File Director for administrators
Version 2023.3 - File Director
This release contains bug fixes.
This release contains bug fixes and the following updates.
AES 256 support for Kerberos encryption
Following the 2023.1 release, we now support AES 256 encryption for Kerberos, however we no longer support RC4 and 3DES. Going forward, we only support AES 128 and AES 256 encryption when using Kerberos authentication.
Please note that third-party storage filers such as NetApp may need to have AES enabled in order to continue to work with this release if they have not been configured to use AES 128 and 256 encryption.
Fission resource limit improvements
Previously, expired entries within Fission would only be cleaned up when reading entries from the Fission store or during a periodic clean-up thread. If write attempts were made during this time, an exception would be returned. We have improved this behavior, so that we now attempt to perform a clean-up of expired entries when writing to the Fission store if it has reached its capacity before returning the exception. We have also improved the logging and error handling in this area so more meaningful error messages are shown in the server logs and syslog audit stream.
FreeBSD upgrade to 12.4
The operating system has been upgraded to FreeBSD 12.4 as the current version (12.3) is expected to be end of life from 31st March 2023.
Documentation: Microsoft patches remove support for encryption
Microsoft has tightened security encryption, including suggesting that Kerberos RC4 be disabled. The documentation has been updated with links and information to fix this issue.
Exclusion Rules Enhancements
Exclusion rules for macOS have been expanded to include size as well as AND/OR functions. Syntax has also been slightly enhanced in that spaces around operators are ignored.
For further information, see Mac Exclusions.
Improved Setting of Log Levels
The log level can now be set by running the Defaults tool from the Terminal.
The AdminConfig.sh contains examples.
File Director on Apple Silicon (M1) Macs
The File Director app is now universal, which means it runs natively on both Intel and Apple Silicon (M1) Macs.
In addition to code enhancements and bug fixes the following features are included in this release.
UDP Support for Syslog Auditing
Syslog auditing has been extended to support the UDP protocol as well as the default TCP. If the UDP protocol is required, it is configured from within the Admin console.
Refer to Syslog Server for further information.
NTP Troubleshooting - Notification
File Director 2021.3 introduces an Administrative Console notification for Network Time Protocol (NTP) issues. The notification alerts those managing File Director of possible problems and so assists in prompt resolution.
Refer to Network Time Protocol (NTP) for further information.
Subject Alternative Names support for Certificate Signing Requests (CSRs)
Administrators can now specify a SAN name when generating a Certificate Signing Request (CSR) from the Administration Console. Multiple fully qualified domain names (FQDNs) can be added where a Load Balanced environment is in place.
In addition to code enhancements and bug fixes the following features are included in this release.
New base image
File Director 2021.1 is delivered as both a patch and a new appliance base image. Deploying a new base image is the recommended upgrade method.
The patch can be applied to existing deployments (version 2019.3 or later). Base images can be deployed on VMWare (ESXi 6.7 or later) and HyperV (2012R2 or later) hypervisors. Refer to 2021.1 ugrade for important information.
Removal of shared external database requirement
The 2021.1 release of File Director removes the requirement for an external SQL database. This development simplifies infrastructure requirement and File Director configuration.
Database tab removed
The Database settings options have been removed from the web admin and text-based console.
With user and device data no longer stored in a database, this development results in a number of further, associated changes.
Snapshots are configuration-only
Without user or logged-in device data any appliance configuration snapshot you create will be configuration only. Refer to Backup an appliance configuration for more information.
Verified device functionality removed
Without stored device data, devices are no longer assigned Verified status. This has resulted in simplification of a number of policies and workflows.
The policy for Failed Login Attempts is determined from Web Admin console (Policy > Global). If a user exceeds the attempts permitted, their account is temporarily locked for a configurable period no greater than one hour. Once unlocked, the failed login counter is reset.
Remote wipe functionality has been removed.
The IP based restriction policy has been removed.
Change appliance password from web admin
A link has been added to the Status page of the web admin console to enable the appliance password to be reset at any time. Previously the password could be reset only from the text console.
