Versions Compared

Old Version 4

changes.mady.by.user Olivier Michaut

Saved on

compared with

New Version 5

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

Table of Contents
maxLevel2

Introduction

Stonebranch provides product maintenance in the form of updated product installation packages. This document lists the product installation package maintenance history for Universal Data Mover Gateway 1.5.x.

Note

For Universal Data Mover Gateway 1.5.x, applying maintenance refers to the increase from a currently installed and supported version of the Universal Data Mover Gateway to a later 1.5.x version of the Universal Data Mover Gateway (for example, increase Universal Data Mover Gateway 1.0.0.0 to Universal Data Mover Gateway 1.5.0.0).

Product Packaging

A package maintenance level is incremented when the package changes or the package installation changes.

Stonebranch changes product version, release, or modification identifiers at its discretion when it deems an appropriate number of enhancements or capabilities have been introduced to warrant the change.

Versioning

Package version numbers are comprised of four numeric identifiers: version, release, modification level, and maintenance level.

For example, for Universal Data Mover Gateway 1.5.0.0:

  • 1 = Version 1

  • 5 = Release 5

  • 0 = Modification Level 0

  • 0 = Maintenance Level 0

Packaging Methods

The Universal Data Mover Gateway 1.5.x packages are provided in formats appropriate for the target platforms.

See Administrator Guide for information on installing, upgrading, and applying maintenance to the Universal Data Mover Gateway.

Package Maintenance Levels

This section identifies the changes included in Universal Data Mover Gateway 1.4.x.

This table identifies the maintenance level of every component in each package.

...

Release

...

UDMG Server

...

UDMG 1.5.0.0 - November 17, 2023

...

Two-Factor Authentication

UDMG user can be configured with the "Standard / Authenticator App (TOTP)" (local-otp) login method.
When enabled, the login requires a TOTP code from an authenticator mobile application. The registration with a generated QR code or secret is performed on first login or after the registration has been reset.

The reset of the OTP registration can be reset with the 'user write' permissions from the CLI or the UDMG Admin UI.

...

Web services for the multi instance monitoring and load balancing.

  • Existing /api/sb_healthcheck is enhanced with additional information: node details and node status. Requires authentication but no specific permissions.
    Example of output for a passive instance:
    {
        "status": "operational",
        "nodeId": "gateway_1:8080-mft-gw-0",
        "nodeHostname": "gateway_1",
        "nodeIPAddress": "172.99.0.101",
        "nodePort": "8080",
        "nodeStatus": "PASSIVE",
        "nodeUptime": "15h6m4.810854748s",
        "nodeLastUpdate": "2023-11-14T08:07:54.848374Z",
        "nodeLastActiveDate": "2023-11-13T16:57:57.026091Z"
    }
  • New /ping endpoint returns the instance status with a 400 Bad Request HTTP code when the node is not active and the plain text status: 'ACTIVE', 'PASSIVE', or 'OFFLINE'. This API is provided without authentication for load balancers.
  • New /api/sb_mgmt_nodes endpoint return the list of the instances with their details and status. Requires the 'administration read' permissions.

...

UI: Management of user sessions

The open sessions for the user of the UDMG Admin UI can be displayed and terminated from the user menu.
Requires the 'administration write' permissions.

Image Removed

...

REST/CLI: Management of user sessions

REST API: new /api/sb_session endpoint with GET and DELETE 

...


Panel

Table of Contents
maxLevel2

Introduction

Stonebranch provides product maintenance in the form of updated product installation packages. This document lists the product installation package maintenance history for Universal Data Mover Gateway 1.5.x.

Note

For Universal Data Mover Gateway 1.5.x, applying maintenance refers to the increase from a currently installed and supported version of the Universal Data Mover Gateway to a later 1.5.x version of the Universal Data Mover Gateway (for example, increase Universal Data Mover Gateway 1.0.0.0 to Universal Data Mover Gateway 1.5.0.0).

Product Packaging

A package maintenance level is incremented when the package changes or the package installation changes.

Stonebranch changes product version, release, or modification identifiers at its discretion when it deems an appropriate number of enhancements or capabilities have been introduced to warrant the change.

Versioning

Package version numbers are comprised of four numeric identifiers: version, release, modification level, and maintenance level.

For example, for Universal Data Mover Gateway 1.5.0.0:

  • 1 = Version 1

  • 5 = Release 5

  • 0 = Modification Level 0

  • 0 = Maintenance Level 0

Packaging Methods

The Universal Data Mover Gateway 1.5.x packages are provided in formats appropriate for the target platforms.

See Administrator Guide for information on installing, upgrading, and applying maintenance to the Universal Data Mover Gateway.

