ibm tivoli endpoint manager: patch management for aix user's guide

IBM Tivoli Endpoint ManagerVersion 8.2

Patch Management for AIX User'sGuide

��

NoteBefore using this information and the product it supports, read the information in “Notices” on page 29.

This edition applies to version 8, release 2, modification level 0 of Tivoli Endpoint Manager (product number5725-C45) and to all subsequent releases and modifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2003, 2012.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Chapter 1. Introduction . . . . . . . . 1Supported versions . . . . . . . . . . . . 1

Chapter 2. Setup . . . . . . . . . . . 3Download plug-ins . . . . . . . . . . . . 3Manage Download Plug-ins dashboard . . . . . 3

Registering the AIX download plug-in . . . . . 5Unregistering the AIX download plug-in . . . . 7Configuring the AIX download plug-in . . . . 7Migrating the AIX download plug-in . . . . . 8Upgrading the AIX download plug-in . . . . . 9

Chapter 3. Patch using Fixlets. . . . . 11Apply AIX patches . . . . . . . . . . . . 11

Deploy Maintenance and Technology Levelpatches . . . . . . . . . . . . . . . 11

Individual AIX File set updates . . . . . . . 13AIX Package Updates . . . . . . . . . . 14

Use the Download Cacher . . . . . . . . . 15Use the Fileset Deployment Wizard . . . . . . 17

Fileset Updates . . . . . . . . . . . . 18Package updates. . . . . . . . . . . . 20

Apply an Interim Fix . . . . . . . . . . . 21Troubleshooting Failed OS Updates . . . . . . 22

Appendix A. Support. . . . . . . . . 25

Appendix B. Frequently askedquestions . . . . . . . . . . . . . 27

Notices . . . . . . . . . . . . . . 29

© Copyright IBM Corp. 2003, 2012 iii

iv IBM Tivoli Endpoint Manager: Patch Management for AIX User's Guide

Chapter 1. Introduction

Tivoli® Endpoint Manager Patch Management for AIX® provides unified, real-timevisibility and enforcement to deploy and manage patches to all endpoints from asingle console. Patch Management keeps your AIX clients current with the latestpackages, service packs, and fixes.

The Tivoli Endpoint Manager Patch Management solution, which includesdeploying a multi-purpose, lightweight agent to all endpoint devices, supports awide variety of device types ranging from workstations and servers to mobile andpoint-of-sale (POS) devices.

Supported versionsPatch Management for AIX supports the latest Maintenance or Technology Levelpackages and Service Packs for AIX 5.1, 5.2, 5.3, 6.1, and 7.1.

The Patches for AIX Fixlet site includes inventory-only Fixlets for AIX SecurityAdvisories, Critical Fixes, High Impact/Highly Pervasive Fixes and ProgramTemporary Fixes (PTFs) released since the last Maintenance Level Package update.

In addition, the Patches for AIX Fixlet site contains task messages to compare thepatch level of a computer with the most currently available fixes. You can viewyour results in the Tivoli Endpoint Manager console after you have activated allanalyses.

© Copyright IBM Corp. 2003, 2012 1

2 IBM Tivoli Endpoint Manager: Patch Management for AIX User's Guide

Chapter 2. Setup

Setting up your environment for patch management.

Download plug-insDownload plug-ins are executable programs that download a specified patch fromthe website of the patch vendor. To ease the process of caching, Fixlets have anincorporated protocol that uses download plug-ins.

For the Fixlet to recognize the protocol, the related download plug-in must beregistered. You must use the Manage Download Plug-ins dashboard to register thedownload plug-in. After the plug-in is registered, you can run the Fixlets todownload, cache, and deploy patches from the Tivoli Endpoint Manager console.

If you already registered the plug-in, you can use the Manage Download Plug-insdashboard to run the update. You must use the dashboard also to unregister andconfigure the download plug-in. For more information about the dashboard, seethe succeeding topics.

Note: If you install the download plug-in on relays, it is suggested that you alsoinstall it on the server.

