Since the RES acquisition by Ivanti in July 2017, we have been busy! You might have seen the tweets, discussion and blog from Jon Rolls about our strategy in the User Workspace Management business. Well, the dust has settled, and I am happy to announce the release of the first version of RES ONE Workspace as part of the Ivanti family: now rebranded and renamed as Ivanti Workspace Control v10.2.

RES is now Ivanti

As you probably know, RES had a number of rebrands and product name changes over the years. This time it is slightly different as we have also tweaked the look and feel to make it look and feel more a part of the Ivanti product family.

When you install or upgrade product components, you will immediately notice the new color scheme:

ivanti upgrade pack - introduction screenshot

If you look at the splash screen when launching the Windows Console or a user session, it did not change that much since the v10.1 release:

ivanti workspace control - loading screen screenshot

Other components, like the Windows Console…

workspace control console - administration screenshot

… and the Management Portal are now also styled in line with other products in the Ivanti product portfolio.

ivanti workspace control - sign in screenshot

We are working in the background to rebrand the other components of Workspace Control too.

File Certificate-based Application Whitelisting

In the v10.1 release, in July 2017, we introduced improved security management in the Management Portal. Basically, this version focused on a redesign of existing application whitelisting feature including a technical preview of whitelist management using file certificate. More information can be read in this blog. This Workspace Control v10.2 release contains the final version of this simplified and powerful application whitelisting feature.

Application whitelisting based on file certificates allow IT to create rules to whitelist applications from a specific vendor or product name using the certificates of signed executables—providing the same level of security as file hashes, but with fewer rules and a lot less maintenance.

Let’s take the Microsoft Office 2016 suite as an example. If you want to whitelist applications like Word, Excel, Outlook and PowerPoint you need a whitelist rule per application and per application version when using application whitelisting based on executables or file hashes. Of course, while application whitelisting based on file hashes is very secure, it does require quite some maintenance because if an update of Microsoft Office is installed, the file hashes will change.

With application whitelisting based on file certificates you can easily create a whitelist rule based on the digital signature of the Microsoft Office applications. In this example a rule is created which whitelists all the applications with the publisher ‘Microsoft Corporation’ and product name ‘Microsoft Office 2016’:

workspace control - file certificates - security - rules screenshot

workspace control - file certificates - security - rules screenshot

To automate your workspaces without touching the Management Portal or Windows Console, the v10.1 release already delivered a set of RESTful APIs with a strong focus on automating the creation and maintenance of security whitelist and blacklist rules. The v10.2 release of the Management Portal has an enhanced set of APIs with the following use cases:

  • Create new certificate rule
  • Update existing file certificate rule
  • Get list of existing file certificate rules.

You can browse to the URL/swagger location of the Management Portal and you will see the graphical interface of the available use cases within the RES ONE Workspace API:

api certificates screenshot

Application Whitelist Monitor

The Workspace Control Application Whitelist Monitor (AWM) is a companion tool to Workspace Control. It simplifies security whitelisting if you deploy new applications via a third-party tool such as Microsoft System Center or IBM BigFix, or if you deploy them manually by storing them on a file share.

The Application Whitelist Monitor is the new version of the File Hash Monitor (FHM). Where the File Hash Monitor eliminates the need to manually configure file hashes, as it allows you to automatically import and update these in your Workspace Control environment, the Application Whitelist Monitor is also capable of identifying and importing file certificates.

Updated third party platform support

The Workspace Control v10.2 release delivers support for the following third-party platform versions:

  • Support of Citrix XenApp/XenDesktop 7.15 LTSR
  • Support of macOS 10.13 version
  • Support of Red Hat Enterprise Linux 6.9
  • Support of CentOS 7.3 & 7.4 version

We removed support for the following third-party platforms:

  • Support of macOS 10.8, for macOS, support start from 10.10.
  • Remove support of RHEL and CentOS 5.11

This concludes the Headline News, but there are other minor updates as described in the product documentation. Ivanti Workspace Control 10.2 is available in the Ivanti Community portal. As always, a special thanks to all the team members who helped building, testing, documenting and delivering this release.