New Product Announcement: SafeNet ProtectV 4.5.0

We are pleased to announce the release of SafeNet ProtectV 4.5.0 

SafeNet ProtectV 4.5.0 extends its ecosystem to include support for Fujitsu Enterprise Cloud Service K5 and AWS Regions in Paris and Ningxia, China. With version 4.5.0, SafeNet ProtectV is able to secure mirrored and spanned dynamic volumes on Windows client instances and clients running Red Hat Enterprise Linux (RHEL) 7.5. Additionally this new release also improves SafeNet ProtectV’s usability with new easy-to-generate compliance reports, an encryption progress monitoring tool and improved security enhancements.

New Features and Enhancements

Support for Fujitsu Enterprise Cloud Service K5

This release extends support for ProtectV Manager on Fujitsu Cloud Service K5, an Enterprise Cloud Service that supports OpenStack, VMware, and Bare Metal. Customers can now launch their ProtectV Manager virtual machine on Fujitsu Cloud Service K5.

An OVA file is provided to help launch the ProtectV Manager on Fujitsu Cloud Service K5. Convert the OVA file into a Virtual Machine Disk (VMDK) file by using ovf tool.

Support for New AWS Regions

SafeNet ProtectV 4.5.0 extends support for the following new AWS regions:

  • AWS EU (Paris) Region
  • AWS China (Ningxia) Region

The SafeNet ProtectV Manager AMI is available for these regions. SafeNet ProtectV can also encrypt partitions of instances running in these AWS regions.

Support for Windows Dynamic Volumes

SafeNet ProtectV extends support for encryption of mirrored or spanned dynamic volumes on Windows client instances.

Support for RHEL 7.5

SafeNet ProtectV 4.5.0 extends support for encryption of virtual machines running Red Hat Enterprise Linux 7.5.

Rotation of Secrets-Encryption Keys

A new command, pvmctl rotatevaultkey, is added to rotate keys that SafeNet ProtectV uses to encrypt secrets.

Ability to Generate Clients Compliance Report

A new button, ProtectV Compliance Report, is added on the ProtectV Manager Console to generate and download the ProtectV Manager Clients Compliance Report as a PDF.

The generated report lists details of ProtectV Client instances (identified by names and IP addresses) registered with SafeNet ProtectV Manager. The report shows partitions of registered client instances with details such as system names, friendly names, encryption status, and size.

Rotation of KeySecure and Secrets Encryption Logs

SafeNet ProtectV 4.5.0 includes automatic rotation of logs of ProtectV Manager’s communication with KeySecure. These logs are saved at /pvm/logs/icapi.logon ProtectV Manager.

The release also includes support for rotation of secrets encryption logs. These logs are saved at /pvm/logs/icapi_rapido.log.

A maximum of five log files (of only five days) are stored. Log files older than five days are deleted automatically. The saved log files are named as <log_file_name>.log_<yyyy-mm-dd>. For example, the rotated icapi.logfiles are named as icapi.log_2018-03-21and icapi.log_2018-03-22. Similarly, the rotated icapi_rapido.logfiles are named as icapi_rapido.log_2018-03-21 and icapi_rapido.log_2018-03-22.

Ability to Disable Syslog Server Configuration

A new command, pvmctl disablesyslog, is added in this release. Use this command to disable the Syslog server configurations made for ProtectV Manager. After the configuration is disabled, audit and services logs on ProtectV Manager will not be redirected to the Syslog server.

The Syslog server can be reconfigured with ProtectV Manager by running the pvmctl configsyslog command.

Refer to the SafeNet ProtectV User’s Guide for details.

Modified PVMCTL STATUS Command for Syslog Server

The pvmctl status command has been modified in this release. In addition to details of the ProtectV Manager Database (PVMDB), SafeNet KeySecure, and ProtectV services, the command now shows the configuration status of the Syslog server. If the Syslog server is configured with ProtectV Manager, the IP address of the server is also shown.

Preboot Console Logging & Encryption Progress Monitoring

SafeNet ProtectV 4.5.0 adds the ability to monitor the encryption progress of Linux client instances on the preboot console.

Security Enhancements:

  • Rotating DarkStar Key
    • Introduced the ability to rotate the KeySecure key that protects the DarkStar Vault on the ProtectV Manager
  •  Stronger Security for PVSUPER Credentials (Darkstar) Nginx Cert Component
    • With version 4.5.0 Nginx certificates can be stored in the encryption Darkstar database microservice.



Find out more about SafeNet ProtectV and SafeNet Cloud-Enabled Security from Gemalto: Brochure – SafeNet ProtectV Product Brief

For the complete list of platforms, please refer to the Customer Release Notes KB0017578 (registration to the Gemalto Support Portal is required).

For any questions, please contact your regional sales manager.