Manage Download Plug-ins dashboardUse the Manage Download Plug-ins dashboard to oversee and manage downloadplug-ins in your deployment.

You can use the Manage Download Plug-ins dashboard to register, unregister,configure, and upgrade the download plug-ins for different patch vendors. Formore information about these features, see the related topics.

You must subscribe to the Patching Support site to gain access to this dashboard.To view the Manage Download Plug-ins dashboard, go to Patch Managementdomain > All Patch Management > Dashboards > Manage Download Plug-ins.


The dashboard displays all the servers and windows-only relays in yourdeployment. You can select a server or relay to view all the plug-ins for thatcomputer. The dashboard shows you also the version and status for each plug-inin one consolidated view.

Figure 1. Patch Management navigation tree


A plug-in can be in one of the following states:v Not Installedv New Version Availablev Up-To-Datev Not Supported

Note: CentOS and SUSE Linux download plug-ins are not supported in relays.

The dashboard is equipped with a live keyword search capability. You can searchbased on the naming convention of the servers, relays, and plug-ins.

Registering the AIX download plug-inUse the Manage Download Plug-ins dashboard to register the download plug-infor AIX.

You must complete the following tasks:v Subscribe to the Patching Support site to gain access to the Manage Download

Plug-ins dashboard.v Enable the Encryption for Clients Fixlet on servers and relays for which you

want to register the download plug-in.v Activate the Encryption Analysis for Clients analysis and Download Plug-in

Versions analysis.

Figure 2. Manage Download Plug-ins dashboard

Chapter 2. Setup 5

When you register the download plug-in on a computer without the plug-in, theplug-in is automatically installed and the configuration file is created.

If a download plug-in is already installed on the computer, the configuration file isoverwritten.1. From the Patch Management domain, click All Patch Management >

Dashboards > Manage Download Plug-ins dashboard.2. From the Servers and Relays table, select the server or relay on which the

download plug-in is to be registered.3. From the Plug-ins table, select AIX Plug-in.4. Click Register. The Register AIX Plug-in wizard displays.

5. Optional: Enter the proxy parameters if the downloads must go through aproxy server.

Proxy URLThe URL of your proxy server. It must be a well-formed URL, whichcontains a protocol and a host name. The URL is usually the IP addressor DNS name of your proxy server and its port, which is separated bya colon. For example: http://192.168.100.10:8080.

Proxy UsernameYour proxy user name if your proxy server requires authentication. It isusually in the form of domain\username.

Proxy PasswordYour proxy password if your proxy server requires authentication.

Confirm Proxy PasswordYour proxy password for confirmation.

6. Click OK. The Take Action dialog displays.7. Select the target computer.8. Click OK.

You successfully registered the AIX download plug-in.

Figure 3. Register AIX download plug-in wizard


Unregistering the AIX download plug-inUse the Manage Download Plug-ins dashboard to unregister the download plug-infor AIX.1. From the Patch Management domain, click All Patch Management >


download plug-in is to be unregistered.3. From the Plug-ins table, select AIX Plug-in.4. Click Unregister.

The Take Action dialog displays.5. Select the target computer.6. Click OK.

You successfully unregistered the AIX download plug-in.

Configuring the AIX download plug-inUse the Manage Download Plug-ins dashboard to configure the download plug-infor AIX.

You might want to take note of your existing configuration for the downloadplug-in. Existing configurations are overwritten when you configure the downloadplug-in.1. From the Patch Management domain, click All Patch Management >


download plug-in is to be configured.3. From the Plug-ins table, select AIX Plug-in.4. Click Configure. The Configure AIX Plug-in wizard displays.

Figure 4. Unregister the AIX download plug-in

Chapter 2. Setup 7






6. Click OK. The Take Action dialog displays.7. Select the target computer.8. Click OK.

You successfully configured the AIX download plug-in.

Migrating the AIX download plug-inYou must migrate the AIX download plug-in if the plug-in version is earlier than2.0.0.0. You only need to do this once. The download plug-in is upgraded to thelatest version after migration.

