Change Log
New Templates Supported
Improved
Ubuntu 22, Rhel 9, and Windows 2022 are now supported among all Cloudspace types.
New and Improved Express Interface
Improved
The simplified Express User Interface has undergone a refresh.
Some highlights in this redesign:
- Point of Contact information has been moved from a per-Composition level up to the project level, and now appears in the Express Dashboard header.
- The project name has been added to the Express Dashboard header, so you can keep track of your workspace context.
- There is now only one Connect button whether your Composition has multiple hosts or not; on multi-host Compositions simply select your chosen host before clicking Connect.
- A Composition may now only be undeployed by the user who launched it.
Updated Nessus
Improved
Nessus has been updated to version 10.20.0 and additionally has had its Java version updated to 17 to avoid some vulnerabilities. Plugins are updated daily for new runs.
Delete A Snapshot & Snapshot Management Dropdown
New
Host owners, project managers, and project resource managers may now delete an existing snapshot.
A dropdown has also been added to the snapshot functionality to allow for better management. It includes create, replace, restore, and the new delete button for a more clear message of the task at hand.
Favorite Remote Access Connections
New
When selecting an RA connection you can now favorite an established connection. By clicking on the star next to a connection, the favorite connection will show up on your dashboard upon login.
Suppress "Connected Users" Warning
New
Project Managers can now optionally suppress the existing connections warning that appears when making remote access connections to systems with users already connected. This may prove useful for environments using RDS and multiple users on single machines.
Team Resource Consumption
New
Team Managers can now see total virtual resource consumption for an entire team across all their projects under the team settings page.
Jira Issue Security
New
Enabled Issue Security schemes by default for your Jira project.
RDP File Screen Size Functionality
New
When downloading an RDP client file you may now choose a default screen size, including fullscreen for the connection.
New and Improved Remote Access Connection Interface
Improved
The Arcus team has completely redesigned and redeveloped the Remote Access Connection interface to clarify and streamline the user experience.
In addition to a sleeker flow, users can now also name a connection upon creation, for ease of reference and re-use in the future.
Self Reactivation
New
Users can now self re-activate their accounts by logging into Arcus with their PKI credentials. Users will need to reach out to Project Managers to be re-added to any projects they were in.
User Management Upgrade
Improved
Team managers can invite and add existing members, and block or unblock users.
Manage users by going to services. This tool manages users in Arcus and CollabTools.
Update Repo Field Removed
Improved
Arcus has removed the Update Repo Field deployment property. Repos are now pre-configured on the OS, so users do not need to worry about sourcing them.
Express User as Default Role
New
Project managers can now set Express User as the default role for new users added to their Project. To set this role, navigate to the Project settings page and set the “Default User Role” toggle to Express. This toggle will only set default roles for new Arcus users; existing users in the Project will not be affected.
Storage Service Credentials
New
Users can now generate tokens (credentials) in order to securely access storage services directly from a host in an active Deployment Run by using third-party clients. These credentials are unique to users, reflect their roles and permissions, and last for a period of time determined by the cloud storage provider. This approach provides enhanced security with a full audit trail and reduces the management overhead and credential sprawl that often occurs in cloud providers.
By plugging these credentials into a third-party client, users can list files in their storage services, download existing files, and upload new files.
Credentials can be generated via the web portal and/or the API for S3 Buckets in AWS and Blob Stores in Azure, with support for other storage providers coming soon.
Enhanced vGPU Support
New
Arcus has improved virtual Graphics Processing Unit (vGPU) capabilities to better support those users who require additional resources for graphical- or computational-intensive applications.
Key Features:
- All Users can utilize vGPU-capable Deployment Runs for web design, 3D rendering, and improved video quality
- Power Users can build Systems and launch Deployment Runs with full vGPU support and with the flexibility to pick specific GPU types and profiles
- Managers can view the total number of vGPUs available to their Projects & Teams and set limits accordingly
Virtual Graphics Processing Unit (vGPU)
New
Arcus has improved virtual Graphics Processing Unit (vGPU) capabilities to better support those users who require additional resources for graphical- or computational-intensive applications.
Key Features:
- All Users can utilize vGPU-capable Deployment Runs for web design, 3D rendering, and improved video quality
- Power Users can build Systems and launch Deployment Runs with full vGPU support and with the flexibility to pick specific GPU types and profiles
- Project & Team Managers can view the total number of vGPUs available to their Projects & Teams and set limits accordingly
First Quarter Fixes
Fixed
- Desktop wallpaper was not correctly displayed in RDP remote access sessions
- A Cloud storage service could not be re-enabled after being disabled
- Standardized network interface names in Deployment properties to ensure consistency
- Users were able to input odd-number values for CPU when defining Systems
- Files with certain extensions could not be downloaded via remote access on some Windows systems
CustomizeOS
scripts were not properly accounting for all firewall rules in Systems that were using something other thaniptables
- Deployment properties files were reversing the internal and external (boundary) IP address in AWS
- AWS root volumes could be left behind after releasing a Deployment Run
- Usability when editing Cloudspaces to make it clearer that, once defined, security groups cannot be updated
Cloudspace Networking & New Boundary IP
New
Arcus has improved the identification of the Cloudspace Boundary IP addresses when users create networks with external traffic routing enabled.
