Today AuthAnvil Password Server (v22.214.171.124) has received several updates to address customer needs in more complex environments. A few key areas we would like to focus on include:
- We have made domain and machine validation more flexible. We originally used Microsoft's Patterns & Practices guidance for the name validation in accordance to their recommendation. In the real world, many companies don't follow that. You can now have one or two letter domains if you like.
- We have updated the non-reputable logging algorithm, and updated how sync agent audit reporting works. We have encounterd something we didn't anticipate in the field. If you have hundreds of AuthAnvil Password Sync Agents pushed out through automation in RMM tools like Kaseya and configure it to check in more frequently, you could literally flood the SQL server with audit logs. We were seeing customers generating over half a million log entries a day which significantly slows down the audit reporting on top of the disk utilization of the period of the month. It got to a point that the audit hash checks that validate the integrity of the logging would fail to complete, locking down the Password Server in some cases. This has since been fixed.
- We have updated the "lockdown" condition email algorithm. With the audit hash failure condition mentioned in the last bullet, we came across a condition in which AuthAnvil administrators may receive many more alerts than anticiated when that is triggered. We have since updated how that validates a lock down condition, and an AuthAnvil administrator will receive a single consolidated alert for any lock down condition triggered.
- We have updated how we auto-generate digital certificates. One of the powerful capabilities in the AuthAnvil Password Server is its built in Certificate Authority to generate sync agent and client certs to provide mutual authentication between endpoints as well as end-to-end encryption, and for the PKI built in for Vault access control. As we generate these certificates on the fly using Microsoft's certificate APIs, there was an interesting artifact in which the CAPI from Microsoft was leaving around hundreds of thousands of machine keys on disk on some active deployments at any one time. Rumour has it a few customers were starting to see hundreds of gigabytes of wasted disk space with these keys. With help from our friends at Microsoft (thanks @blowdart), we have isolated the condition that was causing this and have remediated the problem.
- We have updated the charting. We are constantly evolving how we generate the audit reporting and analytics charting. This update includes several key changes behind the scenes to allow us to enhance charting in future releases.
There are several other performance enhancements and bug fixes that have also been rolled up to make your experience with our software better. All of this is rolled up in the main AuthAnvil Password Server installer. If you need any questions or need assistance in upgrading, please visit www.scorpionsoft.com/help.
Let us know what you think of the new updates!