Package Maintenance Levels

This section identifies the changes included in Universal Data Mover Gateway 1.4.x.

This table identifies the maintenance level of every component in each package.

Release

Release date

UDMG Server

UDMG Agent ProxyUDMG Authentication ProxyUDMG Admin UIUDMG Web Transfer Client
1.5.0.0November 17, 20231.5.0.01.5.0.01.5.0.01.5.0.01.5.0.0

UDMG 1.5.0.0 - November 17, 2023

Easier upgrade procedure, the migrate command now uses the last version by default.

Change IDComponentDescription
B-17739UDMG Admin UI, 
UDMG Server,
UDMG Authentication Proxy, 
UDMG Client

Two-Factor Authentication

UDMG user can be configured with the "Standard / Authenticator App (TOTP)" (local-otp) login method.
When enabled, the login requires a TOTP code from an authenticator mobile application. The registration with a generated QR code or secret is performed on first login or after the registration has been reset.

The reset of the OTP registration can be reset with the 'user write' permissions from the CLI or the UDMG Admin UI.

#34810UDMG Server

Web services for the multi instance monitoring and load balancing.

  • Existing /api/sb_healthcheck is enhanced with additional information: node details and node status. Requires authentication but no specific permissions.
    Example of output for a passive instance:
    {
        "status": "operational",
        "nodeId": "gateway_1:8080-mft-gw-0",
        "nodeHostname": "gateway_1",
        "nodeIPAddress": "172.99.0.101",
        "nodePort": "8080",
        "nodeStatus": "PASSIVE",
        "nodeUptime": "15h6m4.810854748s",
        "nodeLastUpdate": "2023-11-14T08:07:54.848374Z",
        "nodeLastActiveDate": "2023-11-13T16:57:57.026091Z"
    }
  • New /ping endpoint returns the instance status with a 400 Bad Request HTTP code when the node is not active and the plain text status: 'ACTIVE', 'PASSIVE', or 'OFFLINE'. This API is provided without authentication for load balancers.
  • New /api/sb_mgmt_nodes endpoint return the list of the instances with their details and status. Requires the 'administration read' permissions.
#34873UDMG Admin UI

UI: Management of user sessions

The open sessions for the user of the UDMG Admin UI can be displayed and terminated from the user menu.
Requires the 'administration write' permissions.

Image Added

#34872UDMG Server

REST/CLI: Management of user sessions

REST API: new /api/sb_session endpoint with GET and DELETE 

Code Block
GET /api/sb_session
list all the user sessions
requires Admin permission
{
    "sessions": [
        {
            "completedsessionId": true116,
            "creationDateuserId": "2023-11-09T12:38:17.470503Z"8,
            "expirationDateusername": "2023-11-09T13:38:17.470492Zoli",
            "lastUsedDateipAddr": "2023-11-09T12:41:26.508968Z"185.70.76.140",
         }   "completed": true,
  ] } DELETE /api/sb_session/{id}
delete a user session, forcing its expiration
requires Admin permission

CLI: new 'session list' and 'session revoke' commands

Code Block
udmg-client [CONNECTION-OPTIONS] session <list | revoke>

Available commands:
  list    List current sessions
  revoke  Revoke user session session
  
udmg-client session list
Sessions:
● Session 196
    User:        "creationDate": "2023-11-09T12:38:07.718294Z",
            "expirationDate": "2023-11-09T13:38:07.718291Z",
            "lastUsedDate": "2023-11-09T12:41:20.852212Z" 
        },
        {
            "sessionId": 117,
    admin     IP Address:  "userId": 1,
  79.129.6.7     Completed:     "username": "admin",
true     Creation Date:   2023-11-13T09:05:20.780075Z     Expiration Date: 2023-11-13T10:05:20.780072Z"ipAddr": "185.70.76.140",
    Last Used Date:  2023-11-13T09:58:34.707537Z  Session 204
    User "completed": true,
          admin  "creationDate": "2023-11-09T12:38:17.470503Z",
 IP Address:      172.99.0.7     Completed:"expirationDate": "2023-11-09T13:38:17.470492Z",
      true     Creation Date"lastUsedDate":   "2023-11-13T0909T12:5141:0426.091549Z508968Z" 
    Expiration Date: 2023-11-13T10:51:04.091546Z  }
  Last Used Date:]
 2023-11-13T09:51:04.091551Z

udmg-client session revoke 204
The session 204 was successfully revoked.
#34890UDMG Admin UI

UI: Management of the 'administration' user permission

Image Removed

#34112UDMG Client

CLI: Management of the 'administration' user permission. 

