Inventory Beacon Change Log (On-Premises)

Versions of the inventory beacon released for the on-premises edition of FlexNet Manager Suite, linked to features and fixes.

Beacon version Release date Affected features
17.0.1 (current) July 2021
13.0.1 through 17.0.0 Various dates

These releases are deprecated and withdrawn. Upgrading to the latest version is recommended. (Descriptions of released functionality have been rolled forward.)

13.0.0 March 2018
12.4.0 November 2017
12.3.0 August 2017
12.2.0 April 2017
12.1.0.14551 January 2017
12.1.0 December 2016
12.0.0 September 2016

Release 2021 R1 (17.0.1)

Supports client secret for Microsoft 365 connector

When you configure the Microsoft 365 connector on your updated inventory beacon, a new Authenticating Flow option lets you select Client Credentials, which exposes the Client Secret field. Here you can paste in the client secret created for you in the Azure AD portal. Related online help topics, as well as the Inventory Adapters and Connectors Reference, have been updated appropriately.

Fixes

  • An inventory collection target created using the Cloud service provider or region option for Define machines to target no longer prevents the download of inventory beacon policy to inventory beacons earlier than release 16.3.0. Policy now downloads successfully to older inventory beacons.
  • As an alternative to using IIS to point to a separate web server, an inventory beacon may use a self-hosted web server. This fix corrects a failure of the self-hosted web server to start.

Improved Amazon connector

The Amazon connector available on each inventory beacon, which previously allowed connections only to Amazon Elastic Cloud Compute (EC2) instances, now also automatically discovers instances of Oracle Database running in Amazon Relational Database Service (RDS). This is particularly important where you plan to bring your own license (BYOL) by transferring entitlements previously purchased for on-premises installations to cover the database running in this cloud service provider's environment. For more information, please see the Features by Release document.

Supports early adopters of inventory tasks

From this release, the FlexNet Beacon supports the use of new "inventory tasks" to collect VMware inventory. This simplified approach is currently available only to FlexNet Manager Suite customers who are also using IT Visibility; and use also requires an updated license for FlexNet Manager Suite to turn on the functionality in the FlexNet Beacon. For more information, please see the Features by Release document.

Customize data locations on your inventory beacon

A new registry value lets you customize the locations of inventory beacon log files and configuration files by specifying the common parent folder as [Registry]\Beacon\CurrentVersion\DistributionLocation. A companion DATADIR variable can be included in answer files used for automated installation/upgrades, or can be used on the command line to run the beacon installer. For more information, see the Features by Release document.

Fixes

  • If you choose to install the FlexNet Beacon software in a custom location (such as on the D: drive rather than the C: drive), the self-updating mechanism has been improved to preserve registry settings through an upgrade.
  • Updates to FlexNet Beacon now also update settings for the system file shares: mgsREA$, ManageSoftREA$, mgsRET$, and ManageSoftRET$.
  • Connectivity of an inventory beacon to the central application server through an intermediate proxy server is improved, with the https_proxy and http_proxy values saved in the local registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageSoft Corp\ManageSoft\ under both Launcher\CurrentVersion and Common.

Filters for overlapping inventory imports added to selected connectors

With this release of the inventory beacon, the new PowerShell-based ServiceNow inventory connector has additional Overlapping Inventory Filter settings available to set the desired behavior when there is overlapping inventory imported from multiple sources. A typical setting is to make your FlexNet inventory top priority, and then set the ServiceNow inventory connector to Import the inventory from this source for possible merging. This allows for any extra data points in that secondary source to augment the basic inventory record, without overriding values returned as part of the FlexNet inventory import. See the Inventory Adapters and Connectors reference for further details about the ServiceNow inventory connectors.

Improved policy management reduces agent 404 errors

Improved management of the inventory beacon cache now prevents delivery of FlexNet inventory agent policy when there are cache issues. (Previously, these cache issues could cause invalid URLs to be delivered in policy, triggering future 404 errors when these URLs were accessed.) Typically the cache self-repairs before the next policy request is received; but if not, the normal fail-over mechanism means that installed FlexNet inventory agents request their next policy update from another inventory beacon that is able to respond.

Changed handling of fail-over settings packages

Each download of policy from the central application server to all inventory beacons includes a fail-over settings package, which lists all inventory beacons configured for anonymous authentication, as these provide the upload and download locations accessible to all installed FlexNet inventory agents. Previously, the schedule for agents requesting the fail-over settings packages could cause problems, possibly resulting in 404 errors when the downloads were requested. This process has been simplified, with agents now requesting the fail-over settings package as part of processing their downloaded agent policy, reducing the possibility of errors.

