We are pleased to announce the release of SafeNet Data Protection On Demand v.1.8 (DPoD). This release highlights our ongoing efforts to simplify the onboarding process and provisioning of customers, especially for service providers such as MSPs and MSSPs.  Taking advantage of the market opportunity DPoD brings, MSPs, MSSPs and resellers can leverage existing offerings such as Microsoft, Oracle or CyberArk to bundle together a strong security offering for customers.

Simplified Service Provider-branded Automation of Onboarding Process

In the latest SafeNet Data Protection On Demand (DPoD) release, DPoD version 1.8, the Service Provider (SP) Administrator has the option to generate a dedicated and branded onboarding process to facilitate online registrations for their Enterprise customer Tenant Administrators. The onboarding process is accessible over a unique URL, dedicated to each SP organization, and is provided by the DPoD service with no development by the Service Provider (SP) required. 

Service Provider onboarding process

The SP onboarding process now allows enterprises to self-register their organization with the SP’s DPoD instance – ensuring automatic alignment of purchasing, support and billing processes:

• SPs have a dedicated customer onboarding process
• SPs can display their logo in the header section the onboarding process pages to make the experience more consistent with their branding
• SP can display their name in the Enterprise Tenant registration page
• SPs can link the onboarding forms into their online marketing initiatives and service catalogs
• Onboarding self-serve process eliminates the need for manual allocation of customer accounts to SPs and assures alignment with current and future automation capabilities

Service Provisioning Automation

Simplified and automated HSM On Demand service provisioning process to further reduce technical complexity and deployment times.

During the deployment of a new service instance, following subscription to a service tile, the user (Applications Owner) is guided through a series of simple steps to name the service, select the service options, provision the HSM client, set up the service instance roles and initialize the service.

• A simple and intuitive workflow enables a streamlined and automated process, with easy-to-understand steps that help to complete the service instance creation.
  • Empowers less crypto-savvy users (Application Owners) to deploy HSM On Demand services reducing support burdens on Tenant administrators and/or their service providers
• The Application Owner moves seamlessly between DPoD  and client-side environments in a guided workflow
  • The consistency provided by the guided workflow standardizes service deployments and reduces the potential for human errors – minimizing on-going support issues, reducing project timelines  and increasing customer acceptance

The new streamlined process currently works with integrations running on Windows environments – other environments will be supported in future DPoD releases.   

Getting Started

If you haven’t already, sign up now and direct your partners and customers to the SafeNet Data Protection On Demand website for more information and especially to sign up now for a free evaluation.

We are pleased to inform you that SafeNet Authentication Service Agent for Oracle Access Manager (OAM) 1.2 is now available. 

This updated version includes the following enhancements:

• Solaris support
• TLS 1.2 support

Installation and configuration instructions, along with the agent itself, can be downloaded from the Gemalto Customer Portal KB0018550

We are pleased to announce the release of Push OTP with the latest release of SafeNet Authentication Service PCE/SPE 3.9.1. This release introduces easy and user-friendly Push authentication to SAS PCE/SPE customers.

The Push feature is supported with MobilePASS+ on iOS, Android and Windows 10 desktop and mobile platforms. The following SafeNet authentication agents namely NPS Agent, Windows Logon Agent, Token Validator Proxy Agent, AD FS Agent and FreeRADIUS Agent, will also support push with SAS PCE/SPE.

SafeNet Authentication Service PCE/SPE 3.9.1 is now generally available for download from the Gemalto Service Portal KB0018565

As part of our ongoing product communication, below is an End-of-Sale reminder for SafeNet Authentication Manager OTP License.

 Effective as of 30 May, 2019, Gemalto will discontinue selling SafeNet Authentication Manager for OTP use cases. We will continue to sell SafeNet Authentication Manager with certificate‐based tokens for existing customers.

