BMC Server Automation 8.6
Placing a watch on this page is a great way to stay informed of changes to this space.
|October 15, 2016||Version 8.6.01.002: Patch 2 for Service Pack 1||Lists the updates introduced in BMC Server Automation version 8.6 Patch 2 for Service Pack 1.|
|June 14, 2016||Notification of Windows RSCD Agent vulnerability in BMC Server Automation CVE-2016-5063||Alerts users to a security problem in the RSCD agent on Microsoft Windows platforms for all versions of BMC Server Automation, up to and including version 8.7 Patch 2, as well as in any BMC solution that includes this technology.|
|March 2, 2016||Notification of critical security issue in BMC Server Automation||Alerts users to a security problem in the RSCD agent on UNIX and Linux platforms for all versions of BMC Server Automation, as well as in any BMC solution that includes this technology.|
|December 3, 2015||Version 8.6.01.001: Patch 1 for Service Pack 1||Lists the updates introduced in BMC Server Automation version 8.6 Patch 1 for Service Pack 1.|
|May 18, 2015||Service Pack 1: version 8.6.01||Lists the updates and enhancements introduced in BMC Server Automation version 8.6 Service Pack 1.|
|December 17, 2014||Patch 1: version 8.6.00.001||Lists the updates introduced in BMC Server Automation version 8.6 Patch 1.|
December 11, 2014
Lists the enhancements introduced in BMC Server Automation version 8.6.
Ready-made PDFs are available on the PDFs page. You can also create a custom PDF.
Concepts, architecture, deployment, planning, and system requirements.
Information about installing the product and migrating product data.
Required post-installation configuration.
Upgrade process, migration, and configuration.
Issues resolution, error messages, logs, and contacting Support.
Interface descriptions, using the product.
Security, system administration, maintenance.
Development interfaces and toolkits.
Integrations with other products.
The following sections describe enhancements for BMC Server Automation version 8.6.00:
- Installation and upgrade enhancements
- Compliance Content, Compliance, and SCAP enhancements
- Deploy functionality enhancements
- Patch management enhancements
- Automatic support for IAVA ID attribute
- Provisioning enhancements
- Virtualization enhancements
- Integration with BladeLogic Dashboard
- BLCLI enhancements
- Automation Academy content
- Related topics
For information about issues corrected in this release, see Known and corrected issues.
Installation and upgrade enhancements
BMC Server Automation version 8.6 includes the following enhancements to installation functionality:
Unified product install and upgrade
BMC Server Automation 8.6 provides a single installer for most installation and upgrade scenarios within the BMC Server Automation environment. The unified product installer simplifies and improves the installation experience by providing a centralized UI for installation and upgrade of all BMC Server Automation components. For more information about the unified product installer, see Installing using the unified product installer and Upgrading on Windows using the unified product installer.
The unified product installer installs and configures BMC Server Automation components by grouping them into functional units called nodes. The first node that is installed by the unified product installer is called the Default Application Server node. It comprises an Application Server, PXE server, database, network shell, file server, and BMC Server Automation Console. To meet the demands of a larger data center, you can deploy additional Application Servers. The additional Application Server is used for improving the performance of BMC Server Automation. For more information about adding an Additional Application Server after the Default Application Server node is installed, see Adding additional Application Servers.
Maintaining all configuration data on the database
With the release of BMC Server Automation 8.6, the latest copy of all configuration data is now maintained on the database. When an Application Server is started, it uses the configuration data that is stored on the database.
Migration of the configuration data is performed automatically by the unified product installer during upgrade. For cases where the unified product installer cannot be used, BMC Server Automation provides the configurator utility, which performs the database migration and persists configuration data into the database. You run the configurator on all Application Servers and PXE servers. For more information about migrating the configuration data manually, see Migrating the database and persisting configuration data to the database.
Quick start page
This is the first page that is displayed when you launch the BMC Server Automation Console after a fresh installation. It provides you a centralized access to options that execute most major use cases for Infrastructure Management, Compliance, Provisioning, Patching, and Configuration Management. For more information about using each of these options, see Quick start page.
