Release Overview - Unimus 2.3.0
2.3.0 is the latest major Unimus release. With 120+ lines in the Changelog, many new major features, minor features and stability improvements are present. Read on to find out more...
2.3.0 is the latest major Unimus release. With 120+ lines in the Changelog, this article hopes to provide a short overview of the major features and other new additions in this release.
The full Changelog is also present at the bottom of this article - if you would like to see everything that this release contains.
LDAP authentication support
The most expected feature in this release is support for native LDAP authentication. LDAP has been requested by many users from the community and we are happy to report it's now here!
The LDAP connector was designed to be fully configurable and to support both OpenLDAP and Microsoft Active Directory. Examples on how to configure both are available on our Wiki. Please check the full documentation on our Wiki for more info.
MS SQL database support
Another often requested feature implemented in this release is support for using a Microsoft SQL Server database. During the Deploy Wizard, you can now select MSSQL as your database. After you finish the Wizard, everything should work as expected.
Support for MSSQL brings the total database support in Unimus up to 5 different DB engines (HSQL, MySQL, MariaDB, PostgreSQL and MSSQL). We hope this offers enough flexibility to deploy Unimus in just about any environment.
"Offline Mode" (support for air-gapped networks)
Last year, we announced that we will be bringing support for Offline Mode to Unimus. Until today, Unimus required a check with our Licensing Server to function. Starting with 2.3.0, full air-gapped deployment of Unimus is possible.
With Offline Mode, Unimus can now be deployed in highly-secured environments where complete outside connectivity blocking is required.
Please note the Offline Mode is only available to customers with the Unlimited License (more info here). If you are interested in using Offline Mode, just contact our Support.
Config Search Export and Send functions
Results of Config Search can now be exported! This is very useful when you need to present a report for a security audit, to management, or use the search results for processing in a different system.
The export format, as well as the contents are fully configurable. You can export the search results in a nice looking HTML document with full search information, or only export the search results themselves in YAML for further machine processing.
We hope this feature makes your reporting duties a bit easier :)
Other minor new features
On top of the major features shown above, there are many other minor features, improvements, and UI / UX updates. As with every release, we also added support for many new devices types. This time around, drivers for 28 new device types were added.
For the full list of new features (and supported devices), please see the Changelog below.
Bug fixes and security fixes
As with every release, a sizable list of fixes for various bugs and issues is present. One of the things of note are the fixes for many edge-cases where jobs (Discovery / Backups / Push) could fail on various older networking devices.
There are also a few security issues fixed in this release. In particular, our MySQL DB driver library was updated due to multiple fixed vulnerabilities reported in its older versions.
Finally, here is the full Changelog for 2.3.0. As this is a major release, the Changelog is quite long. But if you want to see all the changes in this release, please read on:
= Version 2.3.0 = Features: Added device UUIDs in APIv2 (all "/devices" endpoints) The "Default" Zone will now be marked as "Default" when renamed Added support for recognizing Observium devices IDs in Observium NMS Sync Improved built-in backup filters for Siklu devices Incremental performance improvements across many parts of the system Added support for acknowledging login prompts in keyboard-interactive mode during SSH login Added retrieval of backup from Fiberhome devices in configure mode if not available in enable mode Improved device CLI mode switching and mode detection during discovery Added support for prompt format changing when switching contexts on Cisco ASA (multi-context) Added support for Configure Mode on Sonicwall NSA Added handling which improves backup formatting on Cambium cnMatrix switches (removes double lining) Added "Offline Mode" (support for air-gapped networks): - Unimus can be now switched to full offline mode, which removes the necessity to contact our Licensing Server - Offline Mode licenses are only available to users with an Unlimited License subscription - please contact us to request an Offline Mode license Added support for LDAP authentication: - LDAP can now be used as an external authentication provider - full support for configuring custom user search DN and specifying username LDAP attributes - tested on both OpenLDAP as well as Microsoft Active Directory - full documentation: https://wiki.unimus.net/display/UNPUB/LDAP+Auth Added support for MS SQL: - we have added support for Microsoft SQL Server as an officially supported DB engine - the Deploy Wizard will allow you to select MSSQL during deployment - to migrate to MSSQL, you will need to setup a new Unimus deploy, data migration is currently not supported Added Config Search Export and Send functionality: - you