- Code42 for Enterprise
Upgrading from version 220.127.116.11 to 18.104.22.168 of the Code42 platform introduces many new features, fixes, and enhancements. Highlights include:
- CrashPlan support for AES 256-bit encryption.
- Expanded security and identity management integrations.
- Deliver higher level of security via two-factor authentication with access-challenge.
- Leverage existing and multiple SSO identity providers, including Ping Identity, Okta, Shibboleth, and Centrify.
- Federated identity management via support for InCommon and Microsoft Active Directory Federation Services (AD FS).
- Increased control and visibility of endpoint data.
- Improved view of the Destinations monitoring page in the Code42 administration console.
- Enhanced data security option to disable user-initiated restores from the CrashPlan app.
- Disables HTTPS ciphers that are vulnerable to the FREAK attack.
- Improves security of server-to-server and server-to-client messaging.
- Improvements to client application security.
- New Code42 server installations now default to requiring SSL.
- Security improvements to the Code42 API.
- Improves authorization token security.
- Improves clickjacking protection.
- Improves cross-site scripting protection.
- Improves data key security.
- Improves SQL injection protection.
- Resolves Java security issue.
- Security improvements to logging.
Due to a security update to the Code42 cloud, you must upgrade your Code42 environment to version 22.214.171.124 or later before March 1, 2016 if your on-premises authority server connects to the Code42 cloud. Beginning March 1, 2016, the Code42 cloud will not accept connections from versions 4.3.2 and earlier. This means backups and restores to the Code42 cloud will stop working.
For more information on this required upgrade, review the Code42 Public Cloud Version Policy.
- CrashPlan now supports the Advanced Encryption Standard (AES), which offers another option for ensuring data is highly secure.
- AES 256-bit encryption is enabled by default for new Code42 environments. Existing installations that upgrade to version 4.2.0 can enable AES 256-bit encryption for CrashPlan data via the administration console command-line interface.
The Code42 platform now supports RADIUS two-factor authentication with access-challenge. This provides enhanced security for all devices connecting to your Code42 environment by requiring a user to not only know the username and password, but to also enter a single-use—and frequently time-sensitive—code sent to the user's email, phone, or other device.
Two-factor authentication in the Code42 environment is compatible with RADIUS servers, including FreeRadius, Microsoft NPS, and Gemalto IDConfirm.
- Federated Identity Support: InCommon & AD FS: With enhanced SAML 2.0 support, the Code42 platform can now be integrated into a federated SSO environment. This enables administrators to easily manage user authentication when signing in to CrashPlan. It also provides a consistent security model for all user services.
- Support For Multiple Identity Providers In A Single Environment: The enterprise server now supports the ability to authenticate users through multiple identity providers in a single environment. Each organization can be configured to offer one or more identity providers, and when signing in, users select from the list of SSO providers defined by the administrator.
- Improved SAML 2.0 Integration: The enterprise server is now compatible with additional SSO providers and federations, including:
- Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2
- Single Sign-On With LDAP Authorization: The Code42 platform now supports single sign-on (SSO) for authentication and LDAP for authorization and user management in the same organization. Using SSO and LDAP together combines the security and ease-of-use benefits of SSO with the advantages of leveraging your existing LDAP directory structure for user management.
CrashPlan can be configured to support your organization's compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). For detailed information on using CrashPlan in a HIPAA environment, please review CrashPlan & HIPAA Compliance.
Version 126.96.36.199 further improves upon the enterprise server recovery process by introducing a transaction recovery log that captures critical information about recent server activity. The transaction recovery log supplements the existing enterprise server database recovery process and enables administrators to recover server activity occurring between the daily database dump and a system failure.
At the end of the enterprise server installation, or when you launch the server application on the local server from the Start Menu (Windows) or from Applications (OS X), your default browser opens and connects to the administration console. This functionality replaces the PROe Monitor application included in previous versions of CrashPlan PROe.
The administration console now provides a simple, comprehensive view of usage, system health, storage, capacity, and licensing, making it much easier for administrators to view and manage their Code42 environment as a whole. Improvements include:
- Dashboard now focuses on overall system-level health
- New data visualizations present overall storage data
- Streamlined list and detail views emphasize actionable information
For a detailed guide to the changes, see Changes To The Administration Console In Version 4.1.
IT administrators can now purchase, monitor, and manage CrashPlan licenses directly from the administration console. Enhancements include:
- The administration console's Licensing screen has been redesigned to improve clarity and simplify the experience.
- Any user licenses that you purchase are now applied to your Code42 environment automatically.
- You can now purchase licenses directly from the administration console.
- Single user licenses are now available for purchase so you can easily add user licenses as your organization grows.
