Fudo Enterprise 5.5 Documentation

Welcome!

The following are the enhancements and modifications introduced in version 5.5 of Fudo Enterprise:

• New Fudo Officer 2.0 mobile app, featuring Just In Time functionality, now available for both Android and iOS, ensuring faster and more efficient performance on the go.

• Added a new Session Viewer role, allowing users to view sessions but restricting access to other tabs and functions. Dashboard information for this role is also limited to session-related widgets like ‘New Sessions’, ‘Concurrent Sessions’, and ‘Suspicious Sessions’.

• Added new RDP functionality in the Safe configuration, allowing custom content to be added to the generated RDP file.

• Introduced a beta feature to set timeouts for both the Admin Panel and User Portal.

• All tabs systematically updated to the new GUI now offer comprehensive API coverage, meaning users can perform configuration, search, and filter tasks programmatically via the API. This enhancement streamlines workflows, increases efficiency, and allows for better integration with other systems and automation tools.

• Optimized the interface for easier and faster configuring, searching, and filtering across multiple tabs, including:

  • Accounts tab - refined display referring to the new interface style. The new clear filtering menu shows all possible filter options.

  • Safes tab - six new tabs helps to easier manage general Safe’s settings and functionality, but also assign Policies, Users, Accounts or permissions and notifications. New clear filtering menu shows all possible filters options.

  • Password Changers tab - refined display referring to the new interface style. The new clear filtering menu shows all possible filter options.

  • Policies tab - refined display referring to the new interface style.

  • Artificial Intelligence tab - refined display referring to the new interface style.

  • Authentication tab - three new rearranged subtabs containing:

    • External authentication methods like Active Directory, LDAP, Cerb and Radius.
    • OpenID Connect tab to configure support for identity providers like EntraID or Okta.
    • Global tab for OATH, SMS, DUO, SSO, and Kerberos configuration.

  • External Password Repositories tab - refined display referring to the new interface style.

    • Added the ability to obtain a server certificate when configuring an External Password Repository.

  • Resources tab - refined display referring to the new interface style.

  • Backups and Retention tab - refined display referring to the new interface style.

  • Events Log tab - easier to manage and improved filtering features.

    • Introduced functionality to sort logs by time, enhancing the previous date-based sorting capability.
    • You can quickly select one of the commonly used date range filters, like ‘Today’, ‘last 24 hours’, ‘This Week’, ‘last 1 hour’, ‘last 1 year’, etc.
    • Filters ‘From date’ and ‘To date’ are now always visible and accessible directly from the tab.
    • The new clear filtering menu shows all possible filter options.
    • Individual columns can now be toggled for visibility. The available columns are: ‘Timestamp’, ‘Log Level’, ‘Log Type’, ‘Message’, and ‘Node’.

• The default session recording type for new accounts has been changed from all to noraw. This means that Fudo Enterprise will now, by default, record session data in a non-raw format, allowing it to be played back using the built-in session player.

• Upgraded Access Gateway to Angular v.16 for improved performance and functionality.

• Now Users receive information about the reason for the rejected Access Request in mail notifications.

• PostgreSQL has been updated to version 16.2.

• Updated RDP file naming to reflect connection details. Files created in Access Gateway for native client RDP connections are now named appropriately.

• Implemented event logging for AI-detected threats.

Warning

DISCONTINUED FEATURES:

• Fudo Enterprise 5.5 no longer supports the Fudo Officer 1.0 mobile application. Users relying on this integration must hold off on upgrading to version 5.5 until the new version of the Fudo Officer app is released. The updated app will be available shortly in your respective app stores. Stay tuned for its release.
• Fudo Enterprise 5.5 no longer supports the Mobile Token authentication method used to bind the Fudo Officer mobile application to a User. You must unlink all Fudo Officer bindings from Users configuration before the upgrade.
• Fudo Enterprise 5.5 no longer supports the CyberArk Enterprise Password Vault functionality. Users using this integration need to migrate to CyberArk Credential Provider external repository.
• Fudo Enterprise 5.5 no longer supports the Ticketing systems (Service now) functionality.

ANNOUNCEMENTS:

• Fudo Enterprise 5.5 is the last version supporting gateway and transparent modes in the listeners configuration. Listeners using these modes must be reconfigured to use proxy or bastion modes before upgrading to the next release.
• Fudo Enterprise 5.5 is the last version supporting AAPM (Application to Application Password Manager). The AAPM will be replaced by the functionality of APIv2 in the next release.
• Fudo Enterprise 5.5 is the last version supporting APIv1. The support will be removed in the next release. All scripts using this APIv1 should be rewritten to use APIv2.
• Fudo Enterprise 5.5 is the final version to support DHCP, which will be removed in the next release.

