Release Overview - Unimus 2.1.0

With each new release, we also upload a release overview video, so if you prefer a video format, you can find it here:
Youtube - 2.1.0 Release Overview video

For those who prefer readable content, read on! For all images in this article, simply "Right click > Open image in new tab" to see them in full resolution.


"Backup filters" feature

Backup filters

You can now create custom backup filters, which allow you to ignore or completely delete parts of the backup received from your devices. This can be useful if you do not want to store some data that the device outputs, or if you want to ignore parts of the backup for config change notifications. For example, if your device outputs some data that is different on every backup, you can create ignore filters to tell Unimus this data should be ignored. Using the backup filters, you can create completely custom rules on what to ignore or delete to cut down on change notifications.

For more information and examples, we have a dedicated blog article.

"NMS Sync" upgraded to preset-based

We have migrated NMS sync to use presets, instead of static configuration. This provides multiple benefits. For example, you can now configure sync from as many NMS systems of the same type as you like simply by creating more presets. The second benefit is that NMS sync is now fully compatible with Zones. You can specify to which Zone an NMS Sync preset should import to. These updates make NMS Sync very flexible. You can import all your customers' networks from a single NMS into multiple Unimus Zones. Or you can import from multiple NMS systems, each representing a separate Zone.

For more information and examples, please check our NMS Sync blog article.

NMS sync


"Advanced Settings" for Mass Config Push

Push advanced settings

We have added a new "Advanced Settings" window to Config Push. In most use cases our default Config Push behavior was sufficient, and worked as expected. However, in a few specific cases there was a need to fine tune how Config Push behaved, and the new Advanced Settings allow these adjustments.

These new settings are covered in this blog article.

NetXMS Agent as a proxy for Zones

In 2.1, we are adding the option to use a NetXMS Agent as a Unimus Zone proxy. If you are using NetXMS and already have an Agent deployed in a remote network, you don't need to deploy Unimus Core - you can just use your existing Agent. This cuts down on the amount of software you need to deploy, and if you already use NetXMS, you can now onboard your networks into Unimus much faster.

More details in the documentation on our Wiki.

Push advanced settings

Other minor new features and improvements

We have also added many new minor features, such as improvements to notifications, UX improvements to Config Push, warnings when an older version Core is connected, performance improvements, and many other UI and UX improvements across Unimus. Head down to the full Changelog to learn more!


Security improvements and bug fixes

We focused heavily on security in 2.1, as outlined in our Update on Unimus codebase and release security article earlier this year. We have updated both our backend and frontend frameworks to latest LTS releases, reviewed Unimus build security and infrastructure and introduced code-signing to all binary releases.


With each new release, we also add support for new network vendors and devices. This release is no different and we are adding support for 21 new device types, from 15 separate networking vendors.

The Changelog for 2.1.0 is quite large, so this article doesn't cover it completely. If you want to see all the changes in this release, please check the full Changelog below:

Full changelog:


= Version 2.1.0 =
Features:
  Added notifications if a Zone goes offline (can be configured in the "Notifications" screen)
  You can now select which Zone the "Basic import" imports devices into
  Config Push History (on the Dashboard) now shows which user ran the Push, or if it was scheduled
  Improved Diff performance (diffs with a large change-set could be very slow)
  Improved Import / NMS Sync handling - import/sync jobs are now queued, so a single job doesn't block you from queueing others
  You can now disable the Core connection listener if desired (if not using remote Cores)
  The "get" endpoints for "devices" in the API ("/api/v2/devices/...") now also return the status of the last device job
  "Sensitive data stripping" has been moved from "Other settings" to "Backups > Configuration"
  "Advanced settings" > "Discover un-discovered devices when new Credentials are added", "added" was changed to "added or bound"
  Improved Output Group matching in Mass Config Push
  Added new icons for Comments / Tags / Filters in all tables
  Added "unimus.core.tcp.connect-timeout" config option to control Core->Unimus connection timeout (default 5 seconds)
  You can now disable specific job types (Discovery, Backup, Scan, Config Push) if desired
  Added support for devices which ask "Configure from terminal?" when the "configure" command is sent
  On JunOS devices, "monitor stop" will be sent before backup to make sure logs are not present in backup
  Improved support for Adtran NetVanta devices
  Improved support for Datacom devices
  Improved support for ExtremeWare devices
  Improved support for Quanta devices

