browse
On Monday April 8, 2019, Cisco Umbrella will release version 1.3.8 of the Active Directory Connector (the Windows Service component) to the stage track.
On Thursday April 11 2019, Cisco Umbrella will release version 1.3.8 of the Active Directory Connector (the Windows Service component) to the first wave of the production track.
On Tuesday April 16 2019, Cisco Umbrella will release version 1.3.8 of the Active Directory Connector (the Windows Service component) to the second and third wave of the production track.
On Monday April 22 2019, Cisco Umbrella will release version 1.3.8 of the Active Directory Connector (the Windows Service component) to the final wave of the production track.
In accordance with Cisco policy, a list of open source software modules used in the VA is attached to these release notes. It contains licenses and notices for open source software used in this product.
CHANGE SUMMARY (1.3.4 to 1.3.8)
- Enhancements for faster synchronization of AD changes to Umbrella
- Support for assignment of a connector to specific Domain Controllers in the Umbrella site, enabling multiple connectors to balance the load from multiple Domain Controllers in the site. Note: This assignment of connectors to specific Domain Controllers needs to be explicitly requested by raising a Support ticket.
CHANGE SUMMARY (1.3 to 1.3.8)
- Enhancements to send user-IP mappings in parallel to virtual appliances in same Umbrella site, resulting in reduced delays in identity attribution. These are turned off by default and can be enabled by raising a Support ticket.
- Support for specifying AD groups as Service Account Exceptions on the Umbrella dashboard. If you have multiple Service Accounts, you can add them to a single AD group and specify this group as an Exception on the Service Account Exceptions page on the dashboard. All login events from members of this group will be ignored by the Connector.
- Fix for issue where WMI error on Domain Controller was causing Connector to stop syncing to Umbrella.
- Fix for issue where AD users belonging to AD groups or OUs with name containing special characters such as '/' were not getting synced to Umbrella.
- Fix for exception thrown by connector when FIPS security is turned on at the host.
- Enhancements for faster synchronization of AD changes to Umbrella
- Support for assignment of a connector to specific Domain Controllers in the Umbrella site, enabling multiple connectors to balance the load from multiple Domain Controllers in the site. Note: This assignment of connectors to specific Domain Controllers needs to be explicitly requested by raising a Support ticket.
Note: The enhancements to send user-IP mappings in parallel to Virtual Appliances for faster identity attribution can be enabled by raising a Support ticket. These enhancements will be applied only if the Connector has sufficient CPU and memory resources. Refer to the connector sizing guide below to ensure that your connector meets the prerequisites to apply these enhancements.
Number of VAs + Number of Domain Controllers | Minimum specs required for connector |
0 - 10 | 1 CPU, 512 MB RAM |
10 - 20 | 2 CPU, 1 GB RAM |
... | multiples thereafter |
In the table above, each Domain Controller is assumed to process a maximum of 800 AD events/second. If any of your Domain Controllers are processing more events, make sure to increment the number of Domain Controllers accordingly to derive the Connector specs. For example, if you have a Domain Controller that processes around 1000 AD events/second at peak load, count that as 2 Domain Controllers for the sizing table above.
It is recommended to set up a dedicated connector for each Domain Controller that is individually processing more than 2000 AD events/second. You can deploy the connector and then raise a Support ticket to assign this connector to the specific Domain Controller. Note that in this case, an Umbrella Site may have multiple AD Connectors, each of which will be sending events to all Virtual Appliances in that site.