Host Access Management and Security Server - Release Notes
January 2024
Host Access Management and Security Server (MSS) 14.0.1 released with Host Access for the Cloud 3.0.1.
What's New
All MSS releases are cumulative, and contain the features introduced in earlier releases. For previous versions, see MSS Documentation.
Features and Fixes
- Added support for OpenID Connect (OIDC) based authentication via an external provider. (14.0.1)
- The MSS Admin Console can now be accessed using Micro Focus Advanced Authentication and X.509 authentication. (14.0.1)
- Support for Automated Sign-On for Host Access was re-introduced in the new architecture. (14.0.1)
- Security updates including Java and third-party libraries (14.0.1)
- Added X.509 authentication support for Reflection Desktop when configured for centralized management. See below for more information. (14.0.1)
- Addressed an issue that prevented the advanced Kubernetes dashboard from loading in a deployment that was not connected to the internet. (14.0.1)
- Added strict Transport Security Headers (HSTS) to enhance security. (14.0.1)
-
SiteMinder Agent name is now automatically replicated between nodes. (14.0.1)
-
MSS has adopted a new architecture that simplifies deployment, tightens security, improves scaling and high availability, and eases ongoing maintenance. There are two new deployment options, a virtual software appliance and Linux installers. See the deployment guide for information and how to choose the deployment that best fits your needs. (14.0)
Some benefits provided by the new architecture:
-
A single certificate is used for the entire cluster. TLS is used to secure end-to-end communication.
-
Services are self healing and automatically distributed across cluster nodes, providing built in high availability and fault tolerance.
-
Scaling to handle changes in capacity has been greatly simplified.
-
Clustering workflows have been improved and no longer require complicated certificate management.
-
Load balancers are now optional and no longer require complicated configurations.
-
Management workflows and basic monitoring of the cluster have been both simplified and expanded.
-
The new architecture is built on standards so common tools can be used when working with the cluster.
-
The virtual software appliance provides a convenient update channel for applying product and operating system updates.
-
The process for configuring the following has been simplified: Metering, Terminal ID Manager, Kerberos authentication, X.509 authentication
-
-
The MSS Admin Console, Metering Reports Console and Terminal ID Manager Consoles all share the same password for easier management. (14.0)
-
Applied security updates and additional bug fixes. (14.0)
Changes in Behavior and Usage
- When using the Security Proxy, you must explicitly scale the number of instances needed. By default, the Security Proxy is set to zero instances because it is capable of handling a high volume of connections, and requires resource allocation that is commensurate to its performance. (14.0.1)
- The process for configuring X.509 authentication has changed slightly. Please see the documentation for the updated steps. (14.0.1)
-
The minimum disk space requirement for the Appliance and Linux based installers has been increased from 60GB to 100GB. (14.0.1)
-
The Installation Guide has been renamed to the Deployment Guide and has been updated to document the new deployment process. (14.0)
-
A collection of features that were believed to be unused have been deprecated and removed. Please contact support if a feature has been removed that you depended upon. (14.0)
-
The configuration process for the Security Proxy, Terminal ID manager and Metering have changed. See the documentation for more information. (14.0)
-
The Terminal ID Manager Console and Metering Admin Console now share the same password as MSS Admin Console. (14.0)
-
The configuration process for various authentication types has been changed and simplified. See the documentation for more information. (14.0)
-
The clustering process has changed and the clustering view has been removed in favor of the new Cluster Management Console. Log into the Admin Console then choose Cluster Management from the upper left menu. See the Deployment Guide for more information. (14.0)
-
Support for NTLM based authentication has been removed and replaced with support for Kerberos. (14.0)
-
Microsoft has retired Internet Explorer 11, and as such, our ability to resolve IE 11 browser specific issues in older versions of MSS is limited. Support for IE 11 has been removed from MSS 14.0 and greater. However, we will continue to support IE 11 for older versions of MSS that currently support it, as per the Product Support Lifecycle. (14.0)
Known Issues
If you encounter unexpected issues with Management and Security Server, contact Support.
-
Upgrades from 14.0.0.x to 14.0.1 are not yet supported.
-
Certain X.509 capabilities related to OCSP, CRL and multi-LDAP support are not fully supported in this release. Please contact Support if these capabilities are critical to your deployment. (14.0.1)
-
Following initial installation, server node restarts, or adding new nodes to the cluster, it may take approximately 15 minutes for the cluster to stabilize and report itself as 'Healthy.' Numerous warning events may appear in the Cluster Management - Events view during startup. These events are part of the normal operation and will be cleared after approximately 15 minutes. Always wait for the cluster to be reported as healthy before proceeding with cluster operations. (14.0)
-
When using the Appliance, the process of downloading a Support Zip can take several minutes, with no feedback in the user interface. After clicking "Ok", please stay on the view until the download completes (14.0)
-
When using the migration tool to migrate from a system with Terminal ID manager configured, on the new system Terminal ID manager will fail to start after migration. To work around this issue please contact support. (14.0)
-
Support for X.509 authentication through a load balancer is not currently functioning. (14.0)
-
Reflection/InfoConnect Desktop FTP sessions that run through the Security Proxy may fail with a "Failed to establish an FTP Gateway session" message. Please contact support for assistance. (14.0)
Contacting Open Text
Check these online resources.
-
MSS Security Updates -- contact Customer Support
-
Product information, including the MSS Add-On products and a Free Trial link
For specific product issues, contact Customer Support.
Legal Notice
© 2024 Open Text
The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are as may be set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.