[BESAdmin-Announcements] Mobile Device Management (MDM) Supplement to V9.1 Platform Announcement

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Tue Mar 18 10:54:30 PDT 2014 

Mobile Device Management (MDM) Supplement to V9.1 Platform Announcement 

IBM is pleased to announce version 9.1 of the IBM Endpoint Manager 
platform and with this release there are some supplement points to take 
note of:

1.      Mobile Device Management (MDM) will not work with the IBM Endpoint 
Manager (IEM) V9.1 Enhanced Security options enabled. Enhanced Security 
(SHA256) is a feature of the platform, not of MDM. It cannot be enabled 
for Patch Management and disabled for MDM. A patch for MDM customers who 
want to use Enhanced Security will be available in several weeks. MDM 
customers are strongly advised to postpone their V9.1 upgrade until the 
patch is available. The protection currently available in 9.0 and earlier 
versions through SHA1 remains fully in place. 

Optionally, MDM users may upgrade to V9.1 provided Enhanced Security 
(SHA256 features) remain turned off. For more information about Enhanced 
Security in IEM V9.1, see:

Platform Release Notes 
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Change%20and%20Release%20Notes 


Platform Documentation (IBM Knowledge Center), e.g.,
http://www-01.ibm.com/support/knowledgecenter/SS63NW_9.1.0/com.ibm.tivoli.tem.doc_9.1/Platform/Adm/c_scenarios_sha2_installation.html 



2.      All MDM customers upgrading to V9.1:
Must run Fixlet 350: "Encryption components outdated for 9.1" on all 
applicable machines and restart those machines when action completes.
This fixlet ensures that the MDM encryption tools used to configure 
components/extenders and to send down encrypted profiles/redemption codes 
remain compatible with V9.1.


3.      All MDM customers upgrading to V9.1:
Who subsequently remove, or accidentally delete, a site in their 
deployment
Must complete the Workaround Procedure described here.
When a site is deleted or removed, one of the Proxy Agent files must be 
deleted and the Proxy Agent restarted. If this is not done you may have 
devices that fail to report-in or respond. 

V9.1 Workaround Procedure
1.      Stop the Proxy Agent service.
2.      Copy the file: “SiteSubscriptions.json” from your Proxy Agent 
installation directory (e.g., “C:\Program Files (x86)\BigFix 
Enterprise\Management Extender") to a temporary folder. 
3.      Delete the SiteSubscriptions.json file in the Proxy Agent 
installation directory. 
4.      Restart the Proxy Agent service.
5.      Verify that the Proxy Agent starts properly (service will say 
"started").
6.      Wait 10 to 15 minutes for the SiteSubscriptions.json file to 
regenerate.
7.      Verify that the Proxy Agent log shows no errors (check the Proxy 
Agent log file in "C:\Program Files (x86)\BigFix Enterprise\Management 
Extender\__Logs").
8.      Verify that you can send a message to an existing mobile device.


Frequently Asked Questions 
Q: I do not use Mobile Device Management. Do I still need to do anything?
A: No. You don’t need to do anything if you do not use the Mobile Device 
Management application. 

Q: I use MDM but I have not upgraded my IEM platform to V9.1. Do I need to 
do anything?
A: No. You do not need to do anything.

Q: I upgraded my IEM platform to V9.1 but did not enable the Enhanced 
Security feature. Will my deployment be affected?
A: Yes. You must run Fixlet 350: "Encryption components outdated for 9.1" 
on all applicable machines and restart those machines when action 
completes.

Q: I use MDM. Do you advise me to upgrade my IEM deployment to V9.1?
A: No. MDM customers are strongly advised to wait several weeks to upgrade 
to V9.1, when a patch for Enhanced Security (ES) and SHA256 features 
becomes available.

Q: I have enabled Enhanced Security (ES) and see that my MDM site does not 
work. What should I do?
A: Disable ES and restart your IEM server machine. You will be using SHA1 
Security, and everything should work as before. Please refer to the 
Platform Installation documentation in the IBM Knowledge Center.

Q: Do I need to change my MDM masthead to make it compliant with the V9.1 
platform?
A: If prompted in your IEM Console, you will need to run BES Administrator 
Tool to gather the new upgraded MDM masthead. Please refer to the MDM 
documentation in the IBM Knowledge Center.

Q: I use MDM and have upgraded IEM to V9.1 but have recently removed a 
site. Do I need to do anything?
A: Yes. You are advised to complete the steps in the 9.1 Workaround 
Procedure described above. 

Q: I use MDM and have upgraded IEM to 9.1 but when I try to enable 
Enhanced Security it asks me to delete a few mastheads. What should I do?
A: If you are using MDM, please do not enable ES until a patch for 
Enhanced Security (ES) and SHA256 features becomes available in several 
weeks.


___________________________________________________________________________________________
Application Engineering Team 
IBM Endpoint Manager 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20140318/94904aff/attachment.html>

More information about the Besadmin-announcements mailing list