Improvements in Version 1.6
- Flexible domain and machine validation
- Updated Logging Algorithm and Sync Agent Audit Reporting
- Updated “Lockdown” Email
- Updated Auto-Generated Digital Certificates
- Updated Charting
Flexible domain and machine validation
We originally used Microsoft’s Patterns & Practices guidance for the name validation in accordance to their recommendation. In the real world, many companies don’t follow that. You can now have one or two letter domains if you like.
We have encountered something we didn't anticipate in the field. If you have hundreds of AuthAnvil Password Sync Agents pushed out through automation in RMM tools like Kaseya and configure it to check in more frequently, you could literally flood the SQL server with audit logs. We were seeing customers generating over half a million log entries a day which significantly slows down the audit reporting on top of the disk utilization of the period of the month. It got to a point that the audit hash checks that validate the integrity of the logging would fail to complete, locking down the Password Server in some cases. This has since been fixed.
With the audit hash failure condition mentioned in the last bullet, we came across a condition in which AuthAnvil administrators may receive many more alerts than anticipated when that is triggered. We have since updated how that validates a lock down condition, and an AuthAnvil administrator will receive a single consolidated alert for any lock down condition triggered.
One of the powerful capabilities in the AuthAnvil Password Server is its built in Certificate Authority to generate sync agent and client certs to provide mutual authentication between endpoints as well as end-to-end encryption, and for the PKI built in for Vault access control. As we generate these certificates on the fly using Microsoft’s certificate APIs, there was an interesting artifact in which the CAPI from Microsoft was leaving around hundreds of thousands of machine keys on disk on some active deployments at any one time. Rumor has it a few customers were starting to see hundreds of gigabytes of wasted disk space with these keys. With help from our friends at Microsoft (thanks @blowdart), we have isolated the condition that was causing this and have remediated the problem.
We are constantly evolving how we generate the audit reporting and analytics charting. This update includes several key changes behind the scenes to allow us to enhance charting in future releases.