We highly recommend that you read the following document before installation:
CA UIM 9 Service Pack 1https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en/release-notes/ca-uim-9-service-pack-1
Secure Hub and Robot (CA UIM 9 SP1)https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en/upgrading/ca-uim-upgrade-step-3-deploy-the-upgrade/upgrade-uim-server/secure-hub-and-robot-ca-uim-9-sp1
During the install the customer can select a checkbox to install the secure binaries. The secure binary installer makes alterations to the tunnel environment and if it's not set up in a particular way already, it can have unforeseen consequences. For example IF the Primary hub is not a tunnel client or a Server, it automatically sets it up as a Tunnel Server.
During the installation process, when you go to install and select "yes" for secure hub/binaries, should pop up a window telling you to make sure you have read the 'Considerations prior to upgrading,' and it links directly to this:https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en/upgrading/ca-uim-upgrade-step-3-deploy-the-upgrade/upgrade-uim-server/secure-hub-and-robot-ca-uim-9-sp1#SecureHubandRobot(CAUIM9SP1)-Considerations
After the installation of a Secure Hub on the Primary, if you can only see the Primary/Secondary and tunneled hubs in the Admin Console, and NON_tunneled hubs in IM, you might want to change it and if so, you can do the following:
1. Drag and drop hub v9.10 on the Primary/tunnel hubs to overwrite 9.10S.
2. Drag and drop robot_update v9.10 on top of the 9.10S version.- Note that if you did install the secure binaries, then you should install the hub_adapter probe on ALL other hubs to be able to see them in IM.
- The hub_adapter probe facilitates robot->hub communication
with secure/nonsecure mixed environments. In IM the only way to see all the hubs is that they need to be tunneled.
- hub_adapter only allows pre-secure-bus ROBOTS to talk to the Secure hub
, e.g. you can have Hub 9.10S running, but servicing robots v7.97 and prior as long as the hub_adapter probe is deployed an in place.
- If you remove hub_adapter you lose the ability to talk to non-9.10S robots
. But it does NOT help with hub-to-hub, only robot-to-hub communications.
- Secure Bus does NOT support non-tunneled hubs, hence ALL hub-to-hub communication MUST be tunneled
Note also that if and when you upgrade to 9.10S, it actually REMOVES any Name Service/static hub entries.
If you used static hubs you may have to re-enter them.
Warning regarding hub LDAP connectivity:
Note that there is currently (as of 5/13/19), there is an LDAP connectivity issue with any hub > 7.93. The LDAP connection test fails. The only way to currently workaround this is to deploy/use another hub that is running hub v7.93. The issue was uncovered in hub v7.97/7.97 but when you downgrade to 7.93 it is avoided. One other option you can use is to configure another hub running v7.93 to connect to LDAP, then test it to confirm connectivity to the LDAP server, then configure the Primary hub as a 'Nimsoft Proxy hub' (see General->Settings) and point it to the hub v7.93 NimBUS address.