Support for installing agents behind a SOCKS proxy server
BMC Server Automation now supports the installation of RSCD Agents on target servers that are behind a SOCKS proxy. For more information about the necessary configuration, see the list of preliminary tasks in Agent installation overview.
Compliance Content, Compliance, and SCAP enhancements
The following enhancements have been introduced in BMC Server Automation 8.6.00 for Compliance features:
New templates in Compliance Content for supporting additional policies and platforms
BMC Server Automation version 8.6 supports following Compliance Content component templates:
|Bench - mark version||Bench - mark update||Bench - mark version||Bench - mark update||Bench - mark version||Bench - mark update|
|Microsoft Windows Server||2012 R2 Domain Controller||Version 1/Release 4||July, 2014|
|2012 R2 Member Server||Version 1/Release 4||July, 2014|
|7.1||3.0||November, 2013||1.1.0||September, 2013|
|6.1||Version 1/Release 2||July, 2014|
|5.3||3.0||November, 2013||1.1.0||September, 2012|
|Novell SuSE Linux® Enterprise Server||11||3.0||November, 2013||1.0.0||September, 2013|
|10||3.0||November, 2013||1.0.0||September, 2013|
|Oracle™ Solaris™||11 x86||Version 1/Release 1||April, 2014|
|11 SPARC||Version 1/Release 1||April, 2014|
|10 x86||Version 1/Release 5||January, 2014|
|10 SPARC||Version 1/Release 5||January, 2014|
For complete list of available templates, see Compliance policy standards supported by BMC Server Automation templates.
The CIS SUSE 10 template is derived from CIS SUSE 11. Following rules are unique to CIS SUSE 10 template:
- 1.6 seccheck is active
- 2.1.1 Disable Standard Services
- 2.1.2 Disable Standard Services
- 3.3 Disable remote SMTP connections
- 3.4 Disable GUI Login If Possible
- 3.5 Disable X Font Server If Possible
- 3.6 Disable Standard Boot Services (not scorable)
- 3.13 Only Enable ncpfs Script If Absolutely Necessary
- 3.17 Only Enable SQL services If Absolutely Necessary
- 5.1 syslog is active
- 7.1 Remove .rhosts Support In PAM Configuration Files
- 7.2 /etc/ftpusers (not scorable)
- 7.6 Configure xinetd Access Control (not scorable)
- 7.10 Restrict NFS Client Requests To Privileged Ports
- 9.3 Create "authorized only" Banners For vsftpd, If Applicable
- 12.1 Create Symlinks For Dangerous Files
Inclusion of commands as assets in a Compliance rule
The Rule Editor for compliance rules now has enhanced support for shell scripting commands. A new Command asset is introduced, with various attributes for several forms of command outputs. Using this new asset type, you can create a rule condition that checks for a specific command output. This replaces the need to define such commands through a local configuration object in the component template. For more information see Defining a basic condition.
Defining variables in Compliance rules
You can now define a variable within a Compliance rule by assigning a value to a local property of the component template. You can then use your property-based variable in subsequent conditions in the same rule. The following new operators have been introduced to support this new feature:
- The assign operator (represented by the := combination of characters) can be used to assign a transient value that is not saved to the database, but rather temporarily stored only for the duration of rule execution. Use this operator if you want to avoid unnecessary storage of data in the database and do not plan to perform remediation based on the results of the compliance rule analysis.
- The persist operator can be used to assign a value that is persisted in the database. Use this operator if you plan to perform remediation based on the results of the compliance rule analysis.
For more information see Defining a basic condition.
New file/directory properties
The following file/directory properties have been added in BMC Server Automation. These properties can be used in a BLPackage, can be viewed in Live Browse, and can also be used in Compliance rules.
|User Owner Name||String||The name of the user owning the file/directory.|
|Group Owner Name||String||The name of the group owning the file/directory.|
|Unix ACL||Boolean (true/false)||Whether an Access Control List (ACL) is defined on the file (true or false).|
These properties are not visible for a directory in Live Browse.
