But the biggest improvement to Security Audits for MIDAS v4.33 is the ability to schedule regular automated security audits.
Until now, a Security Audit could only be manually initiated (via MIDAS Admin Options → Manage MIDAS → Security → Perform a Security Audit)
From MIDAS v4.33, you can now use Scheduled Tasks to automatically run a Security Audit and email you the results. Audits can be configured to run every 7, 14, 30, 60, or 90 days.
Schedule automated security audits of your MIDAS booking system
We’re excited to announce Geolocation and Geofencing support for our MIDAS room and resource scheduling software.
What is Geolocation?
Geolocation is the process of determining the geographic location of a user’s device. It is used in a variety of applications, such as mapping, navigation, and weather forecasting. A device’s location can be determined using a variety of methods, including GPS, cell tower triangulation, and IP address location.
IP address geolocation is a method of determining the position in the world of an IP address. This can be done by using a variety of methods, including:
Reverse DNS lookup: This method involves looking up the IP address in a DNS database to determine the name of the domain that is associated with the IP address. The domain name can then be used to determine the geographic location of the server that hosts the domain.
Geolocation databases: These databases contain information about the geographic location of IP addresses. This information is typically collected from a variety of sources, such as ISPs and network operators.
It is important to note that IP address geolocation is not always accurate. The accuracy of IP address geolocation depends on a variety of factors. These include the quality of the geolocation database and the method that is used to determine the geographic location of the IP address.
What is Geofencing?
Geofencing is an extension of geolocation. Once a device’s geographic location can be determined through geolocation, “Geofencing” can be used by a website or application to ensure that devices outside of an authorized area are denied access.
IP geofencing works by creating a virtual radius at a set distance around a fixed point on the globe. By comparing the latitude and longitude coordinates of a user’s device, with this fixed point, the distance between them can be calculated. This calculation will determine whether the user’s device falls within the set virtual radius.
Access form any device which falls outside of a set radius of the central fixed location can then be blocked.
Geolocation applications within MIDAS
Initially, there are two main areas within our booking software where geolocation information can be shown.
First, is the Recent Activity Log. This audit log in MIDAS records all user activity and actions taking place in your booking system. Each entry in the log is time-stamped, and shows the user account and IP address which performed the action.
From MIDAS v4.33, the optional Geolocation addon can be configured to allow location information to be shown for IP addresses in the Recent Activity Log. This location information includes the city, region, and country that the IP address resides in.
The unfamiliar login notifications feature alerts users when their account is signed in to from a new device or location.
These notifications typically include details of the user’s device / browser and their IP address.
Geolocation support now means that you can optionally configure these notifications to now also include the city, region, and country that the login occurred from.
Geofencing applications within MIDAS
Building on the new geolocation support, Geofencing can be used to further enhance the security of your MIDAS system.
It can be used to restrict account logins to certain countries. For example, if your organization only has offices within the United States and the United Kingdom, your colleagues are typically likely to only need to login to MIDAS from within either the US or the UK. You can use geofencing to block any login attempts originating from countries other than the US or the UK.
Restrict MIDAS logins to certain countries
Geofencing can additionally (or alternatively) also restrict account logins to within a certain distance from your location. For example, if you run a radio station in Manchester, UK, you could restrict logins to your MIDAS system to within say a 10 mile radius of Manchester.
Restrict MIDAS logins to within a radius of a set geographic location
How to enable Geolocation or Geofencing in MIDAS
The new Geolocation and Geofencing features are available for MIDAS v4.33 (or later) via our optional Geolocation addon.
Existing customers with active subscriptions can obtain this addon via https://mid.as/upgrade.
If you’re new to MIDAS, you can subscribe with the Geolocation addon via https://mid.as/pricing.
Geolocation data accuracy
The accuracy of IP geolocation data depends on a number of factors, including the quality and freshness of the geolocation database, the method that is used to determine the geographic location of the IP address, and the type of IP address.
The IP geolocation data we use in the Geolocation addon for MIDAS is never more than 30 days old.
In general, IP geolocation data is most accurate for large geographic areas, such as countries or states. It can become less accurate for smaller geographic areas, such as cities or neighborhoods.
That’s why if you use the distance based geofence features of the Geolocation addon, you should always set a larger liberal distance than necessary, rather than a very small strict distance from your location. The Geolocation addon does include an instant IP lookup test tool, so you can check IP distances before you apply them.
The Geolocation addon also includes “fallback” options for both country / distance geofence enforcement. For IP addresses where a country and/or latitude and longitude coordinates cannot be determined, you can configure MIDAS to either block or allow these connections.
It’s also worth noting that the accuracy of IP geolocation data can be affected by the use of proxy servers and VPNs. Proxy servers and VPNs can mask the true IP address of a device, making it difficult to determine the device’s geographic location.
These days, around two thirds of our customers opt for our cloud-hosted edition. Despite this, we’re still very much committed though to offering and supporting a self-hosted edition too.
Now, one of the challenges in developing a web-based application like MIDAS is that it relies on 3rd party components.
For example, to run a web based application, you first need a web server that supports the coding language the web application is written in. You also need a database server to store data for the application.
Countless combinations
Web servers first and foremost need an operating system (like Windows or Linux). They also require underlaying web server software – such as Apache or IIS – to name just two. There are of course numerous operating systems and server software, with different variations and configurations of each.
