VSA Updates
VSA release 9.5.16 includes the long-requested capability to patch endpoints that are air gapped or disconnected form the interest in Software Management 2.0. Additionally, to better support our customers taking advantage of the full power of Software Management 2.0, version 9.5.16 also includes an upgrade wizard to make the transition from legacy Software Management a breeze.
Beyond patching, release 9.5.16 includes several enhancements to Live View, Ransomware Detection, and more support for the VSA 9 to VSA 10 upgrade wizard. Beyond enhancements, there is 3 important security upgrades, as such we recommend that all on premise customers rollout version 9.5.16 at their earliest convenience.
Enhancements
BMS Integration
Release 9.5.16 improves the reliability of the BMS integration through adding additional logic to smooth over situations where communication with the BMS server is temporarily lost.
Live View
For those who want Live View to be their main disruptionless troubleshooting interface we’ve added a new checkbox under System > User Settings > Preferences to Enable Live View. After configuring this users will have Live View as their default view and can now hold ALT and over the endpoint to view the old Quick View user interface. Please note that for macOS and Linux agents Quick View will continue to be the default interface.
Software Management
Release 9.5.16 includes two major enhancements to Software Management. The first is an upgrade wizard that guides you through the process of upgrading from Software Management 1.0 to Software Management 2.0.
Additionally, this release supports patching of both OS and 3rd Party Applications on Windows devices with restricted internet access.
- The Scan and Analysis profile now includes a File Source configuration. There are three options:
- Internet (default) - each Windows-managed machine downloads patches from the internet or WSUS server.
- VSA Server (on-premises only) - the VSA server downloads patch installers from the internet and pushes them to the machine being patched.
- LAN Cache - if the machine being patched is assigned to a LAN Cache, the LAN Cache machine downloads patch installers from the internet and pushes them to the machine being patched.
- The Software Management > Management > Machines page is no longer auto-refreshed.
- For all new VSA tenants, Kaseya 1.0 Scan profile is disabled.
- Split the Software Management > Management > Vulnerabilities page into two tabs:
- Missing: displays all Unapplied Patches. Grid is filterable by the Machines/View filters which already exist on the page.
- Installed: provides the full list of all discovered patches within a given tenant. Grid is filterable by the Machines/Views filters, which already exist on the page.
Important Security Updates
This release contains important security updates. We recommend that on-premises customers upgrade as soon as possible (No action is required for SaaS customers as updates are automatically applied).
- Updated OpenSSL library used by Edge service to v1.0.2zg to remediate multiple vulnerabilities disclosed in this advisory.
- Updated .NET SQL client to remediate a Microsoft information disclosure vulnerability (CVE-2022-41064).
- Fixed a SQL injection vulnerability.
The VSA 9.5.15 release includes six major enhancements and two important deprecations you should be aware of. This release offers support for macOS 13, Golden Image VDI management, the GA of LiveView, several new Ransomware Detection reports and two major improvements to Software Management.
New Features
Golden Image VDI Support
For partners managing significant Virtual Desktops, this is one of the most powerful features ever released. An existing agent can now be flagged as a Golden Image from which additional VDI images can be spawned. This empowers you to have a single consistent agent that you can update with patches or new software and replicate those changes to its desktop clones. Simply put, VSA can now easily monitor, manage and secure your VDI.
Manage macOS 13 (Ventura) Devices
VSA has certified Agent and Live Connect support for Ventura endpoints for both Intel and ARM-based processors. There is one exception to this for devices using the Remote Services feature. Please see the release notes for more information.
LiveView — General Availability
VSA 9.5.15 includes the general availability of LiveView — a one-stop shop for all device-centric troubleshooting. This release also includes two new widgets directly requested by our partners during the preview program — an alerts widget and an asset information widget. The alerts widget makes it easy to see the open Alerts and Alarms associated with a device.
The asset information widget includes commonly used information, such as computer name, MAC Address and OS.
Ransomware Detection — Info Center Reports
This release includes four new Info Center reports for Ransomware Detection:
- Protected vs. Total Agents
- Ransomware Detection vs. Agents Protected
- Endpoint Deployment Details
- Endpoint Detection Log Details
Software Management at Scale
Release 9.5.15 empowers partners to manage patching and software management at large endpoint counts. This UI/UX change should make it significantly easier to patch by allowing the ability to see errors and filter machines by a specific error. This release also allows you to filter machines by pending action, such as Scanning, Deploying a Patch, Uninstalling, Rebooting, Warning or Error.
Risk-Based Patching with CVE Codes and CVSS Scores
To better support our partners in their vulnerability management of patches, we’ve added CVE codes and CVSS scores for third-party patching. Beyond being aware of the importance of a patch, you can now create automated patching workflows to ensure high-priority patches are rolled out immediately. This data is also available in the Executive Summary report to better report on open vulnerabilities.
Deprecations
Kaseya Antivirus (KAV)
After the FCC added Kaspersky to its National Security Threat list, we immediately began a project to upgrade our customers to Bitdefender and end-of-life Kaspersky. This release completes the deprecation by removing most functionality from the KAV module, except for reporting and uninstallation of the Kaspersky client.
Kaseya Antimalware (KAM)
In July 2022, we ran a program to upgrade all customers using KAM to Malwarebytes Endpoint Protection — the latest generation of Malwarebytes products. The 9.5.15 release removes most functionality from the KAM module, except for reporting and uninstallation of the (old) Malwarebytes client.
The 9.5.14 release of VSA is one of our most innovative releases ever. This update includes many exciting innovations such as the launch of an IT Complete integration with Datto BCDR devices, and the launch of Ransomware Detection for VSA. This release also features upgrades to the sneak peeks of both LiveView, a one-stop-shop for device troubleshooting and management, and the launch of the preview program for Unified Mobile Device Management (uMDM).
New Features
Discover and Manage Datto BCDR Devices
Kaseya and Datto prove once again that they are better together. This new integration empowers VSA to discover devices, deploy agents, configure, schedule backups, restore devices and manage alerts for Datto BCDR devices. This integration between the industry-leading RMM and BCDR solution enables technicians to easily perform backup and recovery tasks more efficiently.
