verify that the RTSSClient package group is selected.
      2. Click Next.
    8. On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
    9. After reading the license agreement:
      • To continue the installation, select I accept the terms in the license agreement and click Next.
      • To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
    10. The Update Packages panel displays the installed features to update.
      1. Verify that the required features Authorization Service Runtime and Policy Management Administration Agent are selected.
      2. If the optional feature Web Services Application Enforcement is installed, verify that it is selected.
      3. Click Next.
    11. Confirm the values in the Connection Details panel and click Next.

      Installation Manager displays current values for:

      SOAP port
      Specifies the port value that is used by WebSphere Application Server for SOAP communications.
      Security enabled
      Specifies whether communication with WebSphere Application Server occurs only over secure connections.
      Note:
      Clear Security enabled only if instructed to do so by IBM Support personnel.
    12. Specify the necessary passwords on the Security Details panel. Verify that the supplied values for the other properties are correct. Click Next.
    13. Supply a password for the administrative user and for the truststore.
    14. If your deployment uses the keystore, supply a password for it.
      Note:
      If your deployment does not have security enabled, you cannot specify these values.
      Administrative user name
      Required. Specifies the user name of the administrator that is managing the WebSphere Application Server instance. The default value is wasadmin.
      Administrative user password
      Required. Specifies the password for the WebSphere Application Server administrator.
      Truststore location
      Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
      Truststore password
      Required. Specifies the password for the truststore.
      Keystore location
      Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, the location is blank.
      Keystore password
      Optional. Specifies the password for the keystore if a location was specified.
    15. In the Queried WebSphere Server Information panel, verify that the listed values are correct for the WebSphere Application Server instance and perform one of the following actions:
      Note:
      For a WebSphere cluster, the displayed text shows the correct cell name, but incorrectly shows the server name as one of the nodes.
      • If the information is correct, click Next.
      • If this information is not correct, an error is displayed indicating that the data could not be confirmed with WebSphere Application Server:
        1. Exit and restart Installation Manager. Click Cancel -> File -> Exit.
          Note:
          Do not use Back to return to the data entry panel.
        2. You do not need to add the repositories to Installation Manager. Continue with Step 6.
    16. In the Server Or Cluster To Deploy panel, select the WebSphere environment where you are installing the product components. Click Next.
    17. Review the summary information and click Update to begin the installation.
    18. Click Finish to complete the installation.
    19. Exit Installation Manager by clicking File -> Exit.

    What to do next

    Update and verify the client configuration. Use the following links to complete the configuration. The links point to configuration tasks on the Tivoli Security Policy Manager information center.

    Updating the Tivoli Security Policy Manager software development kit

    You can update the Tivoli Security Policy Manager software development kit package with the fix pack installation files.

    Procedure

    1. Start Installation Manager.

      For a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
    2. Click File -> Preferences.
    3. Configure a repository connection. This step specifies the location of the fix pack installation files.
      1. Click Add Repository.
      2. Browse to the directory containing the extracted files from the archive file.
      3. Locate the repository configuration file. For example, if you extracted the fix pack files in C:\Temp on a Windows system:
        C:\Temp\policy\delta.7104\repository.config
      4. Click OK to add the location as a repository.
      5. Optional: Click Test Connections.
      6. Verify that you get the message:
        All repositories are connected
    4. Verify that the Fix Pack repository you want to install now is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
    5. Click OK.
      Note:
      Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
    6. Click Update.
    7. The Update Packages panel displays package groups. The TSPM package group is highlighted. Click Next.
    8. On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
    9. After reading the license agreement:
      • To continue the installation, select I accept the terms in the license agreement and click Next.
      • To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
    10. The Update Packages panel highlights the Software Development Kit package. Confirm that the package is correct and click Next
    11. Review the summary information and click Update to begin the installation.
    12. Click Finish to complete the installation.
    13. Exit Installation Manager by clicking File -> Exit.

    Updating the Runtime Security Services software development kit

    You can update the Runtime Security Services software development kit package by installing the fix pack installation files.

    Procedure

    1. Start Installation Manager.

      For a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
    2. Click File -> Preferences.
    3. Configure a repository connection. This step specifies the location of the fix pack installation files.
      1. Click Add Repository.
      2. Browse to the directory containing the extracted files from the archive file.
      3. Locate the repository configuration file. For example, if you extracted the fix pack files in C:\Temp on a Windows system:
        C:\Temp\policy\delta.7104\repository.config
      4. Click OK to add the location as a repository.
      5. Optional: Click Test Connections.
      6. Verify that you get the message:
        All repositories are connected
    4. Verify that the Fix Pack repository you want to install now is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
    5. Click OK.
      Note:
      Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
    6. Click Update.
    7. The Update Packages panel displays package groups. The RTSS package group is highlighted. Click Next.
    8. On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
    9. After reading the license agreement:
      • To continue the installation, select I accept the terms in the license agreement and click Next.
      • To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
    10. The Update Packages panel highlights the packages that are installed. This includes Software Development Kit package and can include Software Development Kit and Samples and Portal Application Enforcement Software Development Kit. Confirm that the packages are correct and click Next.
    11. Review the summary information and click Update to begin the installation.
    12. Click Finish to complete the installation.
    13. Exit Installation Manager by clicking File -> Exit.

    Rolling back or uninstalling fix pack files

    Use Installation Manager to roll back or uninstall a set of software packages.

    Installation Manager supports two different tasks for removing the fix pack files. You must choose which task you want to do.

    The Installation Manager graphical user interface has icons for Roll back and Uninstall.