You might want to take note of your existing configuration for the downloadplug-in. Existing configurations are overwritten when you migrate the downloadplug-in.1. From the Patch Management domain, click All Patch Management >

Dashboards > Manage Download Plug-ins dashboard.

Figure 5. Configure AIX download plug-in wizard


2. From the Servers and Relays table, select the server or relay on which thedownload plug-in is to be migrated.

3. From the Plug-ins table, select AIX Plug-in.4. Click Migrate. The Migrate AIX Plug-in wizard displays.






6. Select the target computer on which the download plug-in is to be upgraded.7. Click OK.

You successfully migrated and upgraded the AIX download plug-in.

Upgrading the AIX download plug-inUse the Manage Download Plug-ins dashboard to upgrade the download plug-infor AIX.1. From the Patch Management domain, click All Patch Management >

Dashboards > Manage Download Plug-ins dashboard.

Figure 6. Migrate AIX download plug-in wizard

Chapter 2. Setup 9

2. From the Servers and Relays table, select the server or relay on which thedownload plug-in is to be upgraded.

3. From the Plug-ins table, select AIX Plug-in.4. Click Upgrade. The Take Action dialog displays.5. Select the target computer.6. Click OK.

You now have the latest version of the AIX download plug-in installed.


Chapter 3. Patch using Fixlets

Use the Fixlets on the Patches for AIX Fixlet site to apply AIX patches to yourdeployment.

Apply AIX patchesYou can deploy AIX patches using several different methods. Choose the patchingmethod that is appropriate to the type of patch you want to apply.

The primary types of AIX patches are:v Program Temporary Fixv Service Pack, Concluding Service Packv Maintenance- and Technology-Level Releasev Interim Fix (also referred to as efix)

Note: AIX tests and distributes updates that are bundled in Service Packs orTechnology Levels. Individual updates can be installed from these bundles.However, as AIX filesets are developed, tested, and released as bundles, youshould deploy these updates as bundles rather than as individual filesets. For moreinformation, see the related Knowledge Base article.

Note: Technology Level, Service Pack, and Conclusive Service Pack Fixlets will notbecome relevant if the Determine OS Level Fixlet has not yet been run.

To install a Program Temporary Fix (PTF), click the IBM link listed on the Fixletdescription. To reduce the size of your download, identify the technology level forwhich you are downloading the PTF. After the download completes, import usingthe Fileset Deployment Wizard and select the Fileset option to upload the files tothe Tivoli Endpoint Manager server and create a Fixlet to deploy the patch.

For Service Packs, Concluding Service Packs, and Technology Levels, select thePackage option from the Fileset Deployment Wizard.

Maintenance Level (ML) patches are used for earlier releases of AIX and include anaction script that downloads and deploys the fix. Because you might have morethan one Fixlet for a particular ML, you might need to run multiple Fixlets tofinish any one particular ML update.

Next, test your systems. After you apply a fix, it is in a state called Applied, whichyou can then either Commit or Reject. The Commit task commits all applied fixes.The Reject task prompts you for the APAR number of the fix that you want to rollback. You can get this APAR number from the original audit-only Fixlet.

Deploy Maintenance and Technology Level patchesYou can deploy maintenance and technology level patches either through aninternet download option or a network file system (NFS) depending on bandwidthavailability.

To deploy patches from the Tivoli Endpoint Manager console, go to the All PatchManagement node of the navigation tree and click Fixlets and Tasks > By Site >


http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1655

Patches for AIX. You can see a list of Fixlets displayed in the list panel on theright. Select a Fixlet to deploy from the list.

For this example, the Fixlet AIX 5.3: Recommended Service Pack 5300-11-04 wasselected.


Review the text in the Description tab and select the link in the Actions box to startdeployment. .

You can also deploy maintenance and technology level patches through an NFS asopposed to the internet download option. The NFS deployment method allowsyou to use a local repository to gather and install only the filesets required for aspecified update. This method enables faster installs and uses less bandwidth.

To deploy patches through a NFS, select Deploy NFS in the Actions box of theFixlet window.

