DB2 - Problem description
Problem IT23535 | Status: Closed |
DOCUMENTATION TO PREVENT UNWANTED RESULTS WITH THE 7.1.8 AND 8.1.2 CLIENT ENHANCEMENTS BY INCOMPATIBLE LOCAL GSKIT VERSION | |
product: | |
DP-MY SAP W/DB2 / 5698ERPD2 / 71A - DB2 | |
Problem description: | |
The new 7.1.8 and 8.1.2 IBM Spectrum Protect client key management security feature relies on the minimum GSKit version 8.0.50.78 which is shipped with the client install packages, meant to be installed globally. Applications like DB2, which are backed up by IBM Spectrum Protect for Enterprise Resource Planning via the IBM Spectrum Protect API client, may use a local GSKit for their own security requirements, which might not be at the minimum level required for IBM Spectrum Protect operations. This local GSKit is potentially downlevel. It is forced on the IBM Spectrum Protect API client when the DB2's local GSKit is already present in the DB2 "fenced vendor processe's" address space at the time when the API code is being loaded. This DB2 vendor process is typically named 'db2vend' or 'db2sysc'. There is a risk of unwanted results if the local GSKit is below the minimum GSKit version required for IBM Spectrum Protect client operations. The product manual and requirements documents have to be updated with the goal to make users aware that they have to follow precautions as part of their IBM Spectrum Protect upgrade plans to version 7.1.8 or 8.1.2 Product versions affected: All versions of IBM Spectrum Protect for Enterprise Resource Planning when being used with the IBM Spectrum Protect API client 7.1.8.0 and later 7.1.8 versions or 8.1.2.0 and later 8.1.2 versions Initial impact: Medium Additional keywords: gskit key management gsk km certificate cert gpfs hsm application app downlevel | |
Problem Summary: | |
**************************************************************** | |
Local Fix: | |
Until specific documents are available for IBM Spectrum Protect for Enterprise Resource Planning, refer to the following IBM Spectrum Protect documents: http://www-01.ibm.com/support/docview.wss?uid=swg22011742 https://www.ibm.com/support/knowledgecenter/en/SSGSG7_7.1.8 /client/t_cfg_ssl_symb_lnk_gskit.html https://www.ibm.com/support/knowledgecenter/en/SSEQVQ_8.1.2 /client/t_cfg_ssl_symb_lnk_gskit.html DB2 documents: https://www.ibm.com/support/knowledgecenter/SSEPGG_10.1.0 /com.ibm.db2.luw.admin.sec.doc/doc/r0060220.html https://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0 /com.ibm.db2.luw.admin.sec.doc/doc/r0060220.html https://www.ibm.com/support/knowledgecenter/SSEPGG_11.1.0 /com.ibm.db2.luw.admin.sec.doc/doc/r0060220.html | |
Solution | |
Workaround | |
not known / see Local fix | |
Timestamps | |
Date - problem reported : Date - problem closed : Date - last modified : | 19.12.2017 22.02.2018 22.02.2018 |
Problem solved at the following versions (IBM BugInfos) | |
Problem solved according to the fixlist(s) of the following version(s) |