Download
Abstract
This fixpack contains several fixes for problems in the various components that comprise the Tivoli Security Policy Manager software
Download Description
IBM® Tivoli® Security Policy Manager 7.1.0-TIV-ITSPM-FP0004 and 7.1.0-TIV-ITRTSS-FP0004 Readme
Contents
Abstract
The Fix Pack Readme topics describe the contents of the Tivoli Security Policy Manager Fix Pack 7.1.0.4
Product/Component Release: 7.1.0
Update Name: Fix Pack 4
Fix ID: 7.1.0-TIV-ITSPM-FP0004
Fix ID: 7.1.0-TIV-ITRTSS-FP0004
Publication date: 18 November 2012
Last modified date: 18 November 2012
1) Denial of Service Security Exposure with Java JRE/JDK:
Description:
This Security Alert addresses security issue CVE-2010-4476 (Java Runtime Environment hangs when converting"2.2250738585072012e-308" to a binary floating-point number), which is a vulnerability in the Java Runtime Environment component.
Before updating Tivoli Security Policy Manager/Runtime Security Services with this fix pack, update the JRE/JDK to mitigate the security exposure.
This fix pack includes all versions of JRE/JDK that were installed with Tivoli Security Policy Manager/Runtime Security Services or Tivoli Integrated Portal/Tivoli Common Reporting (embedded WebSphere Application Server).
Note: The update process for the embedded WebSphere Application Server (that comes with Tivoli Integrated Portal/Tivoli Common Reporting) is same as the regular WebSphere® update.
Use the following link to update the appropriate version of your JRE/JDK with the WebSphere Application Server update:
Java Security Exposure (CVE-2010-4476) Flash for WebSphere Application Server (WSAS)
You might need to install the WebSphere Update Installer (WUI), which is at the following location: WebSphere Update Installer (WUI)2) Potential security exposure with IBM WebSphere Application Server with Web Services using XML Encryption:
Problem Description:
If a Web Service (either JAX-WS or JAX-RPC) is configured to use WS-Security to encrypt data, that data might be vulnerable to a decryption attack.If requests containing encrypted data can be intercepted, an attacker might be able to decrypt the encrypted
data in those requests. All versions of JAX-RPC and JAX-WS are vulnerable.
Use the following link to update the appropriate version of the installed WebSphere Application Server:
Fixes
The fix pack provides fixes for a number of the APARs. Fixes are cumulative, meaning the latest fix pack also contains all the fixes contained in the previous fix packs.
APAR | Problem summary |
---|---|
IV15661 | CREATEPOLICY() AND MODIFYPOLICY() RETURN INCORRECT DATA IN SOMETRUE |
IV15818 | UNABLE TO EXPORT TSPM POLICY USING IE BROWSER |
IV20522 | TSPM CONSOLE ERRORS INTERNET EXPLORER 8 |
IV21909 | TSPM 7.0 -> 7.1 MIGRATION FAILURE (PARTIAL) |
IV22007 | POLICY CHANGES DO NOT TAKE AFFECT UNTIL RTSS IS RELOADED |
IV22638 | SUPPRESS ERRORS LOG ENTRIES FOR NULL VALUE |
IV25186 | WRONG UPDATE MAPPING WHEN SORTING LIST |
IV23845 | 7.1 DOCUMENTATION FIXPACK TYPO AND CLARIFICATION |
APAR | Problem summary |
---|---|
IV02079 | WSDL IMPORT FAILS IF XSD FILES ARE REFERENCED WITH RELATIVE PATH |
IV03218 | TSPM POLICY/DIRECTORY NOT GETTING PROPAGATED TO THE DMGR. |
IV04689 | MISSING TSPMREPORTS.SQL |
IV06278 | POLICY PENDING RETRIEVAL WHEN VALID TIMESTAMP NOT FOUND |
IV07258 | SEARCHING FOR MEMBERS OF A TSPM ADMIN GROUP TO ASSIGN POLICY OW |
IV08352 | ILLEGALSTATEEXCEPTION: SESSION HAD BEEN INVALIDATED: |
IZ96492 | TSPMRUNTIMEEXCEPTION: UNHANDLED EXCEPTION |
IV05128 | NULLPOINTER EXCEPTION WHEN RUNNING THE CREATEPOLICY API. |
APAR | Problem summary |
---|---|
Stability Fixes | Some Stability Fixes Went into FP02 |
APAR | Problem summary |
---|---|
IZ80883 | RTSS LOCAL MODE IS FAILING WITH J2EE ENFORCEMENT |
IZ87160 | NULLPOINTEREXCEPTION IN STS ATTRIBUTE FINDER WHEN PARSING RTSR |
IZ77364 | JAX-WS PEP DOES NOT ENFORCE SERVICES USING MESSAGE LEVEL AUTHENTICATION |
IZ87161 | JAXWS PEP SHOULD LOOK IN MESSAGE CONTEXT FOR SUBJECT |
IZ87166 | JAXWS PEP SHOULD FALL BACK TO RUN-AS SUBJECT |
IZ83168 | PROBLEM ATTACHING POLICY VIA CLASSIFICATION |
IZ81535 | TSPM WILL GENERATE INDIVIDUAL POLICY AND POLICYATTACHEMENT DOCUMENTS |
Prerequisites
TSPM 7.1.0 GA Version
Installation Instructions
Installation Instructions
Downloading the Fix Pack
Download and extract the fix pack files from the IBM Tivoli Security Policy Manager Support website.
About this task
Tivoli Security Policy Manager Fix Pack 7.1.0.4 consists of two compressed files. One file contains the policy manager packages. The other file contains the runtime security services packages. Download the compressed files that apply to your deployment.
Package | Fix Pack compressed file |
---|---|
Tivoli Security Policy Manager | 7.1.0-TIV-ITSPM-FP0004.zip |
Tivoli Security Policy Manager Software Development Kit | |
Runtime Security Services Server | 7.1.0-TIV-ITRTSS-FP0004.zip |
Runtime Security Services Client | |
Runtime Security Services Software Development Kit |
Procedure
- Access either the support website:
- Go to the IBM Tivoli Security Policy Manager Support website.
- Locate and download the fix pack compressed files:
- Click Download.
- In the Search field, enter the Policy Manager fix pack
identifier:
7.1.0-TIV-ITSPM-FP0004
- Download the compressed file.
- In the Search field, enter the runtime security services
fix pack identifier:
7.1.0-TIV-ITRTSS-FP0004
- Download the compressed file.
- Extract the compressed files. Each compressed file contains packages of files.
- Extract the file or files with the packages you want to install.
- Make note of the directory where you downloaded each compressed file.
Known Issues
This topic documents the known issues with the fix pack. You can also query the tech notes database on the Customer Support website.
There are known issues with the Installation Manager application:
- Do not install both IBM Tivoli Runtime Security Services Server
Version 7.1.0.4 and IBM Tivoli Runtime Security Services Software
Development Kit 7.1.0.4 in the same Installation Manager session.
If you attempt to do so, the following message might be displayed:
Packages IBM Tivoli Runtime Security Services Server 7.1.0.4 and
IBM Tivoli Runtime Security Services Software Development Kit 7.1.0.4
cannot coexist in the same package group
If this message is displayed, install each package in a separate Installation Manager session. - Installation fails with an out of memory exception:
Error during "pre-install configure" phase: java.lang.OutOfMemoryError: unable to allocate 60432017 bytes for native buffer
The workaround is to increase the memory available to the Java Virtual Machine. Modify the <InstallationManager>/eclipse/IBMIM.ini file in IBM Installation Manager's installation directory to add an additional parameter, "-Xmx1024m", restart Installation Manager; and then perform the update. - On a 64bit Linux system, Installation Manager exits during installation without error. Installation Manager and Tivoli Integrated Portal require the 32bit compatibility libraries on 64bit Linux systems. Review the product documentation for specific requirements.
