|
|
|
Reflection for Secure IT Windows Server 7.0 Service Pack 1 (SP1): Fixes and Features
Technical Note 2375
Last Reviewed 22-Oct-2008
Applies To
Reflection for Secure IT Windows Server version 7.0
Summary
Technical Note 2375
Last Reviewed 22-Oct-2008
Applies To
Reflection for Secure IT Windows Server version 7.0
Summary
Reflection for Secure IT Windows Server 7.0 Service Pack 1 (SP1) is available for maintained customers. This technical note provides information about how to obtain your service pack and a list of features included in SP1.
Note: This content is also available in Japanese at http://docs.attachmate.com/reflection/rsit-ssh/7.0SP1/WinServer/ja/RSITWS7_0_SP1_jpn.pdf.
Before you apply the service pack, note the following:
- This document references a Reflection service pack. Service packs are available to licensed Attachmate customers with current maintenance plans for these products. For information about logins and accessing the Download Library, see Technical Note 0200.
- The service pack for Windows server version 7.0 SP1 is a full product installation and does not require 7.0 to be installed.
- For a list of features and fixes originally included in Reflection for Secure IT Windows Server 7.0, see Technical Note 2273.
This note is organized into the following sections:
Obtaining Service Packs or Updates
New Features and Fixes in Reflection for Secure IT 7.0 SP1 (7.0.505)
Resolved Issues in 7.0 SP1 Update (7.0.517)
New Features and Fixes in Reflection for Secure IT 7.0 SP1 (7.0.505)
New Features in 7.0 SP1
Security Updates in 7.0 SP1
Resolved Issues in 7.0 SP1
Supported Platforms in 7.0 SP1
Installing the 7.0 SP1 Update (7.0.517)Security Updates in 7.0 SP1
Resolved Issues in 7.0 SP1
Supported Platforms in 7.0 SP1
Resolved Issues in 7.0 SP1 Update (7.0.517)
Obtaining Service Packs or Updates
Maintained customers are eligible to download the latest product releases, service packs, and updates from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/. For more information about logging into and using the Download Library, see Technical Note 0200.
Installing the Service Pack
The service pack for Reflection for Secure IT Windows Server version 7.0 SP1 is a full product installation and does not require 7.0 to be installed.
If you are upgrading an existing copy of Reflection for Secure IT version 7.0, note the following:
- We recommend that you back up your server configuration file before upgrading. This may be useful if you want to revert to an earlier version at some point in the future.
- After applying the service pack, you need to restart Windows to complete the installation.
New Features and Fixes in Reflection for Secure IT 7.0 SP1 (7.0.505)
The following new features, security updates, and resolved issues are included in the Reflection for Secure IT Windows Server version 7.0 Service Pack 1.
New Features in 7.0 SP1
- New platform support:
- Windows Server 2008 x86
- Windows Server 2008 x86-64
For additional information about platform support in Reflection for Secure IT, see Technical Note 1944.
- Configure user and group access control. Use the new Group Access Control and User Access Control panes.
- Configure group and user subconfigurations. Use the new Group Configuration and User Configuration panes.
- Specify directory paths that include the user’s Windows home directory. Use the variable %H.
- Configure the user’s command shell login folder. Use the new Terminal default directory setting.
- Specify a domain account that can be used to query Windows Active Directory for user attributes and group membership. This feature enables public key authentication for domain users without using password caching. Use the new Domain Access pane.
- The server can now read OpenSSH public keys and use an OpenSSH-style authorization file for public key authentication.
- Full compliance with Section 508 accessibility standards.
Security Updates in 7.0 SP1
- Fixes for security vulnerability issues found by 3rd party analysis.
For more information about security updates and Reflection for Secure IT, see Technical Note 2288.
Resolved Issues in 7.0 SP1
- Improved terminal emulation support.
- Public key authentication for domain users no longer fails intermittently.
- Remote tunnels from OpenSSH v4.3 clients can now be established.
- Memory management issues have been resolved.
- Periodic failures that displayed the error "The system function CreateNamedPipe() failed with the following error: Windows error 122" no longer occur with sftp.
- sftp connections that use public key authentication no longer cause an EXCEPTION_ACCESS_VIOLATION.
- Migration of an empty Sftp-home parameter no longer causes the following validation error: [ERROR] 'UserLoginDirectory=%D' is invalid. UserLoginDirectory must be an SFTP accessible directory.
- Migration of SFTP-accessible directories now correctly handles paths that include a \ (slash) at the end of physical path.
- OpenSSH 3.6 p2 clients can now connect to the server.
- Transfer of files containing Japanese characters is now handled correctly.
Supported Platforms in 7.0 SP1
For information about platform support in Reflection for Secure IT, see Technical Note 1944.
Installing the 7.0 SP1 Update (7.0.517)
Before you apply the 7.0 SP1 Update (7.0.517), you must have Reflection for Secure IT Windows 7.0 SP1 server already installed.
- We recommend that you back up your server configuration file before you update the installed copy of the product. This may be useful if you want to revert to an earlier version at some point in the future.
- Download and install the update.
- After applying the update, you need to restart Windows to complete the installation.
Resolved Issues in 7.0 SP1 Update (7.0.517)
The following new features and resolved issues are included in the Reflection for Secure IT Windows Server version 7.0 SP1 Update (7.0.517).
- The "Use only FIPS-140 certified cryptography algorithms" setting now properly initializes the Attachmate Crypto Module. This initialization ensures full compliance with the security policy described at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#766. Note: This initialization change is not required to enforce the use of FIPS-approved encryption, hashing, and random number generation algorithms. These are all correctly enforced in all shipping versions of this product. The update ensures that the cryptographic module runs self-test routines and enforces minimum public key sizes.
- The keyword "key" in the authorization file (used to configure public key authentication) is no longer case-sensitive.
- The %H pattern string (used to specify a user home folder when configuring SFTP file transfer directories) now supports folders that are defined using UNC paths.
