The following is a list of features that are no longer supported starting with Safeguard for Privileged Passwords 7.0.
-
Desktop client is no longer available starting with 7.0. Only the web client is supported.
-
Changes have been made to the secure VPN that protects communication between appliances in a clustered high-availability configuration. The new VPN only supports the UDP 655 port. Before upgrading, ensure the firewall configurations between appliances permit UDP 655.
-
Approval Anywhere and Starling Two-Factor Authentication functionalities have been deprecated. Any Safeguard for Privileged Passwords customers currently using Starling Two-Factor Authentication as their authentication provider should wait to upgrade until they have removed all Starling Two-Factor Authentication related user information.
Issues addressed by this release follow.
Table 2: General resolved issues
Fixed and issue causing CheckPassword to fail. |
308228 |
VMware Virtual Appliance tools upgraded to the most recent version - (New v7.0 OVA deployments only). |
310055 |
Decreased the memory usage when querying AssetAccounts. |
309538 |
Improved our documentation / Knowledge Base article (KB309238) around the required Firewall rules necessary for "Remote Scheduled Tasks Management (RPC)" for Scheduled Tasks management on Windows Server 2019 platform. |
309722 |
Fixed an error incorrectly reporting failing rescheduling tasks. |
308774 |
Fixed an issue causing platform tasks to be cancelled due to overlapping account discovery schedules. |
308696 |
Addressed an issue causing Access Request Service MYSQLConnector to fail to restart after an unexpected crash. |
308606 |
Fixed an issue with Safeguard communicating with Microsoft telemetry IPS. |
300123 |
Fixed a quarantine issue. |
305208 |
Upgrade issues when moving from 6.11 to 6.12 have been addressed when using restored backups for Azure external federation. |
308456 |
Dependent accounts now correctly linking on Server 2019 in a scheduled task. |
307711 |
Fixed an issue that caused a password for an unrelated service account to be changed when a new asset was created. |
306915 |
Update to ensure an OpenSSL vulnerability would not affect users. |
305830 |
Fixed a quarantine issue. |
304766 |
Account discovered groups no longer impacted when running domain discovery. |
304725 |
No longer required to set Available for use across all partitions (Global Access) to true when configuring a directory account. |
304449 |
Fixed an issue that caused a quarantine after patching. |
304204 |
Improvements made to the progress indicator calculations when joining a replica. |
304105 |
Fixed an issue causing a deadlock during transactions. |
303421 |
Added sso_role as a requirement when configuring Sybase ASE servers. |
314123 |
The following is a list of issues known to exist at the time of release.
Issues may occur when launching telnet sessions after upgrading a Safeguard for Privileged Sessions appliance. If you are experiencing issues, ensure you have downloaded and installed the latest telnet plugin before contacting support. Additional information on configuring and supporting tenet sessions is also available on the telnet plugin site. |
If session playback is failing for fully indexed sessions, the desktop player may need to be upgraded to 1.9.4 or greater. |
SPS initiated sessions failing when using netbios name.
Workaround: Use the domain name. |
For Linux-based platforms, if an account password is encrypted with an algorithm that is not supported by Safeguard, then the CheckPassword operation falls back to validating the password by attempting to login as the account. The following algorithms are supported:
BCrypt, LDAP, MD5, PHPass, SHA256, SHA512, Traditional and Extended DES.
Blowfish, SCrypt, and PBKDF2 for any HMAC. |
Safeguard for Privileged Passwords allows you to manage access requests, approvals, and reviews for your managed accounts and systems.
- The web client consists of an end-user view and administrator view. The fully featured client exposes all of the functionality of Safeguard based on the role of the authenticated user.
- The web management console displays whenever you connect to the virtual appliance and is used for first time configuration.
When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.
Ensure that your system meets the minimum hardware and software requirements for these clients.
If a Safeguard Sessions Appliance is linked to Safeguard for Privileged Passwords, session recording is handled via Safeguard for Privileged Session. The link is initiated from Safeguard for Privileged Sessions. For details about the link steps and issue resolution, see the One Identity Safeguard for Privileged Sessions Administration Guide.
Bandwidth
It is recommended that connection, including overhead, is faster than 10 megabits per second inter-site bandwidth with a one-way latency of less than 500 milliseconds. If you are using traffic shaping, you must allow sufficient bandwidth and priority to port 655 UDP in the shaping profile. These numbers are offered as a guideline only in that other factors could require additional network tuning. These factors include but are not limited to: jitter, packet loss, response time, usage, and network saturation. If there are any further questions, please check with your Network Administration team.