Release Notes 2.1.2
Release Date: February 9, 2018
Important: If you are upgrading your hardware appliance to version 2.1.2 of
our software, contact Tempered Networks Sales for updated licenses.
What's New
New in this release:
- The HIPswitch 250 Series
- The HIPswitch 250 Series is our newest hardware product and the industry’s first identity-based industrial IoT gateway for Industrial Control Systems, OT, SCADA, and critical infrastructure. The HIPswitch 250 includes highly available uplinks over ethernet and up to two different cellular carriers, all actively monitored using fast failover and the ability to prioritize across both cellular and wired links. It also provides 8 x 1 Gbps and 4 x SFP (fiber or copper) with PoE, eliminating the need for ethernet switches and additional power sources. The HIPswitch 250 can also act as a HIPrelay, a feature introduced in version 2.0 of our software.
- HIPclient for macOS and iOS
- With this release, the HIPclient is now available for macOS and iOS. Your devices now can natively connect to your IDN overlay, giving them a trusted and verifiable connection wherever you are. Multiple profiles allow you to easily switch between different IDN overlays as needed. Additionally, integration with HIPrelay gives you seamless and secure mobility for your computers running Apple's macOS and your devices running iOS.
- Link Manager
- Link Manager supports all cellular platforms, including our new HIPswitch 250 Series, providing uplink redundancy and intelligent monitoring for one wired and two cellular uplinks. Dynamic switching occurs based on which port provides the best performance. Default monitors can be customized with your own destinations.
- Integration with AWS
- You can now create, manage, and retire AWS HIP Services directly from the Conductor UI. After creating a template, you can easily create more HIP Services to function as HIPrelays or protect virtual machines in your VPCs.
- HIP Invitations
- HIP Invitations, a new feature in 2.1, allow you to add mobile phones, tablets, and computers running a HIPclient or HIPserver to your IDN solution by sending the user an email containing an invitation. When the user accepts the invitation, the Conductor automatically takes care of all the steps to provision, license, manage, name, group, and create policy for the new HIPapp without manual steps by the administrator. HIPinvitations can be sent in bulk to entire organizations, and the Conductor will handle the rest.
- Improved alerts and monitoring
- In this release we added additional monitors, such as the HTTP GET monitor that allows you to parse web responses from devices in an overlay. Monitors have been expanded to support device groups and HIPservice groups. The event history graphs will now display frequently or recently triggered monitors.
- Improved performance
- We made significant performance improvements across the board for all platforms, with virtual HIPswitches and the HIPswitch 400 roughly doubling in performance.
Upgrade Considerations
The 2.1.2 release includes all hotfixes from prior releases and addresses all known
support cases at the time of release.
Note: You can now upgrade directly to 2.1.2
from either 1.12.6 or 2.0.x. If you are running an earlier version of 1.12.x, we
recommend you upgrade to 1.12.6 before upgrading to 2.1.2.
Important: You must upgrade your Conductor to the latest 2.1.2 software if
you plan on using the HIPswitch 250 in your environment.
| We recommend you upgrade to 2.1.2 if: | |
|---|---|
|
You want to take advantage of performance and stability increases in 2.1, especially for our recently added features:
|
You were impacted by any issues discovered in prior releases, especially if you have any of the following:
|
Extensive testing was conducted both in-house and with selected development partners, in lab and in production environments to ensure that performance is equivalent to 2.1. Additionally, 2.1.2 should be more stable than all prior releases.
