Leostream Release Notes
Connecting People – Connecting Business
Version 9.1
April 2023
Contacting Leostream
Leostream Corporation http://www.leostream.com
77 Sleeper St. Telephone: +1 781 890 2019
PMB 02-123
Boston, MA 02210
USA
To submit an enhancement request, email features@leostream.com.
To request product information or inquire about our future direction, email sales@leostream.com.
Copyright
© Copyright 2002-2023 by Leostream Corporation
This software program and documentation are copyrighted by Leostream. The software described in this
document is provided under a license agreement and may be used or copied only under the terms of this
agreement. No part of this manual may be copied or reproduced in any form without prior written consent
from Leostream.
Trademarks
The following are trademarks of Leostream Corporation.
Leostream™
The Leostream graphical logo™
The absence of a product name or logo from this list does not constitute a waiver of the trademark or other
intellectual property rights concerning that product, name, or logo by Leostream.
HP is a trademark of Hewlett-Packard Development Company, L.P. in the U.S. and other countries. HPE is a
trademark of Hewlett-Packard Enterprise Development, L.P. in the U.S. and other countries. Linux is the
registered trademark of Linus Torvalds in the U.S. and other countries. The OpenStack Word Mark and
OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the
OpenStack Foundation, in the United States and other countries and are used with the OpenStack
Foundation's permission. Leostream is not affiliated with, endorsed or sponsored by the OpenStack
Foundation, or the OpenStack community. Microsoft, Active Directory, SQL Server, ActiveX, Hyper-V,
Windows, and the Windows logo are trademarks or registered trademarks of Microsoft Corporation in the
United States and/or other countries. Apache Guacamole, Guacamole, Apache, the Apache feather logo,
and the Apache Guacamole project logo are trademarks of The Apache Software Foundation. Other brand
and product names are trademarks or registered trademarks of their respective holders. Leostream claims
no right to use of these marks.
Patents
Leostream software is protected by U.S. Patent 8,417,796.
3
Contents
CONTENTS .....................................................................................................................................3
LEOSTREAM PLATFORM 9.1 – REVISION 10 .............................................................................5
Important Notes .................................................................................................................................... 5
Connection Broker 9.1.37 ................................................................................................................... 5
Leostream Agent for Linux and macOS – Version 5.3.6 ................................................................ 6
LEOSTREAM PLATFORM 9.1 – REVISION 9 ...............................................................................7
Leostream Agent 5.3.4 for macOS and Linux ................................................................................. 7
Connection Broker 9.1.35 ................................................................................................................... 7
LEOSTREAM PLATFORM 9.1 – REVISION 8 ...............................................................................8
Connection Broker 9.1.33 ................................................................................................................... 8
Component Updates 8
Feature 8
Resolved Issues 8
LEOSTREAM PLATFORM 9.1 – REVISION 7 ...............................................................................9
Connection Broker 9.1.31 ................................................................................................................... 9
Features 9
Resolved Issues 9
Leostream Agent 5.2.22 for macOS and Linux ............................................................................... 9
LEOSTREAM PLATFORM 9.1 – REVISION 6 ............................................................................. 10
Connection Broker 9.1.25 ................................................................................................................. 10
LEOSTREAM PLATFORM 9.1 – REVISION 5 ............................................................................. 10
Connection Broker 9.1.24 ................................................................................................................. 10
Features 10
Resolved Issues 10
LEOSTREAM PLATFORM 9.1 – REVISION 4 ............................................................................. 11
Connection Broker 9.1.22 ................................................................................................................. 11
Features 11
Resolved Issues 11
Leostream Agent 5.2.19 for macOS and Linux ............................................................................. 12
Leostream Connect 4.4.5 ................................................................................................................. 12
LEOSTREAM PLATFORM 9.1 – REVISION 3 ............................................................................. 12
Connection Broker 9.1.18 ................................................................................................................. 12
Features 12
Resolved Issues 13
Leostream Gateway 2.0.0.20 ........................................................................................................... 13
LEOSTREAM PLATFORM 9.1 – REVISION 2 ............................................................................. 14
Connection Broker 9.1.12 ................................................................................................................. 14
Features 14
Resolved Issues 15
LEOSTREAM PLATFORM 9.1 – REVISION 1 ............................................................................. 16
Connection Broker 9.1.6 ................................................................................................................... 16
Features 16
Resolved Issues 17
Leostream Agent 7.4.13 for Windows Operating Systems .......................................................... 17
Leostream Connect 4.4.4 for Windows Operating Systems ....................................................... 18
4
Leostream Agent 5.2.10 for macOS and Linux ............................................................................. 18
Leostream Connect 3.8.4 for macOS and Linux ........................................................................... 18
LEOSTREAM PLATFORM 9.1 – INITIAL RELEASE .................................................................. 19
Connection Broker 9.1.1 ................................................................................................................... 19
Important Notes 19
Features 19
Resolved Issues 21
Leostream Gateway 2.0.0.19 ........................................................................................................... 22
Leostream Agent 7.4.8 for Windows Operating Systems ............................................................ 22
Leostream Connect 4.4.2 for Windows Operating Systems ....................................................... 22
Leostream Agent 5.2.6 for macOS and Linux ............................................................................... 23
Leostream Connect 3.8.2 for macOS and Linux ........................................................................... 23
CONNECTION BROKER 9.0.40.22 .............................................................................................. 24
Features .............................................................................................................................................. 24
Resolved Issues ................................................................................................................................. 24
CONNECTION BROKER 9.0.40.17 .............................................................................................. 25
Features .............................................................................................................................................. 25
Bug Fixes ............................................................................................................................................ 26
CONNECTION BROKER 9.0.40.10 .............................................................................................. 26
Features .............................................................................................................................................. 26
Resolved Issues ................................................................................................................................. 27
CONNECTION BROKER 9.0.40.3 ................................................................................................ 28
CONNECTION BROKER 9.0.40.1 ................................................................................................ 29
Important notes .................................................................................................................................. 29
Features .............................................................................................................................................. 29
Resolved Issues ................................................................................................................................. 32
CONNECTION BROKER 9.0.38.12 .............................................................................................. 33
Important note .................................................................................................................................... 33
Resolved Issues ................................................................................................................................. 33
LEOSTREAM GATEWAY 2.0.0.11 ................................................................................................ 34
Minor Features and Resolved Issues ............................................................................................. 34
CONNECTION BROKER 9.0.38.11 .............................................................................................. 34
Features and Resolved Issues ........................................................................................................ 34
LEOSTREAM GATEWAY 2.0.0.9 ................................................................................................. 35
CONNECTION BROKER 9.0.38.9 ................................................................................................ 35
Important note .................................................................................................................................... 35
Features and Resolved Issues ........................................................................................................ 35
LEOSTREAM GATEWAY 2.0.0.8 ................................................................................................. 37
Minor Features and Resolved Issues ............................................................................................. 37
CONNECTION BROKER 9.0.38.3 ................................................................................................ 38
Important note .................................................................................................................................... 38
Features .............................................................................................................................................. 38
Resolved Issues ................................................................................................................................. 39
LEOSTREAM GATEWAY 2.0.0.5 ................................................................................................. 40
LEOSTREAM GATEWAY 2.0.0.4 ................................................................................................. 40
Resolved Issues and Enhancements ............................................................................................. 40
APPENDIX A: VERSION COMPATIBILITY.................................................................................. 41
Leostream Agent Compatibility Matrix ............................................................................................ 41
Leostream Connect Compatibility Matrix ....................................................................................... 42
5
Leostream Platform 9.1 – Revision 10
Important Notes
The {IP_PRIVATE} dynamic tag is now strictly replaced by the IP address found in the IP
Address (Private) column on the > Resources > Desktops page. If that field is empty, the
{IP_PRIVATE} tag is replaced with an empty string. Prior to this release, the
{IP_PRIVATE} field was replaced with the value in the IP Address field when there was no
private IP address.