See below the affected products:
• SafeNet Authentication Manager OTP tokens 
• SafeNet Authentication Manager maintenance contracts for OTP tokens
• SafeNet Authenticator Manager licenses sold only with OTP tokens

 The detailed End-of-Sale Announcement can be downloaded HERE

We are pleased to inform you that SafeNet Authentication Service Agent for Active Directory Federation Service (AD FS) 2.30.0 now available.

This updated version features TLS 1.2 support.

Installation and configuration instructions, along with the agent itself, can be downloaded from the Gemalto Customer Portal KB0018564

Featuring FMs, support for Ed25519ph algorithm and partition utilization metrics

We are pleased to announce that SafeNet Luna HSM 7.4 is now available. This field update for SafeNet Luna Network and PCIe HSM 7 features Functionality Modules (FMs), and also includes support for the Ed25519ph algorithm and partition utilization metrics/counters.

Functionality Modules (FMs)

What is an FM?

• Offers application developers a unique level of flexibility to extend native HSM functionality
• Enables development and deployment of custom code within the secure confines of the HSM

Functionality Module Definitions

• Pre-FM:
  • SafeNet Luna HSMs manufactured before December 2018
  • Part numbers ending with -001 & -002 (Example: 908-000363-001)
• FM-ready:
  • SafeNet Luna HSM 7.2 manufactured starting in December 2018
  • Part numbers ending with -003 (Example: 908-000363-003) or higher
• FM-enabled:
  • SafeNet Luna FM-Ready HSMs with the FM Policy enabled
  • Part numbers ending with -003 (Example: 908-000363-003) or higher
  • Purchase and apply FM license (FM is a licensed capability)
  • FM policy enabled

In order to run FMs, the following items are required:

1. FM-ready hardware with the part number format “908-xxxxxx-003” or higher.
2. FM license:
   • 908-000394-001 – FM license field upgrade for SafeNet Luna Network HSM 7
   • 908-000404-001 – FM license field upgrade for SafeNet Luna PCIe HSM 7
3. SafeNet Luna HSM appliance, firmware and client software upgraded to version 7.4

Support for the Ed25519ph Algorithm

• Used in Secure Manufacturing

Partition Utilization Metrics/Counters

• Customers who update their appliance software to version 7.4 will automatically receive partition utilization metrics/counters via the REST API.

Software Download

• Software downloads are available on the Customer Support Portal.

Available Documentation – Download Links

Questions?

Contact your Gemalto Representative for additional information.

We are pleased to announce the release of ProtectFile Windows 8.10.10, which includes support for encryption of file server clusters. 

New features:

• Support for encryption of data stored on clusters of Windows clients
• New improved registration mechanism to replace the existing bootstrap process
• Changes in installation of files: The bootstrap utility (bootstrapk170v.exe) and bootstrap configuration (bootstrapconfig.toml) files included in the previous releases are replaced with the clientreg.exe (client registration utility) file. This utility is used to register (formerly known as bootstrapping) ProtectFile clients with the k170v.
• Migration of KeySecure Classic configuration for ProtectFile clients and network shares to KeySecure k170v

For download and customer release notes, please visit our Gemalto Customer Support Portal  (Document PN: 007-000240-002, Rev A).

We are pleased to announce the release of ProtectFile Linux 8.10.10, which includes Support for Oracle Cluster File System 2 (OCFS2)

New features: SafeNet ProtectFile 8.10.10 offers new features and enhancements including:

• Support for Oracle Cluster File System 2 (OCFS2)
• Dynamic Mounting Support for Exported SAN Disks
• Restricted Substitute User Access
• Support for RHEL 6.10
• Improved SafeNet ProtectFile Installation
• Changes in Installation Files
• New improved registration mechanism to replace the existing bootstrap process
• Migration of KeySecure Classic configuration for ProtectFile clients and network shares to KeySecure k170v

For download and customer release notes, please visit our Gemalto Customer Support Portal (Document PN: 007-000238-002, Rev A).

We are pleased to inform you that Pluggable Authentication Module (PAM) 1.0.0 Agent for SafeNet Authentication Service is now available.