In default configurations, all user-defined networks will have this feature enabled when a Cloudspace is allocated for the first time.
Boundary IP addresses allow secure communication between the Cloudspace and anywhere outside of the Cloudspace.
Key Features:
- Boundary IPs are automatically assigned
- Boundary IPs can be found on the host options page of a given deployment run, in the deployment run properties, and in the networking overview of the Cloudspace
- Standardized Cloudspace networking across AWS, Azure, and VMware
- Inbound traffic is still not allowed by default
Fourth Quarter Fixes
Fixed
- Restored the user’s ability to view related assets
- Windows Server 2016 instances did not have DNS available on user-defined networks
- Some existing users were not being added to their team’s private Slack channel
Data Storage Service
New
Users can now create and manage storage solutions in their cloud providers through the Arcus UI. With this new feature, users are able to:
- Create Amazon S3 Buckets and/or Azure BLOB Stores
- Upload files to and download files from your storage solution
- Set the level of visibility and access to your storage solution
- Have your uploaded files automatically scanned for viruses and malware
You will find these storage solutions under the new Services section of the Main Menu.
For more information, check out this article.
Third Quarter Fixes
Fixed
- Improved the ability to recover from AWS network outages that previously made hosts unreachable
- Re-running deployments were not preserving the previously selected number of networks
- Resolved provisioning issues with AWS
c6g.medium
instance type - Improved AWS binding logic to ensure the requested number of attached networks was supported
- Fixed the “economy mode” power schedule power off time in the resource manager
- Preventing compositions from being created that contain a physical host
- Allowed the deployment run lock to prevent restoring a host from a snapshot
- Reduced initial connection response time for some remote access sessions
- Improved Azure networking reliability when subnet CIDR addresses have some overlapping network space
- Updated Ubuntu 14 and Ubuntu 16 startup in AWS
- Available instance types would not recalculate if user modified number of hosts
Embedded Knowledge Base
New
The new and improved Arcus Knowledge Base is fully embedded and offers:
- Online and offline functionality
- Site-specific content
- Improved reliability
- A more powerful search functionality
- A layout and color scheme to match the hosting site
- Regularly updated articles and video tutorials
Be sure to visit our new Knowledge Base here and feel free to contact support if you have any questions.
Support for Cloud One
New
Arcus now supports Cloud One. Users with an existing virtual network and storage account can now register and immediately interact with an infrastructure Azure and/or AWS. Moreover, users can fully utilize Arcus’s advanced suite of tools within Cloud One, such as:
- The automation of test tools
- A well-stocked library of software and test assets for community use
- Robust Team and Project management
As always, feel free to visit our help site or contact support if you have any questions.
Second Quarter Fixes
Fixed
- Inconsistencies between Deployment Run lock and automated power-schedules
- Cloudspace template sharing would fail to mark a shared template as offline in the target Cloudspace
- Implemented new hardware and code changes to remedy slowness and performance issues
- Sharing templates in Azure Cloudspaces could prematurely indicate success before the action was finished
- The Publish button is now greyed out for inactive Deployment Runs, preventing users from publishing inactive Runs
- OpenStack Cloudspaces could fail to fully revert network changes if an update action failed
- Only instance types valid in current Cloudspace environment are displayed
- Hosts with state change operations in process could fail to update if connectivity to services is lost
- Resolved an issue whereby increasing resources at the Team level would change a Project’s resources from unlimited to limited
- Users were not able to download assets that had been shared to the community from other Projects
- Automated power schedules on Azure virtual hosts were not deallocating after stopping
- Misleading “host not powered on” message was shown when hosts were powered on but their status couldn’t be verified
- Reachability for all Cloudspaces was not reliably updating after network events
- Modifying user was not being updated when new asset blob data was uploaded
- Express UI users could not provide custom credentials
- User-defined networks in EC2 have IP addresses that could change on NAT reboot, breaking IAM policies, or security group rules using those IPs
Podman Support
New
Arcus now supports Podman as the underlying container engine for container asset users.
For more information on containers, check out this article.
