.NET 8.0.0 or later (available through BT Updater via Supporting Software SUPI subscription)
SUPI 3.2 (available through BT Updater)
BeyondInsight 24.1
New Features and Enhancements:
The Configuration Wizard now includes configuration for Endpoint Privilege Management (EPM) use cases. The appliance management software maintains the EPM features during new installations and upgrades. EPM features have been added to the Feature Selection screen of the Configuration Wizard, and the feature questionnaire has been updated to assist with enabling these new features. The new EPM features are:
Endpoint Privilege Management Event Collector
Privilege Management Reporting (PMR)
Endpoint Privilege Management Database Access
Endpoint Privilege Management Web Policy Editor (WPE)
Updated the Feature Configuration screen of the Configuration Wizard:
Endpoint Privilege Management tab added for configuring EPM database settings
SQL Server Feature tab updated to include SQL login accounts for the EPM Event Event Collector and the PMR Report Reader
Updated the Appliance Feature Configuration page in the console to include the configuration of EPM features:
Endpoint Privilege Management Event Collector
Privilege Management Reporting (PMR)
Endpoint Privilege Management Database Access
Endpoint Privilege Management Web Policy Editor (WPE)
Modified SQL Server Database feature to include SQL login accounts for the EPM Event Event Collector and the PMR Report Reader
Added ability to recognize and onboard existing EPM installation:
On service startup, check to see if the EPM features (DB, WPE, PMR) are already installed and configured.
Allow Admin to enable and disable SQL accounts.
Create script to create and delete an SQL user to allow PMR installation.
Added support for EPM in Business Continuity:
Implemented High Availability support for EPM database
Included backup and restore support for EPM database
Included Cold Spare support for EPM database
Upgraded the pre-condition check for EPM to check account names
Updated service monitoring and log files to include EPM:
Included service monitoring and notifications
Included log files for EPM events
Added EPM components to the Installed Software page
UX improvement was made to update related saved credentials when a password is changed:
Update EPM credentials when a password is changed.
Update BeyondInsight saved credentials when a password is changed.
Updated the appliance health monitoring service to be aware of the High Availability feature and to send applicable notifications for services being monitored in a pair.
Created separate features for the BeyondInsight Manager Engine and Web Console.
Updated appliance health monitoring to consider High Availability status when determining service health.
BeyondInsight Single Sign-On Improvements:
When using the SSO feature to connect to another appliance, an error can be triggered and the token passed in the URL query string.
Made improvements to account creation in the Configuration Wizard:
Better handling of special characters.
Restrict the administrator username from being used as the appliance admin account.
Updates made to prevent 'Pending File Rename' message on cloud appliances.
Updates made to ensure BeyondInsight certificates are created with the proper permissions.
U-Series: .NET 6 upgraded to .NET 8.
Added ability to export log files in intervals smaller than one hour.
Improvements made to post-deploy script warning message:
Display post-deploy log
Allow user to re-kick off post-deploy script
Set image to fire the new post-deploy scripts
Updated code in Backup and Restore to send IP addresses into call to determine local vs remote.
Improvements made to show BeyondInsight for Unix & Linux (BIUL) status on the passive appliance in a High Availability pair. This prevents the setup from failing when BITS jobs are not being processed.
Updates made to keep password policies in sync with BeyondInsight when changing passwords.
Update made to Proxy Server configuration to allow each appliance to have it's own proxy server (vs. global solution setting in BeyondInsight).
Issues Resolved:
Resolved an issue where Dark Mode theme didn't stay saved after logout in all browsers.
A decision was made to have the Login page always load as light mode.
Renamed the Security and Compliance > Administrator Credentials page to Security and Compliance > Account Management.
Resolved an issue where, when socket communication is interrupted, some configuration steps did not show a complete status.
Resolved several Backup and Restore defects.
Resolved a layout issue on the Integrations > Email page in the console.
Resolved a Configuration Wizard issue where screens were not complying with the min 1280 x 800 resolution. The screens now look as intended.
Resolved an issue with appliance credentials where each credential description was behaving like a clickable link. This no longer occurs.
