For the release of Devolutions Server 2023.3, we continued to focus on customer-requested improvements, new features, and many updates to the Devolutions Privileged Access Management (PAM) solution. In this article, learn how to launch SSH or Telnet sessions via the DVLS web interface, easily locate decommissioned users, or even temporarily elevate group access for Azure users with PAM! DVLS continues to improve and build on the core experience with a focus on security and productivity.
About Devolutions Server
Before we begin our visual tour, I’ll provide an overview of Devolutions Server (DVLS) for those who are new.
Devolutions Server is our globally popular, full-featured account and password management platform with customizable Privileged Access Management (PAM) components. It deploys rapidly, implements easily, and delivers the core features of a comprehensive and scalable PAM solution — but at a price that is sensible and affordable for SMBs.
In addition, Devolutions Server seamlessly integrates with our centralized remote connection management solution Remote Desktop Manager. Once paired, Devolutions Server + Remote Desktop Manager establish a robust all-in-one privileged account and session management platform that supports more than 150 tools and technologies. Request a free trial here.
What’s New in DVLS: A Deeper Look
Let’s take a closer look at the new additions in DVLS 2023.3. If you want to see the full and very long list of changes, please see the release notes.
Launch SSH & Telnet Sessions (Preview) from the DVLS Web Interface
In addition to RDP and PowerShell, launch SSH and Telnet sessions directly from the DVLS web interface! Once your connections are configured to connect through a Devolutions Gateway, you will see a new icon in DVLS to launch the web connection. For quick access, without launching a client, open a web session to solve a problem quickly.
Grant Temporary Access to View Passwords on Credentials
Support your team members by offering them the convenience of requesting temporary access to view passwords for credential entries whenever they need it the most. With specific access durations and required approvals, control entries while allowing the flexibility to respond to any scenario.
Keeping DVLS User Lists Up-to-Date with User Synchronization
Keep DVLS user lists clean and up-to-date through enhanced user management. Click the “synchronize users” button, and DVLS automatically detects missing users, showing options to remediate. Keep auditing and reporting accurate, while easing the onboarding and offboarding of users.
Keep Track of DVLS Users with Tags
Start organizing your external and privileged users through new user tags. Keep track of Vendors with the external tag, or note which user has higher privileges. Use the new user reports to filter and track what users are doing!
Greatly Expanded IT Asset Entry Types
Significantly expanding the selection of options for IT Assets stored within DVLS are the new entries available for assets such as Servers, Monitors, Desktop, NAS devices, and more!
Centralize Entries with the System Vault Available in the DVLS Web Interface
Centralize commonly used resources across vaults such as macros, VPNs, and contacts within the System Vault. Previously only accessible from RDM, System Vault entries can now be managed straight from the Devolutions Server web interface.
Share Tree View Settings Between RDM & DVLS
Keep your Tree View settings synchronized between RDM and DVLS. Within RDM account settings (Account Icon → Settings), choose to hide archived, disabled, and expired entries. These settings are now reflected within DVLS and modifiable through the User Interface screen (Account Icon → Settings → User Interface → Tree View).
Streamline Your Interface with DVLS User Interface Profiles
Like in RDM, streamline your user interface to your use case. With User Interface Profiles for the traditional IT Professional and Business user, remove clutter for Business users that don’t need access to remote connections or advanced properties but keep everything for the IT Professional.
Updated License Format
Starting with this release, there are updates to how DVLS (and RDM) licenses are validated and initially entered. This update affects new installations and newly entered licenses.
If your DVLS installation does not have internet access, upon first launch, a prompt will display, directing the user to Devolutions Portal to download a license file to download.
With this update, licenses are checked with Devolutions to be validated and protected from bad actors. For the vast majority of users, this change should be transparent!
For the more technically-minded, DVLS Console no longer supports entering the license key,
server-serial-key
, via the automated JSON configuration file. But PowerShell module improvements to assist in licenses will be coming soon!
PAM Updates & Improvements
Privileged accounts are often called the “keys to the kingdom,” as they provide the most access. Devolutions Privileged Account Management (PAM) aims to secure those accounts, protecting you and your organization. Check out just-in-time (JIT) least-privileged PAM accounts for elevated time-based access with automatic password rotations. Securely inject credentials through RDM integration into remote sessions (e.g., RDP, SSH, ARD) to reduce exposure without the user knowing the password.
This release has so many PAM updates that we needed an entire dedicated section!
PAM Check-out Approval Reviewer Assignment
Designate a reviewer to approve a pending PAM check-out request to eliminate redundancy.
PAM All Approvers Check-out Request Group
Ensure everyone sees your check-out request with the “All Approvers” option on the check-out request screen. Each approver will receive an email and see the pending request in the Devolutions Server web interface.
PAM Domain Account Provider through Devolutions Gateway
Keep a remote Active Directory domain controller off the internet and proxy LDAP via Devolutions Gateway to unlock PAM account management even in the most remote locations.
Temporary Just-in-Time (JIT) Group Elevation for Microsoft Entra ID (Azure Active Directory)
Adhering to the principle of least privilege is essential for security. Previously available only for on-premise Active Directory, JIT group elevation allows users elevated access through time-dependent group changes in Microsoft Entra ID (formerly Azure Active Directory).
Make sure you have Group write permission to your Entra ID (Azure Active Directory) App Registration for the Devolutions Server PAM Module to allow group changes.
PAM Usage Policies
Control when and where PAM entries can be used with PAM Usage Policies. For example, you can choose to only allow PAM Active Directory Dashboard Entries for use with RDM.
PAM Single Provider for Multiple Windows Local Accounts Hosts
Manage multiple Windows hosts with a single AnyIdentity Local Windows Account Provider. Take control of non-AD-managed Windows accounts through this flexible PAM Provider.
PAM Propagation on Folder & Vaults
Keep your external services, user tables, and more in sync with PAM Vault Propagation (Preview) PowerShell scripts. Previously only assignable to a specific entry, propagation policies can now be assigned to run at the end of a password change operation at the folder and vault level!
Modify DVLS Entries in Devolutions Workspace
Devolutions Workspace is getting even better with the addition of adding, editing, and removing Website, Folder, RDP, and Username/Password entries for Devolutions Server!
Even More Improvements
- Running as a Windows service, Devolutions Gateway may become outdated. A new PowerShell script automates the update process, making staying on top of updates easier. Download and install the script from GitHub, and keep your Gateway install automatically updated!
- Keeping audit logs from growing too large is essential for performance, but so is finding the right entry at the right time. With that in mind, archived entries are transparently included within your reports!
- Search across multiple Devolution Server vaults from Devolutions Workspace. Stop worrying about what vault to search!
- Within Vault Dashboards (not the System Dashboard), toggle widgets to show “if not empty,” to avoid displaying empty dashboard widgets.
- Enhance DVLS Activity Logs to now show all Users with the ability to filter those users within the report.
- Within the Devolutions Workspace mobile and desktop applications, a read-only Offline mode is now available by navigating to Settings → Offline.
- Windows Authentication is now available for the Devolutions Server web interface.