Machina Terra

Release Notes v 5.2

Contact Us:

If you have comments about this documentation, submit your feedback to:

Documentation@ionicsecurity.com

Copyright notice:

Copyright © 2020 Ionic Security Inc. All rights reserved.

Ionic Security, the Ionic Security logo, and Machina Platform are trademarks or registered trademarks of Ionic Security or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Ionic Security and its licensors, if any.

The documentation is provided “as is” and all express or implied conditions, representations and warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, are disclaimed, except to the extent that such disclaimers are held to be legally invalid. Ionic Security shall not be liable for incidental or consequential damages in connection with the furnishings, performance, or use of this documentation. The information contained in this documentation is subject to change without notice.

Microsoft Office, Microsoft Windows, and Internet Explorer are registered trademarks of Microsoft Corporation. All screenshots of these programs are used with permission from Microsoft.

General Enhancements

API Administrator Role Deprecated

The API Administrator role is being deprecated and the it will no longer be selectable from the Roles drop-downs or lists in the Console. The Tenant Admin role will now offer the same functionality with the addition of the access:api scope.

Downloadable SEP

An option to download a Secure Enrollment Profile has been added to the Machina Console and can be accessed through the Users and Devices tabs. This feature allows users to download a Machina profile which can be used with any Machina integrated application without having to enroll the device or make additional SDK calls.

For more information regarding the Downloadable SEP feature, please reference the Downloadable SEP article on the Customer Success portal.

Customer Success Link Added in Machina Console

To help provide direct access to Customer Success, we have included links within the Machina Console that will direct you Customer Success via email or our Support portal.

Tenant Admin User API Keys Update

Following the deprecation of the API Administrator Role, users with the Tenant Admin role will be able to create and update user API Keys within the Machina Console. This change allows Tenant Admin users to create an application user account, create the associated API Key for that account, and export the key as needed with no additional steps.

Send Password Reset Email from User View

A button has been added to the user page view for admin users which allows them to send a password reset email for the selected user.

Python Upgrade

Upgraded from Python2 to Python3 throughout the system.

Salt Automation Upgrade

Salt Automation has been upgraded from version 2017.7.8 to version 3001.1. Additionally, the Salt Master now has the capability to join via hostname or IP. Finally, the capability to encrypt Key and Enrollment configuration files on the SALT Master has been added.

Bug Fixes

User Account Deactivation Delays

In some customers instances, the account deactivation link was taking unexpectantly long to complete. We have addressed this issue and reduced the post-deactivation account time to live.

Adding User to Group Permissions Dropdown

Missing “User” label has been corrected.

Enrollment Configuration Save Fixed

In some environments customers have reported that they were able to save the enrollment configuration page without the required data. This issue has been corrected.

Data Markings Sorting and Listing Displays Issues Corrected

In some environments, the sorting order for the Data Markings modal and updated Devices under the devices tab would display incorrectly. This issue has been corrected.

Corrected Analytics Log Display Issue

In some scenarios key request records in the Analytics Log table would generate a console error. This issue has been identified and resolved.

New Logic Created to Recover From Routing Mode

Under certain network outages, we found that Enterprise Manager (EM) would fail to restore correct routing of key requests when the network connections were reestablished. This required manual intervention and potential downtime to reestablish the appropriate routes. 5.2 addresses this issue by correctly reestablishing connections to the key servers when the network recovers.

Console Metrics View Incorrectly Linking to Different Device Activity

When selecting Key Modify Allows from the Metrics view on the Machina Console, users will now be sent to the Device Activity feed for the response type “non-applicable”.

Password Reset Consistency

When users would try to reset their password through the login screen, they would receive an error saying they are unable to complete the action. This issue has been identified and resolved.

Key Request Details for Created by Updated

Some customers observed issues when attempting to view information on the Created by User from the Key Request details page and details would not return properly. This issue has been corrected.

Confirm Modal for Changes Made to Access Security

When changes are made to the Access Security page, a confirmation modal will now notify users of unsaved changed before they navigate away from the Access Security screen.

Keyspace Page Rendering on Safari on MacOS

On Safari version 13.1 the Keyspaces tab would not display information correctly. This issue has been identified and corrected.

Broken Image Links in Windows Mail Clients

Images in the enrollment emails for the web version of Gmail and Outlook for Windows would not display images correctly. This issue has been corrected.

Console Metrics Distinguishing Between “No Activity” and Broken Requests

When filtering for specific parameters within the Metrics tab on the Console, the Metrics field will now display no activity instead of returning an error when no data matches the current filter parameters.

Connections to Multi-cluster Environments

• Fixed an issue found in some multi-cluster deployments where the read neighbor user connection strings were incorrect which caused key servers to be unable to connect to read neighbors.
  • The scenario involved WRITE and READ connection strings which are different between clusters
• Fixed an issue where dbsetup can fail in a multi-cluster deployment when using certain combinations of flags, which results in users and tables being created out of order.

Enterprise Manager Wrong Connection Logging

Previously the Enterprise Manager logging would display that connections were being dropped immediately after adding them. As of 5.2 this issue has been fixed so that the connections that are being dropped are accurately reported.

DBSetup Bug When Createtablesfor Flag Is Set to True

Previously when running DBSetup for the first time with the -createtablesfor flag being set to true, DBSetup would fail. As of 5.2 this bug has been addressed and it no longer matters which other flags are set to true during the creation process.

Multicluster Config Setting Missing for Readneighbors

The global_pg.config.example file located in in the key server folder was previously missing the dbname setting which prevented key servers from coming online. As of the 5.2 release this issue has been addressed.