We are pleased to announce the release of SafeNet ProtectV 4.3
With version 4.3.0, Gemalto enhances the security and operational value SafeNet ProtectV offers its users. Now, customers can schedule online key rotation of their Windows and Linux clients without incurring any downtime. These security enhancements allow customers to change and manage important passwords as well as import their own customer CSR and private key for client certificate authentication with SafeNet KeySecure. New RESTful APIs and Presto Encryption support expands automation functionality to improve operational agility. ProtectV 4.3.0 increases visibility and streamlines regulatory compliance with a new API and Log Monitoring guide, and improved audit logging information. A new compliance report sample allows customers to use these existing APIs to easily pull and present the information needed for auditors. Lastly, SafeNet ProtectV 4.3.0 extends support for Microsoft Windows 10, Red Hat Enterprise Linux 7.4, CentOS 6.9 and ASM disks on Oracle RAC.
ProtectV Client Online Key Rotation (Rekey)
- SafeNet ProtectV 4.3.0 introduces the online key rotation (rekey) feature for Windows and Linux clients. On Windows, only data partitions are supported in SafeNet ProtectV 4.3. Please note, the rekey feature is disabled by default. SafeNet ProtectV administrators can enable and configure the feature on the SafeNet ProtectV Manager Console. When configuring the feature, specify the number of days after which encryption keys should be changed automatically. By default, encryption keys are rotated after 180 days.
Securing ASM Disks on Oracle RAC
- SafeNet ProtectV 4.3.0 provides support for Oracle Real Application Clusters (Oracle RAC) with Automatic Storage Management (ASM) using SafeNet ProtectV.
Ability to Change the ProtectV Manager Disk Encryption Password
- A new command, pvmctl encryptpvm updatediskpass, has been added to change the password for ProtectV Manager’s disk encryption.
Ability to Change the ProtectV Manager Private Key Password
- A new command, pvmctl resetpvmkeypassword, has been added to change the password for ProtectV Manager’s private key.
Updated Client Certification Authentication Commands
- With SafeNet ProtectV 4.3, a custom CSR and private key can be imported for client certificate authentication with SafeNet KeySecure. For this, the following commands have been updated:
- pvmctl createcsr: Create a client Certificate Signing Request (CSR.)
- pvmctl configks: Configure ProtectV Manager with SafeNet KeySecure.
New RESTful APIs
- SafeNet ProtectV 4.3.0 includes the following new RESTful APIs to perform tasks from the command line:
- encryptPartition: Encrypt a partition of a client instance
- decryptPartition: Decrypt a partition of a client instance
- setRekeyPolicy: Enable/disable and configure the rekey feature
- getRekeyPolicy: View existing rekey configuration
- allowPartitionKey: Allow keys for a partition to reassign it to a client instance
- refusePartitionKey: Refuse keys for a partition to prevent it from reassigning to a client instance
- getPartitionKeyStatus: Check whether keys are allowed or denied for a partition of a client instance
The following RESTful APIs are renamed in this release:
- listInstancesDetails as listInstances
- encryptOn as encryptInstance
- encryptOff as decryptInstance
Refer to the SafeNet ProtectV API Guide for details.
SafeNet ProtectV API Guide
- Documentation of the RESTful API commands has been removed from the SafeNet ProtectV User’s Guide. Existing and newly added API commands are documented in the SafeNet ProtectV API Guide.
Generating a Compliance Report
- The SafeNet ProtectV 4.3.0 API Guide provides instructions and a sample script to generate a compliance report. Customers can use the sample listed in the API Guide along with existing APIs to pull the information they need for regulatory compliance (e.g. VM name, number of partitions, encryption status).
SafeNet ProtectV Log Monitoring Guide
- This release introduces the SafeNet ProtectV Log Monitoring Guide. This guide lists and describes audit and services logs generated on the SafeNet ProtectV Manager Console and ProtectV Client instances. The guide also explains CLI authentication log events.
Improved Audit Logging
- Significant CLI login events are now redirected to configured Syslog server.
VMware vCenter Dependency Removed
- SafeNet ProtectV 4.3.0 supports installation on VMware ESXi and no longer requires installation solely on VMware vCenter.
New Client Platforms
- SafeNet ProtectV 4.3.0 extends support for encryption of instances running the following virtualized platforms:
- Microsoft Windows 10
- Red Hat Enterprise Linux 7.4
- CentOS 6.9
- This release offers size-independent fast encryption of empty ProtectV Client partitions.
Safenet ProtectV Client Log Rotation
- On Linux client instances, the /opt/protectvl/bootagent/logan/logan.log file is no longer generated. From this release, all the client logs are saved in the /var/log/protectvl.log file (also referred to as the client log file.) Previous versions of SafeNet ProtectV do not provide option to rotate the client log file. The logs grow continuously that can cause disk storage issues. SafeNet ProtectV 4.3.0 includes automatic rotation of the client log file, /var/log/protectvl.log. The log file is automatically rotated as soon as it becomes 16 MB in size. Maximum six log files (including the log file being written, protectvl.log) are stored (backed up.) After the sixth log file is full, the oldest log file is replaced by the latest log file. The rotated log files are named protectvl.log.1, protectvl.log.2,…, and protectvl.log.5.
Refer to the SafeNet ProtectV Clients Customer Release Notes for the complete list of supported virtualized platforms.
Refer to the SafeNet ProtectV User Guide for details on features included in this release.
ACHIEVE SECURITY AND COMPLIANCE IN THE CLOUD NOW WITH PROTECTV
Find out more about SafeNet ProtectV and SafeNet Cloud-Enabled Security from Gemalto: Brochure – SafeNet ProtectV Product Brief
For the complete list of platforms, please refer to the Customer Release Notes (KB0016682) (registration to the Gemalto Support Portal is required).
For any questions, please contact your regional sales manager.