New release 2.3.4.0 for IBM Cloud Pak System W4600 and W3500

IBM Cloud Pak System 2.3.4.0 is now available

IBM Cloud Pak System 2.3.4.0 was released on July 31, 2024. This release is now available for Intel based models W4600 and W3500. It follows the 2.3.3.6 ifix2 release from December 2023. The 2.3.4.0 release brings a number of significant feature updates and enhancements.

2.3.4.0 brings major updates to a number of components including:

  • vCenter upgrade to 7​.0.3
  • Compute Node upgrade to VMware ESXi 7U3n
  • Java version upgrade to  8.0.8.20
  • VMware ESXi 7U3k on Platform System Manager (PSM) management nodes
  • p-type currency upgrades

For more details on What’s new in 2.3.4.0 refer the Knowledge Center documentation

https://www.ibm.com/docs/en/cloud-pak-system-w4600/2.3.4?topic=planning-whats-new

Enhancements

  1. IBM shared-service ‘Red Hat Satellite Six Service’ using Red Hat Global Registration Template to register RHEL VM’s on CPS.
    Applicable IBM Idea: PRA-I-187

Users are now able to use the Global Registration Template method (Red Hat Global Registration Template) to register new as well their existing hosts. This registration method provides a means to register hosts to Red Hat Satellite by generating a curl command on Red Hat Satellite using the global registration template and running this command on hosts. It also allows to deploy Satellite SSH keys to hosts during registration to Red Hat Satellite to enable hosts for remote execution jobs. The hosts can also be configured with Red Hat Insights during registration to Red Hat Satellite.

2. Migration instances from a Multi-cloud system to another Multi-cloud system. Applicable IBM Idea: PRA-I-184  : 

Users will now be able to migrate their Virtual System Instances from a source Multi-cloud system to target Multi-cloud system. This will enable migration in a multi-system setup.  The Workload Mobility feature for Single Systems with Single Cloud Groups was delivered with the 2.3.3.3 Interim Fix 1 release (here)

More details can be found in the product documentation here:

https://www.ibm.com/docs/en/cloud-pak-system-w4600/2.3.4?topic=system-migrating-instances  and in article “Move your existing workloads between multiple IBM Cloud Pak Systems”.

We look forward to continue working with our clients to deliver even more value in future.

List of APARs included in 2.3.4.0 :  You can refer the link provided for the list of APARs and CVEs included in the release.

https://www.ibm.com/support/pages/ibm-cloud-pak-system-version-234

Deprecations as part of 2.3.4.0 :

As of June 30, 2024, with version 2.3.4.0, RHEL 7.x is now deprecated. Users are advised to migrate their workloads to RHEL 8.8. This deprecation aligns with Red Hat’s announcement regarding the end of support for RHEL 7.x, and no further support will be provided (Red Hat Enterprise Linux Life Cycle)

Also, IBM Cloud Pak System Software for Intel on BYOH is deprecated with 2.3.4.0

For further details : https://www.ibm.com/docs/en/cloud-pak-system-w4600/2.3.4?topic=planning-deprecated-functions-replacements

Appliance W3550 reached its end of life (EOL) on June 30, 2024 (Announcement).  As a result, version 2.3.4.0 is now supported only on W3500 and W4600 appliance models. Please be aware that the EOL for the W3500 has been announced for September 30, 2024, as detailed here.

Keep your IBM Cloud Pak System up-to-date and safe with interim fixes for v2.3.3.6 and v2.3.3.7 releases

End of December 2023, IBM has released new interim fixes for both Intel and Power versions of IBM Cloud Pak Systems:

  • For Power racks, 2.3.3.7 interim fix 1, applicable to W3700 (MT 8536) model has been released on 29th December.
  • For Intel racks, 2.3.3.6 interim fix 2, applicable to W3500 (MT 8558), W3550 (MT 8564) and W4600 (MT 9568-CVM) models has been released on 26th December.

Note that, for Intel models, 2.3.3.6 interim fix 2 has been preceded by 2.3.3.6 interim fix 1 on 27th September 2023.