Ransomware Detection
SMBs faced 31,000 ransomware attacks per day last year. Our community is under attack and we here at Kaseya knew we needed to do something about it. The new Ransomware Detection module for VSA protects businesses against ransomware attacks and ensures control and ownership remain undisrupted.
VSA will monitor the status of endpoints and generate alerts or tickets for any detected ransomware-style behavior such as file encryption/deletion, deletion of backups or even the presence of ransomware notes.
VSA can then trigger automated workflows to isolate any infected machines and disconnect the endpoint from the network to prevent damage. Users can then leverage their favorite BCDR solution to restore the infected machine and make the network whole.
This new module is free until December 31 and will be $0.50/endpoint/month in 2023. Chat with your account manager if you have any questions.
Enhancements
Software Management 2.0
The 9.5.14 release of VSA is one of our most innovative releases ever. This update includes many exciting innovations such as the launch of Ransomware Detection for VSA and an IT Complete integration with Datto BCDR devices. This release also features upgrades to the sneak peeks of both LiveView, a one-stop-shop for device troubleshooting and management, and the launch of the preview program for Unified Mobile Device Management (uMDM).
We also added support for patching Microsoft products using the Windows update API. This means that the Software Management 2.0 module can patch Microsoft software that does not exist in the third-party patching software catalog.
Finally, this release has made many improvements around WSUS servers including the ability to download Windows patches in isolated environments usually known as offline mode.
Sneak Peeks
LiveView
As a reminder from the 9.5.12 release, LiveView is THE place to go for single device management, delivering visibility into all discovered assets and the ability to take action if required. During this sneak peek phase, simply hold ALT + Float on an asset icon to invoke LiveView.
With this release, we’ve further improved the user interface to feature more information about the endpoint and added Powershell terminal support. Please let us know your thoughts as we push toward general availability next release.
Unified Mobile Device Management (uMDM)
We are proud to announce the preview of our uMDM module. This preview furthers our vision of VSA as a truly unified RMM (uRMM) that can set up, manage and secure any device your business uses. This initial preview is limited to enrolling and managing Apple mobile devices. Additionally, users can initiate Lost Mode, restart the device, remotely and securely erase the device and shut down the device remotely. Android and additional Apple MDM features will be added as the preview progresses.
For those interested in joining the preview program, please fill out this MDM Preview Form.
If you’re looking to dive deeper into any of the above innovations and integrations, check out the official release notes on the Kaseya Knowledge Base.
The 9.5.13 release of VSA includes many exciting innovations such as integrations with Intel vPro for sleep-proof patching control, copy and paste of files during Remote Control sessions, and the launch of REST API personal access tokens for top-notch security. This release also features upgrades to the sneak peeks of both LiveView, a one-stop-shop for device troubleshooting and management, and VSA Enterprise-Grade Reporting, our drag-and-drop report builder and library of client-ready report templates.
New Features
Intel vPro Integration
Intel® and Kaseya® have joined forces to make it easier than ever to achieve 100% patch compliance through Intel Endpoint Management Assistant (EMA). Once configured, VSA can access all existing vPro features, including PowerControl, AlarmClock, Remote Control and more.
Key use cases include:
- Sleep-proof patching by turning a computer on in the middle of the night, patching it, and turning it off again
- Wiping a rogue computer even if you have lost OS control
- Management of devices on home networks
Enhancements
Remote Control
You can now copy and paste files during Remote Control sessions. Whether you’re copying over a password, configuration details or even a haiku, Remote Control makes it easier than ever to quickly troubleshoot end user disruptions.
We’ve also updated the Remote Control-> Control Machine page to include information on whether non-agent assets, such as network devices, are online or offline.
Rest API Personal Access Tokens
To further harden our API security, we’ve improved our Personal Access Tokens so that administrators can specify which API routes can be accessed rather than just inheriting User Role permissions. Master or System role users can now easily set whether a user can Read or Read and Manage API requests. Security is always our top priority, and as such, we strongly recommend all customers and integrations partners transition to Personal Access Tokens for API Access.
Sneak Peeks
LiveView
As a reminder from our last release, LiveView is THE place to go to for single device management, delivering visibility into all discovered assets AND the ability to take action if required. During this sneak peek phase, simply hold ALT + Float on an asset icon to invoke LiveView.
With this release, we’ve rolled out the ability to launch agent procedures directly from Sneak Peek of LiveView. You can now leverage the Services area of LiveView to review and manage all services on an endpoint. Additionally, we’ve added the “Files” section to LiveView so that you can upload, download, and view files on the endpoint you’re inspecting.
VSA Enterprise-Grade Reporting
We’re continuing to iterate on the Sneak Peek of the VSA Enterprise-Grade Reporting module, previously known as InfoCenter 2.0. In this release we’ve added granular workflows that automate both the creation and distribution of reports.
Check out our new reporting module and provide feedback on the drag-and-drop report builder and library of client-ready reports.
For more detailed information on the VSA 9.5.13 release, view the official release notes here.
The 9.5.12 release of VSA includes many exciting innovations, including omni-device remote control, native support for Mac M1 computers, the reintroduction of self-service agent procedures, and the ability to deploy third-party and custom applications using VSA’s Software Management module. This release also features sneak peeks of LiveView, a one-stop-shop for device troubleshooting and management, and InfoCenter 2.0, our enterprise-grade report builder and library of client-ready report templates.
New Features
Omni-Device Remote Control
Historically, technicians were required to use a different tool, with a different UI, to remotely manage different network device types, decreasing technician efficiency and increasing software costs. That problem is a thing of the past with the launch of VSA 9.5.12.
Omni-device remote control takes remote control into the realm of agentless devices by allowing you to directly manage routers, firewalls, printers, switches and more. Kaseya LiveConnect now empowers technicians to connect virtually to any device via a single click and manage it natively via remote control.