    • Roll back

      In one session, Installation Manager:

      1. Saves the necessary configuration files.
      2. Uninstalls the files for Fix Pack 7.1.0.4.
      3. Installs the Version 7.1.0.0, 7.1.0.1, 7.1.0.2 or 7.1.0.3 files, depending on the version you used before you installed Fix Pack 7.1.0.4.
      4. Places the saved configuration files back into the correct locations.
    • Uninstall

      In one Installation Manager session, uninstalls the files for Fix Pack 7.1.0.4 and all previously installed versions. You can remove files on a package or feature level.

    Select the instructions that are appropriate for your deployment:

    • To roll back an installation, follow a set of instructions that guide you through the file rollback and component configuration steps that are needed to restore a fully functional Version 7.1.0 deployment. See Rolling back Fix Pack 7.1.0.4
    • To uninstall the fix pack files without rolling back to a previous version, continue with the instructions in this Readme file.

    Rolling back Fix Pack 7.1.0.4

    Use Installation Manager to roll back the fix pack and return to a Version 7.1.0 configuration.

    About this task

    The Installation Manager application provides a roll back option so you can return Tivoli Security Policy Manager to a Version 7.1.0 configuration.

    Note:
    The roll back process is separate from the Installation Manager uninstallation process. The Installation Manager uninstallation removes files for the Fix Pack and Version 7.1.0. If you want to completely remove Tivoli Security Policy Manager from your deployment, see Uninstalling both Fix Pack 7.1.0.4 and Version 7.1.0 files.

    Installation Manager provides a graphical user interface for the roll back process, but does not prompt for configuration properties. You must edit properties files before running Installation Manager. Installation Manager automatically saves configuration files, uninstalls the fix pack files, installs the Version 7.1.0 files, and restores the saved configuration files.

    Note:
    All packages in a deployment must be at the same level. If you roll back one package, you must roll back the other packages. Tivoli Security Policy Manager does not support deployments that mix Version 7.1.0 packages with Version 7.1.0.4 packages.

    Procedure

    1. Review and modify the configuration properties files.

      See Setting properties for rollback.

    2. Use Installation Manager to run the roll back process.

      See Using Installation Manager to roll back to a previous version.

    Setting properties for rollback

    You must manually edit the properties files before starting the Installation Manager rollback process. The process obtains properties directly from the product properties files and does not offer an opportunity for verifying or modifying them.

    Installation Manager and Tivoli Security Policy Manager do not store values for passwords in properties files. You must manually insert values for passwords into each property file.

    Table 3. Properties files to edit for rollback
    Package Administration properties files Installation Manager properties files
    Tivoli Security Policy Manager
    admin.client.properties
    tip.admin.client.properties
    tip.properties
    installed.xml
    installRegistry.xml
    Tivoli Security Policy Manager Software Development Kit none none
    Runtime Security Services Server admin.client.properties
    installed.xml
    installRegistry.xml
    Runtime Security Services Client admin.client.properties
    installed.xml
    installRegistry.xml
    Runtime Security Service Software Development Kit none none

    Follow the instructions for editing each property file that applies to the package that you want to roll back.

    After you have modified the properties files, use Installation Manager to roll back the product files. See Using Installation Manager to roll back to a previous version.

    Editing password properties for Installation Manager

    Insert values for necessary passwords into properties used by Installation Manager.

    About this task

    Installation Manager requires values for several passwords in order to complete the roll back process. Installation Manager does not store passwords. Because the Installation Manager roll back process does not supply a method to enter the password values through a graphical panel, you must manually insert password values into two properties files.

    Note:
    If you are rolling back only the software development kit packages, you do not have to complete this task. Installation Manager does not need passwords to roll back either the Tivoli Security Policy Manager Software Development Kit package or the Runtime Security Services Software Development Kit package.

    Procedure
    1. Change directory to the location of the two properties files.

      Both files are located in the Installation Manager agent data location. The agent data location is the directory that Installation Manager uses for data that is associated with an application.

      The installing user may override the default data location by using the Installation Manager -dataLocation switch and if this has been done when installing TSPM or RTSS components, the two files that will need updating will reside in that location rather than in the default locations listed below.

      Additionally, the default location of the agent data location will differ depending whether an admininstrative (root) or non-administrative type installation of Installation Manager was done. If an administrative user installed Installation Manager using the 'install' command then this is considered an administrative install. If the 'userinst' command was used to install the Installation Manager then this is considered to be a non-administrative install.

      Administrative installation default agent data location
      • Linux and UNIX
        /var/ibm/InstallationManager
      • Administrative installation agent data location on Windows Vista and Windows 2008
        C:\ProgramData\IBM\Installation Manager
      • Administrative installation agent data location on Windows 2000 and Windows XP
        C:\Documents and Settings\All Users\Application Data\IBM\Installation Manager
      Non-admininistrative installation default agent data location
      • Linux and UNIX
        <user home>/var/ibm/InstallationManager
      • Windows Vista and Windows 2008
        C:\Users\<user>\AppData\Roaming\IBM\InstallationManager
      • Windows 2000 and Windows XP
        C:\Documents and Settings\<user>\Application Data\IBM\Installation Manager
    2. Open the file installRegistry.xml for editing. Specify the password properties needed for the package that you are rolling back.
      • When rolling back the Tivoli Security Policy Manager package:
        • The following properties are required:
          <property name='user.wasAdminUserPwd' value='ExamplePasswOrdForWASAdmin'/>
          <property name='user.wasTruststorePwd' value='ExamplePasswOrdForWAStruststore'/>
          <property name='user.tipAdminUserPwd' value='ExamplePasswOrdForTIPAdmin'/>
        • The following property is optional. If you have specified a WebSphere keystore file, specify the password for it:
          <property name='user.wasKeystorePwd' value='ExamplePasswOrdForWASKeystore'/>
      • When rolling back the runtime security services server package or runtime security services client package:
        • The following properties are required:
          <property name='user.wasAdminUserPwd' value='ExamplePasswOrdForWASAdmin'/>
          <property name='user.wasTruststorePwd' value='ExamplePasswOrdForWAStruststore'/>
        • The following property is optional. If you have specified a WebSphere keystore file, specify the password for it:
          <property name='user.wasKeystorePwd' value='ExamplePasswOrdForWASKeystore'/>
      • When rolling back the Tivoli Security Policy Manager Software Development Kit or the Runtime Security Services Software Development Kit, you do not have to edit any properties.
    3. Repeat the above step for the file Installed.xml.
    4. There is a possible known issue with some properties within these two files. Refer to the Known Issues section and review all items listed before proceeding.
    5. Ensure you save and close the file before starting Installation Manager.

