Verify Privilege Server Suite 2022 Release Notes

About this Release

The IBM Security Verify Privilege Server Suite (previously called Centrify Infrastructure Services, or Centrify Zero Trust Privilege Services) is an integrated family of directory-based authentication, privileged access, privileged elevation, audit & monitoring solutions that secure your cross-platform environment and strengthen regulatory compliance initiatives.

Verify Privilege Server Suite includes the following components:

  • Authentication Service secures your platforms using the same authentication and

    Group Policy services deployed for your Windows environment.

  • Privilege Elevation Service centrally manages and enforces role-based entitlements

    for fine-grained control of user access and privileges on UNIX, Linux, and Windows systems.

  • Audit & Monitoring Service delivers auditing, logging, and real-time monitoring of user

    activity on your Windows, UNIX, and Linux system.

This integrated solution helps you improve IT efficiency, strengthen regulatory compliance initiatives, and centrally secure your heterogeneous computing environment.

This release notes cover information specifically about Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service.

Verify Privilege Server Suite and its component services have been changed to use the new IBM Security name and logo.

For more information about Delinea, see Delinea Announcement

Delinea software is protected by U.S. Patents 7,591,005; 8,024,360; 8,321,523; 9,015,103; 9,112,846; 9,197,670; 9,378,391 and 9,442,962. (Ref: CS-44575)

Media

This release usually includes packages for Windows, UNIX, and Linux operating system environments.

The files for this release are organized onto two media, each available in ISO and zip form:

Verify Privilege Server Suite for 64-bit Windows

  • main folder

    This is the main folder containing information pertinent to this release.

    • The readme.txt file provides a summary of where to find files in a plain text format.
    • Copyright.txt and Acknowledgements.txt provide copyright information and legal notices for third party and open-source software used in IBM Security Verify Privilege Server Suite.
    • IBM Security-end-user-license-agreement.txt provides the text of the license agreement displayed during installation.
  • autorun.inf controls the autorun program, autorun.exe, on Windows computers.

The following are sub-folders that are organized to provide you access to different software components in the IBM Security Verify Privilege Server Suite.

  • Agent folder

    This folder contains the installer packages for installing Verify Privilege Server Suite Agent for Windows on Windows computers.

  • Common folder

    This folder contains the installer packages for common components necessary for all IBM Security products on Windows computers.

  • DirectAudit folder

    This folder contains the installer packages for IBM Security Audit & Monitoring Service on Windows computers.

  • DirectManage folder

    This folder contains the installer packages for IBM Security Authentication Service and IBM Security Privilege Elevation Service on Windows computers.

  • LicensingService Folder

    This folder contains the installer packages for IBM Security Licensing Service utilities on Windows computers.

  • Resources Folder

    This folder contains resources for internal use for the media. It can be safely ignored.

Verify Privilege Server Suite Agents for UNIX/Linux

This image contains a zipped bundle of files for Verify Privilege Server Suite agent on each supported UNIX, or Linux platform and an adcheck utility for each supported platform.

You may find the appropriate bundle for an OS platform based on the following table:

Bundle Name Applicable OS Platforms in Specified Architecture
delinea-server-suite-<release number>-aix7.1-ppc.tgz IBM AIX, IBM VIOS
delinea-server-suite-<release number>-cos-x86_64.tgz Flatcar, RHCOS
delinea-server-suite-<release number>-deb9-arm64.tgz Ubuntu
delinea-server-suite-<release number>-deb9-ppc64el.tgz Ubuntu
delinea-server-suite-<release number>-deb9-x86_64.tgz Debian, Ubuntu
delinea-server-suite-<release number>-hp11.31-ia64.tgz HPUX
delinea-server-suite-<release number>-hp11.31-pa.tgz HPUX
delinea-directcontrol-<release number>-mac10.15.tgz MAC (Intel, Apple Silicon)
delinea-server-suite-<release number>-rhel6-ppc64.tgz RHEL
delinea-server-suite-<release number>-rhel6-x86_64.tgz Amazon Linux, CentOS, Fedora, Oracle Linux, RHEL, AlmaLinux, Rocky Linux
delinea-server-suite-<release number>-rhel7-aarch64.tgz Amazon Linux, CentOS, Oracle Linux, RHEL
delinea-server-suite-<release number>-rhel7-ppc64le.tgz RHEL
delinea-server-suite-<release number>-sol10-sparc.tgz Oracle Solaris
delinea-server-suite-<release number>-sol10-x86.tgz Oracle Solaris
delinea-server-suite-<release number>-sol11-i386.tgz Oracle Solaris (IPS package)
delinea-server-suite-<release number>-sol11-sparc.tgz Oracle Solaris (IPS package)
delinea-server-suite-<release number>-suse12-aarch64.tgz SUSE
delinea-server-suite-<release number>-suse12-ppc64le.tgz SUSE
delinea-server-suite-<release number>-suse12-x86_64.tgz SUSE

Notes:

  • The OS version number specified in the bundle name indicates the minimum OS version that it supports.
  • You should also choose the appropriate bundle for the specific architecture as indicated in

    the bundle name.

