View Source

ACD Migration Tool

ACD v3.0 comes with a new easy to use migration tool that works with all newer ES versions (v 6.8.4 and up) via the new ES API
Massive speed increase for data migration
- Based on the new API, the migration process will work about 3x faster
The issue with the migration of more than 500,000 objects has been fixed
The new migration tool allows the migration of all data as well as the ES index settings and mappings

TLS 1.2 & 1.3 support for all ACD components
Support for OpenJDK 12.x
Added support for latest versions of Linux and SELinux (Security-Enhanced Linux) Red Hat, SLES, Ubuntu, CentOS
All ACD components configuration files have been switched to user-friendly JSON format (used for configuring/defining audit reports - has not yet UI)
Encrypted passwords used in all configuration files
Easy SSL/TLS certificates installation and management
Added functionality to use Authenticated user LDAP attributes values as a filter for Report and Dashboards
Backup scripts added, allows you to make a backup of your old ES data to files, and restore them if it will be needed
- Elastic-Migration or Backup: ES to ES, ES to File (JSON), File to ES
Option to easily change indexes settings (with UI)
- g. fix when indexes are blocked after not enough disk space issue *
Migration Helper
- Migrate your configuration and data from the old to the new version of ACD
Install Wizard will guide you through the installation process and check all needed dependencies

New ACD User Interface
Added option to change the order of the dashboards
- Different sort modes (alphabetically or by usage)
Added option to restart the AuditServer from the User Interface
Dashboard frame now resized dynamically to prevent multiple scrollbars
Front End User Interface gives much more feedback in case of back-end errors
Within the workflow reports, you can now use a date & time picker to filter the data.
Generally improved and more user-friendly User Interface

Improved communication with Elastic Search API changed to prevent memory leaks and fix the problems occurring when getting more than 500,000 objects for reports
- This is necessary for large reports
Fixed problem with big queries (too long HTTP request)
- g. a report for 1 year => 365 parameters in URL.
  Hence, HTTP-request would crash, using more than 365 parameters
- New Limit = Length of the URL string definition
  This parameter can be adjusted using the new User Interface (Admin settings)
Fix in scheduled reports
- If a user has no admin rights, he could define a report but it would not work (but no Feedback given)
- New the User Interface sends feedback “no permission”.

Driver prevents passwords to be shown in iManager and traces
In the Publisher channel now we do not start the event processing by IDV to catch the status.
We catch the status in the OTP now.
AJC ECMAScript was removed from all packages
Base package - GCV-style Driver Parameters.
Now we use named passwords to stop all passwords instead of clear-text
Base and Monitor packages are split into several smaller packages.
Hence, the administrator can choose what exactly he needs/wants to add to the ACD Driver or into the 3-party driver to monitor it.
Monitor package - all connection parameters were moved into the driver set package.
Hence, it suffices to configure the ACD server address, credentials, and SSL certificates just once for the whole driver set.
Audit and event timestamps now have milliseconds and the administrator can choose the time format which will be sent to Elastic Search.
The fields "new value" and "old value" are limited to 32760 symbols to avoid ES errors
2 fields were added: "Channel" (Publisher or Subscriber) and "Place of auditing" (OTP, ITP, CTP, and more)
Additionally 2 points of auditing for each channel
New: 2 ways of monitoring 3-party drivers:
- send audit message directly to Elastic Search
- send audit events into the main ACD Drivers's queue
Better handling for Elastic Search errors by the ACD Driver appshim.
Extended and useful error messages by the appshim to the driver

The AuditProxy has been completely redone and its functionality massively enhanced
- It is now working as the security guard for all ACD functions
The AuditProxy in ACD v3.0 now supports multiple LDAP servers at the same time
Any LDAP attributes can be used for a signing in
It supports the use of signed-in LDAP user attributes as filters and for transformations of the proxied data
- Any data can be processed based on signed-in LDAP users attributes
Usage of new and flexible rules to control permissions
It supports the possible usage of security templates
- security roles or security templates
Unlimited amount of proxies supported
- unlimited amount of proxy server services
- clustering is possible
Possible action calls or alarms on Audit Events
- The AuditProxy can (is) controlling all HTTP traffic
It allows data filtering and transformation on the fly
It now features extended debugging options to control and troubleshoot applications
It supports a proxy-service health check
- Health status available
Only 1 SSL/TLS PKC12 Keystore (instead of PEMs) certificate is now used for all ACD components
- Hence, configuration and installation is now much easier
Only 1 external network port used for all ACD components (instead of five in the previous ACD version)
Access control for all ACD components in one place, all inside AuditProxy

Debug options added to better control snapshot process
- No possible errors are shown hence, much easier to debug
The possibility was added to use LDAP attributes mapping within the config file