We are very excited to release updates to both the Movere Console (version 126.96.36.199) and the Movere Installer! We have received great feedback from our users following the August release, and are happy to announce the following updates as we continue to make the Movere Console as resilient and versatile as possible. These updates will allow users to start new scans while minimizing the risk of interrupting existing scans and do away with the need to deploy additional Consoles, as well as return flexibility in scanning techniques from prior versions. Please note that there will be no change to the 12-hour expiration of the cloud upload token, as this feature is imperative to the security of the Console.
Stopping and Starting Scans
The Movere Bots will now survive brief losses of connectivity with the Console, without stopping an ongoing scan (Inventory or ARC). Connectivity interruptions are typically caused by reboots, auto-logoffs, user closing the Console prematurely, etc., and should not last more than 5-10 minutes. In addition, the latest Console will now support stopping a scan and allow the user to start a new scan without impacting the previous one. This is possible through the implementation of disk persistence for the token2 authentication system, which ensures that while the Console is running. When a scan is started, all token2 files are stored both in memory and encrypted on disk as a .json single file. In this way, the token2 files can be retrieved when the console starts back up and are reloaded in memory to secure communication with the bots once more:
Multiple Scans via a Single Service
This update also restores the ability to run multiple scans from the same device. While scans of AD, Windows, Linux, vCenter, etc. can be chained together in one single scan, we understand that some users prefer to scan these systems separately. This approach is once again possible through some clever engineering. By deploying the Movere Service as a true Windows service, (which is done via the Console with no user intervention required), the Movere Service will once again “listen” for and accept payloads from prior (long running) scans, while also allowing new scans to be started simultaneously. The "listener" will also survive a reboot of the Console device or closing of the Console itself, and will restart (on a delay) once the device is rebooted.
The Movere Service "listener" will deploy at the completion of a scan or when a scan is stopped, and the Console will notify the user once the listener service is deployed:
Please note that Windows service deployment occurs only after initiating Windows and Linux scans. AD, O365 and vCenter scans do not install Movere as a Windows service.
Once deployed, the Movere Service will be visible in the Windows Services list:
3rd-Party Deployment is back!
Also returning to the Console is support for 3rd-party deployment of Movere! The latest Console will allow users to bundle, deploy, and start the bots with 3rd-party tools such as System Center Configuration Manager (SCCM), PowerShell, etc., while maintaining the secure communication channel between the Console and bots. Users will be able to run Movere in this way as long as the following requirements are met:
- User needs to create a passphrase that meets the minimum complexity requirement (same as Magic Word). The passphrase can be provided directly to the bots as a command line argument, or alternatively the Framework Verifier can be used to start the bots. In the latter scenario, however, the passphrase needs to be injected in the config file of the bots prior to deployment.
- The passphrase must be also provided to the Movere Service functioning as a “listener” prior to starting the scan. Scanning via 3rd-party tools will be limited to supporting up-to a certain number of devices from a single Console. The default limit is 1000, but it can be adjusted via the Movere Service config file. Once this limit is met, new bots will not be able to authenticate with the Movere Console. For extra security, the Movere Console will be sending each device their own token2 (used to secure the actual communication between individual bots and the Movere Console for payload uploading, credential requests, etc.), which is valid for the duration of the scan. For ARC scans, users are required to configure the duration of the scan using the Movere Console prior to starting the 3rd party deployment.
- If ARC data is also required, then the ARC bots can be packaged along with the Inventory bots, but the Inventory bots must be started. The ARC bots cannot be deployed independently.
In addition, the Console will now support hybrid deployment for direct bot propagation (via Movere Console) and 3rd-party tool support. In this mode, users will be able to use the Console as the mean to start scans, (including re-scans), while also allowing 3rd-parties to deploy bots and start them without compromising security.
Finally, the latest Console will include automatic updating functionality, which will see future updates to the Console automatically install without any impact to current scans or settings. Once the latest Console (v188.8.131.52) is downloaded and installed, all future Console updates will be automatically installed.
As always, there are the usual bug fixes, including improvements to merging of anonymized data and greater deanonymization support for special character strings, as well as updates to scheduled scanning.