Liquit Workspace

We are proud to release Liquit Workspace 3.0.

Below is a short list of the most important new features.

The downloads are available at the downloads page.

Context Awareness

We introduced location awareness in Liquit Workspace 2.x, which allowed applications to be enabled based on the location of the user at that time utilizing package filters. With Liquit Workspace 3.0 we have replaced the location awareness feature with a more feature rich option called “Contexts”. The difference between locations and contexts is that a user session can have multiple contexts instead of a single location.  “Contexts” can be used to assign packages and/or assign management permissions based on their contextual information. A context object has access to filters based on the device, session and user objects. Even a scripting option is available to create complex contexts which can’t be solved with the simple editor. Context awareness in Liquit Workspace 3.0 allows you to:

  • Publish applications based on the department field as configured within your Active Directory.
  • Combine information about a device and user to assign applications, so only if User A is logged on Device B will grant him access to the application.
  • By assigning Liquit permissions to contexts allows you to only have Administrative access to the Liquit Workspace from within the company network, any other location will give normal user permissions.

Attribute Based Access Control

Create custom scripts that allows you to apply object level permissions based on the resources attributes.

Role-Based Access Control Policies as in Liquit Workspace 2.x is still available with Liquit Workspace 3.0.

 

Attribute based access control within Liquit Workspace 3.0 allows you to:

  • Only delegate modify permissions on packages that have a certain word within the description field.
  • Only allow remote control of users that belong to a certain department for support purposes.
  • Policies can be combined with Context Awareness to create powerful security enforcements based on their location.

 

Release Management

An individual package can have different package snapshots in different stages, the available stages within Liquit Workspace 3.0 are: Development, Test, Acceptation and Production.

Packages can only be modified at the development stage and can be deployed to development devices for testing purposes, before they are published to one of the other stages.

Which stage gets published to the user is determined by the package entitlements, where an entitlement based on user, group, device or context can be configured within a certain stage.

This allows you to control which users or groups have access to specific stages on a per package basis.

 

Package staging within Liquit Workspace 3.0 allows you to:

  • Test updates in multiple stages of the application lifecycle before its deployed to all users in the Production stage.
  • Updates coming from Liquit Setup & Patch can be applied in a test stage, or order be tested on a selection of devices before rolled out in production.

 

Offline Support

Offline access to your applications allows you to use Liquit Workspace 3.0 without having access to the Liquit environment.

Offline Support can be configured per individual, so applications that have this configured will be available without Internet connection.

Liquit Workspace will run in a limited interface when in Offline mode, so only applications can be started and the user is not allowed to change any personal settings.

 

Additional features

There are many more changes and enhancements within Liquit Workspace 3.0 based on customer feedback. Some highlights of the most requested features:

General changes

  • Liquit uses an all new REST based API for both management and workspace access.
  • All name fields have been increased from a maximum length of 50 to 100 characters.
  • Description fields have been added to all management objects.
  • Liquit uses Access Tokens as a preferred method for authorization to replace session keys.

Agent

  • Offline support
  • Web links opened in the launcher now use the default browser instead of Internet Explorer

Workspace

  • Sidemenu has been simplified, showing all available filters.
  • Search has now been split up (Workspace, Catalog and Contacts) search requests to speed up results coming in as they are available.
  • Default icons based on package types.
  • Refresh button has been added
  • Loader has been added to indicate a manual refresh is inprogress.
  • Show progress when launching a package without agent.

Catalog

  • Pending requests can be cancelled by the user.
  • Approvals are now available in the catalog.
  • Get/Request buttons have been added in the details view.
  • Additional filters have been added.
  • Refresh button has been added.

Login

  • Login has been updated with a new UI.
  • The identitySource URI parameter will now hide other identity sources.
  • Support for Azure AD authentication based on login form or HTTP SSO.

Devices

  • Additional columns have been added that can be selected in list view, including but not limited to: IP, Manufacturer, System Model.

Servers

  • IP and listening ports can be modified using the new Server.json configuration file.

Mail Servers

  • Multiple mail servers can now be configured.
  • Servers can now be configured in Load Balancing groups.
    • Servers with the same priority are load balanced per request.
    • Server priority of 1 will be the preferred server that Liquit will use, unless a failure occurs.

