Announcing Boundary session recording, self-managed Boundary Enterprise, and more
Additional new HashiCorp Boundary 0.13 capabilities include LDAP auth method, customer-specified HCP Boundary maintenance windows, and other improvements.
Today at HashiDays, we announced the release of HashiCorp Boundary 0.13, which adds major new functionality, including the highly requested SSH session recording capability, as well as a new self-managed edition, HashiCorp Boundary Enterprise. Boundary provides identity-based remote access to infrastructure for individuals and teams at any scale. Boundary 0.13 is now available for download as well as for use in HCP Boundary.
Additional highlights in Boundary 0.13 include:
- LDAP auth method (beta)
- HCP Boundary maintenance windows
- OIDC authentication improvements
- More improvements, which can be found in the Boundary Release Notes
» SSH session recording
In highly regulated environments, a common requirement and challenge is having a system of record that archives actions taken on the network so that organizations can improve their security posture and enhance compliance. In Boundary 0.13, we’re launching Boundary’s most-requested feature, SSH session recording. Session recording allows administrators to get insight into user actions over remote SSH sessions in order to meet various regulatory requirements for organizations and prevent malicious behavior. Administrators can enable session recording on SSH targets in their Boundary environment, store signed recordings in their Amazon S3 storage bucket, and replay recordings back within the Boundary admin UI.
Recorded sessions are converted into a Boundary session recording (BSR), a binary file format and specification we’ve created to define the structure of recording files.
BSR is designed to:
- Support the recording of both multiplexed and non-multiplexed protocols
- Allow recordings of independent byte streams in a session to be written in parallel
- Support an optimal user experience during playback
- Be extensible to support more protocols in the future
BSR contains all of the data transmitted between a user and a target during a session and is available within your storage bucket. Additionally, these files are signed to ensure they’re tamper-proof.
SSH session recording is available as a part of the new Plus tier in both Boundary Enterprise and HCP Boundary. Watch the video demo from HashiDays below:
» HashiCorp Boundary Enterprise
Previously, there were two editions of Boundary: Boundary open source (OSS), launched in October 2020, and HCP Boundary, launched in October 2022. Boundary OSS allows users to deploy and test out Boundary in their own environment but it does not include enterprise capabilities. HCP Boundary does include enterprise features and is offered as a cloud-managed solution, making it simple to deploy and maintain. However, in highly regulated environments, organizations are often prohibited from adopting cloud-managed solutions due to data sovereignty and data privacy requirements.
Today we are announcing the general availability of self-managed Boundary Enterprise, which enables organizations in highly regulated industries to deploy HashiCorp Boundary in their desired public or private clouds to let their teams securely access hosts and services consistently across any environment. Boundary Enterprise has the same features as HCP Boundary; the only difference is where Boundary is deployed and who maintains it.
You can find a breakdown of features across Boundary editions on the Boundary pricing page. The release of Boundary Enterprise comes with seamless OSS-to-Enterprise migration support. Learn how to upgrade to Boundary Enterprise here.
You can request a Boundary Enterprise trial by getting in touch with our sales team.
» LDAP auth method and LDAP managed groups (beta)
Boundary 0.13 now introduces LDAP auth methods and managed groups — features that enable organizations to integrate their directory services directly with Boundary via the LDAP protocol.
Organizations store usernames, passwords, email addresses, and groups, along with other data, within their directory servers (such as Active Directory and Free IPA). LDAP is an open, vendor-neutral application protocol for accessing and maintaining that directory data.
Boundary now includes an LDAP auth method that lets Boundary delegate authentication to an LDAP directory. The first time a user successfully authenticates using an LDAP auth method, a new LDAP account is created using the user’s account login name. If groups are enabled for an LDAP auth method, then each time a user is authenticated, their account’s group memberships are updated in Boundary. LDAP-managed groups allow administrators to assign roles within Boundary based on an LDAP account’s group memberships.
CRUD support for these new features is available through the CLI, API, and SDK, as well as HashiCorp Terraform. Users can log in with LDAP through any of their Boundary clients, including the CLI, Boundary Desktop, and the Boundary admin UI. Support for LDAP auth method CRUD operations via the Boundary admin UI is planned for an upcoming release.
You can learn more about Boundary’s new LDAP capabilities by exploring the domain documentation:
» HCP Boundary maintenance windows
Previously, updates to Boundary were manual. Today with this release, customers can select a maintenance window for their HCP Boundary cluster in order to prevent disruptions from updates being applied. Admin users can select from two options:
- Automatic updates the cluster as new versions of Boundary are released for the HashiCorp Cloud Platform.
- Scheduled allows users to select a day and time window during which the update will be performed.
For more information about this functionality see the HCP Boundary maintenance windows documentation.
» Get started with Boundary 0.13
HashiCorp Boundary offers secure, remote-access management across any environment. The capabilities introduced in Boundary 0.13 — including SSH session recording, the new self-managed Boundary Enterprise edition, the beta release of a new LDAP auth method, HCP Boundary maintenance windows, and OIDC authentication improvements — make Boundary an even more powerful tool for identity-based network access.
Get started with Boundary 0.13 on the HashiCorp Cloud Platform immediately with our getting started tutorial. You can request a Boundary Enterprise trial by contacting sales.
Sign up for the latest HashiCorp news
More blog posts like this one
HashiCorp at re:Invent 2024: Security Lifecycle Management with AWS
A recap of HashiCorp security news and developments on AWS from the past year, for your security management playbook.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Secure remote access to private HTTPS targets with HashiCorp Boundary
Learn how Boundary can act as a true VPN replacement by securing remote access to private HTTPS endpoints with transparent sessions.