    Setting administration client properties

    Specify and verify values in the administration client properties file, in order to use Installation Manager to roll back your deployment to a previous version. Although you supplied these values during the Fix Pack installation, password values are not stored and must be manually inserted. You must also verify that other values, such as truststore names, are correct.

    About this task

    For a complete description of the administration client file properties, see Administration client properties file.

    Procedure
    1. Open the properties file for editing.

      The default installation location is:

      <TSPM_installation_dir>/etc/admin.client.properties
    2. Verify that the property is set for the SSL truststore.

      The application uses this truststore when communicating with WebSphere Application Server. For example:

      javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\
        profiles\\AppSrv01\\etc\\trust.p12
    3. Enter the password for the SSL truststore.

      For example:

      javax.net.ssl.trustStorePassword=<your_trustStore_password>
    4. Verify that the WebSphere administrative user name is correct.

      For example:

      username=wasadmin
    5. Enter the password for the WebSphere administrative user.

      For example:

      password=<your_WebSphere_adminstrator_password>
    6. If your deployment uses a keystore for configuring SSL between WebSphere and the installation program, verify that the keystore property is set correctly.
      Note:
      When the default location for the keystore is used, this property does not require a value. You must supply a value for javax.net.ssl.keyStore only when the default location is not used.

      Default value:

      javax.net.ssl.keyStore=
    7. If your deployment uses an SSL keystore, enter the password for the keystore.

      For example:

      javax.net.ssl.keyStorePassword=<your_keyStore_password>
    8. Do not modify any of the other properties in the properties file.

      The file contains other properties that are used by Installation Manager and WebSphere. Do not modify the values when using the Installation Manager roll back process.

    Example file

    The example shows a properties file with password values manually inserted for the rollback process. The properties file, when stored on the file system, does not contain password values.

    Figure 1. Example admin.client.properties file, with password values inserted
    #Wed Sep 15 15:13:10 CDT 2010
    javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\
          profiles\\AppSrv01\\etc\\trust.p12
    port=8880
    cacheDisabled=true
    securityEnabled=true
    username=wasadmin
    javax.net.ssl.keyStore=
    ssl.disable.url.hostname.verification=true
    javax.net.ssl.trustStorePassword=myTrustStOrePasswOrD
    type=SOAP
    javax.net.ssl.keyStorePassword=myKeyStOrePasswOrD
    location=remote
    password=myWASAdminPasswOrD
    autoAcceptSignerForThisConnectionOnly=true
    host=localhost

    What to do next
    Administration client properties file

    The administration client properties file contains configuration and communication properties for Tivoli Security Policy Manager components and for runtime security services components.

    The Installation Manager application uses this file. For most Installation Manager processes, you supply values for some of the properties in this file through the graphical user interface. However, for the Installation Manager roll back process, Installation Manager does not prompt for values for any properties. For the rollback process, you must supply values for passwords and verify the values for other properties, such as truststore and keystore locations.

    Note:
    Tivoli Security Policy Manager does not maintain password values in properties files. You must supply values for use during the Installation Manager process. For installation processes, you supply the values through by the installation wizard. For the rollback process, you must enter the values manually.

    The properties file also contains some properties which are used internally by Installation Manager for communicating with the administration client for WebSphere Application Server. Do not edit these internal properties. The following descriptions identify the properties that must not be modified.

    Properties
    javax.net.ssl.trustStore
    Specifies the fully qualified path and name of the truststore for WebSphere Application Server. For example:
    javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\
       profiles\\AppSrv01\\etc\\trust.p12

    For the rollback process, verify that this value is correct for your current deployment.

    port

    Specifies the port value that is used by WebSphere Application Server for SOAP communications. The default port value is 8880 for a stand-alone server. Do not modify this value for the Installation Manager roll back process.

    cache-disabled

    Specifies whether the WebSphere administration client uses an internal cache. This property is internal to the WebSphere administration client. Do not modify it.

    securityEnabled

    Specifies whether communication with WebSphere Application Server occurs only over secure connections. This option is true by default and ensures that communications between Tivoli Security Policy Manager and WebSphere Application Server are always encrypted. Do not modify this value for the Installation Manager roll back process.

    username
    Specifies the user name of the administrator that is managing the WebSphere Application Server instance. The default value is wasadmin. For example:
    username=wasadmin

    For the rollback process, verify that this value is correct for your current deployment.

    javax.net.ssl.keyStore
    Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, you can leave the location blank. For example:
    javax.net.ssl.keyStore=

    For the rollback process, verify that this value is correct for your current deployment.

    ssl.disable.url.hostname.verification

    Specifies whether host name verification is disabled by default for URL connections. Host name verification checks that the X509 Certificate Common Name (CN) matches the host name from which it is received. This property is internal to the WebSphere administration client. Do not modify it.

    javax.net.ssl.trustStorePassword
    Specifies the password for the truststore. For example:
    javax.net.ssl.trustStorePassword=<your_password>
    type

    The type of connector used by the WebSphere administration client. Possible values include SOAP, RMI, and JMS. Do not modify this value for the Installation Manager roll back process.

    javax.net.ssl.keyStorePassword
    Specifies the password for the keystore location used by the WebSphere server to establish a secure connection with the installation program. For example:
    javax.net.ssl.keyStorePassword=<your_password>
    location

    This property is internal to the WebSphere administration client. Do not modify it.

    password
    Specifies the password for the WebSphere Application Server administrator. For example:
    password=<WebSphere_administrative_user_password>
    autoAcceptSignerForThisConnectionOnly

    Specifies whether the WebSphere administration client programmatically trusts the connection, without storing the signer in the local truststore. This property is internal to the WebSphere administration client. Do not modify it. For example:

    autoAcceptSignerForThisConnectionOnly=true
    host

    The name of the host that runs WebSphere Application Server for the administration client. This value is internal to the WebSphere administration client. Do not modify it.

