Layer7 Privileged Access Management

Announcement regarding Layer7 Privileged Access Management Support for AdoptOpenJDK

By Michael Dullea posted 08-14-2019 01:42 PM

  

As outlined in CA’s recent general notice regarding Java, CA software products will be migrating to support open-source implementations of Java. 

For Layer7 products, primary support will shift from Oracle Java to AdoptOpenJDK, a popular free version of Java that derives its source from OpenJDK.

What is AdoptOpenJDK?

"AdoptOpenJDK uses infrastructure, build and test scripts to produce prebuilt binaries from OpenJDK™ class libraries and a choice of either the OpenJDK HotSpot or Eclipse OpenJ9 VM.

All AdoptOpenJDK binaries and scripts are open source licensed and available for free." (source: https://adoptopenjdk.net/)

 

This document will discuss details of the change as they pertain to the Layer7 Privileged Access Management products, and provide users with information that will help ensure that their product deployment(s) can continue to be supported by Broadcom/CA in the future.

The summary level progression of our shift to use of AdoptOpenJDK

  • The following components of Layer7 Privileged Access Management embed Java libraries:
    • CA Privileged Access Manager
    • CA Privileged Access Manager Server Control
    • CA Shared Account Manager
    • CA Privileged Identity Manager
    • CA Threat Analytics (for PAM)
  • We currently plan that any and all future code releases (fixes, services packs, dot releases, version releases) that have a dependency on Java libraries will be replaced with AdoptOpenJDK
  • We currently plan to introduce patches for each of the Layer7 Privileged Access Management products that will include AdoptOpenJDK components. The following patches will be available for each of the supported products:

Product

Version

Delivery

Expected Delivery Date

CA Privileged Access Manager

 

v3.2

V3.2.6

August 31, 2019

CA Privileged Access Manager

v3.3

V3.3.1

September 30, 2019

CA Privileged Access Manager Server Control

v14.0

Java Migration Patcher

August 31, 2019

CA Privileged Access Manager Server Control

v14.1

Java Migration Patcher

August 31, 2019

CA Shared Account Manager

v12.8 CF3

Java Migration Patcher

August 19, 2019

CA Shared Account Manager

v12.9 SP2

Java Migration Patcher

August 19, 2019

CA Shared Account Manager

v14.0

Java Migration Patcher

August 19, 2019

CA Privileged Identity Manager

v12.8 CF3

Java Migration Patcher

August 19, 2019

CA Privileged Identity Manager

v12.9 SP2

Java Migration Patcher

August 19, 2019

CA Privileged Identity Manager

v14.0

Java Migration Patcher

August 19, 2019

CA Threat Analytics (for PAM)

V2.2.0

Java Migration Patcher

August 19, 2019

CA Threat Analytics (for PAM)

V2.2.1

Java Migration Patcher

August 19, 2019

CA Threat Analytics (for PAM)

V2.2.2

Java Migration Patcher

August 19, 2019

CA Threat Analytics (for PAM)

V2.2.3

Java Migration Patcher

August 19, 2019

 

 

FAQ

Q1: I am running a release of Layer7 Privileged Access Manager that is prior to version v3.2, what do I need to do?

A1: You can continue to use that product as long as it’s still under current support.  However, we encourage you to upgrade to v3.2 or newer as they will include embedded AdoptOpenJDK libraries in place of Oracle Java libraries. 

 

Q2: For Layer7 Privileged Access Manager, do I need to also update the Workstation Client, App2App clients or PAM Windows Proxy Agent?

A2: For the App2App clients and PAM Windows Proxy, there is no need to update but any vulnerability fix in the JRE will require the component to be replaced with the AdoptOpenJDK version. In the case of the PAM Workstation Client, updating to PAM 3.2.6 or 3.3.1 will provide a new Client update replacing the Oracle JRE.  Note that the delivery of the PAM client will also shift to a download directly from the PAM Server rather than a Content Delivery Network (CDN) URL.

 

 

 

0 comments
26 views

Permalink