If you leverage the {IP_PRIVATE} dynamic tag in your protocol plans and use those protocol
plans to connect users to on-premises virtual machines, update your protocol plans to use the
{IP_PRIVATE-or-IP_ADDRESS} or {IP_ADDRESS} dynamic tag.
The Last Connect Time on the > Resources > Desktops page is now updated only when the
Leostream Agent returns a valid username in the connection notification. This change improves
the accuracy of the Last Connect Time field, except for the following two cases.
o Leostream Agents installed on Windows 7 machines may not return usernames in the
connection notifications, resulting in the Last Connect Time not being updated.
o Leostream Agents installed on VMware templates that were not properly shutdown prior to
creating the template return connection notifications when new machines are provisioned
from the template, resulting in the Last Connect Time being updated. Ensure that you shut
down virtual machines prior to creating templates to use with Leostream.
Connection Broker 9.1 enables the RESTful API, by default, and therefore requires additional
RAM. Ensure that your Connection Broker has at least 8GB prior to upgrading or installing.
Version 7.4.13 and higher of the Leostream Agent for Windows Operating system and 5.2.10 and
higher of the Leostream Agent for macOS and Linux now distinguish between older versions of
RGS and newer versions of HP ZCentral Remote Boost. If you define Pools based on the Installed
Protocols attribute having a text value of RGS, edit the pool to include machines with Boost
installed, as well, to ensure desktops running all versions of the protocol appear in the pool.
Connection Broker 9.1.37
Includes upgrades to Apache Web Server and jQuery
Resolves an error when navigation to the > Resources > Images page
Resolves issue launching the PCoIP Soft client using the View option on the > Resources >
Desktops page
6
Leostream Agent for Linux and macOS – Version 5.3.6
Support third-party signed certificates
Support monitoring connections to the Scale Logic Remote Access Portal (RAP) – VDI
solution (For use with Leostream 202x)
Return desktop GPU information to the Connection Broker (For use with Leostream 202x)
7
Leostream Platform 9.1 – Revision 9
Leostream Agent 5.3.4 for macOS and Linux
Support the policy option to log out rogue users for rogue users connected to a DCV session
Suppress duplicate log messages when the Leostream Agent is unable to find the RGS session file
Resolves issues monitoring logout events on Linux operating systems with XRDP and Xvnc
installed
Connection Broker 9.1.35
PCoIP client logins now work properly with the policy option to use Kiosk Mode
The DCV client is now closed immediately after a Leostream users logs out of the remote
desktop operating system
This release refines the improvements made to tracking desktop license usage from release
9.1.22
The > Resources > Desktops page no longer inaccurately indicates that an Unavailable desktop
consumes a license
Users no longer consume a license if they attempt and fail to log into the /admin URL when
they have a role that does not give them permission to access the Administrator Interface
All remote desktops sessions associated with a Remote Desktop Services/Multi-User Center are
now restricted to belong to the same Tenant
Modified how errors are handled when provisioning from a URL in pools, so provisioning is
disabled only when the URL is blank or invalid
Properly handle cases when a logoff notification is received from the Leostream Agent when a
check_logoff jobs is already running
Remove duplicate log messages when using RADIUS MFA and the PCoIP Connection Manager to
log into Leostream
8
Leostream Platform 9.1 – Revision 8
Connection Broker 9.1.33
Component Updates
Leostream Agent 7.4.23 for Windows operating systems – Returns the public and local
hostnames for AWS instances to the metadata returned to the Connection Broker
Leostream Agent 5.2.23 for Linux and macOS operating systems – Returns the public and
local hostnames for AWS instances to the metadata returned to the Connection Broker
Leostream Connect 3.8.5 for Linux and macOS operating systems – Opens the Remote
Boost authentication dialog when the Leostream protocol plan does not specify a
username for the connection
Feature
Store the public and local hostname for AWS instances when returned by the Leostream
Agent
New dynamic tags {HOSTNAME_PRIVATE} and {HOSTNAME_PUBLIC} for use in
Leostream Protocol Plans
Resolved Issues
Properly handle cases where users enter incorrect passwords into a PCoIP Software client
that is launched from the Leostream Web client
For Leostream environments that have reached their license limit, users with an existing
Leostream license are no longer blocked from logging in when their policy enables the
Prompt user for alternate credentials before connecting to selected desktop option and
they launch the PCoIP client from the Leostream Web client
Properly release desktops that are forcefully shutdown before the Leostream Agent is able
to register the shutdown with the Connection Broker, for example when using the Power
off power control option
Allow Printer Plans to be deleted when they are currently assigned to a Location or specific
Client
Removed support for the if_assigned_only parameter for the cb_status Web
query
9
Leostream Platform 9.1 – Revision 7
The following release notes describes the issues resolved in this revision of the Leostream Platform.
Connection Broker 9.1.31
Features
The TGX encryption tool has been updated to version 2022.1.4
Minor enhancements when defining multiple SAML-based authentication servers using
tenants
Resolved Issues
Improve handling of center scans that run while there are active provisioning jobs, to avoid
removing desktop records associated with virtual machines that are still being created
Resolve cases where provisioning jobs for virtual machines on Scale Computing HC3
resulted in duplicate desktop records
Paginate inventory of images from OpenStack centers to handle cases where the OpenStack
project has more than 25 images
Properly log out rogue users that are connected to desktops using HP ZCentral Remote
Boost (RGS) based on the Policy option to log out rogue users
Change desktop power statuses to Stopped for desktops marked as Stopping when a Center
scan occurs and confirms that the desktop is powered off
Improve disconnect logic for PCoIP Remote Workstation Cards to attempt to disconnect the
PCoIP session from the Remote Workstation Card if the PCoIP client cannot be
disconnected
Pass the region to the AWS API when checking if an AWS center is online
Properly fail over to the second value for dynamic tags that use the or syntax and
reference hostnames or IP addresses, for example IP_PUBLIC-or-IP
Leostream Agent 5.2.22 for macOS and Linux
Improve management of Remote Boost sessions on Rocky Linux 8
Resolve issue related to the use of NetworkInterface API that could cause the registration
with the Connection Broker to fail
10
Leostream Platform 9.1 Revision 6
The following release notes describes the issues resolved in this revision of the Leostream Platform.
Connection Broker 9.1.25
Leostream Connect 4.4.6 for Windows Operating Systems: Resolves issues launching
NoMachine connections
Ensure that the Match resolution user-configurable parameter for desktop connections
using HP ZCentral Remote Boost is always honored when enabled by the user
Provisioning in pools is now disabled after the AWS account associated with the Center
reaches its vCPU limit for the region
Customizations to table columns, such as the > Resources > Desktops page, made by users
that log into Leostream using a SAML-based authentication server are not persistent
Previously inventoried Azure images are no longer removed from the Connection Broker if
a Center scan is unable to retrieve images from an Azure Compute Gallery
Entries in the Proxy Address field can now be removed from AWS centers
Leostream Platform 9.1 – Revision 5
The following release notes describes the enhancements available for all components in the
Leostream Platform.
