Release Notes
Anyware Trust Center 25.03.0
Version 25.03.0 of the Anyware Trust Center contains bug fixes and stability enhancements. Additionally, it also includes the following:
Support for Imprivata Authentication
Version 25.03 of the Anyware Trust Center supports Imprivata OneSign for authenticating Trusted Zero Clients connecting to Horizon hosts. Imprivata OneSign enables users to access corporate networks, desktops, and applications with a single sign on. This reduces the need for maintaining separate passwords and prevents unauthorized access.
For more information, see Enabling Imprivata Authentication.
Trust Center Installation with DISA STIGs
In version 25.03, support has been added to enable the installation of the Trust Center on servers and virtual machines that comply with the security policies and configurations recommended by the US DOD Cyber Exchange. For this purpose, a new configuration called `fapolicyd` has been added, which allows the Trust Center components to run on servers that adhere to STIG requirements. For more information see Trust Center Installation with DISA STIGs.
SIPR/NIPR Network Migration
In version 25.03, support has been added for securely migrating Trusted Zero Clients between SIPR, NIPR, and insecure networks. When re-commissioning a Trusted Zero Client for use on a SIPR/NIPR or insecure network, specific steps must be followed to completely erase all local data and configurations. This prevents accidental or malicious access to critical data during network migrations, and ensures compliance with security recommendations.
Support for Darksite Upgrades
Version 25.03 now supports upgrade of Trust Center that does not have a connection to the public internet. Upgrading a dark site requires a temporary internet-connected machine, which downloads the required packages to create an upgrade bundle. The upgrade bundle is transferred to the dark site machine and used for upgrading Trust Center.
The dark site installer for 25.03 also includes a few changes from how the commands are run, from the original 24.07 release.
For more information, see Darksite Upgrade of Trust Center.
Support for Uploading OTA packages to Darksite Trust Center
As Darksite Trust Center operates without internet connectivity, automatic OTA updates are not possible. Version 25.03 addresses this limitation by introducing a new command for managing firmware within the Trust Center. Administrators can now download as well as upload OTA packages to the Trust Center server without the need for opening an internet connection.
For more information see the following topics:
Other Update
To limit the amount of sensitive data saved into Anyware Trust Center support bundles, the auto-generated Trust Center admin password, typically used as the default password, will no longer be saved to the configuration file. This limits the exposure of sensitive data, and prevents its accidental access.
MariaDB is no longer required
MariaDB usage has been merged into MongoDB; therefore MariaDB is no longer deployed with the Trust Center. This simplifies end-user management of persistent stores and reduces memory and CPU footprint within the Trust Center.
Endpoint is now disconnected from the Anyware Trust Center when deleted
Previously, deleting an endpoint from the Anyware Trust Center required that the endpoint either be disconnected from the network or powered off prior to deleting it from the Anyware Trust Center. Now when a endpoint is deleted, the Anyware Trust Center automatically disconnects it.
Hostname validation during installation
The Anyware Trust Center installer now checks if a static hostname is set and errors out if it is not, presenting the user with information on how to resolve the issue. This is to prevent an issue where on some flavours of Rocky Linux and RHEL where the hostname can change on reboot, the Anyware Trust Center will not start due to its network and security policies.
Improved Darksite installation error handling
Improved messaging in the Anyware Trust Center installation output to notify end user of missing dependencies, so end users can identify the issue and resolve quickly. The installer will also now automatically install Docker if it is not already installed.
Support for Dark Site OTA Updates
Anyware Trust Center now supports downloading and packaging OTA updates for dark site installations. The updates packages may be transferred to dark sites and uploaded to the Anyware Trust Center using a new upload command. See the admin guide for more details.
Kafka now uses KRaft
Anyware Trust Center now uses KRaft for Kafka, removing the dependency on Zookeeper. This greatly simplifies Kafka’s deployment by consolidating responsibility for metadata into Kafka itself, rather than splitting it between two different systems: ZooKeeper and Kafka.
Support for Dark Site Upgrades
A darksite Anyware Trust Center can now be upgraded using a new prepare upgrade command available on the download site. This follows the same procedure for dark site installation. See the admin guide for more details.
Anyware Trust Center Is Unresponsive After Hostname Change
If the hostname of the machine on which the Anyware Trust Center is installed changes after installation, the Trust Center will not start properly.
To fix this issue, set a persistent hostname on the machine before installing the Anyware Trust Center.
Note: This hostname can be anything, but is usually the machine's DNS name on the local network.
To do this, run the following command before installing the Trust Center:
hostnamectl set-hostname <desired hostname>