  • Administration permissions are displayed on 'user list' or 'user get' commands
  • read/write/delete can be assigned with the 'A' tag for administration permission on 'user add' and 'user update' commands
  • 'superuser' shortcut is provided to create or convert a user to a superuser with all possible permissions, including the administration permissions
    udmg-client user update bob -r 'superuser' 
#34834Linux servicesChanged the service description for alignment with Universal Agent ubroker service. Syslog messages are tagged with the service name.
#34247UDMG Server

Allow absolute paths in SFTP client requests. If the filename stub in the transfer request starts with a '/' it is considered an absolute path and will be used without prefixing with the transfer rule remote directory path. 

#33062UDMG Authentication ProxyCustom properties can be associated to a udmg service for use by the UDMG Admin UI.
Refer to the installation guide for the configuration file syntax and the [settings] section.
#33063UDMG Admin UI
Support for environment customization with the service settings on the UDMG Authentication Proxy configuration.
  • "udmg.system_identifier": name of the system or environment
  • "udmg.banner.background_color": color of the banner background, as HTML color name ("Brown"), RGB code ("rgb(165,42,42)"), or hexadecimal code ("#A52A2A")
  • "udmg.banner.logo": Company logo, optional picture to display next to the system identifier

Image Removed

#34725UDMG Server
Code Block
$ /opt/udmg/bin/udmg-server migrate -l -c /opt/udmg/etc/udmg-server/server.ini | tail -1
1.5.0
$ /opt/udmg/bin/udmg-server migrate -c /opt/udmg/etc/udmg-server/server.ini -v -v -v
2023/10/30 10:57:24 [INFO    ] Migration: Starting upgrade migration...
...
2023/10/30 10:57:25 [INFO    ] Migration: Applying migration 'Bump database version to 1.5.0'
#33930UDMG Admin UIReferences to "Certificate" are changed to "Certificate / Key" depending on the context.#34250UDMG ServerFix the expansion of the #INPATH#, #OUTPATH#, and #WORKPATH# task variables. They used to only take into account the default in/out/work paths defined at the gateway-level (in the config file). Therefore, the server and rule-level paths are completely ignored.
The server and rule are now looked up when computing the value of these special variables.#34246UDMG Server, UDMG ClientFix a panic error on udmg-client when showing a transfer rule with more than 3 tasks in a task chain. The client would crash when trying to display the rule on a list or a get command.#34255UDMG Server, UDMG ClientFix the inability to empty a transfer rule task chain from the CLI.
Providing an empty value for the 'rule update --pre=', 'rule update --pre=', or 'rule update --pre=' option would be treated as if the parameter was not given.#34254UDMG ServerFix the COPY and RENAME rule tasks. Copying a file to itself would truncate it. D-11401 (#34118)UDMG Admin UIFix the filtering on the lists. Any partial string of "undefined", like "e" would invalidate the filtering and return all rows.#34209Linux packagesFix the package naming convention to use '.build' instead of '+build' as '+' is not valid for the Stonebranch Software Downloads platform.#34884UDMG ServerFix the export of users to includes the 'administration' and 'pgp' permissions.#32139UDMG ServerFix the export and import of User Groups to rely on the Business Service name instead of UUID
}
DELETE /api/sb_session/{id}
delete a user session, forcing its expiration
requires Admin permission

CLI: new 'session list' and 'session revoke' commands

Code Block
udmg-client [CONNECTION-OPTIONS] session <list | revoke>

Available commands:
  list    List current sessions
  revoke  Revoke user session session
  
udmg-client session list
Sessions:
● Session 196
    User:            admin
    IP Address:      79.129.6.7
    Completed:       true
    Creation Date:   2023-11-13T09:05:20.780075Z
    Expiration Date: 2023-11-13T10:05:20.780072Z
    Last Used Date:  2023-11-13T09:58:34.707537Z
● Session 204
    User:            admin
    IP Address:      172.99.0.7
    Completed:       true
    Creation Date:   2023-11-13T09:51:04.091549Z
    Expiration Date: 2023-11-13T10:51:04.091546Z
    Last Used Date:  2023-11-13T09:51:04.091551Z

udmg-client session revoke 204
The session 204 was successfully revoked.


#34820NGINX, 
UDMG Admin UINGINX configuration update so that the client IP address (X-Real-IP, X-Forwarded-For) is passed for UDMG authentication proxy, thus the address can be kept with the user session details. See Installing NGINX Server.#34890UDMG Admin UI

UI: Management of the 'administration' user permission

Image Added

#34112UDMG Client

CLI: Management of the 'administration' user permission. 