As long as a device has been promoted to an asset, LiveConnect supports remote management using HTTP, HTTPS, SSH and custom tunnel protocols in a fast, safe and secure manner. We plan to add support for Telnet and IT Glue-embedded passwords in the near future.
Third-Party and Custom Software Installers
Manually distributing specialized software, such as in-house applications, is a costly, time-consuming and error-prone process for internal and external IT services providers alike.
VSA can now effortlessly deploy third-party and custom applications using Kaseya’s advanced Software Management module. Fine-grained reboot controls along with pre- and post-processing commands ensure that even the most complex applications can be installed successfully.
Native Support for Mac M1
In this release, the VSA has been updated with a native agent for MacOS M1 devices with ARM processors. VSA now fully supports both Apple’s Intel and ARM-based MacOS operating systems through a new MacOS agent installer. This new support lays the groundwork for full Apple mobile device management (MDM) that is coming soon.
Enhancements
Self-Service Agent Procedures
We are pleased to announce that this release reintroduces Agent Procedures to the User Portal, enabling self-service execution of selected automation tasks by end users. Empower end users to self-service common IT tickets such as rebooting a print spooler or scanning for and then installing any missing patches.
Sneak Peeks
LiveView
LiveView is a streamlined and modernized fusion of QuickView and LiveConnect that offers a one-stop-shop for everything you need to know about the device. By bringing the functionality of these two applications together to form LiveView, we remove the need for technicians to move between QuickView and LiveConnect and massively increase efficiency.
LiveView is THE place to go to for single device management, delivering visibility into all discovered assets AND the ability to take action if required. During this sneak peek phase, simply hold ALT + Float on an asset icon to invoke LiveView.
InfoCenter 2.0
Historically, internal and external IT service providers have been unable to demonstrate the true value of their work using out-of-the-box RMM reporting. A preview of InfoCenter 2.0, VSA’s enterprise-grade business intelligence platform, is available in 9.5.12.
VSA’s InfoCenter 2.0 contains a library of easily customizable, client-ready reports that clearly communicate the value your team provides to a business. This upgrade offers a drag-and-drop graphical report builder and automated report generation/distribution to greatly increase reporting efficiency. VSA’s data warehouse has been upgraded to offer customers the ability to combine data from VSA and any other SQL-based application to deliver best-in-class reporting.
For more detailed information on the VSA 9.5.11 release, view the official release notes here.
The 9.5.11 release of VSA includes some cool new features and enhancements, including Custom Device Type Discovery, the addition of Azure Active Directory to Domain Watch, as well as a Patches Pending review and reboot option following patch deployment in Software Management.
New Features
Custom Device Types!
We know that you are being asked to manage more device types every day which is why we’re thrilled to announce VSA’s new Custom Device Type Discovery feature. By navigating to Discovery>Discovered Devices and using the existing “Change Type” workflow you can now select “New Device Type” and input any new device type that you want to manage. If/when you need to retire or update a previously created custom device type, you can simply ‘empty’ it by migrating associated devices and it will be automatically cleaned up by VSA.
Bonus! Custom Device Types don’t just exist in VSA, they carry through to any Kaseya integrations you have configured.
Domain Watch enhanced to support Azure Active Directory!
We are excited to announce that the existing Discovery>Domain Watch module has been enhanced to support Azure Active Directory. By providing VSA with an Azure credential, it will automatically discover your Azure Active Directory domains and populate them within Domain Watch. Simply select an Azure Domain, provide filtering within Azure Settings and enable the domain, and VSA will automatically discover ALL your Azure Active Directory Users, Computers, Groups and Administrative Units and enable policy management.
Deploying agents to existing computers has also never been easier. Simply define an Agent Deployment policy after selecting an Azure domain within Domain Watch and VSA will take care of the heavy lifting for you. If you prefer to manually deploy agents, no problem! Simply click the “Deploy Agent” button within Discovery>Computers.
If you want to use your Azure credentials to log into VSA, you can create a new VSA user within the Domain Watch>Policies>Users tab and log-in using the ‘Login with Microsoft’ button on the VSA login screen.
This new feature also allows you to enable basic Azure user management and surface and manage alarms, tickets and emails of behalf of Azure objects. Be sure to check out the Discovery>Domain Watch module including the Policies tab for more detailed information.
Software Management
VSA’s 9.5.11 release includes the addition of a new Patches Pending Review column in the Patch Approval view. A reboot ca also now be scheduled after deployment. You can choose from one to several days within the week to execute a reboot action. It will only be executed if needed, per your defined patch deployment procedure.
If the Perform Reboot Action is set to ‘On Schedule’, the reboot procedure will run at the closest day/ time after deployment. If for whatever reason the scheduled reboot fails to run, VSA will attempt to run it again during the next scheduled day/time.
A new option has also been added to remove a minimum restriction on the Distribution window parameter within Deployment profile. To enable this feature, server administrators simply need to check “Software Management: Enable Minimum Distribution Window to 1 hour” on the System > Server Management > Configure page.
Enhancements
Cloud Backup
In the 9.5.11 release, we’ve added certified support for Cloud Backup with two-factor authentication (2FA) enabled on the Acronis tenant, provided that the account used for the integration has been configured as a service account. Configuration details can be found in this KB article - https://helpdesk.kaseya.com/hc/en-gb/articles/4931052358417
Passly (Authanvil) Integration
The Authanvil > Two Factor Auth > Agent Procedure Approval page has been updated to now accept multiple VSA users with a comma-separated list. All specified users can approve their own Agent Procedures using their Passly Authenticator, provided their User Role has the “Approve Using Authanvil” right.
For more detailed information on the VSA 9.5.11 release, view the official release notes here.
The VSA 9.5.10 release comes with some key new features and enhancements, including a preview of Info Center 2.0 with new executive reporting capabilities, a new migration tool for easily upgrading to the new Software Management 2.0 engine, and a new IP Whitelist for Personal Access Tokens.
New Features
Info Center 2.0 Preview
An early preview version of the new Info Center 2.0 is now available for everyone registered in the preview program. Data can be previewed live, exported into a CSV format for further customization, and/or augmented into a blank or templated pixel-perfect executive report via a new stylish report designer.