Inventory beacon processing improved

In the past, a lightly-loaded inventory beacon could return an end-of-task message that arrived at the central application server before its corresponding start-of-task message. If this happened, the start-of-task, arriving late, never got closed, giving a false appearance of a task that had hung and never completed. Processing has now been improved so that start and end messages are kept in strict sequence, and the false 'hung tasks' appearance can no longer occur at the central application server.

SAP connections support Secure Network Communication (SNC)

The configuration page in FlexNet Beacon for setting up a connection to an SAP system (whether it's an Independent SAP System or an Admin Module, or a dependent system accessed through an Admin Module) has been enhanced to support SNC, on a system-by-system basis. Once your SAP system is correctly configured for SNC, it is a simple matter of defining a few values on your connecting inventory beacon to use that facility. You can choose the level of security you want, from simple authentication, through integrity checking and encryption, to the maximum protection offered by your SAP system.

Updated Tanium connector

The FlexNet Beacon includes an updated connector for use with Tanium Asset release 1.8.0.0075 or later. At that release, Tanium Asset changed the API methods for reporting inventory of Microsoft SQL Server, and the new connector works with that changed API.
Tip: If your inventory beacon is connecting to an earlier version of Tanium Asset, do not update the FlexNet Beacon software until you also update to a more recent version of Tanium Asset. The older connector running on your existing inventory beacon successfully uploads the SQL Server data it collects to the latest version of FlexNet Manager Suite. Conversely, the newer connector built into the latest version of FlexNet Beacon cannot correctly report SQL Server inventory from the old API, and so must only be used with Tanium Asset 1.8.0.0075 or later.

Time window for inventory collection from Independent SAP systems

The FlexNet Beacon interface now offers a choice of time frames for inventory collection from an Independent SAP system:
  • You may choose a rolling time window that defaults to 3 months, but can be set to your preferred number between 1-12 months
  • You can select the previous calendar year (this automatically toggles over next January 1)
  • You can set a fixed start date and end date, and reset these values manually when the end date passes (this option is useful for investigating particular issues).
For more information, see the online help topic Creating SAP Connections.

Supports connector to Flexera SaaS Manager

The set of inventory beacon connectors, configured by PowerShell (5.1 or later), is extended to include a connector for Flexera SaaS Manager:
  • Allows managed service providers (MSPs) running their own cloud implementations of FlexNet Manager Suite to link to Flexera SaaS Manager (which runs only in the Flexera cloud)
  • Allows customers with an on-premises implementation of FlexNet Manager Suite to integrate data from their Flexera SaaS Manager subscription into a 'single pane of glass' for integrated management of all software assets, including SaaS applications.

Fixes

  • Corrects an issue where, after a failure to download beacon policy, an inventory beacon could flood the end-point with repeated policy requests. Repeated requests now adhere to the standard 15-minute timing.
  • Corrects a problem where inventory beacons for release 2019 R2 (14.0.0) set incorrect permissions on securely signed upgrade packages, so that child inventory beacons could not download them and therefore could not self-upgrade.
  • Corrects an issue where, after download of a revised beacon policy, requests from multiple inventory devices for updated device policy could drive CPU usage on the inventory beacon to 100%. This could delay delivery of device policy to locally-installed FlexNet inventory agents. Customers using release 14.0.0 inventory beacons should consider upgrading them to release 17.0.1 or later to take advantage of these repairs.

Supports inventory imports from Tanium

The set of inventory beacon connectors, configured by PowerShell (5.1 or later), is extended to include a connector for Tanium:
  • Supports Tanium Server (7.3.0 or later) running Tanium Asset (1.6.3 or later).

Support for macOS 10.15

FlexNet Beacon 14.0.0 introduces support for macOS 10.15 (Catalina):
  • Adoption: Contains updated functionality to adopt devices that are running macOS 10.15. If you are attempting to adopt a Mac with macOS 10.15 installed, FlexNet Beacon version 14.0.x or later is required. If you deploy FlexNet inventory agent to macOS 10.15 machines by third-party means (without using FlexNet Manager Suite device adoption), it is not necessary to upgrade the FlexNet Beacon.
  • Zero-footprint inventory gathering: Contains updated functionality to remotely gather inventory from a macOS 10.15 inventory device. If you are attempting to run an inventory scan remotely on a Mac with macOS 10.15 installed, FlexNet Beacon version 14.0.x or later is required. If you are not using remote inventory gathering for macOS 10.15 machines (for example, using FlexNet inventory agent installed locally instead), upgrading your FlexNet Beacon is not necessary.

