IBM Universal Manageability Enablement for i (5770-UME)
CIM function updates from Licensed Program IBM® Universal Manageability Enablement for i 5770-UME(V1R3M0) to Licensed Program 5770-UME(V1R4M0)
IBM i Common Information Model Object Manager (CIMOM) server and providers are updated from Licensed Program (LP) 5770-UME V1R3M0 to Licensed Program (LP) 5770-UME V1R4M0. 5770-UME V1R4M0 can be installed on IBM i 6.1, IBM i 7.1 and IBM i 7.2 and is installed by default on IBM i 7.2.
Dependency for CIM server startup:
- 5770-SS1 option 33 PASE (Portable Application Solutions Environment).
- 5733-SC1 option 1 (OpenSSL)
Auto-start CIM Server: :
5770-UME V1R4M0 CIM server is defined as an auto-start TCP/IP service. The CIM server will auto start after a scratch installation of the IBM i 7.2, while it will inherit the previous auto-start configuration after a slip installation.
CIM commands that are run in IBM i PASE:
CIM server and providers can run in Portable Application Solutions Environment (IBM i PASE). You need to run the call qp2term command before you run IBM i PASE commands. CIM commands (cimconfig, cimmof, cimtrust, cimcrl,cimsub, and cimprovider) are unchanged from 5770-UME V1R3M0. New commands (cimcli, cimreparchive) are added in 5770-UME V1R4M0.
IBM Systems Director compatibility:
5770-UME V1R4M0 CIM Server registers platform-agent for IBM Systems Director. The 5770-UME LP might not work with IBM Systems Director earlier than version 6.1.2.
Development interfaces:
The CIM server in 5770-UME V1R4M0 is based on OpenPegasus V2.11.0. Any external products that use the restricted IBM i 6.1, IBM i 7.1 or IBM i 7.2 CIM provider interfaces must adapt to the new OpenPegasus Software Development Kit (SDK) V2.11.0 and obtain updated IBM i-specific interface documentation from IBM. The development interfaces remain restricted with 5770-UME, and a limited availability agreement is required for their use. If external products have installed CIM providers in IBM i 6.1, IBM i 7.1 or IBM i 7.2, those CIM providers will not work with 5770-UME until they are updated to run in IBM i PASE and to use updated interfaces.
CIM schema:
5770-UME, V1R4M0, includes the Distributed Management Task Force (DMTF) CIM schema V2.29.
CIMOM TCP/IP server entry in IBM Navigator for i:
You can start and end the CIM server as a TCP/IP server. Using IBM Navigator for i, expand to find the “CIMOM” entry. Then, you can use the web page to start or stop CIMOM.
Reliable Indications:
To enhance the reliability of delivering CIM indication, 5770-UME V1R4M0 introduces two new properties (maxIndicationDeliveryRetryAttempts, minIndicationDeliveryRetryInterval) to configure the retry mechanism of delivering CIM indications.
Configurable SSL cipher suite:
During the period of responding to a CIM request, the CIM server maintains secure SSL-based communication with the client. The secure cipher suite level that CIM server supports is DEFAULT. To enable customers to adjust the security level, 5770-UME V1R4M0 provides a new property (sslCipherSuite) to configure CIM server supported cipher suites.
ICU library changed:
5770-UME V1R4M0 changes the ICU library from ICU 4.0 to ICU 3.6 due to OpenPegasus V2.11.0 compatibility issues with ICU4.0.
Support customer provider directory:
Based on a new feature in OpenPegasus V2.11.0, 5770-UME V1R4M0 defines an extra directory for 3rd-party providers. The directory is “/QOpenSys/QIBM/ProdData/UME/Pegasus/3rdprovider”, and customers can put their own providers in this directory. The customer’s provider agent is started when a user sends a CIM request to the provider. All of this can be done while the CIM Server is running. The user does not need to restart the CIM Server.
New command for repository backup:
New command “cimreparchive” is shipped in 5770-UME V1R4M0. A symbolic link for the command is added in directory "/QOpenSys/usr/bin". It supports an additional mechanism to backup the CIM repository in addition to the IBM i specific SAVE and RESTORE mechanism. Users can run this new command in Portable Application Solutions Environment (IBM i PASE).
Repository migration:
If the IBM i 7.2 system is upgraded over V5R4, the CIM Server repository is migrated from DMTF CIM schema V2.9 to DMTF CIM schema V2.29 during the first startup of CIM server in 5770-UME LP. If IBM i 7.2 system is upgraded over IBM i 6.1 or IBM i 7.1, the CIM Server repository is migrated from DMTF CIM schema V2.14 to DMTF CIM schema V2.29 during the first startup of CIM server in 5770-UME LP. This migration takes a while, depending on the size of the repository, processor speed, and system utilization. The CIM server is unavailable to process CIM requests until the repository migration completes. Stopping the server job during migration might result in a loss of data.
- CIM Provider Registration on IBM i 5.4 is not migrated.
- Static instances of metric definition on IBM i 5.4 in the repository (providers dynamically collect information and implement the same functions as these metric instances).
- When migration starts, message PGS10080 is written in the CIM server log. The default location is /QOpenSys/QIBM/UserData/UME/Pegasus/logs. PGS10080: The CIM server is starting to check/restore/migrate repository. This takes several minutes, during which the server will not be available. Stopping the server job might result in a loss of data.
- When migration ends without any error, message PGS10081 is written in the CIM server log. PGS10081: The Common Information Model (CIM) check/creation/migration process of repository has been completed successfully.
Configuration properties:
The CIM server in 5770-UME LP has some changed configuration properties.
These properties are obsolete: httpBindAddress, httpsBindAddress, httpAuthType, httpExportPort, enableHttpLocalConnection, tempLocalAuthDir, exportSSLTrustStore, enableClientCertification, enableSSLExportClientVerification, enableHttpExportConnection, and passwordFilePath.
These properties are set to fixed properties: enableBinaryRepository, enableNamespaceAuthorization, enableRemotePrivilegedUserAccess, home, messageDir, providerDir, providerManagerDir, slp, and repositoryDir.
- The default value for enableNamespaceAuthorization is set to: true.
- The default value for enableSubscriptionsForNonprivilegedUsers is set to: true.
- The default value for providerDir is set to: /QOpenSys/QIBM/ProdData/UME/Pegasus/provider;/QOpenSys/usr/lib;/QOpenSys/QIBM/ProdData/UME/Pegasus/3rdprovider.
- The default value for shutdownTimeout is set to: 60.
- maxIndicationDeliveryRetryAttempts: If set to a positive integer, this value defines the number of times that the indication service tries to deliver an indication to a particular listener destination. This does not affect the original delivery attempt, thus if set to 0, the CIM server tries to deliver the indication only once. The default value is set to 5.
- minIndicationDeliveryRetryInterval: If set to a positive integer, this value defines the minimal time interval in seconds for the indication service to wait before attempting again to deliver an indication to a listener destination that previously failed. The CIM server might take longer due to QoS or other processing. The default value is 480 (seconds).
- sslCipherSuite: This property is a String containing the OpenSSL cipher specifications to configure the cipher suite the client is permitted to negotiate with the server during the SSL handshake phase. The default value is DEFAULT.
- Obsolete properties are not migrated.
- If the property idleSessionTimeout has a value set, then replace it by property idleConnectionTimeout with the same value.
- If traceLevel =4 then modify it to traceLevel =5.
The property values being migrated are not validated. If the CIM server configuration properties from the previous releases are not set to function correctly, this situation might prevent the 5770-UME LP CIM server from starting and working correctly.