Release Notes

Latest Version 2.7.1

2.7.1 2022-09-12

  • ENHANCEMENT: Do NOT import password encrypted in database
    When a new VNS3ms instance is deployed, even when a database archive is imported, the username/password combination “in force” is the newly configured one. Cohesive believes it is not reasonable to expect tracking of previously expired passwords.
  • OPTIMIZATION: Misc improvements to Azure support
    Improvements to Cold, Warm, Hot HA support at Azure. Improvements to display of Azure VNET resources.
  • COMPATIBILITY ALERT: Only 2.6.2 and 2.7.1 exports can be imported
    Changes in an encryption library requires 2.6.1 exports to be imported into version 2.6.2. Due to a library issue exports from 2.6.1 CANNOT be imported directly into version 2.7.1 and beyond. They must be specifically exported to be imported into version 2.6.2. The 2.6.2 export CAN be imported into 2.7.1 and beyond.

2.6.2 2022-08-21

  • ENHANCEMENT: Allow migration from VNS3ms 2.6.1 and earlier to 2.7.1 and later.
    Changes in an encryption library requires 2.6.1 exports to be imported into version 2.6.2. Due to a library issue exports from 2.6.1 CANNOT be imported directly into version 2.7.1 and beyond. They must be specifically exported to be imported into version 2.6.2. The 2.6.2 export CAN be imported into 2.7.1 and beyond.

2.6.1 2022-03-25

  • ENHANCEMENT: Azure VNET support
    Azure VNETs are not supporting like AWS VPCs, showing Security Groups, ACLs, and Route Tables.
  • ENHANCEMENT: Azure HA support
    Cold HA migrations now supported for Azure instances.
  • ENHANCEMENT: VNS3ms Instances can now be run in Azure
    The VNS3ms system can now run as an instance-based appliance in Azure Cloud
  • ENHANCEMENT: Initial support for self-saving of database to cloud storage (beta)
    VNS3ms can now be configured (given the appropriate cloud permissions) to back up its own database to cloud object storage at AWS and Azure
  • OPTIMIZATION: Complete update of VNS3ms dependency chain
    VNS3ms was updated to newest versions of the technology dependency chain it uses. Additionally significant synchronization was done to the component usage (where possible) of the VNS3 Network Platform. This improves Cohesive’s ability to test and secure the two product lines.
  • COMPATIBILITY ALERT: Change in encryption library requires 2.6.1 exports to be imported into version 2.6.2. Due to a library issue exports from 2.6.1 CANNOT be imported directly into version 2.7.1 and beyond. They must be specifically exported to be imported into version 2.6.2. The 2.6.2 export CAN be imported into 2.7.1 and beyond.

2.5.9 2021-08-17

  • BUGFIX: Group lookup not working for LDAP configurations
    This has been resolved.
  • BUGFIX: Automatic “administer” launch via Access URL misinterpreted VNS3 version
    The “Administer” button did not always properly differentiate versions supporting “Access URLS” and those that didn’t. This has been resolved.
  • BUGFIX: “Delete Firewall Rule” not working via UI or API.
    This has been resolved.

2.5.8 2021-05-04

  • OPTIMIZATION: Private IP capabilities finalized for Cold HA, and introduced for Warm and Hot HA.

2.5.7 2021-04-28

  • OPTIMIZATION: When VNS3ms Cold HA configured to use controller private IP, even though it is private ip HA, still swap any EIP from old instance to failover instance.

2.5.6 2021-04-21

  • BUGFIX: VNS3ms would attempt to set webhook notifications on controller even if not chosen as an operation in VNS3 ms.
    This behavior has been corrected.
  • BUGFIX: - When doing Cold HA operations in a closed network, VNS3ms would attempt to use the public ip of the failover instance for operations instead of the failover instance private ip.
    This behavior has been corrected.
  • OPTIMIZATION: Added error handler if secondary ip permissions not available.
  • OPTIMIZATION: Improved post-HA operation polling to determine VNS3 is up.

2.5.5 2021-04-08

  • BUGFIX: Adapt to AWS API changes
    Some API calls still depended on AWS having a default initial region (us-east-1). The calling pattern has been corrected.
  • BUGFIX: Updating VNS3 controller password from VNS3ms could sometimes fail.
    This has been corrected.
  • ENHANCEMENT: Initial support for VNS3ms Cold HA running in wholly sealed networks
    Some elements of VNS3ms still depend on an Internet Gateway being available for making cloud platform API calls. This release significantly reduces that constraint.

