What's new 2019
New Remote Access versions are released and announced on a varying cadence. Occasionally, new versions that include only performance, stability and bug fixes, and do not require customer actions, are released without an announcement.
December 22nd, 2019
The Alero connector can now be deployed on a wider range of operating systems. In addition to Ubuntu 18.04, the connector can be deployed on Red Hat Enterprise Linux v7.6.
This version improves the user experience in sessions, enabling vendors to upload files from their local workstations to remote targets, and download files from remote targets to their local workstations. Users can drag a file into the remote session window to make it accessible on a network drive on the remote machine. Placing a file in a downloads folder on that network drive will automatically download it to the user's workstation. A security control allows organizations to restrict the ability to transfer files.
Back end security and performance improvements.
Reduces the amount of manual steps, allowing a simpler and quicker installation. Additionally, we added a new walkthrough in the portal.
We have added more restrictions and control for tenant administrators who need to test connections to PAS.
|
Component |
Version |
|---|---|
|
alero.io SaaS |
22.12.2019 |
|
Alero connector |
1.0.5603 |
|
Alero CLI |
1.0.7602 |
|
Alero mobile app |
IOS 2.3 Android 2.3 |
|
PSM HTML5 Gateway |
11.2.0.67 |
We recommend that you upgrade all Alero components.
|
Component |
Comments |
|---|---|
|
Alero connector |
Versions 1.0.4701 and later of the Alero connector works with the updated service. We recommend that you pull and run a new connector to benefit from the new enhancements of this release - See Set up connectors for more details. |
|
Alero mobile app |
We recommend all users upgrade to the latest versions of the Alero Mobile App - available in the iOS appstore and Google playstore. |
|
PSM HTML5 gateway |
New connector version requires the upgrade of HTML5. See Install the HTML5 Gateway for PSM (side-by-side) for more details. |
|
ID |
Component |
Area |
Description |
|---|---|---|---|
|
1 |
Connectors |
Initialization |
Connector initialization failed after not being issued with a new certificate. |
|
2 |
SaaS |
UI |
High number of sites and tenants wasn't visible properly in the portal. |
|
3 |
SaaS |
Connectivity |
Alero Connectors occasionally disconnected from the Alero service. |
|
4 |
Mobile |
Application |
Bug fixes: restore user, registration, delegate admin rights. |
November 12th, 2019
This page shows historical events from your Alero tenant.
This version includes full functionality. There may be minor functionality and UI issues.
If a new token is generated for the same site, or a connector is manually reset via the CLI, the certificate is saved locally to prevent unnecessary renewals.
A new phone number can register with the Alero SaaS service once per hour. This is a security layer to prevent anyone from brute-force guessing the SMS verification code.
If the Alero mobile app is re-installed from a pre-existing phone number, the user will be offered the ability to restore the previous account after authenticating the restore token that was set during initial registration.
The Alero connector can validate application and nested application (PVWA and PSM HTML5 GW) certificates. For more information see Add applications.
|
Component |
Version |
|---|---|
|
alero.io SaaS |
11.11.2019 |
|
Alero connector |
1.0.4701 |
|
Alero CLI |
1.0.3101 |
|
Alero mobile app |
IOS 2.2.19 Android 2.2.1 |
We recommend that you upgrade all Alero components.
|
Component |
Comments |
|---|---|
|
Alero connector |
The previous version of the Alero connector works with the updated service. We recommend that you pull and run a new connector - See Set up connectors for more details. |
|
Alero mobile app |
Previous versions of the Alero mobile app work with this version, but with limited functionality. iOS - users should update the CyberArk Alero app from the Apple AppStore Android - users should remove any previous versions and download the new official CyberArk Alero app from the Google Playstore. |
|
ID |
Component |
Area |
Description |
|---|---|---|---|
|
1 |
Connectors |
Connectivity |
Improvements to connectivity and monitoring of connector and SaaS communication |
|
2 |
All |
UI |
Remove unsupported functionality from UI |
|
3 |
SaaS |
UI |
Additional user input validations added |
|
4 |
SaaS |
Users |
Resolved issues with flow of disabled users |
|
5 |
Mobile |
Notifications |
Fixed vendor inviting vendor activation notifications |
|
ID |
Area |
Description |
Status |
|---|---|---|---|
|
1 |
Invite vendor form |
Time zone issues |
Resolved |
|
2 |
Invite vendor form |
Auto complete in selected applications |
Resolved |
|
3 |
Invite vendor form |
Invite vendor by vendor – LDAP provisioning does not work |
Resolved |
November 6th, 2019
We are proud to introduce Alero™, a new strategic addition to CyberArk's solutions which combines Zero Trust access, biometric multi-factor authentication and just-in-time provisioning for remote vendor access to the Core Privileged Access Security solution.
