Readme file for IBM^® Spectrum Symphony 7.3 Interim Fix 563591

Readme file for: IBM Spectrum Symphony
Product/Component release: 7.3
Fix ID: sym-7.3-build563591-cs

Publication date: November 4, 2020

Interim fix that resolves slow SD authentication performance for an IBM Spectrum Symphony client. It allows the administrator to disable authentication for certain applications using an inclusion list.

1. List of fixes

2. Download location

3. Products or components affected

4. Installation and configuration

5. Uninstallation

6. List of files

7. Product notifications

8. Copyright and trademark information

1. List of fixes

APAR: P103940

2. Download location

Download interim fix 563591 from the following location: http://www.ibm.com/eserver/support/fixes/.

3. Products or components affected

Component name, Platform, Fix ID:

SOAM, Windows x64, sym-7.3-build563591-cs

4. Installation and configuration

Follow the instructions in this section to download and install this interim fix on hosts in your cluster.

System requirements

Windows 64-bit

Installation

a. Log on to the primary host as the cluster administrator and stop the SD service:

> egosh user logon -u Admin

> egosh service stop SD

b. On each primary candidate host (or just one host if you are using a shared file system), copy the sym-7.3.0.0-soamcore-7.3.0.0_build563591.msp package, and complete one of the following steps:

· For an interactive installation, double-click the .msp package and follow the prompts.

· For a silent installation, enter the following command from the command prompt:

C:\>msiexec /update C:\sym-7.3.0.0-soamcore-7.3.0.0_build563591.msp /l*v updateSym.log /norestart /quiet REINSTALLMODE=omus

The command syntax is as follows:

C:\>msiexec /update sym_package_name_path /l*v sym_install_log /norestart /quiet REINSTALLMODE=omus

where:

o sym_package_name_path is the fully qualified file name of the .msp package; in this case, C:\sym-7.3.0.0-soamcore-7.3.0.0_build563591.msp.

o sym_install_log is the log file for the upgrade; in this case, updateSym.log.

c. Run the pversions command to verify the installation:

> pversions

IBM Spectrum Computing family: SOAM core 7.3 for IBM Spectrum Symphony 7.3.0.0

Update for Symphony 7.3.0 (build"563591")

IBM Spectrum Computing family: EGO core 3.8.0.0

IBM Spectrum Computing family: IBM JRE 8.0.5.37

IBM Spectrum Computing family: IBM WebSphere Application Server Liberty Profile 19.0.0.6

IBM Spectrum Computing family: EGO management 3.8.0.0

IBM Spectrum Computing family: SOAM management 7.3 for IBM Spectrum Symphony 7.3.0.0

IBM Spectrum Computing family: EGO RESTful API Server 3.8.0.0

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Configuration and usagelat

a. Log on to the primary host, back up the sd.xml file by copying it to a local directory:

> egosh user logon -u Admin

> egosh service view SD -p

Back up the sd.xml file into a backup sub-directory.

b. Modify the sd.xml file: in the NTX64 section, add the application names which can bypass authentication. This is a comma delimited list with wildcard characters ‘*’ and ‘?” allowed. Ensure there are no extra spaces or quotation marks in the SD_BYPASS_AUTHENTICATION_BY_APPLICATION field.
For example, to allow application names starting with the letters MCW_bladefarm and symping have its clients bypass authentication, specify:

<ego:EnvironmentVariable name="SD_BYPASS_AUTHENTICATION_BY_APPLICATION">MCW_bladefarm*,symping*</ego:EnvironmentVariable>

c. Update the sd.xml file so that your changes take effect.

> egosh service modify SD -f sd.xml

> egosh service start SD

d. To verify if authentication is bypassed, run the symping command with a bad password:

> symping -m 1 -r 1 -u Admin -x abc

Note that RBAC is not disabled. For example, a bad user will be flagged if the user is set to BadAdmin and not Admin:

Security error: User <BadAdmin> does not have privileges to perform this action.

The following message will be logged in the soam\logs\sd.*.log file to indicate that bypassing authentication has been enabled:

SD_BYPASS_AUTHENTICATION_BY_APPLICATION mode enabled.

5. Uninstallation

If required, follow the instructions in this section to uninstall this interim fix from hosts in your cluster.

a. Log on to the primary host as cluster administrator and stop the SD service:

> egosh user logon -u Admin

> egosh service stop SD

b. Log on to each primary candidate host in the cluster and roll back this interim fix:

· To roll back from the Windows Control Panel, go to Control Panel > Programs and Features > View installed updates, click Update for Symphony 7.3.0 (build “563591”), and click Uninstall.

· To roll back from the IBM Spectrum Symphony command prompt, enter the following command:

C:\>msiexec /uninstall {DE498B4F-70D7-4C88-86D0-1409531A6EB2} /package {5B7B0C11-4DDB-4C5F-96A2-D1DCF66DBB64} /norestart /quiet /l*v sym_rollback.log

The command syntax is as follows:

C:\>msiexec /uninstall interim_fix_code /package <product_code> /norestart /quiet /l*v rollback_log

where:

o interim_fix_code is the identifier of the .msp package for this enhancement; in this case, {DE498B4F-70D7-4C88-86D0-1409531A6EB2}.

o product_code is the identifier of the .msi file in the original product installation package; in this case, {5B7B0C11-4DDB-4C5F-96A2-D1DCF66DBB64}.

o rollback_log is the name of the log file to capture details of the rollback; in this case, sym_rollback.log.

c. Restore the sd.xml from (from installation step a) and start the SD service:

> egosh service modify SD -f backup\sd.xml

> egosh service start SD

6. List of files

b55610666d3910038e76285393345a63 sym-7.3.0.0-soamcore-7.3.0.0_build563591.msp

soam\7.3\w2k3_x64-vc7-psdk\etc\sd.exe

soam\7.3\w2k3_x64-vc7-psdk\etc\sd.pdb

7. Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.

8. Copyright and trademark information

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml

Contents

1. List of fixes

2. Download location

3. Products or components affected

4. Installation and configuration

a. Log on to the primary host, back up the sd.xml file by copying it to a local directory:

5. Uninstallation

6. List of files

7. Product notifications

8. Copyright and trademark information