For easier access and navigation, the Info Centre preview module has been moved to Info Centre Preview.
If you are interested in participating in the Info Center 2.0 preview program but are not yet registered, you can apply here.
Software Management
Now that the new Software Management 2.0 engine with native scanning technology and a superior catalogue (200+ titles) is fully operational, support for the technology and profiles in the old 1.0 engine is being discontinued. The 9.5.10 release includes a new migration tool that streamlines the upgrade process, allowing 1.0 users to be fully operational in the 2.0 engine within minutes.
We also introduced a new automatic patch rule where each action (Approve, Reject, Suppress) can be set to auto-perform by the same rule for all newly discovered instances. The Patch Approval page now incorporates 4 tabs:
- Pending Review — the list of patches requiring review.
- Approved — the list of patches with an automatic rule set to «Approve».
- Rejected — the list of patches with an automatic rule set to «Reject».
- Suppressed — the list of patches with an automatic rule set to «Suppress»
Finally, a new column was added to the Machines page in the Software Management module that displays applied overrides for a given machine with filterability within the column.
Note: Support for the Software Management 1.0 engine will be discontinued as of April 30th, so all users must upgrade prior to this date. Please, refer to the KB article below for a step-by-step migration guide: https://https://helpdesk.kaseya.com/hc/en-gb/articles/4419808335121helpdesk
IP Whitelisting for Personal Access Tokens
As part of the 9.5.10 release, we have enhanced API access security by adding a new IP whitelisting capability to Personal Access Tokens for VSA administrators. This new feature increases security protocol by restricting authentication from specified IP addresses or networks only.
Enhancements
Agent Application Branding
We removed Kaseya icon branding in various VSA agent files to reduce visual noise.
Rest API
We further enhanced and expanded capabilities of the VSA REST API by adding new API routes for gathering information about Agent profiles and notes, and a new API for gathering information about networks configured in discovery.
For more detailed information on the VSA 9.5.10 release, view the official release notes here.
The VSA 9.5.9 release comes with some exciting new features, including our new Software Management for both Windows and MacOS application software; a new Data Warehouse API, which will be the platform for our upcoming new Reporting & Dashboarding capabilities in Q2, 2022; and our foray into Hybrid IT management with Azure device discovery and visualization.
Our 9.5.9 release also includes some key enhancements that are sure to put a smile on your face, including support for Microsoft Windows 11, Microsoft Server 2022 and MacOS Monterey (Intel).
Note: This release requires agent version 9.5.0.30, so be sure to update your Windows, Mac and Linux agents after installing this release.
FEATURE RELEASES
Software Management 2.0 GA
After months of invitation-only beta testing, we are pleased to announce the GA release for our new operating system and third-party software patching engine. This new native engine offers lightning-fast patching scans, zero metadata file storage, an expansive catalogue with over 200 titles (and growing) and CVSS score-based patching policy.
General Updates
We have enhanced our vulnerability management capabilities to accommodate hybrid scenarios to ensure third-party patches will only be included in scans and deployments on agents where third-party support has been enabled. We added a global filter bar to the Patch History page so that users can easily filter and navigate results by Organization, Machine Group or View. We also added a new software version number to the “Identifier” column on the Machines, Patch Approval and Patch History pages to quickly and easily identify active versions running on each device.
The “Next Scan” and “Next Deploy” date fields have been expanded to include both time and date to provide a clear picture on planned updates.
Big Sur and Monterey Optimization
The 9.5.9 release offers OS and third-party patching support for macOS Big Sur and Monterey. We recommend using the “OS Native” patches engine to do macOS patching since it supports processor architectures, all macOS versions and correlates with actual options on macOS end machines. See the image below.
Refer to the release notes for a few conditions on process, versioning and patch strategy name changes.
Enhanced Profiles
Override Profiles
The 9.5.9 release of VSA includes Override Profile support for the new “Days from Release” search criteria, which allows users to create an override based on the number of days since the release. This can help ensure machines are kept up to date with a chosen “grace period.” Override Profiles now also supports third-party software patches within their unique rules, including CVE Code, Description, Name, Product, Release Date and Vendor.
Third-Party Software Profiles
With this release, we’ve renamed a couple of menu items to make it easier to distinguish software profiles from the old versus the new engine. “K3PP Software Catalog” has been changed to “third-party software 2.0” and “third-party software” has been changed to “third-party software 1.0”.
If a third-party software patch is not available for download, it will be marked as “not available.” This may happen with software titles that are frequently updated, e.g., Google Chrome. If a download is marked as “not available,” VSA will update the status once the patch (new software version) is ready for download.
When adding a new software 2.0 profile, there is a new “auto update” column that enables the auto-updating functionality with the click of a button. Once enabled, “auto update” will appear next to the version to clearly identify which 2.0 titles have auto update enabled. In addition, the 2.0 Software Catalog now includes custom update channels for Microsoft Office with current, monthly and semi-annual frequency options.
See the images below for visual details.
Azure Discovery
We are excited to announce that our vision for Unified RMM has reached the cloud with the launch of Discovery and visualization for Azure devices. By simply providing your Azure credentials to VSA, you can now automatically discover your Virtual Machines, SQL instances, Cloud Services, App Services and Load Balancers within Azure and trigger VSA to install agents on Azure Virtual Machines. Specific requirement details can be found here.
Users can also use organizational filters in the Discovered Devices and Topology Map via the Introduction of Discovery Services Module. This new service credential management area allows you to administer all your discovery service credentials and related device relationships in one place with specified data collection frequency. See the release notes for more detail.
Info Center
The 9.5.9 release of VSA comes with a coveted new Data Warehouse API that can be leveraged by leading third-party business Intelligence platforms, such as Microsoft PowerBI and Tableau, to extract data from VSA’s Info Center datasets into custom reports. The Data Warehouse API is built on the OData standard that comes with native support in PowerBI and Tableau to fast track the creation of comprehensive dashboards and reports within external tools.