    Example admin.client.properties

    The example file does not display any values for password properties. The file, when stored on the file system, does not contain passwords.

    Figure 2. Example admin.client.properties
    #Wed Sep 15 15:13:10 CDT 2010
    javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\
       profiles\\AppSrv01\\etc\\trust.p12
    port=8880
    cacheDisabled=true
    securityEnabled=true
    username=wasadmin
    javax.net.ssl.keyStore=
    ssl.disable.url.hostname.verification=true
    javax.net.ssl.trustStorePassword=
    type=SOAP
    javax.net.ssl.keyStorePassword=
    location=remote
    password=
    autoAcceptSignerForThisConnectionOnly=true
    host=localhost
    Setting Tivoli Integrated Portal administration client properties

    Specify and verify values in the Tivoli Integrated Portal administration client properties file, in order to use Installation Manager to roll back your deployment to a previous version. Although you supplied these values during the Fix Pack installation, password values are not stored and must be manually inserted.

    About this task

    For a complete description of the Tivoli Integrated Portal administration client file properties, see Tivoli Integrated Portal administration client properties file.

    Procedure
    1. Open the properties file for editing.

      The default installation location is:

      <TSPM_installation_dir>/etc/tip.admin.client.properties
    2. Verify the port number used for connecting to the console using a web browser.

      For example:

      port=16313
    3. Verify that the Tivoli Integrated Portal administrative user name is correct.

      For example:

      username=tipdmin
    4. Enter the password for the Tivoli Integrated Portal administrative user.

      For example:

      password=<your_TIP_adminstrator_password>
    5. Do not modify any of the other properties in the file.

      The properties file contains other properties that are used by WebSphere, and might contain entries for truststore and keystore configuration.

      Note:
      You do not have to specify passwords for either the truststore or keystore.

    Example file

    The example shows a properties file with password values manually inserted for the rollback process. The properties file, when stored on the file system, does not contain password values.

    Figure 3. Example tip.admin.client.properties, with password entered for the Tivoli Integrated Portal administrator
    #Mon Sep 27 14:46:11 CDT 2010
    javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\tip\\profiles\\TIPProfile\\
       etc\\trust.p12
    port=16313
    cacheDisabled=true
    securityEnabled=true
    username=tipadmin
    ssl.disable.url.hostname.verification=true
    javax.net.ssl.trustStorePassword=
    type=SOAP
    javax.net.ssl.keyStore=
    javax.net.ssl.keyStorePassword=
    location=remote
    password=myTIPAdminPasswOrD
    autoAcceptSignerForThisConnectionOnly=true
    host=myhost.example.com

    What to do next

    Go to Setting Tivoli Integrated Portal properties.

    Tivoli Integrated Portal administration client properties file

    The Tivoli Integrated Portal administration client properties file contains configuration and communication properties for Tivoli Security Policy Manager components and for runtime security services components. The Installation Manager uses this file.

    The Installation Manager application uses this file. For most Installation Manager processes, you supply values for some of the properties in this file through the graphical user interface. However, for the Installation Manager roll back process, Installation Manager does not prompt for values for any properties. For the rollback process, you must supply values for passwords.

    Note:
    Tivoli Security Policy Manager does not maintain password values in properties files. You must supply values for use during the Installation Manager processes. For installation processes, you supply the values through by the installation wizard. For the rollback process, you must enter the values manually.

    The properties file also contains some properties which are used internally by Installation Manager for communicating with the administration client for WebSphere Application Server. Do not edit these internal properties. The following descriptions identify the properties that must not be modified.

    Properties
    javax.net.ssl.trustStore

    Optional. Specifies the fully qualified path and name of the truststore for WebSphere Application Server. Do not modify this property for the Installation Manager roll back process.

    javax.net.ssl.trustStorePassword

    Specifies the password for the truststore. For example:

    javax.net.ssl.trustStorePassword=<your_password>
    Note:
    You do not need to specify this password for the roll back process.
    port

    Specifies the port number used for connecting to the console using a web browser.

    The default port number is 16310. Do not modify this property for the Installation Manager roll back process.

    cache-disabled

    This value specifies whether the WebSphere administration client uses an internal cache. Do not modify this property for the Installation Manager roll back process.

    securityEnabled

    Specifies whether communication with WebSphere Application Server occurs only over secure connections. This option is true by default and ensures that communications between Tivoli Security Policy Manager and WebSphere Application Server are always encrypted. Do not modify this property for the Installation Manager roll back process.

    username
    Specifies the user name of the Tivoli Integrated Portal administrator. For example:
    username=tipadmin
    javax.net.ssl.keyStore

    Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, you can leave the location blank. You do not have to enter this password for the Installation Manager roll back process.

    javax.net.ssl.keyStorePassword

    Specifies the password for the keystore location used by the WebSphere server to establish a secure connection with the installation program. You do not have to enter this password for the Installation Manager roll back process.

    ssl.disable.url.hostname.verification

    Specifies whether host name verification is disabled by default for URL connections. Host name verification checks that the X509 Certificate Common Name (CN) matches the host name from which it is received. This property is internal to the WebSphere administration client. Do not modify it.

    type

    The type of connector used by the WebSphere administration client. Possible values include SOAP, RMI, and JMS. Do not modify this value for the Installation Manager roll back process.

    location

    This value is internal to the WebSphere administration client. Do not modify this value for the Installation Manager roll back process.

    password
    Specifies the password for the Tivoli Integrated Portal administrator. For example:
    password=<WebSphere_administrative_user_password>
    host

    The name of the host that runs WebSphere Application Server for the administration client. This value is internal to the WebSphere administration client. Do not modify this value for the Installation Manager roll back process.

