Skip to main content

November 2021

Flexera One introduced the following new features and enhancements this month.

Automation

Flexera One added the following new Automation feature in November 2021.

AWS STS multi-account credential usage

note

This feature is available with Automation.

Flexera One Automation allows you to create an AWS STS role across multiple AWS accounts with the same role name and permissions. How to create an AWS STS credential for two or more AWS accounts using the aws_account_number field is further explained in the following product documentation topics:

Cloud Cost Optimization

Cloud Cost Optimization added the following new feature and enhancement in November 2021.

Bill Processing Status dashboard

note

This feature is available with Cloud Cost Optimization.

The Bill Processing Status dashboard allows you to view the status of your bill connects. The Flexera One Org Owner role is required to view this dashboard. This dashboard can be found by navigating to the Administration menu and selecting Bill Processing from the Cloud Settings submenu.

The Bill Processing Status dashboard allows you to view:

Click the toggle at the upper-left corner to view everything on this page or errors only.

Credentials

The Credentials column displays the validity of your credentials. If an Invalid credential error badge appears, click the link to update the account’s credentials under Administration > Cloud Settings > Billing Configuration. This feature is available for all cloud vendors.

Bill Status

The Bill Status column displays actionable Common Bill Ingestion (CBI) errors. If an error badge appears, click the link which opens a slideout.

This error slideout includes a data table with the:

  • Error Message
  • Detected (time frame)
  • Status
  • Source ID

Click the paper icon at the end of each table row to quickly copy the error information.

Import History

Clicking the View link in the Import History column opens an Import History slideout. In this slideout, you can view the import history for each of your bills from the last three months. The Import History feature is available for all cloud vendors except for AWS connections that are not enabled for Common Bill Ingestion (CBI).

Cloud Settings: Billing Configuration and Custom Tags

note

This enhancement is available with Cloud Cost Optimization.

We are pleased to announce the Cloud Cost Billing Configuration and Custom Tags pages have each been given their own individual pages under the Administration > Cloud Settings.

  • Administration > Cloud Settings > Billing Configuration
  • Administration > Cloud Settings > Custom Tags

This added benefit now means that you can favorite each page individually for ease of use.

These cloud settings are further explained in the following product documentation links:

IT Asset Management

IT Asset Management added the following new features and enhancement in November 2021.

Oracle Fusion Middleware inventory configuration improved

note

This enhancement is available with IT Asset Management.

The collection of specialized inventory for Oracle Fusion Middleware has been refined. Initially, this functionality relied on the IncludeDirectory preference being set to / on UNIX-like systems; but experience shows that this can return excessive amounts of file evidence, much of which is unrelated to Oracle Fusion Middleware. Moving forward, IncludeDirectory reverts solely to its original purpose of specifying folders for collecting file evidence for either application recognition or usage tracking. When collection of inventory for Oracle Fusion Middleware is authorized (by the controls described in the March 2021 feature announcement Oracle Fusion Middleware inventory configuration improved), the FlexNet inventory agent automatically scans the entire file system (as required by Oracle), almost independent of the setting in IncludeDirectory. The system-wide scan knows which folders (in IncludeDirectory) have already been scanned, and where Oracle Fusion Middleware evidence has already been collected during the regular inventory scan of the target device; and no folder is scanned a second time, again optimizing performance and uploads.

New connector for BMC Discovery imports

note

This feature is available with IT Asset Management.

For some time, IT Asset Management has supported an adapter for importing data from BMC Discovery (formerly ADDM). The term adapter means that set-up and maintenance is involved. In this particular case, including a staging database where an executable can reconfigure the data prior to uploading it for import into IT Asset Management.

Now, there is also a connector available for BMC Discovery. This is a much lighter mechanism for collecting the relevant data, as the connector needs no intermediate staging database nor a separate processing executable. The connector, running on an appropriate inventory beacon, simply connects to the RESTful APIs provided by BMC Discovery to extract the required data. Once collected, it is automatically uploaded to the central application server and saved in the inventory database. From there, at the next full inventory import and license compliance calculation (by default, overnight), it is imported into the compliance database and the results are visible in the web interface.

Currently the data collected by the connector or the adapter is the same; but over time, expect the functionality available through the connector to increase for new versions of BMC Discovery.

For details about both the new connector and the previous adapter, see the combined section BMC Discovery Adapter in the Inventory Adapters and Connectors Reference.

Lightweight Kubernetes agent reduces footprint

note

This feature is available with IT Asset Management.

Previously, the Flexera Kubernetes inventory agent was added to Flexera One. This tool (quite separate from the long-established FlexNet inventory agent) allowed reporting on Kubernetes resources (nodes, pods, and annotations from container images); returning sub-capacity license-related data from the IBM License Service; and reporting on additional software in nodes and containers by temporarily injecting the FlexNet inventory agent.

Now a third distinct tool for inventory collection is added: the lightweight Kubernetes agent. You can use this as an alternative to the Flexera Kubernetes inventory agent when you need:

  • A smaller installation footprint for this agent.
  • Minimal (read-only) privileges for the account running the lightweight Kubernetes agent.
  • No injection of the FlexNet inventory agent into your containers (perhaps because of your enterprise policies around security of Kubernetes containers).

