Secure controller Release Notes

The controller probe is a core component of the canm robot.
uimpga-ga
scontroller_RN
The controller probe is a core component of the
CA Unified Infrastructure Management
robot.
  • Controllers schedule, start, and stop the probes that the robot manages. Controllers keep configured probes running according to the probe configurations.
  • Controllers maintain contact with parent hubs and handle CA UIM operations, including hub state, name-lookup services, and licenses.
  • Controllers respond to directives in the
    robot.cfg
    and the
    controller.cfg
    files, and to commands issued over the
    controller_port
    .
    Default
    : 48000
Two types of hubs and robots are now available—secure (9.10S) and non-secure (9.10 and earlier). Hub and robot versions 9.10 and earlier use the legacy security model. Beginning with CA UIM 9 SP1, secure hub (9.10S) and robot (9.10S) are available, which further enhance the security mechanism in CA UIM.
Revision History
Version
Description
State
Date
9.33S
(Included in UIM 20.3.3)
  • (9.32 SHF1) Fixed an issue where robots were not falling back to their primary hub and were staying connected to their secondary hub, until the secondary hub was switched off. This behavior was being observed in those scenarios where both the proxy_mode and strict_ip_binding were enabled for the robot. (Support Case: 32302280)
  • Fixed an issue where the Windows blue screen (BSOD) was coming up during the reboot that was caused by controller.exe. Upon rebooting a system, during or immediately after the reboot process, users were observing a Windows crash event. (Support Case: 32467624)
  • Fixed an issue where the UIM Server installing was failing while upgrading from 20.1.0 to 20.3.0. The installation was unable to communicate with the controller probe in the allotted time. (Support Case: 32446423)
  • Fixed an issue where duplicate robots were getting reported in the OC UI, but the Admin Console was showing only one robot. (Support Case: 32450799)
GA
March 2021
9.32S
GA
November 2020
9.31S
  • Released with UIM 20.3.0.
GA
September 2020
9.30S
(Included in UIM 20.1.0)
  • Updated the probe version to be in sync with UIM 20.1.0.
GA
March 2020
9.20S
(Included in CA UIM 9 SP1)
The secure hub and robot are built on the functionality of the non-secure hub and robot with enhanced security.
  • Tunnel certificates and third-party certificates are supported, and the path to security certificates can be specified in
    robot.cfg
    .
  • Self-signed certificates are supported, but not recommended.
  • Validation of certificate
    commonName
    or
    subjectAltName
    for robot-to-hub communication is enabled by default.
    • Fully Qualified Domain Names (FQDN) are required for validation. If shorthost namesare used, validation fails.
    • Validation is first attempted through
      /etc/hosts
      . If validation through the local
      hosts
      file fails, validation occurs through DNS.
  • The controller loopback address can be specified.
  • Irregular binding is disabled. The robot strictly binds to the loopback IP address and
    robotip
    .
  • The controller port that is used by the robot can be specified.
  • The following parameters in
    robot.cfg
    are ignored:
    • robot_mode
    • ssl_mode
    • ssl_cipher
    • proxy_mode
    • strict_ip_binding
  • The following options are removed from
    Controller, Setup
    :
    • Automatically detect (searches the subnet)
      (Secondary hub section in the Nimsoft area)
    • Search the subnet for a temporary hub when primary and secondary hubs are unavailable
      (Secondary hub section in the Nimsoft area)
    • IP binding
      (in IM) and
      Listen only to first valid address from configured Ip addresses
      (AC)
      (IP section)
  • Secure robots can only failover to secure hubs.
    • If a secure robot cannot connect to the configured primary or secondary hub, it does
      not
      search for another hub.
    • Renamed the secure robot package name from
      robot_update
      to
      robot_update_secure
      .
    • The secure bus controller proxy can handle multiple inbound and outbound requests. This implementation takes care of any performance issues. Two new parameters proxy_wq_inbound_max_threads and proxy_wq_outbound_max_threads are now available. These parameters enable you to specify multiple threads in the controller proxy, thereby improving the performance. You add these parameters to the robot.cfg file.
    • (9.10S HF1) Resolved an issue in which a tunnel server was not able to establish any connection in the networks having high latency. To resolve this issue, a new configuration parameter
      epoll_wait_timeout
      has been introduced. This parameter lets you set a different time-out value for SSL connectivity between robots and hub. If this parameter is not specified in the robot.cfg file, the default time-out value (15000 ms) is considered. Configure this parameter in the controller section of robot.cfg. You can specify a value between 100 ms to 15000 ms. This parameter is not required for non-secure robots.
    • CA UIM 9.2.0 has adopted OpenJDK 8u212 instead of Oracle JDK. Because of this change, CA UIM 9 SP1 (9.1.0) that was using Oracle JDK (JRE) 8u212 is no longer available and has been removed from the Support site. All the functionality that was included in 9.1.0 is now released as part of CA UIM 9.2.0. Consequently, all references to the 9.1.0 release and the probe version 9.10S (released with it) have also been removed from this probe documentation. We recommend that you move to this version 9.20S of this probe, as the previous version 9.10S is no longer available now. For more information about the OpenJDK usage in CA UIM, see Adopting OpenJDK.
GA
August 2019