- During update or installation, the EJB deploy step may fail with:
Error executing deployment: java.lang.IllegalStateException. Error is Platform not running. java.lang.IllegalStateException: Platform not running at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:374) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at com.ibm.etools.ejbdeploy.batch.impl.BootLoaderLoader.run(BootLoaderLoader.java:494) at com.ibm.etools.ejbdeploy.batch.impl.BatchDeploy.execute(BatchDeploy.java:114) at com.ibm.etools.ejbdeploy.EJBDeploy.execute(EJBDeploy.java:107) at com.ibm.etools.ejbdeploy.EJBDeploy.deploy(EJBDeploy.java:348) at com.ibm.etools.ejbdeploy.EJBDeploy.main(EJBDeploy.java:310) EJBDeploy level: @build@ ADMA5008E: The EJBDeploy program failed on file /tmp/app3860524633747861547.ear. Exception: com.ibm.etools.ejbdeploy.EJBDeploymentException: Error executing EJBDeploy
The problem and resolution are described in EJBDeploy command Exceptions on WebSphere Application Server and Eclipse OSGI cache purge issues. To resolve, update the <WAS>/deploytool/itp/ejbdepoy.sh script (or .bat for Windows) to always clear the OSGi cache by default (the "FOURTH" workaround in the referenced technote) by adding the " -Dosgi.clean="true" \" option to the com.ibm.tools.ejbdeploy.EJBDeploy invocation. Note that this option may add several seconds to the deployment operation. - The rollback feature does not present a graphical user
interface for entering the required configuration settings, such as
passwords. If you do not manually supply the necessary passwords,
Installation Manager displays the following error:
Error during "pre-install configure" phase: java.lang.ExceptionInitializerError
This fix pack topic in the information center contains instructions for manually editing the required configuration files. See Rolling back Fix Pack 7.1.0.x. - The rollback feature does not save the response files that an administrator creates for the Tivoli Security Policy Manager configuration utility. The fix pack topic in the information center contains instructions for manually saving these files. See Rolling back the policy manager package.
- For the rollback operation, two files located in the agent data location, installed.xml and
installRegistry.xml will need to have certain properties updated for the rollback operation (as explained in the
rollback section).
In some instances, incorrect paths to the WebSphere and/or Tivoli Integrated Portal (TIP)
profile paths may be recorded in these files. Ensure that the following entries are correct prior to performing the rollback.
Incorrect:
<property name='user.tipProfilePath' value='/opt/IBM/InstallationManager/eclipse/null'/>
<property name='user.tipWsAdminScript' value='/opt/IBM/InstallationManager/eclipse/null/bin/wsadmin.sh'/>
Correct (assuming the default TIP install location is /opt/IBM/tivoli/tip):
<property name='user.tipProfilePath' value='/opt/IBM/tivoli/tip/profiles/TIPProfile'/>
<property name='user.tipWsAdminScript' value='/opt/IBM/tivoli/tip/profiles/TIPProfile/bin/wsadmin.sh'/>
Incorrect:
<property name='user.wasProfilePath' value='/opt/IBM/InstallationManager/eclipse/null'/>
<property name='user.wasWsAdminScript' value='/opt/IBM/InstallationManager/eclipse/null/bin/wsadmin.sh'/>
Correct (assuming the default WebSphere profile creation location is /opt/IBM/WebSphere/AppServer/profiles):
<property name='user.wasProfilePath' value='/opt/IBM/WebSphere/AppServer/profiles/<profileName>'/>
<property name='user.wasWsAdminScript' value='/opt/IBM/WebSphere/AppServer/profiles/<profileName>/bin/wsadmin.sh'/>
There are known issues with the Tivoli Integrated Portal application:
- Some elements displayed by the Tivoli Integrated Portal console may incorrectly render text in the system locale instead of the browser locale. Fields in the login panel, banner are page bar areas may show text in the locale of the Tivoli Integrated Portal server.
- When using the policy simulation panel with only one service defined, the content of the services selection box may not render properly. As a workaround, you can define another service, or use the keyboard navigation keys to select the resource.
Tech notes on the IBM Software Support website document known problems and limitations:
http://www.ibm.com/software/tivoli/support/security-policy-mgr/
As limitations and problems are discovered and resolved, the IBM Software Support team updates the knowledge base. By searching the knowledge base, you can find workarounds or solutions to problems. The following link sends a customized query to the live Support knowledge base for Tivoli Security Policy Manager:
http://www.ibm.com/support/search.wss?tc=SSNGTE&rank=8&atrn=SWVersion&atrv=7.1&dc=DB520+DB560
To create your own query, go to the Advanced search page on the IBM Software Support website.
Updating a previous version with Fix Pack 7.1.0.4
You can update a Tivoli Security Policy Manager 7.1.0, 7.1.0.1, 7.1.0.2, or 7.1.0.3 deployment with the files in Fix Pack 7.1.0.4. Consult the IBM Tivoli Security Policy Manager information center for additional configuration and upgrade requirements.
Use the Installation Manager application to add the fix pack packages. The Installation Manager Update icon runs a wizard to guide you through adding fix pack packages to an existing deployment.
Use Installation Manager to install the fix pack files. During the update, you can specify values for the same configuration properties that were used during installation or previous fix pack updates.
- Installation Manager displays the current values for each configuration property.
- Installation Manager does not display values for passwords. You must enter any required passwords, such as the administrative user password.
- Review each property to ensure that it is correct. Modify any property that must change.
- Complete the prerequisite tasks:
- Download and extract the fix pack files. See Downloading the Fix Pack.
- Review known issues and limitations. See Known Issues.
- Identify the packages and features that you want to update.
Package Features Tivoli Security Policy Manager Tivoli Policy Platform Tivoli Security Policy Manager server Tivoli Security Policy Manager administration console Tivoli Integrated Portal console Tivoli Security Policy Manager configuration utility Tivoli Security Policy Manager SDK Software Development Kit and Samples Runtime Security Services Server Authorization Service Runtime Security Services Client Authorization Service Runtime Policy Management Administration Agent Web Services Application Enforcement Runtime Security Services SDK Software Development Kit and Samples Portal Application Enforcement Software Development Kit - Complete the instructions for the package that you want to update.
- Optional: Use the Installation Manager log viewer to verify that the installation was successful by reviewing the Installation Manager
log files.
- When you complete an installation, go to the Installation Manager landing page and click File -> View Log.
- If you already closed Installation Manager or installed
another product after Tivoli Security Policy Manager:
- Click File -> View Installation History.
- Select the package installation that you want to view. For example, Tivoli Security Policy Manager.
- Click View Log.
Updating policy administration components
You can update the policy administration components with the fix pack installation files that you downloaded from the Customer Support website. The policy administration components include the policy manager server, configuration tool, and policy manager console.
Before you begin
Complete the prerequisite tasks in Updating Version 7.1.0, 7.1.0.1, 7.1.0.2 or 7.1.0.3 with Fix Pack 7.1.0.4. The tasks include extracting the fix pack compressed files.
Procedure
- Start Installation Manager.
Note: If you are installing the fix pack into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX®, Linux, Linux on System z®, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows®
- Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
- Click File -> Preferences.
- Configure a repository
connection. This step specifies the location of the fix pack installation
files.
- Click Add Repository.
- Browse to the directory containing the extracted files from the archive file.
- Locate the repository configuration file. For
example, if you extracted the fix pack files on a Windows system in
C:\Temp:
C:\Temp\policy\delta.7104\repository.config
- Click OK to add the location as a repository.
- Optional: Click Test Connections.
Verify that you receive the message:
All repositories are connected
- Verify that the fix pack repository that you want to install is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
- Click OK.
Note:Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
- Click Update.
- The Update Packages panel displays package groups. The Tivoli Security Policy Manager package group is highlighted. Click Next.
- On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
- After reading the license agreement:
- To continue the installation, select I accept the terms in the license agreement and click Next.
- To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
- Installation Manager displays a list of installed components.
Each installed component is selected. These components are updated.
Verify that the list is correct and click Next.
Components can include:
- Policy manager server
- Policy manager console
- Configuration tool
- Confirm the values in
the Connection Details panel and click Next.
Installation Manager displays current values for:
- If you are updating the policy manager server, specify the required passwords on the Security Details panel.
- Verify that the supplied values for the other properties are correct. Click Next.
- Supply a password for the administrative user and for the
truststore. If your deployment uses the keystore, supply a password
for it.
Note:If your deployment does not have security enabled, you cannot specify these values.
- Administrative user name
- Required. Specifies the user name of the administrator that manages the WebSphere Application Server instance. The default value is wasadmin.
- Administrative user password
- Required. Specifies the password for the WebSphere Application Server administrator.
- Truststore location
- Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
- Truststore password
- Required. Specifies the password for the truststore.
- Keystore location
- Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you use the default keystore, the location is blank.
- Keystore password
- Optional. Specifies the password for the keystore if a location was specified.
- In the Queried WebSphere Server Information panel, verify that the listed values are correct for the WebSphere Application Server instance.
- Perform one of the following actions:
Note:If you are installing in a WebSphere cluster, the displayed text shows the correct cell name, but incorrectly shows the server name as one of the nodes.
- If the information is correct, click Next.
- If this information is not correct, an error indicates
that the data cannot be confirmed with WebSphere Application Server.
- Exit and restart Installation Manager. Click Cancel -> File -> Exit.
Note:Do not use Back to return to the data-entry panel.
- You do not have to reenter the repository information. Continue with Step 6.