  • Inside each bundle, it contains packages of associated products supported on that platform.

    The naming convention follows the above bundle names except that the prefix of a package reflects

    the product it serves. The following are the possible package prefixes and the corresponding

    product names:

Package Prefix Product Name
CentrifyDA IBM Security DirectAudit package
CentrifyDC IBM Security DirectControl package
CentrifyDC-cifsidmap IBM Security for CIFS ID mapping package
CentrifyDC-curl Required component of IBM Security DirectControl package
CentrifyDC-ldapproxy IBM Security OpenLDAP Proxy package
CentrifyDC-nis IBM Security Network Information Service and IBM Security NIS Server package
CentrifyDC-openldap Required component of IBM Security DirectControl package
CentrifyDC-openssh IBM Security OpenSSH package
CentrifyDC-openssl Required component of IBM Security DirectControl package
  • Before installation, please review the Upgrade and Compatibility Guide and run the adcheck

    utility to make sure the environment is ready, especially if you are using native package

    manager to install.

Support Statement

Go to Supported Versions.

Supported Platforms

Newly Added Supported Platforms

Support is added for the following operating system platforms in this release:

  • AlmaLinux 8.5
  • Flatcar
  • Red Hat Enterprise Linux CoreOS (RHCOS)
  • Rocky Linux 8.5

Supported UNIX/Linux Platforms

Supported Platforms CPU Express DirectControl DirectAudit Remark
AlmaLinux 8.5 x86_64 Yes Yes Yes
Alpine Linux 3.13, 3.14 X86_64 No Yes Yes
Amazon Linux 2 LTS aarch64 No Yes Yes
Amazon Linux 2 LTS x86_64 No Yes Yes
CentOS 7.4-7.9, 8.0-8.5 aarch64 No Yes Yes
CentOS 6.0-6.10, 7.0-7.9, 8.0-8.5 x86_64 Yes Yes Yes
Debian 9.0-9.13, 10.0-10.11, 11 x86_64 Yes Yes Yes
Flatcar x86_64 No Yes Yes
HP-UX 11.31 (Trusted and Untrusted) Itanium No Yes Yes
HP-UX 11.31 (Trusted and Untrusted) PA-RISC No Yes Yes
IBM AIX 7.1 TL1+, 7.2 ppc No Yes Yes Note 4
IBM Virtual I/O Server 3.x ppc No Yes Yes
MacOS 11, 12 Apple Silicon No Yes No Note 3
MacOS 10.15, 11, 12 x86_64 No Yes No Note 3
Oracle Linux 7.4-7.9, 8.0-8.5 aarch64 No Yes Yes
Oracle Linux 6.0-6.10, 7.0-7.9, 8.0-8.5 x86_64 Yes Yes Yes
Oracle Solaris 10 u8+, 11.0-11.4 SPARC No Yes Yes Note 2
Oracle Solaris 10 u8+, 11.0-11.4 x86_64 No Yes Yes Note 2
Red Hat Enterprise Linux 7.4-7.9, 8.0-8.5 aarch64 No Yes Yes
Red Hat Enterprise Linux 6.0-6.10, 7.0-7.9 ppc64 Yes Yes Yes
Red Hat Enterprise Linux 7.1-7.9, 8.0-8.5 ppc64le Yes Yes Yes
Red Hat Enterprise Linux 8.0 S390 No Yes No
Red Hat Enterprise Linux 6.0-6.10, 7.0-7.9, 8.0-8.5 x86_64 Yes Yes Yes
Red Hat Enterprise Linux CoreOS (RHCOS) x86_64 Yes Yes Yes Note 1
Red Hat Fedora Linux 34, 35 x86_64 Yes Yes Yes
Rocky Linux 8.5 x86_64 Yes Yes Yes
SUSE Enterprise Linux 12 SP3+, 15 aarch64 No Yes Yes
SUSE Enterprise Linux 12 SP3+, 15 ppc64le Yes Yes Yes
SUSE Enterprise Linux 12 SP4 S390 No Yes Yes
SUSE Enterprise Linux 12 SP3+, 15 x86_64 Yes Yes Yes
Ubuntu Linux 18.04, 20.4, 21.04, 21.10 arm64 No Yes Yes
Ubuntu Linux 18.04, 20.4, 21.04, 21.10 ppc64el Yes Yes Yes
Ubuntu Linux 18.04, 20.4, 21.04, 21.10 x86_64 Yes Yes Yes

Note 1: Please refer to the Planning and Deployment Guide for features supported on this platform.

Note 2: Starting with Release 2020, we require the OS patch level update 8 or above on Solaris 10.

Note 3: IBM Security OpenSSH is not supported on this platform.

Note 4: Starting with Release 2021.1, we require the TL1 or above on AIX 7.1.

Additional Information

You should follow the OS vendors' recommendation to update the necessary patches. Here are the minimum patch requirements for the specific UNIX platforms (Ref: CS-45562):

  1. HPUX 11.31

    1. PHNE_40225 - Cumulative Console and BSD Pty Patch (it is required for DirectAudit package)
  2. Solaris 10 x86_64

    1. 119255-66
    2. 127128-11
    3. 141445-09
    4. 142910-17
  3. Solaris 10 SPARC

    1. 119254-66
    2. 120011-14
    3. 127127-11
    4. 142909-17

Supported Windows Platforms

The following 64-bit Windows platforms are supported on IBM Security Verify Privilege Server Suite (Ref: CS-49379):

  • Windows 10 LTSB/LTSC (Note 1)
  • Windows 11 LTSB/LTSC
  • Windows Server 2012
  • Windows Server 2012R2
  • Windows Server 2016
  • Windows Server 2019 LTSC
  • Windows Server 2022 LTSC
  • Windows Server 2012 Core (Note 2)
  • Windows Server 2012 Minimum Server Interface (Note 2)
  • Windows Server 2012R2 Core (Note 2)
  • Windows Server 2012R2 Minimum Server Interface (Note 2)

Note:

  1. We support Windows 10 Long Term Servicing Channel (LTSC), or previously called Long Term Servicing Branch (LTSB), editions based on Microsoft's lifecycle factsheet https://docs.microsoft.com/en-us/lifecycle/faq/windows andhttps://docs.microsoft.com/en-us/windows/release-health/release-information

  2. Only the Privilege Elevation Service component of Verify Privilege Server Suite Agent for Windows supports these platforms (Core and Minimum Server Interface)

  3. Support for all 32-bit Windows platform was terminated in 2015 (Verify Privilege Server Suite 2015.1)

    Also note that Verify Privilege Server Suite require specific versions of .NET to work. Please refer to the following table for the requirement (Ref: CS-49381):

Release Release Date Minimum .NET Version Installation Media Version
Verify Privilege Server Suite 2022 April 2022 4.8 --*
Verify Privilege Server Suite 2021.1 December 2021 4.8 --*
Verify Privilege Server Suite 2021 July 2021 4.8 --*
Infrastructure Services 2020.1 December 2020 4.6.2 --*
Infrastructure Services 2020 September 2020 4.6.2 --*
Infrastructure Services 19.9 December 2019 4.6.2 --*
Infrastructure Services 19.6 August 2019 4.6.2 --*
Infrastructure Services 18.11 December 2018 4.6.2 4.6.2
Infrastructure Services 18.8 August 2018 4.6.2 4.6.2
Infrastructure Services 2018 April 2018 4.6.2 4.6.2
Infrastructure Services 2017.3 December 2017 4.5.2 4.5.2
Infrastructure Services 2017.2 September 2017 4.5.2 4.5.2
Verify Privilege Server Suite 2017.1 May 2017 4.5 4.5.2
Verify Privilege Server Suite 2017 February 2017 4.5 4.5.2
Verify Privilege Server Suite 2016.1 May 2016 4.5 4.5.2
Verify Privilege Server Suite 2016 December 2016 4.5 4.5.2

Note: We no longer bundle .NET in our installation media any more starting Release 19.6. (Ref: CS-47940)

Notice of Termination of Support

This is the last release to support the following operating system platforms:

  • Ubuntu 21.04, 21.10
  • Fedora 34

Security Advisories

IBM Security has established product security policies documented in this web page. You may also find the details of all the published security advisories there.

For component specific security fixes in this release, you may find them in the corresponding component release-notes.html files. Please refer to Section 7 for a description of individual release notes.

Verify Privilege Server Suite Product Component Version Table

See Component Version Table.

Release Notes for Verify Privilege Server Suite Components

Download Center

You can get all the supported releases from the download center in IBM Security support web site.

  • All the ISO, ZIP, and TGZ files are associated with the MD5 checksum.
  • All RPM and DEB packages as well as YUM and APT repositories are also protected by the

    GPG signature. You can find the GPG public key in the download center.

Bugs Fixed

Component specific bug fixes in this release can be found in the corresponding component release notes files. Please refer to Release Notes for Verify Privilege Server Suite Components for a description of individual release notes.

Known Issues

Component specific known issues/limitations can be found in the corresponding component release notes files. Please refer to Release Notes for Verify Privilege Server Suite Components for a description of individual release notes.

For the most up to date list of known issues, please login to the Customer Support Portal at https://www.delinea.com/support and refer to Knowledge Base articles for any known issues with the release.

Additional Information and Support

In addition to the documentation provided with this package, you can find the answers to common questions and information about any general or platform-specific known limitations as well as tips and suggestions from the IBM Security Knowledge Base.

The IBM Security Resources web site provides access to a wide range of information including analyst report, best practice brief, case study, datasheet, ebook, white papers, etc., that may help you optimize your use of IBM Security products. For more information, see the IBM Security Resources web site.

You can also contact IBM Security Support directly with your questions through the IBM Security Web site, by email, or by telephone. To contact IBM Security Support or to get help with installing or using this software, send email to support@delinea.com or call 1-202-991-0540. For information about purchasing or evaluating IBM Security products, send email to info@delinea.com.