IBM Support

Upgrade centrally managed Guardium system to version 9 p500+ from a lower patch level than p500 using SSLv3

Question & Answer


Question

How to upgrade a centrally managed Guardium system from to v9 p500 or higher from a patch level lower than p500 since SSLv3 is disabled in patch 500 and higher

Cause

SSLv3 has been disabled in version 9 patch 500 and higher. When patch 500 or greater is installed on a Central Manager (CM), this can impair connection to the units it manages.

Answer

When upgrading a centrally managed environment from a patch level lower than p500 to p500 or higher, the recommended steps are:


    1. Install the patch on the CM

    2. SSLv3 will then be disabled on the CM. You can check this using CLI command


      show sslv3

    3. Enable SSLv3 using CLI command

      store sslv3 on

    4. Push the patch from the Central Manager to the Managed Units and schedule the install

    5. Once the patch is installed on all Managed Units, disable SSLv3 on the CM again using CLI command


      store sslv3 off

Once the upgrade is complete SSLv3 should be disabled on all appliances. More detail on this can be found in the patch release notes.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.0;9.1;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21990446

Page Feedback