MIDAS is written in Perl. There are a number of different “flavors” of Perl for different operating systems. For example, on Windows servers both ActivePerl and Strawberry Perl are available.
Finally database servers; MIDAS currently supports MySQL and MariaDB databases, and different versions of each of these.
Here at MIDAS HQ, we have test MIDAS systems running on a range of common setups. However, it would be virtually impossible for us to test our software on every conceivable combination of Operating System, Web Server, Perl, and Database versions.
Although rare, if a self-hosted customer encounters an issue with our software on their particular setup, we’re usually able to replicate it in our labs and provide a solution.
Very occasionally though a self-hosted customer encounters an issue which we’re not able to readily identify and reproduce.
As we (rightly) don’t have access to self-hosted customer’s own servers, this can make troubleshooting challenging.
It can be even more challenging if the self-hosted customer (or their IT provider) is not especially server-savvy. For instance, we may occasionally request files from a customer to aid in our troubleshooting…
A real-world example
In a recent support request, a self-hosted customer encountered an issue after updating their MIDAS system. We weren’t able to immediately replicate this in our testing, and so we requested additional information from the customer. The customer had to contact their IT supplier for assistance in retrieving these files from their MIDAS. Their IT supplier was slow in providing the requested information, which we didn’t receive for a couple of weeks.
Once in receipt of the additional information, however, we were able to identify and resolve the issue within a couple of hours. The customer though was understandably frustrated that it had taken two weeks to resolve (due to the delay with their IT supplier).
As a result of this, we decided to take steps to make it easier for us to support self-hosted customers in the future.
Helping us to help you!
So starting with MIDAS v4.33, there’s now an option for a self-hosted customer to send us diagnostic information directly from within their MIDAS system. This bypasses situations where a customer may have to contact or raise a ticket with their external IT support/provider in order for us to assist them.
If you run into an issue with your self-hosted MIDAS system, our support team may provide you with a “Support Code”. Simply login to your MIDAS system and go to MIDAS Admin Options → Manage MIDAS → Database → Database Tools, and select “Send Support Bundle”.
Easily send diagnostic data to the MIDAS support team
You’ll be prompted to enter your Support Code before clicking the “Send Support Bundle to MIDAS” button. Your MIDAS system will then self-generate diagnostic information. This information is then securely sent to our support team for further analysis.
The following data is included within the support bundle that’s securely transmitted to MIDAS HQ:
A copy of the program files which make up your MIDAS system
A copy of the settings file for your MIDAS system
A copy of your MIDAS database
A copy of any MIDAS debug logs
Information on your server setup
This diagnostic data can really aid our support team speed up the diagnosis of the potential issue you’re having with your self-hosted MIDAS system.
That’s not the only invoicing improvement that we’re introducing with our v4.32 update. Here’s what else we’ve added…
New Bulk “Remove Unsent Invoices” tool
By default, when new invoices are created or automatically generated in MIDAS, they initially remain “unsent”. This allows you to make any changes until you’re ready to send them to your clients.
Now, MIDAS naturally retains invoices indefinitely in the system. Most organizations won’t need to keep old invoices for more than a handful of years.
So earlier this year, we introduced a new “Remove Obsolete Invoices” housekeeping tool in MIDAS. This allowed an administrator to remove old invoices in bulk.
As the “Remove Obsolete Invoices” tool only affects paid invoices, we’ve added a further tool to MIDAS v4.32. The new “Remove Unsent Invoices” tool allows an administrator to quickly remove all “draft” (unsent) invoices with just a couple of clicks.
Retain references to removed obsolete invoices with bookings
As we’ve mentioned, MIDAS already includes an administrative tool to remove obsolete invoices from the system. When this happens, any bookings that were originally used to generate a now obsolete invoice will no longer indicate that they are associated with that invoice.
For v4.32 we’ve included the option to leave references to removed invoices with booking when obsolete invoices are removed.
Retain clients with invoices when removing obsolete clients
Whilst we’re on the subject of “house keeping”, another database tool included with MIDAS is the “Remove Obsolete Clients” tool. This allows an administrator to remove clients from the database who haven’t had any bookings in a long time.
For such clients who may still have invoices in the system, this meant that those invoices became clientless when the client was removed.
We’ve now included the option to “Retain clients with invoices” when removing obsolete clients.
For any obsolete clients who still have invoices in the system won’t be removed – both the client and their invoice will be retained.
Options to include more information with resources on invoices
When MIDAS generates invoices for your room hires, the description of each room on the invoice includes the room’s name, as well as the date and times of hire.
However, for resource items, the invoice description for each item only includes the invoice name.
So for v4.32, we’ve provided options to control how resource items appear on generated invoices.
You can choose to have the resource’s name only, or the resource’s name and the venue (room) it’s been assigned to, or the resource’s name with the dates/time it has been book for – or a combination of the above.
Set default email subject when sending invoices, credit notes, and receipts
The “Templates” feature allows you to customize a range of template within your MIDAS system. For instance, you can customize how your printouts look, or how emails look, and so forth.
For v4.32, we’ve allowed the setting of a “default” email subject line for when invoices, credit notes, and receipts are emailed via MIDAS.
This means that when a user composes an email to a client in MIDAS when sending an invoice, credit note, or receipt, the subject line can be pre populated (rather than empty).
The user will still be able to change the subject line on a per email basis, but these new “default” subject line settings will mean that you can set an initial subject line for such emails.