Connection Broker 9.1.24
Features
The leostream-broker CLI includes a new option to specify if the Connection Broker
should automatically reboot after installing a license that enables features that require a
reboot
New AWS instance types and Azure instances sizes are available for provisioning in pools
Resolved Issues
Client settings, such as client bindings, are no longer overwritten every time a user logs into
the Connection Broker from that client
Windows Server 2019 instances from an AWS center are now labelled with the correct
operating system version
11
Leostream Platform 9.1 – Revision 4
The following release notes describes the enhancements available for all components in the
Leostream Platform.
Connection Broker 9.1.22
Features
This release includes the following changes related to how desktop licenses are consumed:
o Desktop licenses are no longer consumed when a rogue user connects to a desktop
unless that user is subsequently assigned to the desktop based on a Centers Assign
rogue user to desktop from this center setting
o The Last Connect Time column on the > Resources > Desktops page is no longer
used to calculate which desktops are consuming a license
o The > Resources > Desktops page includes a new Using License column to display
which desktops are consuming a license, defined by when a Leostream user
connects to an assigned desktop
The Leostream Connection Broker CLI includes a new option to accept the Leostream EULA
Apache has been upgraded to version 2.4.54
Resolved Issues
This release resolves several issues related to detecting duplicate desktop records
The Connection Broker now performs Power Control plan actions for desktops that are
released using the Release if user does not log in option in Release Plans
Use the customer-defined port for RADIUS MFA servers when testing the Connection
Brokers connection to the server
Clicking Status on the > Resources > Desktops page for a desktop that does not have a
registered Leostream Agent now indicates that an agent needs to be installed
Resolved issues saving configurable Protocol Plan parameters when using HP ZCentral
Remote Boost
Creating a Location based on CIDR notation now requires the location attribute be entered
using valid CIDR notation before saving the form
12
Navigating to the second page of log entries for a desktop on the > Resources > Desktops
page no longer results in an error when connected to a Microsoft SQL Server database
Resolves issues generated Technical Support log packages using the leo users Connection
Broker console menu
Leostream Agent 5.2.19 for macOS and Linux
This release of the Leostream Agent for Linux and macOS resolves issues related to monitoring
PCoIP connections when using PCoIP Remote Workstation cards, include the Amulet Hotkey
External host.
Leostream Connect 4.4.5
The Leostream Update service was previously using an unquoted service path. Note that this
service exists only when Leostream Connect is installed with the Install Leostream Update service
task selected.
Leostream Platform 9.1 – Revision 3
Connection Broker 9.1.18
Features
Component updates:
o Leostream Agent 7.4.15 for Windows Operating Systems: Returns version
information for Windows Server 2022 and Windows 11 operating systems
o Leostream Agent 5.2.16 for Linux and macOS
Support forcefully logging off users from sessions connected using HP
ZCentral Remote Boost version 20.0x
Honor the Role option to create local users on login (applies to Linux
operating systems, only)
When installed on macOS, report the PCoIP CAS Agent version and send
disconnect notifications for PCoIP CAS sessions
The Connection Broker Security Options on the > System > Settings page contains
additional options to set Cross-Origin HTTP security headers (if you plan to take advantage
of these headers and are using Duo for MFA, please see the guide for Using DUO MFA with
Leostream)
You can now add the ID column to any Resources list page, to simplify relating objects in
the lists to their associated references in the Connection Broker Technical Support package
The VMware vSphere SDK used for VMware centers has been upgraded to version 7.0.0 U2,
13
to support Guest OS Customization files when provisioning Linux virtual machines
You can now select a Recipe to use for provisioning in Verge.io
You can now build a Role that restricts logging into the Connection Broker Web interface for
users dedicated to executing the RESTful API
Added support for sending invitations to collaborate to sessions launched using the HTML5
NoMachine client
Connection Broker forms now require you to re-enter passwords whenever the hostname
or IP address of an object, such as a center or authentication server, is changed
The Connection Broker now recognizes desktops running Windows Server 2022 and
Windows 11 operating systems (requires Leostream Agent 7.4.15)
Resolved Issues
No longer create duplicate local user accounts after the Connection Broker receives a rogue
user login notification from the Leostream Agent and the current license count is exceeded
The range of pool history data displayed on the Dashboard is no longer defined by a static
start and stop date, to resolve the issue where no data is displayed when those dates are
beyond the data retention date
The Connection Broker now inventories Azure images that do not have an associated
Managed Disk so these images can be used for provisioning in pools
Security enhancements for the global search function.
Leostream Gateway 2.0.0.20
Upgrades the Apache Guacamole HTML5 viewer to version 1.4, which improves audio support for
HTML5 RDP connections.
14
Leostream Platform 9.1 – Revision 2
Connection Broker 9.1.12
Features
Component updates:
o Leostream Agent 7.4.14 for Windows Operating Systems: Includes new
functionality to receive instructions from the Connection Broker to close DCV
sessions
o Leostream Agent 5.2.12 for Linux and macOS
For Linux operating systems, includes new functionality to receive
instructions from the Connection Broker to close DCV sessions
For macOS, resolves issues related to idle-time monitoring for Scyld Cloud
Workstation sessions
AWS support:
o You can now select multiple Availability Zones for provisioning in pools, to support
failing over to a different zone when the primary zone no longer has capacity to
provision your selected instance size
o Added support for Asia Pacific – Jakarta region
DCV support: The Connection Broker now instructs the Leostream Agent to close DCV
sessions when the desktop is released from the user in Leostream - requires Leostream
Agent 7.1.14 for Windows operating systems and Leostream Agent 5.2.12 for Linux
operating systems
Azure support: You can now provision instances using images in an Azure Compute Gallery
Managing user identities
o The Associate all user notifications with assigned user option in pools is now
Associate initial user login with assigned user, and the Connection Broker acts
upon only the events related to the first user identity that logs into the remote
operating system after the desktop is assigned, ignoring events for all other users
o Policies for hard-assigned desktops now include the Associate initial user login
with assigned user option to allow the Connection Broker to manage sessions for
hard-assign users who log into the remote operating system with a different user
identity
leostream-broker CLI
o The new --info option returns the Leostream environment information
displayed on the > System > Maintenance page
15
o The new --health option checks if system requirements related to CPU, RAM,
and disk are met by the machine running the Connection Broker, as well as checks
functional requirements related to if the leo user has sufficient sudo privileges
and is able to run nmap
PIV card authentication: Supports OCSP for CA certification chains that include multiple CA
certificates
Resolved Issues
The Connection Broker now confirms an Azure VM is stopped before attempting to
deallocate it
Launching PCoIP connections from the Leostream web client no longer instantly expires the
users Leostream session
The DCV External Authenticator can now be used in Protocol Plans for users who log into
Leostream using a SAML-based Identity Provider
The Connection Broker now sends Wake-on-LAN packets to power on machines, as
requested, regardless of the machines current power state in the Connection Broker
Resolves issues authenticating with PIV cards that contain multiple SAN entries or non-
standard UPN formats
Regenerate Mechdyne TGX credentials before launching TGX connections, to handle cases
where the encryption tool returns an error code on the first attempt
Recursively delete AD entries for Computer records that include a nested “Windows Virtual
Machine” object, when deleting virtual machines based on Release Plans
Double-byte characters now display correctly on the Pool Statistics page
16
Leostream Platform 9.1 – Revision 1
The following release notes describes the enhancements available for all components in the
Leostream Platform.