Native Instance Type Support
New
Users are now able to select a specific Instance Type when launching a Deployment in CONS3RT using AWS Commercial, AWS GovCloud, Azure Commercial, or Azure Gov. This update brings behavior in line with the Cloud providers that natively support instance type-based hosts (i.e. Azure, AWS EC2, and OpenStack), and provides users with another layer of customization of and control over their Deployment Runs.
For more information please consult this KB Article.
Express Interface Now Available to All Users
New
Standard users can now enter the Express User Interface by expanding the Account Management menu from the user icon in the upper right and selecting Express Mode. This new shortcut gives Standard users quick and easy access to the Express UI for training, demos, and troubleshooting. To return to the Standard Interface, select Exit Express Mode from the same dropdown menu.
Users are able to set their preferred interface to the Express UI if they so choose. By doing so, users will be shown the Express UI upon logging in.
For more information about the Express User Interface, consult the Express User Interface guide.
Amazon Linux 2 and Enhanced VyOS Support
New
We have added first-class support for the newly released Amazon Linux 2 in all AWS EC2-backed Clouspaces managed by CONS3RT. Additionally, some Cloudspaces can now access updated VyOS templates, including 1.1 (Helium) and 1.2 (Crux).
As always, we encourage you to consult the appropriate resources for information about these operating systems and check the template notes when launching Deployment Runs for any known limitations.
First Quarter Fixes
Fixed
- A defined Recurring Schedule on a Deployment Run in a Cloudspace could prevent that Cloudspace from being deallocated
- Additional networks in EC2 have IP addresses that can change on NAT reboot, which could break IAM policies or security group rules
- Cloudspaces in maintenance mode could not be taken out of maintenance mode if the parent Cloud was in maintenance
- Added the ability to land on a c5n.4xlarge instance type in EC2 Cloudspaces
- Routing issues when clicking links in CONS3RT-generated emails
- Inconsistencies in metrics data reporting across Projects
- Microsoft Azure OS templates were not being filtered by region in all cases
- Some Team Managers were not able to see dashboard metrics for their Projects
- Deployments containing only a single Physical Host would sometimes fail to bind to a Cloudspace
- By default, AWS security groups restricted traffic across networks within a Cloudspace
Publishing Deployment Runs to Consumers
New
Asset Publishers now have the ability to share reserved Deployment Runs with Consumers who access resources through the Express User Interface. Unlike publishing from Scenarios, which creates resources that Express Users can manage on their own, publishing Deployment Runs allows the publisher to maintain control of the resource lifecycle. Consumers accessing the deployed Hosts through the Express User Interface will be allowed to connect to the remote Host with the click of a button, provided the publisher has provided them credentials.
Publishers can read more about this feature in the associated Knowledge Base article.
For more information about managing what Consumers see in the Express User Interface, consult the Express User Interface guide.
File Transfer for VNC Connections
New
You asked for it, and we delivered.
Remote Access-based file transfer is now supported when connecting to your Host using a VNC Remote Access Connection. As with RDP and SSH Remote Access, users are now able to upload and download files using the “Drag-and-Drop” method, the Remote Access sidebar, or through the On-screen Clipboard.
To combat VNC’s lack of native file transfer capability, this solution is built on top of the existing secure file copy functionality of SSH. As with SSH remote access connections, only the initial user credentials set by the owner of the Run during deployment can be are used for determining file and folder permissions. Changing to a root user, or any other user on the system, won’t impact the files and folders you can upload and download.
File transfer is now standard on all VNC remote access connections. If you connect to your remote Host using credentials that aren’t managed by the CONS3RT Host provisioning process, you’ll need to define a custom connection with the correct credentials and use that definition to access your Host.
GPUs in Commercial Clouds
New
Users can access GPU instance types in commercial Cloud providers for their advanced compute requirements. Support includes:
- AWS: P3 (NVIDIA Tesla V100) and G4 (NVIDIA T4 Tensor Core)
- Azure: NC (NVIDIA Tesla K80), NCv3 (NVIDIA Tesla V100) and NV (NVIDIA Tesla M60)
Use of GPUs in commercial Cloud requires the installation of the appropriate drivers. There is a Certified, shared Asset (GPU Driver) that includes the drivers for all supported instance types. Please remember to include it the deploy.
Certificate Management
Improved
New internal certificate management reduces complexity and change-over to ensure greater uptime.
Cloudspace Network Management
Improved
Simplification of options and presentation for cloudspace network configuration.
Fourth Quarter Fixes
Fixed
- Resolved “oops” error when multiple clicks were made in project member management
- Corrected an issue with vCloud template catalog sharing
- Some users experienced a crash when accidentally uploading media in the Asset script windows
- Slack account and channel creation sometimes hung when Slack was slow to respond
- Some users could not connect to a Deployment Run more than once per session.
