VIP Enterprise Gateway 9.8 Release Notes

These Release Notes offer high-level descriptions of enhancements and new features in Symantec VIP Enterprise Gateway 9.8 release.

What’s New in VIP Enterprise Gateway 9.8?

This release of VIP Enterprise Gateway is enhanced to include the following new features:

• Enhancement for Validation Server
  • Introduced a new User Experience for administrators to configure a Validation server with minimal configuration. You can choose one of the following options to create a Validation server:
    > Application configuration – Administrators can select a pre-defined configuration template from the available applications in the Validation server page. The vendors, application details, and supported authentication modes are pre-defined for this release. Symantec recommends to use this method to configure your Validation server.
    > Custom configuration – If your vendor or application is not available in the pre-defined list, then you can use this mode and customize your two-factor authentication configuration.
  • Provisioning for Monitoring Health – Organizations can now configure their Validation servers to monitor the health check in real time.
     
• VIP Access support for Out-of-Band Authentication – VIP Enterprise Gateway now supports Out-of-Band authentication (OOB) across different channels such as Push, SMS, and Voice in all the authentication modes. The VIP Service decides the order in which the user is authenticated based on the credential type of the user assigned in VIP Manager. Administrators can also configure to use user’s Mobile, Phone, or Email values as OOB channel from their enterprise directory.
   
• Platform and Browser Support – The following are the new platform and browser support available for VIP Enterprise Gateway:
  • Platform Supported – RHEL 6.7, RHEL 6.8, RHEL 7.2, and Cent OS 7
  • Browsers Supported – Microsoft Edge
     
• Enhanced PIN Reset Support – This release supports PIN Reset based on the policies defined in VIP Manager. Your VPN or third party integration also should support the access challenge.
   
• Support for Anonymous Identity – VIP Enterprise Gateway provides the ability to register an anonymous identity, which can be different from the user's corporate user ID in VIP Authentication Service. This support has been extended to User ID – Access PIN – Security Code mode.
   
• Password Reset for Self Service Portal – Supports reset of expired Active Directory password through Self Service Portal (SSP) IdP using JavaScript integration. 
   
• Validation Server Password Reset for Linux – Supports reset of expired Active Directory password through Validation Server in Linux platforms.
   
• Enhanced Notification Settings – This release enhances the notification settings to send emails and collect logs for VIP Service connectivity issues.
   
• Upgrade from Older Versions – Supports upgrade from VIP Enterprise Gateway 9.1 onwards to VIP Enterprise Gateway 9.8 through Export and Import feature without incremental update process. It also supports conventional upgrade from VIP Enterprise Gateway 9.7 through live Upgrade and Manual upgrade processes, on both Windows and Linux.
   
• VIP Integrations – The following changes are made for VIP Integrations:
  • Active Directory Federation Service (AD FS) 3.0 plug-in solution has been simplified with VIP Enterprise Gateway to integrate with JavaScript.
  • Internet Information Services (IIS) plug-in now supports Out-of-band authentication such as SMS and Voice with this VIP Enterprise Gateway release.

To take advantage of these new changes, you need to install the latest AD FS 3.0 and IIS Generic plug-ins from VIP Manager download page. Refer to the Symantec VIP Enterprise Gateway Installation and Configuration Guide for more information on the new features.

Pre-installation Checks

Before you upgrade to VIP Enterprise Gateway 9.8, ensure that the VIP Enterprise Gateway server can access the following URLs:

• https://ssp.vip.symantec.com/
• https://manager.vip.symantec.com
• https://userservices.vip.symantec.com/
• https://userservices-auth.vip.symantec.com/   
• http://liveupdate.symantecliveupdate.com
• http://liveupdate.symantec.com
• http://www.symantec.com
• https://knowledge.symantec.com

If your organization uses a proxy server, then you must make sure to whitelist the above mentioned URLs.

Issues Addressed in This Release

The following issue is addressed as part of VIP Enterprise Gateway 9.8:

• Fixes for Enterprise Login Mapping (ELM) – SAMAccountName attribute was missed as part of assertion. It has been fixed as part of this release.

This section lists platform, browsers, and features for which VIP Enterprise Gateway has deprecated or removed support.

• Platform deprecated
  RHEL 5.9, RHEL 5.10, RHEL 5.11, RHEL 6.4, RHEL 6.5, RHEL 6.6, Windows 2008 (64-bit)

• Browsers deprecated
  Internet Explorer 8 and 9

• Features removed ​
  • Authentication mode is not supported in Validation Server. VIP Enterprise Gateway now authenticates users with second factor authentication first always.
  • User Name – LDAP Password – Security Code (RADIUS Access Challenge Mode) as a Validation Mode is not supported, but Access Challenge as a feature is now supported across all Validation Modes.
  • Self Service Proxy (IdP Proxy) has been discontinued from this release. As an alternative to SSP IdP Proxy, you must use reverse proxy applications such as Web Application Proxy (Windows) or Squid (Linux). However, SSP IdP Proxy 9.7 will still work with VIP Enterprise Gateway 9.8 with limited features.

Software Limitations and Changes

The following are the limitations of this release:

• Password Reset for Self Service Portal – This feature is supported only on Firefox and Chrome browsers. It is not supported on Microsoft Edge browser.
   
• After you upgrade to VIP Enterprise Gateway 9.8, the following changes will occur:
  • Validation Servers configured in User Name – LDAP Password – Security Code (RADIUS Access Challenge Mode) will be automatically migrated to User Name – LDAP Password – Security Code mode. The Validation Server functionality remains the same and will continue to function normally.
  • Out-of-Band configuration setting available under SSP IdP is moved under the Search Criteria tab under User Store.
  • Business Continuity configuration feature which was available under Validation Server is moved under Notification in the Settings tab.
     
• The existing Steel-Belted Radius (SBR) plug-in is not compatible with VIP Enterprise Gateway 9.8. To resolve the compatibility issue, you must install the latest SBR plug-in from VIP Manager download page.
   

Known Issues and Workarounds

For information about issues and workarounds related to this release, access the Customer Support web page for VIP Enterprise Gateway at https://knowledge.symantec.com/support/ua-support/index.html. On the Symantec™ Validation and ID Protection Service (VIP) Support page use the search box, Knowledge Center Search to find the known issues and their workarounds.

Documentation

The following documents have been updated for this release:

• Symantec VIP Enterprise Gateway 9.8 Release Notes (this document)
• Symantec VIP Enterprise Gateway Installation and Configuration Guide
• VIP Third-Party Integration Guides

Note: The VIP Enterprise Gateway Installation and Configuration Guide includes the introduction, pre-installation requirements, installation procedures, basic configurations, and description of the features of VIP Enterprise Gateway 9.8.

To understand how to perform tasks associated with the VIP Enterprise Gateway features, refer to the VIP Enterprise Gateway Online help. Click the Help tab that is displayed at the top of the VIP Enterprise Gateway screen to access the VIP Enterprise Gateway Online help.

Copyright © 2011 – 2016 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON‐INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227‐19 "Commercial Computer Software ‐ Restricted Rights" and DFARS 227.7202, et seq. “Commercial Computer Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

This document may describe features and/or functionality not present in your software or your service agreement. Contact your account representative to learn more about what is available with this Symantec product.

Symantec Corporation

350 Ellis Street Mountain View,

CA 94043

http://www.symantec.com

https://support.symantec.com/en_US/contact-support.html