A Test button has been added to the Kerberos Preauthentication dialog. The test allows you to quickly validate the Kerberos authentication credentials entered. Refer to Kerberos authentication.
10GB compatible network adapter for VMware appliances
The base image for File Director 2021.1 includes the VMXNET3 network adapter providing support for a 10GB network capability. Refer to Appliance prerequisites for more information.
The log file size for the circular logging mode is now configurable via an engineering key or via the Client Policy Tool. The default log size for the circular logging mode is 512 MB. Configuring this option allows the client to create a larger log file and so increases the likelihood of capturing the issue.
Environment variable support
The use of environment variables in Path based expressions is now supported. Refer to Expressions for further information.
This release includes updates to the existing Overview and Performance dashboards. Dashboards visualize the File Director syslog stream and are a valuable monitoring tool. They can be downloaded for free from the Ivanti Marketplace and used as they are, or further tailored for your own requirements.
For a description of dashboard components and how to interpret their data refer to Dashboards.
In addition to code enhancements and bug fixes the following features are included in this release:
Windows Client Policy Tool
The Policy Tool transforms the way you can configure settings fundamental to how File Director operates.
This short video summarizes the use of the Policy Tool:
The tool has two components:
•Sync Rules page
Refer to Windows Client Policy Tool.
Scan Outside Profile
File Director 2020.3 introduces a new feature to discover data outside of the user’s profile.
The scan is performed using a configuration which includes parameters that administrators can set. It identifies files that match these parameters.
Reports are generated to show an administrator which files have been found on a user’s endpoint outside the profile, and the administrator can then decide whether or not these files require managing using File Director.
Refer to Scan Outside Profile.
Support for DHCP and the ability to configure File Director network settings via the admin console has now been added. Refer to Appliance Network Identity.
File Director now offers a supported public API which allows customers to deploy appliance upgrades either to their standalone appliance or to a cluster of appliances. Refer to REST API.
Deprecation of WebDAV map points
Support for WebDAV is deprecated from 2020.3. Existing WebDAV connection strings will remain valid but new connections cannot be created and saved.
The 2020.3 release of File Director no longer supports link based sharing. When the upgrade is applied, any quick links created previously will no longer work and external logon will no longer be possible.
The removal of file sharing functionality impacts the following areas:
Note, links to older versions of user help open in a new window.
Web Proxy Support
File Director can now be configured to use a web proxy for external services connections such as OneDrive, Google Drive and Box for example. Refer to Advanced Configuration Options.
Cluster Wide Maintenance Mode Activation
A cluster of File Director appliances can now be disabled simultaneously with a single click, reducing the time and effort previously demanded when performing environment wide maintenance or troubleshooting.
OneDrive Storage – Additional Character Support
Paths containing the characters # and % will now successfully sync with OneDrive storage.
Easier Access to Further Information
In addition to this online help system, Ivanti provides a wealth of supporting information in the form of online documents, help videos and curated community articles.
In the 2020.2 release we have collated these resources into a summary table and made this available via the Release Notes and from the online Help landing page.
Box Cloud Connector
File Director can now be configured to connect to utilize Box cloud storage for user home map points. Once configured, users can update files within their home directory using File Director on any of the supported platforms and will see the changes seamlessly sync with their corporate Box storage.
For configuration and deployment steps please refer to the
This short video summarizes the use of Box cloud storage with File Director.
Persistent ghost files
The Windows client can now present local and non-local files to the user based on a cached listing from the server. This allows non-local (ghost) files to be presented even where a connection to the network has not yet been established or has been temporarily dropped.
The offline user is prevented from interacting with files that are present on the server but not yet downloaded or held locally and they are notified accordingly via a (customizable) tray message .
For user information on the display and availability of Windows files see Windows file transfer status.
File Director and secure LDAP
Administrators can now configure secure LDAP communication between the File Director appliance and Active Directory.
If you are not using a publicly trusted root certificate you will need to add the certificate from your internal (or private) Certificate Authority (CA) to the File Director appliance.
This can be done from the SSL Certificates section within the File Director Admin console. Adding the certificate enables validation of the certificate signature.