  • Administration permissions are displayed on 'user list' or 'user get' commands
  • read/write/delete can be assigned with the 'A' tag for administration permission on 'user add' and 'user update' commands
  • 'superuser' shortcut is provided to create or convert a user to a superuser with all possible permissions, including the administration permissions
    udmg-client user update bob -r 'superuser' 
#34834Linux services

Improved useability of the Linux services:

  • Service description is prefixed with "Stonebranch" for parity with Universal Agent ubroker service.
  • Syslog messages are labeled with the service name (udmg-server, udmg-auth-proxy, ...) instead of 'sh'.
  • Syslog messages are sent to 'local0' utility for easier filtering.
#34247UDMG Server

Allow absolute paths in SFTP client requests. If the filename stub in the transfer request starts with a '/' it is considered an absolute path and will be used without prefixing with the transfer rule remote directory path. 

#33062UDMG Authentication ProxyCustom properties can be associated to a udmg service for use by the UDMG Admin UI.
Refer to the installation guide for the configuration file syntax and the [settings] section.#33063UDMG Admin UI
Support for environment customization with the service settings on the UDMG Authentication Proxy configuration.
  • "udmg.system_identifier": name of the system or the environment.
  • "udmg.banner.background_color": color of the banner background, as HTML color name ("Brown"), RGB code ("rgb(165,42,42)"), or hexadecimal code ("#A52A2A").
  • "udmg.banner.logo": Company logo, optional picture to display next to the system identifier.

Example of a production environment with a brown banner and a development environment with an orange banner:

Image Added

#31488UDMG Server

Improved the useability of Business Service : they can be used for tagging objects and not only to enforce security permissions. A Business Service without any User Group can be attached to an object as a way a labeling it.

Permissions over the new business service are not required anymore when assigning an object to a business service thus allowing them to be used as tags (i.e. to group resources). The permissions required to assign an object to a business service are either: having the corresponding global permission (object write at user level) or having the corresponding business service permission (object write at user group level) in at least one of the object's business services.

REST API changes:

  • Added new endpoints to add business server members:
PUT /api/sb_businessservices/{name}/local_agents/{object_name}
PUT /api/sb_businessservices/{name}/remote_agents/{object_name}
PUT /api/sb_businessservices/{name}/rules/{object_name}/{direction:send|receive}
PUT /api/sb_businessservices/{name}/sb_pgp/{object_name}
  • Added new endpoints to delete business server members:
DELETE /api/sb_businessservices/{name}/local_agents/{object_name}
DELETE /api/sb_businessservices/{name}/remote_agents/{object_name}
DELETE /api/sb_businessservices/{name}/rules/{object_name}/{direction:send|receive}
DELETE /api/sb_businessservices/{name}/sb_pgp/{object_name}
  • Added new endpoints to add user group members:
PUT /api/sb_usergroups/{name}/users/{user}
  • Added new endpoints to delete user group members:
DELETE /api/sb_usergroups/{name}/users/{user}
  • Added new endpoints to list business server members:
GET /api/sb_businessservices/{name}/servers
GET /api/sb_businessservices/{name}/partners
GET /api/sb_businessservices/{name}/rules
GET /api/sb_businessservices/{name}/sb_pgp#34725UDMG Server

Easier upgrade procedure, the migrate command now uses the last version by default.

Code Block
$ /opt/udmg/bin/udmg-server migrate -l -c /opt/udmg/etc/udmg-server/server.ini | tail -1
1.5.0
$ /opt/udmg/bin/udmg-server migrate -c /opt/udmg/etc/udmg-server/server.ini -v -v -v
2023/10/30 10:57:24 [INFO    ] Migration: Starting upgrade migration...
...
2023/10/30 10:57:25 [INFO    ] Migration: Applying migration 'Bump database version to 1.5.0'


#33071UDMG Server

Ability to globally disable each rule task type.

New udmg-server configuration parameter for each task type allows to disable its processing during any file transfer. For the following task types: COPY, COPYRENAME, MOVE, MOVERENAME, DELETE, RENAME, EXEC, EXECMOVE, EXECOUTPUT, TRANSFER, CHECKREGEX, PUBLISHEVENT, ICAP. 