    Example tip.admin.client.properties file

    The example file does not display any values for password properties. The file, when stored on the file system, does not contain passwords.

    Figure 4. Example tip.admin.client.properties
    #
    javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\tip\\profiles\\TIPProfile\\
       etc\\trust.p12
    port=16313
    cacheDisabled=true
    securityEnabled=true
    username=tipadmin
    ssl.disable.url.hostname.verification=true
    javax.net.ssl.trustStorePassword=
    type=SOAP
    javax.net.ssl.keyStore=
    javax.net.ssl.keyStorePassword=
    location=remote
    password=
    autoAcceptSignerForThisConnectionOnly=true
    host=myhost.example.com
    Setting Tivoli Integrated Portal properties

    Specify and verify values in the Tivoli Integrated Portal administration client properties file, in order to use Installation Manager to roll back your deployment to a previous version. Although you supplied these values during the Fix Pack installation, password values are not stored and must be manually inserted.

    About this task

    For a complete description of the Tivoli Integrated Portal properties, see Tivoli Integrated Portal properties file.

    Procedure
    1. Open the properties file for editing.

      The default installation location is:

      <TSPM_installation_dir>/etc/tip.properties
    2. Verify the Tivoli Integrated Portal administrative user name.

      For example:

      tip.adminUser=tipadmin
    3. Enter a value for the Tivoli Integrated Portal administration password.

      For example:

      tip.adminUserPwd=<your_password>
    4. Do not modify the values of the other properties.

    Example tip.properties file

    The properties file does not contains passwords when stored on the file system. The example shows the file after you have manually inserted a password for use during the rollback process.

    Figure 5. Example tip.properties, with password inserted for the administrative user
    #Mon Sep 27 14:46:11 CDT 2010
    tip.installLocation=C\:\\Program Files\\IBM\\tip
    tip.adminUser=tipadmin
    tip.consolePort=16310
    tip.adminUserPwd=myTIPAdminPasswOrD

    What to do next
    Tivoli Integrated Portal properties file

    The Tivoli Integrated Portal properties file contains configuration properties. The Installation Manager uses this file.

    The Installation Manager processes for installation, update, and uninstallation present a graphical user interface for entering values. However, Installation Manager rollback process does not present a graphical user interface. For rollback, you must manually edit the file, and supply a value for the Tivoli Integrated Portal administrator password.

    Some properties are used internally by Tivoli Integrated Portal for communicating with the administration client for WebSphere Application Server. Do not edit these internal properties. The following descriptions identify the properties that must not be modified.

    Properties
    tip.installLocation

    Fully qualified path name to the installation directory for the Tivoli Integrated Portal console. Do not modify this value for the Installation Manager roll back process.

    tip.installLocation=C\:\\Program Files\\IBM\\tip

    tip.adminUser
    Specifies the user name of the Tivoli Integrated Portal administrator.
    tip.consolePort

    Specifies the port number used for connecting to the console using a web browser. The default port number is 16310. Do not modify this value for the Installation Manager roll back process.

    tip.adminUserPwd
    Specifies the password for the Tivoli Integrated Portal administrator. Enter a value for this property for the Installation Manager roll back process.

    Example tip.properties file

    The example file does not display any values for password properties. The file, when stored on the file system, does not contain passwords.

    Figure 6. Example tip.properties
    #
    #Mon Sep 27 14:46:11 CDT 2010
    tip.installLocation=C\:\\Program Files\\IBM\\tip
    tip.adminUser=tipadmin
    tip.consolePort=16310
    tip.adminUserPwd=

    Using Installation Manager to roll back to a previous version

    Use Installation Manager to roll back your deployment to a previous version of the product.

    The Installation Manager rollback process automatically saves aside configuration files, uninstalls the fix pack files, installs the Version 7.1.0 files, and restores the saved configuration files.

    Important notes:

    • Perform roll back for each package that is installed. Some packages contain more than one feature or component. You must roll back the entire package.
    • All packages in a deployment must be at the same level. You cannot mix Version 7.1.0 packages with Version 7.1.0.4 packages.
    • The Tivoli Security Policy Manager packages and the Runtime Security Services packages in each deployment must be at the same level. This requirement includes deployments where the Tivoli Security Policy Manager server runs on a different computer from the Runtime Security Services server.
    • Installation Manager provides a graphical user interface for the rollback process, but does not prompt for configuration properties. You must edit properties files before running Installation Manager. See Setting properties for rollback.
    • If you run Installation Manager without first adding your password values to properties files, Installation Manager displays the following error:
      Error during "pre-install configure" phase:
      java.lang.ExceptionInitializerError
      For more information on the required editing tasks, see Setting properties for rollback.
    • Fix Pack 7.1.0.4 does not support rollback of the Tivoli Security Policy Manager package when deployed into a WebSphere cluster. Version 7.1.0 did not support deployment of the Tivoli Security Policy Manager package into a WebSphere cluster. Rolling back to Version 7.1.0 is not supported because it results in loss of policy manager functionality within the cluster.
    Package Features
    Tivoli Security Policy Manager Tivoli Policy Platform
    Tivoli Security Policy Manager server
    Tivoli Security Policy Manager administration console
    Tivoli Integrated Portal console
    Tivoli Security Policy Manager configuration utility
    Tivoli Security Policy Manager SDK Software Development Kit and Samples
    Runtime Security Services Server Authorization Service
    Runtime Security Services Client Authorization Service
    Policy Management Administration Agent
    Web Services Application Enforcement
    Runtime Security Services SDK Software Development Kit and Samples
    Runtime Security Services SDK Portal Application Enforcement Software Development Kit

    Follow the instructions for the package that you want to roll back:

    Rolling back the policy manager package

    Use this procedure to interactively roll back the policy manager server, console, Tivoli Integrated Portal, and configuration tool.