As you can noticed, these new releases are interim fixes, meaning they do not provide any new feature. However, these are important updates that you should consider applying because they provide updates for your workload and security fixes, some being critical, in addition to bug fixes:

  • 2.3.3.6 interim fix 2 focuses on critical security vulnerabilities related to the internal VMWare vCenter instance (VMware vCenter Server Windows 6.7 Update 3t and Windows 2012 Server standard edition patch KB5031407).
  • 2.3.3.6 interim fix 1 includes fixes for 30 CVEs and 8 APARs but also provides support for new versions of Java, WebSphere Application Server (both traditional and Liberty), Tivoli Monitoring, Spectrum Scale, Docker, Db2… See https://www.ibm.com/docs/en/cloud-pak-system-w4600/2.3.3?topic=planning-whats-new for details on the new supported versions.
  • On Power side, 2.3.3.7 interim fix 1 fixes 82 CVEs and 2 APARs but also brings a new version of the IBM OS Image for AIX Systems (7.2 TL5 SP6) and support for new versions of Java, WebSphere Application Server (both traditional and Liberty), Tivoli Monitoring, Spectrum Scale, Db2… See https://www.ibm.com/docs/en/cloudpakw3700/2.3.3?topic=planning-whats-new for details on the new supported versions.

Note that IBM Spectrum Scale product has been rebranded to IBM Storage Scale in these releases.

So, in order to get advantage of all the new supported versions and to keep your systems secured, ask for an upgrade of your IBM Cloud Pak Systems as soon as possible. If you need guidance on how to request such an upgrade, have a look at https://www.ibm.com/community/101/cloudpaksystem/system-firmware/

Want a single entry point for all the support and IBM documentation on CPS?

Then let me introduce the “IBM Cloud Pak System 101” website, a support content hub for product knowledge and documentation, which is available at https://www.ibm.com/community/101/cloudpaksystem/

From this page, you can access all the support content related to Cloud Pak System:

  • Latest news about the products: new releases, planned end of support dates
  • How to get support for your IBM Cloud Pak System, how to request a firmware upgrade
  • All the technotes listed in a convenient way, with an abstract, quick filters and in-line search field
I’ve searched for tech notes containing “OpenShift”
  • All the security bulletins, again with an abstract and some search fields
  • Access to your open support cases (requires to log in with your IBM ID)
  • Direct access to open a new support case (requires to log in with your IBM ID)
  • Access to IBM Cloud Pak System product page
  • Access to content related to IBM Cloud Pak System on IBM Community (blogs and discussions)
  • Access to the documentation for IBM Cloud Pak System products

So, add this “IBM Cloud Pak System 101” website in your bookmarks!

Note that, on IBM Community website, IBM has created a “Support 101” section for several products, such as WebSphere Application Server or Cloud Pak for Security. Don’t hesitate to have a look!

How to use IBM Cloud Pak System logs, in real-time, to alert your Security Operation Center in case of security incident?

Is your Security Operation Center already asked you to be alerted in real-time in case of security incident on your IBM Cloud Pak System machine?

If yes, you probably answered to this request by giving access to Events web page on IBM Cloud Pak System console, like on picture below:

Usually, it’s not the answer expected by your Security Operation Center because it cannot be included into their monitoring tool.

IBM Expert Labs developed a real-time solution based on IBM Cloud Pak System logs, with a generic part – to collect logs – and a specific part – the smart processing of logs – to answer to Security Operation Center requirements.

You can implement the generic part – based on following article https://community.ibm.com/community/user/storage/blogs/jean-christophe-marcandella/2021/08/23/how-to-split-ibm-cloud-pak-system-logs – on your IBM Cloud Pak System.

For the specific part, please free to develop yourself or to contact your IBM Expert Labs representative.

New release 2.3.3.7 for IBM Cloud Pak System W3700

On 23rd June 2023, IBM released version 2.3.3.7 of IBM Cloud Pak System. This release is only available for IBM Cloud Pak System W3700 model, based on Power CPUs. The latest release for Intel-based IBM Cloud Pak Systems is 2.3.3.6 that was released on 31st March this year.

Release 2.3.3.7 is the first release available for Power-based models since 2.3.2.0. So what’s new with 2.3.3.7?

To summarise, this release is the opportunity to refresh this CPS platform to have it up-to-date and in line with the Intel-based CPS models.

