CA Tuesday Tip: APM 9.6 TIM Unofficial New Rules
Normally, I do not do a second Tuesday Tip in one month. But there has been some confusion about the TIM since APM 9.6 came out. I hope this Tip can clarify some things.
This is what is in the documentation:
TIM installation is now available as software. Because the TIM is no longer a "software appliance", it is easier for you to maintain and upgrade the software. The TIM System Health page and Machine Settings options are not available with the TIM installation Note: CA Technologies is researching support for 3G Napatech Drivers that would be made available in a future release.
And later in the documentation, the hardware/operating system requirements are provided.
But like parents to a newborn, you find quickly there is no owner's manual for the "new TIM". So here is my best guess what I believe the "new rules" are:
What you are responsible for:
- Providing and installing the operating system (Redhat, CentOS). An upgrade from prior releases is not supported.
- Making sure the correct software packages are installed. (They should be part of the operating system release. So nothing extra should be needed.)
- Installing TIM through the command line (No longer done through the browser.)
- Providing your own network driver card that is not from Napatech. As said above, this will be rectified in a future release.
- Time synchronization. TESS will no longer to synch with the TIM. And the documentation talks about why time synchronization is so important to APM successful operations.
- Adding as-needed security updates.
- Maintaining port (iptables) and firewall (SElinux) settings. These must also not conflict with TIM operations.
- Making sure that operating system and third-party software does not conflict or cause issues with TIM. This may be a harder task to do at times and may require opening support cases to clarify.
- A python script TIM-assist is provided to help the WebUI to perform tasks that may require root privileges. There is a helper file with details on using it.
- 9.6 requires a fresh install. However you can move over custom components such as HTTP Plugins, Evidence collection, configuration file settings, etc. to the 9.6 TIM.
- NCipher is listed in the 9.6 Security Guide. But it is my understanding this is also a new customer responsibility. An update of my findings will be provided,
- Update: nCipher is included in APM 9.6. However, it will no longer be updated to later versions of the nCipher software.
1. How are finding having OS control of the TIM? Just right or more responsibility than desired?
2. Are there other 9.6 TIM gotchas and guidelines that should be listed here?