What's New in DVLS 2025.1
What’s new in Devolutions Server 2025.1
In our ongoing effort to make your experience with Devolutions Server (DVLS) more seamless and efficient, we’re excited to present the newest set of features in our latest update, version 2025.1, delivering enhanced product integrations and flexibility, so you can stay focused on what matters most.
Let’s explore the highlights below (don’t forget to check out the full release notes).
Include the System vault in searches
Storing entries in the System vault helps you centralize shared scripts, tools, and VPN entries across vaults to reduce duplication and quickly update your team. Now include the System vault in your search to find your shared entries even faster!
View system disk space available for Devolutions Gateway
Recordings are essential to knowing what happened and when. Ensure you have enough storage space when viewing Devolutions Gateway instances in the DVLS and Devolutions Hub web interfaces and also in Remote Desktop Manager!
Return sensitive data for more entry types in the DVLS API
Passwords and sensitive data are stored in many different entry types. Now, you can query both through updates to the DVLS REST API.
Note: To use the DVLS REST API, you will need:
- An application identity;
- Vault access, View password, and/or View sensitive information permissions to return sensitive data;
- A new token every 5 minutes (obtained by re-authenticating).
Updated ServiceNow ticketing integration
To continually enhance our ticket integrations, the new PSEngine integration, requiring PowerShell 7, offers better flexibility for supporting new features such as an in-app ticket chooser. More integrations are coming in future releases!
Centralized Devolutions Gateway instance management
Manage updates to your Devolutions Gateways from one location with centralized DVLS Gateway instance management. Update directly to the latest version or to a specific version. You can also bulk upgrade Gateways through the Bulk update toggle!
Note: The update functionality now requires installing the Devolutions Agent on the system. Install the latest release MSI in the format DevolutionsAgent-x86_64-VERSION.msi (EXE support will be coming later). Select the Devolutions Gateway Updater option during the Devolutions Agent installation service.
Alert on expiring entries
Expiration alerts ensure you stay on top of time-limited entries. They are configurable for all of DVLS, individually, and through inherited properties.
You can configure DVLS default expiration settings under Administration > System Settings > Notification. In addition, you can configure your personal expiration defaults by navigating to your account, then to Notification preferences > Entries > Expiration.
By default, the DVLS administrator and vault owners will be notified of expired and expiring entries. But DVLS users may also individually subscribe and receive notifications!
Support combined custom and inherited vault, folder, and entry permissions
Flexible permission support works the way you do. Set best practice permissions and modify them as needed for specific use cases without losing your inherited permissions.
Note: You risk losing data by using RDM versions older than 2025.1 (such as 2024.3) with DVLS 2025.1.
Save "My privileged credentials" and "My personal credentials" in Devolutions Server
Many IT professionals maintain standard user and privileged (administrator) accounts. RDM supports "personal credentials" and "privileged credentials" linked to each user. If everyone in a data source uses their linked accounts, RDM sessions can be configured to automatically use the personal or privileged credentials associated with that user’s account.
Before version 2025.1, both credentials were stored locally within RDM. However, starting with version 2025.1, both credentials are now saved in the DVLS data source, allowing new functionality such as launching web sessions configured with “My personal credentials”.
Use the currently active DVLS data source and “My account settings” when connecting from RDM
Instead of manually choosing a specific DVLS server and user, use the active DVLS data source and the "My account settings" to use the current user. Finally, select the PAM account for use with the account (which defaults to using the DVLS privileged account type).
Per-user configuration of user vault availability
User vaults are a powerful feature that enables the personal storage of entries, but not all accounts need a user vault. Configure each account individually to allow a user vault.
Grant all connections in a folder temporarily to a user
Instead of individually selecting and temporarily sharing entries with a user, select an entire folder to share all of its entries at once. This saves time when using linked entries or entries that work together!
View web-based sessions in the same tab
First introduced in Devolutions Hub, DVLS now shows web-based sessions within a single tab instead of opening in a new window.
Support for portable licenses
A portable license allows a time-limited reassignment to a specific data source. Great for MSPs that manage other DVLS instances for customers, portable licenses avoid the need for the MSP to have a license for each. Under Administration > System settings > General, configure both portable license availability and the length of time before expiration.
Retention policies for Devolutions Gateway recordings
You don't always need every recording: with Devolutions Gateway retention policies, you don't have to keep them all. In Administration > System settings > Recording server, configure the length of time to preserve recordings.
Select the preserve icon next to an individual recording to prevent removal. See preserved entries in the activity log and cleaned entries in the data source log.
PAM-specific permission support
PAM accounts now support specific permissions such as resetting passwords, forcing check-ins, or reading logs. Lock down your PAM accounts even further with these PAM-specific permissions!
Import all admin accounts with the Active Directory built-in PAM provider
Every organization is unique, and not all Windows local administrative accounts are equal. When managing in PAM, import all administrative accounts instead of just the default to support even more scenarios!
Just-in-time account creation and deletion
Once enabled under a supported provider, such as Active Directory, navigate to Advanced settings and configure the JIT template account creation location. Now, when you check out a PAM account with just-in-time settings, a new temporary account with the requested permissions is created for the duration of the checkout.
Enhanced SSH key management in PAM
Manage your SSH keys in one place with the new SSH Key built-in provider for Devolutions PAM. Rotate and positively control SSH keys across systems and ensure you know who has what accesses!
The account used by the PAM SSH Key provider requires access to all authorized_keys files, where Devolutions PAM will manage the accounts. Running StrictModes is recommended in SSH configurations; one way to keep this configuration and support Devolutions PAM is via the following commands. The setfacl command requires a filesystem that supports ACLs.
setfacl -m u:pamprovideraccount:--x /home/account
setfacl -m u:pamprovideraccount:--x /home/account/.ssh
setfacl -m u:pamprovideraccount:rw /home/account/.ssh/authorized_keys
We're continually improving this functionality and adapting it to work on various systems, such as those that do not support ACL.