Organizations need to provide external vendors with secure access to the organizations' internal systems inside the protected network. The nature of external remote vendors access is dynamic. They are not part of the organization, not part of their identity management system and often cannot be added to it due to internal policies or regulations. The actual persons employed by the vendor company are many times there for a short time and need only a temporary or one-time access, and management of these users can become cumbersome.
Many times, external remote vendors access is done from unsecured sources, from an external location via the internet, and with a workstation which is not controlled by the organization. Configuring VPN-based access for each user may result in major overhead.
This problem requires a different approach for granting access in terms of user management workflows and security. Simple user registration and removal with minor overhead, access approval and expiration, secured and monitored access without VPN are key requirements.
Ensure that remote vendors are authenticated each time they need to access critical assets without the need to share passwords
Providing third party vendors with sweeping access leaves organizations vulnerable and unable to verify for certain who is accessing what. Alero enforces Zero Trust access to the sensitive systems managed by CyberArk so that all interactions are verified and audited – without the need for VPNs, agents or passwords. Neither the password to Core PAS, nor the password to the remote systems managed by CyberArk, are ever exposed to the vendor or ever reach their workstations. Using a unique smartphone application, Alero mobile performs biometric authentication of the user and a simultaneous scan of a unique QR code generated by the Alero web page.
Simplify the provisioning of remote vendor users to CyberArk Privileged Access Security
Granting or maintaining unneeded standing access for external users is a risky proposition for organizations. Securing this process requires cumbersome manual processes or well- designed automatic ones. With Alero, vendors do not have to be added to the organization's identity management system to gain access to PAS, as Alero handles the user provisioning process so that vendors gain secure and quick access – but, only for what they need, at the right times and for the required amount of time. Alero is configured as a SAML identity provider (IDP) and also as an OpenLDAP server to facilitate Alero configured user provisioning to the web-based portal and the CyberArk Vault.
Alero provides invite-based registration to Core PAS and allows organizations to delegate privileges to vendors so they can self-manage the onboarding process.
Utilize smartphone capabilities to confirm remote vendor identity through inherent authentication methods
Using passwords, tokens and hashes to verify identity leaves the door open for attackers to masquerade as privileged insiders. Alero leverages strong biometric authentication via smart phones, including other factors, to authenticate authorized remote vendors to the CyberArk Privileged Access Security (PAS) solution. No need to share credentials with PAS or VPN solutions to grant access.
Gain full visibility into remote vendor activities and get complete reporting, auditing and remediation capabilities
Without knowing who is accessing what, it can be hard to verify that the environment is safe. Alero integrates with Privileged Access Security to add an additional layer of security for privileged access. This integration provides full audit capabilities and session isolation for sensitive assets that remote vendors access, as well as introducing alerting and remediation based on risk scores.
|
Component |
Comments |
|---|---|
|
Alero connector |
The Alero connector can be installed on Ubuntu 18.04. Alero connector installation on RHEL is at Beta stage and is available in version 7.4 and higher. For more information, see Set up connectors. |
|
HTML5 Gateway |
For more information, see Install the HTML5 Gateway for PSM (side-by-side). |
|
Alero mobile app |
Alero iOS mobile app is part of this release. The Android mobile app version is at Beta stage. A General Availability version will be published in the Google Play store when it is available. To get the Android beta app, contact your CyberArk representative. |
For complete installation or upgrade instructions, see the Online Help Center.
Alero is compatible with Privileged Access Security v10.3 and above, and requires Digital Vault, Password Vault Web Access, and Privileged Session Manager components.
|
ID |
Area |
Description |
|---|---|---|
|
1 |
PVWA configuration |
Customers who use SAML authentication to login to PVWA need to set up a dedicated PVWA server for access through Alero. |
|
2 |
PVWA authentication |
After logout from PVWA, if the browser remains open, the next authentication will require the user to select SAML authentication. |
|
3 |
Browser compatibility |
Alero is currently supported only when using a Chrome browser for access. |
|
4 |
Alero web portal |
Missing logoff capability from the portal. |
|
5 |
Alero web portal |
A periodic refresh of the web portal may happen every few minutes, which may clear out a form from content if it's open during the refresh. |