The datasets are structured by VSA categories, including Agent, Agent Procedure, Audit, Discovery, Lan Cache, Monitor, Patch, Remote Control, Service Desk, Software Deployment, Software Management, System, Antimalware, Antivirus, Cloud Backup and Ticketing.
For more information, you can watch a video tutorial of using Data Warehouse API in PowerBi.
And/or view documentation here:
Enhancements
Agent OS Support
The VSA 9.5.9 release includes enhanced agent support with all VSA functionality for Windows 11, Windows Server 2022 and macOS 12 (Monterey), with a few exceptions. See the release notes for details.
Audit
We increased the character limit for Custom Field string formats from 255 to 2048 characters to accommodate more flexible scenarios.
Cloud Backup
We updated the Acronis version for new client installations to 15.0.28323. Existing clients must be updated from the Acronis cloud console in order to take full advantage of the features in this version.
REST API
The 9.5.9 release re-introduces the Swagger UI, which means customers and third-party developers can now visualize and interact with VSA API resources. See the release notes for activation details.
User Portal
We have added a new configuration page within User Portal that allows for Portal Header and Custom Links to be customized. See our help topic for more information.
UI / UX
We’ve added a Kaseya App Launcher feature for Users who are authenticated using the “Log in with IT Complete” option. The Kaseya App Launcher provides access to your IT Complete portfolio of products with a simple click on the App Launcher icon in the VSA Header.
We’ve also updated the VSA Header and left navigation menu by including new icons and an enhanced Help menu.
Learn more about the 9.5.9 release in the official release notes
9.5.8 is VSA’s largest release to date. It includes a multitude of new features, including FIPS 140-2 compliance, Kaseya One and IT Complete SSO Integration, Agent MSI Package Installation, Software Management Application History and User Portal Ticket Submission Enrichment. It also includes some significant feature enhancements, progressive deprecations and bug fixes.
FEATURE RELEASES
FIPS 140-2
You asked and we delivered! We are thrilled to announce that VSA is the first RMM on the market to offer FIPS 140-2 compliance. We’ve enhanced cryptography for VSA communication channels to comply with FIPS 140-2 so that our customers who follow these standards now have peace of mind knowing that the organization(s) they manage through VSA meet the required regulations.
The model below shows how the FIPS module transacts with a VSA agent, server and endpoint.
Note: On Premise VSA Servers must have FIPS-approved Server Certification. See the release notes for details.
Kaseya One and IT Complete Single Sign-On Integration: VSA Organization Configurations.
We are pleased to introduce Single Sign-On support via Kaseya One and the IT Complete product suite for all VSA Organizations.
Simply register an On-Premise VSA server by mapping it to a unique K1 company. Your Master Admin will then authenticate it to IT Complete with a prompt that completes the Kaseya One authentication process. See the release notes for a step-by-step guide.
Agent: MSI Package installation
Executables and AV traps have never played well together. The 9.5.8 release of VSA comes with a new MSI Package installation, offering a fast and seamless sharing experience that avoids AV traps altogether. The MSI Package installation can be created or downloaded as an agent by simply clicking the new “Create .msi package instead of .exe” button.
Note: This option is only available when “Windows” or “Automatic” are chosen as the agent type.
Software Management
We’ve introduced a new View Application History popup within Software Management that includes detailed change log information on any given title. This new feature gives you full visibility into installations, uninstallations and patches deployed over time to all the software titles you manage, so that you have a ready-made record of activity.
User Portal
Submitting tickets from the VSA User Portal to Service Desk and BMS is more streamlined and robust than ever. You can now embed images in the Description and attach files when creating a ticket to easily add color and context as needed.
We’ve also added three new identification fields on the ticket creation form (first name, last name and email address) to ensure that every ticket created is associated with the correct end user.
Once a ticket is submitted, the user information will automatically be added to the Submitter Name and Submitter Email fields on the ticket in Service Desk.
If leveraging BMS, the email address from the ticket will automatically match the ticket to an existing contact record in BMS based on the “default” email address of the record.
See the release notes for details on how BMS matches single, multiple and no record scenarios.
ENHANCEMENTS
Agent App
We’ve fixed an issue where the latest available agent version was incorrect.
Agent Procedures
The option to delete managed files has been restored.
Authentication
We have updated the VSA login page to align with IT Complete design standards.
System
Machine Role Access Rights have been simplified and redundant functions have been removed so that only the Home and Tickets functions will now be displayed. We’ve also simplified User Role Access Rights and removed related redundant functions.
User Portal
End users now have the ability to submit more data on the User Portal ticket entry form when VSA is configured to use Service Desk as the ticketing platform.
VSA Core (Architecture)
VSA installer has been updated to deploy the latest .Net Core version.
DEPRECATIONS
Ticketing
VSA’s legacy ticketing module was replaced in 9.5.7a with Next Gen ticketing functionality in BMS. Now that all migrations are complete, Migrate Tickets and Email Reader functionality have been deprecated from VSA.
Discovery
References to previously deprecated Portal Access functionality from the Discovery module have been removed.
Live Connect App
Chat functionality has temporarily been removed from the Live Connect application due to error pages on agent machines from initiating sessions. Chat functionality will be reintroduced in a future release.
Learn more about the 9.5.8 release in the official release notes
The VSA 9.5.7f release includes new product features, enhancements and bug fixes:
New Feature
Remote Control: Native RDP
The New Native RDP is now launchable from Private Quick View Sessions, Live Connect menus, and a new “Control Machine” page. It works the same way as other VSA Remote Control functionality, with the added benefit of being able to separate User Role access rights. Communication between the source and target machine is enabled by VSA Live Connect, utilizing a private encrypted TCP tunnel.
Note: The New Native RDP functionality is currently only supported on Windows.
Remote Control: New Control Machine page
A new page providing a list of Agents with the ability to quick-launch Remote Control sessions has been added under Remote Control > Operations > Control Machine. Designed as an end-user landing page, it offers easy remote control access to a specific machine(s).
