Release Notes for Cisco Enterprise Policy Manager, Version 3.3.2.0 - Cisco Systems

[an error occurred while processing this directive]

Hierarchical Navigation

HOME
- SUPPORT
  - PRODUCT SUPPORT
    - SECURITY
      - CISCO POLICY ADMINISTRATION POINT
        SOFTWARE DOWNLOADS, RELEASE AND GENERAL INFORMATION
        RELEASE NOTES
        Release Notes for Cisco Enterprise Policy Manager, Version 3.3.2.0

Downloads

Release Notes for Cisco Enterprise Policy Manager, Version 3.3.2.0

Feedback

Table Of Contents

Release Notes for Cisco Enterprise Policy Manager, Version 3.3.2.0

Contents

Introduction

New Features

Release Distribution

Supported Platform for CEPM Version 3.3.2.0

Supported Deployment Environments

Installation Notes

Applying CEPM Patch Version 3.3.2.0

Resolved Caveats

Known Caveats

Related Documentation

Documentation Updates

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco Enterprise Policy Manager, Version 3.3.2.0

Document Number: OL-26420-01

Revised: March 14, 2012

Contents

•Introduction

•New Features

•Release Distribution

•Supported Platform for CEPM Version 3.3.2.0

•Supported Deployment Environments

•Installation Notes

•Resolved Caveats

•Known Caveats

•Related Documentation

•Documentation Updates

•Obtaining Documentation and Submitting a Service Request

Introduction

These release notes provide the latest release information for Cisco Enterprise Policy Manager (CEPM) Release 3.3.2.0. This document describes new features, changes to existing features, limitations and restrictions ("caveats"), installation instructions, and related information.

New Features

This section describes enhancements added to Cisco Enterprise Policy Manager Release 3.3.2.0.

•Support for Websphere Application Server 7.0

•Support for Websphere JMS Server MQ 7.0.1

•Support for JMS Server, Active MQ 4.1.1

Release Distribution

The following files are included in this patch distribution:

•CEPM_Patch-v3.3.2.0GA.zip

•CEPM_PAPClient-V3.3.2.0GA_Unbun_withCommonsLog.zip

•CEPM_PAPClient-V3.3.2.0GA_Unbun_withLog4jLog.zip

•CEPM_PAPClient-V3.3.2.0GA_withCommonsLog.zip

•CEPM_PAPClient-V3.3.2.0GA_withLog4jLog.zip

•CEPM_PEPClient-V3.3.2.0GA_Unbun_withCommonsLog.zip

•CEPM_PEPClient-V3.3.2.0GA_Unbun_withLog4jLog.zip

•CEPM_PEPClient-V3.3.2.0GA_withCommonsLog.zip

•CEPM_PEPClient-V3.3.2.0GA_withLog4jLog.zip

•CEPM_WebSphere_JAX_WS_AgentV3.3.2.0GA.zip

Supported Platform for CEPM Version 3.3.2.0

Table 1 lists the platform matrix for CEPM Version 3.3.2.0 which covers the information about the supported combination of operating systems, application servers and databases. The compatibility of this matrix is applicable to this version only and may be subject to change in the upcoming versions.

Table 1 Supported Platform for CEPM Version 3.3.2.0

Component

Description

Operating System

•Windows

•RH Linux 5.4

Database

•Oracle 10.2.0.5, 11.1.0.7.0 (Thin clients)

•MS SQL 2005 Enterprise Edition (on Windows server 2003)

Application Server (PAP and PDP)

•Weblogic 10.3a

•Tomcat 5.5

•Websphere 7.0

JMS Server

•Active MQ 4.1.1

•Tibco 3.1.0 (Evaluation)

•Web sphere MQ 7.0.1

PEP Client

•Java 1.5

Browser

•Mozilla Firefox 3.6.19

•Internet Explorer 6

Supported Deployment Environments

Table 2 CEPM Version 3320 Supported Deployment Environments

App server & JMS SERVERS

DB server

OS

JDK make / version

CEPM

Tomcat 5.5.17

(Comes packaged with CEPM install)