While meeting these more restrictive guidelines, the lightweight Kubernetes agent nevertheless provides most of the functionality of its older brother, the Flexera Kubernetes inventory agent. The lightweight Kubernetes agent:

  • Reports on the Kubernetes resources in use within the cluster (nodes and pods, along with the annotations you might attach to container images).
  • Reads the RESTful API of the IBM License Service to collect details for sub-capacity licensing of IBM software within the Kubernetes cluster (recall that using the IBM License Service is mandatory for measuring license consumption for IBM Cloud Pak® solutions and IBM® stand-alone containerized software)—but this reports only on IBM software, and not on any products from other publishers.
  • Reads any annotations (metadata) that publishers attach to their products that are installed in the container (currently a practice used by IBM, although other publishers may begin to adopt this in the foreseeable future).

The one thing that the lightweight Kubernetes agent cannot do is report on software running inside a container when the software does not carry a publisher's annotation. This is because it does not inject the general-purpose FlexNet inventory agent into the container. This means that, if you are running software from other vendors (apart from IBM) in your Kubernetes containers, you must provide an alternative method of collecting software inventory and tracking license consumption for that environment.

Comprehensive documentation for the new lightweight Kubernetes agent has been added as a new part of the Gathering FlexNet Inventory reference.

Support for mutual TLS on UNIX-like devices

note

This feature is available with IT Asset Management.

When clients (such as inventory devices where the FlexNet inventory agent is running) use the HTTPS protocol to communicate with servers (such as inventory beacons), their communication is authenticated using one of these forms of Transport Layer Security (TLS):

  • Standard (or 'single-sided') TLS, where the client validates a current certificate from the server

  • Mutual TLS, where the client still validates a server certificate, and, in addition, the server requires a valid certificate from the client.

This release adds mutual TLS support for UNIX-like inventory devices. Configuration currently requires settings added to the config.ini file that acts as a pseudo-registry on these platforms (start with the topic Agent Third-Party Deployment: Enabling the HTTPS Protocol on UNIX Agents in the Gathering FlexNet Inventory reference. As well, the inventory beacon must be configured for mutual TLS, for which see the Flexera One Help in the Configuring Mutual TLS topic. Keep in mind that configuring an inventory beacon to require client certificates impacts all inventory devices that may attempt to communicate with it. For this reason, the decision to switch to mutual TLS is commonly a blanket decision affecting (minimally) a bounded segment of your corporate network. Inventory devices running Microsoft Windows already support mutual TLS; and this release adds support for UNIX-like devices, so that a global change-over is now manageable.

SaaS Management

SaaS Management added the following new features and enhancements in November 2021.

Azure Client Credentials workaround to grant the Directory.Read.All permission

note

This enhancement is available with SaaS Management.

In the Azure Active Directory page Request API permissions, the option Azure Active Directory Graph API is no longer available as it will be deprecated next year. As a workaround to grant the "Directory.Read.All" permission:

  1. From the Request API permissions page, select the tab: APIs my organization uses.
  2. Search and select Windows Azure Active Directory.

For further details, see the Obtaining Client Credentials and Tenant ID section of the Azure Client Credentials integration instructions.

Initial ingestion of SaaS activity data

note

This feature is available with SaaS Management.

When a new integration is created within Flexera One, typically 30 days’ worth of historical SaaS activity data is retrieved from the application. Exceptions to the initial 30-day period are noted within the individual integration instructions. Activity data is tracked for active, inactive, and never active users. For a description of these terms, see Common User Activity Terms Found in SaaS Management Help.

The following scenarios describe the SaaS activity data that is available for each time period:

SaaS activity data immediately available after initial integration

You will immediately see the following SaaS activity data in the Flexera One UI:

  • Users that have logged in within the last 30 days appear as Active.
  • Users that have not logged in within the last 30 days appear as Never Active.
  • Inactive users appear as 0.

SaaS activity data after 30 days

After 30 days, 60 days of SaaS activity data appears in the Flexera One UI, as explained in the formula below.

First 30 days + 30 elapsed days = 60 days of data

After 30 days, you will see the following SaaS activity data in the Flexera One UI with 60 days as the selected activity threshold:

  • Users that have logged in within the last 60 days appear as Active.
  • Users that have not logged in within the last 60 days appear as Never Active.
  • Inactive users appear as 0.

SaaS activity data beyond the activity threshold

Users that have not logged in since the selected activity threshold appear as Inactive in the SaaS Management UI.

Example: 60 days is the selected activity threshold

Users that have logged in 61 days ago but not since, appear as Inactive in the Flexera One UI.

For the Flexera One Help topic, see Initial Ingestion of SaaS Activity Data.

Microsoft Applications and Microsoft Client Credentials integrations now reflect blocked users

note

This enhancement is available with SaaS Management.

SaaS Management integrations reflect “Blocked” users in Microsoft, along with the previously shown “Active” users. All blocked users will be displayed as normal users in SaaS Management when integrating with any of the following:

  • Dynamics 365
  • Dynamics 365 Client Credentials
  • Microsoft Project
  • Microsoft Project Client Credentials
  • Power BI
  • Power BI Client Credentials
  • Visio
  • Visio Client Credentials

New Okta OAuth2 integration

note

This feature is available with SaaS Management.

The new Okta OAuth2 platform, a single Sign-On (SSO) provider, offers cloud software that helps companies manage and secure user authentication into modern applications. These are the differences between Okta Platform and Okta OAuth2:

  • Integration of Okta OAuth2 with SaaS Management
  • Instructions for obtaining a Client ID and a Private Key
  • Application Permissions
  • New User Role for a Super Administrator
  • Credentials required include a Private Key
  • API endpoints have a different syntax

See also