Universal Data Mover Gateway 1.5.0 Release Notes

Universal Data Mover Gateway release 1.5.0.0 - November 20, 2023, contains the following high-level features. For a complete list of all the included features and fixes, please refer to Universal Data Mover Gateway 1.5.x Maintenance.

Protocols

Backlog

Title

Description

#34247

Allow absolute paths in SFTP client requests

If the remote filename stub in the transfer request starts with a '/' it is considered an absolute path and will be used without prefixing with the transfer rule remote directory path.

For example, the client transfer udmg-client transfer add -f localFile.txt -o /remotepath/remoteFile.txt -p SftpPartner -l remoteAccount -w send -r Rule1S will now send /remotepath/remoteFile.txt as the path in the SFTP request whereas before, the path would have been {rule remote_directory}/other/remoteFile.txt.

#34258 Send transfer without pre-existing file Allow a client send transfer to start even when the local file does not exist. It is now possible to start a send transfer even if the file to send does not yet exist, as long as it is created before the start of the data sending phase. Typically, this allows a user to start a transfer when the file is created by a Rule Pre-Task.

Security

Backlog	Title	Description
B-17739, #31690	Standard Login Method with Authenticator App (TOTP) 2FA.	Local User accounts can now be configured to use 2 Factor Authentication (2FA) via a 3rd Party Authenticator App. A user configured for Standard / Authenticator App (TOTP) must setup their Universal Data Mover Gateway account in their authenticator app during their initial login. For subsequent logins, the “challenge” page will be presented during the login flow.
#34873	Management of user sessions	The open sessions for the users of the UDMG Admin UI can be displayed and terminated from the user menu. Requires the 'administration write' permissions.
#34890, #34112	Management of the 'Administration' permission for users	Ability to manage the 'Administration' permission from UI and CLI 'superuser' shortcut is provided to create or convert a user to a superuser with all possible permissions, including the administration permissions `udmg-client user update bob -r 'superuser'`
#33071	Disable Rule Task type	Ability to globally disable each rule task type. New udmg-server configuration parameters, in the `[tasks]` section, for each task type allow to disable the related task processing during any file transfer. For the following task types: COPY, COPYRENAME, MOVE, MOVERENAME, DELETE, RENAME, EXEC, EXECMOVE, EXECOUTPUT, TRANSFER, CHECKREGEX, PUBLISHEVENT, ICAP.

User Experience

Backlog	Title	Description
#33063	Environment customization	Customizable banner and system identifier on UDMG Admin UI, `"udmg.system_identifier"`: name of the system or the environment. `"udmg.banner.background_color"`: color of the banner background, as HTML color name ("Brown"), RGB code ("rgb(165,42,42)"), or hexadecimal code ("#A52A2A"). `"udmg.banner.logo"`: company logo, optional picture to display next to the system identifier. Example of a production environment with a brown banner and a development environment with an orange banner:
#31488	Business Service as Tag	Improved the usability of Business Service : they can be used for tagging objects and not only to enforce security permissions. A Business Service without any User Group can be attached to an object as a way labeling it.
#34257	Logging of rule tasks execution	New debug log messages: TRANSFER: `Programmed new transfer n°ID of file FILE, from/to PARTNER as ACCOUNT using rule RULE` COPY: `Copied file FILEPATH to FILEPATH` COPYRENAME: `Copied file FILEPATH to FILEPATH` DELETE: `Deleted file FILEPATH` EXEC: `Done executing command PATH ARGUMENTS` and command output is sent to DEBUG log EXECMOVE: `Done executing command PATH ARGUMENTS` and new file path is sent to DEBUG log EXECOUTPUT: `Done executing command PATH ARGUMENTS` and command output is send to DEBUG log MOVE: `Moved file FILEPATH to FILEPATH` MOVERENAME: `Moved file FILEPATH to FILEPATH` RENAME: `Changed target file to FILEPATH`
#34215, #34116	Update of menu labels and ordering	Change order of the items in the Management and Administration menus, for logical grouping of entities. Change the order of the options in the User Menu, logout is the now the last option.
#34214	Label change for rule virtual path	Change label for rule parameter: "Path Directory" to "Virtual Path Directory"
#33930	Label change for certificate records	Change the references to "Certificate" to "Certificate / Key" depending on the context.
#34852, #34843, #34853, #34837	Documentation for configuration files	Comprehensive description and comments inside the sample configuration file, both in installation package and online documentation.

Architecture

Backlog

Title

Description

#34498

High Availability: Active/Passive instances with dynamic handover

Support for cluster awareness where multiple udmg-server instances are coordinating to have 1 active instance and the remaining ones remain in passive state. Continuous monitoring is performed to ensure that a passive instance will takeover in case of failure or shutdown of the active instance.

The MFT servers are owned by the active instance, which also manage the transfer requests in client mode.

See High Availability Behavior and Processing

#34820

Management of user sessions

NGINX configuration update so that the client IP address (X-Real-IP, X-Forwarded-For) is passed for UDMG authentication proxy, thus the address can be kept with the user session details. See Installing NGINX Server.

#34834

Improved usability of the Linux services

Service description is prefixed with "Stonebranch" for parity with Universal Agent ubroker service.
Syslog messages are labeled with the service name (udmg-server, udmg-auth-proxy, ...) instead of 'sh'.
Syslog messages are sent to 'local0' utility for easier filtering.

Remote Interfaces

Backlog

Title

Description

#34810

Web services for the multi instance monitoring and load balancing

Existing /api/sb_healthcheck is enhanced with additional information: node details and node status.
Requires authentication but no specific permissions.
Example of output for a passive instance:
{
    "status": "operational",
    "nodeId": "gateway_1:8080-mft-gw-0",
    "nodeHostname": "gateway_1",
    "nodeIPAddress": "172.99.0.101",
    "nodePort": "8080",
    "nodeStatus": "PASSIVE",
    "nodeUptime": "15h6m4.810854748s",
    "nodeLastUpdate": "2023-11-14T08:07:54.848374Z",
    "nodeLastActiveDate": "2023-11-13T16:57:57.026091Z"
}
New /ping endpoint returns the plain text status: 'ACTIVE', 'PASSIVE', or 'OFFLINE' and also the 403 (Forbidden) HTTP code when the node is not active. This API is provided without authentication for load balancers.
New /api/sb_mgmt_nodes endpoint returns the list of the instances with their details and status.
Requires the 'administration read' permission.

B-17654,
#34136

REST and CLI support for Personal Access Token

New Web Services:

/api/sb_users/{user}/tokens
- GET to fetch the list of token: User read.
- POST to create a token: User write.

/api/sb_users/{user}/tokens/{token}
- GET to read a given token: User read.
- DELETE to remove a given token: User delete.

New CLI commands:

Usage:
  udmg-client [CONNECTION-OPTIONS] token personal [username] <command>

[personal command arguments]
  username:           The user's name

Available commands:
  add        Add a new personal access token to a user
  delete     Delete a personal access token
  get        Retrieve a personal access token
  list       List personal access tokens for a user

Note that a token owner is always allowed to manage its own tokens.

#34115,
#34130

REST/CLI: User Profile

New web service and CLI command for a user to fetch its own user profile with system permissions.

GET /api/user_profile

the output is the same as GET /api/sb_users/{user} for the calling user
no permission is required