Managed server requirements
The servers to be managed by WebSphere Automation must meet certain requirements. Servers must have the WebSphere Application Server usage metering feature to be monitored, and must meet additional requirements to enable security fix installation or health monitoring.
Operating system requirements
Check the following table to see if a server running meets the operating system requirements to be managed by WebSphere Automation.
OS/Architecture | CVE Monitoring | Fix Deployment | Memory Leak Analysis * |
---|---|---|---|
AIX® | Yes | Yes | Yes |
Linux® (x86, ppc64, s390x) | Yes | Yes | Yes |
Windows (x86) | Yes | Yes | Yes |
HP-UX | No | No | No |
IBM® i | No | No | No |
Max OS X | No | No | No |
Solaris | No | No | No |
z/OS® | Yes ** | No | No *** |
* Instana is required to set up automated health detection and analysis. You must have an entitlement for Instana because it is not included with WebSphere Automation.
** Security bulletins for z/OS specific vulnerabilities are published separately from security bulletins for common vulnerabilities for both z/OS and distributed platforms. CVE monitoring is limited to common vulnerabilities.
*** Instana agent is not available on z/OS.
Usage metering requirement
- WebSphere Application Server (all editions) 8.5.5.15 and later
- WebSphere Application Server (all editions) 9.0.0.9 and later
- WebSphere Application Server Liberty (all editions) 18.0.0.3 and later
As service updates or new versions of WebSphere software are installed, the security status of the server inventory is updated.
Security fix installation and health monitoring requirements
In addition to the usage metering requirement, servers must meet these requirements for security fix installation and health monitoring by WebSphere Automation.
Requirement | Security fix installation | Health monitoring |
---|---|---|
Python and Python3 (installed and on the PATH for all users) | Python 3 (version 3.5 or later) | Python 3 (version 3.5 or later) |
Java™ (installed and on the PATH for all users) (WebSphere Application Server Liberty only) | Required | Required |
Windows servers must have PowerShell 5.1 or later installed | Required | Required |
Servers must be accessible from WebSphere Automation with SSH (Linux or UNIX), or SSH or WinRM (Windows) | Required | Required |
All Linux and UNIX servers must be accessible with the same SSH credentials and user account. Windows servers must be accessible with the same SSH or WinRM credentials and user account. | Required | Required |
The user account must have permissions to use the wsadmin script (WebSphere Application Server) or the server script (WebSphere Application Server Liberty) |
Required | Required |
On Linux and UNIX servers, the user account must have at least read
access to the WebSphere Application Server or WebSphere Application Server Liberty installation and profile directories. If the owner of
these installation or profile directories is different from the user account, the user account must
have ability to become that user by using the sudo command. |
Required | Required |
On Linux and UNIX servers, if a custom data location was used when
Installation Manager was installed in group mode, Installation Manager must either be reinstalled
without a custom data location or the InstallationManager.dat file must be
placed in the following
location. /user_home_directory/var/ibm/InstallationManager_Group/etc/.ibm/registry/InstallationManager.dat The
application_data_location/etc/.ibm/registry/InstallationManager.dat If Installation Manager is installed in administrator mode, the installation must be managed by a user with administrator privileges. You can specify the user account that is to be used for executing the Installation Manager commands. For more information, see Installing a fix. |
Required | N/A |
On WebSphere Application Server installations, the user profile specified for the ansible_user parameter must have read access to the following files and their parent directories.
For more information, see Runbook logs contain file access permission errors in the troubleshooting documentation. |
Required | Required |
The user account must have access to heap dump files that are generated by WebSphere Application Server or WebSphere Application Server Liberty | N/A | Required |
On Windows servers, the user account must either have:
|
Required | N/A |
Instana agent must be installed and configured to communicate with an installation of Instana. Instana is required for automated health detection and analysis. You must have an entitlement for Instana because it is not included with WebSphere Automation. For more information, see Setting up Instana to send alerts to WebSphere Automation. | N/A | Required |
soap.client.props
file of each node
where a heap dump might be generated.com.ibm.SOAP.loginUserid=<USERID>
com.ibm.SOAP.loginPassword=<PASSWORD>