2.5.4 2021-1-5

  • BUGFIX: Password expiration could result in a user being locked out
    There were user behaviors, when confronted with the “your password has expired, please provide a new one”, which resulted in the password update dialog being lost and the password being in an unknown state, preventing login. This has been corrected.

2.5.3 2020-12-16

  • BUGFIX: Previous fixes for AWS API changes were incomplete
    Additional fixes for proper region designation made to prevent API errors.
  • BUGFIX: Previous fixes for recognizing previous instance state were incomplete
    Additional fixes for properly recognizing that the previous instance from an HA operation has been stopped.

2.5.2 2020-10-07

  • BUGFIX: Some “cloud vlan” displays did not work
    Additional support for AWS CLI changes.
  • BUGFIX: Deletion of Cloud credentials required cloud vlan record to be re-created
    If a Cloud credential was deleted, all of the vlan records which had been configured with that credential were stuck in an “un-editable” state and needed to be removed and re-added. Now the cloud vlan record can be edited to attach an appropriate credential. In a future release credential deletion will require providing the replacement credential in advance of allowing the deletion so VNS3ms can automatically migrate the cloud vlan records.

2.5.1 2020-08-18

  • ENHANCEMENT: High Availability features work with private VPC IP
    Previously HA functions only worked with dynamically re-mappable public IPs (EIPs). Private VPC IP (via a secondary IP on the primary interface) can now be used. This allows VNS3ms to perform operations on VNS3 instances in “closed” cloud networks, where the controller does NOT have Internet access.
  • ENHANCEMENT: Dry Run operation, and enhanced argument validations
    As well as the HA “activate” button on the Web UI, there is now a “Dry Run” button which will provide much stronger argument validation AND use the AWS API “dry run” feature to ensure the VNS3ms has the appropriate permissions to perform all of the HA functions. NOTE: In a future release the explicit “dry run” action will be incorporated into the “Update HA Backup Details” operation and repeated as part of the “Activate” operation.
  • ENHANCEMENT: Username displayed in logged operations
    The currently logged in user is now part of log messages for actions performed. This feature support tracking the operations even if there is more than one concurrent user.
  • ENHANCEMENT: Homogenize authentication and API approach with VNS3
    Previously VNS3ms and VNS3 Controllers had very different approaches to API usage and API tokens. These differences have been reduced to a bare minimum. Most notably VNS3ms has the concept of a “read only” user permission, whereas VNS3 does not.
  • OPTIMIZATION: Cold HA operation supports changing subnet, AZ, and instance type
    When configuring a Cold HA operation the administrator can now choose a different availability zone and/or subnet for the new instance to be deployed to, as well as increase or decrease the instance size of the new instance.
  • BUGFIX: HA operation succeeds if “stop” command for prior instance accepted
    Cloud instance shutdown time can vary extensively. VNS3ms previously used a timeout parameter - and if the stop had not succeeded by then, it would alert that the HA operation had failed, when in fact only the stop of the prior instance had not concluded yet. HA success is now considered if the cloud platform accepts the stop command for the prior instance.
  • BUGFIX: VNS3ms sometimes interprets semantic versioning incorrectly
    VNS3ms would sometimes restrict features incorrectly, thinking a controller was an older release than true as a result of improper sorting/comparison of semantic versions. This has been corrected.
  • BUGFIX: Some API calls, including HA calls to cloud platform failed
    With the introduction of newer VPC regions, it was discovered that previously working AWS API calls would fail. This was the result of Cohesive calling the AWS API in a manner which previously worked, but ceased to be reliable. This has been corrected.

2.3.6 2020-04-15

  • OPTIMIZATION: Improved error logging and error. messages.
  • OPTIMIZATION: Added Subnet, Availability Zone, Instance Type to API/UI
    Foundation for more flexible Cold HA.
  • OPTIMIZATION: Don’t enable webhook/push alerts by default
    When adding a controller record to VNS3ms, the default behavior was to enable alerts from that controller. This is no longer the default. An explicit decision to enable alerts for a controller should be made.
  • BUGFIX: Continue to display HA logs from most recent failover events.
    When an HA action was completed, the logs did not show up in the information of the new instance. This has been corrected.

