Date: Wednesday, 15 December 2021
This appliance firmware update provides fixes and new features for IBM Security Verify Access. After applying this firmware update, the release number of the appliance will become
Please note that (as of IBM Security Access Manager Version 9.0.5) there is a potential change to performance when the Spectre/Meltdown fixes are applied. As a result, the Spectre/Meltdown fixes are disabled by default on the following two hypervisors:
The fix is enabled by default in all other ISAM environments.
Administrators can use the following Advanced Tuning Parameter to enable and disable the Spectre/Meltdown fixes. You can change the value for this Advanced Tuning Parameter in the local management interface by selecting Manage System Settings > System Settings > Advanced Tuning Parameters.
kernel.disable.spectre = true/false true - indicates that the fix is disabled. This will be the default for XenServer and AWS environments. false - indicates that the fix will be enabled.IBM recommends using a value of kernel.disable.spectre = false in all ISAM environments. Administrators are advised to evaluate the performance in their environments and make deployment adjustments accordingly.
IMPORTANT - The setting of the above advanced tuning parameter does not require the restart of any services or the appliance itself. The configuration will be automatically applied to the running system.
Administrators can expect performance degradation after they enable the mitigation for the vulnerability. Processing times are impacted; and as such, users submitting browser-based requests are likely to experience increased response times.
The impact on appliance performance is estimated to be in the 0% to 10% range for most IBM Security Access Manager environments. However, for XenServer and Amazon Web Service (AWS) environments, testing has shown that the impact on performance from 0% to upwards of 20%. Due to the nature of more complex environments, this performance degradation may be higher.
This release package contains:
This fixpack is distributed as an electronic download from the IBM Support Web Site.
Back to ContentsFor a complete list of APARs that are fixed by the release, see the Technote at APARs fixed in
Back to ContentsFor a complete list of new features that are included in the release, see the following What's New
Back to Contents1. Review supported ISAM/ISVA Upgrade Paths.
2. Create an Appliance snapshot. This is important for recovery since the firmware update will overwrite the backup partiton.
3. Follow the upgrade tasks as described in the IBM Documentation. See Upgrading to Version
Back to ContentsIMPORTANT: This Appliance Firmware update should not be considered as a fix-pack. When applying this update to the Appliance, the fix-pack option should not be used. Ensure that all upgrade instructions provided are reviewed before applying this to your Appliances.
Scenario | Complete this task |
If you are installing the Appliance for the first time | Download the firmware image and install.
If you are upgrading the Appliance to version |
Download the .pkg file and complete either of the following options: |
If you enabled FIPS 140-2 mode, you must restart the appliance to ensure that the FIPS 140-2 mode is still enforced.
Check that the correct version is installed. From the Local Management Interface, select Manage System Settings > Updates and Licensing > Overview.
You can also navigate to Manage System Settings > Updates and Licensing > Firmware Settings. Examine the details that are associated with the Active Partition and ensure that the firmware version is correct.
Back to ContentsYou cannot uninstall the firmware update, but you can boot the Appliance to the previous version of the firmware:
The IBM Documentation contains all documentation for this release. See IBM Security Verify Access
Back to ContentsDocumentation for known issues, limitations, and workarounds is maintained on the IBM Support site. For more information, see known limitations on the IBM Documentation.