- You can now specify a license start date and term to sync your license end dates with your budget cycle.
Revisions to the Code42 administration console Destinations screen provide a more intuitive view of your environment's destinations, servers, and store points. The revised interface provides a hierarchical drill-down view of storage and an at-a-glance roll-up of individual store points and server status.
Administrators can now use custom roles to prevent users from being able to perform self-service restores from the CrashPlan app. This allows organizations that demand the strictest controls over their corporate data to prevent unauthorized restores.
Additional Fixes And Enhancements
Upgrading from version 188.8.131.52 to 184.108.40.206 also includes numerous other fixes and enhancements to the Code42 platform, administration console, CrashPlan app, and Code42 API.
- Security updates.
- Stability and performance improvements.
- Fixed an issue where emptying a store point failed to move cold storage archives.
- Fixed an issue where balancing failed for cold storage archives.
- Logging improvements.
- An error is no longer generated when LDAP sync uses the org script to add an organization with a long name.
- Improvements to server-to-server sync processes.
- Numerous fixes for print views throughout the administration console.
- The password field is now displayed correctly when editing the local administrator's user account.
- After removing a backup set via Device Backup Settings, you are now able to save the configuration change.
- Corrected a display issue with Licensing when viewing the administration console with Firefox.
- Updated the error page that displays when Internet Explorer is running with Compatibility View enabled.
- Corrected an issue preventing search for files when performing an administrator restore.
- When manually upgrading a CrashPlan device, the confirmation message now includes the correct version number.
- After completing a block or unblock action from the Organizations Overview, the selection list clears properly, allowing you to perform another action.
- You are no longer able to enter negative values for Device Backup Settings or Organization Settings where negative values don't make sense.
- Removing a store point no longer incorrectly displays an error message.
- Viewing a User list that has no items now correctly displays a message to indicate that there is nothing to display.
- From the Archives List, deselecting archives now correctly clears them from the selection.
- Clicking the Private address field from Server Edit now no longer incorrectly displays a red X with "Missing Host" message.
- Extraneous parameter from StoredBytesNLargetResource API removed.
- LDAP sync can update first and last names if LDAP entry changes (usernames and email addresses remain unchanged).
- Corrected an issue that created too many copies of the enterprise server's app.log file.
- Improvements to off-heap memory consumption for enterprise server.
- You are now able to purge a CrashPlan archive from cold storage.
- Script to restore a database dump (restore_database.sh) no longer uses kill -9 command, shutting down the enterprise server process more gracefully.
- Additional diagnostic information added to enterprise server logs in cases where the enterprise server service fails to stop.
- Deactivating a device from the administration console now correctly updates the storage server's database.
- Addressed issue with syncing between provider (cloud) destination and dependent master server.
- Manually deleted archives are now purged instead of soft-deleted.
- Addressed issue causing manual archive migration to fail intermittently.
- "Destination request failed" error no longer occurs after destinations are no longer offered to a provider organization.
- Corrected an issue with store points that include non-ASCII characters in the file path.
- Moving a storage server back to original destination now works correctly.
- Linux enterprise server install scripts have been updated to use Code42 branding.
- Addressed issue affecting LDAP sync when a user changes name.
- New top-level domains are now recognized
- In new environments, Time Machine backup files are now excluded from CrashPlan backups by default.
Existing environments are unaffected.
- Corrected an issue with provider sync affecting some environments that have an on-premises master server and use storage in a provider configuration. The issue affected environments that use Code42 cloud storage or other non-Code42 provider destinations.
- SYSADMIN users' web restore permissions are no longer removed after upgrading to enterprise server version 220.127.116.11 or later.
- Improved clean-up process for expired archives on the enterprise server.
- Administrators are now able to delete destinations that are part of a deactivated organization.
- Backups now start automatically when moving a user to a different organization that offers a different destination (if the new destination is configured to do so).
- Improved RFC-compliance for system-generated emails.
- User email addresses can now contain apostrophes.
- Corrected an issue that could cause private cloud deployments with over 5,000 user devices to experience low disk space on the on-premises master server.
- Changing LDAP role mapping now correctly applies user roles in the Code42 environment after running LDAP sync.
- The name of the script to reset the administrator username and password changed from "reset_admin_password" to "reset_admin_credentials."
- Improved LDAP sync logging for accounts with missing names or email addresses.
- In Code42 environments with organizations using SSO and LDAP together or RADIUS and LDAP together, other organizations can now use LDAP for authentication.
- Users can now register new accounts with organizations that use SSO and LDAP together if the CrashPlan app is configured to defer passwords.