SQL Server2005 SP2 with Cumulative Update3

O/S for DB server: MS 2003 Ent x64 SP2

Solaris 10/64 bit (Running within a Zone)

SUN 1.5.0_11

Out of process

Web Sphere 7, MQ7

Oracle 11g (Thin driver using Web Sphere connection pool)

AIX wdc5503a 3500C3B0504C00- 32/64 bit

IBM / 1.5.0

(IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 AIX ppc-32 j9vmap3223ifx-20080811 (JIT enabled))

Out of process

Weblogic - 10.3a

Tibco EMS 4.4.3

Oracle 10.2.0.5.0/Non-Rac

Linux

JDK160_20-linux64 bit

Out of process

Tomcat 5.5.17

(Comes packaged with CEPM install)

Oracle 11g

Linux

SUN 1.5.0_11

In-process PDP

Tomcat 5.5.17

(Comes packaged with CEPM install) & AMQ 5.5

Oracle client version (thick client): 11.1.0.7.0, 64-bit

Red Hat Linux ES 5.4 64-bit

JDK160_20-linux64 bit

Out of process

Installation Notes

This section contains the installation instructions for CEPM Version 3.3.2.0.

Warning This patch can be only be applied once and cannot be run again directly. When you are running the Version 3.3.2.0 patch for the first time, make sure that you are applying it correctly.

Warning Stop the CEPM server before applying this patch.

The CEPM Version 3.3.2.0 patch must be applied on top of any one of the following releases:

•CEPM Release 3.3.1.0 GA

•CEPM Patch 3.3.2.0 LA

•CEPM Hotfix 3.3.2.4

Applying CEPM Patch Version 3.3.2.0

To apply this patch, complete the following steps:

Step 1 Copy CEPM_Patch-v3.3.2.0GA.zip to CEPM_HOME, for example, .../CEPM-V3.3.0.0.

Step 2 Unzip CEPM_Patch-v3.3.2.0GA.zip. This creates a folder named Patch-v3.3.2.0GA within CEPM_HOME.

Step 3 Go to .../CEPM-V3.3.0.0/Patch-v3.3.2.0GA folder and run the patch file as follows:

•For Windows: Either double-click on applyPatch.bat or open the command window, go to the above location and run applyPatch.bat.

•For LINUX/Solaris/AIX: From the terminal window, run the shell file as - sh applyPatch.sh.

Step 4 Execute the database related scripts and the patch information scripts as follows:

1. Open your respective DB editor configured for CEPM.

2. Execute the following SQL scripts from .../CEPM-V3.3.0.0/Patch-v3.3.2.0GA/sql/[oracle/mssql] folder in the following order:

a. pap_wrapped.SQL

b. pdp_wrapped.SQL

c. Patch3.3.2.0.SQL

d. VersionInfo.SQL

Step 5 Deploy your respective WARs / EARs

a. For Tomcat:

–If you are using Tomcat, delete the old WAR files (both cepm.war and pdp.war) from CEPM-V3.3.0.0/external/apache-tomcat-5.5.17/webapps

–Delete the cepm and pdp folders under /CEPM-V3.3.0.0/external/apache-tomcat-5.5.17/webapps

–Copy cepm.war and pdp.war from the /CEPM-V3.3.0.0/dist folder to CEPM-V3.3.0.0/external/apache-tomcat-5.5.17/webapps

–Restart the server by executing startcepmgui.bat(sh) from /CEPM-V3.3.0.0/bin folder.

b. For Weblogic:

–From the Weblogic Administration Console, remove/delete the cepm and pdp applications.

–Re-deploy the cepm.war and pdp.war from the /CEPM-V3.3.0.0/dist.

