Release Overview - Unimus 2.6.0
Unimus 2.6.0 is out! This release contains 3 major new features, 20+ minor features and enhancements, support for 19 new device types, and fixes for various bugs and issues. Check out what's new in this article...
A new major feature release - Unimus 2.6.0 was released today! This release contains 3 major new features, 20+ minor features and enhancements, support for 19 new device types, and a healthy dose of bug and security fixes.
This article is an overview of the biggest changes and features in 2.6.0, but if you want to read up on everything that is new, you can find the full Changelog at the bottom of this article.
Device CLI
The biggest feature of 2.6 is a new terminal emulator directly in your Unimus web UI.
This gives you the ability to connect to the CLI of your devices directly from Unimus. The connection to Device CLI works seamlessly with our distributed deploy using Remote Cores, so you can easily connect to CLI of devices in remote networks with just a few clicks.
With this new feature, Unimus (on top of all the other features) also becomes a remote access gateway / jump host to all your device CLIs!
MFA (TOTP) support for Unimus login
Another new feature in 2.6 is support for TOTP-based MFA when logging in to Unimus.
For improved security, you can enable MFA, and it will be required when logging in to Unimus. This will work with all your usual MFA apps (or hardware TOTP MFA tokens).
In 2.6 we are adding support for TOTP-based MFA, but going forward we will be expanding this to support FIDO2-compatible hardware keys and passkeys in the future.
New "My account" screen
With the inclusion of MFA support, we also added a new "My account" screen.
Non-admin accounts (that don't have access to the User management screen) can change their own password here, assuming local auth (not LDAP/Radius) is used. Users can also set up their MFA here.
Database improvements and PostgreSQL v12+
Support for modern PostgreSQL versions is also finally here! We now support Postgre 12 through 17, while still keeping the existing support for 9 through 11.
We have also introduced separation for MariaDB vs. MySQL database drivers. During the Deploy Wizard, you will be able to select the exact version of your SQL database now. This will allow us to introduce flavor-specific optimizations into the DB layer of Unimus going forward.
We also published a full list of officially supported and tested DB versions on our Wiki: Database requirements
20+ minor enhancements and improvements
In addition to the features above, 2.6 also brings a few other minor new features and 20+ enhancements and improvements to existing features. A few of the notable ones are:
- Unified usage of server time (instead of browser local time) for the Backups screen, Diff screen and Config Change notifications
- Improved filtering of dynamic backup data when using Custom Backup Flows. Filters are now applied to outputs of each command, so you don't need to setup Backup Filters manually.
- You can now have multiple backup windows open in "Backups > Show" at the same time. No need to close and reopen windows anymore.
- Added a "Create another step" option in Custom Backup Flows creation for better UX.
- Support for post-login log messages on Lenovo switches, improvements to multi-context ASA handling, improved built-in backup filters.
- And much more...
Device support, bug fixes and security improvements
In 2.6, we are adding support for 19 new device types across 14 different vendors. Our full supported device list is now over 350+ various device types. Check the full Changelog below for the exact additions in 2.6.
As always, we are also fixing bugs, solving issues, and improving security. In this release over 25 issues got fixed, from annoying to trivial. More in the full Changelog below...
Finally, here is the full 2.6.0 Changelog:
= Version 2.6.0 =
Features:
Added native support for MFA / TOTP for login to Unimus
Added support for PostgreSQL v12 and newer (12-17)
Users using local auth can now change their own passwords
Unified usage of server time (instead of browser local time) for the Backups screen, Diff screen and Config Change notifications
Multiple Network Scans when using the Embedded Core are now properly queued and executed in sequence
Added a "Copy key" button to copy a Zone Access Key to clipboard
Improved filtering of dynamic backup data in Custom Backup Flows, filters are now applied to outputs of each command
Added separation between MySQL and MariaDB drivers in Wizard and config, and optimization for each
Export windows will now automatically close after a successful export (Backup export, Config Search export, etc.)