can now export (download) or directly send Config Search results - support for exporting in both HTML and YAML format - configurable export formatting (header, search criteria, etc.) or just results Added options to specify which SSH cryptography options Unimus supports: - in some environments, it may be desired to disable support for weaker SSH crypto - full documentation: https://wiki.unimus.net/display/UNPUB/Supported+SSH+cryptography Added support for: - Accedian AMO series - ADVA LX series console servers - Arris C4 series chassis - BDCOM OLTs - Additional Brocade NOS device models - CheckPoint Gaia devices - CheckPoint Security Gateway - CheckPoint Security Management Server - CheckPoint SMB Gateway - CheckPoint VSX - Additional Ciena SAOS device models - Dasan OLTs - Entrasys switches (A4 / B2 series) - Extreme Wing APs in cluster mode / virtual controller mode - Extreme WLC - Fortinet FortiAuthenticator - Metaswitch Perimeta SBCs - NetApp switches - Nokia OLTs (FX-8) - MRV LX series console servers - Opengear Infrastructure Manager devices - Opengear Resilience Gateway (ACM) - Pulse Secure Virtual Traffic Manager - Ribbon (ECI) Apollo - Securepoint UTM - SNR (NAG) Switches - YunKe switches - Zyxel GS19xx series switches - Zyxel ATP Fixes: Fixed backup retention would not work on specific MySQL Server versions Fixed Inverted Config Search would not work on specific PostgreSQL versions Fixed diff visualization would incorrectly show new empty lines when large delete sections were followed by a new addition Fixed first failed job on a newly added device would not set its Last Job Status to failed Fixed disabled retention jobs would still show up in "Schedules > Show scheduled jobs" window Fixed API v2 get backups by device id and latest backups by device id not working Fixed API (of the local instance) denying all requests when connection to Licensing Server was down Fixed API v3 Push Jobs search not working on PostgreSQL Fixed possible deletion attempt on an already deleted object comment which would result in errors Fixed Per-Tag Connector config updates not being propagated between concurrent users (live updates were missing) Fixed "Schedules" table updates not being propagated between concurrent users (live updates were missing) Fixed "Config Search > Show all lines" does not work if Context lines is set to a negative value Fixed moving devices between Zones would not trigger needed rediscovery in specific cases Fixed moving devices between Zones would trigger unneeded rediscovery in specific cases Fixed incorrect "Currently running Scans" count if a Network Scan preset was deleted while it was running Fixed "Devices > Last Job Status" could be incorrect if running a job with all Connectors disabled Fixed multiple minor UI / UX issues and UI element state and alignment issues Fixed SSH connections failing to PanOS devices when login acknowledgement prompts were enabled Fixed backup not working on specific Fiberhome devices Fixed backup and Config Push could fail on some Positron GAM devices Fixed backup not working on Cisco FXOS devices in cluster mode Fixed Cisco SX devices could contain backup command echo as part of the backup Fixed Exablaze Fusion devices could contain backup command echo as part of the backup Fixed discovery failing on specific Aruba ArubaOS / HP(E) ProCurve devices Fixed discovery failing on specific Brocade NOS devices Fixed discovery failing on specific Ciena SAOS devices Fixed discovery failing on DCN devices with newer firmwares (after rebranding to YunKe) Fixed discovery failing on netElastic vBNG Fixed discovery failing on Dell OS10 switches if they output a Bell before the prompt Fixed discovery failing on Extreme VX devices (VX9000) Fixed discovery failing on Opengear devices when using the "root" user Fixed discovery failing on newer versions of OPNsense Fixed discovery failing on Fiberstore S5850 (and related devices) with newer firmwares Fixed discovery failing on specific Nokia / Vecima OLT devices Fixed discovery failing on multi-context Cisco ASA with different prompt in different contexts Fixed discovery could fail on devices which use pagination in very specific cases Fixed discovery not falling back to Telnet after IO errors occurred on the SSH connection Fixed SSH connections failing to servers which did not support higher MAC segment size: - affected devices usually had very old firmwares with weak SSH MAC support - example of affected devices: Dell PowerConnect 55xx, some versions of Cisco SF/SG switches, etc. Security fixes: Updated MySQL Connector due to multiple published vulnerabilities in older versions Fixed currently opened "Devices > Tags" window still working if user lost access to the device Fixed currently opened "Devices > Comments" window still working if user lost access to the device Users which did not have full access to a Config Push preset could still delete the preset in its context menu Embedded Core version: 2.3.0 Known issues: ISSUE: "Re-discover affected devices when Ports or Connectors change" Advanced Settings option does not work WORKAROUND: none STATUS: issue scheduled for fixing ISSUE: Some screens in Unimus show time in server's time zone, others in client's (browser's) time zone WORKAROUND: none, issue only relevant if client has different time zone than server STATUS: we are debating on how to fix this - will likely create a setting to select which TZ should be used