Release Overview - Unimus 2.5.0
Release Overview

Release Overview - Unimus 2.5.0

Unimus 2.5.0 is out! This is a major release with many new features and improvements. In this article we review what's new - from new functionality to support for new devices, fixes for various bugs and issues, and security improvements.

Tomas Kirnak

9 min read

A new major feature Unimus release - 2.5.0 is finally here! This is a large release with lots of new features, enhancements, new device support, and a healthy dose of bug and security fixes.

This article is an overview of the biggest changes and features in 2.5.0, but you can also find the full Changelog at the bottom of this article.

Custom Backup Flows

One of the biggest features in 2.5 is the ability to create Custom Backup Flows. These Flows will allow you to specify your own sequences of commands to be executed during backup jobs on devices.

If you want to do backups on a device differently from our built-in flow (for example, add outputs of a few commands to be a part of the backup), up until now you didn't have a way to. Custom Backup Flows allow you to create your own backup procedures, so if you want to do a backup differently than our built-in flow, you now can.

You can find more info on Custom Backup flows, with more details and examples in this article on the Blog, or on our Wiki.

New Object Access Policies and improvements to user management

2.5 also brings a lot of improvements and changes to User Management and introduces new Object Access Policies.

Object Access policies replace Device Access rules (which existed before 2.5), and offer much better flexibility to define exact object access rules you need.

Together with new features like the Ownership system improvement and User provisioning (more on this below), the User Management system in Unimus receives a nice boost in 2.5.

For full info on what is new and what has checked, please check our Improvements to user management, provisioning and access policies in Unimus 2.5 on the Blog.

User provisioning (automatic new user creation)

Like we mentioned above, we have added an option to automatically create new users in Unimus when they successfully authenticate against an external AAA system for the first time. This allows for automatic user provisioning in Unimus.

After enabling this function, new users you create in LDAP / Radius can now login to Unimus without any manual user creation.

Ownership for Tags and Zones

We have extended the Ownership system to include Tags and Zones. We also added an option to show all objects owned by a particular user in the User Management screen.

These changes improve the overall access and security model in Unimus, and solve a few edge-cases where users could create new objects and immediately lose access to them due to access restrictions.

NetBox support in NMS Sync

Due to popular demand from the community (you!), we have added support for NetBox in NMS Sync.

Together with improvements to NMS Sync we introduced in 2.4, you can now sync your NetBox inventory to Unimus, sync object state and use NetBox as the source of truth for Unimus.

Tons of minor features and improvements

On top of the major features mentioned above, this release also contains over 20 minor features and improvements.

A few notable changes:

  • Added option to create a new Credential directly in the Credential Binding window
  • Tags can now be edited (you can change the Name or Owner)
  • Added additional "Used by..." columns to the Tags table showing usage of Tags across Unimus
  • Added a link to open the last failed job details to the "Device > Info" window
  • Added an option to not show Unmanaged devices in results of Config Search
  • Added an icon for credentials in High Security Mode to all relevant tables
  • Added an option to specify your own Pushover API Key in Pushover settings
  • Added an option to select the color scheme of diffs sent by notifications
  • etc.

As always, we are also expanding the list of devices supported by Unimus. In this release, we added support for 12 new device types. Check the Changelog below for full info!

Bug fixes and security improvements

As always, we are also fixing bugs, solving issues, and improving security. In this release, we fixed 20+ bugs - from minor annoying issues all the way to jobs failing on various device types.

We have also focused quite a bit of attention on security. We have tightened the access restrictions for non-admin roles, but also fixed 10+ various security-related issues.

Please see the Changelog below for full info.

Finally, here is the full 2.5.0 Changelog:

= Version 2.5.0 =
Features:
  Device Tags have been renamed to just Tags, since they can be used on many more objects than just Devices now
  Tags can now be edited, allowing for change of Name or Owner (more on Ownership later)
  Changed default job concurrency (max number of parallel jobs) to 50
  When deleting a Zone, you can now choose to move devices to any other Zone you have access to before deleting the Zone
  Added an option to create a new Credential directly in the Credential Binding window
  Updated NetXMS client library to latest version (5.0.3)
  Added a Zone ID column to "Backups > Devices" table
  Added a link to open the last failed job details to the "Device > Info" window
  Added a notification banner to "Backup Filters" when user doesn't see all filters due to Access Policy restrictions
  Added a notification banner when trying to edit a Backup Filter when you don't have access to all devices covered by that filter
  Added a better message when a user with the "None" role attempts to log in
  Added additional "Used by..." columns to the Tags table showing usage of Tags across Unimus
  Added an option to not show Unmanaged devices in results of Config Search
  Added an icon for credentials in High Security Mode to all relevant tables
  Added an option to specify your own Pushover API Key in Pushover settings
  Added an option to select the color scheme of diffs sent by notifications
  Added a help popup to "Notifications > Show FQDN"
  Fixed various small UI / UX issues and UI element misalignment and sizing issues
  Changed Cisco ASA multi-context driver to only attempt backing up contexts when switching to the "system" context is possible
  Added support for offer prompts when a device offers multiple corrective options for invalid commands
  Improved handling of Nokia SROS / TimOS devices, fixing multiple issues in the process
  Improved support for Raisecom RAX / ISCOM devices (more device types now supported)

  Added new "Custom Backup Flows" feature:
    - you can now create presets that specify what commands are sent to Devices during Backup
    - you can also specify pre-backup commands, post-backup commands, and what is consumed as the backup content
    - if a Custom Flow exists for a Device, it will be used instead of the built-in flow in the Device Driver
    - you can target devices by Tag, Vendor, Type, etc.
    - more info at: https://blog.unimus.net/custom-backup-flows-in-unimus-2-5/