Configured context size for Config Search is also applied to Config Search Export
You can now have multiple backup windows open in "Backups > Show" at the same time
Added a "Create another step" option in Custom Backup Flows creation for better UX
Improved handling of object ownership changes across the entire application
Various minor UI / UX improvements and tweaks
Added support for post-login log messages on Lenovo switches
Added handling for multi-context Cisco ASA, if unable to switch to system context, just backup a single context instead of failing
Improved log messages on failed device logins for easier visibility into failed jobs
Improved device authentication algorithm when using SSH
Improved sorting for random ordering of dynamic rules on Palo Alto PanOS when managed by Panorama
Improved handling of failed mode switches in the Discovery algorithm
Improved handling of password change requests during device logins (Unimus will detect this, cancel login, and show proper error)
Added builtin support for the "Power Off the system ? [yes,no]" prompt (JunOS) in Config Push
Added builtin support for the "Are you sure you want to continue connecting?" prompt in Config Push
Improved builtin backup filters for Ericsson IPOS
Improved builtin backup filters for IOS XR
Added a new "My account" section:
- users can change their own password if not using external auth
- users can enable / manage MFA for their account
- more per-account settings to be added to this screen soon
- more info: https://wiki.unimus.net/display/UNPUB/User+accounts
Added a new "Device CLI" feature:
- you can now open a CLI session to your device directly in Unimus
- this is a full web-based terminal emulator, making Unimus into a remote access gateway to all your devices
- this can be disabled if desired: https://wiki.unimus.net/display/UNPUB/Disabling+specific+Unimus+features
- full documentation: https://wiki.unimus.net/display/UNPUB/Device+CLI
Added support for:
- ArubaOS-CX Virtual
- Broadcom Trident / Trident2 based devices
- Cisco Catalyst 1300 series
- Cisco IOS XRv / vIOS XR
- Edgewater EdgeMarc
- Fiberstore (FS.com) AC Wireless Controller
- Fiberstore (FS.com) S3250
- Fiberstore (FS.com) Wireless Switch
- FreeWave radios (based on 900 series)
- LDA Tech (LDAtech) MUX
- Nokia WaveLite (based on Metro 200)
- OcNOS-SP
- OcNOS VM
- Ribbon EdgeMarc
- Supermicro SMIS modules and switches
- Supermicro GEM (MBM-GEM, SMB-GEM) switches
- Supermicro XEM (MBM-XEM, SMB-XEM) switches
- Supermicro SSE switches
- Telrad BreezeCompact (based on 1000e)
- Versa SDWAN (VOS)
- Wi-Tek (WiTek) switches
Fixes:
Fixed notifications not working with private Slack channels
Fixed issues where different time (browser vs. local) would be used for the Backup timeline vs. Diffs and Config Change notifications
Fixed issue that could cause NMS Sync Rule Group IDs to be deleted when migrating from 2.5.0 to 2.5.1 (no other migration paths were affected)
Fixed device presence in Zone in Network Scan would always be compared to the Default Zone, instead of the Zone selected in the Scan
Fixed devices with "Planned" status being imported as Managed from Netbox / Nautobot
Fixed a possible issue with migration of NMS Sync rules introduced in 2.5.1
Fixed wrong examples in APIv3 documentation for a few endpoints
Fixed built-in dynamic data backup filters would not be properly applied to outputs of Custom Backup Flows in some cases
Fixed devices would take extremely long to delete if deleted during an ongoing job
Fixed stopping a running Network Scan could take a very long time
Fixed multiple Network Scans using the Embedded Core would not work properly
Fixed Ownership updates not being propagated between concurrent users (live updates were missing)
Fixed "Schedules > Show scheduled tasks" not being updated correctly on changes (live updates were missing)
Fixed issues when trying to download an export of Config Search multiple times
Fixed issue where Config Search export configuration could be ignored, and defaults were used
Fixed config change notifications even when nothing changed on PA PanOS when managed by Panorama
Fixed an issue when trying to sort by "Present in Zone" in Network Scan
Fixed multiple small UI / UX issues, inconsistencies, element misalignments, etc.
Fixed backups on Palo Alto devices could sometimes be empty, or only contain the backup command echo
Fixed discovery failing on newer versions of ArubaOS-CX
Fixed jobs failing on specific versions of IOS XR
Fixed parts of device output missing in Config Push results in very rare cases
Fixed HP(E) ProCurve / ProVision / ArubaOS failing discovery in specific cases
Fixed Juniper JunOS devices could fail discovery in specific cases
Fixed backups could fail on Ericsson SSR / IPOS in certain multi-context configurations
Fixed backups could fail on Adva XG devices with specific firmware versions
Fixed discovery failing on Quanta running on Broadcom Trident2
Fixed Config Push could fail on Palo Alto devices in some cases
Security fixes:
Fixed a rare case when switching a user to a restricted Role (like Read Only) would only be applied after the user logged out
Fixed an already opened Device Info window would not be closed if user lost access to the device
Fixed Operator-level users seeing the instance license key in Other settings
Fixed users which did not have access to all devices in Zone being able to download all Zone logs
Embedded Core version:
2.6.0