If you are using the following new artifacts, you will not be able to import their templates in versions prior to BMC Server Automation 8.5 SP1:
- Command Support
List[String], String/Integer Enumeration using LOOP_ATTR_FOR_COMPLIANCE_STR/ LOOP_ATTR_FOR_COMPLIANCE_INT
- Assign Operator (:=)
Added new configuration files
BMC Server Automation includes new configuration files for following operating systems:
|Operating System||Configuration files|
For complete list of configuration files, see Configuration files.
Examples for creation of compliance rules added in the documentation
See Examples for creating compliance rules for detailed examples of rules that use command and variable support.
New reports available for export from compliance results
Changes were introduced in the formats of reports that you can generate by exporting results of a Compliance Job. The following types of reports are now available:
This new report format is generated from Compliance Job results using the Export Compliance Results menu option. The report summarizes the levels of rule compliance on the target servers, and enables you to drill down to details about any individual rule at any server, so that you can learn more about the deviation of the actual rule results from the expected results.
The report provides you with two views:
- Summary by Servers — a list of the servers, with statistics about the rules that failed or were compliant on each server
- Summary by Rules — a list of the rules, with statistics about the servers where each rule failed or was compliant
Support for SCAP 1.2
BMC Server Automation now supports compliance analysis for the most recent Security Content Automation Protocol (SCAP) version 1.2 in addition to the existing support for SCAP 1.0. Two different import options now exist, depending on the type of SCAP object — whether an SCAP data stream collection (a single XML file) for SCAP 1.2, or an SCAP benchmark (several XML files).
The imported SCAP 1.2 content is displayed in the BMC Server Automation Console through 3 hierarchical nodes — an SCAP data stream collection, one or more data streams contained in the collection, and finally one or more benchmarks within each data stream.
As part of the support for SCAP 1.2, BMC Server Automation now also supports the import of SCAP 1.2 content that contains tailoring files, which are used to temporarily tweak benchmark rules by customizing profiles in an XCCDF file. During SCAP compliance analysis, BMC Server Automation applies the changes captured in the tailoring file to rule evaluation.
- During an export of an XCCDF results file (using the Export SCAP Compliance menu option), you can now choose which rules to include in the export — all rules, failed rules, or passed rules.
- The Export Other SCAP Formatsmenu option now offers the following new report formats that are compliant with SCAP 1.2 (in addition to the formats previously provided for SCAP 1.0):
- Asset identification (AI) version 1.1
- Asset Reporting Format (ARF) version 1.1
Deploy functionality enhancements
New BLPackage object attributes enable you to deploy a BLPackage with the objective of manipulating the properties of Windows user accounts at the target servers. User asset attributes enable you to set user account control flags or disable the user account. For more information, see Manipulating Windows user account properties through a BLPackage.
Patch management enhancements
BMC Server Automation version 8.6 includes the following enhancements to patch management:
AIX patching support for SUMA
You can now download AIX patches from Fix Central servers using IBM Service Update Management Assistance (SUMA). You can select the SUMA download option while creating an AIX patch catalog. For more information about enabling this option, see Patch catalog - AIX Catalog.
Removal of dependency on Windows Helper Server location
For creating a Windows patch catalog in versions earlier than 8.6, you had to define a Windows Helper Server location. BMC Server Automation used the Windows Helper server to decrypt shavlik metadata files that are downloaded from the vendor site.
However, in BMC Server Automation 8.6, the shavlik metadata files are decrypted on the Application Server itself and there is no requirement of defining a separate Windows Helper Server location.
To create a patch catalog in offline mode, you must download the oemcatalog.zip file Shavlik Technologies and save it in the depot workspace. You must provide the depot location of the file while creating the Windows patch catalog, as described in the Repository Options section of Patch catalog - Windows Catalog.
Patching support for multibos and alternate disk on AIX
AIX has the capability of maintaining multiple instances of Base Operating Systems (BOS). The additional instance of the BOS can be maintained in the same root volume group (multibos) or on a separate disk on a separate root volume group (alternate disk). The user can boot any one instance of the BOS which is called the active instance.The instances which have not been booted remains as stand by instances.
