Release Notes
  • 01 May 2023
  • 6 Minutes to read
  • Dark

Release Notes

  • Dark

Article Summary

1. Introduction

This document provides information on the features, improvements, and known issues in this release.

Product naming updates
To better unify branding across all of our technologies, we have changed our product names from ioTium to View Secure Edge, and ioTium Orchestrator to Secure Edge Portal. These updates are now reflected in our product UIs and in our documentation.

2. Changes in this Release

2.1. New Features

  • Facilitates detection and notification of duplicate IP addresses between the iNode TAN interface/TAN Services, and IP addresses for entities and devices that are south of the iNode.
  • Extension to "Security Policy" capabilities to allow users to specify firewall rules in the Service to Device and Device to Service directions within a TAN network.
  • Support for Virtual Edge on the Amazon Web Services (AWS).

2.2. Enhancements

  • Extension to time-server configuration to allow user to specify a NTP Server’s FQDN while setting a timer-server on the iNode.
  • Enhancement to allow Org Admins to enforce Multi Factor Authentication for all users in an Org.
  • Multiple Orchestrator User Interface look-and-feel improvements.

2.3. Bug Fixes

Some of the notable bug fixes:

  1. WAN interface MAC address changes on iNode reboot.
  2. In a rare scenario, application logs in the iNode are not rotated and this was filling up the filesystem.
  3. User-Agent on the tunnel request is set to default.

3. Prerequisites

3.1. Cloud Requirements

The following cloud platforms are supported:

  • Amazon AWS
  • Microsoft Azure
  • VMware vSphere v6.x
  • Google Cloud

3.1.1. Virtual iNode Compute Requirements

2 vCPU, 2GB RAM, 10GB HDD, Public IP address

3.2. Hardware Requirements

  • The following hardware platforms are supported for iNode Edge:
    • ADLINK MXE-211
      • Mobile broadband support requires SIMCom SIM7100A mobile broadband module
    • Advantech UNO 2484G
    • Dell Edge Gateway 5000 (Model: LBEE5ZZ1EN)
    • Dell PowerEdge R240 server platform
    • Lanner LEC-7230M-J11A
    • Lanner NCA-1510D
    • Mobile broadband support requires AT&T or Verizon micro SIM
    • Lanner NCA-1510A
    • Supermicro SYS-E50-9AP

4. Issues

4.1. Limitations

  1. On rebooting iNode it could take approximately 5 minutes after the reboot for the iNode status in Orchestrator to be updated to Alive.
  2. When connecting iNodes from the Orchestrator the first time, both iNodes should be in the Alive status.
  3. While launching Virtual iNode in Microsoft Azure, uploading the VHD file might take a long time depending on your network connection.
  4. When multiple Edge iNode networks are connected to a Virtual iNode network, allowing Inter Remote Network Traffic does not work if any of the Edge iNode networks use Representational network.
  5. When representational network is used and there is ongoing traffic between the Edge iNode network and an Virtual iNode network, the ongoing traffic is not resumed after rebooting either iNode.
  6. When many Edge iNode networks are connected to one Virtual iNode network, for Inter Remote Network Traffic to work the Default Destination should be set to the remote Virtual iNode network.
  7. If the Default Destination is set to a remote network and there is ongoing traffic from local network to Internet, changing Default Destination to WAN Network will drop the Internet traffic unless the ongoing traffic is restarted.
  8. Volume created for SkySpark license is required to have a filename with extension ".props".
  9. If Proxy is configured on a Virtual iNode, connecting the Virtual iNode network to an Edge iNode network will fail unless Port Forwarding is enabled on the Proxy Server.
  10. When Standalone Mode is activated for an iNode from the Orchestrator, the iNode needs to be ALIVE for at least one minute for the change to take effect.
  11. If the public IP address of iNode changes, connection to the remote network, if any, will automatically disconnect and reconnect.
  12. The maxium size of the downloaded Service logs is limited to 10 MB.
  13. If the Default Destination is set to a remote network, you should configure public DNS servers as the DNS servers for your services.
  14. When using iNode CLI, if you configure a static IP address for the iNode Ethernet uplink interface but don’t configure a name server, iNode may become unreachable until you configure a name server.
  15. Representational Network can not be configured for static route to allow remote networks, unless there is a conflict.
  16. Editing a Secret requires the Service to be restarted to take effect.
  17. Service addressing can be set only when adding the network and can not be changed later by editing the network.
  18. If the Default Destination is set to WAN Network, outbound traffic from the local network destined to Internet or LAN will not match any custom security policy applied to the local network.
  19. In the hardware monitoring, the Power supply status and its temperature is not reported.
  20. When configuring timezone settings for the container, application container packager has to ensure that "tzdata" and "date" packages are installed in the container image to take effect.
  21. When configuring timezone settings for the container, please add the label "_iotium_core_service=true" to the Core services to ensure they aren't affected by container time zone setting. Services without "_iotium_core_service=true" label will be restarted and will come up with the container timezone that is configured.
  22. When configuring a proxy for the Virtual Edge on GCP, the public IP displayed in the iNode details page on the Orchestrator User interface is that of the proxy IP.

4.2. Known Problems

  1. When Edge iNode’s uplink is connected via mobile broadband and you want to change the IP address of iNode's network 2 ethernet interface (eth1), it should not be in the same subnet as the uplink network.
  2. If no service log has been generated in the last 24 hours, the Service Logs window in the Orchestrator will not show any logs even if there are logs generated earlier.
  3. When you edit a running Service and change its image, until the Service restarts after pulling the new image the iNode reports wrong status for the Service.
  4. When you try to view or download service logs, a 504 timeout error may be thrown if there are multiple services writing logs frequently and the iNode uplink connection is slow. This is typically temporary; please retry after some time.
  5. When you use the iNode CLI and configure a name server, iNode uses this name server in addition to the DHCP server provided name servers if any.
  6. Metrics graph does not show any break, if iNode loses management connectivity for a moment.
  7. Metrics graph and interface traffic rate on iNode details page will take few minutes to display after provisioning the iNode.
  8. If the Edge iNode network uses Representational network, traffic from a routed segment behind the Virtual iNode is not routed to the Edge iNode network.
  9. If the Edge iNode network uses Representational network, traffic from the Virtual iNode network is not routed to a routed segment behind the Edge iNode network.
  10. Static routes to allow remote networks will not work if static routes with Representational Network is configured.
  11. ioTium CLI login expires after idle session timeout; ioTium CLI throws 401 error unless user logs into the Orchestrator using ioTium CLI again.
  12. When you modify network or add Custom Security Policy to a network using ioTium CLI, existing static routes are removed.
  13. When you reboot an iNode with numerous services, depending on your Edge iNode hardware it may take several minutes for the services to come back up.
  14. In an iNode cluster if all the candidates in the master election have the same priority, the candidate with the highest IP address may not always be elected as the master.
  15. In an iNode cluster with the NTP core service deployed as a singleton, services running on the backup iNodes don't synchronize time with the NTP service.
  16. The list of configured time servers and the server iNode is currently synchronized to is not available in the Orchestrator for iNodes with debian distro.
  17. In an iNode cluster with a singleton service in UNKNOWN state because of an error condition, the message from the container is not available in the Orchestrator.
  18. When you create a dynamic Edge iNode network, you will need to edit the network to connect to a remote network.

5. Archives

To view Release Notes for earlier versions, see here.

What's Next