Individual AIX File set updatesAIX file sets are developed, tested, and released as bundles. Deploy AIX servicepack and technology level updates as bundles rather than as individual filesets.

To deploy AIX file set updates using the AIX Fileset Deployment Wizard, firstobtain the filesets you want from the IBM website.

Chapter 3. Patch using Fixlets 13

You can access AIX fixes from the following link:

http://www-933.ibm.com/support/fixcentral/?productGroup0=ibm/systemp&productGroup1=ibm/aix

Note: For detailed instructions about using the IBM software support website, seethe following Technote:

http://www-01.ibm.com/support/docview.wss?uid=swg21505749

To create a custom task or Fixlet, run the AIX Fileset Deployment Wizard afterdownloading all file sets for your AIX update. The wizard prompts you for thelocation of the file set that you want to deploy. Use the folder option to deploymultiple file sets or the download URL for a single file set. Select relevant OSplatforms and customize text fields as necessary.

After completion, the generated one-time action or Fixlet displays in the consoleand allows you to deploy the AIX update to relevant computers.

To view detailed information about the results of your AIX Fileset update, activatethe AIX Custom Fileset Deployment Results analysis. To do this, open the AllPatch Management node in the navigation tree and click Analyses . Sort the list ofanalyses By Site, and click the AIX Custom Fileset Deployment Results analysisin the list. Right-click and select Activate.

AIX Package UpdatesAIX Package Updates are an alternative method to deploying service packages andtechnology levels from the Fixlets. This method provides an additional layer ofsecurity by prompting you to manually provide authentication credentials.

To deploy AIX Technology Levels, Service Packs, or Concluding Service Packs, firstdownload the update using the AIX Download Cacher. Open the All PatchManagement node in the navigation tree and click All Fixlets and Tasks. Sort thelist By Site, and select Run Download Cacher Tool. Click one of the options in theActions box to download the update package.





After you download the package, run the AIX Fileset Deployment Wizard to createa one-time action or Fixlet. After choosing the Package option, the wizard promptsyou for the location of the AIX package. After entering the location, the one-timeaction or Fixlet displays in the console, where you can deploy the AIX package torelevant computers.

To view detailed information about the results of deploying your AIX packageupdate, activate the AIX Package Deployment Results - TL/SP/CSP analysis.

Use the Download CacherYou can use the Download Cacher utility to deploy Service Pack, ConcludingService Pack, or Technology Level fixes. The Download Cacher uses FTP todownload specific fix packs.


Ensure that your environment does not block FTP usage. The Download Cachertool for AIX is a Perl executable that automatically downloads and caches AIXTechnology Levels, Service Packs, or Concluding Service Packs to facilitatedeployment of AIX Fixlets.

To access the tool, open the All Patch Management node in the navigation treeand click Fixlets and Tasks. Sort the list By Site, and select Run Download CacherTool. When the task window opens, select the appropriate link in the Actions boxto start the download.

You can also run the Download Cacher manually. For more information, see thefollowing Technote: http://www-01.ibm.com/support/docview.wss?uid=swg21506031.

The BigFix BFArchive tool must be in the same directory as the AIX DownloadCacher. For more information, see the following Technote: http://www-01.ibm.com/support/docview.wss?uid=swg21506031.

To run this tool, create a batch file with the following parameters:

Sample.bat

AIXDownloadCacher.exe --dir "C:\Saved_Files" --logdir "C:\logs" --repo"D:\AIX_Cache" --proxyserver http://proxy.server.com:8080 --proxyusermyuser --proxypass secretpass --fixid 6100-01-02

Usage

AIXDownloadCacher.exe --dir <path to output directory> --fixid <Fileset ID>[optional parameters]

Required Parameters

--dir <path to output directory>

Directory where finished archived is saved. This directory is alsoused for temporary storage of downloaded files before being compressed intoa single archived file.

--fixid <Fileset ID>

AIX File set ID to be downloaded (for example, 5200-04-CSP,5300-07, 6100-04-03).

