Release notes Thinkwise Deployment Center 3.3.0

Hello everyone,

In this release, we have added support for newer Indicium distributions that only provide an appsettings.sample.json file to use as a reference when creating the actual appsettings.json configuration file. We have also added new Microsoft Entra authentication options to use when connecting to SQL Server databases.

Download the Thinkwise Deployment Center 3.3.0 here.

Contents

New in the Thinkwise Deployment Center

Support for Indicium's appsettings.sample.json

GUI CLI

We have added support for newer Indicium distributions that only provide an appsettings.sample.json file to use as a reference when creating the actual appsettings.json configuration file.

GUI Some deployment combinations can cause the comments from the Indicium sample configuration to become unavailable in the final appsettings.json. To accommodate this when using the Advanced edit mode during an Indicium upgrade flow, the Deployment Center offers a View sample button to view the appsettings.sample.json file from the package in a separate window. This will allow you to reference any newly added settings or view the descriptions of settings should they be missing in the appsettings.json file of the deployed Indicium.

Microsoft Entra authentication options

We have added new Microsoft Entra authentication options to use when connecting to SQL Server databases. The following fields have been added to the GUI when selecting a database server host instance:

• SQL Server Authentication
  Authenticate using a regular SQL Server account username and password. Using this is the same as previously clearing the checkbox Integrated security.
• Windows Authentication
  Authenticate using the current Windows user account. Using this is the same as previously checking the checkbox Integrated security.
• Microsoft Entra Password
  Authenticate using your username and password against the Microsoft Entra tenant configured for the SQL Server instance. The username is always your email address.
• Microsoft Entra Integrated
  Authenticate using the current Windows user against the Microsoft Entra tenant configured for the SQL Server instance. Requires the computer to be domain joined/federated with the Microsoft Entra tenant.
• Microsoft Entra MFA
  Authenticate interactively using a browser window like most Microsoft/Azure service web sites. Due to being handled by the OAuth/OIDC this option also supports Multi-Factor Authentication methods.
• Microsoft Entra Service Principal
  Authenticate using an Application Service Principal in a Microsoft Entra tenant. Requires the App ID and a client secret value from the target application registration.

In addition, the following advanced options have been added:

• Encryption - Sets the level required for SSL/TLS when connecting to the server and can be set to:
  • Optional - Uses SSL/TLS if it is available but it is not required.
  • Mandatory - Requires the server to provide SSL/TLS.
  • Strict - Same as Mandatory but requires the connection to support at least TDS 8.0.
• Trust server certificate - Production servers should always use a valid SSL/TLS certificate. However, development servers might not be properly configured with one. This option can be used to always trust the certificate given by the server even if it, for example, is self signed.
• Certificate host name - This setting can be used to specify the host name that is expected to be provided in the SSL/TLS certificate in case it does not match with the host being connected to.

For the command-line interface, new Microsoft Entra authentication options have been added when connecting to SQL Server databases through the iam/sf/upcycler/app commands. These can be set through the --auth-method and --iam-auth-method options depending on the subcommand. The --auth-method option might become required in the future, but currently falls back to previous implicit authentication methods for backwards compatibility.

The following commands are available:

• UserPassword - Authenticate using a regular SQL Server account username and password. Using this is the same as previously providing a --username value.
• WindowsAuthentication - Authenticate using the current Windows user account. Using this is the same as previously not providing a --username value.
• MSEntraUserPassword - Authenticate using username/email and password against the Microsoft Entra tenant configured for the SQL Server instance.
• MSEntraIntegrated - Authenticate using the current Windows user against the Microsoft Entra tenant configured for the SQL Server instance. Requires the computer to be domain joined/federated with the Microsoft Entra tenant.
• MSEntraMFA - Authenticate interactively using a browser window like most Microsoft/Azure service websites. Due to being handled via OAuth/OIDC this option also supports Multi-Factor Authentication methods. However, due to the interactive nature of this flow, this value is not suitable for use in scripts running inside a CI environment.
• MSEntraServicePrincipal - Authenticate using an Application Service Principal in a Microsoft Entra tenant. Requires the App ID (--username) and a client secret (--password) value from the target application registration.

To remain backwards compatible with previous behaviour, the advanced options currently available in the GUI are interpreted as follows in the command-line interface:

• Encryption - always set to Optional which will use SSL/TLS if available but it is not required.
• Trust server certificate - always set to True which allows incorrectly configured/invalid certificates from the server.
• Certificate host name - always empty, due to Trust server certificate always being true this option does not do anything anyway.

Questions or suggestions?