Business Continuity

Problem

Java is embedded within the Veritas Operations Manager (VOM) application and requires manual steps to upgrade to work with the application.

Error

There are many scans that can alert to vulnerabilities in a Java / JRE version and a patch would be required to upgrade the VOM application to the latest available Java version from Oracle.

Environment

Red Hat Enterprise Linux 5.5+, 6.x+ and Suse Linux Enterprise Server 10 SP2, 11.x hosting the VOM Central Management Server.

As noted in the compatibility guide

Java / JRE from Oracle

 VOM 6.1

 

Cause

Java / JRE is embedded within the VOM application and the installer for Java updater updates a standalone installation

Solution

Note: There are multiple Unix versions available for the Central Management Server (CMS) in VOM. Please select the Java binaries for your version to collect the proper files.

Supported OS:
These versions of the JRE list for Unix are supported on:
Red Hat Enterprise Linux 5.5+, 6.x+ and Suse Linux Enterprise Server 10 SP2, 11.x

Download the latest jre and cryptographic jars from Oracle Jre download site:
http://www.oracle.com/technetwork/java/javase/downloads/index.html picking the version desired with the latest patches desired.

Installation:


As example the 8u66 version but yours may be newer by the time you reference this article.

#### VOM CS 6.1 is running in the test lab.

 

[root@VxArray12 tmp]# rpm -qa | egrep -i sfm

VRTSsfmcs-6.1.0.0-0

VRTSsfmh-6.1.0.0-0

 

 

[root@VxArray12 tmp]#  /opt/VRTSsfmh/bin/vomadm service --status ALL

Veritas Operations Manager Services:

Web Server.................................................................[RUNNING]

Authentication Service.....................................................[RUNNING]

Messaging Service..........................................................[RUNNING]

Database Service...........................................................[RUNNING]

Distributed Command Line Daemon............................................[RUNNING]

Watchdog...................................................................[RUNNING]

SNMP Trap Service..........................................................[RUNNING]

 

 

#### Procedure steps #######

 

- Download the Java SE Runtime Environment 8u66

go to http://www.oracle.com/technetwork/java/javase/downloads/index.html

click download JRE

Java SE Runtime Environment 8u66

download - Linux x64             68.4 MB                jre-8u66-linux-x64.tar.gz

 

- Download Java Cryptography Extension (JCE)

 

go back to http://www.oracle.com/technetwork/java/javase/downloads/index.html

scroll down to download

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8

jce_policy-8.zip

 

1] The following steps can be performed in either order.

 

   # tar zxvf jre-8u66-linux-x64.tar.gz

 

2] Rename the extracted directory "jre1.8.0_66"  to "jre"

 

   # mv jre1.8.0_66 jre

 

 

3] Update the cryptographic jars

 

    a) Unzip jce_policy-8.zip

       This contains two jars in UnlimitedJCEPolicyJDK8

    - local_policy.jar

    - US_export_policy.jar

 

    b) Copy the above two jars from UnlimitedJCEPolicy/  to jre/lib/security/

 

 

4] Backup the current jre folder /opt/VRTSsfmcs/webgui/jre

 

   # tar cvf /var/tmp/old_jre /opt/VRTSsfmcs/webgui/jre

 

 

5] Copy the new jre to /opt/VRTSsfmcs/webgui/

 

 

6] Restart the VOM webserver

 

   # /opt/VRTSsfmcs/bin/vomsc --restart web

 

[root@VxArray12 webgui]#  /opt/VRTSsfmcs/bin/vomsc --restart web

Veritas Operations Manager Services:

Web Server.................................................................[STOPPED]

Web Server.................................................................[RUNNING]

 

 

7) Verify

 

[root@VxArray12 webgui]# /opt/VRTSsfmh/bin/vomadm service --status ALL

Veritas Operations Manager Services:

Web Server.................................................................[RUNNING]

Authentication Service.....................................................[RUNNING]

Messaging Service..........................................................[RUNNING]

Database Service...........................................................[RUNNING]

Distributed Command Line Daemon............................................[RUNNING]

Watchdog...................................................................[RUNNING]

SNMP Trap Service..........................................................[RUNNING]

 

Confirmation of the functionality:

 

Open the VOM 6.1 CMS GUI navigate to a Storage Foundation Managed Host (SFMH) and right click to refresh the host) to initiate a discovery

host_0.jpg

That will receive new data and update the database. The administrator can also verify that new alerts are received by creating an event by taking down the xprtld process on the SFMH and watching the host for the change in status.

# /opt/VRTSsfmh/adm/xprtldctrl stop – xprtld process

Alerting_0.jpg

Restart the daemon to initiate communication and remove the alert.

# /opt/VRTSsfmh/adm/xprtldctrl start – xprtld process