CA Tuesday Tip: APM 9.6 TIM Unofficial New Rules
Introduction
Normally, I do not do a second Tuesday Tip in one month. But there has been some confusion about the TIM since APM 9.6 came out. I hope this Tip can clarify some things.
This is what is in the documentation:
TIM installation is now available as software. Because the TIM is no longer a "software appliance", it is easier for you to maintain and upgrade the software. The TIM System Health page and Machine Settings options are not available with the TIM installation Note: CA Technologies is researching support for 3G Napatech Drivers that would be made available in a future release.
And later in the documentation, the hardware/operating system requirements are provided.
But like parents to a newborn, you find quickly there is no owner's manual for the "new TIM". So here is my best guess what I believe the "new rules" are:
What you are responsible for:
- Providing and installing the operating system (Redhat, CentOS). An upgrade from prior releases is not supported.
- Making sure the correct software packages are installed. (They should be part of the operating system release. So nothing extra should be needed.)
- Installing TIM through the command line (No longer done through the browser.)
- Providing your own network driver card that is not from Napatech. As said above, this will be rectified in a future release.
- Time synchronization. TESS will no longer to synch with the TIM. And the documentation talks about why time synchronization is so important to APM successful operations.
- Adding as-needed security updates.
- Maintaining port (iptables) and firewall (SElinux) settings. These must also not conflict with TIM operations.
- Making sure that operating system and third-party software does not conflict or cause issues with TIM. This may be a harder task to do at times and may require opening support cases to clarify.
- A python script TIM-assist is provided to help the WebUI to perform tasks that may require root privileges. There is a helper file with details on using it.
Notes:
- 9.6 requires a fresh install. However you can move over custom components such as HTTP Plugins, Evidence collection, configuration file settings, etc. to the 9.6 TIM.
- NCipher is listed in the 9.6 Security Guide. But it is my understanding this is also a new customer responsibility. An update of my findings will be provided,
- Update: nCipher is included in APM 9.6. However, it will no longer be updated to later versions of the nCipher software.
Questions:
1. How are finding having OS control of the TIM? Just right or more responsibility than desired?
2. Are there other 9.6 TIM gotchas and guidelines that should be listed here?