- ReST API fixes
- Smoother presentation on Composition Builder interface
- Addressed jScript CVEs
- Assets shared to everyone can be downloaded non-members of the Project
- RAM and CPU sliders were showing inaccurate info
- Some Team managers could not enable Snapshot feature
- Quickly changing projects sometimes caused lost project context or UI stall
- Azure networks would only be /16
- ReST queries to retrieve Software or Container Assets were not sorted and would return a different list each time
- Incomplete Network settings would cause a Run to fail
- Large metric retrieval would cause some users to see a Maintenance Page
Cloud Resource Scheduler
New
Project resource managers can schedule all Systems to be automatically powered off and back on in order to save money when they are not in use. They can create a weekday and/or weekend sunset/sunrise schedule for all Systems in their Project. For more information, please see the Knowledge Base article.
Upload Size
New
Increased the maximum upload size via browser from 3GB to 4GB.
Cloud Security
Improved
The Cloud Security overlay is now standard on all Clouds.
Launch Error Emails and User Timezones
New
Launch Error Emails
Express users will receive an email notification if their Run fails to launch.
User Timezones
Profiles now have a user-definable timezone. These timezones are used for managing recurring and power management schedules.
Domain Login Options
New
When making RDP Remote Access connections, users can choose to enter their domain credentials when setting up their connection. The Team Managers can define a domain name per Cloudspace to autofill the field.
Compositions and Express User Interface
New
A whole new way for users to interact with the Systems.
Compositions
Compositions allow users to create and publish pre-configured Scenarios for consumption by the Team. In addition to the standard Scenario design, the publisher defines the launch parameters, making for a quick and easy user experience. Compositions are available to users of the new Express User Interface (see below). For more details, please see the Knowledge Base article.
Express User Interface
The Express Interface shows the available Compositions and allow users top quickly deploy, connect to, and/or undeploy their runs. There is no need for them to navigate the whole library or to build up Systems and Scenarios.
Ubuntu 18 in vCloud
Improved
The network issues with Ubuntu 18 in vCloud have been addressed with new customization via CONS3RT.
Container Metadata
Improved
The Container workflow will pull name and tag information from the uploaded image rather than making the user enter it.
Cloud IPs
Improved
If there are no IPs in the Cloud pool, an IP address will be dynamically assigned.
Windows 2019 and Ubuntu 18 Support
New
Windows 2019 and Ubuntu 18 added as fully supported Operating Systems across Cloud providers.
Snapshots
New
Users across all Clouds can now take and restore from a single Snapshot. Note: Snapshots are not intended to replace the proper use of assets for System Design and management, but rather to augment the iterative development process. Snapshots come with a performance hit and storage cost.
Enabling Snapshots
Team Managers can enable or disable the new Snapshot functionality for their Team.
OpenStack Snapshots
Improved
Admins can change the owning Project of an active Deployment Run.
Third Quarter Fixes
Fixed
- RHEL 7 converted to use firewalld for default security configuration
- Resolved issue with additional disk naming and CentOS 7
- Able to edit Container Asset names
- Adjusted timeouts to allow larger Deployments Runs in slower Clouds
- New Project members were not getting added to the existing community Slack channel
- Authentication issue on OpenStack Clouds using Keystone v3
- Scenario link missing when Host had a Container Asset
- In vCloud-based Cloudspaces, the maximum number of provisioned networks can now be edited
- More depth to ReST calls for configuring Cloudspaces
- Corrected routing issues on cons3rt-net for Windows Systems
- Some new users without a default Project experienced navigation errors
- The order of all storage Disks on deployed System is consistent throughout the provisioning process; UI views have been updated to maintain this order
- Updates to contact info on pricing page
- Security enhancements
OpenStack
Improved
Added support for OpenStack Stein.
Container Assets Metadata and Host Action Status
Improved
Container Assets Metadata Additions
Two new fields (i.e., name and ports) added to Container Assets as part of improving the management of Run arguments.
Host Action Status
Added status messages to host actions - power on, restart, snapshot, etc.
Security Enhancements
Improved
Updates to workflow, algorithms, and versions of component.
Asset Submission Service
New
Users can push their Container Images from the Asset Library to an external Docker Registry or an SFTP-based Submission Service.
Faster Uploads
Improved
Optimized process when importing Assets to reduce file transfer times.
TLS Updates
Improved
All connections (GUI, ReST) must be at TLSv1.2.
Uniform Remote Connection Timers
Improved
All “Connect” buttons now use the same timer mechanism for monitoring user access and maintaining session activity.
Azure Improvements
Improved
Azure Instance Mapping
Refined matching algorithm to optimize instance type selection in Azure.
