New in Version 2.1.0
This version delivers new features, enhancements, currency support, and security product integration.
For the latest information about the release and to download the latest fix packs, see Fix Packs.
2.1.0.6 Fix Pack Release
- Command extraction for Privileged Session Gateway
- Commands that are entered during a Privileged Session Gateway session are now captured, bookmarked, and indexed when you play back the session recording.
2.1.0.3 Fix Pack Release
- Privileged Session Gateway activation key
- Starting from Fix Pack 3, you must specify an activation key in the Privileged Session Gateway response file with the activation_key parameter to start a Privileged Session Gateway node. See Privileged Session Gateway installation.
- Privileged Session Gateway trusted sessions
- A unique Client ID identifies authorized IBM® Security Privileged Identity Manager virtual appliances or clusters that can connect to the Privileged Session Gateway. For this enhancement, the response file adds the following new parameters authorized_clients and disable_client_authorization.
- Enhanced Privileged Session Gateway setup for outbound certificate management
- In the response file, you can now provide the domain name of the virtual appliance or load-balanced cluster for the outbound certificate with the outbound_certificate_urls parameter. The Privileged Session Gateway retrieves the virtual appliance or cluster root certificate from the domain name that you specify during startup. See Privileged Session Gateway installation.
- Custom rule to validate password policies
- Create a custom validation rule to evaluate a password after the other rules are defined in the Rules tab. See Creating a custom validation rule.
- IBM Cognos® Analytics 11 support and new reports
- IBM Security Privileged Identity Manager adds IBM Cognos Analytics 11 support for reports. See Report administration for a list of new and available reports.
- External Active Directory for failover
- Use failover domain controllers to configure high availability configuration for the external registries. See Configuring multiple Active Directory nodes for failover.
- DB2® for Automatic Client Reroute (ACR)
- You can now configure DB2 in ACR mode to automatically reroute to a secondary database server. See Configuring DB2 for automatic client reroute (ACR).
- Privileged Access Agent, Windows 10 Anniversary Update, and other enhancements
- Windows 10, version 1607, Anniversary Update is now supported.
- AccessProfiles for Microsoft Remote Desktop, Internet Explorer, and PuTTY have been updated to support Windows 10, Anniversary Update.
- UI Automation Extension is now included by default in the Privileged Access Agent installer. Two new actions have also been
added in this release.
Earlier versions of the extension were previously available from the Observer Extensions technote.
For more information, see the fix pack readme.
- IBM Security Privileged Identity Manager Disaster Recovery environment
- Set up an environment for disaster recovery to support the following scenarios:
- A temporary environment when the IBM Security Privileged Identity Manager virtual appliance is undergoing maintenance.
- A secondary environment when the IBM Security Privileged Identity Manager virtual appliance is compromised.
- Migration data from IBM Security Privileged Identity Manager version 1.x to IBM Security Privileged Identity Manager version 2.x
- See the following migration topics:
2.1.0 Release
- Privileged Session Gateway
- With Privileged Session Gateway, privileged users can access protected SSH-managed systems through a web-based console without installing a client on their workstations. Session recording is also supported. The Privileged Session Gateway is an optional component that you install separately.
- New policies for the Privileged Session Gateway
- The Administrative console includes new policies for configuring sessions that are started by using the Privileged Session Gateway:
Currency support
- Google Chrome support
- Google Chrome is now a supported web browser to access IBM Security Privileged Identity Manager web consoles.
- Transport Layer Security (TLS) 1.2 support
- IBM Security Privileged Identity Manager adds support for connections to IBM Security Directory Server over TLS 1.2.
Security Product Integration
- Integration with IBM Security Identity Governance and Intelligence
- An Identity Governance administrator can use IBM Security Privileged Identity Manager to manage shared access to privileged credentials. The recertification of privileged user's access entitlements is performed in IBM Security Identity Governance and Intelligence. See the IBM Security Identity Governance and Intelligence product documentation.
Enhancements
- Privileged Access Agent for automatic credential check-in and check-out
- The AccessAgent component is now known as the Privileged Access Agent. See Technical overview.
- Removed Java™ browser plug-in requirement
- Form and Workflow designer tools now run as a Java Web
Start application. Browser plug-ins are not required.
For IBM Security Access Manager fronted configurations, there is a new junction and new setting to be configured in the advanced configuration file. See Junctions for Privileged Credential Manager and Edit the Advanced Configuration file.
- Documentation updates
New IBM Security Privileged Identity Manager Planning and Deployment Guide. The guide includes discussions on usage scenarios for privileged identities, updated deployment roadmaps, on-boarding strategies, and deployment topologies. See Planning and Deploying.