- In LDAP environments, mixed case email addresses no longer trigger unnecessary sync updates.
- Fixed issue where, in rare circumstances, duplicate usernames could be created in an organization.
- New enterprise server installations now require SSL by default.
- Version 4.2.0 and later of the Code42 platform no longer supports 32-bit Windows enterprise servers.
- Corrected issue where previously upgraded devices could auto-upgrade even if automatic upgrading was disabled.
- Fixed rare issue in large environments where information could be missing from the beginning of the app.log file.
- Improved error messaging when attempting to create a user with a username that is not an email address.
- Administrators can now change the default server connection timeout and retry values via the administration console CLI.
- Improved error handling when the enterprise server fails to start.
- Corrected date formatting for Dutch language in the administration console.
- Manually purging an archive from cold storage now correctly removes the archive immediately from disk.
- Backup alert settings for child organizations now correctly inherit values from their parent organization, not the default organization.
- When registering new users via LDAP, the Active and Role Name scripts now run immediately, ensuring custom roles and active status are applied.
- Restored missing assets to CrashPlan deployment materials provided with the enterprise server.
- Improved compatibility with single sign-on SAML 2.0 identity providers.
- Improvements to LDAP sync.
- Corrects an issue that could prevent archive maintenance from running automatically.
- Corrects a rare issue for customers using a provider storage destination who upgraded from version 18.104.22.168 or earlier that could cause users' web restores to fail and/or result in newly-created user accounts being unable to connect to the provider storage destination.
- Performance and stability improvements.
- Security updates.
- The unblock action is now dimmed and disabled when a device is currently in an active and unblocked state.
- Corrected text overflow issues when the German language is selected.
- The Archives List no longer displays "No Archives", when selecting the Stored value for an archive that is not stored on the local server.
- Required fields must now be populated in the Add Organization dialog before the Add button becomes active.
- "Export All" now appears above "Print" in the action menu when in Archive Maintenance view, making this consistent with the rest of the administration console.
- A scroll bar now appears when the left navigation menu is taller than the browser window.
- Alerts now render properly after re-sizing columns and switching between filtered views.
- When performing an administrator restore, enabling Display deleted files no longer forces a refresh of the entire page.
- When updating settings for a specific device, the Lock and Push confirmation now displays text correctly.
- On Destinations Overview and Servers Overview, the Activity column title changed to Open Archives to more accurately reflect what is being measured.
- On Destinations Overview and Servers Overview, added a column for Connections to reflect the number of devices currently connected to the enterprise server.
- References to Sessions throughout the administration console are now titled Connections to more accurately reflect what is being measured.
- Language of instructions in enterprise server upgrade dialog has been corrected, and now specifies that a double-click is required to upload the upgrade file.
- The dialog when upgrading a single device from Device Details now displays the correct version numbers.
- Backup selected size has been added to the Device Details for CrashPlan devices.
- You can now sort the Organization, Device, Archive, and Archive Maintenance list views by the service column.
- An organization administrator is now able to deauthorize a device.
- Updated translations.
- Revised welcome experience.
- Updated user invitation message.
- Branding and terminology updates.
- Server details page warns if storage server is offline.
- Corrected several minor display issues.
- Push restore now correctly displays the restore size by file size and number of files.
- Storage Quota in User details renamed to Backup Quota.
- Addressed issue causing administration console to display incorrect "accepting new device" status for store points.
- Updated action menu option for device details from Scan Folders to Verify File Selection to match the CrashPlan app.
- File verification scans initiated from the administration console now perform the same tasks as scans initiated from CrashPlan apps.
- Addressed issue causing browser crash in Internet Explorer 11 when selecting non-default backup sets.
- The administration console CLI now errors when required parameters are missing.
- Improved messaging when searches from the administration console return no results.
- Added context-sensitive tool tips to icons on Destination screen.
- In Destinations, changed title of first screen in left-navigation menu to Overview.
- Selecting “Registration Information” from the Licensing action menu now correctly displays registration information.
- Improvements to logging.
- Link in server trial expiration email now goes to the in-console licensing screen instead of the enterprise store.
- Characters entered in the Backup Device Settings screen are no longer partially obscured in some web browsers.
- Clicking the user column of a hosted organization with no destinations no longer results in a “page not found” error.
- Search performance improvements.
- Fixed a rare known issue that could prevent an administrator from being able to push a new or changed device setting to multiple devices.
- In LDAP environments, you can now search for and invite users by LDAP username.
- Browsers that don't allow 3rd party cookies no longer intermittently prompt users to sign in again during web restores.
- Minor updates to improve clarity of menu item text in the Store Point action menu:
- Resume Activity is now Resume Incoming Data.
