With the latest release of 12.8 for Client Management, I felt it would be good to post some of the new features and what to expect regarding the new Oracle support model for Java 8.x starting in 2019.
BMC plans to release a new Patch before the end of January or early February 2019
Due to the announcement from Oracle regarding continuing support for Java products, specifically JRE v8.x and no longer supporting Java Web Start (JNLP), BMC will be issuing a new ONEOFF patch for all related versions of BMC Client Management still under support. This patch is due out any time now and I recommend you apply this patch shortly after its release but do so with caution. Treat this patch like a new version upgrade and backup the Server File System and the underlying Data Base prior to installing this patch. I am speculating that the Hotfix will use JRE 11.x and a new method to launch the console vs. the Java Web Start. Speculating they may force use of the MSI Client and remove the JNLP version altogether.
Do not update your local installation of JRE 201/202 or higher because you will no longer be able to launch the console. If you do update your local JRE, you must revert and go back to a prior version until this new patch is implemented. If you need access to download “jre-8u192-windows-i586.exe” because you can longer locate the installer to revert back, contact me and I will provide you a download link.
Read the official statement from BMC: BMC Client Management Statement on Oracle
This section contains information about enhancements in version 12.8 of the BMC Client Management product:
Remotely controlling an unmanaged device
Support for FIPS140-2 compliant mode
BMC Client Management now supports the FIPS140-2 compliant encryption mode that uses only the most current version OpenSSL for encryption. The Federal Information Processing Standard (FIPS) Publication 140-2, is a computer security standard, developed by a U.S. Government and industry working group to validate the quality of cryptographic modules.
When an administrator enables FIPS mode ensures that BMC Client Management uses only FIPS compliant cryptographic algorithms and FIPS compliant keys. FIPS mode requires that the BMC Client Management administrator provides the FIPS-compliant SSL keys.
For more information, see Running BMC Client Management in FIPS-compliant mode.
Extend centralized account to manage Account Credentials and SNMP Credentials
Administrators don’t need to enter credentials multiple times. By using the Credentials functionality, they can reuse the account credentials for different functionalities in BMC Client Management. They do not need to manually enter the credentials multiple times for each functionality. Instead, you can simply select the credentials that you want to use. They can now enter their credentials only once and reuse them wherever the account credentials are required. For more information, see Managing account credentials and Managing SNMP credentials.
Account lock policy for a BMC Client Management administrator account
Ability to define parameters for an account lock policy for BMC Client Management administrator account. Administrators can enter values for the Account Locking Attempts and Account Automatically Unlocked (min) settings to define an account lock policy for BMC Client Management administrator account. For more information, see Managing security settings.
Enhancements to operational rules
Operational rules in 12.8 include the following enhancements:
- Ability to execute an operational rule before a patch job. Administrators can select and execute an operational rule before a patch job is run. For more information, see The Options tab of a patch job.
You can use the following new steps while creating a new operational rule:
- List of connected USB devices step under the Security Settings Inventory folder
- Join a computer to a domain under the Windows folder
- Update to the User management step for an operational rule. Administrators can select one of the check boxes from the two new parameters are added to the User management step for an operational rule:
- Change password at next logon
- Password never expires
- Solaris option from the Linux and Mac section
- WindowsNT, ME, 95, 98, and 2000 steps from the Pre-Windows 7 Versions section
- Discontinuation of steps in the Windows XP and 2003 Firewall folder. The steps under the Windows XP and 2003 Firewall folder are no longer available to create a new operational rule.
Enhancements to patch management
Patch management in 12.8 includes the following enhancements:
Update Microsoft Universal C Runtime (UCRT) before rolling out agents
To rollout or update an agent on devices with the following operating systems, administrator must install the Microsoft Universal C Runtime (UCRT) first:
- Windows Server 2012 R2
- Windows 8.1
- Windows RT 8.1
- Windows Server 2012
- Windows 8
- Windows RT
- Windows Server 2008 R2 Service Pack 1 (SP1)
- Windows 7 SP1
- Windows Server 2008 Service Pack 2 (SP2)
Note: The recent operating systems might include the new runtime but the administrator must install the patch on the older operating systems by using the KB2999226. For more information, see https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows.