BES 5.1 Technical Release Notes Major Features - New Navigation Bar – A navigation bar has been added to make it easier to move around the BES Console. This will allow BES Console operators to easily move around the BES Console with fewer clicks. - New Search Functionality – By popular request from customers, a new search functionality was added to allow you to search Fixlet messages, actions, computers, and more. This should greatly ease the process of finding specific computers and Fixlet messages. - Fixlet messages can now be "globally hidden" – Another popular customer request was to allow for BES Administrators to hide Fixlet messages for all users (in previous versions of BES, you could only hide Fixlets on the local BES Console). This feature gives BES Administrators greater control over what the operators can and cannot deploy. - Ability to add "Comments" directly in BES – You can now add comments to Fixlet messages, tasks, actions, and computers. These comments can be used in several ways. For instance, comments can be used to communicate between BES Console operators, such as "This patch caused an issue with our custom application" or add additional information about assets, such as "This is the CIO's computer". These comments are searchable. - New Grouping Capability – The BES Console now supports direct grouping of computers in the UI. This grouping is available in addition to the "label" functionality in previous versions of BES. Optimizations BES Console - Re-worked database schema to avoid locks. - Reduced work per refresh to avoid "pauses". - Optimized scrolling through the lists. - Optimized action propagation. - Reduced the delay after you click "Take Action" button and before the "Take Action Dialog" appears. BES Client - The BES Client will ignore Fixlets/Actions completely if they can't be relevant. - Report when a change occurs immediately instead of waiting for loop. - Changed disk flushing behavior to be more efficient during downloads. BES Relay - Relays gather differences instead of full sites, which should significantly reduce the bandwidth required per relay per propagation. BES Server - New differencing algorithm during propagation should allow more efficient gathers by the BES Clients and BES Relays. - Server now can download files simultaneously rather than one at a time. Changes / Bug Fixes BES Client - Switched to InstallShield 10.5, hopefully clearing up a number of installer issues. - Fixed a bug where if a property is not found, the BES Client would report continuously (every 15 seconds). - We now serialize full report pending for recovery across restarts to avoid issues of losing data during a restart. - "archive now" command (part of the upload manager) fixed to return success properly. - Improved identification of local subnet in previously ambiguous situations. - Implemented 'uptime of operating system' inspector, which is intended to deprecate 'boot time of operating system'. Boot time would roll over after 49.7 days. Uptime does not roll over but may not count time spent in hibernation. - Client skips the internet connection test when gathering. - BES Client can now be localized. - "Postpone" dialog now doesn't allow you to post-pone to values after the countdown - BES Clients now wait 1 minute after a gather failure instead of 3 minutes (then 5 min, then 30 min). Before the BES Client would wait 3 minutes after the first failure. This should make BES Clients appear slightly more responsive. - The log files now contain more errors in specific situations. - The BES Client will send up full reports if it detects a problem that might cause the BES Server to be out of sync. - The BES Client will now gather the actionsite first instead of last. This will help with intermittently connected BES Clients/BES Relays. - Added the ability to ignore certain pending restart entries. - Added a new "Failover" relay that will be chosen if the BES Client cannot find a close relay. - Randomize the ping order in autoselection, which should lead to better relay distribution. - Updated Inspector: ICF firewall inspectors - New Inspector: XML inspectors - New Inspector: file line inspector - New Inspector: wake-on-lan enabled inspector - BES Client now gathers obeying throttling settings. - BES Client now runs at normal priority instead of low priority to prevent starvation from other processes. - Added client setting to control the maximum number of days that the client keeps logs for: "_BESClient_Log_Days". Default of 10, max of 366. - You can now change a setting for the "ForceRestart" behavior to ignore the initial voluntary restart request. This is to address problems on Terminal server computers. - Client sends a report immediately after receiving a refresh ping. Then with gather, evaluate everything, then report again. - Added client support for remind intervals of 16 hours, 1 day, 2 days, 3 days, 4 days, and 5 days. - Fixed the "TakeAction" button on remind dialog (was incorectly labeled "Run Actions"). - BES Client can now has a "failover relay" if it cannot find an appropriate relay during autoselection (instead of randomly picking a relay). BES Console - BES Console now has a start time and end time. This will allow new behavior and reduce confusion. - Fix for action preset problems with duplicate names. - Custom fixlet/task dialog is now modeless. This will help switch between windows during custom Fixlet authoring. - Fix tree bug with ranged plural results. - Fixed problem where Edit Computer dialog misreports the primary/secondary BES Relays. - Changed console to allow stopping or restarting of actions from multiple users at once. Propagates to each affected action site. - Added a 'gather now' button in the console's manage site dialog. - Fixed a problem where dynamic settings were not reapplying. In 5.0, dynamic settings erroneously had a reapplication limit. - Fixed annoying problem that the enter key opens a background window in the Take Action Dialog. - Fixed problem where expiration date in target tab text doesn't update sometimes. - Fixed problem where refresh causes range nodes in tree to collapse. - Changed the RAM retrieved property to round to nearest 32 MB for values greater than 128 MB. - Added ability to make custom Fixlets with default actions. - Removed the 'edit ranges' menu in tree control, which had multiple problems. - 'Distance to BES Relay' retrieved property now displays '' if the client didn't get a ping response from the relay it chooses (instead of 255). - Fixed a problem where user can lose their work if propagation fails after creating a fixlet/task using a wizard. - The BES Relay list is now sorted by host to prevent needlessly update the Relays.dat file. - Changed the console so that no matter what case name a console user logs in with, it should use the case of the username in the database for the Issuer field. - Changed computers list in TAD to dynamically update. - Fixed case on __download in deployment wizard, which caused compatability problems on non-windows clients. - Fixed the wrong download percentage for downloads over 4/100 GB (~= 40 MB). BES Server - Relay/Server changed download cache to avoid redundant data being copied twice. This effectively removes the "action cache". - Added a new clustered indexes on the database tables ActionResults, QuestionResults, FixletResults. To maintain these indexes, a reindex is scheduled for once every 6 hours. Checks if the SQL Server Agent is running every time BESAdmin starts up and warns if it is not found. - BES Server no longer blocking on "PingRegistrationUrl" in the gather service which allows for faster action responses for deployments with lots of BES Relays. - Relay only forwards "DownloadAvailable" pings if it has the download available itself. If the download isn't available, but has been requested from the relay, it will reset the download retry timer. - Fixed problem with non-English characters showing up percent encoded in the BES Console. - Fixed problem where BES Server could only download at about ~100k/sec due to unnecessary flush calls. - Web Reports now keeps a disk cache to avoid having to re-sync whole database every time it gets restarted. - Web Reports can now show reports about unmanaged assets. - Created new reports in Web Reports for operator list report and single operator report. - Web Reports can now filter by active directory. - Web Reports now has new search features for tasks & analyses. - Created a duplicate password field when creating user to confirm the password. - New filter added to Web Reports for CVE and SANS (CVE numbers were added to the appropriate Fixlet sites). - Added checks to FillDB so that a full refresh will false any fixlet results that aren't included in the report. This will address the issue of Fixlets sometimes showing up as "Not Relevant" because the database and client because out of sync. - Changed PostResults behavior to add timeout to avoid files getting stuck in the bufferdir from improperly closed connections. - Fixed a bug that limited the total number of connections to the BES Server / BES Relay to be 1024 (regardless of the override setting). BES Relay - BES Relays can now have a max number of clients supported. - BES Relays fix a problem where a small office on a slow connection might not gather properly. - Some of the gathering internals were reworked to avoid potential issues. Other - Eval installer much more friendly and allows you to select Fixlet sites to eval. - Eval installer allows you to use DNS name. - Client Deployment tool switched to a "push" rather than "pull" mechanism which should increase reliability. - Client Deploy Tool now has a list displaying progress for each machine, with up to 100 parallel threads. - Client Deploy Tool can now deploy to a custom drive/location. - Client Deploy Tool can now go back to the computer list and deploy to more clients after completing a deployment, or in the middle of a deployment. - Client Deploy Tool fixed problem where computerlist would become unusable for more than 2000 computers, now sorting of status column is not refreshed during status updates unless you press F5 or click on a column heading. - Upgraded to OpenSSL 0.9.7e for improved security. - Moved to InstallShield 10.5 for all installers. This should reduce old InstallShield errors. - Installation Generator now comes with an MSI package for the client installer.