Beruflich Dokumente
Kultur Dokumente
Enhancement Issue ID
Increased session request maximum retention period to 8 years. Increased session log retention BFER 3350,
before archival maximum to 8 years. 3535
Support Sybase IQ v15.4 through existing Sybase platform. 3853
Added Thai as a choice for keyboard and language in PSM Connect Options. BFER 3875
Can now set up a Windows account as a functional account for a MS SQL Server system through BFER 5285
CLI/API and batch import/update.
Added a Convert to ASCII check box on the PSM hot keys menu to assist with cut and paste BFER 6895
during a session.
Changes made to resolve copy and paste issues for various languages and keyboards. BFER 6895
Added SessionLogID and ActiveSessionID to the Other Info column of the Activity report to link BFER 7086
session starts, session replays and kill sessions.
Added new data extract, NoExpandEntitlements, which does not show group or collection BFER 7178
assignments expanded.
Allow TPAM and DPA to support TLS v1.2 connections to HP NonStop platform. BFER 7460
Added new CLI/API command, ProfileCertificate, that allows an Administrator or PPM ISA to BFER 7469
download certificates assigned to a managed system. Certificates created by TPAM can also be
regenerated with this command. For more details see the TPAM Administrator Guide, CLI/API
Command Chapter.
Added a new global setting to allow user IDs using certificate authentication to be linked to the BFER 7570
certificate through the value of the subjectAltName:PrincipalName attribute in the certificate.
For more details see the Global Setting chapter in the System Administrator Guide.
Added four batch reports for auto discovery mappings: Daily LDAP/AD System Auto Discovery BFER 7615
Mappings, Daily LDAP/AD User Auto Discovery Mappings, Daily Generic System Auto Discovery
Mappings, Daily Generic User Auto Discovery Mappings.
Added ascending/descending date sort order to auto discovery agent log filter. BFER 7753
Added certificate information, certificateinfo.txt, to generated support bundles to assist in BFER 7762
troubleshooting.
Allow the use of a domain account as the functional account for custom platforms. BFER 7786
The PSM session viewer no longer runs within a browser. Java JRE (1.7+) must be installed on the BFER 7787
client server to use the JNLP viewer to view sessions, however the Java plug-in within the
browser can be disabled. As a result of the JNLP changes the procedure for PSM file transfer
has changed. Please see the TPAM Administrator Guide, TPAM Requestor Guide, or
Conducting Sessions chapter for details.
Added email notification User Type Edited that sends an email when the user type of a user ID is BFER 7819
changed. This notification will be sent to the email address of the user ID affected.
Security enhancements made to TPAM console, DPA and cache server. BFER
7851,7882,
7897, 8160
Added support for SAP clusters. For more details see the SAP chapter in the Client Set Up Guide. BFER 7861
Added support for Cisco ACS (Access Control Server) platform. BFER 7879
Any place that password profile selection is visible, now the total number of minutes per day BFER 7884
that the check or change can be scheduled is also displayed.
Added ISA File Release Log retention setting to Global Settings. Changed minimum retention BFER 7937
setting for File Release Requests from 1 day to 10.
The use SSL option has been added to the Oracle platform, enabling SSL connection encryption BFER 7939
Enhancement Issue ID
Added a --ForUser parameter to the ListAcctsForPwdRequest and ListAcctsForSessionRequest BFER 7946
CLI/API commands.
Add message body tags to display the account used to authenticate to the Session Start and BFER 7948
Post Session Notification emails. Increased characters allowed on the message body from 500 to
2000.
Added support for VMware vSphere v6. BFER 7952
Updated OpenSSL version to 1.0.2g. BFER 7954
Added ability to label the SysLog with the appliance names from the cluster management page BFER 7997
to differentiate between cluster members.
Added default request duration setting to access policies. The password, session or file request BFER 7998
default duration is now pulled from the either the access policy or the account settings.
Account Discovery options are now disabled if a domain account or local computer account is BFER 8019
used for the functional account on a Microsoft SQL Server system. After applying 2.5.916 any
MS SQL systems with domain or local computer as the functional account will have their account
discovery settings cleared and noted in the patch log.
Increased maximum characters allowed for domain name on system batch import and update to BFER 8021
286.
Performance improvements for the User Entitlement Report. BFER 8037
Do not change password while release is active can now be selected on a password change BFER 8058
profile even if No scheduled password changes is also selected. This will prevent post release
resets occurring while the release is still active.
Increased Max Recording Size global setting maximum to 2 GB. Session sizes over 800 MB should BFER 8068
be hosted through the DPA.
Added linked accounts functionality so that one user ID can be to be linked to many privileged BFER 8069
accounts without requiring user specific accounts on each managed system. This allows for PSM
access without the user knowing the password for the privileged account. For more details see
the Linked Accounts chapter in the TPAM Administrator Guide. Added new CLI/API commands to
list linked accounts, use linked accounts for PSM requests and add/remove linked accounts for
users.
When a user tries to access an unauthorized page, the warning message also now notifies them BFER 8078
that their access attempt has been logged.