This new release features the following:

• First agent to support the pluggable PAM module for Linux
• Standard token support including GridSure and Push OTP
• Agent Interface Security improvements with faster encryption method
• Support for specific Linux distributions (RHEL, Ubuntu and CentOS)

Installation and configuration instructions, along with the agent itself, can be downloaded from the Gemalto Customer Portal KB0018580

Gemalto is pleased to announce the official release of SafeNet Virtual KeySecure k170v version 1.6.1.

New in this release:

SafeNet ProtectV Manager Now Available in the k170v GUI (Beta Version):
In version 1.6.1, SafeNet ProtectV Manager and the k170v have converged into a simplified solution that enables customers to access SafeNet ProtectV Manager directly from the new k170v GUI. Integrating SafeNet ProtectV Manager directly into the k170v offers multiple benefits for both existing and new ProtectV customers including:

– Ease of Use and Deployment: Customers now have one less piece of infrastructure to manage – everything can be accessed and managed via a new and improved single user interface
– Monitoring Tools: Customers can leverage their existing alarms and syslog functionalities created in KeySecure and monitor them in one centralized location, eliminating the need build the same feature in both KeySecure and ProtectV
– HSM root of Trust for ProtectV: Benefit from the existing k170v integrations, which support master key storage in HSMs including cloud-based options such as such as Amazon Web Services CloudHSM, SafeNet Data Protection on Demand (HSM on Demand Services), or SafeNet Luna HSM, a hardware appliance option that is deployed on-premises in a range of models and configurations

SafeNet ProtectV manager is also supported via the k170v’s CLI and API Developer Playground in addition to the GUI. It’s important for existing ProtectV customers to note that this converged solution is still in BETA and should only be deployed in a non-prod environment at this time. A full migration plan for existing customers will be available in the k170v 1.7.0 release.

Physical Appliance Installation ISO: An ISO Image is available for existing SafeNet KeySecure customers to upgrade their k450 or k460 physical appliance with the k170v 1.6.1 firmware. Customers are encouraged to install the new image on non-production k450 and k460 appliances and test existing use cases.

Multi Network Interface Controller (NIC) Support: Multiple NIC’s can be configured for Physical and Private Cloud images using the kscfg utility. (Note: kscfg can only be used to configure interfaces on a Physical Appliance or in a Private Cloud, VMware xSphere, HyperV, etc. It cannot configure interfaces in public clouds, AWS, Azure, etc.)

Backup Encryption Changes: With release 1.6.1, backups are encrypted when they are created, rather than when they are downloaded. This is more secure, and simplifies management of backups.

Backups and Backup Keys Retention: Backups and Backup Keys are retained, even if a system is reset.

GUI Backup Support: Backups and Backup Keys can be managed via the Management Console

Local Audit Log Disable: Logging Audit records to local store (database) can be disabled via the CLI and the API – audit logs are still forwarded to syslog. Clusters that support a large number of transactions should be configured with local audit logging disabled. This significantly reduces cluster wide traffic and disk usage. This is a cluster wide setting and needs to be set on only one node in the cluster. Use the ksctl ‘properties’ command to disable audit logging.

New API Playground (BETA):
A new API playground is included with improved formatting and performance. This is a BETA feature and in addition to the existing one.

Key States support: Key States support is added over

Multiport Support for NAE Server: Multiple instances of NAE Server can be instantiated on different ports and network interfaces.

For a full list of other administrative improvements in this release, please see the customer release notes, available on the Gemalto Customer Support Portal (Document Part Number: 007-000249-002).

As part of our ongoing product communication, below is an End-of-Life reminder for
IDGo 800 Middleware.

Effective as of June 30, 2019, IDGo 800 Middleware will be End-of-Life (EOL), for details please see the End-of-Life announcement.

Gemalto has been working to improve SafeNet ProtectFile by adding new features and functionality. To continue improving file encryption capabilities and adhere to Gemalto software life cycle policy we are announcing end-of- support (“EoS”) for older versions of SafeNet ProtectFile. Please see the milestone descriptions and timelines, as well as products affected by this announcement and recommended migration paths in the tables below.