The most visible change is the new IBM Cloud Pak System graphical user interface which is now common between Power and Intel models.

Under the covers, the upgrade to v2.3.3.7 includes a lot of new firmwares for internal components, including CMM (Chassis Management Modules), storage (IBM Storwize V7000), compute nodes, TOR (Top of Rack) switches, Fibre Channel switches (on W3700+ models). As a consequence, be aware that the upgrade process will take longer than usual. For details about the upgrade procedure, you can have a look at this page of IBM Support website.

The 2.3.3.7 release focuses on security: 28 CVEs are fixed, related to Apache Log4J, Java, OpenSSL or Golang Go both on IBM Cloud Pak System and on the IBM OS image for AIX Systems that is provided with the product. Also, IBM Cloud Pak System now supports Transport Layer Security (TLS) 1.2.

Because this release is cumulating several versions since 2.3.2.0, it contains a lot of bug fixes. A list of the APARs fixed in 2.3.3.7 is available here and you can find the long list of release notes here.

The catalog of IBM Cloud Pak System is also widely refreshed:

  • The IBM OS image for AIX Systems is now using AIX 7.2, AIX 7.1 being deprecated.
  • The OS Pattern Kit has been also renewed. Note that OS Pattern Kit for pLinux on Power has been removed.
  • Most of the pattern types have been updated, including the Foundation pattern type and the IBM Application Pattern for Java.
  • The IBM WebSphere Application Server pattern now supports traditional WAS 9.0.5.15 and 8.5.5.23​ and WebSphere Liberty 23.0.0.3.
  • IBM Db2 11.1 is deprecated and replaced by Db2 11.5. Be aware that, with IBM Cloud Pak System Software Suite offering, you’re entitled for IBM Db2 Advanced Edition V11.5.8.0 Special Build 26513, but, for IBM Cloud Pak System and IBM Cloud Pak System Software offerings, you must bring your own license.
  • IBM Spectrum Scale version 5.1.7.0, IBM Tivoli Monitoring 6.3.0.7 SP 14 and IBM Endpoint Manager client and Relay 10.0.8.37 are now supported.

Some pattern types are deprecated or removed such as the Docker pattern type on Power (deprecated), IBM Common Services on OpenShift® Container Platform Pattern, IBM Cloud Automation Manager Pattern and IBM Common Services Pattern (these three patterns are no longer available). In line with CPS release 2.3.3.2, entitlement for IBM BigFix has been also removed. Customer needs to contact HCL to get HCL BigFix entitlement directly from the vendor.

In conclusion, if you own an IBM Cloud Pak System W3700, this new 2.3.3.7 release is a must-have to make it up-to-date and fix security vulnerabilities and defects. As always, to request an upgrade for your system, you must open a case (Severity 4 only) from the MySupport page.

IBM BAW 21.0.3 LTSR pattern available

There are a number of IBM Cloud Pak System (CPS) clients that have been successfully running IBM Business Automation Workflow (BAW) for many years. On 23 September 2022, IBM released a new pattern for IBM BAW 21.0.3 LTSR (Long Term Serviceability Release):

  • IBM Business Automation Workflow 21.0.3 Pattern on Red Hat Enterprise Linux Multilingual (M07YRML)

Note: IBM updated the IBM Business Automation Workflow and IBM Integration Designer Software Support Lifecycle Addendum document on 13 December 2022, providing a full 3 years of support on every IBM BAW LTSR release from 21.0.3 onwards. In addition, one year of extended support is provided at no charge (and another year of paid extended support can be provided at IBM’s discretion). Previously, IBM provided two years of support for BAW LTSR releases.

Clients with IBM BAW entitlement can simply download this from IBM Passport Advantage. Detailed information on how to install and use it on IBM CPS is available from IBM Support – IBM Business Automation Workflow 21.0.3 Pattern Type Version 1.0.1.0 documentation.

Please note that – as per the IBM Business Automation Workflow and IBM Integration Designer Software Support Lifecycle Addendum – IBM BAW 19.0.0.3 will reach End of Support on 31 December 2022. As a result, clients should avoid using the pattern for BAW 19.0.0.3 below for new deployments:

And as a reminder, the IBM BAW 18.0.0.2 already reached End of Support on 13 December 2020. So IBM CPS clients should no longer be using the pattern for BAW 18.0.0.2 below:

Note: This was also posted here on the IBM Cloud Pak System community blog.