The Control Machine page contains a new VSA filtering capability, using a simple OR command within the same field and AND command between different fields. It can be controlled with user role access rights, which now allow for visibility of both the page itself and related actions such as “Remote Control” and “Native RDP” options.
Enhancements
Remote Control App – An automatic resolution scaling algorithm for Remote Control Shared Sessions has been added to support modern, high-resolution monitors.
Bug Fixes
Software Management – An issue with wrong language versions of some 3rd party patches being deployed for machines with Kaseya 2.0 profiles has been resolved.
More detail on the 9.5.7f release can be found in the Release Notes.
In this release we’ve made the following enhancements:
Remote Control: Disable End-user Peripherals
In this release we added new functionality for a VSA admin to control certain end-user inputs so the VSA admin can work on the remote device without disruption. This is especially useful when working with devices where the VSA admin may not have direct contact with an end user and needs to prevent the end user from interacting with the device while the remote session is in progress.
Block End-User Input — prevents the Keyboard and Mouse inputs from being used by the end user.
- The Remote Control Window has a new toolbar item: ‘Block End-User Input.’
- The feature is currently limited to Windows (Implemented for Windows VSA Agent only).
- If the end user clicks Control+Alt+Delete, they will regain control automatically.
- If ‘Block End-User Input’ is enabled and the remote session is closed, the end user will regain control automatically.
Remote Control: Removed Unsupported Toolbar Items
Menu items will be removed from the Remote Control toolbar if the feature is not supported for a given VSA agent type. For example, the “Show Mouse” and “Block End-User Input” features are not displayed for macOS as they are currently unsupported.
Remote Control/Live Connect: 1-Click Windows Security and Logging Enhancements
In this release 1-Click activity will now be logged in a way that when a technician acts on any of the prompts, the actions will be captured and available in the VSA Remote Control log.
There are three primary enhancements:
- VSA will log technician responses to the prompts presented in the Remote Control window along with information about what configuration changes will be made to the endpoint, if any.
- There are new fields in the Technician, Remote Control Log so that we can capture more information about File Transfer activities in the future.
- The type of authentication will be logged, whether Native 1-Click was used, or a specific credential from the integrated list of IT Glue credentials.
Changes to Remote Control Log Table
- Removed the Activity column
- Detail of message column was changed from x Files/Folder (s) Transferred to x Events Recorded
Changes to the Log Details Table
- Removed the columns File/Folder Name, Direction of Transfer, Result
- Added Event Type column which can have the following values:
- File Transfer
- ConfigChange
- 1-ClickLogin
- Added Message column to show Event Type details:
- File Transfer Event type messages
- ConfigChange Event type messages
- 1-ClickLogin Event type messages
Logging of RDP and NLA Configuration Changes
During 1-Click sessions and Private sessions, we present the following dialogue box to allow for permanent or temporary configuration changes of RDP (Remote Desktop Protocol) and NLA. With this enhancement, the details of these changes are captured in the VSA Remote Control log.
Allow Temporary NLA Override of Policy
When connecting to an endpoint in a Private Remote Control or 1-click session, a VSA admin can now temporarily override Group Policy Object (GPO) enforced Network Level Authentication (NLA) settings to facilitate the connection. The option to permanently override (via the above dialog box) will not be available. The configuration will be reverted to its original state at the end of the session.
Live Connect Search Filters
Added additional free text search filters for Source Name, Description and Event ID columns in Event Log viewer. To activate the filter, enter required text in the filter box and press Enter.
Discovery Enhancements
In this release, we’ve added an Organization filter to both the Discovered Devices and Topology Map. This will help you view your IT environment in ways to best suit your needs.
We’ve moved the Topology Map to a more central location. It can now be found in Discovery > Summary > Topology Map.
Info Center Enhancements
In this release, we are introducing Personal Access Tokens for VSA Users. They are used to access specific VSA APIs. The first API to support such tokens is the Data Warehouse API.
The Data Warehouse API now allows you to query data from Info Center’s AV/AM, Agent Procedure, Service Desk, Ticketing, Discovery, Software Management and other data sets.
Learn more about the 9.5.7 release in the Release Notes.
In this release we’ve made the following enhancements:
-
Database & Schema
- Removed a data de-duplication process for Agent Logs and Event Logs.
-
Installers
- Added the URL Rewrite module installation to the SystemCheck screen in KInstall. For more information, see URL Rewrite topic.
- Updated the VSA Installation Complete dialog screen to display the Installation Complete screen at the end of the installation process.
-
Live Connect
- Updated the function list displayed in Access Rights tab for User Roles and Machine Roles to match the function menu in the Live Connect application.
Learn more about the 9.5.6 release in the Release Notes.
In this release we’ve made the following enhancements:
-
Kaseya VSA Agent
- The VSA Agent is now supported on Ubuntu 20.4.
-
Audit
- Changed IP location data provider used for country mapping in from db-ip.com to ip2location.com. This will improve the accuracy of IP to country mapping.
-
Installers – SQL Support
- VSA now supports using SQL 2017 and SQL 2019 for its backend database.
-
User Interface
- We added machine view filter labels for SQL Server 2017 and 2019. A view with “SQL Server” label checked will now include machines with SQL Server 2017 and 2019, as well as all the other listed versions.
Learn more about the 9.5.5 release in the Release Notes
Kaseya Live Connect Support for Linux
In this release, Live Connect supports Linux agents for a wide range of Linux distributions (see release notes for details). Live Connect remote management for Linux devices provides the following functions:
- Asset Summary - See the following asset information
- Memory/CPU consumption
- Volumes
- Agent procedures
- List of top 5 processes
- Networking information
- Files - Get access to files/folders on the target VSA Agent. Work remotely with file systems mounted on the remote device, as well as upload and download files and folders to/from the source device.
- Terminal - Provides access to bash shell and enables interactive execution of command line utilities and scripts.
- Services - Allows limited management of the system daemons, including start, stop and status check of a particular daemon.
- Processes - Shows a list of running processes and provides the ability to kill processes. You can also get runtime information for each process.