- Pause Activity is now Pause Incoming Data.
- Accept New Devices is now Accept New Archives.
- Reject New Devices is now Reject New Archives.
- Administration console statistics now include the total number of active CrashPlan archives when listing the number of connections to each enterprise server.
- Improvements to accuracy of dashboard graphs and statistics.
- User devices are now sorted alphabetically by device name in the User detail view.
- In Organizations > Overview, the Backup column is now labeled Backup Devices.
- From Organizations > Overview, clicking a value in the Backup Devices column now displays the list of devices for users in that organization.
- Organization display names now render correctly in the Change Parent Organization dialog box.
- When exporting a user list from the administration console to a CSV file, the Last Login Date column is no longer blank.
- Clicking the Device Name column header from a User's detail screen no longer displays a system error dialog.
- Corrected issue where in some circumstances, environments with active perpetual licenses incorrectly saw Code42's licensing store.
- Fixed rare issue where the administration console cache could apply changes to the wrong organization.
- Corrected issue where in some circumstances, the computer count in the Organizations Overview included local backups.
- Selecting Print from an action menu in the administration console no longer prints extraneous information or fails to print at all.
- Support for AES 256-bit encryption.
- Security updates.
- Performance and stability improvements.
- Improved warning when deselecting files from backup selection.
- Restore and backup logging now occurs even while CrashPlan app is paused.
- Better handling of individual files selected for backup with large amounts of metadata (over 1 MB per file).
- Improved labels for CrashPlan archive encryption key security options on Settings > Security screen.
- The system tray application now launches upon system startup when Launch system tray on startup is enabled.
- The Windows CrashPlan service is now digitally signed.
- Improvements to the upgrade process in the OS X CrashPlan app when applying upgrades that span multiple versions.
- OS X Yosemite v10.10 compatibility.
- OS X Yosemite users can now open the CrashPlan app from the CrashPlan menu bar.
- Added OS X Yosemite compatibility to the CrashPlan app code signing process.
- Removed legacy uninstaller app from within the CrashPlan app bundle.
- The OS X custom installer now correctly populates custom server address.
- For users who had uninstalled and then reinstalled CrashPlan, the “Forgot password” link on the “Use existing account” sign in screen now correctly points to the password reset page.
- CrashPlan apps with default memory settings now correctly only restart once after upgrading to a new version.
- Changing the username or email on the Settings > Account screen no longer requires also changing the first or last name in order to save.
- Pre-populated properties now correctly appear when using a custom installer to deploy the CrashPlan app as user rather than root.
- Corrected a case sensitivity issue for systems formatted with the Mac OS Extended (Journaled, Case-Sensitive) file system (HFSX).
- Installing the CrashPlan app on Linux now also downloads and installs Java Runtime Environment version 1.7.0_45. This means that you are no longer prompted to install Java during installation.
- The CrashPlan app no longer closes after installation in some Linux environments.
- The real-time file watcher now runs for kernels that do not match the form x.x.x.
- Installer now installs CrashPlan app in a subdirectory named
- Installer now uses the correct link when downloading the Java Runtime Environment (JRE).
- Stability and performance improvements for iOS 8:
- Minor UI fixes and updates for iOS 8.
- Improved performance in portrait mode on iPads running iOS 8.
- "About" information now displays properly on iOS 8 devices.
- Corrected a display issue making some text on the Home screen unreadable.
The Windows Phone operating system is being retired as a supported platform for Code42 products, beginning with major software version 4.0. That means Code42 will not develop software for the Windows Phone operating system for any major version of Code42 products beyond major version 3. Code42 is committed to testing, maintaining, and supporting all installations of Windows Phone version 8 and Windows Phone version 7.5 until CrashPlan version 3 software reaches end of support.
For full details, see Windows Phone Platform Retirement.
Since the CrashPlan app for Windows Phone will not receive a 4.2 upgrade, Windows Phone devices cannot restore from archives that use AES 256-bit encryption.
Code42 API Fixes And Enhancements
See Changes To The Code42 API For Private Cloud Version 4.2 for complete details about the specific changed and deprecated resources and parameters. Review your scripts, integrations, applications, and reports that utilize the Code42 API and update them as needed.
The API Documentation Viewer also lists up-to-date details about all API resources and parameters.
Updates To Existing Resources
The following changes may affect any existing scripts or integrations that leverage the Code42 API. We recommend reviewing your existing scripts or integrations prior to upgrading to version 22.214.171.124.
- Security updates.
- PlanUser resource now returns first name and last name.
- Org resource no longer errors when sorting by orgId parameter.
- Clicking a link in the API Doc Viewer now goes to the correct section of the page.