For further details see Trusted root CA.
Upgrading to 2019.3
Best advice on how to upgrade your appliances can be found on our Upgrades help page.
Performance and user data dashboard updates
File Director provides a syslog stream which can be configured to point to third party applications. The data can then be indexed and reported upon in order to monitor the health of the File Director cluster and status of user data sync.
We have produced a sample set of dashboards using open source Elastic Stack. The dashboards can be downloaded for free from the Ivanti Marketplace and used as they are, or further tailored for your own requirements.
In this update we have introduced the User Data dashboard, and updates to the existing overview and performance dashboards.
For a description of dashboard components and how to interpret their data refer to Dashboards.
Improved Troubleshooting and Supportability
Several new features have been added to the Admin console:
•Kerberos secondary authentication
•Secure Shell (SSH) access improvement
File Director telemetry
Basic telemetry has been in place since 2019 SP1and is used to help us measure the reliability and usage of our products. It can help us prioritize, and focus upon the areas which are most valuable to customers.
The current release of File Director, sees telemetry data expanded to include feature usage from the client, and server.
Version 2019.1 SP2
Cache Statistics - auditing enhancement
A local event log entry is now created at every logon, providing local cache statistics on a per user basis. For further information see Cache management.
Version 2019.1 SP1
Cache management – pause logoff until sync completed
Our market leading cache management feature now provides the ability for Administrators to delay user logoff until the user’s local cache is fully in sync with the server.
The messaging presented to the user whilst the pause is in progress is configurable as is the pause duration. Both parameters are configurable on a per machine basis.
In addition, if you manage PST files using File Director you can configure the logoff pause to wait for files that require a shadow sync to complete prior to logging off. For details on how to configure this feature please refer to Cache management.
Logoff pause reporting
Two local event log entries are created for each instance of a logoff pause. This data can then be reported centrally via the Ivanti Management Center:
•Event ID: 9820 – Source: Ivanti File Director – Error: Timeout occurred waiting for cache to be in-sync.
•Event ID: 9821 – Source: Ivanti File Director – Information: Sync status of the user’s local cache.
•Event ID: 9822 – Source: Ivanti File Director – Information: Duration of the Logoff pause in seconds.
Finally, over a 24-hour period the logoff pause data on each client is aggregated and included within the Syslog stream outputted by the server(s). This data could then be tracked and presented within a syslog dashboard.
File Director telemetry
Telemetry data can help us measure the quality, scalability, reliability and capabilities of our products. Using such data could enable us to deliver the solutions our customers demand faster, and alert us to areas which customers would find less useful.
In this release of File Director, we have introduced some basic telemetry into the product. For further information refer to Telemetry.htm
It is now possible to enforce SSL encryption on the connection to the external MS SQL Server database. It can be enabled by checking the Require SSL checkbox in the Database Settings section of the Cluster tab. For further information refer to Clustering.htm
Improvements in online help usability
There is a wealth of user information contained within File Director product help and we continue to work towards improving access and usability.
In this product release we have introduced the use of context-sensitive help. Many File Directordialogs and screens now carry a help icon which, when clicked, will open the relevant help topic directly.
Google Drive connector
File Director can now be configured to connect to and utilize Google Drive storage for user home shares. Once configured, users can update files within their home directory using File Director on any of the supported platforms and will see the changes seamlessly sync with Google storage.
The end user does not have to change the way they work, and there is no training required to adapt to a different storage location. File Director will simply take the files from the native profile locations such as the user’s desktop (In-Location-Sync), and sync them with Google storage, with files delivered either on demand or automatically at logon as defined by the Administrator.
For further information see Google Drive connectors for home map points.
Cache management – remove all local cache at user logoff
In a significant extension to the client-side cache management capabilities, the ability to selectively remove the local copy of the user’s cache at logoff has been provided.
With this enabled, Administrators can ensure local disk space is managed efficiently with File Director leaving zero-touch at the end of the session.
For further information see Cache management.
Enhanced map point configuration
•New map points are now disabled by default.