BMC Server Automation 8.6 supports multibos and alternate disk patching, which allows user to access, install, maintain, update, and customize the standby BOS during setup and customization operations. Installation, maintenance, or technology level updates to the standby BOS do not change system files on the active BOS. This allows concurrent update of the standby BOS, while the active BOS remains in production, thus reducing downtime while patching. For more information, see How to perform AIX patching on an alternate disk (altdisk) or on multiple boot operating system (multibos).
Patch management support for Red Hat Enterprise Linux 7
BMC Server Automation now supports patch management on Red Hat Enterprise Linux 7. However, before you create a patch catalog ensure that you performed the prerequisite procedures as described in thesection of .
BMC Server Automation now also supports patch analysis and remediation on Red Hat Enterprise Linux 7 with native yum (instead of blyum). If yum is installed in a non-default location, ensure that you set this location at the server level in the PATCHING_TOOL_INSTALL_LOCATION server property.
Automatic support for IAVA ID attribute
In BMC Server Automation 8.5, the value of the IAVA ID property is not populated by the catalog update job automatically. You must set it manually in the Bulletin DepotSoftware of the catalog by running an NSH script.
However in BMC Server Automation 8.6 the values of this IAVA ID property is populated automatically by the catalog.
BMC Server Automation version 8.6 supports the following new platforms:
- RHEL 7
- Ubuntu 12.04
For information about the provisioning process, see Implementation process for provisioning.
During the setup a VMware vSphere environment in BMC Server Automation, you can now choose between adding a vCenter server as an agent-based managed server or adding it as an agentless managed object (AMO) that communicates with some other agent-based Windows proxy server. A new menu option was added to server groups, Virtualization > Add VMware Virtual Center, to enable adding the vCenter server as an AMO. For more information, see Adding the vCenter server to BMC Server Automation.
Integration with BladeLogic Dashboard
Version 8.6 includes an integration with the BladeLogic Dashboard, which provides a view into your overall BMC Server Automation environment and offers tips for optimizing BladeLogic installations. The dashboard is not a monitoring tool. Instead, it is a mechanism for quickly assessing the health of all BladeLogic system components. The BladeLogic Dashboard can also show savings that your organization is experiencing by using BladeLogic. For more information about using the dashboard, see Using the Health and Value Dashboards.
Automation Academy content
The Automation Academy introduces you to a key BladeLogic use case (for example, provisioning), and then provides several step by step, cookbook-style examples that walk you through a specific aspect of that use case. For example, in the case of provisioning, one walkthrough might show you how to provision a bare-metal Windows system, while another might show how to provision a VM on VMware. The content for the Automation Academy is included in the new Getting Started branch.
The initial release of Automation Academy focuses on introducing you to the concepts of automation, provisioning, and configuration management, and includes the following sections:
- Getting started with automation
- Getting started with provisioning
- Getting started with configuration management
Frequently asked questions
This section provides answers to frequently asked questions (FAQs) about BMC Server Automation.
For supported version information, see the following BMC Support Support page:
Note that as of June 26, 2012, version 7.x releases are no longer supported.
The BMC Knowledge Base (which includes answers for common problems with BMC Server Automation) is located at https://bmcsites.force.com/casemgmt/sc_CoveoSearch#q=BMC%20Server%20Automation&t=KB&sort=relevancy
See the ports and protocols list.
You can find the build number for the various releases (base version, SPs, and patches) in Preparing for a Windows upgrade using the unified product installer or Preparing for a Linux or UNIX upgrade using the unified product installer.
See the following documentation resources:
- For information about enabling the retrieval of change information from BMC BladeLogic Server Automation for Probable Cause Analysis (PCA), see the chapter about integrating with BMC Server Automation in the BMC ProactiveNet User Guide.
- For information about transferring data to BMC PATROL and BMC ProactiveNet regarding the status, availability, and performance of hosts and servers managed by BMC Server Automation, see the online documentation for BMC PATROL for BMC Server Automation and BMC ProactiveNet Automation Server Monitoring.