Enhancements
| ID | Component | Description |
|---|---|---|
| DEV-5368 | Conductor UI | An improved version of the import devices feature has been implemented in 2.1. |
| DEV-6509 | Diagnostic mode | Shared network ports have been renamed to underlay ports and device ports have been renamed to local device network ports in diagnostic mode. |
| DEV-3427 | HIPclient, Windows | Several enhancements have been made to the HIPclient for Windows:
|
| DEV-3074 | HIPclient, HIPserver | Multiple profiles have been added to the HIPclient and HIPserver, allowing multiple Conductor configurations. |
Fixes
| ID | Component | Description |
|---|---|---|
| DEV-7070 | HIPclient, iOS | Fixed an issue where an iOS HIPclient would stop passing traffic through a HIP relay after the relay was restarted. |
| DEV-7064 | HIPswitch, 250 Series | Fixed an issue where configuration of multiple ethernet underlay ports in diagnostic mode did not work as expected. |
| DEV-7061 | HIPswitch, 250 Series | Fixed an issue where port 7 on the HIPswitch 250 could not be set to 100 Mbps SFP mode. |
| DEV-6767 | HIPserver, Windows | Fixed an issue that caused the HIP service process to stop responding, preventing the HIPserver from restarting properly and coming back online. |
| DEV-6726 | HIPswitch | Fixed an issue where the ping tool did not work correctly from the Tools page in diagnostic mode. |
| DEV-6704 | Conductor | Fixed an issue where you could no longer edit the underlay port of a HIPswitch in one-arm mode if one-armed mode removed and multiple underlay network ports were configured. |
| DEV-6653 | Conductor | Fixed an issue where a deleted HIPswitch that comes back online does not report traffic stats. |
| DEV-6524 | HIPswitch, 400 Series | Fixed an issue where a HIPswitch 400 loses connectivity to the Conductor when configuring the HIPswitch to use one-arm mode. |
| DEV-6523 | HIPswitch, 400 Series | Fixed an issue where changing the port configuration on a HIPswitch 400 would not revert back to its previous configuration if it was unable to contact the Conductor. |
| DEV-6505 | Conductor | Fixed an issue where PCI reporting logs may include some passwords in the output. |
| DEV-6376 | HIPclient, Windows | Fixed an issue where HIPclients continue to report health data at five minute intervals, regardless of changes made in the Conductor. |
| DEV-6268 | Conductor | Fixed an issue where two devices in two different device groups with policy to each other would cause the connection between the HIP Services and Conductor connection to restart repeatedly. |
| DEV-6174 | Conductor | Fixed an issue where a smart device group containing a HIPswitch group in its rules would prevent any device activated from a HIP invite to be added to the group automatically. |
| DEV-6073 | Conductor | Fixed an issue where HIPswitch connections to Conductor would fail if network latency was greater than 500ms. |
| DEV-5965 | Conductor | Fixed an issue where re-enabling a revoked HIPclient would not preserve its external IP address. |
| DEV-5891 | HIPswitch | HIPswitches will now advertise their NAT underlay IP address, if set. |
| DEV-5857 | HIPswitch | A HIPswitch 200 diagnostic report does not display CPU temperature. |
| DEV-5541 | Conductor | Fixed an issue where the Limit upload bandwidth option would disallow a packet capture on a HIPswitch until the it reboots. |
| DEV-5529 | HIPswitch | Fixed an issue where adding an invalid overlay route to a HIPswitch from the Conductor UI would not create a route on the HIPswitch. |
| DEV-5526 | Conductor UI | Fixed an issue where the Conductor would show devices that became active in real-time, not when active devices became inactive. |
| DEV-5425 | BaseOS | Fixed security vulnerability CVE-2017-8890 |
| DEV-3989 | Conductor | Fixed an issue where you could pair HIPswitches in HA if there was no HA interface. |
| DEV-3619 | Conductor | Fixed an issue where a recent activity email would include notifications for offline HIPclients. |
Known Issues
| ID | Component | Description |
|---|---|---|
| DEV-7153 | HIPswitch 400,HIPswitch 500 |
You may experience the following issues when configuring
expansion ports in diagnostic mode on the HIPswitch 500 and the
HIPswitch 400 with an 8-port expansion module:
|
| DEV-7157 | HIPclient, Windows | Underlay traffic stats are not displayed in the Conductor if MTU
is set to greater than 9000. Workaround: None |
| DEV-7145 | HIPswitch 400, HIPswitch 500 | The HIPswitch 400 and HIPswitch 500 may display Manage in
Conductor on the LCD display panel before being configured
with a Conductor URL. Workaround: None |
| DEV-7143 | HIPswitch 400 | The HIPswitch 400 LCD panel may continuously display Firmware
Updating after applying a Hotfix from the
Conductor. Workaround: None |
| DEV-7125 | PCI | When exporting PCI data, HIP Services references may not display