Connection Broker 9.1.6
Features
Connection Broker CLI: The new leostream-broker CLI can be used to query for the
Connection Broker installation code, show current license information, and apply a new
Leostream license (see “Querying and Setting License Information” in the Connection
Broker Application Guide)
Azure (see the Quick Start Using Leostream with Microsoft Azure)
o Pools now allow you to provision from images that are in a different resource group
from where you are provisioning instances into
o You can now provision Azure VMs with Ephemeral OS disks
AWS: Pools now support provisioning G5 instances
OpenStack: Power control plans include a new option to put OpenStack VMs in a Shelved
state
Scyld Cloud Workstation (see the Leostream Guide for Using Third-Party Display
Protocols)
o Users can now launch the Scyld Cloud Workstation software client to connect to
machines offered when logging in using the Leostream Web client
o Scyld Cloud Workstation connections launched from a Leostream Connect login can
now be directed through a Leostream Gateway
Mechdyne TGX: Upgraded the TGX encryption tool to version 2.2
Joining Desktops to Domains
o The Connection Broker now removes Active Directory records for desktops that it
added to the domain when that desktop is deleted via a Leostream Release Plan
(requires Leostream Agent 7.4.11)
o You can now add desktops to Active Directory groups as part of the Domain-join
process in a Leostream pool (see “Joining Pooled Desktops to a Domain” in the
Connection Broker Administrator's Guide)
17
Dashboard: You can now customize the layout of the available widgets on the Leostream
Dashboard (see “Using the Pool Statistics Dashboard” in the Connection Broker
Administrator's Guide)
Resolved Issues
The Leostream Dashboard now stores configuration changes, such as selected pools, when
you navigate away from the page
The Send username to MFA provider as option for RADIUS MFA Providers is now honored
when users log in using a PCoIP Zero client
The User Assignments report now accurately displays the role associated with users who
are hard-assigned to desktops
Users logging in using a PCoIP Software client with RADIUS MFA enabled can now reset
their expired passwords
Resolved potential problems using the DCV external authenticator with Connection Broker
clusters
AWS center scans no longer reset IP addresses when the Leostream Agent is unable to
retrieve the instance’s meta data
Azure centers are now taken offline when the Azure API call fails, to avoid removing all
Azure resources from Connection Broker lists
The Connection Broker now correctly redirects administrators to the Leostream License
page after they log in via a SAML-based IdP to a Leostream environment with an expired
license
Leostream Agent 7.4.13 for Windows Operating Systems
Supports the new Connection Broker feature to remove Active Directory records for virtual
machines that were joined to a domain and then subsequently deleted via Leostream
Adds an option to write Leostream Agent logs in UTC time instead of system time
Distinguishes between older RGS and new Remote Boost connections when reporting the
list of installed protocols
Updates the Leostream USB drivers
18
Leostream Connect 4.4.4 for Windows Operating Systems
Adds an option to write Leostream Connect logs in UTC time instead of system time
Upgrades the Leostream USB drivers to support Linux kernels up to 5.5
Leostream Agent 5.2.10 for macOS and Linux
Upgrades the Leostream USB drivers to support newer Linux kernel versions
Resolves issues disconnection Scyld Cloud Workstation connection to macOS
Distinguishes between older RGS and new Remote Boost connections when reporting the
list of installed protocols
For users connecting via PCoIP, Remote Boost, or NoMachine, retains a users existing SSH
sessions when the Connection Broker requests the users desktop connection be closed
Adds an option to write Leostream Agent logs in UTC time instead of system time
Leostream Connect 3.8.4 for macOS and Linux
Upgrades the Leostream USB drivers to support newer Linux kernel versions
Adds an option to write Leostream Agent logs in UTC time instead of system time
19
Leostream Platform 9.1 – Initial Release
The following release notes describes the enhancements available for all components in the
Leostream Platform.
Connection Broker 9.1.1
Connection Broker 9.1.1 is an update release to Connection Broker 9.0. This update can be installed
on the latest point release of CentOS 7 and Red Hat Enterprise Linux 7. This release includes the
following component updates and features.
Important Notes
The ability to upload third-party content has been removed from the > System >
Maintenance page, to address concerns raised by CVE-2021-41550 and CVE-2021-41551.
Users can no longer use the Connection Broker Administrator Web interface to upload ZIP-
files, PL-files, or any other files with the exception of custom logos and favicons, into the
Connection Broker /home/leo/app/tpc directory, to prevent bad actors from
uploading malicious scripts into a Leostream environment. Leostream recommends
updating to Connection Broker 9.1 for any customers who have exposed their Connection
Broker Administrator Web Interface to the internet.
The Edit Desktop page no longer allows you to change the desktops MAC address, to avoid
problems arising from incorrectly specified MAC addresses
The Connection Broker now includes signed versions of the Leostream Agent and
Leostream Connect installers listed on the > Dashboard > Downloads page. If you are
running the following out-of-support versions of the Leostream Agent or Leostream
Connect client, you cannot use these signed installers to push upgrades from your
Connection Broker. Please contact support@leostream.com if you required unsigned
versions of the installers to upgrade components older than the following versions.
o Leostream Agent 7.1.2 for Microsoft Windows Operating Systems
o Leostream Connect 4.1.2 for Microsoft Windows Operating Systems
This release of the Connection Broker removes support for logging into Leostream using HP
Session Allocation Manager (SAM) clients.
Features
Leostream RESTful API – This initial release of the Leostream RESTful API supports creating,
editing, and deleting pools and policies, as well as creating users and listing centers. Please
contact support@leostream.com for more information and documentation.
Connection Broker CLI – With a focus on scripting Leostream installations, the Connection
20
Broker CLI includes a new option for switching databases or updating database credentials,
including switching to a new external database. See Chapter 3 in the Leostream
Connection Broker Application Guide for more information.
Improved Policy Form – The Create/Edit Policy form has been redesigned with a new
tabbed design to improve the usability for deployments that include a large number of
pools in their policies. See Chapter 12 in the Leostream Connection Broker Application
Guide for information on how to use the new form.
Leostream Dashboard – This initial release of the Leostream Dashboard focuses on
displaying information about the number of connected and logged in users, and graphs
statistics related to the status of desktops in pools, such as the number of desktops that are
assigned, running, etc. See “Using the Pool Statistics Dashboard” in Chapter 16 of the
Connection Broker Administrators Guide for more information.
You must enable the option to track historical pool assignments in your pools to display
pool statistics on the dashboard.
Storing User Assignments – The information used to generate the User Assignment Report
can now be stored to the Connection Broker database. See “Storing User Assignment
History” in the Connection Broker Administrators Guide for more information.
Nutanix AHV Integration – Nutanix AHV can now be added as a center in Leostream,
adding native integration for Nutanix AHV environments that require desktop provisioning,
power control, assignments, and connections in Leostream environments. See the
Leostream Quick Start Guide for Nutanix AHV for more information.
OpenStack Enhancement – OpenStack provisioning in Leostream pools includes a new
option to create a volume from the master image used for provisioning. Se the Leostream
Quick Start Guide for OpenStack Clouds for more information.
