Integrations with MS DHCP for IPAM, Hashicorp and Delinea for Password Vault and new Certificate dashboard in v18.14.00

Release Date: March 28, 2024

Main Features of 18.14.00 of the Main Appliance (MA)

Release Overview

Microsoft DHCP added as a discovery type and the views for IP address and Subnets have been enhanced to show additional DHCP details.
New Insights+ dashboards ‘Device Certificate Summary’ and ‘Scheduled Job Distribution and Status’.
New integration with Delinea Secret Server.
New integration with HashiCorp Vault integration.
New room layout display options to view temperature.

In addition to the above, the v18.14 update includes:

The Appliance Manager Upgrade page will provide the status of all MA and RC components, alerting the user to potential upgrade issues that may complicate the upgrade process.
The Appliance Manager can now directly download the upgrade package from a provided URL in addition to the previous upload process.
New global setting called ‘Ignore DB Login Names’. When enabled, it will disable the discovery and population of DB login names.
Cloud Account tags for GCP and Microsoft Azure are now discovered in addition to AWS. The discovered tags will now show in the related Cloud Account record under Vendor Custom Fields.
Enhanced device matching logic now accommodates scenarios where devices possess similar names but exhibit distinct matchable attributes.
AWS KMS Key resources now display more discovered data such as Key Usage, Key Spec, Key origin, etc.
Classic Reports can temporarily be edited once again.
New switch on Agents called ‘new-device-object-category’ that can be used to overwrite the object category on devices.
Remediated vulnerability CVE-2024-31962 (pending Mitre review https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31962). Incorrect access control in job-manager may allow remote authenticated users to execute arbitrary commands via ssh. Discovered by Philip Pettersson

NOTICE: Cut Off Release Notice

Device42 v18.14.00 is an upgrade cut off release. We are taking this step to improve and modernize the foundational system packages. All customers will be required to upgrade to v18.14.00 to be able to apply future releases going forward.

NOTICE: Warning for those with Confluence Server Integration

The current Confluence integration is based upon Atlassian Server Product Apps (non-Cloud). Support from Atlassian ended on Feb15, 2024 for Server products. The remedy for unsupported Server Confluence is to migrate to Atlassian Data Center.

Device42 has a certified plugin for use in the Confluence Data Center.

https://marketplace.atlassian.com/apps/1213754/device42-cmdb-connector-for-confluence

This new plug-in will enable the same integration as the previous server app and is designed and certified for the Confluence Data Center.

Additional Details on key 18.14 New Features

Microsoft DHCP Discovery

Microsoft DHCP Discovery has been added as an additional discovery type (Discovery -> DHCP). Microsoft DHCP (Dynamic Host Configuration Protocol) is a service provided by Microsoft Windows Server operating systems. DHCP is a network management protocol used to dynamically assign IP addresses and other network configuration parameters (such as subnet mask, default gateway, DNS servers, etc.) to devices on a network. If you are already using Microsoft DHCP Servers in your environment, Microsoft DHCP Discovery can automatically populate records on discovered DHCP Servers, IP Addresses, and subnets including additional DHCP details like: DHCP Scope, State, Lease Duration, DNS information & Start/End address ranges. More detail on Microsoft DHCP Discovery be found using online documentation at:

https://docs.device42.com/auto-discovery/microsoft-dhcp-discovery/

New Dashboards for Job Schedule and Certificates

A new dashboard within the Insights+ System Administration folder provides visibility and reporting on scheduled discovery jobs. This multi-tab interactive dashboard, named ‘Scheduled Job Distribution and Status’, displays information about scheduled jobs and includes a tab for detailed historical run lengths for jobs executed in the past 24 hours. The schedule tab breaks down jobs by type and day of the week, and it provides a heatmap showing times during the day when jobs are scheduled. This information can help avoid undesirable loads on your network and system.

Delinea Secret Server Integration

We have added an integration that allows the use of Delinea Secret Server as a secret storage location. Customers already using Delinea Secret Server as their centralized storage of privileged passwords no longer need to recreate passwords in Device42. More detail on the Delinea Secret Server Integration can be found online at:

https://docs.device42.com/integration/external-integrations/delinea-secret-server-integration/

Each Device42 Autodiscovery job is configured to use one (or more) sets of system credentials. If you already use Delinea Secret Server to manage passwords and other secrets or simply don’t want to use Device42 for this purpose, the Device42 Delinea Secret Server integration allows Device42 to securely store and retrieve these credentials externally as your primary secret management solution.

Delinea Secret Server offers useful features such as automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines.

Note: Passwords retrieved from Delinea Secret Server are not viewable in Device42!

Configuring Delinea Secret Server

Pre-requisites

For the Delinea Secret Server integration to work, you will need to create a user account in Delinea Secret Server with the ‘View Secret’ permission.
This user should also have view access to the desired folder(s) you would like Secrets retrieved from.
Note: While you can use any user account, it is strongly recommended that you use a dedicated application account for Device42. Application accounts are restricted from logging into the UI and can only be used via the API.