Table 1: EoS Milestone Impact/Definition

Table 2:  Product Versions and Corresponding EoS Milestone Deadlines

Customers are recommended to upgrade to below or higher version of SafeNet ProtectFile in order to continue using the latest and supported SafeNet ProtectFile releases:

Using KeySecure k170v

• SafeNet ProtectFile Windows 8.10.10
• SafeNet ProtectFile Linux 8.10.10

Using KeySecure Classic

• SafeNet ProtectFile Windows 8.10.1
• SafeNet ProtectFile Linux 8.10.0
• SafeNet ProtectFile Linux 8.9.0

Questions?

Please contact your Gemalto Sales Representative or see the Gemalto Client Services page for more information (log-in required).

We are excited to announce the newest release in the SafeNet IDCore portfolio – SafeNet IDCore 3140/140 that benefits from the latest release of Java Card technology standards.

SafeNet IDCore 3140 is the dual interface version and SafeNet IDCore 140 is the contact version.

These smart cards are CC EAL5+ / PP Java Card certified. SafeNet IDCore 3140/140 offer the latest in cryptographic security combined with compliance to international standards.

For more information please refer to SafeNet IDCore Web page

We are pleased to inform you that RD Gateway Agent v2.0.0  is now available. 

This release brings the following features and enhancements:

• Browser independent implementation using PUSH token with RDGateway agent acting as a standalone solution.
• Fully featured new management console to configure the agent
• Enhanced security and TLS 1.2 support

Installation and configuration instructions, along with the agent itself, can be downloaded from the Gemalto Customer Portal KB0018753.

We are pleased to announce that the SafeNet MobilePASS+ app for Windows v 1.5.2 is now available.

This release brings the following features:

• Biometric PIN support using Windows Hello: To provide improved user experience and ability to authenticate with bio sensor (fingerprint and face)
• Improved accessibility narrator support

Download SafeNet MobilePASS+ app for Windows v 1.5.2 from  Windows Store,

or  from Customer Support Portal: EXE File KB0018741, APPX Bundle KB0018740

We would like to announce the release of SafeNet Authentication Client (SAC) versions 10.7 for Windows and SafeNet Minidriver 10.7.

 These two versions resolve known issues and include the following features:

 SafeNet Authentication Client 10.7 for Windows

 SafeNet IDPrime Virtual smart card support

• SAC events presented within MS event viewer to provide enhanced monitoring capabilities for administrators

SafeNet Minidriver 10.7

• SafeNet IDPrime Virtual smart card support

Both versions are now available for download from the Gemalto Support Portal :

SafeNet Authentication Client 10.7 for Windows: KB0018779

SafeNet Minidriver 10.7 : KB0018780

Gemalto is very pleased to announce the release of ProtectToolkit 5.8. This release, compatible with all ProtectServer 2 models, provides the following new features and enhancements:

Appliance Software Image Update to Version 5.8.0

With this release, Gemalto provides Protect Server appliance software version 5.8.0 as a secure package update. This update is available for all ProtectServer Network HSMs with PSESH (version 5.2 and newer). For detailed instructions for applying the update, refer to the SafeNet ProtectToolkit 5.8 documentation.

Network Interface Bonding

SafeNet ProtectToolkit release 5.8 allows you to bond the two network interfaces on SafeNet ProtectServer Network HSM or Network HSM Plus into a single virtual device, improving bandwidth and providing redundancy and load balancing of operations.

Quick KSP Setup on Windows

The PTK5.8 client installation now includes the command line tool kspcmd, which provides a scriptable method of configuring ProtectServer tokens with KSP.

Windows 10 Support

The PTK 5.8 client is now supported on Windows 10 operating systems.

UEFI Secure Boot Support in Windows 10 and CentOS 7

With this release, ProtectServer drivers are now compatible with UEFI Secure Boot. For CentOS 7, refer to the documentation for the driver signing procedure. No additional actions are required on Windows 10.

