Director 220.127.116.11 introduces the following new features:
> Support for the Director VA
In this release, the Director application and OS are bundled together as an installable package. This package can be used to upgrade your Director 510 appliance and to create a Director VA. A Director VA is a software-based Blue Coat Director that is installed on a supported bare metal server or installed as a virtual machine. For ease of migration, this release also provides you with the ability to migrate the configuration from your Director 510 appliance directly in to a new software-based Director.
> Support for Licensing
The Blue Coat Director now requires a valid license to manage devices.All Director VA installs, updates of the Director 510 appliance to v6.x, and upgrades from Director 510 appliance to a Director VA require you to download and install a license file to manage the ProxySG appliances in your network.
The Blue Coat Director does not ship with a pre-installed license; you must obtain a Try and Buy (TAB) license that is valid for 90 days or a production license, which is perpetual. Each licensed Blue Coat Director can manage up to 300 ProxySG appliances.
For more information on licensing, or to know Why do I need a license for the Director/ How do I get one?, refer to the Blue Coat Director Getting Started Guide.
> Support for More Authentication Mechanisms
- LDAP with Microsoft Active Directory: In addition to RADIUS and TACACS+, you can now use the Lightweight Directory Access Protocol (LDAP) for authenticating access to the Blue Coat Director. You can configure the Blue Coat Director as an LDAP client, and authenticate to the Microsoft Active Directory service. Both simple LDAP for LDAP v2 and v3, and secure LDAP (or LDAP over SSL) for v3 are supported.
- RADIUS with RSA SecurID: To meet your need for an additional level of security in user identification and authentication, Blue Coat Director now supports SecurID with RADIUS authentication. To use the one-time password feature, you must configure your RADIUS server to work with the SecurID hardware or software authenticators used in your network. On the Blue Coat Director, the user can now enter the passcode, and be authenticated by the RADIUS server.
If you already have configured Director to use RADIUS authentication, to allow the use of one-time password you do not have to modify your configuration on the Director. If you are just setting up Director to use RADIUS with SecurID authentication, refer to the Blue Coat Director Configuration and Management Guide for instructions on configuring RADIUS authentication on Director. For instructions on installing and configuring the RADIUS server and the SecurID authenticators refer to the vendor’s product documentation.
> API Support for Pre-populating Smooth Streaming Content
Microsoft’s Smooth Streaming is a Web-based media format that uses standard HTTP. Instead of performing full file downloads, smooth streaming technology delivers a series of MPEG-4 (MP4) fragments, that can be easily cached. The Director API support for smooth streams accelerates content delivery and provides a better user experience in your network.
For more information refer to the Blue Coat Director API Guide.
> Support for Using the IPv6 Address Scheme on the Blue Coat Director
To help you transition into the IPv6 address space, the Blue Coat Director operates both in a network where IPv4 and IPv6 addresses co-exist and in an exclusively IPv6 environment.
For more information, refer to the Blue Coat Director Getting Started Guide .
Security Fixes in This Release
- CVE-2011-3389: Upgraded to Java Standard Edition (SE) 1.6 update 29. This upgrade fixes the concern with an attack that uses web browser extensions to exploit a weakness in SSL/TLS cipher-block chaining (CBC).
- CVE-2009-3555: Upgraded the Open SSL versions to support secure TLS renegotiation. By default, the Blue Coat Director supports secure renegotiation. If you would like to allow backward compatibility for legacy SSL clients (older Web browsers) that do not comply with the security requirements for the SSL handshake, you will need to use the CLI command (config) # ssl legacy-renegotiation-enable.
- CVE-2009-3563: Updated the NTP code to prevent the vulnerability that caused an excessive use of CPU and disk space, which resulted in a denial of service.
For more information on this release, refer to the Release Notes.