Fixes

  • Reduces FlexNet Beacon engine’s DNS lookups in order to avoid situations where too many DNS reads occur, and limits DNS reads so that there are no reads outside the subnet assigned to each particular FlexNet Beacon. (As background, FlexNet Beacon executes DNS read calls when a FlexNet inventory agent requests a policy file, and when a discovery rule runs.)
  • Corrects a problem in environments that use a parent/child inventory beacon hierarchy, where child inventory beacons were not properly downloading adoption and upgrade packages from their parent inventory beacon. The fix requires that FlexNet Beacon version 14.0.x or later is installed at all points in the inventory beacon chain leading to child inventory beacons. inventory beacons that have no descendents do not need to be upgraded.
  • Corrects an issue with FlexNet Beacon installers included with FlexNet Manager Suite certain releases that create an incorrect BeaconMode registry entry. This entry results in issues with the FlexNet Beacon for any customers who had auto-upgrade enabled or who manually upgraded their inventory beacon to version 13.5.x through 13.8.x. Note that those inventory beacons will work with a one-time manual fix to delete the BeaconMode registry key after inventory beacon upgrade from: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageSoft Corp\ManageSoft\Beacon\CurrentVersion. For complete details, refer to the instructions provided in Knowledge Base article, “Restoring operations for inventory beacons 13.5.x-13.8.x” available in the Customer Community. Alternatively, you can upgrade to the latest FlexNet Beacon version 17.0.1 (or later) in the Beacon version approved for use drop-down in the Beacon settings section of the Inventory Settings page.
  • The Active Directory import can import AD data only from the same domain where the inventory beacon is connected. Typically this has a limiting effect when the FlexNet Beacon software is installed on your application server (or batch server in larger implementations), but this applies only to on-premises implementations.
  • Fixes issues where discovery failed completely when an invalid IP address range, such as 255.255.255.0/24, was configured as a subnet.
  • Fixes reported issues where discovery failed to inter-operate with port 443 correctly.
  • Fixes an issue where the connection string for an inventory connection was lost upon closing and reopening the FlexNet Beacon interface on a stand-alone inventory beacon (that is, one that is not co-located on the application server, or batch server in larger implementations).

Update of MgsIPScan

An internal tool used by FlexNet Beacon during network discovery is updated at this release:
  • MgsIPScan has been upgraded to the latest version that has a number of improvements and uses latest version of OpenSSL.
  • The new MgsIPScan includes the Npcap packet capture utility. The old version used WinPcap, which is now deprecated.

Supports restricting FlexNet inventory agent communication to selected inventory beacons

Inventory groups can be used to restrict FlexNet inventory agent communication to a subset of your inventory beacons. Limiting which inventory beacons can be contacted by which FlexNet inventory agents may help reduce infrastructure overhead, giving you more control over the load balancing of communications, uploads, and network traffic. Inventory groups are specified in the Inventory Settings page of the web interface; and operation requires that version 17.0.1 (or later) of FlexNet Beacon is installed.

Supports targeted upgrades of FlexNet inventory agent

The internal filtering of targeted inventory devices has been enhanced to allow for transfer of specified upgrade packages for FlexNet inventory agent to devices identified in the target and not to other devices.

Fixes

  • Corrected an error within a multi-beacon environment where the local FlexNet Beacon failed to insert its own upload endpoint into the agent policy.
  • The Active Directory import can import AD data only from the same domain where the inventory beacon is connected. Typically this means that the FlexNet Beacon software is installed on your application server (or batch server in larger implementations), so this applies only to on-premises implementations.
  • This update fixes issues where discovery failed completely when an invalid IP address range, such as 255.255.255.0/24, was configured as a subnet.
  • This update fixes reported issues where discovery failed to inter-operate with port 443 correctly.
  • Fixes an issue where the connection string for an inventory connection was lost upon closing and reopening the FlexNet Beacon interface on a stand-alone inventory beacon (that is, one that is not co-located on the application server, or batch server in larger implementations).

Enhancements to Salesforce adapter

Enhancements have been made to the Salesforce adapter to support sandbox connections:
  • Added the ability to set the Salesforce (SF) URL for OAUTH so that a sandbox version of SF can have its own adapter
  • Added the "default" URL to the beacon UI so that it will populate for a 2018 R3 inventory beacon
  • Added a default URL to the Logic.ps1 for use when nothing is passed to the PowerShell methods that now require a SF URL parameter.

Fixes

  • Corrected an error where FlexNet Beacon may not have served policy to FlexNet inventory agent when IBM PVU mode was enabled
  • FlexNet Beacon uses TLS 1.2 by default on platforms that support TLS 1.2.

