Changelogs

Objective

This document covers:

  • New features or functionalities
  • Enhancements to existing features or functionalities
  • Open issues or known issues
  • Fixed issues

November 25, 2020

New Features
Volterra Node/Site Management
Enhanced HA on SLI

Node mastership is now based on all configured VIPs across Site Local Outside (SLO) and Site Local Inside (SLI) interfaces.

Local UI Enhancements

Introduced status and tooling enhancements to the local UI dashboard of Volterra site.

VoltMesh
Automatic API Schema Generation

Introduced per API endpoint Swagger API schema documentation generation. This can be found under App Namespace -> Mesh -> Service Mesh -> API Endpoints -> Endpoints Details -> Swagger.

Active Service Policies for HTTP Load Balancers

Introduced the ability to define active service policies for a specific HTTP Load Balancer. You can choose one of the following service policy options for the load balancer:

  • Set a default service policy
  • Apply active service policies
  • Disable the active service policy
IP Prefix & Prefix List Options for Forward Proxy Policy

Introduced ability to match destinations based on IP prefix and IP prefix lists under the custom rule list of the forward proxy policy.

BGP ASN and GeoIP Support for Forward Proxy Policy

Introduced ability to create a forward proxy policty matching on a specific BGP AS, ASN list, and GeoIP labels.

Forward Proxy Support for Global Networks

Introduced support for configuring forward proxy in the network connector when connecting Site Local Inside (SLI) to Global Network Type VNs.

VoltStack
Enhanced vK8s Workload Dashboard

Enhancements are added to the vK8s workload dashboard under App Namespace -> Applications -> Virtual K8s -> Workloads.

VoltConsole
Flow Table Under Site Management

Introduced the ability for the user to view existing flows per node.

Sidebar Navigation Enhancements

Several enhancements are added to the UX of the sidebar in VoltConsole.

Tooling
Beta Release of Public Terraform Provider

Introduced beta support for Volterra's public terraform provider. See Volterra Terraform Provider for more information.

Changes to Default Behavior
Change to Packaging and Management Providers

In case of a Volterra CE site behind a firewall that is performing URL filtering, ensure that you update it with the latest domains listed in the Network Cloud Reference page.


November 5, 2020

New Features
Volterra Node/Site Management
Upgrade Guided Sites (AWS VPC/TGW, Azure & GCP) directly from Site List

Introduced support for users to directly upgrade site deployments via Site Management for AWS/Azure/GCP/TGW sites and also from the Site List page for sites.

GCP and Azure support for VoltStack Cluster Deployment Option

Enhanced the Site Management page for Azure VNET & GCP VPC to support a 3rd deployment option called VoltStack Cluster (One Interface).

Site Health Calculation Enhancements

Enhanced health score calculation to take Site Admin state into account.

VoltMesh
TLS interception support for HTTP Connect & DRP

Introduced support for TLS interception when configuring an HTTP Connect or DRP (Dynamic Reverse Proxy) virtual vost.

Descriptions for Policy Rules

Introduced logging of the description field for the configured policy in the hit logs. The policies include service oolicy, forward proxy policy (simple and custom rule set), network policy, and secret policy.

AWS TGW - East - West Forward Proxy Support

When provisioning an AWS TGW Site, East-West traffic now supports forward proxy policies by default.

VoltStack
vK8s Workload & Jobs View Enhancements

Enhanced the vK8s workload & Pods table view to include deployment name, running pods, total pods, total sites, sites with error, sites without pods, virtual site, upgrade, and actions.

vK8s Virtual Site Descriptions

During vK8s virtual site selection, the selection table now shows descriptions for the virtual sites (system or user created).

VoltConsole
Site Security Dashboard

Introduced the beta version of the site security dashboard. This view provides tenant and site level firewall events and logs. This is available at Sites -> Site Security.

API Endpoint Enhancements & Fixes

Enhanced UX and navigation of endpoint details in the API Endpoint page.

Notification Dashboard Enhancements

Enhanced Alerts and Audit Logs pages under Notifications section.

