CP04 - Readme

Contents
2
1.0 Welcome
Thank you for choosing CA Process Automation. CA Process Automation provides a comprehensive environment to design, deploy, monitor, control, and audit your IT processes.
This readme describes issues and other information that was discovered after we published the documentation for the 04.3.05 release. For a complete list of known issues for this release and information about how the features and enhancements in this release might affect you, see the Release Notes in the latest CA Process Automation Documentation at techdocs.broadcom.com.
Important! You can apply this cumulative patch against CA PAM 4.3 SP05(04.3.05).
Check the CA Process Automation home page on support.broadcom.com for product news that is published after we finalize this document.
2.0 Download the Cumulative Patch
You can download the cumulative patch from the following location:
3.0 Changes and Enhancements
The following changes are available in this patch:
  • Multi-task Approval
    You can select multiple tasks and approve or reject them to speed up the approval process. The functionality is classified as follows:
    • If the tasks are not associated with the Interaction Request form and do not have the Show Approval Page, then those will reply automatically through the user Reply action.
    • If the tasks are not associated with the Interaction Request form and if they have Show Approval Page, then the Reply All will display the Message Dialog for bulk Approval or Rejection Process.
    • If the tasks are associated with the Interaction Request form then we cannot take action through multi-selection.
    Also, a new task filter "Approval Tasks" is added to display only tasks which have the Show Approval Page and not associated with the Interaction Request Form to make it more convenient for the bulk approval process.
  • Patch - Silent Installation (Windows)
    The silent installation capability for the Patch installation is enabled. You must to update the "response_patch.varfile" to pass the input parameters.
  • Enable/Disable gMSA Support to Connect to MSSQL Database
    The group Managed Service Account (gMSA) can be used if you require Password Management by Windows. PAM supports configuring the gMSA account to connect to the MSSQL database. The patch provides the ability to enable or disable the options for gMSA. For more information on the configuration, see the "response_patch.varfile" file.
    • The gMSA can be configured only through the silent installation mode of the Patch installation on Windows if the database is MSSQL and configured with "mssql-jdbc-7.4.1.jre8.jar" driver.
    • In a PAM Cluster environment, ensure to have the PAM installation with a connection string option for database connectivity.
    • If gMSA is enabled with CP04, installing the CP04 with gMSA after installing the new cluster node is mandatory.
  • Cipher Suite Configuration for Port 443
    The required configuration is available to customize the Cipher suites for Port 443 and can be used for communication between the PAM Server and PAM Agents.
    • The configuration parameter "pam.ssl.transport.enableCipherSuites" can be used to add additional Cipher Suites.
    • The configuration parameter "pam.ssl.transport.disableCipherSuites" can be used to remove the default Cipher Suites if your security reports them as weak or vulnerable.
    You can use the configuration tab to configure multiple Ciphers and the comma (,) can be used as a separator.
    Provide only valid Cipher suite information. If you provide invalid Cipher Suite information, the PAM Server ignores it.
4.0 Installation Considerations
4.1 Preparation
  • This cumulative patch is intended to be installed against CA Process Automation Release 04.3.05. If the targeted instance of PAM is a version earlier than r04.3.05, then you must first download r04.3.05 from support.broadcom.com. After you download, upgrade your PAM instances to r04.3.05 by following the instructions provided with r04.3.05.
  • Applying this cumulative patch will typically require an hour or less maintenance window where PAM is unavailable. Time for this maintenance window should be coordinated with the end users to minimize impact.
  • Before you apply the cumulative patch, perform the following tasks:
    - Shutdown CA Process Automation.
    - In a clustered environment, shutdown all CA Process Automation Domain Orchestrators.
    - Take a backup of the PAM_Install_dir\server\c2o folder for each Orchestrator instance.If you want to back out the cumulative patch, you can    use the backup of each orchestrator instance to revert to previous state of CA Process Automation.
4.2 Application
Consider that the databases of CA PAM (Library, Runtime and Reporting) do not have the DBO permissions. Then, provide the DBO permissions for the databases of CA PAM until you start CA PAM. When you apply the DBO permissions, the patch is applied properly and CA PAM works as expected. Later, you can downgrade the DBO permissions to
dbwriter
or
dbreader
.
  • You must install this cumulative patch using the same account as was used to install PAM on the machine(s) containing your Domain Orchestrator. If your Domain Orchestrator is clustered, you must install this cumulative patch on all nodes of the cluster.
  • You need to backup
    PAM_Install_dir\server\c2o
    folder to a location outside the
    PAM_Install_dir
    folder. This is needed if you want to back out the patch.
  • When installing the cumulative patch on Windows, run:
    Update_Installer_windows.exe
  • When installing the cumulative patch on Windows in Silent Mode update the
    response_patch.varfile
    to pass the input parameters. Invoke the following file:
    Silent_Patch_Install_windows.bat
  • When installing on UNIX or Linux, run:
    sh
    Update_Installer_unix.sh
  • You will be asked to accept a License, and then specify the directory where PAM is installed. Once these inputs are provided, the installer will update your PAM instance with the new binaries containing the fix.
4.3 Backing out the Cumulative Patch
In the unlikely event problems are seen after applying this cumulative patch, and a usable backup was taken of the c2o folder please do the following. Please note that you should not restore a backup taken of
PAM_Install_dir\server\c2o
, if after the backup was taken, changes were made to the configuration of the PAM instance, or other PAM updates were applied.
  • Shutdown all PAM Orchestrators
  • For each Domain Orchestrator, copy
    PAM_Install_dir\server\c2o\log
    folder to another location for later examination by CA Support.
  • If a backup was taken of the c2o folder restore this to
    PAM_Install_dir\server\c2o
    and then restore
    PAM_Install_dir\server\c2o\log
    folder from backup taken in the previous step.
  • Restart all PAM Orchestrators.
In all cases contact CA Support for assistance in determining the cause of your failure.
For more information, see the Platform Support and Hardware Requirements section, under Getting Started.
5.0 Fixed Issues in CA PAM 04.3.05 CP04
The following issues are fixed in 04.3.05 CP04:
Defect ID
Defect Description
DE495418
ClusterNodeProperties were not in sync in all the nodes of the PAM cluster which affects the communication between the PAM server and PAM Agents.
DE474474
PAM HttpPost operators were failing with AdoptOpenJDK version 1.8.0_265.