Scyld Cloud Workstation Support – Scyld Cloud Workstation has been expanded to include
session monitoring for Windows and Linux, as well as client-based connections using
Leostream Connect.
DCV Enhancement – When used with the latest Leostream Agents, DCV session handling
has been changed to support usernames with special characters. Please see the Leostream
Guide for Using Display Protocols for information on updating protocol plans to support
this new functionality.
Leostream Gateway – The Connection Broker contains two new options to control the
length of time port-forwarding rules are retained based on certain user events.
o The > System > Settings page contains a new Delay closing gateway forwarding
ports on disconnect option to delay closing forwarding ports when the Connection
Broker receives a disconnect notice from the Leostream Agent. Use this feature to
retain the forwarded port after a disconnect when using display protocols, such as
21
Mechdyne TGX, that automatically attempt to reconnect to desktops after a
temporary network outage. See “Closing Leostream Gateway Ports for
Disconnected Desktop Sessions” in the Connection Broker Administrator’s Guide
for more information.
o Policies include a new setting for hard-assigned desktops that allow you to specify
when a forwarded port should be closed if the user requests a connection to their
desktop but never logs into the remote operating system. See “Configuring Policies
for Hard-Assigned Desktops” in the Connection Broker Administrators Guide for
more information.
Database Options – You can use the new Edit the current database option in the
Connection Broker console Administration menu to update the current database
connection settings in the event the Connection Broker is unable to connect to the
database and the Web interface is inaccessible. Use this option, for example, if the
password for the database user was changed and needs to be updated in your Leostream
Connection Broker. See the “Database Option” section in the Connection Broker
Application Guide for more information.
Locations – You can now create locations by matching IP addresses in a client’s HTTP X-
Forwarded-For header, including matches based on a CIDR notation. See “Using Subnet
Masks (CIDR) to Create Locations” in the Connection Broker Administrators Guide for
more information.
Desktops – You can no longer override the Leostream Agent port on the Edit Desktops
page. The Connection Broker always users the port provided when the Leostream Agent
registers with the Connection Broker
Uploading Logos and Favicons – The new Logos and Favicons section on the > System >
Maintenance page can be used to upload custom logos and favicons to display on the
Connection Broker Web interface. See “Displaying a Custom Logo and Favicon” in the
Connection Broker Administrators Guide for more information.
Resolved Issues
You can now specify custom names for custom flavors created in OpenStack.
Resolves work queue prioritization issues that were causing provisioning tasks to run
serially instead of in batches.
Multi-user sessions can again be hard-assigned to users.
Improve logging related to closing Leostream Gateway forwarding ports, to avoid logging
spurious errors that Leostream Gateway ports were failing to close.
Resolves issue where an unrecognized operatingSystem value coming from the Scale
API call could cause the work queue to abort.
22
The Connection Broker now uses the X_REAL_IP HTTP header to determine a client’s IP
address, if the header exists. This allows the Connection Broker to identify the clients
actual IP address in environments that use load balancers, such as NGINX.
Ensure that the {CREDENTIALS_MECHDYNE} dynamic tag is replaced with an empty
string instead of with an error message any time the TGX credentials encryption tool
returns an error. In the event an error occurs, the user is prompted to enter their
credentials in the TGX Receiver.
Leostream Gateway 2.0.0.19
Two new CLI options can be used to start and stop the gateway without rebooting the
underlying operating system.
The CLI option to generate an SSL CSR for signing now uses the entered Site Name both for
the CN and SAN (subjectAltName) to support modern Web browsers.
Resolves issues where the check_gateways job could result in error messages in the
/var/log/secure logs.
Leostream Agent 7.4.8 for Windows Operating Systems
The Leostream Agent now starts DCV sessions using the session ID generated by the
Connection Broker.
Return the configured port for DCV sessions, to support changing the default DCV port.
Monitors desktop sessions for Scyld Cloud Workstation connections.
When suspending logout for idle users based on CPU levels, the Leostream Agent now
returns the maximum CPU usage across all CPUs on the remote desktop, instead of
returning the average across all CPUs.
Resolves an issue where Registry Plans would set keys in the 32-bit registry instead of the
64-bit registry if HKLM was selected for the root.
Leostream Connect 4.4.2 for Windows Operating Systems
Supports launching the Scyld Cloud Workstation software client.
Supports the policy option to limit sending collaboration invitations to groups of users.
Includes a new installation option when installing in Shell mode, to indicate if the default
Connection Broker address is stored in the current user or local machine registry.
The new Viewers tab on the Options dialog shows the full path to all locally installed
23
display protocol clients, and allows you to override these default locations.
Leostream Agent 5.2.6 for macOS and Linux
When installed on Linux operating systems, the Leostream Agent now starts DCV sessions
using the session ID provided by the Connection Broker.
The Leostream Agent now returns the configured port for DCV sessions, allowing you to
change the default port used for DCV
When installed on Linux, adds support for monitoring and managing desktop sessions for
Scyld Cloud Workstation connections.
Adds support for monitoring and managing PCoIP connections when using the PCoIP CAS
Agent on macOS.
Adds support for the Release Plan option to display messages to user before they are
forcefully logged out due to idleness.
Resolves issues where the Leostream Agent was unable to log users out of Remote Boost
(RGS) sessions, either manually or via Release Plans.
Leostream Connect 3.8.2 for macOS and Linux
Supports launching the Scyld Cloud Workstation software client.
Resolves issues where the client would freeze after closing auto-launched Remote Boost
connections on macOS.
24
Connection Broker 9.0.40.22
Connection Broker 9.0.40.22 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7. This release includes the
following component updates and issue resolutions.
Future versions of the Connection Broker enable the RESTful API, by default, and therefore
require additional RAM. Consider increasing your Connection Broker RAM to at least 8GB prior to
the next Leostream update.
Features
The Edit Desktop page contains new options to instruct the Connection Broker to mark the
desktop as Unavailable after the user logs out or the desktop is released, to support use
cases where the machine requires maintenance and should be taken out-of-service when
the current user is finished
The Bulk Edit action for desktops now allows you to set the Log user into remote desktop
as option for multiple desktops
The Desktop selection preference drop-down menu in Policies provides a new option to
favor the least recently offered desktops, to support use cases where a large number of
users simultaneously log into the Connection Broker to connect to a desktop in the same
pool, such as for a schedule class or project
Resolved Issues
Policies that offer stopped desktops from an Azure center now also offer desktops in the
Deallocated state
Resolves an issue introduced in version 9.0.40.17 related to launching the PCoIP client from
a Web client login that was authenticated from a SAML Identity provider
Using the desktop Bulk Edit form to convert a desktop to a Multi-User Center now marks
the original desktop as unavailable instead of removing it from the > Resources > Desktops
page
Resolves an issue where search filters for columns on Resource lists could be
unintentionally reset
Improved handling of special characters in Active Directory groups used for policy
assignment
25
Connection Broker 9.0.40.17
Connection Broker 9.0.40.17 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7. This release includes the
following component updates and issue resolutions.