Discovery & Topology Mapping for Virtual Machines
VSA now discovers and includes in the network topology map all VMware and Microsoft Hyper-V virtual machines in your IT environment. You can see both host and guest information.
1-Click Support for IT Glue Passwords
This enhancement expands the current functionality of 1-Click access so that usernames and passwords in IT Glue’s password vault will be available for use in VSA Remote Control for customers that have both products. There’s no need for copy/paste and you don’t need to know the actual usernames and passwords required for logins. You can use feature when using 1-Click to initiate a Remote Control session to a Windows or MacOS device.
Policy Management Screen Recording
Now you can check a box in Policy Management to record the screen for all Remote Control sessions on Windows and Mac machines.
VSA Agent Support for MacOS Big Sur
In this release, the Kaseya VSA 64-bit agent supports the macOS Big Sur (version 11) operating system.
Learn more about the 9.5.4 release in the Release Notes
Zero-configuration Standard SNMP Monitoring for Network Devices and Printers
You can now quickly deploy simple SNMP monitoring to standard network devices—routers, switches and printers, by checking a box in VSA. Eligible SNMP nodes are printers, routers, switches that do not currently have standard monitoring enabled. If a device is NOT an asset (i.e. a managed device), when the Enable Standard Monitoring option is selected, it will automatically be promoted to an asset.
You can enable standard SNMP monitoring for new or existing networks and for individual devices on a discovered network.
Remote Control Paste Clipboard Functionality
In this release, we added a new Paste Clipboard button to the Remote Control window toolbar. This allows technicians to paste clipboard text into password prompts using the Paste Clipboard toolbar button or Ctrl-Alt-V keyboard shortcut.
Remote Control Enhancement for Mouse Visibility and Control
We added a new Remote Control feature that allows administrators to observe the end user’s mouse movements. Now, the administrator mouse cursor has priority over the end user’s mouse when both are using the mouse simultaneously. Please note that as of this release this feature only works for Windows operating systems. MacOS support will be available in a future release. This feature is not supported in screen recording.
VSA User Interface Enhancements— “What’s New” and “Automation Exchange” Options
To enhance user experience, we added new “What’s New” and “Automation Exchange” buttons to the VSA Global Menu panel for accessing the associated external websites directly from VSA. The “What’s New” button provides easy access to the VSA What’s New page (this page) where you can see all of the latest VSA enhancements. The “Automation Exchange” button provides access to the Kaseya’s Automation Exchange marketplace. The new buttons are configurable through User Roles. These buttons are enabled by default.
Software Management Enhancements
- In this release, we continue to add improvements to Software Management Reporting: Is Machine Pending Reboot, Compliance Reason, Patch Completed Date columns were added to the Info Center > Configure and Design > Report Parts > Software Management > SM Status by Agent tab. The Install Status column was renamed to Patch Install Status.
- Software Management Activity Log is now available within Agent Logs > Diagnostic Logs > Endpoints. This log is cleaner, more robust in detail, and easily digestible to understand task status (Scanning and Deployment) between agent and software management to assist in troubleshooting and logging.
- Enhanced Software Management Views filtering:
- Machines Missing Patch (Identifier): now supports OR, NOT and LIKE operator types;
- Machines Installed Patch (Identifier): now supports OR, NOT and LIKE operator types;
- Filters by CVE Code: now support OR, NOT and LIKE operator types.
Kaseya One and IT Complete Single Sign-On Integration
This release adds the foundation for future IT Complete SSO logins for VSA and the upcoming Kaseya One product. This release does not change current VSA authentication methods; existing methods will continue to work post 9.5.3. We will be starting our rollout of Kaseya One in the coming months.
Learn more about the 9.5.3 release in the Release Notes.
Remote Control File Transfer Logging and Reporting
We have added a logging feature for file transfers that are performed during Remote Control sessions. There’s also a new Data Set in Info Center > Report Parts for Kaseya Remote Control File Transfer Logs.
Updated 64-bit macOS Agent
The updated VSA 64-bit macOS agent now supports both 64-bit (e.g. Catalina) and 32-bit platforms. This new agent supports the following VSA functions:
- Agent Procedures
- Agent Menu
- Audit
- Live Connect and Live Connect On Demand
- Monitoring
- Alerts
- Process Monitoring
- System Check
- SNMP Monitoring
- Policy Management
- Remote Control
- Reset Password
- Screen Recording
- User Portal
- And more
Alarm Summary Page Enhancements
Users can now directly navigate to the Network Topology Map from the Monitor > Alarm Summary page. In addition, they can easily go from the Topology Map asset QuickView to the Alarm Summary page. The Topology Map also shows badges with alarm counts on agent and non-agent devices that currently have open alarms.
Software Management Module Enhancements
The Software Management module includes reporting enhancements such as report parts for Status by Agent, Pie Chart Counts and Unapplied Patches. In addition, the Software Management dashboard now has drilldown capabilities to dive into details on software vulnerabilities.
TOTP Authentication
We have added support for the following TOTP authenticators:
- Okta
- Duo
- Authy
Learn more about the 9.5.2 release in the Release Notes.
Remote Control File Transfer
Users working in a VSA Remote Control session can now transfer files to and from the remote device without having to switch to the Live Connect application. This saves time and makes it easier to get your job done.
You can transfer files in several different ways:
- Drag and Drop
- Ctrl+C/Ctrl+V (Windows)
- Command-C/Command-V (MacOS)
- Mouse click copy-paste functions.
The new Remote Control file transfer feature includes an option called ‘Disable Remote Control File Transfer’ under the User Role Policy and Machine Policy pages. By setting this option, file transfer capabilities within Remote Control are disabled for specific User Roles, and/or specific machines. Note that VSA Machine Policy takes precedence over User Role Policy. For example, if a VSA agent has Remote Control File Transfer “disabled” in its Machine Policy, it is disabled for any VSA user when Remote Controlling that device.
‘Disable Remote Control File Transfer’ is exclusive to Remote Control and does not affect the file transfer capabilities of Live Connect.
