This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Release Highlights

This section provides the release highlights for Enterprise Security Administrator (ESA) and Protectors v10.0.

    Enterprise Security Administrator

    The ESA v10.0 release delivers robust architectural upgrades designed to boost scalability, enhance resilience, and reinforce data security across your enterprise.

    Architectural & Operational Upgrades

    • Resilient Package Deployment: New architecture improves performance and reliability in policy distribution.
    • Expanded Log Indexing: Logs now categorized into Audit, Troubleshooting, Policy, and Status indexes for finer control.
    • ILM & Scheduler Enhancements: Export/import expanded; scheduler now supports multiple log types.
    • Audit Store Discover Page Sorting: Latest records now surface first by default for better usability.

    Dashboard Modernization

    • New dashboards added for:
      • Protector Status
      • Security Operations
      • Inventory
      • Policy Metrics
    • Enables centralized, real-time monitoring.
      View dashboard guide

    Security & Compliance Features

    • FIPS Mode Enabled: Compliant operating system-level security introduced.
    • AWS KMS Support: Direct integration for secure key management.
    • License Enforcement: Invalid or expired licenses block policy distribution and DevOps API usage.
    • Protegrity Signed Packages: All ESA packages now cryptographically signed for authenticity.

    DevOps & Admin Enhancements

    • File Upload Expansion: ESA Web UI now supports uploads of any size—ideal for larger patches.
    • CLI Improvements: Basic Authentication toggle now configurable from the CLI.

    Platform Upgrades

    • OS: Debian 12.7
    • Kernel: 6.6.48
    • OpenSearch: 2.15.0
    • Python: 3.11.2
    • Fluentd: 5.0.3
    • Fluent-bit: 2.2.3
    • OpenSSL: 3.0.14

    Protegrity Data Security Gateway

    • DSG 3.3.0.0 Backward Compatibility
      Foundation established to support multiple ESA versions going forward. DSG 3.3.0.0 is now compatible with ESA 10.0.0.

    • UEFI Support Added
      Systems can now boot using either BIOS or UEFI, with GPT partition support for flexible OS setup.
      UEFI Boot Guide

    • Python Upgrade in Bullseye OS
      Python updated from v3.7 to v3.9 for increased performance and compatibility.

    • Azure AD Integration
      External and internal appliance access now manageable via Azure portal and corporate directories.
      Azure AD Setup

    • Firewall Modernization
      Appliance firewall migrated from iptables to nftables for improved scalability and control.
      Firewall Configuration

    • Azure AD Member Source Support
      Azure AD now pulls and organizes user and group info for structured access control.
      Member Source Configuration

    • OpenSSH Idle Timeout Enhancement
      Console sessions auto-terminate when idle—background processes remain uninterrupted.
      Advanced SSH Config

    • Core System Updates

      • Kernel: Updated to v5.10.206
      • OS: Upgraded to Bullseye v11.8
      • OpenSSL: Advanced to v3.0
      • td-agent: Updated to v4.5.0

    Protectors

    Application Protector – Java

    • REST-based KMS Callback Support
      DevOps callback mechanism now integrates with REST-based KMS services in Protegrity containerized setups for secure DEK decryption.

    Application Protector – Python

    • Performance Enhancement
      Optimized for faster execution across single and limited bulk operations.

    • Signed Package Integrity
      All distributed packages are now digitally signed by Protegrity to ensure safe and verified installations.

    • Enhanced Security Posture
      JWT-based form authentication enables flexible token and credential handling for certificate access.

    • ESA Load Reduction
      RPP and RpSync components now regulate interaction frequency with ESA, reducing infrastructure strain.

    • Inventory and Status Insights
      Improved logging and dashboard visibility via ESA to track protector state—even when idle.

    • Resilient Package Agent (RP Agent)
      A dedicated sync component for secure policy downloads via TLS; replaces older policy retrieval mechanisms.
      Architecture Guide

    • New config.ini Configuration Support
      Introduces flexible protector configuration via file located in install path.
      Configuration File Details

    • DevOps-Friendly Deployment Option
      Supports immutable policy delivery via REST API—no RP Agent required.
      DevOps Deployment Guide

    Big Data Protector – CDP-PVC-Base (Release Highlights v10.0)

    Architecture & Security Enhancements

    • Resilient Architecture: Protection halts and memory is cleared if RP Agent fails—ensuring controlled shutdown.
    • Resilient Package Agent: Replaces PEP server; securely syncs updated policies over TLS.
      Architecture Overview
    • Patch Signing: All packages now digitally signed for installation integrity.
    • Form-Based Authentication: JWT-based access mechanism supports token and credential inputs.

    Configuration & Operational Improvements

    • New config.ini File: Enables parameter customization at /opt/cloudera/parcels/PTY_BDP/bdp/data/.
      Config Guide
    • Helper Scripts:
    • Semantic Versioning: Adopted from v10.0.0 for consistent release tracking.

    Monitoring & ESA Interaction Optimization

    • Status Dashboard: Tracks protector health—even when idle—using ESA log signals.
    • ESA Load Management: Gen 3 improvements using RPP and RpSync to reduce traffic strain.

    API & Data Format Enhancements

    • Charset Support:
      • Introduced for MapReduce and Spark byte array APIs.
      • Added to HBase operations (Put, Get, Scan).

    Enhancements & Cleanups

    • Unified pepspark.jar: Single binary for Spark2 and Spark3 support.
    • Spark Plugin Removal: Legacy plugin parameters deprecated.
    • Fluent Bit Parcel Renamed: PTY_FLUENTBIT_CONFPTY_LOGFORWARDER_CONF
    • Expanded CheckAccess() Permissions: Added Protect, Unprotect, Reprotect.
    • Removed Auxiliary APIs: Cleaned out unused functions like flushAudits(), pty_GetKey_Id(), etc.
    • Data Element Deprecation: Retired legacy formats like HMAC-SHA1, 3DES, Unicode tokens, and old date formats.
    • New getversionextended() API: Returns full build version string for audit and diagnostics.

    Data Warehouse Protector – Teradata (Release Highlights v10.0)

    Security & Architecture Enhancements

    • Multi-node Protector Architecture
      New design improves efficiency, regularly detects policy changes, and syncs updates over encrypted channels—reducing ESA load.
      Architecture Overview

    • Form-Based Authentication with JWT
      Replaces legacy BasicAuth; supports flexible token-based credential handling via RP Agent.
      Installation Guide

    • Patch Signing Validation
      Teradata packages are now cryptographically signed to ensure trusted delivery.
      Signature Verification

    Functional & Data Type Support

    • Small Integer UDFs Added
      Supports data types up to 2 bytes in Teradata-based user-defined functions.
      UDF Support Reference

    • HMAC-SHA256 Support Introduced
      Improves encryption standards, replacing deprecated HMAC-SHA1.

    • Inventory Visibility via Insights
      Enhanced tracking of protector status and operational metrics for improved monitoring.