What is new in version 2.9.0?
This is an overview of the features and changes added in the latest version of Nerve. For an extensive list of all changes, refer to the release notes. or more details on each feature or change, follow the links after the feature descriptions.
Added Multi Factor Authentication on the Management System
The Management System now supports Multi Factor Authentication for user logins. The Management system uses a Time-Based One-Time Password (TOTP) which is compatible with common MFA apps such as Google Authenticator. Migration is optional but not reversible. The MFA login feature can be disabled by administrators for selected users. Those users do not have to use MFA at at login.
For more details please see here.
Account synchronization from Managements System to Node
Login with Management System credentials will be possible on all connected nodes. Accounts once used to log in will be cached for offline login (while disconnected from MS). Default admin account on Node will be disabled after onboarding to a Management system and login in with an admin account. Node login and node viewer are defined access rights that can be assigned to users. Only those users can login on nodes with their credentials.
Audit Logs
Implementation for audit logs and events according to IEC 62443 4-2 is an ongoing process. The Nerve 2.9. release includes all remaining Management System Events e.g. Role and User changes, Labels changes, Node reboot, network status, Node updates and many more.
For more details please see here.
Nerve DNA - Feature extensions
- Workloads are deployed in the order as specified in the DNA File. This ensures deterministic and intuitive workflow of workloads deployment.
- User can specify by a API parameter if the existing WLs on the Node are restarted or not after configuration process was finished.
- New initial state introduced : DNA file not yet applied. Recognize in the Management System which nodes have a configuration drift and which nodes have not been configured with DNA so far.
For more details please see here.
Usability improvements
- The Node details view keeps the search prompt when returning from the workload detail view.
- The Node name is visible inside the deployment log.
- Option to enforce approval of all remote connections before being establishment on the Nodes UI. Details here.
- Remotely change of the Management System the Nodes is onboarded to. New Secure ID is displayed on Nodes UI before the connection to the previous MS is lost. Details here.
Secure Off boarding
After offboarding a Node from a Managements system, all configuration and user relevant information are automatically removed for that Node as a direct action resulting from offboarding.
For more details please see here.
Deprecated v1 API for endpoints and workloads
The v1 API functions for endpoints and workloads that were deprecated has now been removed.