- Exit and restart Installation Manager. Click Cancel -> File -> Exit.
- In the Server Or Cluster To Deploy panel, select the WebSphere environment where you want to update the product components.
- Click Next.
- If you are updating the policy manager console, specify the password in the Tivoli Integrated Portal Install Details panel.
- Confirm that the other values
are correct and click Next.
- User name
- Specifies the name of the administrator for the console. The default value is tipadmin.
- User password
- Specifies a password for the administrator.
- Verify user password
- Specifies the password again for verification.
- Console HTTP port
- Specifies the port number for connecting to the console with a web browser. You can specify a specific port number or accept the default. The default port number is 16310.
- Location to install Tivoli Integrated Portal (TIP)
- Specifies the fully qualified name of the directory where the
Tivoli Integrated Portal is installed.
The default installation directory is:
- AIX, Linux, Linux on System z, or Solaris
-
/opt/IBM/tivoli/tip
- Windows
-
C:\Program Files\tivoli\tip
- Review the summary information and click Update. Installation Manager starts gathering files.
- Click Finish to complete the installation.
- Exit Installation Manager by clicking File -> Exit.
- Continue with the appropriate action:
- If you installed the update on a stand-alone server, continue with step 26.
- If you installed the update in a clustered environment, complete
the following steps to ensure that the repository plug-in files are
available to all the shared nodes in your cluster:
- Locate the plug-in JAR files.
After you install Tivoli Security Policy Manager, the plug-ins are on the deployment manager server:
- Windows
-
- TSPM_INSTALL_DIR\plugins\com.ibm.ws.repository_6.2.0.jar
- TSPM_INSTALL_DIR\plugins\com.ibm.tspm.repository.datasource_7.1.0.jar
- AIX, Linux, or Solaris
-
- TSPM_INSTALL_DIR/plugins/com.ibm.ws.repository_6.2.0.jar
- TSPM_INSTALL_DIR/plugins/com.ibm.tspm.repository.datasource_7.1.0.jar
- Copy both JAR files to the following path on each WebSphere Application
Server installation that contains a node profile in the cell:
- Windows
- WAS_HOME\plugins
- AIX, Linux, or Solaris
- WAS_HOME/plugins
- Locate the plug-in JAR files.
- If you installed the upgrade in a clustered environment,
verify that the WS-Notification and Tivoli Security Policy Manager
modules are mapped:
- Log in to the WebSphere Application Server console for
the Deployment Manager and take the action for your version of WebSphere:
- On WebSphere Application Server 6.1, click Enterprise Applications.
- On WebSphere Application Server 7.0, click Applications -> Applications Types -> WebSphere Enterprise Applications.
- For each of the following applications, click the module
name and then click Manage Modules.
- IBM Tivoli Security Policy Manager
- The Tivoli Security Policy Manager module.
- TsmEPListener.cluster1
- TsmEPListener is the module name and cluster1 is the name of your cluster.
- sibws.cluster1
- sibws is the module name and cluster1 is the name of your cluster.
- Ensure that each module shows a mapping to the cluster and the web server. If any applications are not mapped, complete the steps in Mapping the WS-Notification and Tivoli Security Policy Manager modules to the cluster. Then, return to this topic.
- Continue with step 21.
- Log in to the WebSphere Application Server console for
the Deployment Manager and take the action for your version of WebSphere:
-
Refresh the WebSphere OSGi cache:
- Stop the WebSphere Application Server for the policy manager. In a cluster, stop the cluster, including the node agents and the deployment manager.
- Run the OSGi configuration script to refresh the WebSphere
OSGi cache. In a cluster, run the script on each node.
- AIX, Linux, Linux on System z, or Solaris
WAS_HOME/profiles/profile_name/bin/osgiCfgInit.sh
- Windows
WAS_HOME\profiles\profile_name\bin\osgiCfgInit.bat
- AIX, Linux, Linux on System z, or Solaris
- Start the WebSphere Application Server for the policy
manager. In a cluster, start the cluster, including the node agents
and the deployment manager.
- Windows:
- Go to C:\Program Files\IBM\tivoli\tip\profiles\TIPProfile\bin
- Stop the server with the following command:
stopServer.bat -server1 -username adminname -password adminpassword
- Start the server with the following command:
startServer.bat server1
- Stop the server with the following command:
- AIX, Linux, or Solaris
- Go to /opt/IBM/tivoli/tip/profiles/TIPProfile/bin
- Stop the server with the following command:
stopServer.sh -server1 -username adminname -password adminpassword
- Start the server with the following command:
startServer.sh server1
- Stop the server with the following command:
What to do next
Continue with the updates that are appropriate for your environment:
- Updating the Tivoli runtime security services server
- Updating the Tivoli runtime security services client
- Updating the Tivoli Security Policy Manager software development kit
- Updating the Runtime Security Services software development kit
Updating the Tivoli runtime security services server
You can update the Tivoli runtime security services server package with the fix pack installation files that are downloaded from the Customer Support website.
Procedure
- Start Installation Manager.
For a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
- Click File -> Preferences.
- Configure a repository
connection. This step specifies the location of the fix pack installation
files.
- Click Add Repository.
- Browse to the directory containing the extracted files from the archive file.
- Locate the repository configuration file. For
example, if you extracted the fix pack files in
C:\Temp on a Windows system:
C:\Temp\policy\delta.7104\repository.config
- Click OK to add the location as a repository.
- Optional: Click Test Connections.
- Verify that you get the message:
All repositories are connected
- Verify that the Fix Pack repository you want to install now is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
- Click OK.
Note:Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
- Click Update.
- The Update Packages panel displays package groups. The RTSS package group is highlighted. Click Next.
- On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
- After reading the license agreement:
- To continue the installation, select I accept the terms in the license agreement and click Next.
- To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
- The Update Packages panel displays the features to update. The Authorization Service package is highlighted. Click Next.
- Confirm the values in
the Connection Details panel and click Next.
Installation Manager displays current values for:
- SOAP port
- Specifies the port value that is used by WebSphere Application Server for SOAP communications.
- Security enabled
- Specifies whether communication with WebSphere Application Server occurs only
over secure connections.
Note:Clear Security enabled only if instructed to do so by IBM Support personnel.
- Specify the necessary passwords on the Security Details panel.
- Verify that the supplied values for the other properties are correct and click Next.
- Supply a password for the administrative user and for the
truststore. If your deployment uses the keystore, supply a password
for it.
Note:If your deployment does not have security enabled, you cannot specify these values.
- Administrative user name
- Required. Specifies the user name of the administrator that is managing the WebSphere Application Server instance. The default value is wasadmin.
- Administrative user password
- Required. Specifies the password for the WebSphere Application Server administrator.
- Truststore location
- Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
- Truststore password
- Required. Specifies the password for the truststore.
- Keystore location
- Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, the location is blank.
- Keystore password
- Optional. Specifies the password for the keystore if a location was specified.
- In the Queried WebSphere Server Information panel,
verify that the listed values are correct for the WebSphere Application Server instance and
perform one of the following actions:
Note:If you are installing in a WebSphere cluster, the displayed text shows the correct cell name, but incorrectly shows the server name as one of the nodes.
- If the information is correct, click Next.
- If this information is not correct, an error indicates
that the data cannot be confirmed with WebSphere Application Server:
- Exit and restart Installation Manager. Click Cancel -> File -> Exit.
Note:Do not use Back to return to the data entry panel.
- You do not need to add the repositories to Installation Manager. Continue with Step 6.
- Exit and restart Installation Manager. Click Cancel -> File -> Exit.
- In the Server Or Cluster To Deploy panel, select the WebSphere environment where you are installing the product components. Click Next.
- Review the summary information and click Update to begin the installation.
- Click Finish to complete the installation.
- Exit Installation Manager by clicking File -> Exit.
What to do next
- Verify that you can issue administration commands to the runtime
security services server.
For example, you can use the administration console to verify that the runtime security services audit settings are visible.
- Verify that you can distribute policy to a policy distribution
target.
See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.
- Update the runtime security services clients.
Updating the Tivoli runtime security services client
You can update the Tivoli runtime security services package with the fix pack installation files that are downloaded from the Customer Support website.
Procedure
- Start Installation Manager.
For a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
- Click File -> Preferences.
- Configure a repository
connection. This step specifies the location of the fix pack installation
files.
- Click Add Repository.
- Browse to the directory containing the extracted files from the archive file.
- Locate the repository configuration file. For
example, if you extracted the fix pack files in
C:\Temp on a Windows system:
C:\Temp\policy\delta.7104\repository.config
- Click OK to add the location as a repository.
- Optional: Click Test Connections.
Verify that you get the message:
All repositories are connected
- Verify that the fix pack repository you want to install now is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
- Click OK.