  New "Custom Backup Filters" feature:
    - you can create custom filtering rules on backups to filter any data you don't want inside backups
    - both completely deleting and/or replacing data for a filtered text are available
    - allows for creation of rules based on Tags, device vendors or device types
    - https://unimus.net/blog/backup-filters-unimus-210

  "NMS Sync" is now configured using Presets, and now properly works with Zones
    - you can now define as many NMS Sync connections as you like
    - fully integrated with Zones, you can now use NMS Sync to sync devices to multiple Zones
    - existing configuration automatically migrated to Presets
    - https://unimus.net/blog/nms-sync-improvements-unimus-210

  Ability to use the NetXMS Agent as a proxy for Zones:
    - you can use a NetXMS Agent as a poller for an Unimus Zone instead of an Unimus Core
    - if you use NetXMS, you no longer need to deploy both a NetXMS Agent and an Unimus Core for the Zone
    - https://wiki.unimus.net/display/UNPUB/NetXMS+Agent+as+Zone+Proxy

  New "Advanced Settings" feature for Mass Config Push:
    - allows overriding credentials used to connect to devices by this Push Preset
    - allows overriding timeouts used in device communication by this Push Preset
    - allows settings the prompt matching mode used by this Push Preset
    - https://unimus.net/blog/config-push-advanced-settings-unimus-210

  Unimus Core version is now checked by Unimus and shown in Zones
    - added versioning to the Core communication protocol
    - Unimus now checks if Cores are using a supported version during connection
    - Unimus will notify on the Dashboard if any "older" version Cores are connected
    - Core version is now shown in the "Zones" screen (if the Zone is using an Unimus Core as it's proxy)

  Added support for:
    - Adit 600 series
    - Brocade G620
    - Cisco FirePOWER for AWS
    - Datacom DmOS devices
    - Datacom DmSwitch devices
    - D-Link DXS 5000 series
    - Extreme 200 series
    - Extreme VOSS / VSP OS
    - Extreme Wing AP 510
    - Fiberhome devices
    - Fiberstore (FS.com) Campus switches
    - Fortinet FortiWeb
    - IBM Flex System Fabric
    - IBM RackSwitch
    - Netgear GSM switches
    - Nomadix EG devices
    - Nomadix NSE devices
    - Siklu Terragraph
    - Ubiquiti airFiber 60 5G
    - Ubiquiti airFiber 60 LR
    - Ubiquiti GigaBeam
    - ZTE ZXA devices

