Spectrum Protect upgrade from 8.1 to 8.1.8

R

rpandey

ADSM.ORG Member
Joined
Feb 2, 2009
Messages
91
Reaction score
2
Points
0
Location
Australia
Hi
I am planning to upgrade Spectrum Protect server from 8.1 to 8.1.8 on Linux Redhat OS. Will there be any issues? What consideration do i need to take?
 
The biggest one is the security changes introduced in 8.1.2:

What you should know about security before you install or upgrade the server

Review information about the enhanced security features in the IBM Spectrum Protect server and the requirements for updating your environment.
www.ibm.com

And why 8.1.8? Why not a recent release? You are missing out on security fixes, apar fixes and new features. All the Security Bulletins listed here are fixed in the latest version: https://www.ibm.com/support/home/se...e_avl:CT792,CT555,CT755&sortby=-dcdate&ct=fab
 
Agreed that SSL certificates are the most significant feature that needs to be considered. You'll want to do some research within your organization whether self-signed certs are ok, or does your org require Root CA signed certs.
 
marclant said:
The biggest one is the security changes introduced in 8.1.2:

What you should know about security before you install or upgrade the server

Review information about the enhanced security features in the IBM Spectrum Protect server and the requirements for updating your environment.
www.ibm.com

And why 8.1.8? Why not a recent release? You are missing out on security fixes, apar fixes and new features. All the Security Bulletins listed here are fixed in the latest version: https://www.ibm.com/support/home/se...e_avl:CT792,CT555,CT755&sortby=-dcdate&ct=fab
Click to expand...
Thank you!
My organisation policy is N-2, that's why i am planning to upgrade to v8.1.8
 
booman55 said:
Agreed that SSL certificates are the most significant feature that needs to be considered. You'll want to do some research within your organization whether self-signed certs are ok, or does your org require Root CA signed certs.
Click to expand...

self-signed certs are fine. What about the encryption stuff?
 
The N-2 or N-1 approach doesn't really work anymore. It used to be that only major releases (6.3.0, 7.1.0, 8.1.0) included new features and fixpacks (8.1.1.000, 8.1.2.000, 8.1.3.000) only include apar fixes. But now with agile development, fixpacks include both new features and apar fixes. So every new fixpacks includes new features that the previous version didn't have. So regardless which level you pick, you will have new features that were not in the previous version, so if you go with 8.1.9 (which is N-2), you would still have new features never present in an earlier release. It's probably a better approach to run the latest to get fixes for known issues, and not implement new features until they have been out for 2 versions.

If office politics forces you to stick to N-2, at least go to 8.1.9.300 in order to get fixes to issues present in 8.1.9.000.
 
I know you said n-2, but have a look at 8.1.10.100. It's been rock stable for me. I had some issues with 8.1.8 and had to take several efixes not published.
*Edit: and there were some some high cve's fixed in 8.1.10 as well. Haven't looked at .11 yet so can't offer insight. Too new for my blood :)
 
marclant said:
The N-2 or N-1 approach doesn't really work anymore. It used to be that only major releases (6.3.0, 7.1.0, 8.1.0) included new features and fixpacks (8.1.1.000, 8.1.2.000, 8.1.3.000) only include apar fixes. But now with agile development, fixpacks include both new features and apar fixes. So every new fixpacks includes new features that the previous version didn't have. So regardless which level you pick, you will have new features that were not in the previous version, so if you go with 8.1.9 (which is N-2), you would still have new features never present in an earlier release. It's probably a better approach to run the latest to get fixes for known issues, and not implement new features until they have been out for 2 versions.

If office politics forces you to stick to N-2, at least go to 8.1.9.300 in order to get fixes to issues present in 8.1.9.000.
Click to expand...

Thanks for your feedback. I have proposed to upgrade to latest version.
 
RecoveryOne said:
I know you said n-2, but have a look at 8.1.10.100. It's been rock stable for me. I had some issues with 8.1.8 and had to take several efixes not published.
*Edit: and there were some some high cve's fixed in 8.1.10 as well. Haven't looked at .11 yet so can't offer insight. Too new for my blood :)
Click to expand...
Thanks for your feedback
 
Any time. 8.1.9.300 was good as well, but I know .10 fixed those CVE's. So guess it needs to be ran by your infosec team. I myself am looking here at .11 soonish. Just as soon as I get some time to dig in deeper past the announcement.
 
RecoveryOne said:
Any time. 8.1.9.300 was good as well, but I know .10 fixed those CVE's. So guess it needs to be ran by your infosec team. I myself am looking here at .11 soonish. Just as soon as I get some time to dig in deeper past the announcement.
Click to expand...

Thank you
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,967
Messages
135,413
Members
21,944
Latest member
TheBez
Back
Top