- 19 Aug 2024
- 6 Minutes to read
- Print
- DarkLight
Release Notes
- Updated on 19 Aug 2024
- 6 Minutes to read
- Print
- DarkLight
1. Introduction
This document provides information on the features, improvements, and known issues for this Secure Edge release, Version 24.08.
Product naming updates
To better unify branding across all of our technologies, we have changed our product names from ioTium to View Secure Edge, and ioTium Orchestrator to Secure Edge Portal. These updates are now reflected in our product UIs and in our documentation.
2. Changes in this Release (v24.08)
2.1. New Features
iNode WAN Configuration UI: We’ve released a UI for configuring the WAN port on the iNode. Use of the CLI interface is no longer required, but is still available. This feature will be available on newly shipped iNodes. iNodes currently in-service will be updated with this feature in a later update.
Child Org Branding Inheritance and Control: We’ve introduced the ability to synchronize the portal branding to your child organization portals.
2.2. Enhancements
Device Discovery Scan Profiles: We’ve simplified the scan profiles available within Device Discovery. We’ve improved the UI to provide more information about the different scan profiles available.
iNode Delete Improvements: We’ve improved the workflow for deleting iNodes to make the process more streamlined. For deleted iNodes, we’ve added additional information to the Unassigned Serial Numbers page to help identify previously in-service iNodes and their configuration changes.
iNode Diagram and Port Labeling Enhancements: We’ve improved the port diagrams shown within the portal to help with connecting the iNodes. We’ve also aligned the port labeling within the Secure Edge portal to align with the naming of the ports on the Edge iNodes.
2.3 Bug Fixes
Nil
3. Prerequisites
3.1. Cloud Requirements
The following cloud platforms are supported:
Amazon AWS
Microsoft Azure
VMware vSphere v6.x
Google Cloud
3.1.1. Virtual iNode Compute Requirements
2 vCPU, 2GB RAM, 10GB HDD, Public IP address
4. Issues
4.1. Limitations
On rebooting iNode it could take approximately 5 minutes after the reboot for the iNode status to be updated to Alive in the Secure Edge Portal.
When connecting iNodes from the Secure Edge Portal the first time, both iNodes should be in the Alive status.
While launching Virtual iNode in Microsoft Azure, uploading the VHD file might take a long time depending on your network connection.
When representational network is used and there is ongoing traffic between the Edge iNode network and an Virtual iNode network, the ongoing traffic is not resumed after rebooting either iNode.
When many Edge iNode networks are connected to one Virtual iNode network, for Inter Remote Network Traffic to work the Default Destination should be set to the remote Virtual iNode network.
If the Default Destination is set to a remote network and there is ongoing traffic from local network to Internet, changing Default Destination to WAN Network will drop the Internet traffic unless the ongoing traffic is restarted.
Volume created for SkySpark license is required to have a filename with extension ".props".
If Proxy is configured on a Virtual iNode, connecting the Virtual iNode network to an Edge iNode network will fail unless Port Forwarding is enabled on the Proxy Server.
When Standalone Mode is activated for an iNode from the Secure Edge Portal, the iNode needs to be ALIVE for at least one minute for the change to take effect.
If the public IP address of iNode changes, connection to the remote network, if any, will automatically disconnect and reconnect.
The maxium size of the downloaded Service logs is limited to 10 MB.
If the Default Destination is set to a remote network, you should configure public DNS servers as the DNS servers for your services.
When using iNode CLI, if you configure a static IP address for the iNode Ethernet uplink interface but don’t configure a name server, iNode may become unreachable until you configure a name server.
Editing a Secret requires the Service to be restarted to take effect.
Service addressing can be set only when adding the network and can not be changed later by editing the network.
If the Default Destination is set to WAN Network, outbound traffic from the local network destined to Internet or LAN will not match any custom security policy applied to the local network.
In the hardware monitoring, the Power supply status and its temperature is not reported.
When configuring timezone settings for the container, application container packager has to ensure that "tzdata" and "date" packages are installed in the container image to take effect.
When configuring timezone settings for the container, please add the label "_iotium_core_service=true" to the Core services to ensure they aren't affected by container time zone setting. Services without "_iotium_core_service=true" label will be restarted and will come up with the container timezone that is configured.
When configuring a proxy for the Virtual Edge on GCP, the public IP displayed in the iNode details page in the Secure Edge Portal is that of the proxy IP.
Firewall rules cannot be applied for the Inter Traffic Routing within edge iNode.
One-Arm mode is not supported with Multi NIC
Intense scan report shows offline hosts also.
Scan status is updated after 3 mins.
TAN Routing is not supported for dynamic TAN
4.2. Known Problems
If no service log has been generated in the last 24 hours, the Service Logs window in the Secure Edge Portal will not show any logs even if there are logs generated earlier.
When you edit a running Service and change its image, until the Service restarts after pulling the new image the iNode reports wrong status for the Service.
When you try to view or download service logs, a 504 timeout error may be thrown if there are multiple services writing logs frequently and the iNode uplink connection is slow. This is typically temporary; please retry after some time.
When you use the iNode CLI and configure a name server, iNode uses this name server in addition to the DHCP server provided name servers if any.
Metrics graph does not show any break, if iNode loses management connectivity for a moment.
Metrics graph and interface traffic rate on iNode details page will take few minutes to display after provisioning the iNode.
If the Edge iNode network uses Representational network, traffic from a routed segment behind the Virtual iNode is not routed to the Edge iNode network.
If the Edge iNode network uses Representational network, traffic from the Virtual iNode network is not routed to a routed segment behind the Edge iNode network.
Static routes to allow remote networks will not work if static routes with Representational Network is configured.
When you reboot an iNode with numerous services, depending on your Edge iNode hardware it may take several minutes for the services to come back up.
In an iNode cluster if all the candidates in the master election have the same priority, the candidate with the highest IP address may not always be elected as the master.
In an iNode cluster with the NTP core service deployed as a singleton, services running on the backup iNodes don't synchronize time with the NTP service.
The list of configured time servers and the server iNode is currently synchronized to is not available in the Secure Edge Portal for iNodes with debian distro.
In an iNode cluster with a singleton service in UNKNOWN state because of an error condition, the message from the container is not available in the Secure Edge Portal.
When you create a dynamic Edge iNode network, you will need to edit the network to connect to a remote network.
iNode conversion to cluster is not supported if dynamic addressing mode TAN networks exists in iNode.
Threat Intelligence enable/disable is not logged in activity log.
Parent org dashboard may not show the threats detected in child org.
Bulk User create/edit will be performed in the organization of the logged in user.
Threat detected in child org is not consolidated in parent org's dashboard.
Device Discovery enable/disable is not audited.
iNode’s location will be plotted randomly when an invalid address is entered.
Device Discover is not supported in cluster
Scan report of a scan config will be deleted when the scan config is deleted.
Bacnet information is not available in downloaded report.
Device discovery config is not allowed for 10 mins from TAN network edit.
SSO org login or page navigation will throw error sometimes, need page refresh to load the page.
Console connection to Edge iNode will not work via an interface, when multinic is enabled and TAN network is created for that Interface.
5. Archives