Note:Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
- Click Update.
- The Update Packages panel displays package groups.
- Verify that the RTSSClient package group is selected.
- Click Next.
- On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
- After reading the license agreement:
- To continue the installation, select I accept the terms in the license agreement and click Next.
- To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
- The Update Packages panel displays the installed features
to update.
- Verify that the required features Authorization Service Runtime and Policy Management Administration Agent are selected.
- If the optional feature Web Services Application Enforcement is installed, verify that it is selected.
- Click Next.
- Confirm the values in
the Connection Details panel and click Next.
Installation Manager displays current values for:
- SOAP port
- Specifies the port value that is used by WebSphere Application Server for SOAP communications.
- Security enabled
- Specifies whether communication with WebSphere Application Server occurs only
over secure connections.
Note:Clear Security enabled only if instructed to do so by IBM Support personnel.
- Specify the necessary passwords on the Security Details panel. Verify that the supplied values for the other properties are correct. Click Next.
- Supply a password for the administrative user and for the truststore.
- If your deployment uses the keystore, supply a password
for it.
Note:If your deployment does not have security enabled, you cannot specify these values.
- Administrative user name
- Required. Specifies the user name of the administrator that is managing the WebSphere Application Server instance. The default value is wasadmin.
- Administrative user password
- Required. Specifies the password for the WebSphere Application Server administrator.
- Truststore location
- Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
- Truststore password
- Required. Specifies the password for the truststore.
- Keystore location
- Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, the location is blank.
- Keystore password
- Optional. Specifies the password for the keystore if a location was specified.
- In the Queried WebSphere Server Information panel,
verify that the listed values are correct for the WebSphere Application Server instance and
perform one of the following actions:
Note:For a WebSphere cluster, the displayed text shows the correct cell name, but incorrectly shows the server name as one of the nodes.
- If the information is correct, click Next.
- If this information is not correct, an error is displayed indicating
that the data could not be confirmed with WebSphere Application Server:
- Exit and restart Installation Manager. Click Cancel -> File -> Exit.
Note:Do not use Back to return to the data entry panel.
- You do not need to add the repositories to Installation Manager. Continue with Step 6.
- Exit and restart Installation Manager. Click Cancel -> File -> Exit.
- In the Server Or Cluster To Deploy panel, select the WebSphere environment where you are installing the product components. Click Next.
- Review the summary information and click Update to begin the installation.
- Click Finish to complete the installation.
- Exit Installation Manager by clicking File -> Exit.
What to do next
Update and verify the client configuration. Use the following links to complete the configuration. The links point to configuration tasks on the Tivoli Security Policy Manager information center.
- Local client mode:
- Standalone WebSphere Application Server deployment
- Deploy the client in local mode.
- Configure a policy enforcement point in local mode.
- Verify that you can issue administration commands to the runtime
security services server.
For example, you can use the administration console to verify that the runtime security services audit settings are visible.
- Verify that you can distribute policy to a policy distribution
target.
See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.
- WebSphere Cluster deployments
- Deploy the client in local mode.
- Configure a policy enforcement point in local mode.
- Verify that you can issue administration commands to the runtime
security services server.
For example, you can use the administration console to verify that the runtime security services audit settings are visible.
- Verify that you can distribute policy to a policy distribution
target.
See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.
- Standalone WebSphere Application Server deployment
- Remote client configuration and verification:
- Standalone WebSphere Application Server deployments
- Deploy the client in remote mode.
- Configure a policy enforcement point on the client in remote mode.
- Configure SSL for the runtime security services client in remote mode.
- If you want to verify that a runtime security services client is configured correctly in remote mode, use your deployed application to verify that you get the appropriate permit and deny access decisions.
- Cluster deployments
- Deploy the client in remote mode.
- Configure a policy enforcement point on the client in remote mode.
- Configure SSL for the runtime security services client in remote mode.
- If you want to verify that a runtime security services client is configured correctly in remote mode, use your deployed application to verify that you get the appropriate permit and deny access decisions.
- Standalone WebSphere Application Server deployments
Updating the Tivoli Security Policy Manager software development kit
You can update the Tivoli Security Policy Manager software development kit package with the fix pack installation files.
Procedure
- Start Installation Manager.
For a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
- Click File -> Preferences.
- Configure a repository
connection. This step specifies the location of the fix pack installation
files.
- Click Add Repository.
- Browse to the directory containing the extracted files from the archive file.
- Locate the repository configuration file. For
example, if you extracted the fix pack files in
C:\Temp on a Windows system:
C:\Temp\policy\delta.7104\repository.config
- Click OK to add the location as a repository.
- Optional: Click Test Connections.
- Verify that you get the message:
All repositories are connected
- Verify that the Fix Pack repository you want to install now is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
- Click OK.
Note:Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
- Click Update.
- The Update Packages panel displays package groups. The TSPM package group is highlighted. Click Next.
- On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
- After reading the license agreement:
- To continue the installation, select I accept the terms in the license agreement and click Next.
- To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
- The Update Packages panel highlights the Software Development Kit package. Confirm that the package is correct and click Next
- Review the summary information and click Update to begin the installation.
- Click Finish to complete the installation.
- Exit Installation Manager by clicking File -> Exit.
Updating the Runtime Security Services software development kit
You can update the Runtime Security Services software development kit package by installing the fix pack installation files.
Procedure
- Start Installation Manager.
For a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
- Click File -> Preferences.
- Configure a repository
connection. This step specifies the location of the fix pack installation
files.
- Click Add Repository.
- Browse to the directory containing the extracted files from the archive file.
- Locate the repository configuration file. For
example, if you extracted the fix pack files in
C:\Temp on a Windows system:
C:\Temp\policy\delta.7104\repository.config
- Click OK to add the location as a repository.
- Optional: Click Test Connections.
- Verify that you get the message:
All repositories are connected
- Verify that the Fix Pack repository you want to install now is listed at the bottom of the repository list. This order ensures that Installation Manager installs the files for this fix pack last.
- Click OK.
Note:Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
- Click Update.
- The Update Packages panel displays package groups. The RTSS package group is highlighted. Click Next.
- On the Update Packages panel, select the Version 7.1.0.4 package. Click Next.
- After reading the license agreement:
- To continue the installation, select I accept the terms in the license agreement and click Next.
- To cancel the installation, select I do not accept the terms in the license agreement and click Cancel.
- The Update Packages panel highlights the packages that are installed. This includes Software Development Kit package and can include Software Development Kit and Samples and Portal Application Enforcement Software Development Kit. Confirm that the packages are correct and click Next.
- Review the summary information and click Update to begin the installation.
- Click Finish to complete the installation.
- Exit Installation Manager by clicking File -> Exit.
Rolling back or uninstalling fix pack files
Use Installation Manager to roll back or uninstall a set of software packages.
Installation Manager supports two different tasks for removing the fix pack files. You must choose which task you want to do.
The Installation Manager graphical user interface has icons for Roll back and Uninstall.
- Roll back
In one session, Installation Manager:
- Saves the necessary configuration files.
- Uninstalls the files for Fix Pack 7.1.0.4.
- Installs the Version 7.1.0.0, 7.1.0.1, 7.1.0.2 or 7.1.0.3 files, depending on the version you used before you installed Fix Pack 7.1.0.4.
- Places the saved configuration files back into the correct locations.
- Uninstall
In one Installation Manager session, uninstalls the files for Fix Pack 7.1.0.4 and all previously installed versions. You can remove files on a package or feature level.
Select the instructions that are appropriate for your deployment:
- To roll back an installation, follow a set of instructions that guide you through the file rollback and component configuration steps that are needed to restore a fully functional Version 7.1.0 deployment. See Rolling back Fix Pack 7.1.0.4
- To uninstall the fix pack files without rolling back to a previous version, continue with the instructions in this Readme file.
Rolling back Fix Pack 7.1.0.4
Use Installation Manager to roll back the fix pack and return to a Version 7.1.0 configuration.
About this task
The Installation Manager application provides a roll back option so you can return Tivoli Security Policy Manager to a Version 7.1.0 configuration.
Installation Manager provides a graphical user interface for the roll back process, but does not prompt for configuration properties. You must edit properties files before running Installation Manager. Installation Manager automatically saves configuration files, uninstalls the fix pack files, installs the Version 7.1.0 files, and restores the saved configuration files.
Procedure
- Review and modify the configuration properties files.
- Use Installation Manager to run the roll back process.
See Using Installation Manager to roll back to a previous version.
Setting properties for rollback
You must manually edit the properties files before starting the Installation Manager rollback process. The process obtains properties directly from the product properties files and does not offer an opportunity for verifying or modifying them.
Installation Manager and Tivoli Security Policy Manager do not store values for passwords in properties files. You must manually insert values for passwords into each property file.