correctly when viewing the CSV file in Microsoft
Excel. Workaround: None |
| DEV-7092 | Conductor | On the Check Connectivity section of the Diagnostic tab for a
HIPservice, auto-discovered devices may display as protected
devices. Workaround: None |
| DEV-7050 | Conductor | When configuring a new Conductor, you may receive an error when
trying to accept the EULA. Workaround: Change the URL in your browser to <ConductorURL>/app to continue. |
| DEV-6590 | Conductor | You can add a voucher code more then once from the
Licensing tab. This does not create
additional licenses, but is visually confusing. This will be fixed
in a later release. Workaround: None |
| DEV-6587 | Conductor | The Licensing tab may display invalid
entries. Workaround: Remove the invalid items manually. |
| DEV-6533 | Conductor | When creating or editing a smart device group, rules can have the
same original values. This can cause unintended issues in the
processing results. Workaround: When creating rules, verify each rule has a unique ordinal value. |
| DEV-6507 | Conductor | The throughput graph for a HIPservice may occasionally miss a
data point and draws it as a zero value. Workaround: Refresh the page to properly display the data point. |
| DEV-6459 | Conductor | Devices configured with serial-over-IP do not display in the
Add devices list when attempting to add
them to an overlay. Workaround:
|
| DEV-6446 | HIPclient, iOS | When viewing traffic stats in the iOS app, the chart may show
negative values instead of zero. Workaround: None |
| DEV-6226 | Conductor | Currently a fully qualified domain name cannot be used for local
or peer replication addresses on an HA Conductor
pair. Workaround: None |
| DEV-6196 | Conductor | When configuring the Conductor URL in diagnostic mode, you are
able to enter an invalid IP address without receiving an error
message. Workaround: None |
| DEV-6195 | Conductor | The Conductor incorrectly displays an option to check bandwidth
for HIPclients in diagnostic view. This option is not supported for
HIPclients and will not function correctly if
selected. Workaround: None |
| DEV-6172 | Conductor | When assigning a 1.x.x.x local device IP address to a HIPclient,
the Conductor may continue to display the previous IP of the
device. Workaround: None |
| DEV-6130 | HIPclient, Windows | Setting or removing a Local Device IP on a Windows HIPclient may
cause the client to report that the HIPservice is not
running. Workaround: Restart the HIPclient to resolve the issue. |
| DEV-5832 | HIPswitch | Device NAT functionality currently does not work with layer 2
traffic. Workaround: None |
| DEV-5530, DEV-5441 | Conductor UI | In some cases, Allow incoming pings (ICMP)
and SYN Flood Protection on the
Firewall page may be disabled and won't
toggle. Workaround: Refresh your browser to resolve the issue. |
| DEV-5448 | Conductor UI | Clicking the Swap roles button for a
secondary HA-paired HIPswitch will cause the UI to stop responding.
Workaround: Refresh your browser. |
| DEV-5434 | Conductor UI | Clicking Detect Devices repeatedly on the
HIPswitch properties page will generate excess
traffic. Workaround: Give the Conductor time to complete the operation. |
| DEV-5430 | Conductor | After configuring a Conductor for the first time, you may receive
a Lost connection to the original server
message if you select Return to settings too
quickly. Workaround. Wait at least 20 seconds before selecting Return to settings. |
| DEV-5428 | Conductor UI | When you create a Smart Device Group with Ignore
auto-discovered devices until accepted checked and
then remove the setting, the Smart Device Group will continue to
ignore unaccepted devices. Workaround: None |
| DEV-5343 | Conductor UI | If you try and log in after your session has timed out, you may
receive the following error: The change you wanted was rejected. Workaround: Refresh your browser and log in. |
| DEV-5008 | PCI Reporting | PCI Reporting shows the UUID reference instead of the name when
generating a PCI report from Workaround: To view names, you can download object references from the same page where you generated the PCI report. |
| DEV-4846 | HIPswitch | If a HIPswitch is in port one-arm mode and device discovery is
enabled, the HIPswitch will report an error. Workaround: None |
| DEV-4537 | Conductor | When demoting a master Conductor to standby, the processing
screen might not correctly update. Workaround: Refresh your browser. |
| DEV-2417 | Conductor UI | The password reset email link defaults to the first web enabled
interface, and will be successful only if an administrator
configures the first interface with a publicly-facing default route.
Workaround: None. |
| DEV-1846 | Conductor, HA | Currently the standby Conductor UI in an HA pair will not
timeout. This issue does not affect the master Conductor
UI. Workaround: Log off manually when not using the standby Conductor UI. |