Portal
Forum
Devolutions Force
Hub Business
Hub Personal
Devolutions Send
Devolutions Academy
RDM
Workspace
Launcher
Welcome to the Devolutions Server 2024.2 release overview! This version introduces several powerful enhancements aimed at bolstering security and simplifying management. Key features include the ability to seal entries for emergency access, limit allowed entries with content-type vaults, and implement conditional access based on user tags. Dive into the details below to see how these enhancements can elevate your DVLS experience.
About Devolutions Server
Before going over all the new Devolutions Server (DVLS) features, here is a quick overview for newcomers and a refresher for our existing users.
Devolutions Server is our globally popular, full-featured, self-hosted password management platform with customizable Privileged Access Management (PAM) components. Easily implemented and rapidly deployed, it delivers the core features of a comprehensive and scalable PAM solution — but at a sensible and affordable price for SMBs.
In addition, Devolutions Server seamlessly integrates with our centralized remote connection management solution, Remote Desktop Manager. Once paired, Devolutions Server + Remote Desktop Manager establish a robust all-in-one privileged account and session management platform that supports over 150 tools and technologies. Request a live demo here.
What’s new in Devolutions Server: A deeper look
Let’s take a closer look at the new additions in DVLS 2024.2. If you want to see the full list of changes and features, read the latest release notes.
Sealing entries for “break-the-glass” emergencies
File backups are critical to any IT infrastructure, which is just as true for accounts. These account passwords are rarely rotated but hold high privileges. Designate these special accounts as “sealed” to display a confirmation message to any user attempting access with notifications sent to all administrators.
Supported in Devolutions Server and Remote Desktop Manager as of version 2024.2.
Limiting allowed entries with content type vaults
Not all vaults are equal and not all entry types belong in a vault. With content-type vaults, limit the allowed entry types to specific types. Choose between a default (all entry types allowed), secret, business, or credential vault.
Adding new security reports to stay informed
Knowing who has access to what is critical, and four new security reports make this even easier. Drill down with filters for permission sources, individual permissions, and authentication types. These new security reports help you find the information you need or schedule recurring reports to review regularly.
- Administrators
- System
- Devolutions Gateway
- Entry
- Vault
Limiting DVLS access conditionally based on user tags
Controlling access to DVLS prevents inadvertent mistakes and bad actors from gaining unauthorized access. Conditional access rules (found under Administration → Server settings) unlock powerful and flexible access control over your DVLS instance. Implement policies that deny external users access to DVLS outside business hours, with the new user tag support in conditional access policies. As a continuum of our prior release, the added functionality to user tags brings more functionality to this evolving feature!
Allowing direct recording playback in the DVLS web application
You have been able to access recordings from within Remote Desktop Manager, but for remotely saved recordings managed through Devolutions Server and Devolutions Gateway, there has yet to be a way to do so in the DVLS web application. With the new recordings tab for entries, you can access and download the recordings and play them directly in the DVLS web application!
The in-app recording playback requires the latest Devolutions Server release and at least Devolutions Gateway 2024.2.3.0.
Securing the RDM DVLS data source via a Microsoft Entra application proxy
There are many ways to secure external access to Devolutions Server. The Microsoft Entra application proxy offers a pre-authentication reverse proxy for remote access to internal network resources. With the new options for pre-authentication access, allow your RDM users to authenticate against the Microsoft Entra application first before accessing DVLS!
Enabling automatic password rotations with the infrastructure vault
The new infrastructure vault introduced in 2024.1 is the beginning of centrally managing your DVLS-specific accounts. With 2024.2, you can automatically rotate your management (application), IIS, and scheduler service SQL account passwords.
Launching VNC sessions (preview) with the DVLS web interface
The newest edition to web-launched sessions in DVLS is the old standby of VNC. With this addition, you can now launch RDP, PowerShell, SSH, Telnet, and even ARD sessions!
Authenticating Privileged Access Management AnyIdentity providers with linked PAM credentials
In the continued quest to remove hard-coded passwords, you may now use a linked PAM credential for the authentication credentials for PAM providers. You may even create multiple providers holding the linked credentials to ensure every provider has automatically-rotated credentials!
Adding better organization to PAM just-in-time elevation privilege sets
Until 2024.2, DVLS showed all available just-in-time elevation groups to all eligible PAM entries. Not all groups apply to all entries, and better organization and display of JIT elevation groups prevent confusion and the incorrect use of groups. Now, you may create sets of privileges assigned to entries to show what you want when you want it.
Displaying more descriptive names for just-in-time elevation groups
Included in the enhancements for JIT elevation group management is the option to add descriptive display names to groups. Help your users understand the group they request elevation with through better naming!
Implementing new DVLS API operations
In addition to the newly unveiled DVLS API in 2024.1, even more routes are added to help you further automate and integrate DVLS into your workflow!
- /api/v1/vault/{vaultId}/entry - GET list of entries from a specific vault
- /api/v1/vault/{vaultId}/entry/{id} - The additions of POST, PUT, and DELETE for a specific entry
- /api/v1/vault - GET list of vaults
- /api/vault/{vaultId}/entry - GET list of entries within a specific vault
Assign Gateway and PAM licenses per user
When adding a new or renewed Devolutions Gateway or Devolutions PAM license in Devolutions Server, you must assign the license to specific users up to the number of users included in your purchased license.
Important: If you were using the free side-by-side (same as the DVLS URL) Devolutions Gateway license, you must assign the license to individual users rather than a specific Gateway. This free license covers up to 5 users. You can find this license in the license management section, as well as all other product licenses.
Tell us what you think
We value your feedback! Many of the improvements in the Devolutions Server 2024.2 release are a direct result of user suggestions. Please continue to share your thoughts and experiences with us. The best way to provide feedback and request new features is through our forum, where you can engage with the entire community. You can also reach out to our support team or leave a comment below. We're here to listen and ensure that DVLS meets your needs.