Package | Administration properties files | Installation Manager properties files |
---|---|---|
Tivoli Security Policy Manager |
admin.client.properties tip.admin.client.properties tip.properties |
installed.xml installRegistry.xml |
Tivoli Security Policy Manager Software Development Kit | none | none |
Runtime Security Services Server | admin.client.properties |
installed.xml installRegistry.xml |
Runtime Security Services Client | admin.client.properties |
installed.xml installRegistry.xml |
Runtime Security Service Software Development Kit | none | none |
Follow the instructions for editing each property file that applies to the package that you want to roll back.
- To roll back the Tivoli Security Policy Manager package:
- To roll back the Runtimes Security Service Server package or Runtime Security Services Client package:
- To roll back only the Tivoli Security Policy Manager Software Development Kit or the Runtime Security Services Software Development Kit, you do not need to edit any files.
After you have modified the properties files, use Installation Manager to roll back the product files. See Using Installation Manager to roll back to a previous version.
Editing password properties for Installation Manager
Insert values for necessary passwords into properties used by Installation Manager.
About this task
Installation Manager requires values for several passwords in order to complete the roll back process. Installation Manager does not store passwords. Because the Installation Manager roll back process does not supply a method to enter the password values through a graphical panel, you must manually insert password values into two properties files.
Procedure
- Change directory to the location of the two properties
files.
Both files are located in the Installation Manager agent data location. The agent data location is the directory that Installation Manager uses for data that is associated with an application.
The installing user may override the default data location by using the Installation Manager -dataLocation switch and if this has been done when installing TSPM or RTSS components, the two files that will need updating will reside in that location rather than in the default locations listed below.
Additionally, the default location of the agent data location will differ depending whether an admininstrative (root) or non-administrative type installation of Installation Manager was done. If an administrative user installed Installation Manager using the 'install' command then this is considered an administrative install. If the 'userinst' command was used to install the Installation Manager then this is considered to be a non-administrative install.
Administrative installation default agent data location- Linux and UNIX
/var/ibm/InstallationManager
- Administrative installation agent data location on Windows Vista and Windows 2008
C:\ProgramData\IBM\Installation Manager
- Administrative installation agent data location on Windows 2000 and Windows XP
C:\Documents and Settings\All Users\Application Data\IBM\Installation Manager
- Linux and UNIX
<user home>/var/ibm/InstallationManager
- Windows Vista and Windows 2008
C:\Users\<user>\AppData\Roaming\IBM\InstallationManager
- Windows 2000 and Windows XP
C:\Documents and Settings\<user>\Application Data\IBM\Installation Manager
- Linux and UNIX
- Open the file installRegistry.xml for editing. Specify
the password properties needed for the package that you are rolling
back.
- When rolling back the Tivoli Security Policy Manager package:
- The following properties are required:
<property name='user.wasAdminUserPwd' value='ExamplePasswOrdForWASAdmin'/> <property name='user.wasTruststorePwd' value='ExamplePasswOrdForWAStruststore'/> <property name='user.tipAdminUserPwd' value='ExamplePasswOrdForTIPAdmin'/>
- The following property is optional. If you have specified a WebSphere
keystore file, specify the password for it:
<property name='user.wasKeystorePwd' value='ExamplePasswOrdForWASKeystore'/>
- The following properties are required:
- When rolling back the runtime security services server package
or runtime security services client package:
- The following properties are required:
<property name='user.wasAdminUserPwd' value='ExamplePasswOrdForWASAdmin'/> <property name='user.wasTruststorePwd' value='ExamplePasswOrdForWAStruststore'/>
- The following property is optional. If you have specified a WebSphere
keystore file, specify the password for it:
<property name='user.wasKeystorePwd' value='ExamplePasswOrdForWASKeystore'/>
- The following properties are required:
- When rolling back the Tivoli Security Policy Manager Software Development Kit or the Runtime Security Services Software Development Kit, you do not have to edit any properties.
- When rolling back the Tivoli Security Policy Manager package:
- Repeat the above step for the file Installed.xml.
- There is a possible known issue with some properties within these two files. Refer to the Known Issues section and review all items listed before proceeding.
Ensure you save and close the file before starting Installation Manager.
Setting administration client properties
Specify and verify values in the administration client properties file, in order to use Installation Manager to roll back your deployment to a previous version. Although you supplied these values during the Fix Pack installation, password values are not stored and must be manually inserted. You must also verify that other values, such as truststore names, are correct.
About this task
For a complete description of the administration client file properties, see Administration client properties file.
Procedure
- Open the properties file for editing.
The default installation location is:
<TSPM_installation_dir>/etc/admin.client.properties
- Verify that the property is set for the SSL truststore.
The application uses this truststore when communicating with WebSphere Application Server. For example:
javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\ profiles\\AppSrv01\\etc\\trust.p12
- Enter the password for the SSL truststore.
For example:
javax.net.ssl.trustStorePassword=<your_trustStore_password>
- Verify that the WebSphere administrative user name is correct.
For example:
username=wasadmin
- Enter the password for the WebSphere administrative user.
For example:
password=<your_WebSphere_adminstrator_password>
- If your deployment uses a keystore for configuring SSL
between WebSphere and the installation program, verify that the keystore
property is set correctly.
Note:When the default location for the keystore is used, this property does not require a value. You must supply a value for javax.net.ssl.keyStore only when the default location is not used.
Default value:
javax.net.ssl.keyStore=
- If your deployment uses an SSL keystore, enter the password
for the keystore.
For example:
javax.net.ssl.keyStorePassword=<your_keyStore_password>
- Do not modify any of the other properties in the properties
file.
The file contains other properties that are used by Installation Manager and WebSphere. Do not modify the values when using the Installation Manager roll back process.
Example file
The example shows a properties file with password values manually inserted for the rollback process. The properties file, when stored on the file system, does not contain password values.
#Wed Sep 15 15:13:10 CDT 2010 javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\ profiles\\AppSrv01\\etc\\trust.p12 port=8880 cacheDisabled=true securityEnabled=true username=wasadmin javax.net.ssl.keyStore= ssl.disable.url.hostname.verification=true javax.net.ssl.trustStorePassword=myTrustStOrePasswOrD type=SOAP javax.net.ssl.keyStorePassword=myKeyStOrePasswOrD location=remote password=myWASAdminPasswOrD autoAcceptSignerForThisConnectionOnly=true host=localhost
What to do next
- If your rollback includes the Tivoli Security Policy Manager console, go to Setting Tivoli Integrated Portal administration client properties.
- If you have finished editing configuration properties, go to Using Installation Manager to roll back to a previous version.
Administration client properties file
The administration client properties file contains configuration and communication properties for Tivoli Security Policy Manager components and for runtime security services components.
The Installation Manager application uses this file. For most Installation Manager processes, you supply values for some of the properties in this file through the graphical user interface. However, for the Installation Manager roll back process, Installation Manager does not prompt for values for any properties. For the rollback process, you must supply values for passwords and verify the values for other properties, such as truststore and keystore locations.
The properties file also contains some properties which are used internally by Installation Manager for communicating with the administration client for WebSphere Application Server. Do not edit these internal properties. The following descriptions identify the properties that must not be modified.
-
The default installation location for the file is:
<TSPM_installation_dir>/etc/admin.client.properties
- For examples of how these properties appear in the file, see Example admin.client.properties.
- For instructions on how to edit this file for the rollback process, see Setting administration client properties.
Properties
- javax.net.ssl.trustStore
- Specifies the fully qualified path and name of the truststore
for WebSphere Application
Server. For example:
javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\ profiles\\AppSrv01\\etc\\trust.p12
For the rollback process, verify that this value is correct for your current deployment.
- port
-
Specifies the port value that is used by WebSphere Application Server for SOAP communications. The default port value is 8880 for a stand-alone server. Do not modify this value for the Installation Manager roll back process.
- cache-disabled
-
Specifies whether the WebSphere administration client uses an internal cache. This property is internal to the WebSphere administration client. Do not modify it.
- securityEnabled
-
Specifies whether communication with WebSphere Application Server occurs only over secure connections. This option is true by default and ensures that communications between Tivoli Security Policy Manager and WebSphere Application Server are always encrypted. Do not modify this value for the Installation Manager roll back process.
- username
- Specifies the user name of the administrator that is managing
the WebSphere Application
Server instance. The default value is wasadmin. For
example:
username=wasadmin
For the rollback process, verify that this value is correct for your current deployment.
- javax.net.ssl.keyStore
- Specifies the keystore location used by the WebSphere server to establish a secure
connection with the installation program. If you are using the default
keystore, you can leave the location blank. For example:
javax.net.ssl.keyStore=
For the rollback process, verify that this value is correct for your current deployment.