Add a connection to AWS EC2

FlexNet Manager Suite automatically recognizes computing instances located in Amazon Web Services Elastic Compute Cloud, provided that you create a connection to your AWS EC2 services on an appropriate inventory beacon. This connection then identifies the instances and (where used) dedicated hosts; but to gather software inventory from those instances for license management, best practice is to deploy FlexNet inventory agent as part of the Amazon Machine Image used to instantiate your instances. For full details about making connections, see the online help topic Managing AWS EC2 Connections.

Helping your migration to SAP S/4HANA

The SAP Connection dialog has a new drop-down menu to identify the SAP suite type to which you are connecting. The S/4HANA suite option is supported only for Independent SAP systems, where new migration and license surplus fields within FlexNet Manager Suite allow you to plan for, and track, your migration from the Classic Business Suite to S/4HANA. For more details, see the online help topic Creating SAP Connections, or refer to the latest edition of the FlexNet Manager for SAP Applications User Guide PDF, available through the title page of online help.

Improved security for password testing

When an inventory beacon attempts remote execution for adoption or inventory gathering on a device, it tests suitable credentials against the device until one account name/password pair from the Password Manager vault succeeds. You have always been able to 'filter' a credential so that it is tested only against devices matching your filter. By default, unfiltered credentials are tested/used only after all matching filtered credentials have failed to grant access. However, from this release, you can entirely prevent the use of unfiltered credentials simply by selecting the Use only filtered credentials check box on the Password Manager page on your inventory beacon(s). As well, a new Filters column on the list of available credentials helps manage which credentials have filters and which have none (so far). Since filters can be as specific as matching a single device, you can enforce the use of filters to prevent testing a large number of credentials across wide sections of your network. Full details are in the online help topic Using Password Manager.

Upload visibility and improvements

Changes include:
  • Enable TCP keepalives during uploads to avoid timeouts on intermediate network devices
  • Limit reuse of HTTP connections to work better with load balancers
  • Upload files in date order to improve fairness and predictability when there are many files awaiting upload
  • Report versions of Beacon prerequisite software to assist in planning of upgrades
  • Report age, number, size and type statistics on files awaiting upload.

Fixes

  • Locally-installed FlexNet inventory agent now supports inventory of Oracle 12c pluggable databases.
  • On SuSE 12 SP2 and later, installation of FlexNet inventory agent no longer fails when ndtask.service cannot start.
  • On UNIX platforms, agent-based Oracle inventory no longer fails when there are restricted permissions on Oracle directories.
  • Upgrading FlexNet inventory agent on CentOS / Oracle Linux 7.4 no longer fails when earlier version does not support custom paths.
  • On macOS, installation of FlexNet inventory agent no longer stops when MGSFT_RUN_CONFIGURE is not found (one device may be skipped, and installation on other devices continues).
  • When BeaconEngine.exe calls ActiveDirectoryImport.exe, it no longer uses plain text passwords in the command line.
  • Beacon status update now updates LastKnownActivityTime even when LastKnownActivityTime was not previously set.

Release 2018 R1 (13.0.0)

Configurable timeout for credential checking

The first step in remote execution tasks for the inventory beacon is to test whether the supplied credentials can connect to the target device. This preference sets the maximum count of seconds that the inventory beacon may wait for a response before logging the attempt as a connection failure. When the registry key is not present, the default value is 30 seconds. You may override this default by registering a new value in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp\ManageSoft\RemoteExecution\CurrentVersion.

Fixes

  • Beacon Engine crashes while collecting VMware inventory from large number of ESX servers or VMs.

Release 2017 R3 (12.4.0)

Upgrades for inventory beacon strongly recommended

It is mandatory to upgrade to version 12.4 those inventory beacons that communicate with the application server, wherever digital signing is implemented for downloaded beacon policy.

  • Digital signing of policy is always on for cloud-based implementations.
  • For on-premises implementations, digital signing defaults to off, but may have been turned on as part of system configuration.

The recommended best practice that you keep your inventory beacons updated to the same release as the central application server. If you have a special reason for continuing to run an outdated inventory beacon, and digital signing of downloaded beacon policy is in use, make sure the older inventory beacon is a 'child' that reports to a current version inventory beacon (and not to the central application server).

Support for CyberArk credential storage

The Password Manager on each inventory beacon is updated to support:

  • Encrypted credentials stored locally in the registry of the inventory beacon (as always), and
  • Queries to request credentials stored in a CyberArk Vault.

Integration is handled by the CyberArk Credential Provider, locally installed on the inventory beacon. This release also includes the ability to customize the Application ID by which CyberArk recognizes FlexNet Manager Suite when it requests credentials.