Features
Leostream Gateway 2.0.0.18 – Adds the header information required for the Connection
Broker feature to block access to the Connection Broker Administrator and End-User Web
browser Login dialog when Connection Broker forwarding is on in the Leostream Gateway
Blocking Logins – The new Block web browser login dialog when accessing Connection
Broker via a Leostream Gateway option on the > System > Settings page allows you to
disable access to the Connection Broker login dialog through a Leostream Gateway, to force
all login traffic through your SAML-based Identify Provider (requires Leostream Gateway
2.0.0.18)
Release Plans – You can now display a warning message to users before they are
automatically logged out of their remote desktop due to idle-time settings in Release Plans
Protocol Plans – When creating Protocol Plans for HTML5 VNC through the Leostream
Gateway, you can now indicate if the VNC session is authenticated using the VNC server
password, the Leostream users username and password, or a hard-coded username and
password
PCoIP Clients – Users can now reset their expired Active Directory passwords when logging
into Leostream using a PCoIP client or using the Leostream Web client to launch a PCoIP
connection
Dynamic Tags – A new {LOCATION} dynamic tag returns the client location used to
assign the users policy, for use in calling URLs in policies
RADIUS MFA – The new Send username to MFA provider as option for RADIUS MFA
providers allows you to change the format of the username sent to the MFA provider, in
cases where the format of the username used for Active Directory logins does not match
the username expected by the MFA provider
Logging – The Connection Broker now distinguishes login events associated with users
running the Leostream API, to support > System > Log filters that exclude API users
Desktop
o You can now indicate if users are logged into individual desktops as a local or
domain user, to override the Log user into remote desktop as option in the users
policy or role
26
o You can now specify a Protocol Plan for individual desktops, to override the
Protocol Plan selected for the user, location, or policy (see “Which Protocol Plan
Applies?” in the Connection Broker Administrator’s Guide)
Bug Fixes
Resolve an issue using the Connection Broker as an external authenticator for NICE DCV
sessions when using fully qualified domain names
Improve power state detection for new virtual machines provisioned in VMware
environments
No longer attempt to suspend virtual machines hosted in Scale Computing HC3
Log an error instead of attempting to connect the user to their desktop when the
Leostream Gateway fails to set up an appropriate forwarding rule
No longer consider disabled Authentication Servers when determining if the Connection
Broker is healthy using the is_alive function
Connection Broker 9.0.40.10
Connection Broker 9.0.40.10 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7. This release includes the
following component updates and issue resolutions.
Features
Leostream Agent 5.1.24 for Linux and macOS – Supports launching multiple virtual DCV
sessions on Linux DCV servers
Leostream Agent 7.3.13 for Microsoft Windows operating systems – Improves session
handling for the HP ZCentral Remote Boost display protocol
Leostream Connect 4.3.9 for Microsoft Windows operating systems – Allows specifying the
path to additional display protocol software clients in the Options dialog
DCV – Protocol plans include a new option to launch virtual sessions for Linux
PCoIP – Protocol plans include a new option for specifying the dynamic tag that determines
the desktop attribute (hostname or IP address) sent to the Teradici PCoIP Connection
Manager for establishing PCoIP connections.
Azure: Pools can now provision Azure NV4A instance types
27
AWS: Centers include two new options to indicate if the Connection Broker should wait for
the two AWS initialization checks to complete before considering the instance as running
and ready for connections
Idle-time warnings: Release plans contain a new option to popup a warning message on
the users desktop if they are going to be forcefully logged out due to the plans idle time
setting (Windows, only)
The OS Version filter on the > Resources > Desktops now allows you to filter based on
specific versions
Resolved Issues
Resolves issues where center scans for VCenter Server 7 were aborting
Removes jquery-1.6.4.min.js from the Connection Broker installation
Leostream Gateway records can now be saved even if the gateway is currently offline
When using the LDAP mail or uid attribute for matching user login names, the domain
information is no longer stripped from the username before querying the LDAP server for a
matching user record
Resolves a logging error where Connection Broker logs would show a location-defined
protocol plan overriding a user-defined protocol plan
Resolves issues related to managing PCoIP Remote Workstation cards with an AWI
protected by a password that includes certain symbols
Resolves an Azure provisioning fails due to storageAccountTypes
Searching for non-existent Tags no longer causes errors in the Administrator Web interface
Resolves issues with exporting the result of tag searches
28
Connection Broker 9.0.40.3
Connection Broker 9.0.40.3 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7. This release includes the
following component updates and issue resolutions.
Leostream Gateway 2.0.0.16 – Upgrades the Apache Guacamole HTML5 viewer to version
1.3 with additional support for VNC scheme 30 when connecting to macOS desktops, and
resolves an issue with log rotation in the /var/log/tomcat directory
Ensure you run a yum update on the underlying operating system prior to installing
or upgrading to Leostream Gateway 2.0.0.16
Leostream Connect 4.3.8 for Windows operating systems – Resolves an issue where the
client could take a long time to launch when searching for VNC viewers
Resolve an issue logging in from a PCoIP Zero client with an invalid or blank hostname
Updates the internal PostgreSQL database to version 9.5.25
Now saves the REMOTE_ADDR value in the HTTP Headers returned by client devices, to
support defining locations based on these addresses
Logs additional information about which Leostream Gateway was used to establish a users
desktop connection
A users column customizations on the > Resources pages now apply when the user directly
logs into the Administrator Web interface and when it is accessed from the Open
Administrator View link from an end user login
Contains usability enhancements when refreshing pool counts
29
Connection Broker 9.0.40.1
Connection Broker 9.0.40.1 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7.
Important notes
Connection Broker 9.0.40 includes a new feature to filter the > System > Log page by
selecting individual events. This feature is not backwards compatible. If you enable this
feature, older Connection Brokers will not display any information in the list. If you need to
attach an older Connection Broker to a database that has been upgraded to 9.0.40, you can
resolve this issue by clearing the filters for particular list or selecting the Remove table
customizations option on the > Dashboard > My Options page.
The internal PostgreSQL database in Connection Broker 9.0.40 has been upgraded to
version 9.5.24. Future Connection Broker releases will update the internal PostgreSQL
database to version 13. You may attach your Leostream Connection Broker to an external
PostgreSQL version 13 database. To do so, you must allow password authentication for
remote connections on your PostgreSQL server.
Features
Leostream Platform Component Updates:
o Leostream Connect 4.3.5 for Microsoft Windows operating systems – Supports
push notifications when MFA is enabled for a RADIUS MFA provider
o Leostream Agent 7.3.8 for Microsoft Windows operating systems – The Leostream
Agent service is now configured to retry to start after a failure
o Leostream Connect 3.7.5 for Linux and macOS – Supports push notifications when
MFA is enabled for a RADIUS MFA provider
o Leostream Agent 5.1.22 for Linux and macOS – Supports idle-time notifications
when installed on macOS
Leostream Gateway: Gateway Clusters now allow you to indicate if the Connection Broker
should set up forwarding rules on all gateways in the cluster or only on the gateway that
forwarded the login traffic
SAML Support:
o You can now specify a unique Entity ID for your Connection Broker when adding a
SAML-based authentication server to your Leostream environment
o You can enable an end-user login URL to allow local and domain users to bypass
30
your SAML authentication server and log in with their username and password
o New edit fields and {SAML} dynamic tags in a SAML authentication server allow
you to populate attributes in the users record based on attributes returned in the
SAML assertion
o The Sign out link on the Leostream Web client now redirects user to a Signed out
page or to the page entered in the URL redirect on user logout field on the >
System > Settings page
RADIUS MFA:
o RADIUS MFA Providers include a new checkbox to indicate if users can request a
push notification MFA
o The Sign In Terminology customizations now allow you to customize the text on
the MFA dialog on all client types
NIS: NIS authentication servers now support the Allow users to log in with an expired
password option
Teradici PCoIP:
o Protocol plans contain a new option to launch the PCoIP Software client from a
Leostream Web client login
o The default Alternate port for remote viewer port used in protocol plans is now
60443
o The PCoIP Devices center includes a new option to Relay syslog events to another
syslog server allowing you to send syslog events to Leostream to enable Release
Plan actions and then on to your syslog server for reporting, etc.