- ssl.disable.url.hostname.verification
-
Specifies whether host name verification is disabled by default for URL connections. Host name verification checks that the X509 Certificate Common Name (CN) matches the host name from which it is received. This property is internal to the WebSphere administration client. Do not modify it.
- javax.net.ssl.trustStorePassword
- Specifies the password for the truststore. For example:
javax.net.ssl.trustStorePassword=<your_password>
- type
-
The type of connector used by the WebSphere administration client. Possible values include SOAP, RMI, and JMS. Do not modify this value for the Installation Manager roll back process.
- javax.net.ssl.keyStorePassword
- Specifies the password for the keystore location used by the WebSphere server to establish
a secure connection with the installation program. For example:
javax.net.ssl.keyStorePassword=<your_password>
- location
-
This property is internal to the WebSphere administration client. Do not modify it.
- password
- Specifies the password for the WebSphere Application
Server administrator. For example:
password=<WebSphere_administrative_user_password>
- autoAcceptSignerForThisConnectionOnly
-
Specifies whether the WebSphere administration client programmatically trusts the connection, without storing the signer in the local truststore. This property is internal to the WebSphere administration client. Do not modify it. For example:
autoAcceptSignerForThisConnectionOnly=true
- host
-
The name of the host that runs WebSphere Application Server for the administration client. This value is internal to the WebSphere administration client. Do not modify it.
Example admin.client.properties
The example file does not display any values for password properties. The file, when stored on the file system, does not contain passwords.
#Wed Sep 15 15:13:10 CDT 2010 javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\ profiles\\AppSrv01\\etc\\trust.p12 port=8880 cacheDisabled=true securityEnabled=true username=wasadmin javax.net.ssl.keyStore= ssl.disable.url.hostname.verification=true javax.net.ssl.trustStorePassword= type=SOAP javax.net.ssl.keyStorePassword= location=remote password= autoAcceptSignerForThisConnectionOnly=true host=localhost
Setting Tivoli Integrated Portal administration client properties
Specify and verify values in the Tivoli Integrated Portal administration client properties file, in order to use Installation Manager to roll back your deployment to a previous version. Although you supplied these values during the Fix Pack installation, password values are not stored and must be manually inserted.
About this task
For a complete description of the Tivoli Integrated Portal administration client file properties, see Tivoli Integrated Portal administration client properties file.
Procedure
- Open the properties file for editing.
The default installation location is:
<TSPM_installation_dir>/etc/tip.admin.client.properties
- Verify the port number used for connecting to the console
using a web browser.
For example:
port=16313
- Verify that the Tivoli Integrated Portal administrative
user name is correct.
For example:
username=tipdmin
- Enter the password for the Tivoli Integrated Portal administrative
user.
For example:
password=<your_TIP_adminstrator_password>
- Do not modify any of the other properties in the file.
The properties file contains other properties that are used by WebSphere, and might contain entries for truststore and keystore configuration.
Note:You do not have to specify passwords for either the truststore or keystore.
Example file
The example shows a properties file with password values manually inserted for the rollback process. The properties file, when stored on the file system, does not contain password values.
#Mon Sep 27 14:46:11 CDT 2010 javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\tip\\profiles\\TIPProfile\\ etc\\trust.p12 port=16313 cacheDisabled=true securityEnabled=true username=tipadmin ssl.disable.url.hostname.verification=true javax.net.ssl.trustStorePassword= type=SOAP javax.net.ssl.keyStore= javax.net.ssl.keyStorePassword= location=remote password=myTIPAdminPasswOrD autoAcceptSignerForThisConnectionOnly=true host=myhost.example.com
What to do next
Go to Setting Tivoli Integrated Portal properties.
Tivoli Integrated Portal administration client properties file
The Tivoli Integrated Portal administration client properties file contains configuration and communication properties for Tivoli Security Policy Manager components and for runtime security services components. The Installation Manager uses this file.
The Installation Manager application uses this file. For most Installation Manager processes, you supply values for some of the properties in this file through the graphical user interface. However, for the Installation Manager roll back process, Installation Manager does not prompt for values for any properties. For the rollback process, you must supply values for passwords.
The properties file also contains some properties which are used internally by Installation Manager for communicating with the administration client for WebSphere Application Server. Do not edit these internal properties. The following descriptions identify the properties that must not be modified.
-
The default installation location for the file is:
<TSPM_installation_dir>/etc/tip.client.properties
- For examples of how these properties appear in the file, see Example tip.admin.client.properties file.
- For instructions on how to edit this file for the rollback process, see Setting Tivoli Integrated Portal administration client properties.
Properties
- javax.net.ssl.trustStore
-
Optional. Specifies the fully qualified path and name of the truststore for WebSphere Application Server. Do not modify this property for the Installation Manager roll back process.
- javax.net.ssl.trustStorePassword
-
Specifies the password for the truststore. For example:
javax.net.ssl.trustStorePassword=<your_password>
Note:You do not need to specify this password for the roll back process. - port
-
Specifies the port number used for connecting to the console using a web browser.
The default port number is 16310. Do not modify this property for the Installation Manager roll back process.
- cache-disabled
-
This value specifies whether the WebSphere administration client uses an internal cache. Do not modify this property for the Installation Manager roll back process.
- securityEnabled
-
Specifies whether communication with WebSphere Application Server occurs only over secure connections. This option is true by default and ensures that communications between Tivoli Security Policy Manager and WebSphere Application Server are always encrypted. Do not modify this property for the Installation Manager roll back process.
- username
- Specifies the user name of the Tivoli Integrated Portal administrator.
For example:
username=tipadmin
- javax.net.ssl.keyStore
-
Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, you can leave the location blank. You do not have to enter this password for the Installation Manager roll back process.
- javax.net.ssl.keyStorePassword
-
Specifies the password for the keystore location used by the WebSphere server to establish a secure connection with the installation program. You do not have to enter this password for the Installation Manager roll back process.
- ssl.disable.url.hostname.verification
-
Specifies whether host name verification is disabled by default for URL connections. Host name verification checks that the X509 Certificate Common Name (CN) matches the host name from which it is received. This property is internal to the WebSphere administration client. Do not modify it.
- type
-
The type of connector used by the WebSphere administration client. Possible values include SOAP, RMI, and JMS. Do not modify this value for the Installation Manager roll back process.
- location
-
This value is internal to the WebSphere administration client. Do not modify this value for the Installation Manager roll back process.
- password
- Specifies the password for the Tivoli Integrated Portal administrator.
For example:
password=<WebSphere_administrative_user_password>
- host
-
The name of the host that runs WebSphere Application Server for the administration client. This value is internal to the WebSphere administration client. Do not modify this value for the Installation Manager roll back process.
Example tip.admin.client.properties file
The example file does not display any values for password properties. The file, when stored on the file system, does not contain passwords.
# javax.net.ssl.trustStore=C\:\\Program Files\\IBM\\tip\\profiles\\TIPProfile\\ etc\\trust.p12 port=16313 cacheDisabled=true securityEnabled=true username=tipadmin ssl.disable.url.hostname.verification=true javax.net.ssl.trustStorePassword= type=SOAP javax.net.ssl.keyStore= javax.net.ssl.keyStorePassword= location=remote password= autoAcceptSignerForThisConnectionOnly=true host=myhost.example.com
Setting Tivoli Integrated Portal properties
Specify and verify values in the Tivoli Integrated Portal administration client properties file, in order to use Installation Manager to roll back your deployment to a previous version. Although you supplied these values during the Fix Pack installation, password values are not stored and must be manually inserted.
About this task
For a complete description of the Tivoli Integrated Portal properties, see Tivoli Integrated Portal properties file.
Procedure
- Open the properties file for editing.
The default installation location is:
<TSPM_installation_dir>/etc/tip.properties
- Verify the Tivoli Integrated Portal administrative user
name.
For example:
tip.adminUser=tipadmin
- Enter a value for the Tivoli Integrated Portal administration
password.
For example:
tip.adminUserPwd=<your_password>
- Do not modify the values of the other properties.
Example tip.properties file
The properties file does not contains passwords when stored on the file system. The example shows the file after you have manually inserted a password for use during the rollback process.
#Mon Sep 27 14:46:11 CDT 2010 tip.installLocation=C\:\\Program Files\\IBM\\tip tip.adminUser=tipadmin tip.consolePort=16310 tip.adminUserPwd=myTIPAdminPasswOrD
What to do next
- If you have finished editing configuration properties files, go to Using Installation Manager to roll back to a previous version.
- If you want to edit other properties file, see Setting properties for rollback.