Oracle Linux in Azure
Added templates for Oracle Linux in all active cloud regions.
Azure Network Management
More dynamic management of NICs on Azure Systems.
Azure Cloud Security Overlay
Updates to securing Azure Cloudspaces.
Java 11 Support
New
CONS3RT infrastructure has been updated to run on Java 11.
Messaging Security Configuration
Improved
Moved messaging infrastructure to TLS1.2 and updated security configuration for latest attack vectors.
Smart Card Pass-Through (Beta)
New
Using a new Remote Access connection type, users can now present their local smart card (i.e. CAC) on their deployed System to authenticate to services from that deployed System. Contact Support if interested in participating in the public Beta.
Second Quarter Fixes
Fixed
- Multiple ReST fixes for endpoints and calls; see the ReST documentation
- Prevent situation where Project expiration date could be set later than Team expiration date
- Added redirect to prevent
403
error is users tries goes direct toapp
endpoint - Corrected dependency check to allow projects to be deleted
- Eliminated “Oops..” warning on successful remote access connection
- Fixed broken links on spotlight content
- Updated multiple knowledge bases articles
- Fixed an issue when there is an error connecting to Slack that left the request in limbo
Updates to PKI Providers and Notice & Consent
Improved
PKI Providers
Added new approved PKI providers and removed expired ones.
Notice & Consent Flow
Updated Notice & Consent flow to improve performance and security.
Docker Registry and BYOC ATO Consent
New
Docker Registry
We have added a Docker Registry interface to the Asset Library. Container Images can be pulled and redeployed either via the standard Asset install or using Docker commands.
Bring Your Own Cloud (BYOC) ATO Consent
When users register their existing Clouds to a site, they acknowledge that they have the security responsibility for those resources.
ElasticTest Push Results and Asset Clean Up Utilities
New
ElasticTest Push Results
ElasticTest results can be set to push the results to a designated endpoint at the end of the run.
Asset Clean Up Utilities
Admin functions to clean up the data for a CONS3RT site.
Database Connection Optimization
Improved
Improvements to database connections for increased speed and reliability.
First Quarter Fixes
Fixed
- Username with a
.
could not be added to sudo-ers file - Unable to search on Hosts
- Team Managers are unable to view expired Projects
- User is unable to link directly to Project page
- Remote Access connections sorting is updated real time
- Support added for OpenStack Keystone V3
- Project membership changes reflected immediately in the UI
- Cleaner error message when a Cloud is unreachable
- Corrected inconsistency on units in resource usage tables
Container Images and Web Architecture
New
Container Images
Container Images are a new top-level asset type. One or more Container Images can be deployed on a System, and, optionally, along side Application and/or Source Code assets. Container Images can be sourced from the Asset Library or an external repository. They can be redeployed individually on an existing deployment run.
New Web Architecture
The front end infrastructure has been re-architected to improve performance, security, and scalability. It is completely container-based with all the benefits. Remote access connections are more direct.Updates to Main Menu and ElasticTest: Fortify
Improved
Main Menu Updates
The main menu has been updated to organize assets and resources into like groups.
ElasticTest: Fortify
Fortify updated to version 18.20.
Availability Zone SDN
Improved
The software defined networks have been enhanced to provide support for Availability Zones.
Deployment Properties and User Credentials
New
Deployment Properties
The project.name
, project.id
, primaryNetwork
, isPrimaryConnection
, cons3rtNetworkIp
, and primaryNetworkIp
have been added to Deployment properties for use in assets and automation.
Editable User Credentials
The default user credentials displayed on the Run screen can be edited with a new value. Doing so will not affect the running system, but it will be used for future remote access connections.
Change from License to EULA
Improved
The License tab for Assets is more accurately labeled User Agreement.
ElasticTest – Script and Powershell
Improved
Script updated to run on Red Hat 7; Powershell updated to run on Windows 2016 Server.
Jenkins Update and More Regions
Improved
Jenkins Plug-In Update
Credentials can be stored at the Admin level or at the User level.
More Regions
Added support for new commercial and Gov regions in AWS and Azure.
Windows Network Discovery Disabled
Improved
The Windows Network Discovery Wizard is disabled by default to prevent problems some users were experiencing during deployment runs.
Additional Email Fields
Improved
Additional fields on System-generated emails to improve readability and security.
Jenkins Plug-In
New
A new CONS3RT plug-in for Jenkins with the ability to update Assets and/or launch runs as part of a Jenkins job.
Slack Workspaces
New
Each site now has a dedicated Slack Workspace, which includes a private channel for each team as well as public channels for General News, Support, and Asset Development. Users can sign up for an account on their profile page.
