Change Log

New Templates Supported

Improved  

Ubuntu 22, Rhel 9, and Windows 2022 are now supported among all Cloudspace types.

New and Improved Express Interface

Improved  

The simplified Express User Interface has undergone a refresh.

Some highlights in this redesign:

• Point of Contact information has been moved from a per-Composition level up to the project level, and now appears in the Express Dashboard header.
• The project name has been added to the Express Dashboard header, so you can keep track of your workspace context.
• There is now only one Connect button whether your Composition has multiple hosts or not; on multi-host Compositions simply select your chosen host before clicking Connect.
• A Composition may now only be undeployed by the user who launched it.

Updated Nessus

Improved  

Nessus has been updated to version 10.20.0 and additionally has had its Java version updated to 17 to avoid some vulnerabilities. Plugins are updated daily for new runs.

Delete A Snapshot & Snapshot Management Dropdown

New  

Host owners, project managers, and project resource managers may now delete an existing snapshot.

A dropdown has also been added to the snapshot functionality to allow for better management. It includes create, replace, restore, and the new delete button for a more clear message of the task at hand.

Favorite Remote Access Connections

New  

When selecting an RA connection you can now favorite an established connection. By clicking on the star next to a connection, the favorite connection will show up on your dashboard upon login.

Suppress "Connected Users" Warning

New  

Project Managers can now optionally suppress the existing connections warning that appears when making remote access connections to systems with users already connected. This may prove useful for environments using RDS and multiple users on single machines.

Team Resource Consumption

New  

Team Managers can now see total virtual resource consumption for an entire team across all their projects under the team settings page.

Jira Issue Security

New  

Enabled Issue Security schemes by default for your Jira project.

RDP File Screen Size Functionality

New  

When downloading an RDP client file you may now choose a default screen size, including fullscreen for the connection.

New and Improved Remote Access Connection Interface

Improved  

The Arcus team has completely redesigned and redeveloped the Remote Access Connection interface to clarify and streamline the user experience.

In addition to a sleeker flow, users can now also name a connection upon creation, for ease of reference and re-use in the future.

Self Reactivation

New  

Users can now self re-activate their accounts by logging into Arcus with their PKI credentials. Users will need to reach out to Project Managers to be re-added to any projects they were in.

User Management Upgrade

Improved  

Team managers can invite and add existing members, and block or unblock users.

Manage users by going to services. This tool manages users in Arcus and CollabTools.

Update Repo Field Removed

Improved  

Arcus has removed the Update Repo Field deployment property. Repos are now pre-configured on the OS, so users do not need to worry about sourcing them.

Express User as Default Role

New  

Project managers can now set Express User as the default role for new users added to their Project. To set this role, navigate to the Project settings page and set the “Default User Role” toggle to Express. This toggle will only set default roles for new Arcus users; existing users in the Project will not be affected.

Storage Service Credentials

New  

Users can now generate tokens (credentials) in order to securely access storage services directly from a host in an active Deployment Run by using third-party clients. These credentials are unique to users, reflect their roles and permissions, and last for a period of time determined by the cloud storage provider. This approach provides enhanced security with a full audit trail and reduces the management overhead and credential sprawl that often occurs in cloud providers.

By plugging these credentials into a third-party client, users can list files in their storage services, download existing files, and upload new files.

Credentials can be generated via the web portal and/or the API for S3 Buckets in AWS and Blob Stores in Azure, with support for other storage providers coming soon.

Enhanced vGPU Support

New  

Arcus has improved virtual Graphics Processing Unit (vGPU) capabilities to better support those users who require additional resources for graphical- or computational-intensive applications.

Key Features:

• All Users can utilize vGPU-capable Deployment Runs for web design, 3D rendering, and improved video quality
• Power Users can build Systems and launch Deployment Runs with full vGPU support and with the flexibility to pick specific GPU types and profiles
• Managers can view the total number of vGPUs available to their Projects & Teams and set limits accordingly

Virtual Graphics Processing Unit (vGPU)

New  

Arcus has improved virtual Graphics Processing Unit (vGPU) capabilities to better support those users who require additional resources for graphical- or computational-intensive applications.