Tivoli Integrated Portal properties file
The Tivoli Integrated Portal properties file contains configuration properties. The Installation Manager uses this file.
The Installation Manager processes for installation, update, and uninstallation present a graphical user interface for entering values. However, Installation Manager rollback process does not present a graphical user interface. For rollback, you must manually edit the file, and supply a value for the Tivoli Integrated Portal administrator password.
Some properties are used internally by Tivoli Integrated Portal for communicating with the administration client for WebSphere Application Server. Do not edit these internal properties. The following descriptions identify the properties that must not be modified.
-
The default installation location is:
<TSPM_installation_dir>/etc/tip.properties
- For examples of how these properties appear in the file, see Example tip.properties file.
- For instructions on how to edit this file for the rollback process, see Setting Tivoli Integrated Portal properties.
Properties
- tip.installLocation
-
Fully qualified path name to the installation directory for the Tivoli Integrated Portal console. Do not modify this value for the Installation Manager roll back process.
tip.installLocation=C\:\\Program Files\\IBM\\tip
- tip.adminUser
- Specifies the user name of the Tivoli Integrated Portal administrator.
- tip.consolePort
-
Specifies the port number used for connecting to the console using a web browser. The default port number is 16310. Do not modify this value for the Installation Manager roll back process.
- tip.adminUserPwd
- Specifies the password for the Tivoli Integrated Portal administrator. Enter a value for this property for the Installation Manager roll back process.
Example tip.properties file
The example file does not display any values for password properties. The file, when stored on the file system, does not contain passwords.
# #Mon Sep 27 14:46:11 CDT 2010 tip.installLocation=C\:\\Program Files\\IBM\\tip tip.adminUser=tipadmin tip.consolePort=16310 tip.adminUserPwd=
Using Installation Manager to roll back to a previous version
Use Installation Manager to roll back your deployment to a previous version of the product.
The Installation Manager rollback process automatically saves aside configuration files, uninstalls the fix pack files, installs the Version 7.1.0 files, and restores the saved configuration files.
Important notes:
- Perform roll back for each package that is installed. Some packages contain more than one feature or component. You must roll back the entire package.
- All packages in a deployment must be at the same level. You cannot mix Version 7.1.0 packages with Version 7.1.0.4 packages.
- The Tivoli Security Policy Manager packages and the Runtime Security Services packages in each deployment must be at the same level. This requirement includes deployments where the Tivoli Security Policy Manager server runs on a different computer from the Runtime Security Services server.
- Installation Manager provides a graphical user interface for the rollback process, but does not prompt for configuration properties. You must edit properties files before running Installation Manager. See Setting properties for rollback.
- If you run Installation Manager without first adding your password
values to properties files, Installation Manager displays the following
error:
Error during "pre-install configure" phase: java.lang.ExceptionInitializerError
For more information on the required editing tasks, see Setting properties for rollback. - Fix Pack 7.1.0.4 does not support rollback of the Tivoli Security Policy Manager package when deployed into a WebSphere cluster. Version 7.1.0 did not support deployment of the Tivoli Security Policy Manager package into a WebSphere cluster. Rolling back to Version 7.1.0 is not supported because it results in loss of policy manager functionality within the cluster.
Package | Features |
---|---|
Tivoli Security Policy Manager | Tivoli Policy Platform |
Tivoli Security Policy Manager server | |
Tivoli Security Policy Manager administration console | |
Tivoli Integrated Portal console | |
Tivoli Security Policy Manager configuration utility | |
Tivoli Security Policy Manager SDK | Software Development Kit and Samples |
Runtime Security Services Server | Authorization Service |
Runtime Security Services Client | Authorization Service |
Policy Management Administration Agent | |
Web Services Application Enforcement | |
Runtime Security Services SDK | Software Development Kit and Samples |
Runtime Security Services SDK | Portal Application Enforcement Software Development Kit |
Follow the instructions for the package that you want to roll back:
- Rolling back the policy manager package
- Rolling back the runtime security services server
- Rolling back the runtime security services client
- Rolling back the Tivoli Security Policy Manager software development kit
- Rolling back the Runtime Security Services software development kit
Rolling back the policy manager package
Use this procedure to interactively roll back the policy manager server, console, Tivoli Integrated Portal, and configuration tool.
Before you begin
Complete these tasks in the order listed before you roll back the policy manager components:
- Ensure that WebSphere Application Server is running.
- If necessary, save the response file for the Tivoli Security Policy
Manager configuration tool.
If you created a response file for the Tivoli Security Policy Manager configuration tool in the /opt/IBM/TSPM directory hierarchy, back up the response file before you roll back Tivoli Security Policy Manager. Place the backup files in a directory that is separate from the Tivoli Security Policy Manager installation directory.
- Set properties in the necessary properties file. Follow the instructions
in Setting properties for rollback.
Note:If you run Installation Manager without first adding your password values to the necessary properties file, Installation Manager displays the following error:
Error during "pre-install configure" phase: java.lang.ExceptionInitializerError
Procedure
- Start Installation Manager.
If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
- Select Roll back in the Installation Manager startup panel.
- Select the IBM Tivoli Security Policy Manager package group. Click Next.
- Select the IBM Tivoli Security Policy Manager package to roll back. Click Next.
- Verify that the correct package is selected, then click Roll Back.
- When the rollback completes, a panel indicates success or failure. Click Finish to exit.
- Stop the WebSphere Application Server for the policy manager.
- Run the OSGi configuration script
to refresh the WebSphere OSGi cache.
- AIX, Linux, Linux on System z, or Solaris
WAS_HOME/profiles/profile_name/bin/osgiCfgInit.sh
- Windows
WAS_HOME\profiles\profile_name\bin\osgiCfgInit.bat
- AIX, Linux, Linux on System z, or Solaris
- Start the WebSphere Application
Server for the policy manager.
- Windows:
- Go to C:\Program Files\IBM\tivoli\tip\profiles\TIPProfile\bin
- Stop the server with the following command:
stopServer.bat -server1 -username adminname -password adminpassword
- Start the server with the following command:
startServer.bat server1
- Stop the server with the following command:
- AIX, Linux, or Solaris
- Go to /opt/IBM/tivoli/tip/profiles/TIPProfile/bin
- Stop the server with the following command:
stopServer.sh -server1 -username adminname -password adminpassword
- Start the server with the following command:
startServer.sh server1
- Stop the server with the following command:
Results
If you want, you can view the results of the Installation
Manager process by using the Installation Manager log viewer to review
the log file.
The default Installation Manager log files are located in these directories:
|
What to do next
Verify that the packages that rolled back are active and correctly configured.
- Verify that the version number on the Tivoli Integrated Portal console is 7.1.0.0.
- Verify that the following files are located in <TSPM_installation_directory>/properties/version:
- Tivoli_Policy_Platform.7.1.0.cmptag
- Tivoli_Security_Policy_Manager.7.1.0.cmptag
- Tivoli_Security_Policy_Manager_for_Data_Entitlements.7.1.0.cmptag
Before running the roll back process, the corresponding file names in <TSPM_installation_directory>/properties/version are:
- Tivoli_Policy_Platform.7.1.0.fxptag
- Tivoli_Security_Policy_Manager.7.1.0.fxtag
- Tivoli_Security_Policy_Manager_for_Data_Entitlements.7.1.0.fxtag
Rolling back the runtime security services server
The WebSphere administrator uses the procedure in this topic to interactively roll back the runtime security services server.
Before you begin
- Back up your new and edited registration property files before you roll back the runtime security services server. Place the backup files in a directory that is outside of the runtime security services server installation directory.
- Ensure that the WebSphere Application Server where the runtime security services is deployed is running.
- Ensure that the policy manager server is running.
- Set properties in the administration client properties file. See Setting administration client properties.
Note:If you run Installation Manager without first adding your password values to the properties file, Installation Manager displays the following error:
Error during "pre-install configure" phase: java.lang.ExceptionInitializerError
About this task
This task applies to installations of the runtime security services server on either stand-alone WebSphere Application Servers or on WebSphere Network Deployment clusters.
Procedure
- Start Installation Manager.
If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
- Select Roll back in the Installation Manager startup panel.
- Select the IBM Tivoli Runtime Security Services package group. Click Next.
- Select the IBM Tivoli Runtime Security Services Server package. Click Next.
- Verify that the correct package is selected, then click Roll
back.
The files are uninstalled and replaced with files from the previous version.
- When the rollback completes, a panel indicates success or failure. Click Finish to exit.
- Stop and restart WebSphere Application Server. If installing into a WebSphere cluster, restart the WebSphere Application Server cluster. Restart the deployment manager, cluster, and server, as appropriate
Results
If you want, you can view the results of the Installation
Manager process by using the Installation Manager log viewer to review
the log file.
