BLOG POST

Conjur 4.8 Released Delivering Enterprise-Scale Deployment Capabilities

 

December 7, 2016 | DevOps | Dustin Collins

We’re pleased to announce the immediate availability of Conjur 4.8. Over the past couple of years as Conjur has been deployed broadly with large enterprise customers, we have had a number of requests for features to make it easier for them to manage their expanded use of the software. This latest release delivers a set of capabilities that respond to these need and will further enable our customers and prospects to deploy Conjur broadly and manage it more easily.


What’s new:

Improved High Availability

The Conjur Trust Management Platform is a critical piece of our customers’ cybersecurity infrastructure, and they require that their Conjur environment be highly-available, fault-tolerant and scalable to their needs. To that end we have included a number of updates in v4.8.0 that make it easier to launch and maintain Conjur clusters.

Release1.png

For customers running on AWS, we now provide CloudFormation templates to create the infrastructure needed. Server health checks now include information about free disk space and inodes. The workflow for bringing your own certificates and private keys has been improved. Finally, a load balancer is no longer needed for cluster setup.

Conjur Cluster Health Monitoring

We’ve also added a Cluster Dashboard to the UI. This dashboard shows the role and status of every node in your Conjur cluster so that you can monitor the health of the distributed Conjur platform through a single console.

Release2.png

 

Improved LDAP Sync Workflow

We introduced LDAP Sync in the v4.7.0 release. Most large companies have an existing LDAP or Active Directory environment. LDAP Sync synchronizes users and groups from LDAP/AD with Conjur at a user-specified interval. A lot of work has gone into LDAP Sync for the v4.8.0 release to make it faster, easier to use, and more reliable.

The new workflow for LDAP Sync starts with configuring your LDAP/AD connection and filters in the Conjur UI.

Release3.png

After successfully configuring and verifying LDAP Sync settings, a Conjur Policy file is generated that can be loaded into Conjur.

---
- !policy
id: ad-acme
body:
- !user
id: Administrator
annotations:
ldap-sync/source: ad-ec2
ldap-sync/upstream-dn: CN=Administrator,CN=Users,DC=acme,DC=org
- !user
id: Guest
annotations:
ldap-sync/source: ad-ec2
ldap-sync/upstream-dn: CN=Guest,CN=Users,DC=acme,DC=org

The policy can now be loaded into Conjur. Major benefits of using Conjur Policy in the new LDAP Sync workflow include increased sync speeds, ability to handle very large LDAP/AD environments, and familiar tooling for Conjur users.

Integrated Conjur UI

Until now separate containers were required to deploy the Conjur appliance and the Conjur UI. We are pleased to announce that the Conjur UI is now integrated into the Conjur appliance image. This means that you can now open the HTTPS endpoint of any node in your Conjur cluster to view the Conjur UI. Deploying a separate Conjur UI container is no longer necessary.


This was an overview of the major new updates for Conjur v4.8.0. This release also contains many other improvements and bugfixes. See the full release notes for a detailed list of all updates in this release.  Existing customers can contact [email protected] to upgrade.

 

 

Share This