Key Features:

• All Users can utilize vGPU-capable Deployment Runs for web design, 3D rendering, and improved video quality
• Power Users can build Systems and launch Deployment Runs with full vGPU support and with the flexibility to pick specific GPU types and profiles
• Project & Team Managers can view the total number of vGPUs available to their Projects & Teams and set limits accordingly

First Quarter Fixes

Fixed  

• Desktop wallpaper was not correctly displayed in RDP remote access sessions
• A Cloud storage service could not be re-enabled after being disabled
• Standardized network interface names in Deployment properties to ensure consistency
• Users were able to input odd-number values for CPU when defining Systems
• Files with certain extensions could not be downloaded via remote access on some Windows systems
• CustomizeOS scripts were not properly accounting for all firewall rules in Systems that were using something other than iptables
• Deployment properties files were reversing the internal and external (boundary) IP address in AWS
• AWS root volumes could be left behind after releasing a Deployment Run
• Usability when editing Cloudspaces to make it clearer that, once defined, security groups cannot be updated

Cloudspace Networking & New Boundary IP

New  

Arcus has improved the identification of the Cloudspace Boundary IP addresses when users create networks with external traffic routing enabled.

In default configurations, all user-defined networks will have this feature enabled when a Cloudspace is allocated for the first time.

Boundary IP addresses allow secure communication between the Cloudspace and anywhere outside of the Cloudspace.

Key Features:

• Boundary IPs are automatically assigned
• Boundary IPs can be found on the host options page of a given deployment run, in the deployment run properties, and in the networking overview of the Cloudspace
• Standardized Cloudspace networking across AWS, Azure, and VMware
• Inbound traffic is still not allowed by default

Fourth Quarter Fixes

Fixed  

• Restored the user’s ability to view related assets
• Windows Server 2016 instances did not have DNS available on user-defined networks
• Some existing users were not being added to their team’s private Slack channel

Data Storage Service

New  

Users can now create and manage storage solutions in their cloud providers through the Arcus UI. With this new feature, users are able to:

• Create Amazon S3 Buckets and/or Azure BLOB Stores
• Upload files to and download files from your storage solution
• Set the level of visibility and access to your storage solution
• Have your uploaded files automatically scanned for viruses and malware

You will find these storage solutions under the new Services section of the Main Menu.

For more information, check out this article.

Third Quarter Fixes

Fixed  

• Improved the ability to recover from AWS network outages that previously made hosts unreachable
• Re-running deployments were not preserving the previously selected number of networks
• Resolved provisioning issues with AWS c6g.medium instance type
• Improved AWS binding logic to ensure the requested number of attached networks was supported
• Fixed the “economy mode” power schedule power off time in the resource manager
• Preventing compositions from being created that contain a physical host
• Allowed the deployment run lock to prevent restoring a host from a snapshot
• Reduced initial connection response time for some remote access sessions
• Improved Azure networking reliability when subnet CIDR addresses have some overlapping network space
• Updated Ubuntu 14 and Ubuntu 16 startup in AWS
• Available instance types would not recalculate if user modified number of hosts

Embedded Knowledge Base

New  

The new and improved Arcus Knowledge Base is fully embedded and offers:

• Online and offline functionality
• Site-specific content
• Improved reliability
• A more powerful search functionality
• A layout and color scheme to match the hosting site
• Regularly updated articles and video tutorials

Be sure to visit our new Knowledge Base here and feel free to contact support if you have any questions.

Support for Cloud One

New  

Arcus now supports Cloud One. Users with an existing virtual network and storage account can now register and immediately interact with an infrastructure Azure and/or AWS. Moreover, users can fully utilize Arcus’s advanced suite of tools within Cloud One, such as:

• The automation of test tools
• A well-stocked library of software and test assets for community use
• Robust Team and Project management

As always, feel free to visit our help site or contact support if you have any questions.

Second Quarter Fixes

Fixed  

• Inconsistencies between Deployment Run lock and automated power-schedules
• Cloudspace template sharing would fail to mark a shared template as offline in the target Cloudspace
• Implemented new hardware and code changes to remedy slowness and performance issues
• Sharing templates in Azure Cloudspaces could prematurely indicate success before the action was finished
• The Publish button is now greyed out for inactive Deployment Runs, preventing users from publishing inactive Runs
• OpenStack Cloudspaces could fail to fully revert network changes if an update action failed
• Only instance types valid in current Cloudspace environment are displayed
• Hosts with state change operations in process could fail to update if connectivity to services is lost
• Resolved an issue whereby increasing resources at the Team level would change a Project’s resources from unlimited to limited
• Users were not able to download assets that had been shared to the community from other Projects
• Automated power schedules on Azure virtual hosts were not deallocating after stopping
• Misleading “host not powered on” message was shown when hosts were powered on but their status couldn’t be verified
• Reachability for all Cloudspaces was not reliably updating after network events
• Modifying user was not being updated when new asset blob data was uploaded
• Express UI users could not provide custom credentials
• User-defined networks in EC2 have IP addresses that could change on NAT reboot, breaking IAM policies, or security group rules using those IPs

Podman Support

New  

Arcus now supports Podman as the underlying container engine for container asset users.

For more information on containers, check out this article.

