Back to articles
Back to Index

Posted on 08 February 2018 by in General Encryption, SafeNet ProtectV

 

Product Release Announcement: SafeNet ProtectV 4.4

We are pleased to announce the release of SafeNet ProtectV 4.4

SafeNet ProtectV 4.4.0 enhances the solution’s security features with mandatory default password changes, encryption of stored secrets, and support for 3rd party SSL certificates. Additionally, it can now be used in more AWS regions on a broader set of operating systems. With version 4.4.0, Gemalto extends SafeNet ProtectV’s support for physical machines, Ubuntu LTS 14.04 & 16.04, CentOS 7.4, AWS China and 5 additional AWS regions across North America, Asia, and Europe. In this release, Gemalto also adds security features that turn previously optional best practices into default settings.

New Features and Enhancements

  • Support for AWS China:  In addition to Amazon AWS and Amazon GovCloud, this release protects client instances in AWS China.
  • Support for Additional AWS Regions:  SafeNet ProtectV 4.4.0 supports the following newly introduced AWS regions:
    • US East (Ohio)
    • Canada (Central)
    • EU (London)
    • Asia Pacific (Mumbai)
    • Asia Pacific (Seoul)
  • Support for Third Party SSL Certificates:  Previous versions of SafeNet ProtectV included pre-shipped SSL certificates that were used to access the SafeNet ProtectV Manager Console and RESTful APIs. This release adds support for third party SSL certificates.

You can now use pre-shipped or third party SSL certificates to access the SafeNet ProtectV Manager Console and RESTful APIs instead of the self-signed certificates shipped with the product. A new command, pvmctl configsslcert, is included in this release to configure SafeNet ProtectV for third party SSL certificates.

  • Encrypted Secrets
    SafeNet ProtectV now stores secrets in encrypted form. In previous versions of SafeNet ProtectV, secrets are protected by ACLs that are only accessible to root administrators. SafeNet Keysecure now protects the keys securing secrets within the SafeNet ProtectV Manager.
  • Modified API Commands ProtectV Manager Clusters and ProtectV Gateways
    A new parameter, –pvmiplist, is added to the pvmctl gwstart command. Use this parameter to specify colon-separated lists of IP addresses of ProtectV Manager cluster members.

The –pvmiplist parameter is useful when ProtectV Managers in a cluster are accessible to each other through private IP addresses, but only through public IP addresses to ProtectV Gateway. ProtectV Gateway would try to access ProtectV Managers in the provided colon-separated list, in case of failure to reach the current ProtectV Manager.

Do not provide –pvmiplist if ProtectV Gateway can access ProtectV Manager cluster members directly (all private or all public IP addresses).

Another new command, pvmctl gwstop, is added in this release. Use this command to stop the external ProtectV Gateway service. You need to stop the ProtectV Gateway service before running pvmctl gwstart with –pvmiplist.

Refer to the SafeNet ProtectV API Guide for details.

  • Ability to Set Password for ProtectV Manager Database
    In previous SafeNet ProtectV versions, the default password for the ProtectV Manager Database (PVMDB) was automatically assigned.

For security purposes, customers will now be prompted to set their own initial password for the database upon configuration using the new command ‘pvmctl setdbpass’. Customers can change the initial password at any time later via the ‘pvmctl updatedbpass’ command.

  • New Platform and Integration Support
    This release extends support for the following new platforms:
         • Encryption Support for Physical Machines Running Ubuntu Platforms
              o SafeNet ProtectV 4.4.0 can now encrypt physical machines running Ubuntu 16.04 and 14.04 platforms.
         • Support for CentOS 7.4
              o SafeNet ProtectV 4.x can now encrypt instances running the CentOS 7.4 platform.
         • SafeNet ProtectV 2.x now supports RHEL 7.4 and CentOS 7.4
              o However, SafeNet ProtectV 2.x does not support xfs file systems for versions RHEL and CentOS versions 7.2-7.4

Refer to the Operating Systems section for the complete list of supported platforms.

DOCUMENTATION
ACHIEVE SECURITY AND COMPLIANCE IN THE CLOUD NOW WITH PROTECTV

Find out more about SafeNet ProtectV and SafeNet Cloud-Enabled Security from Gemalto: Brochure – SafeNet ProtectV Product Brief

For the complete list of platforms, please refer to the Customer Release Notes KB0017144 (registration to the Gemalto Support Portal is required).

For any questions, please contact your regional sales manager.