2.3.5 2020-01-29

  • ENHANCEMENT: Cold HA workflow now allows changing availability zone and instance type for the failover instance
  • ENHANCEMENT: Controller “tree control” now allows searching by Controller IP address.
  • OPTIMIZATION: Improved queuing for background operations allowing larger number of managed controllers

2.3.3 2019-12-19

  • ENHANCEMENT: Superuser “Admin” password can be reset via Amazon AWS Userdata
    Stop VNS3ms instance, add reset_ui_password="mypassword”, start instance and login Admin with that password. Stop instance, remove userdata.

2.2.1 2019-07-31

  • ENHANCEMENT: Ongoing improvements to the webhooks / alert push functions
  • OPTIMIZATION: Increased memory for database server allows for larger number of managed controllers.
  • OPTIMIZATION: Performance improvements to dashboard display

2.1.2 2019-07-24

  • OPTIMIZATION: Disabled internal server (Nginx) from disclosing its version. Slight security enhancement.
  • BUGFIX: Regression in IAM Role verification. This has been corrected.

2.1.1 2019-07-17

  • FEATURE: Alerts from VNS3 controllers (4.6.1+) can be pushed to new “Alerts” section on Dashboard. VNS3 4.6.1+ can consume “web hooks” to push two initial events (tunnel up, tunnel down) to Webex Teams, PagerDuty, Slack and VNS3ms.
  • BUGFIX: Non-Admin users were able to use the Administer button to create Access URL. Only Admin role should be able to use this FEATURE. This has been corrected.
  • BUGFIX: Regression in MFA support. 2.0 release broke the MFA / Google Authenticator function. This has been corrected.

2.0 2019-04-18

  • OPTIMIZATION: Updated hardened OS platform, now shared with VNS3 Controller.
  • OPTIMIZATION: Appliance shrunk from 50 gig auxiliary mount and 8 gig boot to a 30gig filesystem image shared with VNS3 Controller.
  • OPTIMIZATION: Configuration and HA “success” events were disabled.
  • Dashboard should only show items of interest. Simple actions should not be displayed.
  • OPTIMIZATION: Snapshot and Database Upload size increased to 5gig.
  • OPTIMIZATION: Snapshot and Database Upload now displays a progress bar.
  • OPTIMIZATION: Reduce disk utilization by database logs.
  • OPTIMIZATION: Better support for LDAP groups.
  • BUGFIX: Admins not allowed to use credentials created by “Superuser” (built in Admin user). This has been corrected.
  • BUGFIX: Cloud Credentials that failed verification could not be deleted. This has been corrected.
  • BUGFIX: Database and Snapshot Uploads progress bar failed on Mozilla-based web browsers. This has been corrected.

Version 1.5

Released June 8, 2017

1.5.6 2018-07-23

  • FEATURE: Timed Access URLs. Admins can create timed and revokable URLs allowing access to specific controllers. “Administer” button on a controller now automatically generates a 15 minute access url if the controller being referenced is 4.5.0 or higher.
  • FEATURE: Extensible API tokens. Admins can now created timed, extensible, and revokable API tokens to specific controllers.
  • OPTIMIZATION: Tree search allows VPC-ID or the IP address of a virtual network or its controllers to be searched for. This will take the “tree” UI to the Virtual Network record which encapsulates the VPC or IP. It does not yet “drill down” to expose the specific subset record.
  • OPTIMIZATION: Added AWS Gov Cloud Support
  • OPTIMIZATION: Configuration snapshot display VERY SLOW. An index was added to the database to resolve the issue.
  • BUGFIX: Database backups and snapshot backups were stored on smallest internal partition. This caused unnecessary space constrains. The backups are now stored appropriately.

1.5.5 2017-12-07

  • BUGFIX: Non-Admin users could access and make changes on the Setting panels. This was improper behavior. Only Admins can make these changes.
  • BUGFIX: Warm HA failed if the recovery instance was NOT stopped. Warm HA allows recovery instance to be stopped, and will be automatically started via referencing its instance id when HA activated. It is acceptable for it to behave similar to a Hot HA with the instance already running.
  • BUGFIX: Timing bugs due to underlying library bug. The library for automated system actions had a bug causing some timed events to fail. This has been corrected.
  • BUGFIX: The “create VNS3 controller” record was not fully populating all of the data received. This has been corrected.

