December 2023 - PingOne Advanced Services - PingOne - PingOne Cloud Platform

Administrators can now upload and download user reports.

You can now access Prometheus metrics through a private link or VPN.

Several improvements were made to PingDirectory:

• Backend priming no longer occurs when PingDirectory is started, which decreases PingDirectory startup time.
• PingDirectory restarts have also been enhanced with increased health checking to reduce the chance of data inconsistencies within the cluster.

• Backup and restore now occurs within its own PersistentVolume. See About backing up and restoring data in the PingDirectory Server Administration Guide for details regarding these processes.

Kerberos authentication will no longer support RC4 encryption due to the use of the new 11.0.21 JDK version (which does not support this weak cipher). Any use of RC4 will need to be replaced with AES256 encryption.

Multi-line logs generated from server.log (PingFederate) now appear in Kibana as a single document.

A horizontal pod autoscaler was added and Logstash performance has improved. The number of warm nodes available has also been increased, which has improved performance and survives AZ failures.

Now leverages IMDSv2 security instead of IMDSv1.

User authorization now displays in separate customer and internal teams views. Logging and alert metrics are also now available, but only to internal Ping Identity teams.

The StorageClass provisioner was changed to CSI, and the EBS volume type was changed to GP3, which will improve performance and stability.

Our legacy logging mode (sending log files to Cloudwatch) has been removed and log files are now sent to our internal ELK (Elasticsearch, Logstash, Kibana) stack or to a customer endpoint.

Kibana logs older than 90 days must be dropped for the migration to the new StorageClass provisioner. However, raw PROD logs from this time period are still available in S3 but can be restored to Kibana via a service request after the upgrade.

When searching indexes, results contain the same fields and data, regardless of which index is chosen. For example, pf-audit* and logstash* return the same results.

Argo CD is now only deployed to the one per-region customer hub that is managing the development, staging, testing, and production environments.