---

Table of contents

• About documentation
• Layout themes of the Admin Panel
• Introduction
  • System overview
  • Available GUI Languages
  • Supported protocols
    • HTTP
    • Modbus
    • MS SQL (TDS)
    • MySQL
    • RDP
    • SSH
    • Telnet 3270
    • Telnet 5250
    • Telnet
    • VNC
    • X11
    • TCP
    • Secret Checkout
  • Deployment scenarios
  • Connection modes
  • User authentication methods and modes
  • Security measures
    • Data encryption
    • Backups
    • Permissions
    • Sandboxing
    • Reliability
    • Cluster configuration
  • Data model
  • Dashboard
    • Widgets
    • Adding, customizing and removind dashlets
    • Hard drives status information
  • User Portal (Access Gateway)
  • Third-Party Licenses
• System deployment
  • Requirements
  • Hardware overview
  • System initiation
    • Virtual machine
• Quick start
  • SSH
    • Prerequisites
    • Configuration
    • Establishing connection
    • Viewing user session
  • SSH in bastion mode
    • Prerequisites
    • Configuration
    • Establishing connection
    • Viewing user session
  • RDP
    • Prerequisites
    • Configuration
    • Establishing an RDP connection with a remote host
    • Viewing user session
  • RDP in bastion mode
    • Prerequisites
    • Configuration
    • Establishing an RDP connection with a remote host
    • Viewing user session
  • Telnet
    • Prerequisites
    • Configuration
    • Establishing a telnet connection with the remote host
    • Viewing user’s session
  • Telnet 5250
    • Prerequisites
    • Configuration
    • Establishing a telnet connection with the remote host
    • Viewing user’s session
  • MySQL
    • Prerequisites
    • Configuration
    • Establishing connection with a MySQL database
    • Viewing user session
  • MS SQL
    • Prerequisites
    • Configuration
    • Establishing connection with a MS SQL database
    • Viewing user session
  • HTTP
    • Prerequisites
    • Configuration
    • Connecting to remote resource
    • Viewing user session
  • VNC
    • Prerequisites
    • Configuration
    • Establishing connection
    • Viewing user session
  • User authentication against external LDAP server
    • Prerequisites
    • Configuration
• Users
  • Creating a user
  • Copying user grants
  • Editing a user
  • Blocking a user
  • Unblocking a user
  • Deleting a user
  • Authentication failures counter
  • Roles
  • Users synchronization
• Servers
  • Creating a server
    • Creating an HTTP server
    • Creating a Modbus server
    • Creating a MS SQL server
    • Creating a MySQL server
    • Creating an RDP server
    • Creating an SSH server
    • Creating a Telnet server
    • Creating a Telnet 3270 server
    • Creating a Telnet 5250 server
    • Creating a VNC server
    • Creating a TCP server
  • Importing a server list from CSV file
  • Editing a server
  • Blocking a server
  • Unblocking a server
  • Deleting a server
• Pools
  • Creating a pool
  • Deleting a pool
• Remote applications
  • Adding remote application
  • Connecting to remote application via Access Gateway
  • Deleting remote application
• Accounts
  • Creating an account
    • Creating an anonymous account
    • Creating a forward account
    • Creating a regular account
  • Editing an account
  • Blocking an account
  • Unblocking an account
  • Deleting an account
  • Managing security alerts
    • Triggering password change
    • Ignoring security alert
• Listeners
  • Creating a listener
    • Setting up the SSH listener
    • Setting up the RDP listener
    • Setting up the VNC listener
    • Setting up the HTTP listener
    • Setting up the Modbus listener
    • Setting up the MySQL listener
    • Setting up the TCP listener
    • Setting up the MS SQL listener
    • Setting up the Telnet listener
    • Setting up the Telnet 3270 listener
    • Setting up the Telnet 5250 listener
  • Editing a listener
  • Blocking a listener
  • Unblocking a listener
  • Deleting a listener
• Safes
  • Creating a safe
  • Editing a safe
  • Blocking a safe
  • Unblocking a safe
  • Deleting a safe
• Discovery
  • Creating a rule
    • Creating a rule for accounts
    • Creating a rule for servers
  • Managing rules
  • Creating a scanner
    • Creating a scanner for Domain Controller Accounts
    • Creating a scanner for Domain Controller Servers
    • Creating a scanner for local accounts
  • Managing scanners
  • Managing discovered accounts
  • Managing discovered servers
• Password changers
  • Password changer policy
    • Defining a password changer policy
    • Editing a password changer policy
    • Deleting a password changer policy
  • Custom password changers
    • Defining a custom password changer
    • Editing a custom password changer
    • Deleting a custom password changer
  • Importing and exporting password changers
    • Exporting a password changer
    • Importing a password changer
  • Connection modes
    • SSH
    • LDAP
    • Telnet
    • WinRM
  • Setting up password changing on a Unix system
• Policies
  • AI module-based policy
  • AI module-based policy examples
  • Regular expression-based policy
• Downloads
  • Sessions
  • Files
• Account activity in the Access Gateway
• Access requests
  • Awaiting requests
  • Active requests
