VSA 10: Version 10.5 release notes

IMPORTANT  This release will update the Remote Control module. All active Remote Control sessions will be disconnected during the deployment process. Once disconnected, you will need to manually reestablish your sessions.

Key feature enhancements

Remote Control profile settings

Several new Remote Desktop settings are available in the Device Configuration policy type Remote Desktop Profile. These settings introduce some new remote control behavior and allow for more granular controls over the remote session and the technician's and end user’s experiences. 

  1. Allow end users to confirm new Remote Desktop sessions and either accept or reject them (disabled by default).
  2. Enable end-user notifications for starting and ending Remote Desktop sessions (enabled by default). These notifications are new and operate separately from the existing pop-up dialog.
  3. Control the behavior of the existing Remote Desktop pop-up dialog, allowing technicians to enable or disable the entire dialog and to optionally hide session information and the end user’s ability to disconnect the session.
  4. Enable automatic desktop locking when Remote Desktop sessions end.

NOTE  This feature is not supported when more than one Remote Desktop session is actively established with a given Agent.

Local IP information for agents

This release introduces auditing of local IP information for all active network interfaces. Supporting both IPv4 and IPv6, information is made available in the device card, the Advanced Search page, and the universal search bar.

This data is audited as System Fields, which means the data is updated much more frequently than standard audit data. System Fields are updated much closer to real time.

Device card

  • A new Local IP addresses entry has been added to the device card overview section and will display the name of the network interface along with the IP address. If multiple entries are found, the entry will provide the number of additional entries.
  • When hovering over the entry, a tooltip will display all interface names and their associated IP addresses.
  • By clicking the entry, more details will be available for each network interface including data such as Subnet Mask, Default Gateway, DHCP Enabled (yes /no), and DNS Servers.

Advanced Search

  • The new Local IP address field has been added as a new column on the Advanced Search page and functions like the device card with hover-over tooltip information.

  • The field is also available for filtering.

Universal quick search

  • IP addresses have been added to the universal search bar as searchable criteria to make it easier to quickly find devices based on IP information when working throughout the product.

Discover and manage Datto Networking devices

The Datto Networking Integration with VSA 10 allows you to see and manage your endpoints and network infrastructure side by side.

When an issue that starts from the endpoint requires troubleshooting and interfacing with the network, you can seamlessly view information about the infrastructure device of interest. If you need to act, you can issue a set of quick actions directly from your VSA 10 dashboard. Or, for more advanced configuration, jump straight into your Datto Network Manager dashboard for that device. 

Supported devices:

  • Access Points (also contains information about connected devices) 
  • Switches (also contain information about connected devices) 
  • Routers 
    • Not including DNA devices
  • Managed Power 

Discover Datto networks and retrieve detailed asset information from the Datto switches, routers, access points, and managed power devices.

Complete the following steps to access and use the new integration:

  1. Log in to the VSA 10 web application.
  2. From the left navigation menu, navigate to Integrations > Datto Networking > Portals.
  3. Click Create Portal.
  4. Create an Active portal.

  5. From the left navigation menu, navigate to Networks.
  6. Select a network.
  7. Map the network to the correct organization.

  8. Navigate to Devices. You can filter devices by different parameters.

    9. NOTE  Enroll Datto Networking devices to unlock management functions that can be performed directly in VSA 10 to enable support technicians to resolve client networking issues faster. Enrolling a Datto Network device will consume an Endpoint license.

  9. Hover over a device. Click Enroll Device > Choose Agent Group.

  10. Retrieve detailed asset information.

  11. Execute commands like remotely resetting an access point or resetting a switch port.

  12. Use contextual deep links to access the management dashboards of Datto Networks and its devices.  
  13. The integration enables more effective troubleshooting and reduces the number of clicks (time) and context-switching from a single panel.

Advanced reporting

Additional granularity

Granularity was added to the dataset level, allowing filtering reports by Organization, Site, Group, Device name, and other parameters.

NOTE  This change may require manual updating of reports previously created by users.

New dataset “Rmm - Internal IPs”

The new datset Rmm - Internal IPs extends the Local IP Information for Agents feature. It allows customers to use information like local IP and DNS address in advanced reporting.

