Announcing Boundary Desktop embedded terminal, LDAP support, and more
HashiCorp Boundary 0.14, with an embedded terminal in the desktop client and LDAP GA support, is now available for download as well as for use on HCP Boundary.
HashiCorp Boundary, a modern privileged access management (PAM) offering for cloud-driven environments, provides just-in-time access to infrastructure without requiring end users to manage IP addresses or credentials. Boundary also ensures an organization’s infrastructure is secure and compliant by using identity driven controls and ensuring least-privilege access, session and credential expiration, and session recording. These new capabilities help organizations streamline their user workflow as they leverage a cloud operating model for secure remote access.
Boundary 0.14, which we are announcing today at HashiConf, adds important new functionality, including:
- Dramatically improved SSH access: Users can now seamlessly establish and connect to SSH sessions directly in the Boundary Desktop client.
- Expanded authentication options: Boundary 0.14 includes a fully instrumented LDAP auth method, with support in both the desktop client and admin UI.
- Enhanced security removing hard-coded credentials: AWS administrators now have enhanced security and access control for their most sensitive recordings with the addition of AssumeRole authentication for storage buckets.
Here’s a closer look at the new capabilities:
»Boundary Desktop embedded terminal
Almost two years ago, we launched Boundary Desktop, an easy way for end users to securely establish sessions to machines across their environment. Since then, we’ve been working hard to add important new features, like SSH credential injection and session recording.
Boundary 0.14 includes our biggest update yet to Boundary Desktop: an embedded terminal. Our goal with Boundary Desktop is to centralize the experience of connecting to a resource for any type of user. The embedded terminal provides a seamless, end-to-end experience that guides users into securely establishing sessions. This new experience reduces steps and decreases the risk of human error when connecting to desired resources.
Launching an SSH session in HashiCorp Boundary 0.14 using the embedded terminal
If your users prefer to use their own clients to establish connections rather than the embedded terminal in the Boundary Desktop, you can still establish sessions just as you did before, but now there’s additional helper information available directly in Boundary Desktop.
Connecting to a target using the Boundary Desktop helper command
We’re excited to share the embedded terminal with the Boundary community. The embedded terminal works with any edition of Boundary and can be used with both TCP and SSH targets. To get started, download the latest Boundary Desktop binary.
»LDAP auth method reaches general availability
Boundary 0.13, released in June, included an LDAP auth method in beta supported in the CLI, API, and HashiCorp Terraform provider. This allows users to set up and manage LDAP-based auth methods, adding a third auth method to the existing username/password and OIDC authentication options.
In Boundary 0.14, we are bringing full admin UI and Boundary Desktop client support for LDAP auth methods, allowing users to more seamlessly log in with LDAP as their primary auth method. To get started with LDAP authorization, check out our documentation.
A configured LDAP auth method in the Boundary 0.14 admin UI
»AWS IAM AssumeRole authentication for storage buckets
With the release of SSH session recording in Boundary 0.13, we introduced storage buckets, a Boundary resource used for securely storing recorded sessions, scoped to support Amazon S3 with access keys. In Boundary 0.14, we're enhancing storage bucket support by allowing AWS administrators to utilize AssumeRole authentication when configuring their storage bucket, strengthening security by removing the need for static, potentially long-lived credentials in your Boundary environment.
AssumeRole storage buckets config in the admin UI
»Get started with Boundary 0.14
We are excited for users to try the new Boundary features landing in 0.14, which make it even easier for users to securely connect to their resources. Administrators have the option to deploy a HashiCorp-managed Boundary cluster using the HashiCorp Cloud Platform (HCP) or a self-managed Boundary cluster. Here’s how to get started:
- Download the Boundary 0.14 release
- Sign up for a free HCP Boundary account
- Get up and running quickly with our getting started with Boundary tutorial
- Download the free Boundary Desktop client
- Check out the LDAP auth method documentation
- To request a Boundary Enterprise trial, contact HashiCorp sales
Sign up for the latest HashiCorp news
More blog posts like this one
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Secure remote access to private HTTPS targets with HashiCorp Boundary
Learn how Boundary can act as a true VPN replacement by securing remote access to private HTTPS endpoints with transparent sessions.
Boundary 0.18 adds transparent sessions for streamlined connections
Boundary 0.18 adds transparent sessions: an improvement to the core Boundary workflow enabling authorized remote users to securely connect to infrastructure resources in one step.