Imprivata Privileged Access Management Product Update 2.3.202107182259
July 18, 2021
This update added the option to mass reschedule selected jobs using Jobs History Report for the repeated execution, added the option to cancel or defer periodically scheduled jobs to retain the password of a checked-out record
Added the option to mass reschedule selected jobs
The update adds the Job History report option to select several jobs in the list and use Bulk Actions / Reschedule to mass reschedule selected jobs for the repeated execution. The option allows repeating failed jobs after resolving underlying network issues as well as simplifies troubleshooting job execution by allowing to quickly mass reschedule jobs to re-execute.
Added the option to cancel or defer periodically scheduled jobs for checked out records
The update adds the option to cancel or defer periodically scheduled jobs for checked out records. The option allows retaining the current password on record for the checked-out records when the password is used to perform network activities.
The option is controlled by the global parameter Periodic Jobs Execution When Checkout. The following options are available:
- Proceed – Periodic jobs will be executed even if the record is checked out. This is the default setting.
- Cancel – Periodic jobs will be cancelled at the time of scheduled execution if the record is checked out. This option allows the record to remain intact during the time it is checked out such as password values. The option relies on the necessary jobs being scheduled during the Check-In process.
- Defer – Periodic jobs will be deferred to the request expiration time if the record is checked out. This option allows the record to remain intact during the time it is checked out deferring jobs until the request has expired and the record is checked in.
Added the option to forward Remote Session Manager traffic from the master nodes through remote Universal Proxy
The update adds the option to proxy both WEB and Native remote session manager traffic from the master node using a single Universal Proxy port. The option allows exposing all remote node services using a single port to better control firewall configuration. The option also allows configuring remote WEB Session Manager to require master node authentication using a key common between master and remote node given by system property cas.tgc.crypto.signing.key
In addition to Universal Proxy connections to remote WEB and Native session managers, the update added the option to expose HTTP Proxy on the master nodes through the universal proxy interface together with RDP and SQL Proxy for better control of the network traffic on the firewall and load balancer.
Universal Proxy options are controlled the following global parameters that could be overridden by system properties in case of disconnected remote node configurations:
- Universal Proxy – Enabled or disabled universal proxy service. System parameter: xta.proxy.universal=enabled|disabled
- Universal Proxy Port – Defines custom port for universal proxy service (default: 2017). System parameter: xta.proxy.universal=enabled|disabled
- Universal Proxy HTTP Forwarding – Enables Native Session Manager and HTTP Proxy port forwarding. System parameter: xta.proxy.universal.forward.http=enabled|disabled
- Universal Proxy HTTP Forwarding Host – Defines Native Session Manager and HTTP Proxy port forwarding host (default: 127.0.0.1:8081). System parameter: xta.proxy.universal.forward.http.host=host:port
- Universal Proxy Session Manager Forwarding – Enables WEB Session Manager port forwarding. System parameter: xta.proxy.universal.forward.sm=enabled|disabled
- Universal Proxy Session Manager Forwarding Host – Defines WEB Session Manager port forwarding host (default: 127.0.0.1:4822). System parameter: xta.proxy.universal.forward.sm.host=host:port
- Universal Proxy HTTP Forwarding Use SSL – Enables SSL communication with WEB Session Manager. System parameter: xtam.proxy.universal.forward.sm.ssl=enabled|disabled
Note that for WEB Session Manager forwarding remote node keystore should contain a certificate of the remote WEB Session Manager. In addition to this, master nodes should contain certificates of the remote universal proxy instead of the remote WEB Session Manager. Remote WEB Session manager in this scenario could be completely hidden behind the firewall because only remote universal proxy will connect to remote WEB Session manager on the same node.