Revoking API Certificates and Kubeconfig

Support for revoking API certificates and Kubeconfigs is introduced. In case of API certificates and Kubeconfigs created prior to this release, you might receive the Client certificate is invalid or revoked response for API requests. In such case, create new certificates and download for use.

Volterra Hardware
ISV 8000 Series GA

The Industrial Server (ISV) 8000 is now Generally Available. The Volterra Industrial Server is a series of ruggedized edge computing devices providing hyper-converged compute, GPU, storage and networking. They are easy to deploy and operate systems capable of running learning, inference, containerized or legacy (VM) workloads—from manufacturing plants to retail stores and small branch offices. Volterra Industrial Servers combine the capabilities of hyper-converged infrastructure (HCI) with a GPU for machine learning and robust connectivity (4G LTE/GPS/Wi-Fi/Bluetooth) in a single ruggedized device designed to meet the rigorous demands of edge and industrial environments. You can learn more about the Volterra Industrial Server from the data sheet here and the User Manual here.

Changes to Default Behavior

The System -> Security -> Advanced page is deprecated.


October 14, 2020

New Features
Volterra Node/Site Management
Enhanced Remote Tooling (show service status)

The user can now query service specific status on a Per Node basis from VoltConsole. System -> Site -> Tools -> Show services status

Default Fleet

During CE setup the user can now configure a default ves.io/fleet type. This is helpful in scenarios where CEs required a basic working configuration on CE registration (i.e., Local breakout).

AWS TGW Site

VoltConsole now supports the deployment of Volterra Sites and management of AWS TGW's. System -> Site Management -> AWS TGW Site.

GCP VPC Site

VoltConsole now supports the deployment and management of Volterra Sites in GCP. System -> Site Management -> GCP VPC Site.

Site Wizard Improvements

The Site Wizard Page has been improved for better UX, readability and error/status reporting.

VoltMesh
DDoS forensics and analysis

DDoS forensics and analysis for Load Balancers and Site (Forward Proxy) Enhanced ability to perform forensics and analysis of configured HTTP & TCP Load Balancers and per Site Forward Proxy.

Enhanced Alerting of DoS/DDoS

Using Time Series Analysis (TSA) of the Request Rate, Response Throughput, Latency and Error Rate anomalous enhanced DoS/DDoS alerting has been enabled.

HTTP/HTTPS on additional ports

This release has added additional HTTP & HTTPS ports to be advertised on Volterra's REs (Public Network). Supported HTTP ports are 80 8080 8880 2052 2082 2086 2095 25565. Supported HTTPS ports are 443 2053 2083 2087 2096 8443 25565.

Forward Proxy in Denied Rules Hit

Site Dashboard Denied Rules Tile now includes Forward Proxy. The site dashboard Denied Rules tile now includes Forward Proxy as an option, in addition to Service & Network Policy.

VoltStack
VoltStack DC Cluster

Guided Configuration for Volterra DC Cluster - This feature brings in vK8s application deployment workflow to ease deploying applications on Volterra platform. The interface given caters to the developers, provides application level interface and hides some of the underlying infrastructure related tasks.

Storage

Storage Device Support - This feature brings support for Dell EMC Isilon F800 & HPE Nimbus Storage AF40, this is configured in the Fleet object under Storage Configuration.

Simplified Workload Deployments on vk8s

Simplified Workload Deployments on vk8s - This feature brings in vk8s application deployment workflow to ease deploying applications on Volterra platform. The interface given caters to the developers, provides application level interface and hides some of the underlying infrastructure related tasks.

Volterra Hardware

NVIDIA GPU support on ISV 8000 Series - Updated the ISV Certified Hardware Profiles to download to support NVIDIA GPUs.

VoltConsole
New User Type: Debug User

There is a new user type called "Debug User". This allowed the tenant admin to provide the Volterra Support team access to the tenant to enhance troubleshooting.

New Alert Receivers (SMS/Email)

Email and SMS are supported receivers under Alert Management.

Enhanced Connection Log Views

The connection log page has been enhanced to render the data in a more user friendly format.

Upcoming Changes to Default Behavior

In the planned November release, the System -> Security -> Advanced will be deprecated.

Caveats

In case of node hardware, the USB device whitelisting is enabled by default. Connecting a new device after registration of the node does not work.

