Copyright

Copyright © 2019 Balasys IT Ltd.. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balasys.

This documentation and the product it describes are considered protected by copyright according to the applicable laws.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

Linux™ is a registered trademark of Linus Torvalds.

Windows™ 10 is registered trademarks of Microsoft Corporation.

The Balasys™ name and the Balasys™ logo are registered trademarks of Balasys IT Ltd.

The Zorp™ name and the Zorp™ logo are registered trademarks of Balasys IT Ltd.

The Proxedo™ name and the Proxedo™ logo are registered trademarks of Balasys IT Ltd.

AMD Ryzen™ and AMD EPYC™ are registered trademarks of Advanced Micro Devices, Inc.

Intel® Core™ and Intel® Xeon™ are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

All other product names mentioned herein are the trademarks of their respective owners.

DISCLAIMER

Balasys is not responsible for any third-party websites mentioned in this document. Balasys does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. Balasys will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.

2021-12-01 .Copyright

Features

  • First login admin password
    From now on, the administrator password can be set during installation. The installer asks if the user wants to specify an administrator password, or if one should be generated as before. Note that this only applies to the administrator password used for the first login via the htpasswd file, LDAP users are not affected.

  • Easier installation for all components
    We have implemented an easier installation process for all software components (CORE, MGMT, STORAGE). Where the user interaction is not absolutely necessary the system generates the necessary values. In addition, the user is guided through an easier installation with the help of prompt windows which are more informative than the terminal was before.

  • Visibility of configuration structure and related elements
    We have made the relationships between elements more visible in the GUI. You can see exactly what elements form a group.

  • PAS start page
    The PAS start page has been introduced. After login the Status page is displayed and the list of containers will be visible.

  • Certain fields set by enter in the WEB UI
    Textual and numeric fields can now be set by enter key in the WEB UI.

  • Backup from running configuration in config api
    We have implemented a new 'config_backup/running' endpoint for the config export in config api. In addition, the current 'config_backup' endpoint has been moved to 'config_backup/user'. Consequently, we can separate the backup option for two parts.

  • Configuration backup option on the GUI
    We have introduced Configuration backup option into the PAS user interface. The configuration export and import functions are now available on the web UI. As part of configuration export you can download the running configuration from the PAS as a zip file. The configuration import option allows you to upload your previously saved configuration backup.

  • Flow Director Log changes without restart
    Flow Director log changes can take effect without restart. You can apply them on the Changes page.

  • Transport Director Log changes without restart
    Transport Director log changes can take effect without restart. You can apply them on the Changes page.

Improvements

  • Drop latest versions from our release artifacts
    The '.latest' Docker image tags are no longer used, in order to prevent accidental unplanned upgrades of the product to newer veersions. The product version will be explicitly specified in the 'major.minor.patch' format from now on. '3.latest' and '3.2.latest' are the last '.latest' versions released, both pointing to version '3.2.0'.

  • Synchronize variable and config key names with LDAP terminology
    Some of the variable names in the management config.yml are changed to represent what they are used for more precisely:

    • 'user_object_type' is renamed to 'user_object_class' to match LDAP terminology

    • 'group_object_type' is renamed to 'group_object_class' to match LDAP terminology

    • 'server_cert' is renamed to 'ca_certs_file' to represent better the use of the variable. See the updated Administration Guide. Only the terminology has been corrected in the documentation, but the functionality has not changed.

  • htpasswd file location non-configurable
    The path of the users.htpass file is not configurable any more. Its path is /opt/balasys/etc/mgmt/users.htpass.

  • Weaker dependency between core and storage systemd services
    The core component now has a weaker dependency on the storage component, so now:

    • the 'proxedo-api-security.service' systemd unit can start even if the storage fails to start. The core component will wait for the storage to become available before trying to load its configuration.

    • 'proxedo-api-security.service' systemd unit can keep running even in the storage fails or is restarted. If the core component already has a loaded configuration, it will keep serving traffic with it until a healthy storage tells it to do differently.

  • Migration Guide
    The Migration Guide is available for this version. It helps the upgrade process when you change the PAS version from 3.2.0 to 3.3.0. In addition we give helper scripts to support it.

Fixes

  • Encrypting docker password using Ansible Vault for multi-node setup
    The user has to encrypt the Docker registry password in the automated core deployment tool. Ansible is a dependency requirement for installing the management package.

  • Trusted-dn syslog-ng TLS option
    The following two parameters are removed from the server verification settings of Syslog TLS brick:

    • Trusted DN

    • Trusted keys

  • Obsolete SSLv2 and SSLv3 parameters on Syslog TLS
    SSLv2 and SSLv3 are not supported anymore, the Disable SSLv2 and Disable SSLv3 options have been removed from the Syslog TLS Brick.

  • HTTP Error code selector issue
    It is not possible to select non-working code ranges. In addition if you are clearing the error code field the dropdown works properly and does not break.

  • Listener default port
    The default port of the listener has been modified to 49000.

  • Default values on mandatory fields
    Those fields which have a default value, are no longer marked as mandatory fields. From now on, if a field has a default value, then it is not required to be filled in.

  • Management configuration checking fixes
    Wrong configapi parameter names and missing mandatory parameters are now reported in 'pas-mgmt-checkconfig', before the start of the container.

  • Health check fails with multiple services in a container
    The monitoring manager container sometimes entered failed state without any user interaction. This should not happen anymore.