1.5.4 2017-10-10

  • FEATURE REMOVED: Map display removed. Feedback from customers was that the map did not help in understanding deployments and screen real estate better served via Dashboard view.
  • OPTIMIZATION: Re-verify Cloud Credentials when importing database backup. Since the time the database backup was made, cloud credentials stored in the database may have been deleted or revoked. Re-verification upon database import prevents cascading errors due to lack of credentials.
  • OPTIMIZATION: Added ability to sort dashboard events table by event type or timestamp.
  • OPTIMIZATION: Surfaced the Cold and Warm HA activation types via the API (previously UI only)
  • OPTIMIZATION: Better handling of when underlying AWS account gets “API Rate Limit Exceeded” error. The system now backs off and sleeps before retrying.
  • BUGFIX: Disable Src/Dest Checking on Cold HA recovery instances. Cold recovery instances were not having this AWS flag set, required for proper controller function. This has been corrected.
  • BUGFIX: Timing issues when confirming recovery instance has rebooted. This would cause failed activations. This has been corrected.
  • BUGFIX: Internal queuing software for events (snapshots, HA, etc.) was attempting DB access during DB restore. This has been corrected.
  • BUGFIX: Users with Admin role could not see each others data elements. This has been corrected.

1.5.2 2017-09-28

  • OPTIMIZATION: Improved HA activation log messages visible.
  • BUGFIX: Cold HA was not working in multi-subnet configurations in a VPC. This has been corrected.
  • BUGFIX: Improper instance id lookup on some Warm HA activations. This has been corrected.
  • BUGFIX: Warm and Cold HA activation not confirming assets exist. Warm HA was not confirming existence of instance id provided by user, Cold HA was not checking the AMI ID provided by the user. This has been corrected.

1.5.1 2017-09-12

  • FEATURE: IAM role can now be assigned to VNS3ms instance for use as API credentials. The cloud credentials screen now allows choosing “Use IAM Role” for EC2 Credential type. This is only valid for single account usage, as there is not yet an integration to “assume role” capabilities for AWS API.
  • FEATURE: Addition of Cold HA and Warm HA modes. Cold HA will recover a previously launched instance that has been stopped as the recovery instance. Warm HA will launch a new instance from a specified AMI and use ti as the recovery instance.
  • BUGFIX: Improperly trying snapshot retrieval on unlicensed controllers. When a controller is unlicensed, the retrieve snapshot call is invalid. This has been corrected.
  • BUGFIX: Some error responses from controller were being parsed improperly. This has been corrected.
  • BUGFIX: Corrected HA error messages. Some error messages from HA actions were being improperly parsed. This has been corrected.
  • BUGFIX: Cloud Credential records could be saved with no data. This would cause “downstream” errors when blank credentials were referenced. This has been corrected.

1.5.0 2017-06-08

  • Initial support for APIv1.5/APIv2 in VNS3 controllers
  • Remote Support URLs
  • Enhanced VNS3 Controller details page with increased load speed
  • Updated to use the newer API Key/API Token approach for API
  • Added revocation of SSL certificate
  • Allow user to directly modify individual VNS3 controller API keys via UI
  • AWS IAM Role Support for Cloud Credentials

Version 1.4

GA - March 1, 2016 Beta – February 12, 2016

1.4.3 2016-06-02

  • Upgrade underlying VNS3:ms OS to v1.4.3.
  • Updated default sorting for automatic daily VNS3 snapshots.
  • Added HA configuration, sync and activation logging and added high level status and progress displays to the HA page.
  • BUGFIX: HA configuration update on an existing HA configuration now appropriately modifies any settings that changed.

1.4.2 2016-04-18

  • Added HA enabled setting to database backups.
  • Added state and status checking to HA Update process to ensure the HA components are setup correctly during configuration.
  • Bug Fix: Stop old primary action during activation is fixed.

1.4.1 2016-03-15

  • Updated the left column menu navigation tree to allow for larger number of Network Objects. Improved response times by factos for 10 and 100 for ordering and filtering respectively.
  • Bug Fix: database import encoding issues remedied.
  • Bug Fix: LDAP user/group validation test failing and added distinction between SSL and unencrypted LDAP connection setting.