o The PCoIP Devices center no longer includes options to automatically bind two
PCoIP Zero clients with sequential MAC addresses
o The > Resources > Desktops page includes a new column that allows you to display
the second PCoIP Zero client connected to the desktop, for desktops with two
Teradici Remote Workstation Cards
o The Connection Broker now tries to resolve the PCoIP Zero client hostname to
determine if the client’s IP address has changed
DCV: The Connection Broker now supports single sign-on to a NICE DCV server using
authentication tokens
31
NoMachine:
o Protocol plans now have an option to launch the HTML5 NoMachine client included
in NoMachine Enterprise Desktop
o The policy options to enable view-only mode for NoMachine collaborations has
been removed as that functionality should now be controlled by the NoMachine
server
Scyld Cloud Workstation: Protocol Plans include a new option to launch the for Scyld Cloud
Workstation HTML5 client
VMware provisioning: Virtual machines provisioned into vSphere can now be assigned to a
specific VM Host Group
Verge.io: Provisioning is now supported for Verge.io centers
Database: You can now use SSL to connect to external PostgreSQL databases
Policies: You can now schedule access to pools in a policy for different groups of users
Clients:
o Client hostnames can now be displayed in the new Hostname column on the >
Resources > Clients page (hostnames currently available only for PCoIP Zero
clients)
o HTTP Headers are now stored for Leostream Connect and PCoIP clients and a new
HTTP Header column is available on the > Resources > Clients page
Administrator Web Interface:
o Center Refresh intervals are now called Scans to more accurately portray the
purpose of the action
o Dialogs that previously popped up new Web browser windows now open in modal
dialogs
o Column filters in the tables on the > Resources pages now provide checkboxes in
the filters to allow you to select multiple values to display in that column
o Lists of available items for customizing Connection Broker tables are now listed
alphabetically
o The Edit Desktop form no longer allows you to edit the desktop MAC address
32
o The Edit Gateway form now displays the information available from the
leostream-gateway --info CLI.
o CSS and HTML customizations to the Sign in page will persist through subsequent
Connection Broker upgrades
Connection Broker Application:
o jQuery has been updated to version 3.5.1
o The Connection Broker now disables automatic updates with yum update
Resolved Issues
The Connection Broker no longer removes virtual machine tags in Azure when the desktop
record has no associated tags in Leostream
The Connection Broker now uses the Forwarded-For HTTP Header instead of the immediate
remote address when determining the desktop IP address, to resolve issues where
desktops could be listed with the IP address of the load balancer used by the Leostream
Agent for sending registrations
The Connection Broker now uses the PCoIP Zero Client hostname to contact the client,
resolving issues communicating with clients with DHCP IP addresses
Resolved issues with the negotiation of cipher suites between the Leostream Agent and
Connection Broker during agent registration
Policies that offer stopped machines no longer incorrectly offer machines in the Joining
Domain state
33
Connection Broker 9.0.38.12
Connection Broker 9.0.38.12 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7.
The Connection Broker does not install on CentOS or Red Hat Enterprise Linux version 8. Please
contact support@leostream.com if you require support for one of these platforms.
Important note
Leostream recommends installing the Connection Broker on a machine with at least 8GB of RAM.
Resolved Issues
New log entry if DUO authentication fails because the response from DUO has expired,
which can occur if the Connection Broker time is incorrect
Resolves an issue launching HTML5 RDP connections to Windows 7 remote desktops -
requires Leostream Gateway 2.0.0.11
Improved duplicate hostname detection for desktop records in a Remote Desktop
Services/Multi-User Center
34
Leostream Gateway 2.0.0.11
Minor Features and Resolved Issues
Resolves an issue launching HTML5 RDP connections to Windows 7 remote desktops
The leostream-gateway --info command checks sudo file contents and
permissions for necessary levels
Logging enhancements
Connection Broker 9.0.38.11
Connection Broker 9.0.38.11 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7.
Features and Resolved Issues
Users can now be restricted to send invitations for collaboration only to specified groups of
users
All collaboration dialogs now adhere to the Display to user as setting for the associated
pool in the policy
The /saml URL now returns a 404 message if SAML authentication is not enabled in the
Connection Broker license key
NOTE: Enabling SAML authentication now requires a subsequent Connection Broker
reboot.
The Connection Broker HTTP headers no longer over write iframe settings specified in the
Content-Security-Policy HTTP header on the > System > Settings page
The User Assignment Report on the > Dashboards > Reports page now correctly calculates
the assignment time for hard-assigned desktops
Work queue jobs running against pool objects now check if the pool was deleted prior to
running, to ensure that new empty pool records are not created for the missing pool
The setting for the Send HTTP GET request option in a policy now persists when the policy
is saved
New {IP_AGENT} dynamic tag allows you to use the IP address returned by the
Leostream Agent in protocol plans
35
Leostream Gateway 2.0.0.9
Leostream Gateway 2.0.0.8 includes a new Content-Security-Policy setting that is incompatible with
Leostream’s Duo integration when Connection Broker forwarding is on in the Leostream Gateway.
Leostream Gateway 2.0.0.9 now inherits its Content-Security-Policy from the Connection Broker,
when Connection Broker forwarding is enabled.
Connection Broker 9.0.38.9
Connection Broker 9.0.38.9 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7.
Important note
Connection Broker 9.0.38.6 has been recalled due to issues with authenticating using a
SAML-based identity provider. If you are running 9.0.38.6, Leostream recommends
upgrading to version 9.0.38.9.