  Added support for NetBox in NMS Sync:
    - you can now sync your NetBox inventory into Unimus
    - import filtering based on "role", "tag", "location" and "field" (Custom Fields) is available
    - the "status" field in NetBox is used to set the Managed flag in Unimus
    - more info at: https://wiki.unimus.net/display/UNPUB/NetBox+importer

  Prefixes for filters in NMS Sync were replaced by a key-value system
    - until this release, entries in Sync Rules needed prefixes, with each prefix meaning something different
    - this was inconsistent across different Sync Connectors, and also quite confusing (you had to read docs every time on what prefix does what)
    - we replaced prefixes with a Key=Value system (for example "id=123", "group=routers", etc.)
    - existing Sync Rule configuration will be automatically migrated to the new system

  Device Access was reworked into Object Access Policies:
    - you can now create complex Object Access policies which specify where a user should have access to
    - Object Access Policies can then be assigned to users to limit object access across Unimus
    - existing Device Access rules will be migrated to new Object Access Policies automatically
    - more info at: https://blog.unimus.net/user-management-provisioning-and-access-policies-in-unimus-2-5/

  Added an option to create user accounts for users successfully authenticated by an external auth system:
    - this allows provisioning of users on first successful login to Unimus when using Radius / LDAP auth
    - using this system, you no longer need to create user accounts in Unimus for external AAA users before they can log in
    - both Role and Object Access Policy for automatically created accounts are configurable
    - more info at: https://blog.unimus.net/user-management-provisioning-and-access-policies-in-unimus-2-5/

  Object Ownership system has been extended to Tags and Zones:
    - Tags and Zones now have an "Owner" attribute, same as Devices
    - access to these objects can now be gained by being their Owner, separately from Object Access Policies
    - ownership has precedent over Object Access Policies - owners always have access to objects owned by them

  You can now see all Objects owned by a User in User Management:
    - new "Show object ownership" button was added in User management
    - this will show all Objects, as well as their types owned by this User
    - you can also remove ownership of Objects from this User in this window

  Improvements to APIv2 / APIv3:
    - added the zoneId attribute to all Devices and Diff APIv2 endpoints
    - added the zoneId attribute to multiple response objects in APIv3 where it was missing

  Added support for:
    - Cisco IOL (IOS on Linux) switches
    - Cisco IOL (IOS on Linux) routers
    - CheckPoint Gaia running on bare metal
    - CheckPoint TE series
    - CheckPoint QLS (Quantum Light Speed)
    - iS5 IMX devices
    - iS5 iES devices
    - Netonix WS3 switches
    - Racom RAy
    - Raisecom REAP OS devices
    - Ruckus vSZ-H
    - SONiC OS

Fixes:
  Fixed Config Change notifications would not apply Backup Filters in the notification diff when a new changepoint was generated
  Fixed importing valid .csv files with formatting errors could result in a stuck Import job
  Fixed "Export Diff" ignored the "Only changed lines" checkbox, and always sent only changes
  Fixed selection model breaking in the Credentials table after editing a Credential
  Fixed issues when changing large amount of objects (2000+) in a single operation when using MSSQL
  Fixed multiple other object manipulation failures when using MSSQL (Device Zone change, etc.)
  Fixed selected Zone disappearing from the Zone selection dropdown in "Basic import" after a successful import
  Fixed config change notifications even when nothing changed on PA PanOS when managed by Panorama
  Fixed issue in API with Zones which had a NetXMS Agent selected as their Connection method
  Fixed Mass Config Push > Advanced Settings allowed setting an empty value for Override Timeouts
  Fixed live updates there were missing in multiple screens, tables, and "used by" counters
  Fixed many various minor UI and UX issues and inconsistencies
  Fixed wrong / extraneous logging during the database upgrade stage when updating
  Fixed OPNSense jobs failing when device presented a menu after switching to root
  Fixed discovery failing on Ericsson SGSN in specific cases
  Fixed multi-context backup failing on Ericsson IPOS in specific cases
  Fixed a few specific Cisco router models being identified as switches
  Fixed backup failing on Cisco routers that were incorrectly identified as switches
  Fixed discovery could fail on Nokia SROS / TimOS devices on specific version
  Fixed backup and Config Push could fail on Nokia SROS / TimOS devices on specific version
  Fixed backup and Config Push could on specific version of NetElastic vBGN
  Fixed Cisco ASA backup failing when logging into a context without the ability to switch into the "system" context
  Fixed more cases when jobs could fail on Checkpoint Gaia devices

Security fixes:
  Only Administrator-level users can now change Notification settings
  Only Administrator-level users can now change Retention settings
  Only Administrator-level users can now change Advanced System Settings
  NMS Sync Presets where "Device Action policy" is set to "Move from All Zones" are now read-only for Users who do not have access to all Zones
  Users who do not have access to all Zones can not select the "Move from All Zones" in "Device Action policy" when creating a new NMS Sync Preset
  Users will not see an NMS Sync Rule if they don't have access to the Zone selected for that Rule
  For Presets using Tags (Config Push, Backup Filters, etc.), only Users with access to all Devices under that Tag can manage the Preset
  Users can no longer edit Credentials that are used on Devices they don't have access to
  Users can no longer edit CLI Mode Change Passwords used on Devices they don't have access to
  If a User doesn't have access to all Devices in Unimus, they can no longer change the Default Schedule
  Users can no longer delete a Schedule if they don't have access to all Devices that use that Schedule
  Fixed cases where Users could see Backup Filters even for Devices they did not have access to
  Fixed Users could still see and modify Targets in Config Push if Object ownership was modified concurrently

Embedded Core version:
  2.5.0
←→