- API Documentation Viewer now displays example output.
- Updated content in the API Documentation Viewer for the following resources:
- FileVersions now returns uids instead of URIs or URLs.
- SystemSettings uses a new format for GET and PUT methods. Old formats are no longer accepted.
- SystemSettings no longer returns planUid or id.
- StorePointCommand superseded by new StorePoint DELETE method.
- PlanArchiveSession no longer accepts storageGuid or userUid.
- PlanDevice no longer returns the device “type”.
- The following endpoints now support Cross-Origin Resource Sharing (CORS), securely enabling more flexible use of the API:
- Server now offers "this" option for the GET method. It is now possible to use "Server/this" instead of providing the server ID.
- Returns new errors: ACTIVE_LICENSE, ORG_TYPE, USER_ROLE
- Allows the currently authenticated user to successfully use the resource. The PUT method now includes the "my" option, making it no longer necessary to include a user ID in the call.
- Accepts "targetGuid" as a parameter for GET.
- Now outputs error 400 instead of 500 when neither targetGuid nor targetComputerId is provided.
- ProductLicense can now accept a list of licenses instead of just one license.
- coldStorage provides a new output value for the GET method, sourceComputerService, with two possible values: SharePlan or CrashPlan.
- Output is more relevant and accurate.
- Now filters out file versions with a creation date over 30 days old, unless latest version is older than 30 days.
- FileInfo provides better error messaging.
- Archive accepts a new parameter, targetGuid, for the GET method.
- ProductLicense accepts a new parameter for the PUT method, ProductLicenses, which is an array of licenses.
- DirectorySync: improved functionality.
- UserMoveResource: improved functionality.
- Plans: improved functionality.
- ArchiveResource: improved functionality.
- PlanSettings: resource now works with provider.
The following resources are newly available to users of the Code42 REST API:
The following features provide new functionality and options to users of the Code42 API:
- The SPUser resource now supports one-step registration, validation and auth token generation.
- Computer resource now provides information on available updates.
- The FileInfo resource now provides file size information.
- The ServerSettings resource now provides information on both CrashPlan and SharePlan upgrade availability.
- A new output value is provided: sharePlanUpgradeAvailable
- The File resource provides a new PUT method that promotes a previous version of a file to the current version.
The following resources now support Cross-Origin Resource Sharing (CORS), securely enabling more flexible use of the API:
- Security updates.
- Performance and stability improvements.
- Improved error messaging when calling the LogFile resource with an invalid device GUID.
- The PIN query parameter of the GET method was removed from the QSFile resource. The PIN is now included in the header.
- Multiple userUids can now be submitted to the AddressBookEntry resource, reducing the number of calls to the server needed for certain queries and management tasks.
- Setting the incVolumes parameter of the Diagnostic resource to false no longer displays volume information.
- The Cli resource now supports Cross-Origin Resource Sharing (CORS), securely enabling more flexible use of the API.
- The User resource supports userUid and userId as query parameters for backwards compatibility and to support the export of a single user's info in CSV format.
- The AlertLog resource now contains a DELETE method, which enables removal of all administration console alerts.
The following Code42 API resources have changed or deprecated query parameters or output values:
The following resources are newly available to users of the Code42 API:
- DeviceSetting. See the API Documentation Viewer for usage.
Previously, deactivated users were unable to sign in, regardless of whether or not they were blocked. Now, users must be both deactivated and blocked to prevent them from being able to sign in. Deactivated users who are not blocked are now able to sign in.
As a result, the implications of deactivating and reactivating users directly using the API have changed. There is no impact to deactivation/reactivation performed using the administration console or using LDAP integration.
To preserve the previously expected behavior of preventing deactivated users from being able to sign in:
- UserDeactivation now also defaults to executing the UserBlock resource.
- A new parameter was added to UserDeactivation to control whether or not the UserBlock resource is also executed. By default, deactivating a user also blocks the user.
- This new parameter also controls whether or not users are unblocked during reactivation. By default, reactivating a user also unblocks the user.
API Documentation Viewer Updates
- The PlanEvent resource entry now specifies that queries that include a fileID or file path only provide results for file events. Shared link events are not included.
- A summary was added for the Archive resource.
- The Destination resource notes that the computerCount output value was renamed backupComputerCount.
- The API Documentation Viewer has been updated to use Code42 branding and logos.
- WebRestoreTreeNode entry improved:
- Duplicate parameter removed.
- Improved description of the timestamp parameter.
- API documentation for the Org resource was corrected.
- API documentation now includes required "path parameters" or path segments.
The video below summarizes many of the new features introduced in versions 4.2.