Optional Parameters

--proxyserver <servername:port>

Name and port of proxy server (for example, http://myproxy.company.com:8080).

--proxyuser <username>

Proxy username if required by server.

--proxypass <password>






Proxy password if required by server.

--logdir <path to log directory>

Specify the directory to write the log file to. Defaults to thecurrent working directory.

--repo <path to local repository of .bff files>

Specify the location of the local cache to check before attemptingto download files from the Internet. Missing files are added to the cachedirectory if write access is enabled.

--base

Specify the base Technology Level (for example, 6100-00) to usewhen building the file set list for the specified fix pack ID. Defaults tothe TL of the fix pack (for example, 6100-03). This option is ignored withinterim fixes.

--clean

Remove temporary files after each run. Enabling this optiondisables the ability to resume failed and incomplete downloads. Defaultbehavior is to remove temporary files only after all files for the file sethave been downloaded and a complete archive has been created.

--sha1

Renames archived.aix file to its sha1 value.

--help

Displays usage information.

Examples:

AIXDownloadCacher --dir "C:\temp" --fixid 6100-04-05 --proxys

erver http://proxy.server.com:8080 --proxyuser myuser --proxypasssecretpass --repo "D:\AIX_Cache"

AIXDownloadCacher --dir "C:\temp" --fixid 7100-03-06 --base 7100-02 --clean--sha1

Note: If you run the tool without specifying any parameters, you are prompted toenter the parameters at the command line.

Use the Fileset Deployment WizardUse the Fileset Deployment Wizard to deploy fileset updates, Service Packs,Conclusive Service Packs, or Technology Levels to AIX machines which have theClient installed.

Before running the wizard, download any necessary packages from the IBMwebsite.


Select the type of update that you want to deploy. For Fileset updates, selectFileset. For Service Packs, Conclusive Service Packs, and Technology Levels, selectPackage.

Fileset UpdatesUse the Fileset Deployment Wizard to create a custom task or Fixlet after youobtain the package for AIX fileset updates.

After you have obtained all the file sets for your AIX update, run the AIX FilesetDeployment Wizard to create a custom task or Fixlet. From the navigation tree,click the AIX Deployment Wizard under the IBM AIX node.

When the wizard opens, click Fileset to deploy AIX File set updates.


In this window, input the source of the file set or file sets that you want to deploy.You can input this information in one of the following ways:v Download from URLv File (for single file sets)v Folder (for multiple file sets)


After making your selection, click Next. In the following window, select therelevant platform or platforms. If you are using the folder option, specify how totarget relevant computers. Check the box if you want to create a one-time actionrather than a reusable Fixlet. Click Finish to complete the action.

After completion, the generated one-time action or Fixlet displays in the TivoliEndpoint Manager console and allows you to deploy the AIX update to therelevant computers. To view detailed information about the results of deployingyour AIX Fileset update, activate the AIX Custom Fileset Deployment Resultsanalysis (analysis ID: 22).

Package updatesUse the Fileset Deployment Wizard to create a custom task or Fixlet after youobtain the package for AIX Service Packs, Conclusive Service Packs, or TechnologyLevels.

To do this, open the AIX Fileset Deployment Wizard from the navigation tree. Inthe initial window, select Package.


In the next window, run the Download Cacher to download any necessary AIXpackages. Enter the location of the AIX package that you want to deploy, andcheck the box to create a one-time action.

You can also create a Preview-Only action by checking the box at the bottom ofthis window. This preview runs the pre-installed verification checks. The results ofthose checks are available in the AIX Pre-Install Verification Results analysis,located under the analyses node.

After you set all Wizard parameters, click Finish.

After completion, the generated one-time action or Fixlet displays in the TivoliEndpoint Manager console and allows you to deploy the AIX update to relevantcomputers.

Apply an Interim FixAIX occasionally releases an Interim Fix, which provides a temporary solution to asingle issue. These interim fixes lock the files that they update without affectingthe version of those files.


When an interim fix is applied, audit content still shows those systems as beingvulnerable until the permanent fix is applied.