Features and Resolved Issues
Leostream Agent 7.3.5 for Microsoft Windows Operating Systems – Accurately report
disconnect events and version numbers for the NoMachine display protocol
Leostream Agent 5.1.13 for Linux and macOS
o Accurately report disconnect events for NoMachine connections to macOS
o Support forced logout of macOS when using the NoMachine display protocol
o Retrieve hostname and serial numbers when installed on macOS
o Support disconnect based on idle-time when connecting to Linux desktops using
Teradici Cloud Access Software (PCoIP)
Leostream Connect 4.2.10 for Microsoft Windows Operating Systems - Resolves an issue
where the client could crash when searching for available installed display protocol clients
Connection Broker Settings
o The Connection Broker Security Options section on the > System > Settings page
has a new option to specify the Content-Security-Policy HTTP header,
which can be modified to allow the Leostream Sign In page to be embedded in an
iframe
o The Maximum number of simultaneous server requests value on the > System >
Settings page is now 15 for new Connection Broker installations, to prevent the
Connection Broker memory from going to swap
36
NICE DCV
o Client-based NICE DCV connections launched using Leostream Connect or the
Leostream Web client can now be sent through a Leostream Gateway
o DCV sessions are now started before requesting the DCV connection using the
HTML5 DCV client
Mechdyne TGX: The Connection Broker now instructs the Leostream Gateway to open up
the propriate number of ports depending on if the TGX Sender is version 1.10 or 2.0
Web client
o The Show drop-down menu on the Web client now allows you to return to a list of
all resources after filtering the view by desktop pools
o The Show drop-down menu on the Web client no longer includes pools that the user
is not offered when the Offer desktops from this pool policy option filters the pools
based on the users group membership
o The Connection Broker now uses the X-Forwarded-For HTTP header to
determine a web clients original IP address when evaluating the client’s location
Release Plans: The Release to pool option in the When Desktop is first Assigned section of
Release Plans contains additional time intervals between one and four hours
PCoIP
o PIV card logins with PCoIP Zero Clients now work when using version 20.07 or higher
of the Teradici PCoIP Connection Manager
o Log messages related to being unable to contact the Administrator Web Interface
(AWI) for a PCoIP device are now logged as Diagnostic level logging, to avoid logging
these messages under nominal logging conditions
VMware Provisioning: The Connection Broker now uses the Computer UUID or Host UUID
to identify duplicates when provisioning in VMware
Active Directory Centers: Scans of Active Directory centers now correctly report when
desktops are removed from Active Directory groups
Azure SQL: Resolves the issue where Leostream Agent registrations could potentially fail
when the Connection Broker was attached to an Azure SQL database
Hard-assignments: Clients can now be hard-assigned to a desktop that is already hard-
assigned to a user
37
Licensing: The Apply to broker button has returned to the Leostream License Server to
support a one-click method to apply new Leostream licenses to Connection Brokers with
internet access
Leostream Gateway 2.0.0.8
Minor Features and Resolved Issues
Added log file rotation for the HTML5 viewer sessions stored in /var/log/tomcat
Enabled font smoothing in the HTML5 RDP viewer when the Desktop composition and
wallpaper option is selected
Improved logging when failing to setup forwarding rules for PCoIP connections
Ensure that firewalld and redis are running before starting the Apache service, to
avoid issues that arise if third party systems such as Puppet prevent the required services
from starting
Improved logging in the Leostream Technical Support logs
38
Connection Broker 9.0.38.3
Connection Broker 9.0.38.3 is an update release to Connection Broker 9.0. This update is available
for the latest point release of CentOS 7 and Red Hat Enterprise Linux 7.
Important note
Connection Broker 9.0.38 no longer supports the Connection Management Interface for PCoIP
Remote Workstation Cards. You must use the PCoIP Broker Protocol to manage Remote
Workstation Cards. To retain all Leostream features and functionality, you must also enable the
Administrator Web Interface on all PCoIP Zero Clients and Remote Workstation Cards. Please
contact support@leostream.com for more information prior to upgrading your Leostream
environment.
Features
Component Upgrades:
o Leostream Agent for Windows – 7.3.3 adds support for launching and monitoring
NICE DCV sessions
o Leostream Agent for Linux – 5.1.4 adds support for launching and monitoring NICE
DCV sessions along with improvements for monitoring NoMachine sessions on
macOS
o Leostream Connect for Windows 4.2.9 adds support for connecting to NICE DCV
sessions
o Leostream Connect for macOS and Linux 3.7.3 adds support for connecting to NICE
DCV sessions and resolves issues launching HP Remote Boost connections through
the Leostream Gateway
NoMachine support: Leostream Protocol Plans can now be configured to send NoMachine
connections through the Leostream Gateway
DCV support: Leostream Protocol Plans now support the latest version of NICE DCV that is
included with AWS EC2 instances
PCoIP support:
o Leostream logins are now supported when the identify on the PIV cards is linked to
an Active Directory user via the altSecurityIdentities attribute
o The Installed Protocols column on the > Desktops page now distinguishes
between desktops that use the PCoIP Remote Workstation Card and the PCoIP
Cloud Access Software
39
Alerts: The > System > Alerts page includes a new option to send an alert email when a
Leostream Gateway goes offline
Locations: Client locations can now be created using the Device and Client Software
parameters
The Bulk Edit feature for desktops now allows new Notes to be simultaneously added to
multiple desktops.
Resolved Issues
Follow-me mode now works for PCoIP connections to Remote Workstation Cards
established through the Leostream Gateway
The power state for Azure instances is more accurately reported when users power on
machines using the Leostream Web client, resulting in fewer failed desktop connections
Saving and testing RADIUS MFA now only validates the specified hostname and port, to
avoid cases where the Connection Broker could not connect to the RADIUS server to
validate the shared secret
Desktop connections forwarded through a load balanced set of Leostream Gateways now
use the correct client source IP
The Connection Broker now resends the command to join a desktop to a domain in the
event the Leostream Agent is unreachable when the desktop first starts
The /admin URL now correctly logs the user into the Connection Broker Administrator
Web interface, if their role allows access
Desktops marked as Unavailable or Duplicates no longer consume Leostream Desktop
licenses.
Resolves issues related to assigning policies when users are members of nested Active
Directory groups
UTF-8 characters can now be used for the message displayed using the Additional text for
right side of sign-in form option on the > System > Settings page
Users logging into Leostream with a username formatted as a userPrincipalName can
now connect to their desktops using the Leostream HTML5 viewer.
Center scans no longer fail if a desktop is deleted in the middle of the scan
When defining pools based on LDAP attributes, the selected LDAP attributes are no longer
duplicated when you edit the pool
40
Properly block logins from a SAML Identify Provider with the Assignments table sets the
Default Policy to <None – prevent user login>
No longer log spurious warning messages about unknown PCoIP Host Cards for desktops
with two PCoIP Remote Workstation Cards
Session information is now transferred between Connection Brokers in a cluster over port
443 instead of port 80, resolving session expiration errors when port 80 is blocked
Distinguish PCoIP software clients from zero clients to stop attempts to contact the
Administrator Web Interface for PCoIP software clients
No longer update desktop records when its list of IP addresses is reordered but otherwise
identical to the list already in the Connection Broker, to avoid superfluous log messages
Resolved poorly formatted error messages that could result if the policy was set to open
the HTML5 connection in a new tab and the users policy blocked the connection
Leostream Gateway 2.0.0.5
Version 2.0.0.5 addresses issues introduced in the updated Guacamole HTML5 viewer related to
launching HTML5-based VNC sessions to macOS desktops.
Leostream Gateway 2.0.0.4
Version 2.0.0.4 of the Leostream Gateway addresses recent security concerns related to the HTML5
viewer. All Leostream customers are encouraged to upgrade to this version of the Leostream
Gateway.
Resolved Issues and Enhancements
The Apache Guacamole HTML5 viewer has been upgraded to version 1.2, to address the
recently announced reverse RDP vulnerabilities
New CLI options are available to enable and disable the Guacamole service, for
environments that do not require the HTML5 Viewer
Logging out of an HTML5 viewer session now redirects the user back to the Connection
Broker login page or closes the browser tab, based on the user’s policy setting
41
Appendix A: Version Compatibility
Leostream Agent Compatibility Matrix
The following table indicates the Leostream Agent versions that are compatible with the different
Connection Broker versions. Connection Brokers cannot communication with incompatible
Leostream Agents, resulting in a loss in Leostream functionality.
Leostream Agent versions older than 5.0 for Windows and 3.0 for Linux are not compatible with
any supported Connection Broker.
42
Leostream Connect Compatibility Matrix
The following table indicates the Leostream Connect versions that are compatible with the
currently supported Connection Broker versions.
Connection Brokers older than 8.1.44 are compatible only with Leostream Connect 3.6.18 or
earlier on Windows operating systems.
Not all features supported by the latest Leostream Connect version are available when using an
older Connection Broker version.