–Restart the server.

c. For Websphere:

–From the Websphere Administration Console, uninstall/delete cepm.ear

–Re-install the cepm.ear (or pdp.ear) from /CEPM-V3.3.0.0/dist.

–Restart the server.

Step 6 (Optional) Depending on your requirements, download and replace the following Clients or Agents:

•PAP Client— Replace the existing PAP Client files with the following files:

–CEPM_PAPClient-V3.3.2.0GA_Unbun_withCommonsLog.zip

–CEPM_PAPClient-V3.3.2.0GA_Unbun_withLog4jLog.zip

–CEPM_PAPClient-V3.3.2.0GA_withCommonsLog.zip

–CEPM_PAPClient-V3.3.2.0GA_withLog4jLog.zip

•PEP Client— Replace the existing PEP Client files with the following files:

–CEPM_PEPClient-V3.3.2.0GA_Unbun_withCommonsLog.zip

–CEPM_PEPClient-V3.3.2.0GA_Unbun_withLog4jLog.zip

–CEPM_PEPClient-V3.3.2.0GA_withCommonsLog.zip

–CEPM_PEPClient-V3.3.2.0GA_withLog4jLog.zip

•JAX-WS Agent— Replace the existing JAX-WS agent file with the following file:

–CEPM_WebSphere_JAX_WS_AgentV3.3.2.0GA.zip

•InProcessPDP— Replace the existing InProcessPDP file with the following file:

–CEPM_InProcessPDPV3.3.2.0GA.zip

Note You must discard the existing versions of clients or agents before using the latest versions.

Resolved Caveats

Table 3 contains the caveats resolved in this release.

Table 3 Resolved caveats in CEPM Version 3.3.2.0

Bug ID

Description

CSCti38731

In Delegated Administration, Manage Entitlements links in Applications Delegated are not working.

CSCti38698

In Delegated Administration, Manage Entities links in Applications Delegated are not working.

CSCth96798

User based policy decision is not returning correctly.

CSCth64649

Policy set up based on time zone is hard-coded with IST time zone.

CSCtj25009

Issue with Attributes to Return if the PIP attributes are selected in the Allow or Deny box or in both the boxes.

CSCtf51625

JMS error is thrown even if the JMS Server is not installed.

CSCtj37853

Need an API for setting attributes to be returned in the obligation.

CSCtj49006

PDP Service WSDL target name space should be constant for all environments.

CSCtj82097

Virtual resource is not working when configured in rule through JAVA PIP.

CSCtk36032

Review reports for deletion of groups is not visible.

CSCtk60255

Policy Cache is not getting updated in case of separate PAP and PDP replication.

CSCtk76481

User with same user name can be created in PEP and Delegated Administration.

CSCtl57431

Issue with updating PIP Attribute when migrated.

CSCtn10562

Messages getting expired in separate PAP & PDP environment in GA.

CSCtn55194

Need to support Websphere Application Server 7 with MQ7 configuration.

CSCtn52030

Issue with getRuntimelogs SOAP call.

CSCtn28512

Export and import of policies with rules are not getting evaluated.

CSCtl73653

Unable to create an Application Group by selecting Entitlement Repository:UserAttributeValue as the Attribute Type.

CSCtl89865

Unable to set DBPIP attributes in a rule.

CSCtl99231

Not more than one space between two words is allowed in a rule.

CSCtn10562

When using separate PAP and PDP installers and when the policy cache is updated through JMS, messages are getting expired before they are consumed by PDP.

CSCtn28512

Issues with exporting and re

CSCtn54860

The number of characters allowed in the database for a context name is limited to 40.

CSCtn76900

Export Policies feature fails in CEPM 3310 GA build after applying CEPM 3312 an 3317 hotfixes on top of it.

CSCtn92544

Roletype and Grouptype attributes are not working in rule without restarting the server.