Native Instance Type Support

New  

Users are now able to select a specific Instance Type when launching a Deployment in CONS3RT using AWS Commercial, AWS GovCloud, Azure Commercial, or Azure Gov. This update brings behavior in line with the Cloud providers that natively support instance type-based hosts (i.e. Azure, AWS EC2, and OpenStack), and provides users with another layer of customization of and control over their Deployment Runs.

For more information please consult this KB Article.

Express Interface Now Available to All Users

New  

Standard users can now enter the Express User Interface by expanding the Account Management menu from the user icon in the upper right and selecting Express Mode. This new shortcut gives Standard users quick and easy access to the Express UI for training, demos, and troubleshooting. To return to the Standard Interface, select Exit Express Mode from the same dropdown menu.

Users are able to set their preferred interface to the Express UI if they so choose. By doing so, users will be shown the Express UI upon logging in.

For more information about the Express User Interface, consult the Express User Interface guide.

Amazon Linux 2 and Enhanced VyOS Support

New  

We have added first-class support for the newly released Amazon Linux 2 in all AWS EC2-backed Clouspaces managed by CONS3RT. Additionally, some Cloudspaces can now access updated VyOS templates, including 1.1 (Helium) and 1.2 (Crux).

As always, we encourage you to consult the appropriate resources for information about these operating systems and check the template notes when launching Deployment Runs for any known limitations.

First Quarter Fixes

Fixed  

• A defined Recurring Schedule on a Deployment Run in a Cloudspace could prevent that Cloudspace from being deallocated
• Additional networks in EC2 have IP addresses that can change on NAT reboot, which could break IAM policies or security group rules
• Cloudspaces in maintenance mode could not be taken out of maintenance mode if the parent Cloud was in maintenance
• Added the ability to land on a c5n.4xlarge instance type in EC2 Cloudspaces
• Routing issues when clicking links in CONS3RT-generated emails
• Inconsistencies in metrics data reporting across Projects
• Microsoft Azure OS templates were not being filtered by region in all cases
• Some Team Managers were not able to see dashboard metrics for their Projects
• Deployments containing only a single Physical Host would sometimes fail to bind to a Cloudspace
• By default, AWS security groups restricted traffic across networks within a Cloudspace

Publishing Deployment Runs to Consumers

New  

Asset Publishers now have the ability to share reserved Deployment Runs with Consumers who access resources through the Express User Interface. Unlike publishing from Scenarios, which creates resources that Express Users can manage on their own, publishing Deployment Runs allows the publisher to maintain control of the resource lifecycle. Consumers accessing the deployed Hosts through the Express User Interface will be allowed to connect to the remote Host with the click of a button, provided the publisher has provided them credentials.

Publishers can read more about this feature in the associated Knowledge Base article.

For more information about managing what Consumers see in the Express User Interface, consult the Express User Interface guide.

File Transfer for VNC Connections

New  

You asked for it, and we delivered.

Remote Access-based file transfer is now supported when connecting to your Host using a VNC Remote Access Connection. As with RDP and SSH Remote Access, users are now able to upload and download files using the “Drag-and-Drop” method, the Remote Access sidebar, or through the On-screen Clipboard.

To combat VNC’s lack of native file transfer capability, this solution is built on top of the existing secure file copy functionality of SSH. As with SSH remote access connections, only the initial user credentials set by the owner of the Run during deployment can be are used for determining file and folder permissions. Changing to a root user, or any other user on the system, won’t impact the files and folders you can upload and download.

File transfer is now standard on all VNC remote access connections. If you connect to your remote Host using credentials that aren’t managed by the CONS3RT Host provisioning process, you’ll need to define a custom connection with the correct credentials and use that definition to access your Host.

GPUs in Commercial Clouds

New  

Users can access GPU instance types in commercial Cloud providers for their advanced compute requirements. Support includes:

• AWS: P3 (NVIDIA Tesla V100) and G4 (NVIDIA T4 Tensor Core)
• Azure: NC (NVIDIA Tesla K80), NCv3 (NVIDIA Tesla V100) and NV (NVIDIA Tesla M60)

Use of GPUs in commercial Cloud requires the installation of the appropriate drivers. There is a Certified, shared Asset (GPU Driver) that includes the drivers for all supported instance types. Please remember to include it the deploy.

Certificate Management

Improved  

New internal certificate management reduces complexity and change-over to ensure greater uptime.

Cloudspace Network Management

Improved  

Simplification of options and presentation for cloudspace network configuration.