    Before you begin

    Complete these tasks in the order listed before you roll back the policy manager components:

    1. Ensure that WebSphere Application Server is running.
    2. If necessary, save the response file for the Tivoli Security Policy Manager configuration tool.

      If you created a response file for the Tivoli Security Policy Manager configuration tool in the /opt/IBM/TSPM directory hierarchy, back up the response file before you roll back Tivoli Security Policy Manager. Place the backup files in a directory that is separate from the Tivoli Security Policy Manager installation directory.

    3. Set properties in the necessary properties file. Follow the instructions in Setting properties for rollback.
      Note:
      If you run Installation Manager without first adding your password values to the necessary properties file, Installation Manager displays the following error:
      Error during "pre-install configure" phase:
      java.lang.ExceptionInitializerError

    Procedure
    1. Start Installation Manager.

      If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
    2. Select Roll back in the Installation Manager startup panel.
    3. Select the IBM Tivoli Security Policy Manager package group. Click Next.
    4. Select the IBM Tivoli Security Policy Manager package to roll back. Click Next.
    5. Verify that the correct package is selected, then click Roll Back.
    6. When the rollback completes, a panel indicates success or failure. Click Finish to exit.
    7. Stop the WebSphere Application Server for the policy manager.

      See the stopping topics in the WebSphere® Application Server information center:

    8. Run the OSGi configuration script to refresh the WebSphere OSGi cache.
      • AIX, Linux, Linux on System z, or Solaris
        WAS_HOME/profiles/profile_name/bin/osgiCfgInit.sh
      • Windows
        WAS_HOME\profiles\profile_name\bin\osgiCfgInit.bat
    9. Start the WebSphere Application Server for the policy manager.

      See the starting topics in the WebSphere® Application Server information center:

    10. Start the WebSphere Application Server for the policy manager.

      See the starting topics in the WebSphere® Application Server information center:

    11. <
    12. Stop and restart the server where the console (the Tivoli Integrated Portal component) is installed.
      Windows:
      Go to C:\Program Files\IBM\tivoli\tip\profiles\TIPProfile\bin
      1. Stop the server with the following command:

        stopServer.bat -server1 -username adminname -password adminpassword

      2. Start the server with the following command:

        startServer.bat server1

      AIX, Linux, or Solaris
      Go to /opt/IBM/tivoli/tip/profiles/TIPProfile/bin
      1. Stop the server with the following command:

        stopServer.sh -server1 -username adminname -password adminpassword

      2. Start the server with the following command:

        startServer.sh server1

    Results
    If you want, you can view the results of the Installation Manager process by using the Installation Manager log viewer to review the log file.
    • If you have just completed a task, go to the Installation Manager landing page and click File > View Log .
    • If you have already closed Installation Manager, start Installation Manager and click File > View Installation History. Select the package roll back that you want to view. For example, Tivoli Security Policy Manager. Then click View Log.

    The default Installation Manager log files are located in these directories:

    • AIX, Linux, Linux on System z, or Solaris
      /var/ibm/InstallationManager/logs
    • Windows 2000 and Windows XP Professional
      C:\Documents and Settings\All Users\Application Data\IBM\Installation Manager\logs
    • Windows Vista and Windows 2008
      C:\ProgramData\IBM\Installation Manager

    What to do next

    Verify that the packages that rolled back are active and correctly configured.

    • Verify that the version number on the Tivoli Integrated Portal console is 7.1.0.0.
    • Verify that the following files are located in <TSPM_installation_directory>/properties/version:
      • Tivoli_Policy_Platform.7.1.0.cmptag
      • Tivoli_Security_Policy_Manager.7.1.0.cmptag
      • Tivoli_Security_Policy_Manager_for_Data_Entitlements.7.1.0.cmptag

      Before running the roll back process, the corresponding file names in <TSPM_installation_directory>/properties/version are:

      • Tivoli_Policy_Platform.7.1.0.fxptag
      • Tivoli_Security_Policy_Manager.7.1.0.fxtag
      • Tivoli_Security_Policy_Manager_for_Data_Entitlements.7.1.0.fxtag
    Rolling back the runtime security services server

    The WebSphere administrator uses the procedure in this topic to interactively roll back the runtime security services server.

    Before you begin
    • Back up your new and edited registration property files before you roll back the runtime security services server. Place the backup files in a directory that is outside of the runtime security services server installation directory.
    • Ensure that the WebSphere Application Server where the runtime security services is deployed is running.
    • Ensure that the policy manager server is running.
    • Set properties in the administration client properties file. See Setting administration client properties.
      Note:
      If you run Installation Manager without first adding your password values to the properties file, Installation Manager displays the following error:
      Error during "pre-install configure" phase:
      java.lang.ExceptionInitializerError

    About this task

    This task applies to installations of the runtime security services server on either stand-alone WebSphere Application Servers or on WebSphere Network Deployment clusters.

    Procedure
    1. Start Installation Manager.

