New Features and Enhancements in JSA 7.3.0
JSA 7.3.0 introduces new capabilities for tenant users, improved security, more flexibility when managing licenses, and a dedicated App Node for sharing applications.
Log Source Limits Are Removed
Improvements to the licensing model in JSA 7.3.0 now make it easier for you to manage log sources. Log source limits are removed and you no longer need to purchase licenses for log sources.
When you upgrade to JSA 7.3.0, the previous log source limits are removed.
Easily Distribute Event and Flow Capacity Across Your Deployment
Adapt to workload changes by allocating events per second (EPS) and flows per minute (FPM) to any host in your deployment, regardless of which host the license is allocated to.
The EPS and FPM from individual licenses are now aggregated into a shared license pool. As an administrator, you can use the new License Pool Management window to quickly see the cumulative EPS and FPM capacity across the deployment, and to determine the best way to allocate the EPS and FPM to the managed hosts.
For example, you have a JSA 2014.8 distributed deployment that has two event processors, one with 7,500 EPS and the other with 15,000 EPS. When you upgrade to JSA 7.3.0, each processor maintains the pre-upgrade EPS allocations, but the combined 22,500 EPS become part of the shared license pool. When the data volumes for the event processors change, or when you add a managed host, you can redistribute the EPS capacity.
Tenant Users Can Create Custom Properties
Tenant users can create custom properties to extract or calculate important information from the event or flow payload without assistance from a Managed Security Service Provider (MSSP) administrator. With this capability, tenant users can view and search on data that JSA does not typically normalize and display.
As an MSSP administrator, you have write permissions for all custom properties that are created by tenant users. To improve search performance, you can optimize a tenant's custom properties when the properties are used frequently in rules and reports. Tenant users cannot optimize properties that they create.
For information about working with custom event and flow properties, see the Juniper Secure Analytics Users Guide.
Tenant Users Can Create Reference Data Collections
In JSA 2014.8, tenant users can view reference data that is created by their MSSP Administrator. Now, in 7.3.0, tenant users who have the Delegated Administration >Manage Reference Data user role can create and manage their own reference data collections, without assistance from an MSSP administrator.
With this capability, tenant users can track referential business data or data from external sources, which can then be used in JSA searches, filters, rule test conditions, and rule responses. For example, a reference set that contains the user IDs of terminated employees can be used to prevent employees from logging in to the network.
Serve JSA Apps from a Dedicated App Node
Before JSA 7.3.0, all JSA apps had to be installed on the JSA console. Systems with many apps, or systems with resource-intensive apps, might have performance issues because of memory, storage, and CPU resource limitations on the JSA console.
Now, in JSA 7.3.0, you can install a dedicated App Node server that serves your apps and their data without the performance limitations of apps that are installed on the JSA console.
When you set up a Red Hat Enterprise Linux 7.2 or CentOS 7.2 server with the memory, storage, and CPU resources that you require, you can install the App Node from the JSA Admin tab in minutes. The App Node installation process installs all necessary software and transfers any apps that are installed on the JSA console to your App Node.
Optimized Back Up and Recovery Process for Applications
Application configurations can now be backed up and restored separate from the application data.
Application configurations are backed up as part of the nightly configuration backup. The configuration backup includes apps that are installed on the JSA console and on an App Node. You can restore the application configuration by selecting the Installed Applications Configuration option when you restore a backup.
Application data is backed up separate from the application configuration by using an easy-to-use script that runs nightly. You can also use the script to restore the app data, and to configure backup times and data retention periods.
JSA 7.3.0 uses TLS 1.2 (Transport Layer Security) for secure communications. The Secure Socket Layer (SSL) and TLS 1.1 protocols are not supported.
There's a small change to the steps for updating the default CA certificate when automatic updates go through a proxy server.