Configuring Device42

Select Tools > Integrations > Delinea Secret Server from the Device42 menu.
Click on the ‘Edit’ button in the bottom right corner and enter your Delinea Secret Server RESTful API information. (Example below)
Verify connectivity by clicking the ‘Test Settings’ button in the top right corner.
The ‘Test Settings’ button attempts to validate the supplied configuration settings by retrieving a token from Delinea Secret server. If a token is successfully retrieved, a message stating ‘Delinea Secret Server Settings Valid’ should appear in the top right corner.
If you run into configuration errors related to SSL errors, you may need to disable SSL Verification within the Delinea Secret Server configuration page.

HashiCorp Vault Integration

We have added an integration that allows the use of HashiCorp Vault as a secret storage location. Customers already using HashiCorp Vault as their centralized storage of privileged passwords no longer need to recreate passwords in Device42. More detail on the HashiCorp Vault Integration can be found online at:

https://docs.device42.com/integration/external-integrations/hashicorp-vault-integration/

Each Device42 Autodiscovery job is configured to use one (or more) sets of system credentials. If you already use HashiCorp Vault to manage passwords and other secrets or simply don’t want to use Device42 for this purpose, the Device42 HashiCorp Vault integration allows Device42 to securely store and retrieve these credentials externally as your primary secret management solution.

HashiCorp Vault offers useful features such as automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines.

Note: Passwords retrieved from HashiCorp Vault are not viewable in Device42!

Configuring HashiCorp Vault

Pre-requisites

(Required) Role ID / Secret ID: For the HashiCorp Vault integration to work, you will need to create an AppRole in HashiCorp Vault with a policy that grants “read” to the desired Secret Paths.
AppRole authentication is done by using both ‘RoleID’ and ‘SecretID’ as credentials.
Details on how to create a AppRole and retrieve the RoleID and SecretID can be found here
(Required) Secret Engine Path: You will also need to specify the path to a valid K/V Version 1 or Version 2 secret engine to retrieve secrets from. Example: secret, kv, foo, bar, etc.
(Optional) Namespace: If you’re leveraging Multi-Tenancy with Namespaces then you will need to include the Namespace as well. Note: This is Limited to Vault Enterprise Standard or HCP Vault Clusters.

Configuring Device42

Select Tools > Integrations > HashiCorp Vault from the Device42 menu.
Click on the ‘Edit’ button in the bottom right corner and enter your HashiCorp Vault RESTful API information. (Example below)
Verify connectivity by clicking the ‘Test Settings’ button in the top right corner.
The ‘Test Settings’ button attempts to validate the supplied configuration settings by retrieving a token from HashiCorp Vault. If a token is successfully retrieved, a message stating ‘HashiCorp Vault Settings Valid’ should appear in the top right corner. (Example Success Response Below)
If you run into configuration errors related to SSL errors, you may need to disable SSL Verification within the HashiCorp Vault configuration page..

Heatmaps on Room Layout

The room layout screen previously exclusively displayed temperature using a bubble overlay visual. This bubble visual can now be toggled on/off to prevent interference with other display elements. Additionally, users can now select the rack color to indicate temperature ranges. This provides the same information as the heat bubbles but categorizes heat measurements using the color of the rack item.

Bug Fixes and other minor changes

Modification to Data Dictionary for view_databasesize_v2 and view_database_to+databasesize_v2 to make it easier to retrieve database size from DoQL. Queries for these views will continue to function, however both views are marked for depreciation in future release.
Due to the overlap with Amazon AWS cloud discovery, the discovery cloud discovery type of Amazon API was disabled and removed. Any previous Amazon API jobs, imports/exports, discovery runs and scores will be deleted and removed from the system. All previously built DoQLs will return empty references.
New installs of Device42 often show audit log entries from 2018, when the base image was provisioned.
z/OS discovery would fail on an OS/390 mainframe caused by the user of EBCDIC 037 encoding.
Service detail table improvements will reduce size necessity.
SSL discovery on some legacy targets would return an error due to the need for renegotiation. Support for this legacy renegotiation was added.
Adminusers API required superuser privileges to return values. This has been fixed so that non superusers can get the API response.
Raid storage parts with the same serial number were not being stored. These disk parts will now be discovered and stored even if they have the same Serial Number.
Bulk deletion of thousands of items can cause an error
Two-switch discovery for some Huawei devices will only show ports registered on only switch one.
SNMP discovery support for Cisco SG500-520-K9.
Discovery of some clustered Database Servers can lead to duplicate listings as Database Instances and may be displayed in Insights+ dashboards and reports as duplicate entries.
Discovery support for Dell Powerstore 7000t and 5000t.

Known Issues

Passwords stored using Delinea Secret Server & HashiCorp Vault as the configured Password Storage cannot be used for external integrations and can only be used by discovery jobs (LDAP not included).