Resolved a text case issue for the Internet Connections step in the Configuration Wizard.
Resolved an issue where it was not possible to update BeyondInsight Credentials. Updates are now working as intended.
Limited the number of notifications displayed in the console to 10,000. More than that may cause the page to not load.
Resolved an issue where the High Availability page showed a random date if the heartbeat sync did not complete after a failover.
Resolved an issue where dependency details were missing for the BIUL feature. These details are now available.
Resolved a PMSMC (PBSMC) typo in Features Editor log.
Resolved an issue where a section on the Local Computer Policy page showed the click finger but the section was not clickable.
Resolved an issue where power options were not able to interact with the Reboot only if an update is pending a reboot option if the resolution was set to a lower value.
Resolved an issue where, when the SQL Server service was set to OFF, the Appliance Features Configuration and Service Status pages were slower to load.
Resolved an issue with Cold Spare where the notification email for a scheduled restore read Manual restore completed. The notification now read Scheduled restore triggered at (date).
Resolved an issue where the log file export default Start Date is in the past and returns an error when saving the configuration. This no longer occurs.
Resolved an issue where the letter case on action buttons was inconsistent on the IP Settings page. One button was all caps and the other had the first letter of each word capitalized. Both buttons now have the first letter of each word capitalized.
Resolved an issue where the Copy Text button for API Key Registration box had an oversized click area which overlapped with the clear text X button. There is no longer an overlap.
Resolved a formatting alignment issue with the bars at top of the Proxy Server page.
Resolved an issue where validation messages did not reflect valid characters when updating credentials for the appliance.
Resolved a Configuration Wizard issue where the BeyondInsight password was not recognizing exclamation points and some other non-alphanumeric characters as special characters.
Resolved a Configuration Wizard issue where the page didn't recognize that the password met complexity requirements and did not proceed to the next step.
Resolved an issue where the BT Updater password had different length requirements for characters on the appliance UI and Configuration Wizard.
Resolved an issue where the SQL user passwords had different length requirements for characters on the appliance UI and Configuration Wizard.
Resolved a Configuration Wizard issue where the Next button disabled when the user returned to the User Credential page.
Resolved an Administrator Credentials issue with BT Updater Credentials & SQL Server Database Password where toast error messages were missing.
Resolved an issue where backup failed because the data was too large for ZIP file format.
Replaced Database Password with TCP/IP Database Connections for the SQL Server Feature in the Configuration Wizard.
Cannot resume High Availability pairing if you upgrade U-Series to 4.1 before the pairing was complete in 4.0.
Resolved a High Availability issue where services on the secondary did not start back up after TURN OFF HA was used on the primary.
Resolved a High Availability issue where setup failed when BITS jobs were not being processed.
Resolved an issue to show BIUL status on the passive appliance in an HA Pair.
Resolved an issue with the 2022 Azure U-Series appliance where the user was receiving notification to reboot the appliance after logging in to the appliance dashboard.
Known Issues:
EPM Event Collector Service is missing from the log download page or log export page if there are no log files present.
EPM/PMR High Availability requires that the source EPM accounts match on each appliance. Accounts require manual intervention to rename.
Workaround: Users need to manually create the EPM/PMR SQL Users in the database on the secondary node.
Last Pass can interfere with the Deployment and Configuration Wizard.
Workaround: Disable or log out of Last Pass or configure the appliance in incognito mode in the browser so that the browser extensions are not interfering with the wizard.
When changing the EPM Database credentials on the host machine and remote collector password, if the EPM Database Access feature is turned off and then on, the user has to enter and confirm their password every time.
The beyondtrust_user account is locked out after changing the Auth SQL Server password.
Appliance self-signed certificate does not have subject alternate name (which does not support HSTS). For Chrome 58 and later, only the subjectAlternativeName extension (not commonName) is used to match the domain name and site certificate.
Notes:
Security Management Appliance Installer 4.2 is dependent on BeyondInsight 24.1.
Security Management Appliance package in BT Updater is dependent on BeyondInsight 24.1.
This update is available through BT Updater or as a manual installer from the download tool.