Fourth Quarter Fixes

Fixed  

• Resolved “oops” error when multiple clicks were made in project member management
• Corrected an issue with vCloud template catalog sharing
• Some users experienced a crash when accidentally uploading media in the Asset script windows
• Slack account and channel creation sometimes hung when Slack was slow to respond
• Some users could not connect to a Deployment Run more than once per session.
• ReST API fixes
• Smoother presentation on Composition Builder interface
• Addressed jScript CVEs
• Assets shared to everyone can be downloaded non-members of the Project
• RAM and CPU sliders were showing inaccurate info
• Some Team managers could not enable Snapshot feature
• Quickly changing projects sometimes caused lost project context or UI stall
• Azure networks would only be /16
• ReST queries to retrieve Software or Container Assets were not sorted and would return a different list each time
• Incomplete Network settings would cause a Run to fail
• Large metric retrieval would cause some users to see a Maintenance Page

Cloud Resource Scheduler

New  

Project resource managers can schedule all Systems to be automatically powered off and back on in order to save money when they are not in use. They can create a weekday and/or weekend sunset/sunrise schedule for all Systems in their Project. For more information, please see the Knowledge Base article.

Upload Size

New  

Increased the maximum upload size via browser from 3GB to 4GB.

Cloud Security

Improved  

The Cloud Security overlay is now standard on all Clouds.

Launch Error Emails and User Timezones

New  

Launch Error Emails

Express users will receive an email notification if their Run fails to launch.

User Timezones

Profiles now have a user-definable timezone. These timezones are used for managing recurring and power management schedules.

Domain Login Options

New  

When making RDP Remote Access connections, users can choose to enter their domain credentials when setting up their connection. The Team Managers can define a domain name per Cloudspace to autofill the field.

Compositions and Express User Interface

New  

A whole new way for users to interact with the Systems.

Compositions

Compositions allow users to create and publish pre-configured Scenarios for consumption by the Team. In addition to the standard Scenario design, the publisher defines the launch parameters, making for a quick and easy user experience. Compositions are available to users of the new Express User Interface (see below). For more details, please see the Knowledge Base article.

Express User Interface

The Express Interface shows the available Compositions and allow users top quickly deploy, connect to, and/or undeploy their runs. There is no need for them to navigate the whole library or to build up Systems and Scenarios.

Ubuntu 18 in vCloud

Improved  

The network issues with Ubuntu 18 in vCloud have been addressed with new customization via CONS3RT.

Container Metadata

Improved  

The Container workflow will pull name and tag information from the uploaded image rather than making the user enter it.

Cloud IPs

Improved  

If there are no IPs in the Cloud pool, an IP address will be dynamically assigned.

Windows 2019 and Ubuntu 18 Support

New  

Windows 2019 and Ubuntu 18 added as fully supported Operating Systems across Cloud providers.

Snapshots

New  

Users across all Clouds can now take and restore from a single Snapshot. Note: Snapshots are not intended to replace the proper use of assets for System Design and management, but rather to augment the iterative development process. Snapshots come with a performance hit and storage cost.

Enabling Snapshots

Team Managers can enable or disable the new Snapshot functionality for their Team.

OpenStack Snapshots

Improved  

Admins can change the owning Project of an active Deployment Run.

Third Quarter Fixes

Fixed  

• RHEL 7 converted to use firewalld for default security configuration
• Resolved issue with additional disk naming and CentOS 7
• Able to edit Container Asset names
• Adjusted timeouts to allow larger Deployments Runs in slower Clouds
• New Project members were not getting added to the existing community Slack channel
• Authentication issue on OpenStack Clouds using Keystone v3
• Scenario link missing when Host had a Container Asset
• In vCloud-based Cloudspaces, the maximum number of provisioned networks can now be edited
• More depth to ReST calls for configuring Cloudspaces
• Corrected routing issues on cons3rt-net for Windows Systems
• Some new users without a default Project experienced navigation errors
• The order of all storage Disks on deployed System is consistent throughout the provisioning process; UI views have been updated to maintain this order
• Updates to contact info on pricing page
• Security enhancements

OpenStack

Improved  

Added support for OpenStack Stein.

Container Assets Metadata and Host Action Status

Improved  

Container Assets Metadata Additions

Two new fields (i.e., name and ports) added to Container Assets as part of improving the management of Run arguments.

Host Action Status

Added status messages to host actions - power on, restart, snapshot, etc.

Security Enhancements

Improved  

Updates to workflow, algorithms, and versions of component.

Asset Submission Service

New  

Users can push their Container Images from the Asset Library to an external Docker Registry or an SFTP-based Submission Service.

Faster Uploads

Improved  

Optimized process when importing Assets to reduce file transfer times.

TLS Updates

Improved  

All connections (GUI, ReST) must be at TLSv1.2.

Uniform Remote Connection Timers

Improved  

All “Connect” buttons now use the same timer mechanism for monitoring user access and maintaining session activity.

Azure Improvements

Improved  

Azure Instance Mapping

Refined matching algorithm to optimize instance type selection in Azure.