New report templates

New templates were added:

  • Network Devices
  • Remote control sessions
  • Tabular assets list with custom fields
  • Patch Policies 
  • Patch Schedules

The release includes improvements in increasing data sets' performance.

Deprecated reports

Several templates are marked as - deprecated and will be removed in future releases.

Please use:

  • “Windows Missing Patches” instead of “Windows Pending Critical & Important Patches.”
  • “Operating Systems Versions” instead of “Linux OS versions - deprecated” and “Mac OS versions - deprecated.”
  • ” CPU models” instead of “Servers CPU models - deprecated.”
  • “Devices with a low amount of RAM” instead of “Servers with a low amount of RAM – deprecated."

API v3 enhancements and additional endpoints

Continuing in our API expansion effort, several changes and improvements have been made for this release.

API v3 documentation is available from each instance at <yourserverURL>/API. 

NOTE  To access API v3, you must first create a third-party token.

API v3 changes

  • Devices 
    • The previous Systems API endpoints and URL references have been renamed to Devices.

    • Device data now includes information about custom fields.

API v3: New endpoints

  • Devices
    • Get Device Custom Fields: This new endpoint returns custom field information for a given device.
  • Organizations
    • Get All Organizations: Returns a list of organizations.
    • Get a Specific Organization: Returns the organization details.
    • Get Organization Custom Fields: Returns the organization custom fields.
  • Sites
    • Get All Sites: Returns a list of sites.
    • Get a Specific Site: Returns the site details.
    • Get Site Custom Fields: Returns the site custom fields.
  • Groups
    • Get All Groups: Returns a list of groups.
    • Get a Specific Group: Returns the group details.
    • Get Group Custom Fields: Returns the group custom fields.
    • Get a Group Package: Returns the name and download URL for the group install package.
  • Notification Webhooks: Using notification Webhooks allows third parties to subscribe to certain device notifications. Notification Webhooks are directly associated with the API token used to create them. If an API token is revoked, any notification Webhooks associated with it will cease to function.
    • Get All Notification Webhooks: Returns a list of notification Webhooks.
    • Get a Specific Notification Webhook: Returns the notification Webhook details.
    • Create a Notification Webhook: Creates a notification Webhook.
    • Update a Notification Webhook: Updates a notification Webhook.
    • Re-generate a Notification Webhook: Regenerates a notification Webhook secret key.
    • Delete a Specific Notification Webhook: Deletes a specific notification Webhook.

Mobile application

New fields have been added to the Computer Information to indicate if a device is managed by MDM or by an Agent.

Patch policy dashboard widgets

We introduced new widgets for better patching visibility.

Patch status

The Patch Status widget divides devices into two categories: fully patched devices and devices with missing critical or important updates. Hidden updates are not considered.

The Patch Policy Compliance widget assesses device patching status based on approved patches via global and Patch policy OS rules.

To easily view the patching schedule, the widget also displays the upcoming deployment and reboot schedules.

MSRC-based patching rules

With this release, it is possible to build patching rules automation based on the Microsoft Security Classification (MSRC). It means that the Security updates category has expanded into five categories:

  • Security updates – Critical
  • Security updates – Important 
  • Security updates – Moderate
  • Security updates – Low
  • Security updates – Unspecified

Patching rules actions rename

To make patching automation more predictable, we renamed global rules and OS rules actions.

  • Approve and Install wasn’t changed.
  • Don't install and Hide was renamed to Reject and Hide.
  • Don't install was renamed to Skip and Review.

Silent Agent deployment

With this release, the VSA Agent will be silently installed during the MDM enrollment of the macOS computer. Additionally, we added an explicit command to proceed with this silent installation from the device card.

MDM commands on the device card

With this release, we have added a dedicated section for MDM commands on the device card of MDM-enrolled macOS computers. This is in addition to the Agent-based commands.

Networks

Enhanced the Topology Map to expose additional NMAP scan data points in the device pane:

  • The NIC vendor is now displayed alongside the MAC address.
  • Device Type

NOTE  This is based on NMAP classification and does not automatically populate the device type in VSA, which uses different classifications.