Installation and upgrade questions
You can find information about the supported upgrade paths for BMC Server Automation in the Upgrading using individual component installers section of the online technical documentation (in the Preparing for a Windows upgrade using the unified product installer or Preparing for a Linux or UNIX upgrade using the unified product installer topics).
You can find deployment architecture recommendations in the following Planning section: Deployment use cases
General product usage
Use the following process:
- Start by looking at the rscd.log. Who are your requests currently mapping to? If it is someone who does not exist in your users or users.local file, consider adding a temporary definition for them.
- Remove the "nouser" line from the users file.
- Change the contents of the exports file so that it contains a single line: "* rw,user=root" or "* rw,user=Administrator" (or the name of your local admin account).
Once you have finished troubleshooting, make sure to restore the original configuration.
The following list shows some common causes for this issue:
- Review the Application Server log and look for a Java stack trace; this usually indicates the issue.
- A few common things can cause problems with the Application Server start up:
- The File Server RSCD Agent is not licensed (for pre-8.2 versions).
- ACLs were pushed to the File Server agent.
- Add a 'System:System rw,map=<root|Administrator>' to the users.local on the File Server agent.
In this case, you need to synchronize the bladelogic.keystore across all Application Servers.
See To synchronize keystore files of multiple Application Servers for more information.
See the following Knowledge Article for information on this issue:
Knowledge Article ID: 000022404
You can find recommendations for sizing Application Servers in Sizing Application Servers.
If the catalog is in Online mode, updating the catalog obtains any new patches or modifies existing patches that have changed. To prevent new patches from being downloaded, do not run the Catalog Update Job until you need new patches in the catalog.
If the catalog is in Offline mode, then to prevent new patches from being downloaded, you must ensure:
- The source location has not been updated by re-running the downloader
- The metadata file(s), if applicable, in the depot have not been changed since the last run
If you ensure the preceding items, running a Catalog Update Job does not add any new patch metadata or modify existing patch metadata.
While creating the Patching Job, from the Deploy Job options menu within the Remediation Options panel, select the Execute job now option. The same options are available while creating a remediation job from the Analysis results.
You can specify a schedule for any Job to ensure that it is executed every x hours.
You must create a custom property on an appropriate depot object. For example, to set certain criteria on a Windows Hotfix object, by selecting Property Dictionary View > Built-in Property Classes > Hotfix, you can add a new property. You can then create a new smart group using an appropriate condition to include this new property.
The job log of the Patching Job displays a warning message that indicates the filters that must be added so that all products on all targets that are part of the Patching Job are analyzed in the next run of the Patching Job. A sample warning message is shown below.
You can use the drop-down list in the Deploy Job options settings to get the desired information about the execution of that Deploy Job. For example, if you select the All Information option within Logging level, subsequent execution of the Deploy Job provides you with all information about the Deploy Job execution.
On UNIX, look in /etc/lib/rsc/HOME or /usr/lib/rsc/HOME. If that file does not exist, you are running a local or self-contained installation, and will need to derive the installation location from running processes. For example:
On Windows: INSTALL_DIR\RSCD\rscd.log
On UNIX: INSTALL_DIR/[NSH|RSCD]/log/rscd.log
The default deployment name is appserver, while other common deployments have names such as job-1.
For detailed instructions on analyzing the Trace.txt file, see How to analyze Trace.txt generated by a Windows Patch Analysis Job (user contribution).
Top Knowledge Articles from BMC Customer Support
Walkthrough topics introduce you to a key BMC BladeLogic Server Automation use case (for example, compliance), and provide step by step, cookbook-style examples that demonstrate a specific aspect of that use case.
|Getting started with automation||
Content by label
There is no content with the specified labels
The following BMC sites provide information outside of the BMC Server Automation documentation that you might find helpful:
- BMC Communities, Server Automation community, where you can find a series of Best Practice webinars
- BMC Support Knowledge Base, search filtered by BMC Server Automation
- BMC Educational Services, BMC Server Automation learning path
- BMC Global Services, BMC Server Automation offerings
- www.bmc.com, information about BMC Server Automation