Symantec Privileged Access Management

 View Only

 About remoteCLI and JAVA updates

Jump to Best Answer
MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Sep 12, 2023 05:34 AM

Hi Team,

A customer asked me a question, so I'll check it out. 

Are there any precautions when updating remoteCLI and JAVA?

Install and Set Up the Remote CLI and Java API
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-2/programming/credential-manager-remote-cli-and-java-api/install-and-set-up-the-remote-cli-and-java-api.html
The manual puts PAM into maintenance mode, is this necessary?
remoteCLI needs to allow "Enable External CLI," does that need to be disallowed?
Also, is the remoteCLI OK to replace the JAR?
Thanks,

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl posted Sep 13, 2023 10:50 AM Best Answer

There is no batch file involved. You just replace the jar file and script to use a newer version. The keystore created in the past will continue to work as long as the PAM server certificate stays the same.

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl posted Sep 12, 2023 11:13 AM

Hello, The documentation page you point to is concerned with enabling the external CLI, if not enabled. This requires a reboot, and as in any other case where a reboot is requirement, it makes sense to put the node in maintenance mode prior to this activity to avoid killing active user sessions with the reboot. However, you seem to be concerned about updates to the remote CLI and your Java version, which is completely different. In that case you would have the external CLI enabled already and no action is required on the PAM server side. The remote CLI is not a service and consists of a jar file and a script. You can update those at any time. The remote CLI does not include a private JRE, but uses a public JRE that you install. You can update that JRE any time. As stated in the documentation page, we recommend to use the lastest JRE 8 version.

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Sep 12, 2023 09:50 PM

Hi,

Thank you for answering.
 
> The remote CLI is not a service and consists of a jar file and a script. 
In addition, I would like to confirm that the only way to update RemoteCLI is to replace the jar file?
Do I need to run a batch file?

Thanks,