Oracle Linux in Azure

Added templates for Oracle Linux in all active cloud regions.

Azure Network Management

More dynamic management of NICs on Azure Systems.

Azure Cloud Security Overlay

Updates to securing Azure Cloudspaces.

Java 11 Support

New  

CONS3RT infrastructure has been updated to run on Java 11.

Messaging Security Configuration

Improved  

Moved messaging infrastructure to TLS1.2 and updated security configuration for latest attack vectors.

Smart Card Pass-Through (Beta)

New  

Using a new Remote Access connection type, users can now present their local smart card (i.e. CAC) on their deployed System to authenticate to services from that deployed System. Contact Support if interested in participating in the public Beta.

Second Quarter Fixes

Fixed  

• Multiple ReST fixes for endpoints and calls; see the ReST documentation
• Prevent situation where Project expiration date could be set later than Team expiration date
• Added redirect to prevent 403 error is users tries goes direct to app endpoint
• Corrected dependency check to allow projects to be deleted
• Eliminated “Oops..” warning on successful remote access connection
• Fixed broken links on spotlight content
• Updated multiple knowledge bases articles
• Fixed an issue when there is an error connecting to Slack that left the request in limbo

Updates to PKI Providers and Notice & Consent

Improved  

PKI Providers

Added new approved PKI providers and removed expired ones.

Notice & Consent Flow

Updated Notice & Consent flow to improve performance and security.

Docker Registry and BYOC ATO Consent

New  

Docker Registry

We have added a Docker Registry interface to the Asset Library. Container Images can be pulled and redeployed either via the standard Asset install or using Docker commands.

Bring Your Own Cloud (BYOC) ATO Consent

When users register their existing Clouds to a site, they acknowledge that they have the security responsibility for those resources.

ElasticTest Push Results and Asset Clean Up Utilities

New  

ElasticTest Push Results

ElasticTest results can be set to push the results to a designated endpoint at the end of the run.

Asset Clean Up Utilities

Admin functions to clean up the data for a CONS3RT site.

Database Connection Optimization

Improved  

Improvements to database connections for increased speed and reliability.

First Quarter Fixes

Fixed  

• Username with a . could not be added to sudo-ers file
• Unable to search on Hosts
• Team Managers are unable to view expired Projects
• User is unable to link directly to Project page
• Remote Access connections sorting is updated real time
• Support added for OpenStack Keystone V3
• Project membership changes reflected immediately in the UI
• Cleaner error message when a Cloud is unreachable
• Corrected inconsistency on units in resource usage tables

Container Images and Web Architecture

New  

Container Images

Container Images are a new top-level asset type. One or more Container Images can be deployed on a System, and, optionally, along side Application and/or Source Code assets. Container Images can be sourced from the Asset Library or an external repository. They can be redeployed individually on an existing deployment run.

New Web Architecture

Updates to Main Menu and ElasticTest: Fortify

Improved  

Main Menu Updates

The main menu has been updated to organize assets and resources into like groups.

ElasticTest: Fortify

Fortify updated to version 18.20.

Availability Zone SDN

Improved  

The software defined networks have been enhanced to provide support for Availability Zones.

Deployment Properties and User Credentials

New  

Deployment Properties

The project.name, project.id, primaryNetwork, isPrimaryConnection, cons3rtNetworkIp, and primaryNetworkIp have been added to Deployment properties for use in assets and automation.

Editable User Credentials

The default user credentials displayed on the Run screen can be edited with a new value. Doing so will not affect the running system, but it will be used for future remote access connections.

Change from License to EULA

Improved  

The License tab for Assets is more accurately labeled User Agreement.

ElasticTest – Script and Powershell

Improved  

Script updated to run on Red Hat 7; Powershell updated to run on Windows 2016 Server.

Jenkins Update and More Regions

Improved  

Jenkins Plug-In Update

Credentials can be stored at the Admin level or at the User level.

More Regions

Added support for new commercial and Gov regions in AWS and Azure.

Windows Network Discovery Disabled

Improved  

The Windows Network Discovery Wizard is disabled by default to prevent problems some users were experiencing during deployment runs.

Additional Email Fields

Improved  

Additional fields on System-generated emails to improve readability and security.

Jenkins Plug-In

New  

A new CONS3RT plug-in for Jenkins with the ability to update Assets and/or launch runs as part of a Jenkins job.

Slack Workspaces

New  

Each site now has a dedicated Slack Workspace, which includes a private channel for each team as well as public channels for General News, Support, and Asset Development. Users can sign up for an account on their profile page.

Team Resource Management

Improved  

Changes to Team resource management allow for individual Projects to have specific or unspecified (open) resource limits. Enforcement will first check the Project limits (if any) and then the Team limit.

