UMP 9.0.2 Hotfix 2

The objective of the UMP 9.0.2 Hotfix 2 includes CA Business Intelligence (CABI) Transport Layer Security (TLS) v1.2 support, and fixes to multiple vulnerabilities, and defects.
uim902
902HF1
The objective of the UMP 9.0.2 Hotfix 2 includes CA Business Intelligence (CABI) Transport Layer Security (TLS) v1.2 support, and fixes to multiple vulnerabilities, and defects.
The following topics provide the complete information:
 
 
3
 
 
Enhancements and Fixes
This Hotfix includes the following enhancements and fixes:
  • The cabi probe is updated to deploy CABI Server version 6.4.3. The cabi probe now supports Transport Layer Security (TLS) v1.2 when communicating with the UIM database: Oracle or Microsoft SQL Server.
  • The cabi_external probe is updated to deploy CABI Server version 6.4.3. The cabi external probe now supports Transport Layer Security (TLS) v1.2 when communicating with the UIM database: Oracle or Microsoft SQL Server. 
    CABI is supported for TLS v1.2 enabled UIM environments which have SQL Server 2012 and 2014 as the database.
  • Fixed security vulnerabilities. 
    Support case 01182041
     
  • Fixed performance issues where the metrics data in the Portal> Unified Service Manager> Details section. When using the SNMP Collector, the probe responds slowly and does not retrieve data. 
    Support case 01175919
     
  • Fixed the following security and vulnerability issues. Support case 01216567
    • The Apache JServ Protocol (AJP) service could be mis-configured and could lead to access to internal resources. Access is now restricted to this service on production systems. 
    • Development configuration files did not have restricted access which may lead to exposing sensitive information. All configuration files accessible from Internet are now restricted.
    • Vulnerability to slow HTTP Denial of Service (DoS) attack.
    • The server did not return an X-Frame-Options header which may lead to the portal being at risk of a click-jacking attack. The web server now includes an X-Frame-Options header.
  • Fixed an issue with UMP dashboards where the SQL table with URL links does not open some of the links. 
    Support case 01212526
     
  • Fixed an issue with the UMP dashboard chart where the pop-up text for any value is hidden beyond the browser window. 
    Support case 01227652
     
  • Fixed an issue with the SLA Report where parts of the header and the percentage were not configurable. 
    Support case 01225579
     
  • Fixed an issue where the ump.disallow.simultaneous.logins=true option in the portal-ext.properties file is not working as expected. 
    Support case 01190477
     
  • Fixed an issue where the wasp/UMP Group_Info option is enabled by default on the Primary Hub and results in the queue were not being emptied. 
    Support case 01256836
     
  • Fixed an issue with the List Viewer and List Designer which did not work as expected after upgrading from version 8.5.1 to 9.0.2. 
    Support case 01248140
     
  • Fixed an issue with the Unified Dashboards, Application, and Server reports which did not work as expected after upgrading to 9.0.2. 
    Support case 01240355
     
  • Fixed an issue where the Unified Dashboard Server List Reports did not work as expected. Users were not able to modify the List Design. 
    Support case 01261246
     
  • Fixed an issue where the Unified Dashboards did not display the required metrics after upgrading from version 8.5.1 to 9.0.2. 
    Support case 01268381
     
Contents of the Hotfix Bundle
The following items are available in the Hotfix bundle:
  • Bundled CABI
     (cabi probe package version 3.40) - Install this package to deploy an instance of CABI Server on a robot. This configuration simplifies the CABI Server installation process if you only need to use CABI Server with CA UIM. This version of the probe is required to support reports.
  • External CABI
     (cabi_external probe package version 3.40) - Install this package to deploy a probe that functions as a gateway for a separate CABI Server instance. This configuration allows you to share the CABI Server instance with CA UIM and multiple CA Agile Operations products. This version of the probe is required to support reports.
  •  
    UMP CABI Portlet
     (ump_cabi portlet package version 3.40) - Install this package to view CABI Dashboards in CA UIM 9.0.2.
  •  
    Unified CABI
     (unicabi package version 6.4.3) - Install this package to share a single CABI server instance with multiple CA Agile Operations products.
  •  
    Unified Management Portal
     (ump version 9.0.4) - Install this package to access the enhanced UMP web interface.
  •  
    Admin Console Package
     -Deploy this package on UIM Server to view Admin Console having vulnerability and defect fixes.
Prerequisites
The following prerequisites exist:
  • CA UIM 9.0.2
  • Supported Java 1.8
Installation Considerations
Review the following installation considerations:
  • CABI is not supported for TLS v1.2 enabled UIM environments which have SQL Server 2016 and 2017 as the database. Currently, Jaspersoft does not provide support for TLS v1.2 on SQL Server 2016 and 2017. Therefore, if TLS v1.2 is enabled in your CA UIM environment, and your database is SQL Server 2016 or 2017, then CABI Dashboards will not be supported. As a result, you cannot view CABI reports in CA UIM.
  • Before you deploy CABI External version 3.4 on a secondary robot, copy the Java keystore file (truststore.jks) file from the UIM Server (
    <Nimsoft>\security
    ) to the CABI External secondary robot (
    <Nimsoft>\security
    ).
  • The UIM Server installer creates a .pem file (certificate.pem) in the <Nimsoft>\security folder. The .pem file is a symmetric key that is shared with the required robots, which is then used for communication with the data_engine probe. You can copy this .pem file to the remote UMP, UR, and CABI robots and can provide the location of the file in the robot.cfg file (cryptkey = <.pem file location>). Furthermore, if any impacted probe is not on the same computer where data_engine is present, copy the generated .pem file to the robot computer (where data_engine is not available) and update the robot.cfg file with the .pem file location on that computer. For more information about the robot.cfg file configuration, see Configure robot.cfg.
  • You must also import the certificate onto the robot where you are installing CABI.
Installation Instructions
Follow these instructions from the DocOps site:
Known Issues
Confidential Information is Displayed in the Logs (for TLS Environments)
 
Symptom:
 
The trustStore, passkey, and wallet password is displayed in cleartext in the logs in TLS configured environment. 
Solution:
 
 A resolution is pending from TIBCO 
(Case number 01663862)
.
Limitations
  • After you apply the hotfix, the help links in the upgraded UI do not work. Access the latest documentation from the CA UIM 9.0.2 DocOps space. 
Troubleshooting
  • If the dashboards are not auto-deployed after you install CABI, you must increase the heap size for the cabi probe by using the raw configuration. The recommended minimum heap-size is 2-GB.
  • If the dashboards or reports are not displayed after you install CABI, then deploy the 
    uim_core_dashboards_pack
    uim_unified_reporter_pack
    , and 
    uim_cabi_health_library_reports_pack
     packages manually.