Team Resource Management
Improved
Changes to Team resource management allow for individual Projects to have specific or unspecified (open) resource limits. Enforcement will first check the Project limits (if any) and then the Team limit.
Network Registration
Improved
In addition to CONS3RT created networks, existing networks in a Cloudspace can be registered so deployed Systems can be configured to connect to them.
Perimeter Appliance Redeploy
New
In VMware clouds, Cloudspace managers can redeploy the perimeter security appliance in the event of network issues.
Pop-Up Blocker Warning
New
The System will display an extra warning if the user’s local browser blocks the opening of a Remote Access session tab.
Remote Access Container
Improved
To improve redeploy speed and security, the Remote Access System in each Cloudspace is now Container-based.
Windows File Transfer
New
In Remote Access sessions, users can open the sidebar, where they can browse, upload, and download files from their remote Windows System.
ElasticTest Logging
New
The Script(bash) and PowerShell ElasticTests now have logging output as part of the results available in the UI.
Session Management
New
All user session are stored in the database to support better load-balancing. It also improves record-keeping and audit compliance.
Teams
New
Team Managers can set and manage project creation, membership, and resource limits. Resource limits are enforced at the Team level.
Team Managers will be able to directly register Clouds, request Cloudspaces, manage Cloudspace configuration, and create Projects. Project Managers will experience the most significant impact on their workflows. A detailed email will be sent to all existing Project Managers to explain the changes.
Projects can also be designated as Private (i.e. non-browsable).
Appliances Power-On Delay
Improved
Appliances now honor the Cloudspace’s Power-On Delay (POD) as part of the launch workflow.
Data Generator Asset
New
A new web traffic generator asset is available in the Community Library. It includes a user Web UI to allow for managing the type, volume, and destination of traffic.
Windows ElasticTest Agent
Improved
The Windows ElasticTest Manager Agent was rewritten in Powershell for better performance and debugging.
ElasticTest – Powershell
New
Runs and re-test Powershell scripts automatically. Runs on a Windows 10 Virtual Machine.
Nested Hypervisors
New
Run KVM and VMware ESXi hypervisors as VMs in the Cloud.
Remote Access Low-Bandwidth and Maintenance Modes
New
Remote Access Low-Bandwidth Mode
To improve performance on poor networks, users can select a low-bandwidth mode when opening RDP or VNC Remote Access sessions. This reduces requested resolution (DPI) and color depth for VNC and RDP connections, as well as disabling wallpaper for RDP connections.
Maintenance Mode
New Cloud and Cloudspace Maintenance Modes allow site and cloud Admins to isolate maintenance work to specific resources without affecting all users. Requests submitted during maintenance are queued up, and they are executed when the resources are ready.
Asset States
Improved
We have reduced the number of Asset States and simplified the workflow. Please see the Knowledge Base for more details.
Authentication Workflow
New
Users are now asked to present their certificate for authentication only after they attempt to sign in. This will allow users having trouble with their certificates to reach the Support resources.
Remote Access Enhancements
Improved
There have been several enhancements in order to better understand and prevent Remote Access issues. These include hiding the Connect button if the system is turned off,disabling re-connect retries if there is a password problem, preventing attempts to make a connection when someone else is on the system, improving disconnect messages, and implementing browser behavior changes. These should help reduce user side problems that appeared as “disconnects.”
Speedtest
New
We have added a speed test to the site to help users identify possible network issues that might affect performance. Clicking the Speedtest link at the bottom of the page will collect results from the user’s System to the site.
Java 10
Improved
All code and infrastructure have been updated to support Java 10 and its new coding and security standards. This included multiple optimizations for better performance as well.
More Approved Certificate Authorities
New
Additional Certificate Authorities (CAs) have been added to support more users.
Cloud Network Management
New
Create and Manage Networks
Cloudspace Admins can create and manage additional routable and/or internal networks. This includes defining IP Space, Gateway, Connectivity, and so on.
Network Selection
At launch time, the network connections on each system can be selected from the Cloudspace pool.
IP Address Assignment
Users can now specify static IPs at run launch time for any and all user interfaces on each system.
CRL Management
Improved
New granular checking and downloading of Certificate Revocation Lists (CRLs) to increase robustness and eliminate unnecessary reloads.
Host Workspace
New
A new Workspace for a user’s Hosts with a view across all Runs that includes real-time Deployment and install status. This view can be filtered by Cloudspace, state and OS Family.
More Cloud Networks and ElasticTest Nessus Improvements
Improved
More Cloud Networks
Clouds can now contain more than two networks as part of their configuration. All networks defined for a Cloud are added to each Cloudspace at creation time.
ElasticTest Nessus Improvements
Changes to the monitoring of Nessus tasks to increase reliability.