#33930UDMG Admin UIReferences to "Certificate" are changed to "Certificate / Key" depending on the context.#34852, #34843UDMG Authentication ProxyComprehensive description and comments inside the sample configuration file, in installation package and online documentation.#34852UDMG ServerComprehensive description and comments inside the sample configuration file, in installation package and online documentation.#34837UDMG Web TransferComprehensive description and comments inside the sample configuration file, in installation package and online documentation.#34785UDMG Admin UI,
UDMG ServerFix the logout sequence, after logout the user session is properly closed on the browser and the UDMG  Server.#34250UDMG ServerFix the expansion of the #INPATH#, #OUTPATH#, and #WORKPATH# task variables. They used to only take into account the default in/out/work paths defined at the gateway-level (in the config file). Therefore, the server and rule-level paths are completely ignored.
The server and rule are now looked up when computing the value of these special variables.#34246UDMG Server, UDMG ClientFix a panic error on udmg-client when showing a transfer rule with more than 3 tasks in a task chain. The client would crash when trying to display the rule on a 'rule 'list or a 'rule get' command.#34255UDMG Server, UDMG ClientFix the inability to empty a transfer rule task chain from the CLI.
Providing an empty value for the 'rule update --pre=', 'rule update --pre=', or 'rule update --pre=' option would be treated as if the parameter was not given.#34254UDMG ServerFix the COPY and RENAME rule tasks. Copying a file to itself would truncate it. D-11401 (#34118)UDMG Admin UIFix the filtering on the lists. Any partial string of "undefined", like "e" would invalidate the filtering and return all rows.#34209Linux packagesFix the package naming convention to use '.build' instead of '+build' as '+' is not valid for the Stonebranch Software Downloads platform.#34884UDMG ServerFix the export of users to includes the 'administration' and 'pgp' permissions.#32139UDMG ServerFix the export and import of User Groups to rely on the Business Service name instead of UUID.#34582UDMG ClientFix the typo in the sort option for the 'history list' command: 'start' was listed 2 times.#34576UDMG ClientFix the missing allowed values for 'transfer list' command:  'ERROR', 'DONE', 'CANCELLED' statuses were missing.#34542,
#34494,
#34102UDMG Server, UDMG ClientFix several typos in error messages.#34211NGINXFix the discrepancy between the packaged configuration file and the documentation: upstream udmg_auth_proxy#34131UDMG ClientFix the allowed protocols for partner maintenance, now the ftp, ftpes, and ftps are not recognized as valid protocols.#34110UDMG ClientFix the lack of validation for self password change, now the new password cannot be the same as your current password.
udmg-client user password bob -o ws -p ws
#34116UDMG Admin UIChange order of the items in the User Menu, logout is the last option.#34215UDMG Admin UIChange order of the items in the Management and Administration menus, for logical grouping of entities#34214UDMG Admin UIChange label for rule parameter: "Path Directory" to "Virtual Path Directory"#34117,
#33842UDMG ServerPrevent the addition of a Certificate/Key record to a local or remote account when the parent server or partner protocol does not support the use of account certificates or keys.#34351UDMG ServerPrevent the start of a SFTP Server when it does not have any defined and enabled SSH host key#34115,
#34130UDMG Server

New web service and CLI command for a user to fetch its own user profile with system permissions.

GET /api/user_profile
- the output is the same as GET /api/sb_users/{user} for the calling user
- no permission is required


udmg-client user profile

#34676UDMG Server

Fix for SFTP Partner (client transfer), in some cases the resume operation would not continue the transfer from the last point.

The behavior is now:

  • if the remote server file size is same than the transfer progress : resume from that point
  • if the remote server file size is different from the transfer progress : stop transfer with ERROR
  • If the remote target file is not found : resume the transfer from 0 (send whole file again)
#34428UDMG ServerFix for FTP Server: in some situations with pending client connections, the server would report a successful stop but continue serving client commands.#34403UDMG ServerFix for SFTP Server: the dedicated local server log is not created on 1st start if a server is created and the gateway has not been restarted.#34825UDMG Admin UIFix the display of irrelevant options Partner SFTP Protocol configuration: "Allow Remove File", "Allow Rename File".#34001UDMG Admin UIFix the missing horizontal scrollbar in the Activity History list#34315UDMG Admin UIFix the transfer details is not refreshed after cancel action and still shows the red error status dot instead of the purple cancel dot.#33998UDMG Admin UIFix various UI glitches#34119UDMG Admin UIFix the missing error message on the console when a local SFTP server could not be started due to an invalid SSH key.#34113UDMG Admin UIChange the 'degraded' color in server status button from yellow to orange for better readability.#33714UDMG ServerFix the sorting of the rule lists in the server and partner object details (on CLI output and on UDMG Admin UI Server/Partner Rules tab. Rules are now sorted by name. #33873UDMG ServerFix a permission issue where users without 'user read' permission could list the other users in their same user group.#34252UDMG ServerFix the expansion of the #INPATH# and #OUTPATH# task variables. They should only have local paths and not remote paths.