Software Management Module Enhancements
We have made several enhancements to the Software Management module, including the following:
- System Views - Allows VSA users to use specific endpoint attributes to improve visibility and reporting. For example, you can create a View that shows you all machines that haven’t been scanned in the last 7 days.
- Progress Bar - Shows the real time status of scans and deployments
- Pre/Post Automation for Scan Profiles - now you can execute automation scripts (agent procedures) just before and after Software Management Scans
- Wake on LAN - Remotely power up machines for scanning or software/patch deployment
- Suppression Button - Makes the option to suppress patches readily available throughout the Software Management module. Suppression is an alternative to approving or rejecting patches. It gives you the opportunity to come back later and either reject or approve the patch
Mandatory 2FA for On-premises Users
When logging into VSA, 2-Factor Authentication (2FA) is now mandatory for on-premises customers. This enhances login security,which protects your business and, if you’re an MSP, it helps protect your clients’ businesses, too.
Network Visualization
Kaseya VSA now has a built-in network Topology Map showing all endpoints on the network, including both agent-based and agentless devices. VSA automatically discovers all endpoints on the network. The topology map shows you how all of those endpoints are connected. Find the Topology Map in the VSA Discovery module under Networks.
VSA Topology Map Features
- Endpoint (Asset) Up/Down Status – See the up/down status of endpoints on the network at a glance. Green circles represent endpoints that are Up, while grey circles show endpoints that are Down. Dotted grey circles show endpoints that are not under management in VSA. Endpoints that are under management are called “assets” in VSA.
- QuickView Integration — Bring up the VSA QuickView window for an endpoint by clicking on it in the topology map. QuickView is available for both agent based and agentless (e.g. network) devices.
VSA QuickView Window for an Agent Based Device
Get complete visibility of your IT networks and quickly pinpoint the root cause of an IT incident. Easy access to the QuickView window allows you to manage endpoints and troubleshoot issues using automation scripts (agent procedures), Remote Control and Live Connect.
Kaseya Fusion Mobile App (Coming Soon!)
The Kaseya Fusion mobile app now supports execution of VSA scripts (agent procedures). You can select the top six agent procedures you want to have available in the ‘actions tab’ in the mobile app. Run scripts on the go from your mobile device!
The Kaseya Fusion mobile app also provides visibility into VSA’s detailed asset information.
VSA Workflow Integrations
VSA has seamless workflow integrations with BMS, our Professional Services Automation solution for MSPs, Vorex, our Service Desk for internal IT, and IT Glue, our automated IT documentation solution. These integrations bring the power of VSA automation to the Service Desk and IT documentation.
BMS/Vorex Integration with VSA — Now you can automatically execute VSA Agent Procedures from workflow rules in BMS and Vorex. For example, if VSA endpoint monitoring creates a ticket with “Disk space low” in the description, the BMS/Vorex Service Desk workflow can automatically execute a VSA agent procedure to clear disk space. Leveraging the power of service desk workflows and agent procedures, the possibilities are limitless. A record of the agent procedure execution will be recorded in the ticket activity notes and will be saved in a new ticket audit log.
IT Glue Integration with VSA — The workflow integration between IT Glue and VSA allows you to execute VSA agent procedures (scripts) on the IT Glue Configurations page. No need to jump out of your IT documentation solution and over to your RMM. You can also easily access remote endpoints from IT Glue using VSA Live Connect.
64-bit Agent & macOS Catalina Support
Kaseya is re-architecting the Kaseya VSA agent to support both 32-bit and 64-bit operating systems, including the macOS Catalina release. The initial release of the macOS 64-bit agent supports Agent Status, Remote Control, and lightweight Inventory/Audit capabilities. Additional capabilities will be added in future releases.
VSA displays the agent status icon on the menu bar. Inventory/audit information includes system information, CPU, RAM, network information, BIOS, disk information and more.
Software Management Module Enhancements
Native Windows Patching Support — VSA Software Management can now use native Windows patching functionality to deploy Windows operating system patches Configure Windows update settings in VSA and use VSA to control how Windows will manage its own patching process. VSA will also enforce the Windows configuration settings you configure by automatically reverting them if a local admin makes changes.
Control the following Windows versions—Windows 7 SP1 to 10, Windows Servers 2008 R2 to 2019.
Enhanced Procedure Editors
This release includes improvements to the Procedure Editor, introducing a new user interface and eliminating dependency on Adobe Flash. Enhancements include:
- Improved performance
- Auto-save
- Dark mode (choose light or dark mode options)
- Enhanced copy and paste options
- Multi-tabbed editing
- New Quick Action toolbar — quickly initiate commonly used actions with a single mouse click
- View procedure properties and add documentation to your script in the description field within the Procedure pane (see screenshot below)
- And many more user experience (UX) improvements
Software Management Module Enhancements
Skip if Offline — In past VSA releases, scans and deployments would skip any offline agents. With this enhancement, tasks for offline agents are queued and executed when the agent comes back online. You can opt to skip scan and deployment tasks for offline agents by checking the Skip if Offline option when adding or editing profiles. If the Skip if Offline option is checked, the task is skipped instead of being queued and executed once the agent is back online.
Two-Factor Authentication (2FA) Support
VSA now provides native 2FA support for logging into the application. This enhances the security of your business by combating brute force and phishing attacks, as well as attacks that leverage stolen credentials. To log in to VSA using 2FA, the user must enter their username/password credentials and a Time-based One-Time Password (TOTP). A TOTP is an authorization code generated by an authenticator application and is valid for a limited time. VSA 2FA uses freely available authenticators, including Google Authenticator and Microsoft Authenticator. 2FA is mandatory for all VSA SaaS customers.
Software Management Module Enhancement
Distribution Window — a Distribution Window has been added to the Schedule settings on the Scan and Analysis and Deployment pages. The Distribution Window allows the VSA to spread workloads across a window of time so that all devices do not perform a given task simultaneously. This reduces the impact on your network and VSA server resources that are being used for that task.