Please go to the Gemalto Support Portal**to download the release notes – details as follows:

• Release notes – Knowledge Base Article KB0018677
• PTK 5.8 Software (PTK-C;PTK-J;PTK-M) – Doc ID: KB0018680/ DOW0003553
• PTK 5.8 Documentation – Doc ID: KB0018678/ DOW0003551
• ProtectServer External appliance upgrade  – Doc ID: KB0018681/ DOW0003554

**Log in required.  Contact CustomerPortalSupport@Gemalto.com for assistance.

StorageSecure End-of-Sale

As announced on 29 January 2016, this is a reminder that  30 April 2019 is the beginning of Good Faith Support for the SafeNet StorageSecure product line, which includes the S220 and S280 appliances, and the StorageSecure Key Manager (SSKM).

As an integral part of our strategic vision to provide world class data protection products, we have elected to focus our efforts on our core competencies, and on meeting the demands of our customers. We remain dedicated to ensuring that our customers’ data is secure, wherever it resides, and to supporting their needs throughout the data and product lifecycles.

Table 1 describes the end-of-life milestones, definitions, and dates for the affected products. Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, Gemalto will continue to provide support in accordance with the contract terms through the current contract end date (no additional renewals), even if this date exceeds the last date of support shown in the following table.

Table 1: End of Life Milestones and Dates for StorageSecure S220 and S280 Appliances, and SSKM

*Unless a customer’s current contract end date exceeds 30 January 2020, in which case support will continue in accordance with the terms of the agreement through the current contract end date (no additional renewals).

Affected Part Numbers

Following is a list of StorageSecure and SSKM part numbers affected by this announcement. 

Table 2: Product Part Numbers Affected by this Announcement

Migration Path/Alternative Products

SafeNet StorageSecure customers are encouraged to migrate to SafeNet ProtectFile, which offers more granular encryption controls and end-to-end encryption protection. In cases where SafeNet ProtectFile does not meet the specific use case, we recommend using either SafeNet ProtectV or NetApp Storage Encryption (NSE).

For additional information, click here  to view the FAQ.

For migration information, customers can visit the Gemalto support portal for DOC ID=DOW0001406 (log in required).

If you have any questions, please contact your regional sales manager. 

We are pleased to announce the release of SafeNet MobilePASS+ for iOS V1.7 and SafeNet MobilePASS+ for Android V1.7

These new releases features the following:

 SafeNet MobilePASS+ for iOS V1.7

• Improved user experience during token enrollment process: Additional screens and instructions were added to ensure a smooth token enrollment.
• Increased PIN security

Download: iTunes

SafeNet MobilePASS+ for Android V1.7

• Improved user experience during token enrollment process: Additional screens and instructions were added to ensure a smooth token enrollment.
• Increased PIN security

Download: Google Play

Note for both versions: Existing Touch ID and Face ID users will need to enter their PIN for their first approval request, or other access to their tokens, after updating to this latest version. Once their PIN has been entered correctly Touch ID or Face ID will function as normal.

As part of our ongoing product update cycle, and in order to maintain the latest Common Criteria certification, we will be ending sale of several certificate-based authentication products. These products will be replaced by products which are based on Thales’s newest 940 smart card platform, which offers the latest CC certification.

The products include:

• IDCore 10
• IDCore 40
• IDCore 3010A & 3010B
• SafeNet IDPrime MD 840 & 840B
• SafeNet IDPrime MD 3840 & 3840B
• CC version of SafeNet eToken 5110+ based on IDPrime MD 840

End-of-Sale Key Dates: IDCore 10, IDCore 40, SafeNet IDPrime MD 840 & 840B, SafeNet IDPrime MD 3840 & 3840B and CC version of SafeNet eToken 5110+ based on IDPrime MD 840

End-of-Sale Key Dates: IDCore 3010A & 3010B

For replacement products and additional details please refer to the End-of-Sale announcement

Note :
The above mentioned products are being replaced in order to renew the French ANSSI qualification and to extend the eIDAS certification to both eSignature and eSeal applications