For further information see Map Point Policy.
•Home (private) map point configuration.
Cluster wide log collection
With previous versions of File Director gathering appliance logs from each node within a clustered environment could be a time-consuming task. We now provide Administrators with the ability to download logs from across the cluster from the Cluster Management page of any node.
For further information see Clustering.
•FDmon: Endpoint Analysis Tool forFile Director.
•File Director Performance Monitoring Dashboards.
For further information see Sizing and Monitoring your Deployment.
Version 2018.3 SP1
Option to disable PST Smart Unlinking
The background task of PST unlinking and relinking takes place to prevent any user delay at logon. By default, this background activity is enabled. The File Director 2018.3 SP1 release introduces an engineering key to disable this activity. See PST smart linking
Cloud Connectors tab
Within the Admin console, OneDrive registration has been moved from the Directory Services tab to a new Cloud Connectors tab. This will allow us to add future cloud connectivity functions to the same location and enable improved user navigation. See One Drive Registration
Specify backup for Kerberos authentication
It is now possible to specify a backup server for Kerberos authentication. See Configure Kerberos in the File Director Admin console
New File Director base image
Security and compliance are further enhanced with the release of a new base image. Previously, the base image utilized a version of the operating system FreeBSD which is no longer supported. File Director 2018.3 introduces a brand-new base image making use of version 11.2p3 of FreeBSD.
Windows client cache management
File Director 2018.3 introduces an automatic cache cleanup function configurable to your requirements. This can help simplify maintenance and reduce endpoint hard disk usage.
The cache cleanup removes inactive files from the cache. It will apply only to files that have been synced, where the user is online, and where no uploads are pending. As an administrator, you determine the length of time unused files may remain in the cache before being removed. When this period expires the cached files are removed from the local cache.
Rules can be specified to exclude specific file types from the cleanup, and processes (such as web browser applications) that frequently open and close files without user action. See Cache Cleanup.
New version numbering
File Director version numbering has been changed to reflect the rest of our product portfolio.
One Drive for Business connector scalability
This version introduces several improvements to both the File Director server and Windows client when used with OneDrive for Business connector:
Internationalization of the Windows client
With 2018.1 it is now possible to configure the Windows Client to display end-user messages in the following, local languages:
▪ Portuguese Brazilian
▪ Chinese Simplified
▪ Chinese Traditional
Bidirectional OneDrive synchronization
Updates made to files on map points using any File Director client or the OneDrive for Business web or desktop clients are now synchronized.
Cluster health check
File Director now provides information relating to the performance and health of appliances. It is now possible to monitor and report upon a wide range of metrics including:
This new functionality provides the File Director administrator with the ability - via tools such as Splunk and Graylog - to monitor the health of their appliances and clusters, giving them the insight they need to drive operational performance and ensuring a high level of end user experience.
Improvements to file delta synchronization
With this release File Director now synchronizes the changes (or Deltas) that are made to files asynchronously. This means that files are now synchronized in a more robust, scalable and efficient way improving the end user experience whilst reducing the amount of bandwidth and server resources that are required.
This approach also ensures that uploads are not affected by any issues such as infrastructure timeouts, for example.
Smart PST linking
When opening Outlook on a new endpoint for the first time and the Outlook profile is expecting to find a local PST file, the end user will experience an application hang whilst the file is downloaded. This is a scenario that can be common when a user is migrating to Windows 10 from Windows 7, for example.
File Director now offers the ability to unlink any remote Outlook Data Files (PST) before a user opens Outlook on a new endpoint for the first time. This occurs before the desktop has been loaded, ensuring that the end user experience is not affected whilst potentially large PST files download.
Once PST files are downloaded, File Director then performs a relink in the background, ensuring a smooth onboarding process for the end user throughout.
Removal of the 200 Worker Thread Limit per server
The introduction of HTTP Persistent Connections also called HTTP keep-alive, or HTTP connection reuse in this release, introduces improved resource management for the File Director server. This has allowed the number of processing threads that are available to each server to be increased from 200 to 400.