Note: You can see the USB devices by navigating to your site dashboard via Sites -> Site List path. Open the Nodes tab and click on a node to open its dashboard view. Click Hardware Information tab to see the USB devices list.


September 24, 2020

New Features
Volterra Node/Site Management
Per Node Tooling from Site Dashboard

The site dashboard in VoltConsole allows additional troubleshooting and status commands to be executed remotely.

Fleet Configuration Enhancements

Fleet Configuration and related objects (Network Interface, Virtual Networks, Network Connectors, Network Firewall, Network and Forward Policies) can be initially configured during Fleet creation. This is configured under System -> Site Management -> Fleets.

For information on fleet configuration, see Create Fleet.

VoltMesh
Fast ACL Configuration Enhancements

Guided form is introduced to enable easier configuration of fast ACLs. See Fast ACLs for configuration instructions.

Hub Group Only Mesh

For smaller deployments, it is desired to configure site-to-site mesh groups without a hub & spoke model. This release introduces the ability to configure a mesh with a hub group only.

HTTP Connect & Dynamic Reverse Proxy Wizard

Guided forms are introduced to enable easier configuration of HTTP Connect & Dynamic Reverse Proxy under the <Namespace> -> Manage -> Load Balancer.

VoltStack
vK8s Dashboard

The vK8s dashboard is updated for a better UX experience and end-to-end view of pods deployments, statistics, and health.

Volterra Hardware
IGW 5000 Series

GA Support for Volterra's Industrial Gateway 5008 & 5508 series is introduced.

VoltConsole
Site List & Connectivity Enhancements

Updates are made to the default System -> Sites -> Site List page to provide clear views of per site data. Connectivity topologies are now arranged based on site longitude/latitude and no longer based on alphabetical order.

App Traffic Enhancements in App Namespaces

Optimizations are delivered to the app traffic graphs views under <Namespace> -> Sites -> App Traffic.

General Tab Updates

Updates are introduced to the General tab and layout for simplified UX for Billing, Support, IAM, and Personal Management.

Tenant Settings

A new section called Tenant Settings is added. The tenant settings section provides an overview of tenant information such as tenant ID, domain and company name. System wide IAM credentials can be configured here.

Billing Enhancements

Updates are introduced to billing reports, usage details, and billing settings. These include options to request changes to existing plans and viewing existing tenant wide quotas.

Support

Updates to the escalation processes are added to team and organizational plans.

Changes to Default Behavior

The default time interval for App Firewall Dashboard is changed to 12hrs from 5 minutes.

Caveats
  • Performing reboot of active master node of a multi-node site from the VoltConsole requires you to wait till the reboot is completed before attempting the reboot of other nodes.

August 13, 2020

New Features Volterra Node/Site Management
Site Deployment Wizards In this release, we've introduced a simplified Site Deployment Wizard. Initial Cloud Providers include AWS and Azure.
Site Local UI and Volterra CLI Enhancements

Introduction of Site Local UI Dashboard at https://<volterranode-ip>:65500. Various debugging enhancements to Volterra Admin CLI are added.

Volterra CLI for Cloud Instances Cloud instances for Volterra Node now support the Volterra CLI for enhancement debugging. Users can access it using the ssh key used when used in the deployment of the Cloud instance.
Enhanced Site Monitoring This feature enhanced existing site monitoring pages in the Site Dashboard. Enhancements included per node health, metrics (CPU/Memory), DHCP Server (Client Leases, Hostnames, IPs, etc.), Per Interface metrics, etc.
Multi-Node Master Node Replacement Support

Support for replacing a master node in a multi-node cluster configuration. Details can be found here.

VoltMesh - Virtual Hosts - Load Balancers

Default Pages Error Pages for JS Challenge, Captcha and Errors Added default pages for all VIPs configured using an HTTP Load Balancer or advanced Virtual Host configurations.

VoltMesh - Delegated Domains

Delegated Domain - Enhancements We now support native integration with LetsEncrypt for those customers who don't want to BYOC and want a secure app experience, this is available as part of the Virtual Host -> HTTP Load Balancer configuration. Provided enhancements in the Domains Verification setup and post-verification displays.
Delegated Domain - DNSSEC

We now support DNSSEC for Delegated Domains. More information here.