To deploy an interim fix through the Interim Fix Wizard, use the following steps:v Download the Interim Fix from the AIX website. If an interim fix is available, a

link is provided in the APAR.v Launch the AIX Interim Fix Management Wizard, which is located in OS

Vendors under IBM AIX in the navigation tree.v To install, browse to the relevant file and click OK. To uninstall, click Uninstall

and enter the Interim Fix ID.v To locate an Interim Fix ID, click the analyses in the OS Vendors/Analyses node

in the navigation tree. The analysis is called AIX Interim Fixes. This analysisdisplays only installed interim fixes on a per-system basis.

Note: All interim fixes must have an .epkg.Z file extension.

Troubleshooting Failed OS UpdatesLearn which common factors affect the outcome of a deployment.

The most common reasons for failure include:v Filesets locked by interim fixes.v Missing filets from a local NFS repository.v An outdated table of contents (.toc) file in the repository.

In each case, troubleshooting should begin with generating a list of filesets that arebelow the latest levels of the Service Packs recognized by the AIX operatingsystem.

Use the "instfix" command to identify filesets that are not at the latest level. Thefollowing command will process all known Service Packs and provide details forany packages with known updates.

An example command would include the following:for LEVEL in `instfix -i | grep SP | grep "Not all" | awk ’{print $5}’`;do instfix -ciqk $LEVEL | grep :-:; done

The output of that example will be in the following format:<Service Pack="">:<Package Name="">:<Installed Version="">:<Expected Version="">:<above>:<Service Pack=""></Service></above></Expected></Installed></Package></Service>

An example output would include the following:61-04-111140_SP:perfagent.tools:6.1.4.11:6.1.6.16:-:AIX 6100-04-11 Service Pack

With the results of the "instfix" command, you can check locked filesets using the"AIX Interim Fix" analysis. Remove interim fixes with the "Uninstall All InterimFixes" task.

If no locked filesets are identified and a local NFS repository was used, thefollowing command can identify filesets that are missing from the .toc file of thelocal repository. Note that in the following example, the version adds zeros tomaintain the format of xx.xx.xxxx.xxxx.grep -n "<Package Name> <Package Version>" /path/to/.toc


An example command would include the following:grep -n "perfagent.tools 06.01.0004.0011" /AIX/Repo/OS_6100/.toc

If filesets are missing from the .toc file but the fileset does exist in the repository,you can rebuild the .toc file using the "Generate Fileset Repository TOC File" task.If files are missing, run the AIX Download Cacher Tool through the "RunDownload Cacher - AIX" task and, when prompted, specify the path to therepository. For more information on using the AIX Download Cacher, seehttp://www-01.ibm.com/support/docview.wss?uid=swg21506031.



Appendix A. Support

For more information about this product, see the following resources:v Tivoli Endpoint Manager Support sitev Tivoli Endpoint Manager wikiv Knowledge Basev Forums and Communities


http://www.ibm.com/support/entry/portal/Overview/Software/Tivoli/Tivoli_Endpoint_Manager

https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Home


http://www.ibm.com/developerworks/forums/category.jspa?categoryID=506

Appendix B. Frequently asked questions

The questions and answers found in this section are designed to help you betterunderstand Patch Management for AIX.

Why would a patch complete successfully, but ultimately fail?

Under very specific circumstances, a patch is successfully applied but the relevanceconditions indicate that it is still needed in your deployment. Check to see if thereare any special circumstances associated with the patch, or contact IBM SoftwareSupport.

If a patch fails to install, what should I do?

Ensure that you have applied the patch to the correct computers or manuallydownload the patch.

Can I update a single fileset instead of performing full Technology Level orService Pack updates?

Updates are developed and tested as bundles, and updating individual filesetsmay cause unexpected results. However, if you would still like to updateindividual filesets, you can do so by downloading the .bff file you wish to deployand using the fileset option of the AIX fileset Deployment Wizard to generate thenecessary fixlet.

Why did the update of my AIX system fail?

