What's New in DVLS 2025.1

What’s new in Devolutions Server 2025.1

In our ongoing effort to make your experience with Devolutions Server (DVLS) more seamless and efficient, we’re excited to present the newest set of features in our latest update, version 2025.1, delivering enhanced product integrations and flexibility, so you can stay focused on what matters most.

Let’s explore the highlights below (don’t forget to check out the full release notes).


Include the System vault in searches

Storing entries in the System vault helps you centralize shared scripts, tools, and VPN entries across vaults to reduce duplication and quickly update your team. Now include the System vault in your search to find your shared entries even faster!

View system disk space available for Devolutions Gateway

Recordings are essential to knowing what happened and when. Ensure you have enough storage space when viewing Devolutions Gateway instances in the DVLS and Devolutions Hub web interfaces and also in Remote Desktop Manager!

Viewing available storage space for Devolutions Gateway instances

Return sensitive data for more entry types in the DVLS API

Passwords and sensitive data are stored in many different entry types. Now, you can query both through updates to the DVLS REST API.

Note: To use the DVLS REST API, you will need:

Returning passwords and sensitive data for more entry types
Returning passwords and sensitive data for more entry types

Updated ServiceNow ticketing integration

To continually enhance our ticket integrations, the new PSEngine integration, requiring PowerShell 7, offers better flexibility for supporting new features such as an in-app ticket chooser. More integrations are coming in future releases!

Configuring the PSEngine ServiceNow version
Configuring the PSEngine ServiceNow version

Centralized Devolutions Gateway instance management

Manage updates to your Devolutions Gateways from one location with centralized DVLS Gateway instance management. Update directly to the latest version or to a specific version. You can also bulk upgrade Gateways through the Bulk update toggle!

Note: The update functionality now requires installing the Devolutions Agent on the system. Install the latest release MSI in the format DevolutionsAgent-x86_64-VERSION.msi (EXE support will be coming later). Select the Devolutions Gateway Updater option during the Devolutions Agent installation service.

Alert on expiring entries

Expiration alerts ensure you stay on top of time-limited entries. They are configurable for all of DVLS, individually, and through inherited properties.

You can configure DVLS default expiration settings under Administration > System Settings > Notification. In addition, you can configure your personal expiration defaults by navigating to your account, then to Notification preferences > Entries > Expiration.

By default, the DVLS administrator and vault owners will be notified of expired and expiring entries. But DVLS users may also individually subscribe and receive notifications!

Configuring an expiration alert on an entry
Configuring an expiration alert on an entry

 

Support combined custom and inherited vault, folder, and entry permissions

Flexible permission support works the way you do. Set best practice permissions and modify them as needed for specific use cases without losing your inherited permissions.

Note: You risk losing data by using RDM versions older than 2025.1 (such as 2024.3) with DVLS 2025.1.

Setting inherited and custom permissions
Setting inherited and custom permissions

Save "My privileged credentials" and "My personal credentials" in Devolutions Server

Many IT professionals maintain standard user and privileged (administrator) accounts. RDM supports "personal credentials" and "privileged credentials" linked to each user. If everyone in a data source uses their linked accounts, RDM sessions can be configured to automatically use the personal or privileged credentials associated with that user’s account.

Before version 2025.1, both credentials were stored locally within RDM. However, starting with version 2025.1, both credentials are now saved in the DVLS data source, allowing new functionality such as launching web sessions configured with “My personal credentials”.

 

Use the currently active DVLS data source and “My account settings” when connecting from RDM

Instead of manually choosing a specific DVLS server and user, use the active DVLS data source and the "My account settings" to use the current user. Finally, select the PAM account for use with the account (which defaults to using the DVLS privileged account type).

Configure a user-specific privileged account to use the active DVLS data source and user
Configure a user-specific privileged account to use the active DVLS data source and user

Per-user configuration of user vault availability

User vaults are a powerful feature that enables the personal storage of entries, but not all accounts need a user vault. Configure each account individually to allow a user vault.

Setting user vault availability for each user
Setting user vault availability for each user

Grant all connections in a folder temporarily to a user

Instead of individually selecting and temporarily sharing entries with a user, select an entire folder to share all of its entries at once. This saves time when using linked entries or entries that work together!

Grant temporary access devolutions dvls blog 2025.1
Grant temporary access devolutions dvls blog 2025.1

View web-based sessions in the same tab

First introduced in Devolutions Hub, DVLS now shows web-based sessions within a single tab instead of opening in a new window.

Support for portable licenses

A portable license allows a time-limited reassignment to a specific data source. Great for MSPs that manage other DVLS instances for customers, portable licenses avoid the need for the MSP to have a license for each. Under Administration > System settings > General, configure both portable license availability and the length of time before expiration.

Configuring portable license settings
Configuring portable license settings

Retention policies for Devolutions Gateway recordings

You don't always need every recording: with Devolutions Gateway retention policies, you don't have to keep them all. In Administration > System settings > Recording server, configure the length of time to preserve recordings.

Select the preserve icon next to an individual recording to prevent removal. See preserved entries in the activity log and cleaned entries in the data source log.

Preserving a devolutions gateway recording
Preserving a devolutions gateway recording

Configuring the retention policy of a Devolutions Gateway
Configuring the retention policy of a Devolutions Gateway

PAM-specific permission support

PAM accounts now support specific permissions such as resetting passwords, forcing check-ins, or reading logs. Lock down your PAM accounts even further with these PAM-specific permissions!

Set PAM-specific permissions for vaults, folders, and entries
Set PAM-specific permissions for vaults, folders, and entries

Import all admin accounts with the Active Directory built-in PAM provider

Every organization is unique, and not all Windows local administrative accounts are equal. When managing in PAM, import all administrative accounts instead of just the default to support even more scenarios!

Import all discoverable windows local administrator accounts
Import all discoverable windows local administrator accounts

Just-in-time account creation and deletion

Once enabled under a supported provider, such as Active Directory, navigate to Advanced settings and configure the JIT template account creation location. Now, when you check out a PAM account with just-in-time settings, a new temporary account with the requested permissions is created for the duration of the checkout.

Configuring just-in-time pam account creation
Configuring just-in-time pam account creation

Enhanced SSH key management in PAM

Manage your SSH keys in one place with the new SSH Key built-in provider for Devolutions PAM. Rotate and positively control SSH keys across systems and ensure you know who has what accesses!

The account used by the PAM SSH Key provider requires access to all authorized_keys files, where Devolutions PAM will manage the accounts. Running StrictModes is recommended in SSH configurations; one way to keep this configuration and support Devolutions PAM is via the following commands. The setfacl command requires a filesystem that supports ACLs.

setfacl -m u:pamprovideraccount:--x /home/account
setfacl -m u:pamprovideraccount:--x /home/account/.ssh
setfacl -m u:pamprovideraccount:rw /home/account/.ssh/authorized_keys

We're continually improving this functionality and adapting it to work on various systems, such as those that do not support ACL.

Adding a new SSH Key PAM provider
Adding a new SSH Key PAM provider

Discovered SSH keys through the new SSH Key PAM provider
Discovered SSH keys through the new SSH Key PAM provider