This notice is being sent to alert you that Broadcom/CA software products will be migrating to support open-source implementations of Java.
For Layer7 products, primary support will shift from Oracle Java to AdoptOpenJDK, a popular free version of Java that derives its source from OpenJDK.
What is AdoptOpenJDK?
"AdoptOpenJDK uses infrastructure, build and test scripts to produce prebuilt binaries from OpenJDK™ class libraries and a choice of either the OpenJDK HotSpot or Eclipse OpenJ9 VM.
All AdoptOpenJDK binaries and scripts are open source licensed and available for free." (source: https://adoptopenjdk.net/)
This document will discuss the details of the changes as they pertain to the Layer7 Identity Suite, which includes Layer7 Identity Manager, Layer7 Identity Governance, Layer7 Identity Portal and Layer7 Identity Suite Virtual Appliance, and provide users with information that will help ensure that their product deployment(s) can continue to be supported by Broadcom/CA in the future.
The summary level progression of our shift to use of AdoptOpenJDK
- The only components of Layer7 Identity Suite that embed Java libraries are the Virtual Appliance, Bulk Loader Client and the Java Connector Server (JCS).
- With the upcoming Layer7 Identity Suite Virtual Appliance Cumulative Patches (CP) for versions 14.1, 14.2 and 14.3, we will replace embedded Oracle Java libraries in the components with the AdoptOpenJDK libraries.
- For the standalone JCS and Bulk Loader components, a documentation update will be made in our official documentation space to describe how to make the switch from the embedded Oracle JDK to AdoptOpenJDK.
- All testing of the Virtual Appliance components as well as the JCS server were done on AdoptOpenJDK 1.8 update 212.
- Customers with valid licenses from Oracle or IBM may continue to run our products using Oracle and IBM JDK, respectively. In these cases, however, the customer is responsible for obtaining support from IBM or Oracle for issues related to the use of IBM or Oracle JDK.
- Any and all future code releases (fixes, services packs, dot releases, version releases) relevant to the platforms that support Oracle JDK with a dependency on Java libraries will be implemented with AdoptOpenJDK.
FAQ
Q1: I am currently running an Identity Suite vApp, Will I need to change to AdoptOpenJDK?
A1: Yes, in order to be able to receive appropriate support, you must apply the cumulative patches for the Virtual Appliance to allow the replacement of the Oracle JDK with AdoptOpenJDK.
Q2: In case I have a license agreement with Oracle/IBM, must I switch to AdoptOpenJDK?
A2: No. Our solution is compatible with Oracle, IBM and AdoptOpenJDK, and we permit the “Bring your own JAVA” methodology where, if you have an active license and support agreement with either vendor, you may continue using Oracle’s/IBM’s Java implementation with our solution. The only exception is around our Virtual Appliance. We will not support any other version of JAVA in the Virtual Appliance where we only support AdoptOpenJDK.
Q3: Will Broadcom continue support for newer versions of AdoptOpenJDK in the vApp?
A3: Yes, we will continue our regular release cycle of security patches to the vApp and will provide an updated version patch for AdoptOpenJDK in case of a CVE detection and a patch for it being available.
Q4: My company wants to use a different provider of OpenJDK, can I do that?
A4: Broadcom will support different “flavors” of OpenJDK distributions based on our Reasonable Commercial Effort Statement:
Broadcom Support will make a reasonable commercial effort to troubleshoot and/or resolve customer support requests that involve the use of currently supported versions of Layer7 Identity Suite on or with "unsupported" compatible platforms as follows:
- Broadcom Support will accept support incidents (support requests) involving a software platform or a combination of software platforms that is not officially supported per the then-current Broadcom published platform support matrices.
- Broadcom will troubleshoot the issue up to the point that Broadcom has reason to believe that the problem is related to the use of software that is not specified in a then-current platform supported matrix. At such point, Broadcom shall require that the customer reproduce the problem on a fully supported combination of platforms before Broadcom proceeds in troubleshooting the incident.