There are several reasons why an update may fail. The best place to startinvestigating is with the log files saved in /var/adm/ras.

Below are some of the more common reasons for failed updates.

Problem: Insufficient free space in the BES Data Direcotry (typically/var/opt/BESClient/__Data/)

Solution: Free up space or expand the current partition using the "chfs -a"command

Problem: Warning that filesets are locked or in EFIXLOCKED state

Solution: Filesets can be locked as the result of installed Interim Fixes. InterimFixes can be viewed either by using the "AIX Interim Fixes" Analysis or by runningthe command "emgr -l". It is recommended that all Interim Fixes be removed priorto deploying updates. Interim FIxes can be removed using the "AIX Interim FixManagement Wizard"

Problem: Error: "Installation failed due to BUILDDATE requisite failure"

Solution: If the build date of installed fileset is more current than the build date ofthe fileset being installed a warning will be displayed and the entire update actionmay fail. To correct this it is recommended that you upgrade to a more recentTechnology Level and / or Service Pack.


Why do NFS actions set the "nfs_use_reserved_ports" and "portchecker" valuesto 1?

Some Linux operating systems use reserved ports that are less than 1024. To avoidfailures in connecting to remote servers that use these ports, we temporarilychange these settings to a value of 1.

What are the requirements for an AIX repository?

NFS installations use the Table of Contents (.toc) file in the repository to matchpackages with their corresponding file names. Use the "Generate Fileset RepositoryTOC File" task to generate a current .toc file.

Are there tools available to help build a repository?

Yes. The AIX Download Cacher includes an optional parameter to specify a localrepository where downloaded files can be saved for future use.

Will any files that are missing from the AIX repository be automatically addedduring an NFS install?

No. For NFS installation actions, all required files should already exist in thespecified NFS location.

How do I verify if the download plug-in was registered correctly?

Run a Fixlet with an action task to verify if the download plug-in is registeredcorrectly. Verify that the patch download is successful. Otherwise, you might needto unregister the download plug-in and register it again.

How do I register a download plug-in? Do I use the register download plug-intask or the Manage Download Plug-in dashboard?

To register a download plug-in, you must use the Manage Download Plug-indashboard in the Patching Support site. Existing register download plug-in tasksare being deprecated. To learn more about plug-in registration, see “Registering theAIX download plug-in” on page 5.

Note: You must also use the Manage Download Plug-in dashboard to unregister,configure, and upgrade download plug-ins. The existing unregister and editdownload plug-in tasks are being deprecated. For more information about thedashboard, see the topic on Manage Download Plug-ins dashboard in the TivoliEndpoint Manager Information Center.

I was expecting the password to be obfuscated, but it's still in clear text. Why isthat?

Check if your download plug-in version is earlier than 2.0. If so, you are still usingan old version of the download plug-in that stores credentials in clear text. Toencrypt credentials, upgrade your download plug-in to version 2.0 or later fromthe Manage Download plug-ins dashboard in the Patching Support site.


http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_8.2/welcome/welcome.html

http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_8.2/welcome/welcome.html

Notices

This information was developed for products and services offered in the U.S.A.

IBM® may not offer the products, services, or features discussed in this documentin other countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not grant youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte character set (DBCS) information,contact the IBM Intellectual Property Department in your country or sendinquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certaintransactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Web


sites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurements may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subjectto change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject tochange before the products described become available.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:


This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. The sampleprograms are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.

If you are viewing this information softcopy, the photographs and colorillustrations may not appear.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the “Web at Copyright andtrademark information” at www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer andTelecommunications Agency which is now part of the Office of GovernmentCommerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Officeof Government Commerce, and is registered in the U.S. Patent and TrademarkOffice.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Java™ and all Java-based trademarks and logos are trademarks or registeredtrademarks of Oracle and/or its affiliates.

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in theUnited States, other countries, or both and is used under license therefrom.

Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo aretrademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.

Notices 31

��

Product Number: 5725-C45

Printed in USA

ibm tivoli endpoint manager: patch management for aix user's guide

Documents