CSCto29764

Simple Rule's Inconsistency Behavior

CSCto32854

Unable to return pip attributes and values in xacml response

CSCto41994

Unable to set the DBPIP Attributes when create Simple Rule

CSCto62155

Java pips (Application Attribute sources) are not imported

CSCto70861

Simple Rules not getting deleted for Dynamic role

CSCtq67580

iGroup.getGroup API should support case insensitivity

CSCtr37617

Export functionality from GLOBAL in CEPM UI

CSCtr45708

Export functionality on policies is not complete

CSCtq80525

Weblogic connection pool issues

CSCtr95630

Exception while Exporting Policies if Policy having PAC And Rules

CSCts05565

Able to export .xls sheets on Export/Import deny policy

CSCts08391

Delegated Admin:Mappings are not exporting

CSCtj18081

isGroupAccessAllowed()

CSCtj20781

Supporting PDPService wsdl

CSCtj49006

PDP Service wsdl target name space should be constant for all the env.cc

CSCtj72820

Attributes are returned in xacml response even if value is not set

CSCtj74717

Duplicate pip attributes are returned when create rule with same pip att

CSCtj82097

Virtual resource is not working when configured in rule through JAVA PIP

CSCtj86418

PIP attributes rolesforgroup,groupsforrole,usersforrole not returning

CSCtk60255

Policy Cache is not getting updated in case of separate PAP and PDP reps

CSCto29707

Policy Cache enhancement for a specific app/appgroup

CSCtj96972

Inconsistency between http and soap for isGroupAccessAllowed()

CSCtr23193

getRoles & getGroups are not filtering based on App Grp: App passed in

CSCtr80050

getPermissibleActionsByResource API is not working

CSCtt46920

getPermissibleResourcesForUser API is not working as expected

CSCtq56440

Load test in SOAP UI is failing with True instead of False and vice versa

CSCtx19237

Problem in On Message method of CacheSubscriber

CSCtx42711

Policy cache is not working for separate pap and pdp in 3.3.2.0 GA

Known Caveats

Table 4 lists the known caveats in this release.

Table 4 Known Caveats in CEPM Version 3.3.2.0

DDTS Number

Description

CSCtl57467

Rule edit page is taking long time to render Simple Rules page.

CSCth05120

NullPointer exception, wrong decisions for first application attached pdp

CSCtd64880

Not getting decisions after updating application with proper PDP

CSCti40195

Able to create a user with user status other than Active/InActive

CSCti34714

Issues with Role API (Static/Dynamic)

CSCti32878

Able to list the Rules with non existing Application

CSCtj64843

Unable to get InvalidCharacterException,create ApplicationAttribute

CSCtj74687

One PIP attribute is returned out of two when create rule with OR operator

CSCto62126

Unable to create active resource under InActive resource

CSCts07810

Unauthorized DA user is able to export groups from the List users

CSCts07883

Authorized DA user unable to create Policy attributes

CSCti42354

DA:able to edit the login user details and other user details also

CSCts15446

Authorized DA user is unable to edit the existing Application

CSCts15658

Issue in setting Entitlements from unauthorized DA user

CSCti44488

DA:Getting error and blank pages when click import, export, auditing, and reporting

Related Documentation

The following documents are available with this release:

•Cisco Enterprise Policy Manager JAX-WS Agent Guide, Release 3.3.2.0

•Cisco Enterprise Policy Manager Java Developers Guide, Release 3.3.2.0

•Cisco Enterprise Policy Manager User Guide, Release 3.3.2.0

•Cisco Enterprise Policy Manager Installation and Configuration Guide, Release 3.3.2.0

Documentation Updates

Table 5 lists the changes made to this document since it was first released.

Table 5 Document Updates for Release Notes for Cisco Enterprise Policy Manager Version 3.3.2.0

Date

Change Summary

March 14, 2012

Cisco Enterprise Policy Manager, Version 3.3.2.0

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2012 Cisco Systems, Inc. All rights reserved.

[an error occurred while processing this directive]