      If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
    2. Select Roll back in the Installation Manager startup panel.
    3. Select the IBM Tivoli Runtime Security Services package group. Click Next.
    4. Select the IBM Tivoli Runtime Security Services Server package. Click Next.
    5. Verify that the correct package is selected, then click Roll back.

      The files are uninstalled and replaced with files from the previous version.

    6. When the rollback completes, a panel indicates success or failure. Click Finish to exit.
    7. Stop and restart WebSphere Application Server. If installing into a WebSphere cluster, restart the WebSphere Application Server cluster. Restart the deployment manager, cluster, and server, as appropriate

    Results
    If you want, you can view the results of the Installation Manager process by using the Installation Manager log viewer to review the log file.
    • If you have just completed a task, go to the Installation Manager landing page and click File > View Log .
    • If you have already closed Installation Manager, start Installation Manager and click File > View Installation History. Select the package roll back that you want to view. For example, Tivoli Security Policy Manager. Then click View Log.

    The default Installation Manager log files are located in these directories:

    • AIX, Linux, Linux on System z, or Solaris
      /var/ibm/InstallationManager/logs
    • Windows 2000 and Windows XP Professional
      C:\Documents and Settings\All Users\Application Data\IBM\Installation Manager\logs
    • Windows Vista and Windows 2008
      C:\ProgramData\IBM\Installation Manager

    What to do next

    Verify that the runtime security services server is correctly configured:

    • Verify that you can issue administration commands to the runtime security services server.

      For example, you can use the administration console to verify that the runtime security services audit settings are visible.

    • Verify that you can distribute policy to a policy distribution target.

      See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.

    Rolling back the runtime security services client

    Uses the procedure in this topic to interactively roll back the runtime security services client.

    Before you begin
    • Back up your new and edited registration property files before you roll back the runtime security services client. Place the backup files in a directory that is outside of the runtime security services client installation directory.
    • Ensure that the WebSphere Application Server where the client is deployed is running.
    • Set properties in the administration client properties file. See Setting administration client properties.
      Note:
      If you run Installation Manager without first adding your password values to the properties file, Installation Manager displays the following error:
      Error during "pre-install configure" phase:
      java.lang.ExceptionInitializerError

    About this task

    This task applies to installations of the runtime security services client on either stand-alone WebSphere Application Servers or on WebSphere Network Deployment clusters.

    Procedure
    1. Start Installation Manager.

      If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
    2. Select Roll back in the Installation Manager startup panel.
    3. Select the IBM Tivoli Runtime Security Services package group. Click Next.
    4. Select the IBM Tivoli Runtime Security Services Client package. Click Next.
    5. Verify that the correct package is selected, then click Roll back.
    6. When the rollback completes, a panel indicates success or failure. Click Finish to exit.
    7. Stop the WebSphere server instance.
    8. Deploy the client and configure a policy enforcement point.

      The instructions for this step are specific to the client mode (local or remote) and to the type of WebSphere server environment (stand-alone or cluster). Use the instructions that fit your deployment.

    Results
    If you want, you can view the results of the Installation Manager process by using the Installation Manager log viewer to review the log file.
    • If you have just completed a task, go to the Installation Manager landing page and click File > View Log .
    • If you have already closed Installation Manager, start Installation Manager and click File > View Installation History. Select the package roll back that you want to view. For example, Tivoli Security Policy Manager. Then click View Log.

    The default Installation Manager log files are located in these directories:

    • AIX, Linux, Linux on System z, or Solaris
      /var/ibm/InstallationManager/logs
    • Windows 2000 and Windows XP Professional
      C:\Documents and Settings\All Users\Application Data\IBM\Installation Manager\logs
    • Windows Vista and Windows 2008
      C:\ProgramData\IBM\Installation Manager

    What to do next
    1. Verify that the following files are in /opt/IBM/RTSSClient/properties/version:
      Tivoli_Security_Policy_Manager_Runtime_Security_Services.7.1.0.cmptag
      Tivoli_Security_Policy_Manager.7.1.0.swtag
    Rolling back the Tivoli Security Policy Manager software development kit

    The WebSphere administrator uses the procedure in this topic to interactively roll back the Tivoli Security Policy Manager Software Development Kit.

    Procedure
    1. Start Installation Manager.

      If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
    2. Select Roll back in the Installation Manager startup panel.
    3. Select the TSPM package group. Click Next.
    4. Select the TSPM-SDK installation package. Click Next.
    5. Verify that the correct package is selected, then click Roll back.
    6. When the rollback completes, a panel indicaties success or failure. Click Finish to exit.

    Results
    If you want, you can view the results of the Installation Manager process by using the Installation Manager log viewer to review the log file.
    • If you have just completed a task, go to the Installation Manager landing page and click File > View Log .
    • If you have already closed Installation Manager, start Installation Manager and click File > View Installation History. Select the package roll back that you want to view. For example, Tivoli Security Policy Manager. Then click View Log.

    The default Installation Manager log files are located in these directories:

    • AIX, Linux, Linux on System z, or Solaris
      /var/ibm/InstallationManager/logs
    • Windows 2000 and Windows XP Professional
      C:\Documents and Settings\All Users\Application Data\IBM\Installation Manager\logs
    • Windows Vista and Windows 2008
      C:\ProgramData\IBM\Installation Manager
    Rolling back the Runtime Security Services software development kit

    The WebSphere administrator uses the procedure in this topic to interactively roll back the Tivoli Runtime Security Services Software Development Kit.

    Procedure
    1. Start Installation Manager.

      If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

      AIX, Linux, Linux on System z, or Solaris
      1. Open a command-line window and navigate to the directory containing Installation Manager.

