October 8, 2019
New production features
Better performance at scale
We have optimized the resource utilization of the control plane and enforcers for better performance at scale.
New beta features
Federated service identity
Aporeto can now act as an OpenID Connect (OIDC) identity provider, enabling single sign on for applications. Authorized applications can obtain an OIDC ID token from the Aporeto control plane and use it to authenticate to an OIDC-compliant third party.
Our AWS integration app now uses this method to connect to AWS.
- It passes its Aporeto token to the Aporeto control plane, requesting an OIDC ID token.
- The control plane checks the app’s authorization, then returns the ID token.
- The app exchanges the ID token for temporary AWS credentials, using the AWS
Define the protocols and ports of external networks as pairs
The Control Plane API offers a new
ServicePorts attribute allows you to define the protocol and port of an external network as a pair.
As of October 8, the
ports attributes are deprecated.
We will remove
ports in a future release.
You cannot use both
ports in the same external network definition.
All protocols must share the same port or set of ports.
For example, you can set a
ServicePorts value of
[tcp/80,udp/80] but not
We will lift this restriction in a future release.
Only the API exposes
ServicePorts at this time.
Splunk and GCP integration apps
Under Integrations > Apps in the Aporeto web interface, we offer two new apps:
Splunk Application: allows you to send flow and processing unit logs to a specified Splunk REST API endpoint.
GCP Instance Monitor: monitors your Google Cloud Platform (GCP) instances to ensure that each one has a running enforcer. If the app locates an instance without an operational enforcer, it triggers an alarm in the Aporeto web interface. If you have instances that you wish to exclude from monitoring, you can identify these using tags.
You can now configure a SAML identity provider for SSH and control plane user authentication.
Red Hat Enterprise Linux 8+ requires special configuration to work with the SSH access control feature. If you require this distribution, contact us for assistance.