VSA 10: Version 10.8 release notes

Policy extensions now support the ability to explicitly target one or more existing devices, which is useful when policy changes are required on a device-by-device basis.

Policy extensions operate in one of two selected targeting modes:

• Dynamic Targeting: This is the default extension mode and is the current operating mode of extensions prior to changes within this release.

In this mode, direct assignment of this policy extension to specific devices is not available. The selections in the device targeting criteria will be used to dynamically assign this policy extension to any devices in the assigned context that also match the device targeting criteria. It is possible to further extend this policy extension.

• Explicit Targeting: This is a new mode that allows existing devices to be explicitly assigned to the extension.

In this mode, it is possible to explicitly assign this policy extension to devices that conform to the following logic:

• Devices that meet the device targeting criteria as inherited by this extension’s parent.

  EXAMPLE  If the parent of this extension is an extension that has device attributes selected as Windows Servers, then only devices that are Windows Servers will be available to be selected in this extension.
  

• Devices that are contained within the context as inherited by this extension’s parent.

EXAMPLE   If the context that has been inherited by this extension is Organization 1, then only the devices within Organization 1 will be available to be selected in this extension.

Refinement of device targeting criteria is not available in this mode.

It is not possible to further extend a policy extension operating in explicit targeting mode.

Explicit targeting extension validation errors

If an explicit targeting extension has been created and the context selections have been altered within a parent policy to something other than the organization, site, or group that contains the selected devices, or the context of the parent has been completely removed, the explicit targeting extension’s device selections will be cleared, and the extension will display a validation error in the user interface.

Remote Control sessions can now be recorded manually or automatically. This feature is available for Windows agents, and both shared and private sessions are supported.

The following product areas relate to this feature:

Device Configuration: Remote Desktop Profile

Enabling the feature for devices.

To use the feature, it must be enabled within a Device Configuration: Remote Desktop Profile for any device you wish to record sessions for.
This profile also includes an option to enforce recording for all remote desktop sessions. When enabled, any user connecting launching a supported Remote Control session will have the session automatically recorded.

Permissions for user-defined teams

Specific configurations for members of user-defined teams.

The following two new permissions have been added to user-defined teams to support this feature:

• Enforce recording for all remote desktop sessions: If selected, when a member of this team launches a supported Remote Control session, it will be automatically recorded.

• View remote desktop session recordings: If selected, members of the team will be allowed to view the newly introduced Recorded Sessions section within the device details pane.
  

Recording status control and indicator

Changes to the Remote Control application toolbar.

Once session recordings have been enabled for a device, for any supported Remote Control session, a new recording control will be available in the Remote Control application toolbar.

Location of saved recordings

Where and how recordings are stored.

Remote Control session recordings are saved locally on the target agent in the Program Files\VSA X\Recordings folder. Files are formatted using a date and time stamp, the agent ID, and the user who initiated the recording.

NOTE  A protection mechanism will ensure that recordings do not result in the total consumption of disk space on the local device. Recordings will not start if less than 10% of free disk space is available on the target agent. If a recording has started, and the target agent available disk space falls below 10%, the recording will immediately stop.

A new section has been added to the Remote Control section of the device details pane, named Recorded Sessions. This section will reference any recordings that are currently stored locally on the target agent in the related folder.

Audit Logs

Information about recordings for activity tracking. Each time a Remote Control session recording is started or stopped, a log entry is captured in the Audit Log within the Remote Control category for the target agent.

Upload screen recording to external cloud storage services

To accommodate the new screen recording feature, we now provide optional scripts to upload recordings to your own dedicated Azure Blob or Amazon Web Services S3 storage. Refer to Automation in these release notes to learn more.

It is now possible to connect to a target macOS agent with Remote Control when no user is logged in locally to the device.

NOTE  This feature will be enhanced in a subsequent release when we introduce support for Automatic Reconnect for macOS agents. Until then, although it is now possible to connect with Remote Control before a user is logged in locally, during the login process, the Remote Control session will be disconnected and will require manual reconnection.

With this release, we introduce patch policy notifications. Three notification types are available:

• Notification for new patches pending review.

• Notification upon error during operating system patching.

• Notification upon error during software patching.

To better align with the technician's workflow, the notification priority and schedule can be customized.

This release enhances the Patch Status page by adding the ability to filter the patch list and customize visible columns.

Additionally, the number of pending patches is now displayed next to each patch policy in the policies list.

Changes have been introduced in the 10.8 release to align with the terminology used across the IT Complete product suite. The changes are detailed as follows.

The Systems module has been renamed Devices to align with IT Complete terminology.