Network Registration

Improved  

In addition to CONS3RT created networks, existing networks in a Cloudspace can be registered so deployed Systems can be configured to connect to them.

Perimeter Appliance Redeploy

New  

In VMware clouds, Cloudspace managers can redeploy the perimeter security appliance in the event of network issues.

Pop-Up Blocker Warning

New  

The System will display an extra warning if the user’s local browser blocks the opening of a Remote Access session tab.

Remote Access Container

Improved  

To improve redeploy speed and security, the Remote Access System in each Cloudspace is now Container-based.

Windows File Transfer

New  

In Remote Access sessions, users can open the sidebar, where they can browse, upload, and download files from their remote Windows System.

ElasticTest Logging

New  

The Script(bash) and PowerShell ElasticTests now have logging output as part of the results available in the UI.

Session Management

New  

All user session are stored in the database to support better load-balancing. It also improves record-keeping and audit compliance.

Teams

New  

Team Managers can set and manage project creation, membership, and resource limits. Resource limits are enforced at the Team level.

Team Managers will be able to directly register Clouds, request Cloudspaces, manage Cloudspace configuration, and create Projects. Project Managers will experience the most significant impact on their workflows. A detailed email will be sent to all existing Project Managers to explain the changes.

Projects can also be designated as Private (i.e. non-browsable).

Appliances Power-On Delay

Improved  

Appliances now honor the Cloudspace’s Power-On Delay (POD) as part of the launch workflow.

Data Generator Asset

New  

A new web traffic generator asset is available in the Community Library. It includes a user Web UI to allow for managing the type, volume, and destination of traffic.

Windows ElasticTest Agent

Improved  

The Windows ElasticTest Manager Agent was rewritten in Powershell for better performance and debugging.

ElasticTest – Powershell

New  

Runs and re-test Powershell scripts automatically. Runs on a Windows 10 Virtual Machine.

Nested Hypervisors

New  

Run KVM and VMware ESXi hypervisors as VMs in the Cloud.

Remote Access Low-Bandwidth and Maintenance Modes

New  

Remote Access Low-Bandwidth Mode

To improve performance on poor networks, users can select a low-bandwidth mode when opening RDP or VNC Remote Access sessions. This reduces requested resolution (DPI) and color depth for VNC and RDP connections, as well as disabling wallpaper for RDP connections.

Maintenance Mode

New Cloud and Cloudspace Maintenance Modes allow site and cloud Admins to isolate maintenance work to specific resources without affecting all users. Requests submitted during maintenance are queued up, and they are executed when the resources are ready.

Asset States

Improved  

We have reduced the number of Asset States and simplified the workflow. Please see the Knowledge Base for more details.

Authentication Workflow

New  

Users are now asked to present their certificate for authentication only after they attempt to sign in. This will allow users having trouble with their certificates to reach the Support resources.

Remote Access Enhancements

Improved  

There have been several enhancements in order to better understand and prevent Remote Access issues. These include hiding the Connect button if the system is turned off,disabling re-connect retries if there is a password problem, preventing attempts to make a connection when someone else is on the system, improving disconnect messages, and implementing browser behavior changes. These should help reduce user side problems that appeared as “disconnects.”

Speedtest

New  

We have added a speed test to the site to help users identify possible network issues that might affect performance. Clicking the Speedtest link at the bottom of the page will collect results from the user’s System to the site.

Java 10

Improved  

All code and infrastructure have been updated to support Java 10 and its new coding and security standards. This included multiple optimizations for better performance as well.

More Approved Certificate Authorities

New  

Additional Certificate Authorities (CAs) have been added to support more users.

Cloud Network Management

New  

Create and Manage Networks

Cloudspace Admins can create and manage additional routable and/or internal networks. This includes defining IP Space, Gateway, Connectivity, and so on.

Network Selection

At launch time, the network connections on each system can be selected from the Cloudspace pool.

IP Address Assignment

Users can now specify static IPs at run launch time for any and all user interfaces on each system.

CRL Management

Improved  

New granular checking and downloading of Certificate Revocation Lists (CRLs) to increase robustness and eliminate unnecessary reloads.

Host Workspace

New  

A new Workspace for a user’s Hosts with a view across all Runs that includes real-time Deployment and install status. This view can be filtered by Cloudspace, state and OS Family.

More Cloud Networks and ElasticTest Nessus Improvements

Improved  

More Cloud Networks

Clouds can now contain more than two networks as part of their configuration. All networks defined for a Cloud are added to each Cloudspace at creation time.

ElasticTest Nessus Improvements

Changes to the monitoring of Nessus tasks to increase reliability.