Identity Sources

  • Select which authentication methods are enabled. (Login, Federated, HTTP and NTLM)
  • Move the order of preference of the authentication methods, to select which methods should be attempted first.
  • OAuth2 configuration settings are now available under “Federated”.
  • Contact attributes can be hidden per identity source.

Identity Sources (LDAP)

  • Active Directory and eDirectory have been merged into a single LDAP Identity Source
  • Schema option has been added to the LDAP Identity Source to choice between AD or eDirectory schemas.
  • Servers can now be configured in Load Balancing groups.
    • Servers with the same priority are load balanced per request.
    • Server priority of 1 will be the preferred server that Liquit will use, unless a failure occurs.
  • Page size, Connection Time and Search Timeouts can be adjusted per server.
  • Secure option has been moved from global to per server.

Identity Sources (Azure AD)

  • Its now possible to use the Liquit UI as login option.
  • Azure AD credentials can now be used to connect with the Liquit Workspace PowerShell module.

Authenticators

  • Servers can now be configured in Load Balancing groups.
    • Servers with the same priority are load balanced per request.
    • Server priority of 1 will be the preferred server that Liquit will use, unless a failure occurs.

Contexts

Contexts replaces both the locations and dynamic device collection feature. These can be used to assign user permissions within Liquit and as a means to distribute deployments and packages. A user can belong to multiple contexts, context settings are applied in order.

  • Filter based on user and/or device attributes.
  • Override system wide variables.

Tags

Categories have been renamed to tags.

Deployments

  • Packages can be assigned from device, collection or context objects.
  • Package stage support has been added.

Remote Control

  • Remote Control packages are now supported without an agent.
  • Package filters are now being used to determine if package can be used.
  • Packages need to be assigned as (Hidden) packages

Scheduled Tasks

  • Added the ability to add multiple schedules to a single task.
  • Removed the option to add system level tasks.

Access Policies

Policies replaces roles feature, enabling per object permissions based on their attributes.

  • There are two type of policies available:
    • Role – A traditional role based permissions system comparable to 2.x, that allows you to visually select what a person has permissions for.
    • Script – Create a custom script that allows you to control permissions based on attributes of a resource, to create per object permissions.
  • New role privileges have been added for the workspaces, including privileges that can be controlled:
    • Upload content
    • View tags
    • View/post reviews
    • View/request catalog items
    • Reset workspace
    • Add/view/modify/remove teams
    • View/modify/remove credentials.
    • Accept/reject/view/remove approvals.
    • API access (PowerShell and Liquit Setup Commander)

Packages

  • Package type field is now freely editable, no longer a fixed list of options.
  • Added offline option to a package, to make the package available while the agent is disconnected from the Liquit Server, requires 3.0 agent.
  • Added a “No agent required” option to enable this package for use without an agent running.
  • Added release management functionality
  • There are 4 stages available, namely;
    • Development – This a new version of the package can be created/modified.
    • Test – This is where a version is deployed to a select group of test users.
    • Acceptation – This is where a version is deployed to a select group of acceptation users.
    • Production – Deployed to all users within the organization.
  • Stage in which a user or device belongs to can be configured within entitlements.
  • Development stage (previously known as sandbox) can now be developed and deployed to select devices to test them before moving them to the next stage.
  • Staging is only supported with the Liquit 3.0 agent or without an agent.
  • Use Drag & Drop to move between stages.
  • Select stages to see their current configuration.
  • Distribute, Install, Launch and Uninstall action sets have now been moved into a single interface.
  • Ability to add multiple action sets of a single type, to group actions.
  • Disable entire action sets.
  • Added additional event triggers under entitlements:
    • Agent startup
    • Device startup
    • On session connect
    • On session disconnect
    • On session lock
    • On session unlock
  • Modify identity member is supported without agent.
  • Packages can be assigned from user, group, device, collection or context objects.
  • Browse for identity has been added to entitlements, allowing more sorting and filtering options.
  • Package relationships can now be viewed at dependencies tab.

Connectors

  • Managed packages
    • Can now be modified by adding new action sets while still retaining update functionality.
    • Action sets that are created by the connector cannot be modified.
  • “Ignore missing dependencies” option has been added during the create and update package wizard.
  • Connector can be configured to place updates in a specified stage.

 

About the author