What’s new in IBM Cloud Pak System 2.3.3.4 and 2.3.3.5

Last week, on 12th August 2022, IBM has released IBM Cloud Pak System 2.3.3.5. Earlier this year, on 6th May, IBM Cloud Pak System 2.3.3.4 was released. We’ll see in this post some of the changes that were introduced in these two versions.

Red Hat Enterprise Linux support

IBM Cloud Pak System 2.3.3.4 is the first release to support Red Hat Entreprise Linux (RHEL) 8 for workload virtual machines. More precisely, IBM Cloud Pak System 2.3.3.4 supports RHEL 8.4 and IBM Cloud Pak System 2.3.3.5 supports RHEL 8.6. As usual, IBM provides base OS images for these two operating systems that can be directly used to deploy new virtual machines on IBM Cloud Pak System.

Also note that an updated version of the Red Hat Entreprise Linux 7.9 OS image provided by IBM is released with IBM Cloud Pak System 2.3.3.5.

Finally, even if you can still run virtual machines based on Red Hat Entreprise Linux 6.10, it is strongly recommended to migrate your workloads to RHEL 7 or RHEL 8 because Red Hat Entreprise Linux 6 is deprecated.

Security fixes

For these two releases of IBM Cloud Pak System, a focus has been put on fixing security issues. While IBM Cloud Pak System 2.3.3.4 is already fixing 51 CVEs, the 2.3.3.5 release additionally closes 62 PSIRTs and 114 CVEs. You can find the list of these CVEs here (for v2.3.3.4) and here (for v2.3.3.5).

You can see that these fixes are applicable to many components of the stack, including Log4j, VMWare vCenter, IBM Db2, IBM Java SDK, Intel processors, Node.js and cryptographic algorithms used by IBM Cloud Pak System.

Still on the security topic, you can also notice the following points:

  • IBM Cloud Pak System 2.3.3.4 or earlier supports SHA-1 based key exchange methods, whereas IBM Cloud Pak System 2.3.3.5 supports SHA-2 for the backup and restore function.
  • Transport Layer Security (TLS) 1.2 version update is supported in IBM Cloud Pak System 2.3.3.4 and 2.3.3.5. TLS 1.0 and TLS 1.1 are no longer supported to work with these releases of IBM Cloud Pak System.

IBM Db2

IBM Cloud Pak System 2.3.3.4 and 2.3.3.5 supports IBM Db2 11.5.7 but IBM Db2 11.1 is deprecated from IBM Cloud Pak System 2.3.3.4 release onwards. New versions of the IBM Db2 patterns are available.

However, there are also some changes regarding IBM Db2 licenses with IBM Cloud Pak System 2.3.3.5:

  • Db2 license is changed to Db2 Standard Edition and Db2 OEM High Capacity Add-on for IBM Tivoli Monitoring (ITM).
  • In IBM Cloud Pak System and IBM Cloud Pak System Software, the Db2 Advanced Edition license is not available. You must bring your own license (BYOL) and must provide it during deployments.
  • In IBM Cloud Pak System Software Suite, the Db2 Advanced Edition license is still available.

Other changes

You can find a good summary of the improvements, changes and deprecations in the “What’s new” page of the IBM Documentation for IBM Cloud Pak System.

IBM Support website provides useful links regarding these two IBM Cloud Pak System releases at https://www.ibm.com/support/pages/related-information-ibm-cloud-pak-system-releases. If you’re still running IBM Cloud Pak System 2.3.3.3 interim fix 1 or earlier, the upgrade process to 2.3.3.5 is in two steps, even if they can be chained, i.e. you need to upgrade to 2.3.3.4 before upgrading to 2.3.3.5.

Finally, please note that this release is available for IBM Cloud Pak System W3500, W3550 and W4600 (Intel x86-64) models. This release is not available for the IBM Cloud Pak System W3700 (POWER) model, nor for the IBM PureApplication System W2700 (POWER) and W2500 (Intel x86-64) models.