Fixes:
  Fixed Slack notifications not working with new Slack Apps (changes in Slack API for new Apps)
  Fixed issue when writing into an input box, a desync may occur that caused a character to get lost, and the cursor to jump to the start of the input box
  Fixed built-in backup filtering in rare cases could add many "<--filtered-->" text instances into a backup
  Fixed config change notification not sent if a backup was pushed over the API
  Fixed API limited max page size to 50, even if user specified a much larger size
  Fixed Import and/or NMS Sync could get stuck if there was an internal error during import/sync
  Fixed Unimus could stop working on HSQL after a long period of time if data retention cleanup settings were enabled
  Fixed running discovery/backups on all devices over the API did not work (single device requests worked properly)
  Fixed Import and NMS Sync running UI notifications could get lost when moving around the application
  Fixed wrong Config Change Notifications on specific Cisco IOS versions
  Fixed wrong Config Change Notifications when a few specific config items were present on F5 devices
  Fixed "Backup it very long, do you want to continue?" warning boxes not working properly
  Fixed errors when trying to add extremely long passwords (over 130) characters in the "Credentials" screen
  Fixed inconsistent case sensitivity in Config Search (normal matching is now always CI, regex matching is done per regex settings)
  Fixed Config Search showing whole backup when Context Size was set to 0
  Fixed multiple edge-case issues and errors in Config Search
  Fixed multiple edge-cases where a device address with a whitespace was not properly trimmed
  Fixed checkbox and selection not being properly reloaded after refresh (F5)
  Fixed "last run" value not being updated in a Config Push preset in some circumstances
  Fixed multiple UI issues (element overflows, wrong element sizing on small resolutions) in Config Push
  Fixed "$[no-wait]" not properly working in Config Push under certain circumstances
  Fixed Discovery failing on newer firmware version of HP/HPE ProCurve devices
  Fixed devices that used "enter" as pagination not working over Telnet
  Fixed jobs failing on newer Adtran NetVanta devices
  Fixed jobs failing on a few specific HP Comware devices
  Fixed jobs failing on a few specific devices over Telnet
  Fixed jobs failing on specific configurations of ExtremeWare devices

Security fixes:
  Upgraded the frontend framework to the latest LTS version
  Upgraded the backend framework to the latest LTS version
  Fixed not properly invalidating all sessions of a logged-in account if it was removed (sessions would work until session timeout)
  Fixed users being able to see Tags they did not have access to in Config Search (only list of Tags affected, search results were properly secured)

Embedded Core version:
  2.1.0

Known issues:
  ISSUE: When many jobs are running, and you scroll or re-order the Devices table, some rows can be duplicated and/or malformed
  WORKAROUND: table re-render fixes this - scroll out and back in, or reorder again and elements will rerender properly
  STATUS: issues in framework after upgrade to latest LTS - we are investigating how to fix :(

  ISSUE: Opening a Config Push preset is slow and locks the UI session with large results (1000+ devices)
  WORKAROUND: none
  STATUS: issue scheduled for fix in next version

  ISSUE: Search in Config Push preset outputs is slow and locks the UI session with large results (1000+ devices)
  WORKAROUND: none
  STATUS: issue scheduled for fix in next version

  ISSUE: Device ownership (Owner) is not properly set when using Basic Import
  WORKAROUND: none
  STATUS: issue scheduled for fix in next version

  ISSUE: An API call to the "devices" endpoint using PATCH doesn't work
  WORKAROUND: none
  STATUS: issue scheduled for fix in next version

  ISSUE: Already logged in user gets 'Access denied' when they manually navigate to '/'
  WORKAROUND: none
  STATUS: issue scheduled for fix in next version

  ISSUE: When moving many devices across Zones, an error can occur
  WORKAROUND: none, retry the move again
  STATUS: issue scheduled for fix in next version

  ISSUE: Notifications don't contain a list of addresses of filtered devices (no connectors, Core offline, etc.)
  WORKAROUND: none
  STATUS: issue scheduled for fix in next version

  ISSUE: Config push creation - 'Require "enable" mode' is not automatically checked when 'Require "configure"' is checked
  WORKAROUND: none, works properly after preset has already been created
  STATUS: issue scheduled for fix in next version

  ISSUE: Data put into HTTP query parameters are not escaped in NMS Sync importers that use HTTP protocols
  WORKAROUND: none
  STATUS: issue scheduled for fix in next version

  ISSUE: Sorting by Job Status in Devices does not work properly if Unmanaged devices are present
  WORKAROUND: none
  STATUS: issue scheduled for fix in next version

  ISSUE: Some screens in Unimus show time in server's time zone, others in client's (browser's) time zone
  WORKAROUND: none, issue only relevant if client has different time zone than server
  STATUS: we are debating on how to fix this - will likely create a setting to select which TZ should be used