        The default installation directory is:

        /opt/IBM/InstallationManager/eclipse
      2. Start the program.
        IBMIM
      Windows
      Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
    2. Select Roll back in the Installation Manager startup panel.
    3. Select the RTSS package group. Click Next.
    4. Select the RTSS-SDK installation package. Click Next.
    5. Verify that the correct package is selected, then click Roll back.
    6. When the rollback completes, a panel indicates success or failure. Click Finish to exit.

    Results
    If you want, you can view the results of the Installation Manager process by using the Installation Manager log viewer to review the log file.
    • If you have just completed a task, go to the Installation Manager landing page and click File > View Log .
    • If you have already closed Installation Manager, start Installation Manager and click File > View Installation History. Select the package roll back that you want to view. For example, Tivoli Security Policy Manager. Then click View Log.

    The default Installation Manager log files are located in these directories:

    • AIX, Linux, Linux on System z, or Solaris
      /var/ibm/InstallationManager/logs
    • Windows 2000 and Windows XP Professional
      C:\Documents and Settings\All Users\Application Data\IBM\Installation Manager\logs
    • Windows Vista and Windows 2008
      C:\ProgramData\IBM\Installation Manager

    Uninstalling both Fix Pack 7.1.0.4 and Version 7.1.0 files

    Use Installation Manager to uninstall both the Fix Pack 7.1.0.4 and the Version 7.1.0 files. If Version 7.1.0.1 or Version 7.1.0.2 files were previously installed, they are also removed.

    Before you begin

    If you are uninstalling the Tivoli Security Policy Manager package and previously created a response file that you want to use later, save the response file before uninstalling the product.

    If you created a response file for the Tivoli Security Policy Manager configuration tool in the /opt/IBM/TSPM directory hierarchy, back up the response file before you uninstall Tivoli Security Policy Manager. Place the backup files in a directory that is separate from the Tivoli Security Policy Manager installation directory.

    About this task

    You can use one Installation Manager uninstallation task to remove the Fix Pack 7.1.0.4 files, Version 7.1.0.3 files, Version 7.1.0.2 files, Version 7.1.0.1 files, (if previously installed) and Version 7.1.0 files. The fix pack has the same packages (components) and features as Version 7.1.0. The Installation Manager uninstallation process removes all files for the selected packages.

    Procedure

    1. Use the uninstallation process that is documented on the Tivoli Security Policy Manager information center. See Uninstalling Tivoli Security Policy Manager.

      The uninstallation process on the information center applies to the fix pack files as well as to the Version 7.1.0 files. The information center describes both interactive and silent uninstallation mode. The information center topics describe the necessary unconfiguration and uninstallation steps for each of the product packages:

      • Tivoli Security Policy Manager
      • Tivoli Security Policy Manager Software Development Kit
      • Runtime Security Services Server
      • Runtime Security Services Client
      • Runtime Security Services Software Development Kit
    2. If you uninstalled the Tivoli Security Policy Manager policy manager component, you must refresh the WebSphere OSGi cache. Complete the following instructions:
      1. Stop the WebSphere Application Server for the policy manager. In a cluster, stop the cluster, including the node agents and the deployment manager.

        See the stopping topics in the WebSphere Application Server information center:

      2. Run the OSGi configuration script to refresh the WebSphere OSGi cache. In a cluster, run the script on each node.
        • AIX, Linux, Linux on System z, or Solaris
          WAS_HOME/profiles/profile_name/bin/osgiCfgInit.sh
        • Windows
          WAS_HOME\profiles\profile_name\bin\osgiCfgInit.bat
      3. Start the WebSphere Application Server for the policy manager. In a cluster, start the cluster, including the node agents and the deployment manager.

        See the starting topics in the WebSphere Application Server information center:

      4. In a cluster, stop and restart the IBM HTTP Server. See your IBM HTTP Server documentation for instructions.
      5. Stop and restart the server where the Tivoli Integrated Portal component is installed.
        Windows:
        Go to C:\Program Files\IBM\tivoli\tip\profiles\TIPProfile\bin
        1. Stop the server with the following command:

          stopServer.bat -server1 -username adminname -password adminpassword

        2. Start the server with the following command:

          startServer.bat server1

        AIX, Linux, or Solaris
        Go to /opt/IBM/tivoli/tip/profiles/TIPProfile/bin
        1. Stop the server with the following command:

          stopServer.sh -server1 -username adminname -password adminpassword

        2. Start the server with the following command:

          startServer.sh server1

    3. Optional: When you complete the uninstallation, you can review the Installation Manager log files with the Installation Manager log viewer:
      • If you just completed an uninstallation, go to the Installation Manager landing page and click File -> View Log .
      • If you already closed Installation Manager:
        1. Start Installation Manager.
        2. Click File -> View Installation History.
        3. Select the package uninstallation that you want to view. For example, Tivoli Security Policy Manager.
        4. Click View Log.
    URL LANGUAGE SIZE(Bytes)
    7.1.0-TIV-ITSPM-FP0004.README.htm English 1111111

    Download package


    Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
    What is Fix Central (FC)?
    7.1.0-TIV-ITSPM-FP0004.zip 12 Oct 2012 English 1300000000 FC

    Problems (APARS) fixed
    IV15661, IV15818, IV20522, IV21909, IV22007, IV22638, IV25186, IV23845, IV02079, IV03218, IV04689, IV06278, IV07258, IV08352, IZ96492, IZ80883, IZ87160, IZ77364, IZ87161, IZ87166, IZ83168, IZ81535

    Rate this page:

    (0 users)Average rating

    Document information


    More support for:

    Tivoli Security Policy Manager
    Policy Manager

    Software version:

    7.1

    Operating system(s):

    AIX, Linux xSeries, Linux zSeries, Solaris, Windows

    Reference #:

    4033634

    Modified date:

    2014-04-01

    Translate my page

    Machine Translation

    Content navigation