Enterprise Cloud
2.17 Release Notes
We are pleased to announce the availability of release 2.17 of the Enterprise Cloud on 15 December 2012.
Authentication using X.509 Certificates
Authentication permits use of X.509 certificates from Personal Identity Verification cards. Certificates that sign end entity certificates and the certificates of any Certificate Authorities in the trust hierarchy up to the certificate the customer declares as trusted, or the root Certificate Authority, are exported and stored within the Enterprise Cloud service. Certificates presented are validated using Online Certificate Status Protocol (OCSP) to the OCSP responder provided to the Enterprise Cloud. Certificate Revocation Lists are not supported.
Infinicenter Console
Internet Service Protocol of Both TCP and UDP
Previously, to create an Internet Service on both TCP port 21 and UDP port 21 required two Internet services. A new protocol of TCP+UDP now permits a single Internet service to simultaneously support the same port, or ports, on both the TCP and UDP protocols. Furthermore, TCP, UDP, and TCP+UDP Internet services permit multiple ports and multiple port ranges.
Infinicenter Console
- Users may view, create, manage, and delete Internet services with a port, ports, a port range, port ranges, or combination simultaneously on both TCP and UDP protocols.
Enterprise Cloud API
- API users may view, create, manage, and delete Internet services with a port, ports, a port range, port ranges, or combination simultaneously on both TCP and UDP protocols.
Security Groups for Role-Based Access Control 2
Role-Based Access Control (RBAC) is a National Institute of Standards and Technology (NIST) standard with the second level adding constraints to basic RBAC. In the Enterprise Cloud, RBAC2 is implemented with Security Groups added to the granular permissions introduced in release 2.10. Devices are assigned to Security Groups and, as with existing Organization and Environment roles, roles are defined with specific constraints upon device-level activities for each Security Group. Users are assigned to Security Group roles in the same manner as Organization and Environment roles. "User with All Operations" is a new system-defined role for Security Groups.
Note: Users with Organization-level Administrator role, users with Environment-level User w/Billing role, and users with Environment-level User w/o Billing role override the constraints of Security Group roles.
Where Environment level and Security Group level permissions conflict, the Security Group level permissions apply exclusively to actions upon virtual machines that are members of the Security Group; for all other actions the Environment level permissions apply. For example, Manage Device IPs may be assigned in both Environment and Security Group levels. The user with Manage Device IPs permission for a Security Group but not for the Environment may assign IPs to a device in the Security Group but may not reserve IPs on the Network tab.
Note: A user must have access to the Environment in which devices in a Security Group reside. The Security Group role cannot override a lack of an Environment level role.
Enterprise Cloud API
- System permits or denies user actions on a server depending on Organizational, Environmental, and Security Group access levels.
- Users may retrieve a list of all security groups or a specified security group.
- Administrators may create, edit, enable, disable, or delete security groups.
- Administrators may create, edit, or delete a security group level role.
- Administrators may assign users security group level roles from Roles service or Users service.
- Administrators may assign virtual machines and physical devices to a security group or security groups to a virtual machine or physical device.
Note: The calls, which assign security groups to a virtual machine or physical device, incorrectly return the virtual machine or physical device. They should return only the AssignedSecurityGroups object. Release 2013-02-01 will return the correct object.
Template Distribution
Template Distribution automates the distribution of templates to all data centers and permits versioning of templates. Versioning permits users to create virtual machines from prior versions of templates to ensure consistent application environments, if desired.
Enterprise Cloud API
User Experience Improvement
Infinicenter Console
- Users may export metered billing data in detail or summarized by virtual machine.
- Administrators may set a flag during creates and edits of non-administrator users indicating that they should receive Enterprise Cloud Change Notices.
- Firewall Audit report enhanced to perform string comparisons between firewall rules from the firewall configuration and from the Infinicenter configuration. Matches are printed in blue. When exported, a new column, Is Match W/String Comparison, indicates a match with a value of yes.
Enterprise Cloud API
- Users may retrieve metered billing grouped by virtual machine.
|