1.4.0 2016-03-01

  • The API has been significantly expanded to include all new features and functions. This includes added functions for user credentials, add/edit/remove functions for all Virtual Networks and Cloud VLAN objects, NTP, LDAP, Messaging, VNS3:ha and reporting.
  • Improvements to LDAP including added support for LDAP grouping, test/validation functionality for each type of data entered on the LDAP screen, and ability for more user types to edit LDAP information.
  • Added safety features around default access credentials that require users to change both the default password and API key before using the appliance.
  • Message client integration (e.g. Slack) to provide message updates to specific lists or channels based on a set of user configurable event.
  • Support for users to upload a custom SSL certificate for secure connections to the VNS3:ms UI and API via https.
  • Addition of the VNS3:ha functionality. VNS3:ha provides an instance-based failover mechanism for VNS3 controllers.

Version 1.3

Released October 8, 2015

1.3.1 2015-10-14

  • Added API functions for creation/deletion/inspection of user credentials
  • Bug Fix: Credentials creation when optional fields exist but aren’t created with null
  • Bug Fix: Stop unnecessary call to an API status function
  • License API detail updates

1.3.0 2015-08-10

  • Added API functions for creation/deletion/inspection of user credentials
  • Bug fix: Fixed bug in credentials creation when optional fields exist but aren’t created with nulls
  • Bug fix: stopping unnecessary call to an API status function
  • Multiple region support for HA
  • Bug fixes to HA support from 1.2.x
  • Require strong API for all users including admin
  • Changed default passwords to use cloud runtime data (e.g. instance id) if available.
  • VPC Route instance ID switchover
  • Bug fix: removal of alphabetical sorting no longer sets sort order to ID
  • Bug fix: new items created by a different user are now included in all displays
  • Fixes to get API redirects working correctly (302 browser bug versus use of 307)
  • Automatic API documentation generation

Version 1.2

Released 8/11/2015

1.2.1 2015-09-17

  • Network object tree alphabetisation option
  • Fix for the default timezone
  • Object ownership is now updated to admin upon deletion of owner which makes the objects still accessible
  • Fixed issue with snapshot timeout errors leaving a blank screen. Now reports error.
  • Filtering out of secure information from the logs
  • Improved error trapping
  • Improved rendering for the VNS3 controller pages, making more use of the API

1.2.0 2015-08-11

  • Improved performance of the Status page with a large number of IPsec tunnels
  • Support for administrator setting for MFA token expiration
  • Cloud VLAN details and most tables are now sortable
  • VNS3 license details are retrieved and stored, updating as necessary
  • Display of controller license details
  • Display of connected client tag if ‘name’ tag exists for client on controller detail page
  • Support for idle user timeout/logout
  • User password expiration
  • Navigation tree scrolling
  • Deletion of snapshots is now handled via AJAX and the API in order to provide better UX
  • Support for multiple snapshot deletion
  • AWS cloud credential account ID is now optional and will be filled in (if possible) on validation of creds
  • Creation of configuration snapshot on VNS3 record creation
  • Improved backup retrieval – support for (a single) snapshot backup file
  • Full API functionality for DB and snapshot backup creation, retrieval, push and restore
  • New scheduled worker for task cleanups
  • Administration system status page
  • Bug Fixes:
  • Fix for validation of cloud credentials due to DNS conflict
  • Minor cosmetic fix to account for discrepancies in values returned from API calls in VNS3 controller 3.5.x
  • Improved scripts for building release AMI

Version 1.1

GA February 23, 2015 Beta – February 6, 2015

1.1 2015-02-23

  • Initial release of version 1.0 API
  • VNS3:ms GUI integration with API to exclusively use API function calls.
  • AWS EC2/VPC support bug fixes for additional regions.
  • VNS3:net snapshot fixes to better handle snapshot storage and rotation (delete or overwrite previous snapshot).
  • Added ability to move components/objects to different parents via the edit function. This allow regrouping of existing objects instead of removing and re-adding.
  • Added log rotation.
  • Added LDAP user information in the VNS3:ms user list and allowed LDAP users to modify locally stored user information like real name, phone number, etc.
  • Updated Copyright and new company name changes.
  • Added the ability to sort the VPC VLAN subnet network objects.
  • Bug fix: Unavailable VNS3 Controller object was not displaying snapshot list.
  • Bug fix: Status of database backup was not being displayed
  • Bug fix: API call was not working for exports for customer. Reverted to using controller-based call – same functionality, alternate path.

Version 1.0

Initial GA Release November 7, 2014 Beta – October 20, 2014 Alpha – September 5, 2014