Obsolete Red Hat subscription does not impact RHEL support on IBM Cloud Pak System

IBM Cloud Pak System allows you to provision your own Red Hat Enterprise Linux (RHEL) VMs on the appliance. The IBM support provides support for RHEL, assuming Your subscription and support agreement for your IBM Cloud Pak System also includes support from Red Hat for RHEL VMs deployed on the appliance.

Note: in order to be entitled to support from Red Hat, you must use the Red Hat Enterprise Linux virtual images shipped with the IBM CPS product when provisioning RHEL VMs on IBM Cloud Pak System. For example, “IBM OS Image for Red Hat Linux Systems V3.1.3.0”, a RHEL 7.9 virtual image for IBM Cloud Pak System 2.3.3.3 Interim Fix 1 available from IBM FixCentral here.

IBM Cloud Pak System clients are encouraged to setup and/or integrated with Red Hat Satellite Service (RHSS), as documented here in the IBM product documentation. This allows for installing updates to packages (.rpms) as well as new packages (.rpms) on RHEL VMs deployed on IBM Cloud Pak System. In particular the ability to apply package updates is a must from a security point of view, allowing remediation of CVEs of the RHEL operating system. And of course it allows code defect fixes of the RHEL operating system to be applied.

When setting up Red Hat Satellite Service, IBM Support will issue the following Red Hat subscriptions to an IBM Cloud Pak System client as documented here in the IBM product documentation.

SKUDescriptionValid for
MCT0370Red Hat Satellite1 Year
RH00032Smart Management for Unlimited Guests1 Year
RH0105260Red Hat Enterprise Linux Server, Premium (8 sockets) (Unlimited guests)1 Year
RH1767396Extended Update Support for Red Hat Enterprise Linux Server (8 sockets) (L3-only)1 Year
RH1500861Smart Management (Unlimited guests) Embedded Partner Support1 Year

Last year I was reminded by someone in Red Hat that the SKU (Stock Keeping Unit) RH0105260 is obsolete since 1 January 2021. It has been replace by SKU RH00001 (Red Hat Enterprise Linux Server Virtual Datacenters, Premium (Unlimited guests)). However this does not impact IBM Cloud Pak System clients running RHEL VMs. Until further notice from IBM, clients can continue to use the obsolete subscriptions, there is no impact to support from IBM for RHEL. Please refer to the IBM Support document “IBM Cloud Pak System – Is RHEL subscription code RH0105260 obsolete?” that has just been published.

How to avoid corrupting .tgz files downloaded from IBM Fix Central

Clients working with IBM Cloud Pak System sometimes need to download product fixes from IBM Fix Central. These are fixes are typically made availalable as .tgz files that can be downloaded from a browser.

However there is a known issue downloading .tgz files from IBM Fix Central, corrupting the actual downloaded file. We strongly recommend clients review the guidance published in IBM Support – Fixes downloaded for IBM Cloud Pak System from IBM Fix Central using Mozilla Firefox get corrupted.

How to include more detail to IBM Support Case email notifications

From IBM Cloud Pak Systems 2.3.2.0 onwards, clients work with IBM Support through Support Cases using the IBM MySupport web site. As many clients will have upgraded their IBM Cloud Pak Systems to 2.3.2.0 or higher, being able to work efficiently with Support Cases is key.

Support for IBM Cloud Pak System prior to 2.3.2.0 was provided through Problem Management Records (PMRs). One thing clients really liked is that updates to PMRs were sent by email, making it easy to keep on top of the latest updates from IBM Support.

Updates to IBM Support Cases by default trigger an email update, however it only contains the Support Case number and a link to the Support Case on the IBM MySupport web site. This makes collaboration with IBM Support a little harder compared to the old PMRs.

IBM Support Case – Default Email Notification

However today I discovered that you can very easily enable more detailed email notifications to be sent out for Support Case updates!

  1. Logon to the IBM MySupport web site with your IBM ID
  2. Click the icon in the top right-hand corner and select Settings.
  3. Expand Case Notification Settings.
  4. Tick the checkbox for each of the two items below
    • Case Title
    • Latest case update
  5. Click Save
IBM Support Case – Enhanced Email Notification
Design a site like this with WordPress.com
Get started