Universal Data Mover Gateway release 2.0.0.0 - May 31, 2024, contains the following high-level features. For a complete list of all the included features and fixes, please refer to Universal Data Mover Gateway 2.0.x Maintenance.
File Transfer Enhancements
Backlog | Title | Description |
---|---|---|
B-18770 | Ad-hoc File Transfers | This enhancement allows the transfer of files between users using a quick share link for a given file, which is protected with a password, expiration date, and number of downloads. The links and associated files can be shared with any type of user, including external users as long as the user is provided the password. Each file for which an ad-hoc file transfer link is generated is given a unique ID/token used in the associated URL. All ad-hoc file transfer links are generated through the Web Transfer Client and managed through the Web Transfer Client and UDMG Admin UI. The user must have a local auth account and a local server in UDMG must be created with the local auth protocol attached. For the creation of ad-hoc file transfer links, the following fields are required:
For all generated ad-hoc file transfer links, the following actions are available:
See Tutorial - Creating an Ad-hoc File Transfer Link for detailed instructions on how to create, edit, and manage ad-hoc file transfer links. Web Transfer Client
UDMG Admin UI From UDMG Admin UI, ad-hoc file transfer information is visible in the Transfers Dashboard and Ad-Hoc Activity service via the navigation pane. Transfers Dashboard --- missing local path screenshot Ad-Hoc Activity New endpoints added:
{ "username":"user", "password":"userpassword", "remote_path":"path/to/filename.txt", "expiration_date":"2030-01-01T00:00:00Z", "file_password":"secret" } Response: { "file_link":"343bb79e-a476-459e-890f-32d34134612a" }
|
B-18765 | Delete file after download from SFTP (MOVE Command) | This enhancement allows the deletion of a file after it is downloaded from SFTP using the MOVE command. The enhancement only applies to send or receive files. The change removes the need for additional configuration and monitoring in UAC and UDMG. Before this change, the local file could only be deleted in the UDMG Server with the DELETE post-task. The remote file could not be deleted in UDMG and UAC was required for the transfers where remote delete was required.
Examples: udmg-client transfer add -f "README.md" -p "TestSftpPartner" -l "user" -r "Rule1" -w receive -i udmg_xfer_move:true udmg-client transfer add -f "README.md" -p "TestSftpPartner" -l "user" -r "Rule1S" -w send -i udmg_xfer_move:true Implemented Error Messages:
|
Security
Backlog | Title | Description |
---|---|---|
B-19917 | Updates to Secure JWT Token | This enhancement improves the security between UDMG Admin UI and UDMG Authentication Proxy with the use of session ID instead of user credentials after the initial login (secured the JWT token). Before this change, the user credentials were stored in the JWT payload, which exposed it to potential unauthorized access. The password was removed from the JWT Token and now the header 'X-Session-Id' must be included in each request. |
B-19918, | Security Hardening | Improves security with a default NGINX configuration including the recommended security HTTP headers, hiding the server version, and disabling weak TLS ciphers. The following changes are now the default for the manual installation procedure and the installation with Linux packages (RPM/DEB). For an upgrade, the parameter must be manually reviewed and added to the NGINX configuration file. Note: When installing UDMG 2.0 a new configuration file is generated with "new" added at end.