Permanent Agent Disable

Improved  

The CONS3RT Agent is now disabled when the system is Available and stays disabled through all subsequent reboots.

Automated ElasticTest Updates

Improved  

Users no longer have to worry about approving updates to ElasticTest tools; it is done automatically. For existing runs, this means selecting RETEST will execute with the same version of the tool as originally installed; selecting RERUN will relaunch all Systems and create a new ElasticTest with the new version of the tool. See the Knowledge Base for more details.

Cloud & Cloudspace Security

Improved  

AWS Cloud Admins can enable log collection (CloudTrail) and storage (S3) for their Clouds. When Cloudspaces are created, traffic logging (FlowLogs) is enabled, and data are persisted.

System Resizing

New  

User can change the CPU and RAM resources on active Runs with a single step that handles the power-off, resize, and power-on actions.

Azure Template Support

Improved  

Azure Systems are now built from templates instead of from VHD file for faster provisioning and improved sharing.

Detailed Asset Install Information

Improved  

All Software and Source Code Assets display their current status in the workflow along with timestamps and estimated durations. Users can select a Host in the Run section and immediately see where it is at in the process, making troubleshooting and monitoring much easier.

Certified Assets

New  

Certified Assets are fully developed, validated, and include a POC for support. Users can include them in their designs with confidence. There is a Certified label on the card view, and users can search and sort on Certified state. Designated Certifiers can review and promote assets.

More Slack Notifications

Improved  

More options for notifications have been added to the integrated Slack channel.

Site Co-Branding

New  

Large teams can sign up for a dedicated landing page with custom theme and content.

Asset Counts and IDs

Improved  

Asset Counts

In the list view of Assets the card shows how many times that Asset has been used. The view can also be sorted to show the most popular Assets at the top.

Asset IDs

Assets are often referenced by their ID in log messages and some emails. The Asset ID is now displayed as part of the data in the left side column.

Asset Wizard and Referenced Asset Media

New  

Asset Wizard

Users can now create Software and Source Code Assets directly in the new Asset Wizard. It will walk users through the collection of the information and files necessary for building up an Asset.

Referenced Asset Media

Asset media can either be uploaded directly or referenced by a URL. External (URL) media will be background downloaded, scanned, and placed in the library for future use.

Automatic Disk Mounting

Improved  

All additional Disks defined in the System Builder are now formatted and mounted automatically. More information can be found in this Knowledge Base article.

Automatic Firewalls

Improved  

Systems are now deployed with their Firewalls enabled. All outbound traffic is allowed; inbound traffic is only allowed on the CONS3RT management network for the supported Remote Access connections (i.e. RDP, VNC, SSH). Additional changes to the Firewall can be managed via Assets.

F5 BIG-IP

New  

The BIG-IP from F5 is now a supported OS type, including the installation of Software Assets. Check the template notes for any known limitations.

Asset Debugging Exit Code

New  

Assets can now use an exit code of 255 on errors, which will log the error but will not fail the Asset. In this case, the installation and Run will continue.

Certificate Management

New  

The expiration date on PKI certificates is displayed and users can delete exiting certificates from an account.

Collection Filters

New  

Users can apply filters on the collections page by type (Software, Test, System, etc.).

Remote Access Connections Clean Up

Improved  

Users can now delete old custom Remote Access connection from the list of options.

VyOS as a Supported OS

Improved  

VyOS is now an officially supported Operating System type.

Asset Script Safety

Improved  

To prevent errors that occur when scripts are written on one platform and deployed on another, all scripts now have their line endings set when uploaded or updated. If the script is .bat, .cmd or .ps1, OR if the asset platform is Windows, the line endings will be set to CR/LF; on all other scripts the line endings will be set to LF.

Automatic Project Creation

Improved  

When a new Team is created, an initial Project will be created with the same name.

Embedded Application Server

Improved  

To improve performance and support future features, the CONS3RT application uses a new embedded web application server.

Storage Metrics

Improved  

To better support management of storage resources, the display of storage usage has changed from rounded TB values to the full value, rounded to one decimal place.

Account Credentials

Improved  

Users now only see the links and management boxes for the credential type (username/password or certificate) supported in the site. In certificate sites, users can see the certificates registered to their account.

Architecture Changes

Improved  

The frontend (GUI, ReST) is now a separate module in development. This change will allow for faster rollout of new features and shorter maintenance windows.

ElasticTest Tools

Improved  

Dashboards now include a list of all ElasticTest tools available to the Project with links to the available test cases.

Native System Accounts

New  

The password for all existing accounts in a System (e.g. root, administrator, x_administrator, etc.) is now set to the same as the password that the user had created at the time of launching the Deployment Run. Users can use an asset if they want to make further changes.