The default Installation Manager log files are located in these directories:
|
What to do next
Verify that the runtime security services server is correctly configured:
- Verify that you can issue administration commands to the runtime
security services server.
For example, you can use the administration console to verify that the runtime security services audit settings are visible.
- Verify that you can distribute policy to a policy distribution
target.
See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.
Rolling back the runtime security services client
Uses the procedure in this topic to interactively roll back the runtime security services client.
Before you begin
- Back up your new and edited registration property files before you roll back the runtime security services client. Place the backup files in a directory that is outside of the runtime security services client installation directory.
- Ensure that the WebSphere Application Server where the client is deployed is running.
- Set properties in the administration client properties file. See Setting administration client properties.
Note:If you run Installation Manager without first adding your password values to the properties file, Installation Manager displays the following error:
Error during "pre-install configure" phase: java.lang.ExceptionInitializerError
About this task
This task applies to installations of the runtime security services client on either stand-alone WebSphere Application Servers or on WebSphere Network Deployment clusters.
Procedure
- Start Installation Manager.
If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
- Select Roll back in the Installation Manager startup panel.
- Select the IBM Tivoli Runtime Security Services package group. Click Next.
- Select the IBM Tivoli Runtime Security Services Client package. Click Next.
- Verify that the correct package is selected, then click Roll back.
- When the rollback completes, a panel indicates success or failure. Click Finish to exit.
- Stop the WebSphere server instance.
- Deploy the client and configure a policy enforcement point.
The instructions for this step are specific to the client mode (local or remote) and to the type of WebSphere server environment (stand-alone or cluster). Use the instructions that fit your deployment.
- Local client mode, on a stand-alone WebSphere server
- Follow the instructions in the topic: Deploying the client in local mode
- Follow the instructions in the topic: Configuring a policy enforcement point in local mode
- Verify that you can issue administration commands to the runtime
security services server.
For example, you can use the administration console to verify that the runtime security services audit settings are visible.
- Verify that you can distribute policy to a policy distribution
target.
See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.
- Local client mode, in a WebSphere cluster
- Follow the instructions in:Deploying the client in local mode
- Follow the instructions in: Configuring a policy enforcement point in local mode
- Verify that you can issue administration commands to the runtime
security services server.
For example, you can use the administration console to verify that the runtime security services audit settings are visible.
- Verify that you can distribute policy to a policy distribution
target.
See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.
- Remote client mode on a stand-alone WebSphere Application Server
- Follow the instructions in: Deploying the client in remote mode
- Follow the instructions in: Configuring a policy enforcement point on the client in remote mode
- Follow the instructions in: Setting up security on the runtime security services client in remote mode
- To verify that a runtime security services client is configured correctly in remote mode, use your deployed application to verify that you get the appropriate permit and deny access decisions.
- Remote client mode in a WebSphere cluster
- Follow the instructions in: Deploying the client in remote mode
- Follow the instructions in: Configuring a policy enforcement point on the client in remote mode
- Follow the instructions in:Setting up security on the runtime security services client in remote mode
- To verify that a runtime security services client is configured correctly in remote mode, use your deployed application to verify that you get the appropriate permit and deny access decisions.
- Local client mode, on a stand-alone WebSphere server
Results
If you want, you can view the results of the Installation
Manager process by using the Installation Manager log viewer to review
the log file.
The default Installation Manager log files are located in these directories:
|
What to do next
- Verify that the following files are in /opt/IBM/RTSSClient/properties/version:
Tivoli_Security_Policy_Manager_Runtime_Security_Services.7.1.0.cmptag Tivoli_Security_Policy_Manager.7.1.0.swtag
Rolling back the Tivoli Security Policy Manager software development kit
The WebSphere administrator uses the procedure in this topic to interactively roll back the Tivoli Security Policy Manager Software Development Kit.
Procedure
- Start Installation Manager.
If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
- Select Roll back in the Installation Manager startup panel.
- Select the TSPM package group. Click Next.
- Select the TSPM-SDK installation package. Click Next.
- Verify that the correct package is selected, then click Roll back.
- When the rollback completes, a panel indicaties success or failure. Click Finish to exit.
Results
If you want, you can view the results of the Installation
Manager process by using the Installation Manager log viewer to review
the log file.
The default Installation Manager log files are located in these directories:
|
Rolling back the Runtime Security Services software development kit
The WebSphere administrator uses the procedure in this topic to interactively roll back the Tivoli Runtime Security Services Software Development Kit.
Procedure
- Start Installation Manager.
If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.
- AIX, Linux, Linux on System z, or Solaris
-
- Open a command-line window and navigate to the directory containing
Installation Manager.
The default installation directory is:
/opt/IBM/InstallationManager/eclipse
- Start the program.
IBMIM
- Open a command-line window and navigate to the directory containing
Installation Manager.
- Windows
- Click Start > All Programs > IBM Installation Manager > IBM Installation Manager.
- Select Roll back in the Installation Manager startup panel.
- Select the RTSS package group. Click Next.
- Select the RTSS-SDK installation package. Click Next.
- Verify that the correct package is selected, then click Roll back.
- When the rollback completes, a panel indicates success or failure. Click Finish to exit.
Results
If you want, you can view the results of the Installation
Manager process by using the Installation Manager log viewer to review
the log file.
The default Installation Manager log files are located in these directories:
|
Uninstalling both Fix Pack 7.1.0.4 and Version 7.1.0 files
Use Installation Manager to uninstall both the Fix Pack 7.1.0.4 and the Version 7.1.0 files. If Version 7.1.0.1 or Version 7.1.0.2 files were previously installed, they are also removed.
Before you begin
If you are uninstalling the Tivoli Security Policy Manager package and previously created a response file that you want to use later, save the response file before uninstalling the product.
If you created a response file for the Tivoli Security Policy Manager configuration tool in the /opt/IBM/TSPM directory hierarchy, back up the response file before you uninstall Tivoli Security Policy Manager. Place the backup files in a directory that is separate from the Tivoli Security Policy Manager installation directory.
About this task
You can use one Installation Manager uninstallation task to remove the Fix Pack 7.1.0.4 files, Version 7.1.0.3 files, Version 7.1.0.2 files, Version 7.1.0.1 files, (if previously installed) and Version 7.1.0 files. The fix pack has the same packages (components) and features as Version 7.1.0. The Installation Manager uninstallation process removes all files for the selected packages.
Procedure
- Use the uninstallation process that is documented on the
Tivoli Security Policy Manager information center. See Uninstalling Tivoli Security Policy Manager.
The uninstallation process on the information center applies to the fix pack files as well as to the Version 7.1.0 files. The information center describes both interactive and silent uninstallation mode. The information center topics describe the necessary unconfiguration and uninstallation steps for each of the product packages:
- Tivoli Security Policy Manager
- Tivoli Security Policy Manager Software Development Kit
- Runtime Security Services Server
- Runtime Security Services Client
- Runtime Security Services Software Development Kit
- If you uninstalled the Tivoli Security Policy Manager policy
manager component, you must refresh the WebSphere OSGi cache. Complete
the following instructions:
- Stop the WebSphere Application Server for the policy manager.
In a cluster, stop the cluster, including the node agents and the
deployment manager.
- AIX, Linux, Linux on System z, or Solaris
WAS_HOME/profiles/profile_name/bin/osgiCfgInit.sh
- Windows
WAS_HOME\profiles\profile_name\bin\osgiCfgInit.bat
- AIX, Linux, Linux on System z, or Solaris
- Start the WebSphere Application Server for the policy manager.
In a cluster, start the cluster, including the node agents and the
deployment manager.
- Windows:
- Go to C:\Program Files\IBM\tivoli\tip\profiles\TIPProfile\bin
- Stop the server with the following command:
stopServer.bat -server1 -username adminname -password adminpassword
- Start the server with the following command:
startServer.bat server1
- Stop the server with the following command:
- AIX, Linux, or Solaris
- Go to /opt/IBM/tivoli/tip/profiles/TIPProfile/bin
- Stop the server with the following command:
stopServer.sh -server1 -username adminname -password adminpassword
- Start the server with the following command:
startServer.sh server1
- Stop the server with the following command:
- Stop the WebSphere Application Server for the policy manager.
In a cluster, stop the cluster, including the node agents and the
deployment manager.
- Optional: When you complete the uninstallation, you can
review the Installation Manager log files with the
Installation Manager log viewer:
- If you just completed an uninstallation, go to the Installation Manager landing page and click File -> View Log .
- If you already closed Installation Manager:
- Start Installation Manager.
- Click File -> View Installation History.
- Select the package uninstallation that you want to view. For example, Tivoli Security Policy Manager.
- Click View Log.
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24033634