Expanded Name on Domain on managed account page for *nix systems to hold 286 characters. BFER 8119
Made some performance improvements to password request and approval process. BFER 8123
Added option to include password check and change profile information when creating a support BFER 8142
bundle.
Updates have been made to the SonicWall platform to be more compatible across the different BFER 8147
SonicWall series.
TPAM's native SSH client has been updated to OpenSSH 7.2. Older platforms that have Diffie- BFER 8147
Hellman key lengths less than 2048 are unable to be managed by TPAM due to this
restriction. Target systems may need to be upgraded or KEX Algorithms modified to support a
different exchange. Contact TPAM Customer support if further options are needed.
Web certificate requests generated through TPAM now use SHA-2. BFER 8154,
8260
If the Do not change password while release is active check box is selected on password BFER 8175
change profile assigned to an account that a PSM proxy type of auto logon, the password will not
be changed if a session is recording.
Added the TPAM software version installed to the file name of the support bundle. BFER 8206
Added details in Cache server chapter about adding a certificate from a custom application BFER 8211
interface.
Enhancement Issue ID
Added warnings on Password Rules Configuration page if settings selected do not conform with BFER 8235
what is recommended. The setting will be highlighted in orange, and a mouse hover pops up the
warning.
Added more detailed instructions on configuring account discovery in the TPAM Administrators BFER 8241
Guide.
Added Owner check box to email config for notifications on system, account and file email BFER 8244
changes. If the check box is not selected the email will be logged but not sent out.
Improved performance when retrieving next profile schedule for an account or synchronized BFER 8251
password.
Added record in the Activity log to indicate if a manual password update was successful or if it BFER 8259
failed.
Added filter capability on the Manage Host Keys listing. Also added total count of how many host BFER 8265
keys exist.
Accounts with password management set to Manual, can no longer be synchronized password BFER 8269
subscribers.
NOTE: Any manually managed accounts that were members of a synchronized password prior
to applying the 2.5.916 patch will be unsubscribed and noted in the patch log.
Configuration changes to application server component to provide additional security BFER 8280,
enhancement. 8281
For UpdatePSMAccount CLI command, when setting FileTransType, FileTransPath or BFER 8448
FileTransAuthMethod you must supply all three at the same time even when the other values are
not being changed. When FileTransType is being disabled you may omit the other values.
Resolved issues
The following is a list of issues addressed in this release.
Browser requirements
Table 5. Browser requirements
Requirement Details
Microsoft Internet Explorer V8-11 (32 and 64 bit)
NOTE: TPAM no longer supports Internet Explorer V7. When TPAM
2.5.917 is released, Internet Explorer V8 will no longer be supported.
Mozilla Firefox V3.5+
Google Chrome V39+
Java requirements
Java 7 update 45 or higher is required for PSM. Java 32 and 64 bit are supported.
Installation instructions
It is strongly recommended that a backup of the current version of TPAM be run and downloaded prior to
applying this patch. You must put the appliance in Maintenance mode BEFORE you apply the 2.5.916 patch.
We recommend temporarily setting the failover timeout for any replicas to 3600 seconds so that they will
not failover during the patch process. The patch process could take a long period of time so be patient.
Once the patch has installed (which you should verify by checking the patch log) please reboot the primary
appliance. If you have replicas, check the Cluster Status tab to ensure the replicas have also been
upgraded. Once the replicas have received the upgrade these should also be rebooted.
If you have cache servers, after the patch is installed, go to the Cache Server Management Details tab and
clear the Enabled check box and click the Save Changes button. Wait one minute then select the Enabled
check box, and Save Changes again. Repeat this for all your cache servers.
Any problems applying the patch should be reported to Technical Support. Before applying the patch make sure
that no active PSM sessions are running. If you are upgrading from 2.5.908 or earlier and you are using DPAs and
transferring large files during sessions, it is recommended that the DPA/s be rebooted after applying the
2.5.916 patch. Refer to TPAM System Administrator Guide for installation instructions.
Upgrade Options
There are two options for the upgrade appliances that Dell will ship for version 2.5 that are outlined below.
Hardware refresh: Brand new hardware is purchased at a special upgrade-only price and includes
additional memory to take advantage of the new 64-bit operating system.
Like-kind: A like-kind, new or refurbished appliance(s) is provided to replace the existing appliance(s) in
your environment at no cost. With this option, your previously purchased appliance(s) are returned to
Dell when the upgrade to version 2.5 is complete.
To start the upgrade process for version 2.5, please contact your sales representative.
Globalization
This release supports any single-byte character set. Double-byte or multi-byte character sets are not supported.
In this release, all product components should be configured to use the same or compatible character encodings
and should be installed to use the same locale and regional options. This release is targeted to support
operations in the following regions: North America, Western Europe and Latin America, Central and Eastern
Europe, Far-East Asia, Japan.
This release has the following known capabilities or limitations: Although there are existing customers in all
markets, the product supports US English only at this time. There is very limited support for non-US character
sets and keyboards, and only in a small number of areas within the application.
Contacting Dell
For sales or other inquiries, visit http://software.dell.com/company/contact-us.aspx or call 1-949-754-8000.
Legend
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.