The introduction of more threads means that each server can now process more requests at the same time resulting in faster response times to the File Director client.
These changes enhance the user experience when interacting with files that are being managed by File Director.
Storage connector for OneDrive for Business
File Director brokers users access to existing storage infrastructures without the need for administrators to ring-fence storage solely for the service. This unique on-premises server-agent architecture means we can solve problems companies face when trying to utilize the free storage every Office 365 user has. Using cloud storage successfully means its implementation should not impact the user experience or remove the existing enterprise control.
File Director 4.3 is our first release with a cloud storage connector. Customers upgrading to 4.3 can utilize each users 1TB of OneDrive storage for break/fix or Windows migration projects, and in virtual desktop environments.
For more information, see: OneDrive connector for Home map points
Command Line Interface
The File Director Appliance provides a sealed operating environment for the server application, configuration options for customer environments, and gives the ability to cluster the service. As part of the new OneDrive storage connector we have introduced a lightweight CLI for customers to perform more advanced tasks, such as diagnosing network communication issues.
For more information, see: Command Line Interface
Over time the features and functionality of DataNow has moved from a file access and sharing product, to a mature synchronization technology uniquely positioned to solve the common IT headaches around migration, break fix and multi-endpoint access.
As part of the Ivanti rebrand we felt it was the right time to take the opportunity to rename DataNow with a more descriptive product name. DataNow has been renamed File Director.
File Director has been updated to reflect the new company name of Ivanti (see here for more details). In addition, components on the endpoint have been updated to reflect these changes.
You may still see references to the ‘AppSense’ name used in certain areas, such as the Registry or Windows Services. This is to make the transition as least disruptive as possible for existing users of File Director.
Kerberos constrained delegation in cross realm environments
Credential Guard was introduced in Windows 10 Enterprise and uses virtualization-based security to isolate NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials, all so that only privileged system software can access them.
File Director 4.2 now supports constrained delegation with support for crossing realms for customers who have a requirement to use Kerberos authentication in their environment.
For more information, see Kerberos constrained delegation.
Toggle TLS 1.0
PCI compliance required us to disable SSL v3/TLS 1.0 in File Director. As outlined in this Microsoft support article configuring endpoints to default to a secure protocol (TLS 1.1 or TLS 1.2) requires the implementation of registry settings and potentially an update. Customers that are unable to implement this change can now toggle TLS 1.0 on in File Director 4.2.
In the File Director web Admin console, navigate to Configuration > Advanced. TLS 1.0 support can be enabled for endpoints in the TLS 1.0 (for legacy clients) pane. Note that when enabled this is done across the cluster.
Ivanti recommends turning off TLS 1.0 support as soon as all legacy endpoints in the environment are updated or replaced.
For more information, see TLS 1.0.
New Server delta sync mechanism
DataNow 4.1 provides a new delta sync feature, built to reduce the both network traffic and the time to calculate and upload file deltas. Our SMB library supports block copies from the client endpoints.
Every step of the sync request had been optimized from client endpoint to DataNow server and on from DataNow server to the back end storage.
For more information, see File Sync.
Windows PST sync optimizations
In DataNow 4.1 we have heavily optimized the syncing of PST files, leveraging the new delta sync feature in the DataNow server. PST files can now be synchronized from the endpoint based on amount changed or time period.
PST synchronization in 4.1 sends only the local changes to the PST (that is, the delta), significantly reducing the network traffic and the time to complete the sync activity.
For more information, see PST Synchronization.
Windows client sync prioritization
Earlier versions of the Windows client would synchronize content based on discovery. In DataNow 4.1 we have moved to sync content based on age - newest first. The new sync prioritization provides users a better experience when moving from old to new devices but syncing the important content first. This is ideal in migration or break fix IT workloads.
Administrators can actively exclude files from the age priority list. This can be done by file type or size.
For more information, see File Prioritization
Appliance Set Up
Configure the Appliance
Set Up Link Based Sharing (2020.2 and earlier)
To view user help click: Link Based Sharing.
|Which Ports do I need to configure for File Director?||How do I access my File Director log files?|