SDS Enterprise 11.1 new features and enhancements
Stormshield Data Management Center (SDMC)
Managing keys for using the SDMC API
A new tab API keys is available in SDMC. It allows administrators with the Manage API keys permission to create API keys, valid for one year by default. API keys allows them to use the SDMC public API, particularly to access administration logs. Administrators can also permanently delete these keys.
Accessing the administration logs via the SDMC API
It is now possible to access administrators connection logs through the SDMC API. Among other things, these logs indicate the connection mode used by the administrators (password or SAML).
You can still access the administration logs which were already available in the version 1 of SDMC through the API.
Security policy signature
The PS256 algorithm used by default at the time of signature of the policies. The previous RS256 signature algorithm remains functional with the signature utility and the SDS Enterprise agent.
Managing users’ keys and certificates in Password accounts
In the Accounts > Creation menu of a security policy, in the Password account creation section, the checkboxes for selecting the source of user keys and certificates have been replaced by a drop-down list.
Excluding folders from encryption with the Team feature
In the Team settings of a security policy, you can now specify a list of folders on which a user will not be able to create a Team security rule to automatically secure the folder. The list is recursive and automatically includes sub-folders.
New secure deletion mode with the Shredder feature
In the Shredder advanced settings of a security policy, you can now configure the secure file deletion mode. This feature would write a series of characters in bytes in several rounds, replacing the file contents. SDMC now makes it possible to select the values of the successive rounds which replace the contents to be deleted.
Importing security policies in SDMC
You can now import a .json format security policy in SDMC which has been previously exported from SDMC. However, LDAP directories and authorities certificates indicated in the policy are not imported.
Advanced configuration of security policies
The following changes have been made to the JSON parameters of security policies:
-
In the accountPolicy - creation - automatic section, the encryptionKeyAuthorityId and signatureKeyAuthorityId parameters are now optional.
-
In the accountPolicy - parameters- cryptography section, the new optional parameter keyEncryptionMethod allows selecting the algorithm to use for encrypting the keys.
-
In the diskPolicy section, the new parameter encryptionAlgorithm is used to select the algorithm to be used when encrypting secured virtual volumes.
SDS Enterprise agent
Updating a signatory policy
Users are now informed after the security policy signatory has been updated used with the SDS Enterprise agent.
Encryption of volumes with the Virtual Disk functionality
The AES-XTS encryption algorithm can now be used to encrypt the secured virtual volumes generated with the SDS Enterprise agent.