Archive Operating System (AOS 6.7 & 6.8) Updates

The AOS 6.7 software release is targeted specifically for improving AOS’s software upgrade system. This will make future upgrades more fault-tolerant.

Major enhancements to the upgrade system include:

1. Upgrade shuts down all archiver processes while it is running to prevent DB operations on a partially-migrated schema.
2. Upgrade is now downloaded and installed through a single package instead of multiple packages, making it more atomic and easier to read the changes associated with a release version.
3. Upgrade automatically resumes if interrupted by a reboot.
4. Upgrade supports asynchronous (background) migrations, reports on their status on the System Status page, and prevents further upgrades from running until they are complete.
5. Upgrade will not start if the previous version’s upgrade has failed, if its background migrations are still running, or if conflicting processes like backup are running.
6. Upgrades of Standby machines are much more robust.
7. Upgrade does more logging.

SSO Improvements: interactive configuration tester helps find issues before activating SSO for end-users.

Single Sign-On has been a long-time feature of the Intradyn Archiver, but it was missing the ability to test a configuration before enabling it to go live. As of AOS 6.8, you can now test a SSO / SAML configuration at any time.

From the Users and Groups -> SSO/2FA page, make a new SSO configuration or edit an existing. Now when you save your changes, you will be taken through a test of the configuration as well.

While your test is running, you will see the following page:

Finally, when the results of the SSO test are in, you will see a success or error message like the one below.

Security improvements

AOS 6.8 brings a number of security improvements to the product including:

• The “secure” attribute to session cookies is now used to ensure that cookies are sent via HTTPS only. More information about this flag can be found at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie.
• The potential use of deprecated or less secure ciphers has been disabled: Disable DES, 3DES, IDEA, RC2 cipher, and RC4(Arcfour) ciphers.
• A NTP DDoS attack vulnerability has been found and patched.

Admin control to reset passwords for all local users.

Site administrators can now reset the passwords of all local users with the click of a single button. Whether you are responding to company policy or to a potential security concern, you can handle it quickly and easily.

Allow users who have Access Control permission for a tag to redact email.

First, create an Access Control Issues (or edit an existing one). Add a list of tags the assignee will be able to access to the Access Control Rule.

As of AOS 6.8, you should be able to use this tag-based access rule to be able to redact emails that the assigned user has access to, even if would not otherwise have access to that email.

Other Enhancements:

• Several Print-to-PDF issues were resolved.
• Exchange folders containing a slash (/) or double quote (“) in their name are now supported.
• LDAP departments with a newline in their name are better supported.
• The nightly status email no longer incorrectly flags a scheduled backup as containing an error.
• On the data aging page, the drop-down for departments will no longer be shown if no departments exist.
• Tags and Legal Holds have been removed from the Configuration menu. They now only appear on the Email Viewing menu.
• When multiple action icons appear in a table, they now each have their own column throughout the product.
• The process of terminating a PST email import has been improved.
• Export has been fixed for users whose login name contains a dash (-)
• Help pages have additions and corrections.
• Creation of tags & labels no longer allow certain illegal characters – apostrophes are no longer allowed in tag names.
• Email processing counts and other counts have been fixed.
• Email address validation has UI fixes.
• In the past, the IMAP fetcher could hang on the initial connection phase if the mail server did not respond. Now it will time out when the server does not respond so that it can cycle and try again.
• If a user tries to visit a non-existent URL, they will be forwarded to their homepage and given a clear message explaining why rather than a “permission denied” error.
• Minor fix: a confirmation dialog was added on delete of a search exclusion
• Minor fix: a few pages highlighted the wrong active tab when viewed.