- 25 Feb 2024
- 6 Minutes to read
- Updated on 25 Feb 2024
- 6 Minutes to read
Thanks for sharing your feedback!
This document provides information on the features, improvements, and known issues in this release.
- Product naming updatesTo better unify branding across all of our technologies, we have changed our product names from ioTium to View Secure Edge, and ioTium Orchestrator to Secure Edge Portal. These updates are now reflected in our product UIs and in our documentation.
2. Changes in this Release
2.1. New Features
- New Organization create supports Single Sign On
- Table re-design in all listing pages
- When multiple Edge iNode networks are connected to a Virtual iNode network, allowing Inter Remote Network Traffic does not work if any of the Edge iNode networks use Representational network.
- Auto-Repnet optimization.
2.3. Bug Fixes
3.1. Cloud Requirements
The following cloud platforms are supported:
- Amazon AWS
- Microsoft Azure
- VMware vSphere v6.x
- Google Cloud
3.1.1. Virtual iNode Compute Requirements
2 vCPU, 2GB RAM, 10GB HDD, Public IP address
3.2. Hardware Requirements
- The following hardware platforms are supported for iNode Edge:
- ADLINK MXE-211
- Mobile broadband support requires SIMCom SIM7100A mobile broadband module
- Advantech UNO 2484G
- Dell Edge Gateway 5000 (Model: LBEE5ZZ1EN)
- Dell PowerEdge R240 server platform
- Lanner LEC-7230M-J11A
- Lanner NCA-1510D
- Mobile broadband support requires AT&T or Verizon micro SIM
- Lanner NCA-1510A
- Supermicro SYS-E50-9AP
- ADLINK MXE-211
- On rebooting iNode it could take approximately 5 minutes after the reboot for the iNode status in Orchestrator to be updated to Alive.
- When connecting iNodes from the Orchestrator the first time, both iNodes should be in the Alive status.
- While launching Virtual iNode in Microsoft Azure, uploading the VHD file might take a long time depending on your network connection.
- When representational network is used and there is ongoing traffic between the Edge iNode network and an Virtual iNode network, the ongoing traffic is not resumed after rebooting either iNode.
- When many Edge iNode networks are connected to one Virtual iNode network, for Inter Remote Network Traffic to work the Default Destination should be set to the remote Virtual iNode network.
- If the Default Destination is set to a remote network and there is ongoing traffic from local network to Internet, changing Default Destination to WAN Network will drop the Internet traffic unless the ongoing traffic is restarted.
- Volume created for SkySpark license is required to have a filename with extension ".props".
- If Proxy is configured on a Virtual iNode, connecting the Virtual iNode network to an Edge iNode network will fail unless Port Forwarding is enabled on the Proxy Server.
- When Standalone Mode is activated for an iNode from the Orchestrator, the iNode needs to be ALIVE for at least one minute for the change to take effect.
- If the public IP address of iNode changes, connection to the remote network, if any, will automatically disconnect and reconnect.
- The maxium size of the downloaded Service logs is limited to 10 MB.
- If the Default Destination is set to a remote network, you should configure public DNS servers as the DNS servers for your services.
- When using iNode CLI, if you configure a static IP address for the iNode Ethernet uplink interface but don’t configure a name server, iNode may become unreachable until you configure a name server.
- Editing a Secret requires the Service to be restarted to take effect.
- Service addressing can be set only when adding the network and can not be changed later by editing the network.
- If the Default Destination is set to WAN Network, outbound traffic from the local network destined to Internet or LAN will not match any custom security policy applied to the local network.
- In the hardware monitoring, the Power supply status and its temperature is not reported.
- When configuring timezone settings for the container, application container packager has to ensure that "tzdata" and "date" packages are installed in the container image to take effect.
- When configuring timezone settings for the container, please add the label "_iotium_core_service=true" to the Core services to ensure they aren't affected by container time zone setting. Services without "_iotium_core_service=true" label will be restarted and will come up with the container timezone that is configured.
- When configuring a proxy for the Virtual Edge on GCP, the public IP displayed in the iNode details page on the Orchestrator User interface is that of the proxy IP.
- Firewall rules cannot be applied for the Inter Traffic Routing within edge iNode.
- One-Arm mode is not supported with Multi NIC
- Intense scan report shows offline hosts also.
- Scan status is updated after 3 mins.
- Inter TAN Routing is not supported for dynamic TAN
4.2. Known Problems
- When Edge iNode’s uplink is connected via mobile broadband and you want to change the IP address of iNode's network 2 ethernet interface (eth1), it should not be in the same subnet as the uplink network.
- If no service log has been generated in the last 24 hours, the Service Logs window in the Orchestrator will not show any logs even if there are logs generated earlier.
- When you edit a running Service and change its image, until the Service restarts after pulling the new image the iNode reports wrong status for the Service.
- When you try to view or download service logs, a 504 timeout error may be thrown if there are multiple services writing logs frequently and the iNode uplink connection is slow. This is typically temporary; please retry after some time.
- When you use the iNode CLI and configure a name server, iNode uses this name server in addition to the DHCP server provided name servers if any.
- Metrics graph does not show any break, if iNode loses management connectivity for a moment.
- Metrics graph and interface traffic rate on iNode details page will take few minutes to display after provisioning the iNode.
- If the Edge iNode network uses Representational network, traffic from a routed segment behind the Virtual iNode is not routed to the Edge iNode network.
- If the Edge iNode network uses Representational network, traffic from the Virtual iNode network is not routed to a routed segment behind the Edge iNode network.
- Static routes to allow remote networks will not work if static routes with Representational Network is configured.
- ioTium CLI login expires after idle session timeout; ioTium CLI throws 401 error unless user logs into the Orchestrator using ioTium CLI again.
- When you modify network or add Custom Security Policy to a network using ioTium CLI, existing static routes are removed.
- When you reboot an iNode with numerous services, depending on your Edge iNode hardware it may take several minutes for the services to come back up.
- In an iNode cluster if all the candidates in the master election have the same priority, the candidate with the highest IP address may not always be elected as the master.
- In an iNode cluster with the NTP core service deployed as a singleton, services running on the backup iNodes don't synchronize time with the NTP service.
- The list of configured time servers and the server iNode is currently synchronized to is not available in the Orchestrator for iNodes with debian distro.
- In an iNode cluster with a singleton service in UNKNOWN state because of an error condition, the message from the container is not available in the Orchestrator.
- When you create a dynamic Edge iNode network, you will need to edit the network to connect to a remote network.
- iNode conversion to cluster is not supported if dynamic addressing mode TAN networks exists in iNode.
- Threat Intelligence enable/disable is not logged in activity log.
- Parent org dashboard may not show the threats detected in child org.
- Bulk User create/edit will be performed in the organization of the logged in user.
- Threat detected in child org is not consolidated in parent org's dashboard.
- Device Discovery enable/disable is not audited.
- iNode’s location will be plotted randomly when an invalid address is entered.
- Device Discover is not supported in cluster
- Scan report of a scan config will be deleted when the scan config is deleted.
- Bacnet information is not available in downloaded report.
- Device discovery config is not allowed for 10 mins from TAN network edit.
- SSO org login or page navigation will throw error sometimes, need page refresh to load the page.