The Advanced Search page was renamed Device Management and is now the first item in the Devices module navigation.

The Manage page within the Networks module was renamed Site Maps and was relocated to the second item in the Devices module navigation.

The All Systems page was renamed Device List and is now the third item in the Devices module navigation.

The Networks module was permanently removed from the left navigation menu for the following reasons:

• The Overview page was deprecated as part of this release.
• The Manage page was renamed Site Maps and relocated to the Devices module.

The Create Network option on the Site Maps page has changed to Create Site Map:

The Edit Network option in the site map has changed to Edit Site Map.

The Delete Network option in the site map has changed to Delete Site Map.

This release introduces the ability to rename devices directly from the device details pane, including agents.

To take advantage of this feature, open the device details pane and click the Edit icon next to the device name.

This feature also includes an ability to reset to default, which will allow you to reapply the default name to the device after it has been renamed.

EXAMPLE  For mobile devices, the default name would be the serial number, and for agented devices, the default name would be the computer name.

The existing Monitoring: Storage Profile has been enhanced to support individual conditions for granular storage monitoring of Windows agents.

NOTE  Support for macOS, Linux, and BSD agents will be included in a subsequent release.

• Each individual Monitoring: Storage Profile supports a maximum of 20 conditions.
• When specifying a drive letter, acceptable formats are DriveLetter and DriveLetter:, which are case insensitive.

In VSA 10.7, we enhanced service monitoring for Windows agents to support the ability to trigger notifications when a monitored service is missing on an agented device and when a monitored service was in place but has been removed.

In this release, this feature has been extended to support Linux and BSD agents.

With this release, we have added a dedicated section for MDM commands on the system details of MDM-enrolled devices. This is in addition to the agent-based commands:

New datasets

• Rmm-Tags
  
• Rmm-Application Extended

New templates

• Tags
• Tags-Tabular
• Application Tabular
• Unsupported Windows OS (new version)
• Servers, Workstations, and Network devices per Organization.
• QR codes for Devices

New features

• Document binder: Users can now seamlessly view, export, and schedule collections of templates.
• Multi-Section RDL: Allows for the incorporation of sections within RDL reports.
  
  
  

This release includes new API endpoints and enhancements to existing endpoints to allow integrators and customers to programmatically drive automation. These enhancements include GET and POST methods and also include the ability to register webhooks during automation executions.

Automation scripts

• Get a Script (GET)
• Get All Scripts (GET)
• Run a Script (POST)
• Get Script Executions (GET)
• Get Script Execution Details (GET)

Automation tasks

• Get Script Executions (GET)
• Get Script Execution details (GET)
• Get a Task (GET)
• Get all Tasks (GET)
• Run a Task (POST) - enhanced
• Get Task Execution Scripts (GET)
• Get Task Execution Output (GET)

Automation workflows

• Get a Specific Workflow (GET)
• Get All Workflows (GET)
• Run a Workflow (GET)
• Get Workflow Executions (GET)
• Get Workflow Execution Details (GET)

New workflow templates

Discover the available and growing list of workflow templates by clicking Actions > Create from Template from the Workflows page.

New workflow templates

• Ad-Hoc/Scheduled: Run Disk Cleanup

• Low HDD Space: Disk Cleanup

• Ad-Hoc/Scheduled: Set Desktop Wallpaper

• Ad-Hoc/Scheduled: Ask User To Reboot YES/NO

• Ad-Hoc/Scheduled: Set Screenlock Policy To 5 Min

New script templates

To accommodate the new screen recording feature, we now provide optional scripts to upload recordings to your own dedicated Azure Blob or Amazon Web Services S3 storage. The templates require a subscription to the respective services.

New in the VSAX Starter Pack script folder:

• Upload Screen Recordings to Azure Blob Storage
• Upload Screen Recordings to AWS S3 Storage

NOTE  The script templates do not include any subscription to external cloud services. A individually owned subscription to the respective storage services is required.

We now support saving data objects containing double-byte characters. Prior to this release, double-byte characters would be replaced by ? when saved to the database.

To streamline the support process, we have added the ability to enable diagnostic logging on Windows agents remotely from the web application and collect them from the machine without interrupting the end user, as follows:

• Added a new option to the Configuration > Settings page called Enable agent diagnostic logging on device card.
  

• If enabled, Diagnostic Logging can be enabled on Windows systems for up to 72 hours from the device details pane. The Download Logs action will automatically package the logs and download them to the technician's computer.
  

NOTE  Diagnostic logging is resource intensive, and it can impact the performance of the target machine. It should only be enabled when recommended by a VSA Support representative. We plan to extend this functionality to macOS and Linux agents in future releases.