IACBOX, what’s next?

Outlook to the new major version V24.0

 

While our current major version 21 is approaching its end of life with about 30 patchlevel updates, our developer team is working hard on V24.

V21 had many new user interface features like the completely new login page with editor. With V24 it’s more under the hood again. The following is a preview of what’s new in the upcoming major version.

Version scheme

We have simplified the version scheme and will only use the common scheme <Major>.<Minor>.<Patch> in the future. Consequently, the first release will be 24.0.0, the first patch level update will be 24.0.1, and the first major feature update will be 24.1.0.

 

Base Linux System

The base of the IACBOX is our own Linux platform Frozentux, which has been completely renewed again. The main component is the Linux kernel which has now been upgraded to the current LTS (long term support) version 6.1. In addition, many standard Linux programs also have been updated. This not only brings current features and performance improvements, but also provides important security updates, including Openssl 3.1, PHP 8.1, Postgres 15 and much more.

DNS Service

The previous DNS service has been completely replaced, allowing us to replace 3 components with a single DNS service. This not only increases throughput, but also lays the base for encrypted DNS protocols such as DoT (DNS over TLS) and DoH (DNS over HTTP2), which we intend to support in later V23 releases.

DNS Filter

The DNS server also includes the DNS filter which allows to block certain categories of pages. We have cleaned up these categories, purged the lists of outdated domains and now include multiple lists. On the server side, the lists will be updated weekly again.

HTTP Proxy

The transparent HTTP proxy (squid) will be sent off to retirement. In a fully encrypted world (high HTTPS share) unencrypted HTTP connections have rightly become a rarity and the proxy has thus lost its justification. Of course, we still support the connectivity check for devices that do not support the CAPPORT API, but we implement this feature differently. Customers with applications that rely on port 80 or 8080 will benefit from this. In the past there were always conflicts and incompatibilities. These ports can now be used regularly.

Uplink without NAT

Due to high demand, this feature has been ported back to V21 and is already available. This allows the default NAT on the Office LAN (uplink) to be disabled. This allows easy integration with other appliances in the upstream that need to know the client IP such as filters, proxies, malware detection etc.

WebAdmin Dashboard

The monitoring widgets and their charts have been technically updated. Furthermore, some customers have requested the widgets to be arrangeable on the dashboard as desired, as it was already possible in the monitoring popup.

WebAdmin two-factor authentication

The login to WebAdmin can now optionally use two-factor authentication, which can be activated separately for each user. This can be used to better secure full access admin accounts, while for a receptionist account with limited permissions, for example, it can be waived. We start with the most widely used method TOTP (Time-based One-Time-Token) which can be used with many mobile apps like Google Authenticator, MS Authenticator, FreeOTP, etc. FIDO2 for passwordless logins will also be added in later releases.

Partial Backup Restore

Often backups are used not only in case of failure, but also to transfer configuration from one system to another. But besides the desired configuration, unwanted parts like license, network configuration, existing data (incl. DSGVO relevant personal data) are transferred as well. The partial restore of a backup now allows to import only the configuration (optionally without network settings).

PMS, SPMS and KIS

To whom these acronyms mean something – we separate the PMS login method into 3 separate modules: PMS for hotels, SPMS for ships, and HIS for hospitals/care facilities. In the course of this rebuild, we have also extended many PMS configurations so that now, for example, PMS groups are available for almost all PMS types.

iacbox.cloud Integration

V23 will bring the basic iacbox.cloud integration. Initially, cloud-only connectivity will be implemented via an encrypted tunnel, but as V23 progresses, features will be steadily expanded. Planned features include: Overview of connected systems with their current status and easy monitoring, batch rollouts of certain configurations, WebAdmin access via iacbox.cloud.

Bug fixes

As always, a great many small bug fixes and software updates are included.