  • Archived requests
• Sessions
  • Filtering sessions
    • Defining filters
    • Managing user defined filter definitions
    • Full text search
  • Viewing sessions
  • Pausing connection
  • Terminating connection
  • Joining live session
  • Sharing sessions
  • Commenting sessions
  • Sessions’ retention lockdown
  • Exporting sessions
    • Export Session File Formats
  • Deleting sessions
  • OCR processing sessions
  • Session data replication
  • Timestamping selected sessions
  • Cancelling sessions timestamping
  • Require approval for access
    • Approving pending user requests
    • Declining pending requests
  • AI sessions processing
    • Content models
    • Session scoring
    • Quantitive models
• Reports
• Productivity
  • Overview
  • Sessions analysis
  • Activity comparison
• Administration
  • System
    • Date and time
    • SSL certificates
    • Deny new connections
    • SSH access
    • Sensitive features
    • System update
      • Updating system
      • Restoring previous system version
      • Deleting upgrade snapshot
    • License
    • Hotfix
    • Diagnostics
    • Configuration encryption
    • Password changers - active cluster node
      • Cluster Password Changers
  • Time Out
  • Network settings
    • Network interfaces configuration
      • Managing physical interfaces
      • Defining IP address using system console
      • Setting up a network bridge
      • Setting up virtual networks (VLANs)
      • Setting up LACP link aggregation
    • Labeled IP addresses
    • Routing configuration
    • DNS configuration
    • ARP table configuration
  • Notifications
  • Artificial Intelligence
    • Configuring models trainers
    • Behavioral analysis models
  • Trusted time-stamping
  • Certificate-based authentication scheme
  • Authentication
    • External authentication server definition
    • OpenID Connect authentication definition
    • Global authentication settings
      • Default domain
      • Password complexity
      • OATH authentication definition
      • SMS authentication definition
      • DUO authentication definition
      • Single Sign On
      • Kerberos authentication settings
  • External passwords repositories
    • CyberArk Credential Provider
    • Thycotic Secret Server
    • Local Administrator Password Solutions (LAPS)
  • Resources
    • RDP/SSH/VNC login screen configuration
    • User portal login screen configuration
  • System version restore
  • System restart
  • SNMP
    • Configuring SNMP
    • Configuring SNMPv3 TRAP
    • SNMP MIBs
    • Getting SNMP readings using snmpwalk
    • Fudo Enterprise specific SNMP extensions
  • Backup and retention
    • System backup
    • Data retention
  • External storage
    • Configuring external storage
    • Expanding external storage device
  • Exporting/importing system configuration
    • Exporting system configuration
    • Importing system configuration
  • Cluster configuration
    • Initiating cluster
    • Adding cluster nodes
    • Editing cluster nodes
    • Deleting cluster nodes
    • Redundancy groups
  • Events log
    • Filtering logs by date and time
    • External syslog servers
    • Exporting events log
  • Changing encryption passphrase
  • Integration with CERB server
  • System maintenance
    • Backing up encryption keys
    • Monitoring system condition
    • Health Check
      • API Health Check
    • Call Home
    • Hard drive replacement
    • Resetting configuration to default settings
• Reference information
  • RDP connections broker
  • Log messages
  • Footer Information
• Fudo Officer 2.0
  • Configuration
  • Managing Profiles
    • Add New Profile
    • Switch Profiles
    • Edit Profile
    • Delete Profile
  • Managing Session Requests
    • Awaiting Requests
    • Active Requests
    • Revoking Request
    • Archived requests
  • Settings
    • Biometric Authentication
    • Change PIN code
    • Language
• AAPM (Application to Application Password Manager)
  • Compiling fudopv tool
    • Python
    • Virtual environment
    • Fetching dependencies
    • Package creation script
  • Deploying fudopv without compiling source files
  • Using fudopv
  • Authentication methods
    • Static password
• Client applications
  • PuTTY
  • Microsoft Remote Desktop
  • TightVNC Viewer
  • SQL Server Management Studio
• Troubleshooting
  • Booting up
  • Connecting to servers
  • Logging to administration panel
  • Session playback
  • Cluster configuration
  • Trusted timestamping
  • Support mode
• Use Cases
  • Two-factor OATH authentication with Google Authenticator
    • Protocols Supporting OATH Authentication Method
    • Configuring the OATH Authentication Method
  • OpenID Connect authentication definition with Microsoft Entra (Azure)
  • Remote Desktop Services configuration on Windows Server for Fudo Enterprise
    • Setup Remote Desktop Services (RDS)
    • Setup Fudo Enterprise
  • Managing RPD Server certificates in Windows Server
    • Locating the Server Certificate in Windows Server
    • Providing the CA Certificate
  • Configuring the Single Sign On (SSO)
    • SSO configuration on Windows Server 2019
    • Setup Fudo Enterprise
    • Setup and check user workstation - Windows2010 Client
• Frequently asked questions
• Glossary