# DEPRECATED Security Headers add_header X-XSS-Protection "0"; add_header X-Frame-Options "SAMEORIGIN"; # Security Headers add_header Content-Security-Policy "frame-ancestors 'self'"; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "strict-origin"; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; add_header X-Permitted-Cross-Domain-Policies none;
|
User Experience
Backlog | Title | Description |
---|---|---|
User Interface Updates | This enhancement improves the usability of the UDMG Admin UI, allowing for easier access to information, customizations, searching/filtering, and new features. The changes align with the look and feel of Universal Automation Center. Key Changes Include: Landing Page / Homepage
Transfers
License
Ad-hoc Activity
Local Servers
Shared Accounts
Rules
Cluster Nodes
| |
B-18766 | Added Server Status and Information in Details | This enhancement allows the user to quickly view the server status, including server state and information in the Local Servers list for all local servers. The "Status" column was added to the list of local server details. Before this change, the local server status details were only displayed in the “UDMG Server Status” popup. The color-coded bars show the internal service status:
|
B-19796 | SSH Key Parsing Tool | This enhancement provides a tool to parse an SSH public key. The UDMG Server only accepts the OpenSSH format for public keys, so customers who use the PKCS8 and DER format were not previously able to convert keys to OpenSSH using standard tools (openssl and ssh-keygen). The The supported input formats are:
The output of the tool shows the key details and the OpenSSH format that is suitable for use during the setup of SFTP servers on UDMG:
Command line usage: dmg-sshkey -h Usage: udmg-sshkey [OPTIONS] <parse | version> Help Options: -h, --help Show this help message Available commands: parse Parse an SSH Public key file version Print version and exit udmg-sshkey parse -h Usage: udmg-sshkey [OPTIONS] parse [parse-OPTIONS] Help Options: -h, --help Show this help message [parse command options] -f, --file= The public key file, accepted formats are PKCS8 (x509), OpenSSH (authorized keys), and SSH wire. See Utilities Reference Guide: udmg-sshkey for additional details. |
Architecture
Backlog | Title | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
B-18759 | Allowing the Sharing of Accounts Between Servers | This enhancement allows the sharing of accounts between servers. It avoids duplicate configurations for FTP and SFTP local servers by allowing accounts to be shared between local servers. Before this change, a local account was only defined for a given local server and not allowed to have the same account for multiple protocols. For instance, to allow a partner to transfer files over SFTP and FTP, it was required to have both an SFTP and FTP local server, each with their own local account. Each account was then maintained independently, which created additional overhead in configuration and maintenance (password or key updates). The Local Account service located in the UDMG Admin UI navigation pane is replaced by Shared Accounts service. Updated Shared Account process:
Be able to list share accounts from server endpoint. What else do we need to share about it? The change uses the current Local Account table and a New table for authorization. Both the new and old command lines can be used to add a new shared account. New CLI commands: udmg-client account share add -l user -p pass -n user Current CLI commands: udmg-client account local $SERVER add -l user -p password Updated CLI Commands: Usage: udmg-client [GLOBAL-OPTIONS] account share <command> Connection Options: -a, --address= The address of the UDMG Server [$UDMG_SERVER_ADDRESS] -i, --insecure= Skip certificate verification [$UDMG_SERVER_INSECURE] -l, --legacy= Use legacy API version [$UDMG_SERVER_LEGACY] -t, --timeout= Client Connection Timeout (default: 30) [$UDMG_CLIENT_TIMEOUT] Output Options: --color=[always|auto|never] Control color output (default: auto) [$UDMG_COLOR] Help Options: -h, --help Show this help message Available commands: add Add a new shared account allow Allow a shared account to use a Local Agent authorize Authorize a shared account to use a rule cert Manage a share account's certificates delete Delete a shared account disable Disable shared account disallow Disallow a shared account's permission to use a local Agent enable Enable shared account get Retrieve a shared account's information list List shared accounts revoke Revoke a shared account permission to use a rule update Update a shared account | ||||||||||
B-18755 | License Control | This change incorporates license management within Universal Data Mover Gateway. All environments are required to have an attached license key, including non-production environments. The Universal Data Mover Gateway is licensed for a set time period, number of UDMG Server instances, and number of transfer executions per month and environment. The counted file transfer executions only include the number of transfer instances completed as DONE over one month. To receive and apply your license keys, please follow the below steps and reference UDMG Licensing.
| ||||||||||
B-18762 | Using the Same Virtual Folder Name for Multiple User Accounts | This enhancement allows users to use the same virtual folder name for multiple user accounts. Multiple user accounts can now use the same local server and the same vpath, but each account will point to a separate ("private") local directory. Note: The local directory must have permission to post read/write by the UDMG user.
Placeholders are allowed in the transfer rule paths (local directory and temp directory): They are expanded at runtime (when transfer is starting or when a FTP/SFTP command is executed). For instance: /home/Users/Input/#REQUESTERHOST# is expanded to /home/Users/Input/sftp_user1 for account "sftp_user1" AND /home/Users/Input/sftp_user2 for account "sftp_user2". Example: udmg-client rule add -n Rule10 -d receive -p /data-host --local-dir '/data/#REQUESTEDHOST#' |