Permanent Agent Disable
Improved
The CONS3RT Agent is now disabled when the system is Available and stays disabled through all subsequent reboots.
Automated ElasticTest Updates
Improved
Users no longer have to worry about approving updates to ElasticTest tools; it is done automatically. For existing runs, this means selecting RETEST
will execute with the same version of the tool as originally installed; selecting RERUN
will relaunch all Systems and create a new ElasticTest with the new version of the tool. See the Knowledge Base for more details.
Cloud & Cloudspace Security
Improved
AWS Cloud Admins can enable log collection (CloudTrail) and storage (S3) for their Clouds. When Cloudspaces are created, traffic logging (FlowLogs) is enabled, and data are persisted.
System Resizing
New
User can change the CPU and RAM resources on active Runs with a single step that handles the power-off, resize, and power-on actions.
Azure Template Support
Improved
Azure Systems are now built from templates instead of from VHD file for faster provisioning and improved sharing.
Detailed Asset Install Information
Improved
All Software and Source Code Assets display their current status in the workflow along with timestamps and estimated durations. Users can select a Host in the Run section and immediately see where it is at in the process, making troubleshooting and monitoring much easier.
Certified Assets
New
Certified Assets are fully developed, validated, and include a POC for support. Users can include them in their designs with confidence. There is a Certified label on the card view, and users can search and sort on Certified state. Designated Certifiers can review and promote assets.
More Slack Notifications
Improved
More options for notifications have been added to the integrated Slack channel.
Site Co-Branding
New
Large teams can sign up for a dedicated landing page with custom theme and content.
Asset Counts and IDs
Improved
Asset Counts
In the list view of Assets the card shows how many times that Asset has been used. The view can also be sorted to show the most popular Assets at the top.
Asset IDs
Assets are often referenced by their ID in log messages and some emails. The Asset ID is now displayed as part of the data in the left side column.
Asset Wizard and Referenced Asset Media
New
Asset Wizard
Users can now create Software and Source Code Assets directly in the new Asset Wizard. It will walk users through the collection of the information and files necessary for building up an Asset.
Referenced Asset Media
Asset media can either be uploaded directly or referenced by a URL. External (URL) media will be background downloaded, scanned, and placed in the library for future use.
Automatic Disk Mounting
Improved
All additional Disks defined in the System Builder are now formatted and mounted automatically. More information can be found in this Knowledge Base article.
Automatic Firewalls
Improved
Systems are now deployed with their Firewalls enabled. All outbound traffic is allowed; inbound traffic is only allowed on the CONS3RT management network for the supported Remote Access connections (i.e. RDP, VNC, SSH). Additional changes to the Firewall can be managed via Assets.
F5 BIG-IP
New
The BIG-IP from F5 is now a supported OS type, including the installation of Software Assets. Check the template notes for any known limitations.
Asset Debugging Exit Code
New
Assets can now use an exit code of 255
on errors, which will log the error but will not fail the Asset. In this case, the installation and Run will continue.
Certificate Management
New
The expiration date on PKI certificates is displayed and users can delete exiting certificates from an account.
Collection Filters
New
Users can apply filters on the collections page by type (Software, Test, System, etc.).
Remote Access Connections Clean Up
Improved
Users can now delete old custom Remote Access connection from the list of options.
VyOS as a Supported OS
Improved
VyOS is now an officially supported Operating System type.
Asset Script Safety
Improved
To prevent errors that occur when scripts are written on one platform and deployed on another, all scripts now have their line endings set when uploaded or updated. If the script is .bat
, .cmd
or .ps1
, OR if the asset platform is Windows, the line endings will be set to CR/LF; on all other scripts the line endings will be set to LF.
Automatic Project Creation
Improved
When a new Team is created, an initial Project will be created with the same name.
Embedded Application Server
Improved
To improve performance and support future features, the CONS3RT application uses a new embedded web application server.
Storage Metrics
Improved
To better support management of storage resources, the display of storage usage has changed from rounded TB values to the full value, rounded to one decimal place.
Account Credentials
Improved
Users now only see the links and management boxes for the credential type (username/password or certificate) supported in the site. In certificate sites, users can see the certificates registered to their account.
Architecture Changes
Improved
The frontend (GUI, ReST) is now a separate module in development. This change will allow for faster rollout of new features and shorter maintenance windows.
ElasticTest Tools
Improved
Dashboards now include a list of all ElasticTest tools available to the Project with links to the available test cases.
Native System Accounts
New
The password for all existing accounts in a System (e.g. root, administrator, x_administrator, etc.) is now set to the same as the password that the user had created at the time of launching the Deployment Run. Users can use an asset if they want to make further changes.