For details see the enhanced online help for inventory beacons, or refer to the Inventory Beacon Credentials for Other Computers chapter in the System Reference PDF, available through the title page of online help.

XenApp server agent changes

For on-premises customers, the XenApp server agent is enhanced to allow replacing the staging database with direct upload to an inventory beacon (and from there uploading to the compliance database). This may be helpful where the normal staging database represents an unnecessary administrative overhead, or a security risk.

ACE support for business adapter imports

At this release, the OLEDB provider used for imports of .xslx, .xls, or .csv files imported through the Business Importer (using a business adapter) is changed from JET to the 32-bit version of the Microsoft ACE OLEDB 12.0 Provider. If this standard Microsoft provider is not already installed (as visible in Add/Remove Programs), it is available through https://www.microsoft.com/en-au/download/details.aspx?id=13255. Note that this requirement applies only to imports through the Business Importer. Scheduled imports of inventory spreadsheets do not have this requirement.

Fixes

  • DES and 3DES have been removed as fail-over encryption technologies (AES is used and is now ubiquitous across all supported platforms).
  • Downloads of signed inventory beacon policy no longer fail their signature check on inventory beacons 12.3 or later. This backward compatibility is expected to apply through future updates of the central application server.
  • Unhandled exceptions accessing BeaconPolicy.xml are repaired.

Release 2017 R2 (12.3.0)

Support for IPv6 address families

Support includes the following:
  • Both IPv6 and dual stack (IPv6 and IPv4) networks are supported, in addition to existing IPv4 support.
  • Communication between installed FlexNet inventory agents and an inventory beacon may use IPv6.
  • Communication between an inventory beacon and its parent may use IPv6.
  • Communication between an inventory beacon and a dual-stack application server (for on-premises implementations) may use IPv6. (For cloud implementations, the top-level inventory beacon(s) must be dual stack, as the Flexera cloud servers are all located in IPv4 networks.)
Current limitations for IPv6 on inventory beacons:
  • Remote execution does not support IPv6 address families. This includes adoption (use third-party deployment instead), zero-footprint inventory collection, VMware host scans, and all other remote execution tasks.
  • Files downloaded to FlexNet inventory agents cannot use the IPv6 address family (since legacy agents cannot process this format). Instead use device names or fully-qualified domain names in these files.

New registry settings on inventory beacon for configuring discovery

See online help under Inventory Beacons > Inventory Beacon Reference > Registry Keys for Inventory Beacon for:
  • DefaultPingSweepOptions
  • DefaultPortScanOptions
  • DefaultTcpScanTypeOptions
  • DefaultUdpScanTypeOptions.
Note:DefaultScanOptions is deprecated, and has no effect on inventory beacon from this release.

Fixes

  • Dependent SAP systems newly added in Beacon do not refresh in the SAP systemlandscape in FlexNet Manager Suite web interface
  • Level 1 Oracle customers (holding the EDS Oracle Option license term) are unable to import Oracle inventory
  • Process started from inventory beacon needs full path specified
  • Inventory support for vSphere 6.5
  • Issues with Office 365 inventory gathered through a proxy
  • Security improvements when the Business Importer is run from an inventory beacon.

Release 2017 R1 (12.2.0)

Fixes

  • Beacon inventory imports are left "In Progress" if PackageUploadTriggersWriters setting is disabled.

Release 2016 R1 SP2 (12.1.0.14551)

Security fixes

  • Security vulnerability in inventory upload processes. This vulnerability has a CVSS score of 10.0, and is classified as CWE-22 Path traversal.
  • Security vulnerability in third-party inventory upload processes. This vulnerability has a CVSS score of 10.0, and is classified as CWE-22 Path traversal.

Release 2016 R1 SP1 (12.1.0)

Fixes

  • Invalid IP address causes discovery process to fail
  • Beacon policy download times out due to FlexNet Manager Suite application server taking too long to calculate targets
  • FlexNet inventory agent ignores 'Do not rerun after success' setting.

Release 2016 R1 (12.0.0)

Rules execution

  • Improved scoping and adherence to scope settings
  • Use of previously discovered devices for inventory
  • Performance improvements for rules execution
  • Ability to perform only Discovery or Inventory or both operations
  • Separate in-scope and out-scope list of devices discovered
  • Improved algorithms for de-duplication and normalization of the devices, and the services discovered on those devices.

Fixes

  • Setting a target using name matching now works predictably
  • Manually running a rule through the FlexNet Beacon UI when a rule is already running causes the currently running rule to fail.

FlexNet Manager Suite (On-Premises)

2021 R1