VoltStack - vK8s

vK8s Auditability This enables the ability to get audit logs for Create/Update operations on k8s objects (for e.g deployment, service, etc.) in vk8s.

VoltConsole

UI/UX Enhancements VoltConsole sidebar and overall navigation has been augmented to enhance the UX and to simply NetOps, DevOps, Secops and Developer workflows.
2FA Authentication This feature allows the ability for customers to enable 2FA Authentication for freemium tenants and tenants who use Volterra for Authentication. This does not apply to tenants that use SSO Authentication.
Okta SSO support This release introduces tenant SSO support for Okta.

July 23, 2020

New Features
vK8s PVC Storage on Regional Edges

Volterra Regional Edge sites the Volterra ADN now support Persistent Volume Claims (PVC) for vK8s pods.

Ability to Select a List of Sites for vK8s Objects

This feature provides the ability to select a list of sites (using the ves-io/sites: site1,site2 annotation) for vK8s objects. This is an enhancement to the current ability to select a list of virtual sites(using the ves.io/virtual-sites: vsite1,vsite2 annotation). See vK8s Resource Management for more details.

Audit Logs for Operations on K8s Objects in vK8s This feature enables audit logs for the Create/Update operations on K8s objects (such as deployment, service, etc.) in vK8s.
Ability to Test Alert Notifications

This feature enables user to test alert notifications to an alert receiver. Once an alert receiver is created, a verify API on the alert receiver will generate a test alert to that receiver.

API User/Client Rate Limiting

This feature introduces the support for rate limiting the number of API requests per user over a time period. Rate limiting per user is based on the user identification configured on the rate limiter object. For more information, see Configure Rate Limiting.

Support TLS Fingerprinting in Service Policy Rules

This feature introduces the support for configuring a service policy rule to match TLS fingerprint and action. Actions are deny and rate-limit. For more information, see Configure TLS Fingerprinting.

Two Factor Authentication (2FA) VoltConsle Support

This feature introduces support for enabling 2FA for all plans for customers who use Volterra for authentication. This does not apply to tenants that use SSO for authentication.

API Tokens for Volterra APIs

This feature introduces support for API tokens to be used with Volterra APIs. This is in addition to the already supported API certificates. For more information, see Obtain Credentials.

Delegate Domains to Volterra

This feature introduces support for delegation of domains to Volterra for DNS management. When a domain is delegated to Volterra, all subsequent HTTP load balancer names created will result in the proper DNS RR records to be created. For more information, see Delegate Domains.

HTTPS Load Balancer Automatic SSL certificate Creation for Delegated Domains

This feature introduces support to enable automatic TLS certificate minting and verifying for a HTTPS load balancer provided a DNS domain is delegated to Volterra. For more information, see Create HTTP Load Balancer.

Support for GCP

This feature introduces support for site deployment in GCP using the Volterra Node GCP images.

CentOS Support for VMWare Images Volterra Node CentOS support is introduced on VMware ESXi hypervisors.

June 9, 2020

New Features
Verify Domain Ownership in the Bring Your Own Certificate (BYOC) Volterra will confirm domain ownership by verifying the domain in the virtual-host field matches that in the TLS certificates. If there is no match, the configuration is rejected.
Enable Wizard Forms for Alert Notifications This feature presents simplified configuration views for alert notifications.
Volterra Site on MiniKube, EKS, and AKS This feature introduces the ability to deploy a Volterra node on MiniKube, EKS, and AKS for site creation and use in VoltConsole tenant.
vK8s: K8s Pod Delete This feature introduces support for pod deletion in vK8s and is supported using kubectl.
Support API Token In addition to certificates, this introduces support for API tokens for 3rd party/external API to access VoltConsole services.
Caveats & Changes to Default Behavior

Network policies to implicitly deny traffic is now the system default behavior the moment network policy is configured. Prior to R1.2, the behavior was an implicit allow. In case you have an existing network policy set with no explicit rule to allow the ingress or egress traffic, the traffic will be dropped.