  • OS Match

When enrolling a discovered device from the Topology Map, a warning will be displayed if the MAC address matches one or more existing enrolled devices.

Other enhancements

Agent enhancements

  • The BSD Agent is now supported on 64-bit ARM architecture.
  • macOS Agents now support automatic version updates.

NOTE  Each existing macOS Agent will need to be updated to the latest version before automatic updates will work.

  • Linux, BSD, and macOS Agents are now included in search results when using the universal search bar.

Remote Control enhancements

  • This release includes several performance improvements for Remote Desktop sessions.
    • The product will attempt to detect low bandwidth connections and automatically adjust connection parameters such as framerate, quality, wallpaper, and animations for better usability.
    • The Remote Desktop Relay algorithm has been updated to optimize the selection of Relay Servers. 

Ransomware Detection

  • Updated Ransomware Detection engine to version 1.2.1. This includes enhanced detection for new strains of ransomware, changed behaviors, and various other improvements to the speed and accuracy of detections.

Automation

New deviceless context for workflow automation

We are now introducing the deviceless context for ad hoc and scheduled workflows, executing strictly from the VSA 10 server, without the need for any specific scope, organization, or device. This is our first step in expanding the automation capabilities beyond just being device-centric, targeting any external cloud services.

The current list of supported deviceless workflow actions is:

  • Conditions
  • End Workflow
  • Send Email
  • API Call (new in 10.5)
  • Workflow Log

NOTE  Only custom fields variables can be exposed in the deviceless actions.

Introducing the API call workflow action 

API call executes strictly from the server and can be used in any of the contexts, including the new deviceless context above. API calls can be used to send a custom payload to URLs, commonly called Webhook endpoints. In this first version, the authentication must be embedded as part of the URL and all the available variables can be used in the payload, making it extremely customizable to execute automation such as:

  • Azure Runbooks to pause/resume a virtual machine.
  • Send custom Teams or Slack messages.
  • Update a CMDB database with newly discovered devices.
  • Alert a third-party service desk or monitoring system with detailed trigger information.

The API call workflow action contains three fields and one toggle:

  • The web URL with embedded authentication hosting the Webhook endpoint. Once the URL is added and the workflow is saved, the field will be masked.
  • Content type allowing to specify the payload format:
    • Application/XML
    • Text/XML
    • Application/JSO
    • Application/X-WWW-FORM-URLENCODED
    • Text/HTML
  • Payload content complete with variable support.
  • Timeout API call after X seconds. The default value is 3 with a maximum of 10 seconds. 

Clone workflows

You can now clone any existing workflow, making it easy and fast to use existing workflow as preferred templates and best practices or when you just want to make minor changes to existing ones, keep the original. 

Advanced workflow search and filtering

The ability to search and filter has been added to make it easy to navigate a growing list of workflows. Search for name and description. Filter by scope, trigger type, last executed, and last changed, among others. You can also expand the column list to make it easy to sort any list of workflows to your specific needs.

Windows environment variables support workflow actions

It’s now possible to refer to Windows environment variables in workflow actions where a path is required. Common variables like %windir% and %appdata% can be used in the following workflow actions:

  • Write File
  • Delete File
  • Unzip File
  • Get URL
  • Get Device Value, Filesystem
  • Get Device Value, Constant Value
  • Execute Shell Command
  • Execute PowerShell Command

Bug fixes and improvements

  • Fixed an issue in automation workflows where Create PSA Ticket and Update PSA Ticket were not enabled for BMS / Vorex.
  • Enhanced the deployment reliability of the patch management engine.
  • Fixed an issue with the KaseyaOne Integration for on-premise servers.
  • Fixes an issue where a patching report would fail in certain cases if the Include pending OS patches option is selected in the template.
  • Fixes an issue with the Patch policy unassignment for Windows Server 2016.
  • Fixed an issue where Audit Log entries were generated with <unknown> user.
  • Fixes an issue with the Bitdefender Integration not showing the correct installation status.
  • Fixes an issue when setting up system-level exceptions that might produce unexpected results.
  • Additional 30 minor fixes and improvements.