Added Properties
New
New Deployment properties for the default user, CONS3RT-installed user, and vGPU status.
Asset State Management
Improved
The management of Asset States has been moved from the gear icon to its own section.
Multiple Networks on Physical Hosts
Improved
Physical Hosts now support multiple networks.
Perimeter Security Configurations
Improved
Cloudspace perimeter firewalls/gateways have been updated with tighter System-level lockdowns and controls.
AWS Security Credentials
Improved
Allocated Virtual Private Clouds (VPCs) in AWS now use generated, unique, scope-limited credentials for CONS3RT driven actions.
Physical System Remote Access
New
Remote Access is now supported on Physical Hosts and Devices.
Solaris Support
New
Solaris 11 has been added back as a supported Operating System for deployed Systems.
Power On Delay Management
New
Cloudspace Admins can manage the Power-on-Delay parameters to optimize System deploy times.
Remote Access Collaboration
New
Users can invite other Project members to share their Remote Access sessions. The Host can provide Read Only access to their screens to support collaboration, troubleshooting, training, and more.
Simple & Custom Remote Access Connections
Improved
Remote Access connections will now auto-complete the user’s defined account and credentials for making a quicker connection. Alternatively, the user can select a custom connection to enter an alternate set of credentials.
Remote Access Tab
Improved
When opening a Remote Access connection, the name and ID are displayed on the browser tab for easier navigation and management.
User Dashboards
New
Upon login, users land on their Project dashboard. This dashboard includes a list of Runs, graphs of resource usage, links to documentation and help, site alerts, and more.
Windows 2016 Server
New
Windows 2K16 is now a fully supported Operating System for Systems and Appliances.
Metrics Dashboards
New
Usage and storage metrics for VMs, vCPU, vRAM, and vGPU are collected and displayed at the Project, Cloudspace, and Site level. The built-in graph shows 24 hour, 7 day, and 30 day snapshots. Historical data has been back-filled for existing Projects. Metrics can also be queried via the ReST API.
File Transfer
New
In Remote Access sessions, a user can open the sidebar where they can browse, upload, and download files from the remote System.
Expired Projects
Improved
Closed (i.e. Expired) Projects are now labeled as such in order to prevent sign-ups by new users.
Deployment Run Changes - New View and User Account Creation
Improved
New Deployment Run View
We have reworked the Deployment Run display to make it easier and faster for users to get the information they need.
User Account Creation
To increase security and standardize behavior across Cloud technologies, users now create an account and password for each Deployment Run. Doing so will create that user account all Systems within the Run.
Asset Download Hash
New
Users who are downloading Assets will be given the hash value (SHA-256) for thst Asset such that they can confirm the integrity of the download.
User Card Updates
Improved
The card view of the user now includes their email address.
Enhanced Data Encryption
Improved
Increased encryption across the application. Stronger FIPS algorithms and hashes; many more data fields encrypted by default.
Network Cloud Configuration and Database Auditing
New
This release includes:
Network Cloud Configuration
New network Cloud object for managing configurations per Cloud.
Database Auditing
Native database transaction auditing.
My Asset Views and Windows XP
New
My Asset Views
Users can now browse their Software and Test Assets (under My Assets), Project Assets, and Community-Shared Assets separately.
Windows XP
What’s old is new! Windows XP has been re-added to the supported Operating System types to support cyber training needs.
Power State Warning
Improved
Remote Access now checks that the System is powered-on before attempting to make a connection.
Full Azure Support
Improved
This release includes all user (provisioning, Remote Access, ElasticTest) and management features.
Power On Delay Reset
Improved
Cloudspace Admins can re-baseline the Power-On Delay setting for their Cloudspace.
Active Site Security Configuration
New
CONS3RT actively manages the access control lists for ancillary services directly.
Cloud Network Management
Improved
Cloud Admins can set and manage a default CONS3RT network (IPs, firewalls, NAT, etc.) per Cloud, not just per site.
CONS3RT Agent Removal and Appliance Settings
Improved
CONS3RT Agent Removal
The CONS3RT Agent on deployed Systems now shuts down by default when the System goes to Reserved. The user can override this removal if needed. If the user chooses to retain the Agent, there is a option to disable it after the System goes to Reserved.
Appliance Settings
Users can now edit the resources (CPU, RAM) on appliances at deployment launch time.
Remote Access Sizing and Redeploy Management
New
Remote Access Sizing
Cloudspace Administrators can now choose from three different sizes for their Remote Access server - Small (1 CPU x 2 GB RAM), Medium (2 x 4) or Large (4 x 16).
Remote Access Redeploy Management
Site Administrators can define the window and distribution of the automated redeployment of Remote Access servers.