Added Properties

New  

New Deployment properties for the default user, CONS3RT-installed user, and vGPU status.

Asset State Management

Improved  

The management of Asset States has been moved from the gear icon to its own section.

Multiple Networks on Physical Hosts

Improved  

Physical Hosts now support multiple networks.

Perimeter Security Configurations

Improved  

Cloudspace perimeter firewalls/gateways have been updated with tighter System-level lockdowns and controls.

AWS Security Credentials

Improved  

Allocated Virtual Private Clouds (VPCs) in AWS now use generated, unique, scope-limited credentials for CONS3RT driven actions.

Physical System Remote Access

New  

Remote Access is now supported on Physical Hosts and Devices.

Solaris Support

New  

Solaris 11 has been added back as a supported Operating System for deployed Systems.

Power On Delay Management

New  

Cloudspace Admins can manage the Power-on-Delay parameters to optimize System deploy times.

Remote Access Collaboration

New  

Users can invite other Project members to share their Remote Access sessions. The Host can provide Read Only access to their screens to support collaboration, troubleshooting, training, and more.

Simple & Custom Remote Access Connections

Improved  

Remote Access connections will now auto-complete the user’s defined account and credentials for making a quicker connection. Alternatively, the user can select a custom connection to enter an alternate set of credentials.

Remote Access Tab

Improved  

When opening a Remote Access connection, the name and ID are displayed on the browser tab for easier navigation and management.

User Dashboards

New  

Upon login, users land on their Project dashboard. This dashboard includes a list of Runs, graphs of resource usage, links to documentation and help, site alerts, and more.

Windows 2016 Server

New  

Windows 2K16 is now a fully supported Operating System for Systems and Appliances.

Metrics Dashboards

New  

Usage and storage metrics for VMs, vCPU, vRAM, and vGPU are collected and displayed at the Project, Cloudspace, and Site level. The built-in graph shows 24 hour, 7 day, and 30 day snapshots. Historical data has been back-filled for existing Projects. Metrics can also be queried via the ReST API.

File Transfer

New  

In Remote Access sessions, a user can open the sidebar where they can browse, upload, and download files from the remote System.

Expired Projects

Improved  

Closed (i.e. Expired) Projects are now labeled as such in order to prevent sign-ups by new users.

Deployment Run Changes - New View and User Account Creation

Improved  

New Deployment Run View

We have reworked the Deployment Run display to make it easier and faster for users to get the information they need.

User Account Creation

To increase security and standardize behavior across Cloud technologies, users now create an account and password for each Deployment Run. Doing so will create that user account all Systems within the Run.

Asset Download Hash

New  

Users who are downloading Assets will be given the hash value (SHA-256) for thst Asset such that they can confirm the integrity of the download.

User Card Updates

Improved  

The card view of the user now includes their email address.

Enhanced Data Encryption

Improved  

Increased encryption across the application. Stronger FIPS algorithms and hashes; many more data fields encrypted by default.

Network Cloud Configuration and Database Auditing

New  

This release includes:

Network Cloud Configuration

New network Cloud object for managing configurations per Cloud.

Database Auditing

Native database transaction auditing.

My Asset Views and Windows XP

New  

My Asset Views

Users can now browse their Software and Test Assets (under My Assets), Project Assets, and Community-Shared Assets separately.

Windows XP

What’s old is new! Windows XP has been re-added to the supported Operating System types to support cyber training needs.

Power State Warning

Improved  

Remote Access now checks that the System is powered-on before attempting to make a connection.

Full Azure Support

Improved  

This release includes all user (provisioning, Remote Access, ElasticTest) and management features.

Power On Delay Reset

Improved  

Cloudspace Admins can re-baseline the Power-On Delay setting for their Cloudspace.

Active Site Security Configuration

New  

CONS3RT actively manages the access control lists for ancillary services directly.

Cloud Network Management

Improved  

Cloud Admins can set and manage a default CONS3RT network (IPs, firewalls, NAT, etc.) per Cloud, not just per site.

CONS3RT Agent Removal and Appliance Settings

Improved  

CONS3RT Agent Removal

The CONS3RT Agent on deployed Systems now shuts down by default when the System goes to Reserved. The user can override this removal if needed. If the user chooses to retain the Agent, there is a option to disable it after the System goes to Reserved.

Appliance Settings

Users can now edit the resources (CPU, RAM) on appliances at deployment launch time.

Remote Access Sizing and Redeploy Management

New  

Remote Access Sizing

Cloudspace Administrators can now choose from three different sizes for their Remote Access server - Small (1 CPU x 2 GB RAM), Medium (2 x 4) or Large (4 x 16).

Remote Access Redeploy Management

Site Administrators can define the window and distribution of the automated redeployment of Remote Access servers.