zCompute R8 Release Notes

This document describes the Zadara Compute (zCompute) release notes. These release notes contain important information available at the time of the release. New features, important bug fixes, known limitations are addressed here.

Changelog

Release R8 is an enhancement release to the previous Zadara R7 release which includes scalability, security, usability improvements, new features and bug fixes.

The following section will breakdown the additions and updates to the Zadara Compute Cloud platform (zCompute).

R8 (V21.6.0) - Release Highlights

CentOS 8 has been added to the zCompute Machine Images Marketplace

Following customer requests, we added a link to download CentOS 8 to our marketplace.

cent-os8

The nginx SSL certificate can now be replaced via the API or UI

MSPs that have cloud administration rights can now easily update the nginx SSL certificate via the API or UI, without the need to contact Zadara support.

Go to configuration -> Cluster certificates. You’ll see the default self signed certificate To upload the certificate just click the + button and upload the public certificate and private key.

Certificate - The certificate file is the end-user certificate for your domain which you received from the certificate authority. Drop the certificate file in the designated area, -or- Browse to the location.

Private Key - The private key file is the file which contains the private key which matches your certificate. Drop the private key file in the designated area, -or- Browse to the location.

Private Key Passphrase - In case the private key is encrypted by password, the passphrase should be specified in this field, otherwise the field should be omitted.

On certificate creation the cluster will validate that the certificate is not expired. After creating the certificate, it can be installed by selecting it and clicking “Install”.

Known issues: The certificate can’t be updated while there are nodes in maintenance or in failed states and therefore unreachable. There is a GUI validation to prevent certificate change in these cases.

Cluster certificate operation validates nodes are active before starting

cluster-certificate

Improvements

The granularity of the protection plan can now be set in minutes

protection-group

Force delete vm-snapshot with timer based on snapshot creation

The UI now contains a force delete button action to terminate stuck snapshots. Note that when creating a snapshot between different storage pools is an operation that may take a long time. To prevent premature attempts to delete snapshots that may succeed the button is grayed out until a 10 minute timer has been completed.

delete-snapshot

Clear indication added for incompatible instance sizes

Users are now allowed to create an instance type of any size, even when the size is larger than the node’s size (RAM or CPU). However, both the UI and API indicate the instance type is incompatible with the hardware size.

lbaas-manager and Core DNS image updates

A new load balancer and core DNS engine images have been created to account for bug fixes that were carried out. Once the first phase of the upgrade is done, the admin needs to go to the upgrade panel and click upgrade all engines (no screenshot attached). Once image upgrade is done and the engines are updated all the users that have LBAAS and core DNS instances will see that updates are ready

service-upgrades

upgrade-status

load-balancer

Notable Bug Fixes and Other Changes

After refresh on the account page, the Enforce MFA always looked unenforced

What was fixed

The status now always reflects the actual setting

After a long network disconnect, DNS and LBAAS go into an error state

What was fixed Fixed issue where after a long disconnect, managed services fail to refresh state and lose the state. Relevant for CoreDNS (VPC) and LBAAS

Workaround for pre-R8 In order to fix it in the field, identify the VMs supporting the service and restart the service VMs from the symp CLI.

R7 (V21.4.0) - Key Enhancements

VPSA based VM and Volume DR

zCompute can now orchestrate the protection and restore of individual Instances and Volumes between two zCompute systems connected to different VPSAs. The data transfer is done using VPSA volume mirroring between sites, and zCompute has enhanced the protection plans capability to support setting of mirroring on the volumes and to place the required metadata for restoration on an NFS share on the destination VPSA.

Self service password reset

Users can reset their passwords directly from the login page using the “Forgot your password?”.

Added support for virtual network appliances within a VPC

Some virtual network appliances are either a virtual firewall that requires full control of the traffic coming in/out of the interface, or may be a VPN appliance that has extra IPs representing the client endpoints.

To support the above, there are now two new settings:

  1. Enable/Disable Source/Dest Check - which only controls the L3 IP check. Item 3 above. (This operation can be done by any tenant member)

  2. Enable/Disable Port security. This one can only be set by MSP or Cloud admins.

The options were added to the security groups settings of the interface

source-dest-check

Improve VNC console security

Starting of R7 version, users must explicitly allow Zadara administrators or MSP administrators to connect to the VM VNC, otherwise only users from the same project can access the VM VNC.

Auto-populate instance name as a DNS record

When creating a new instance from the Management user interface, the DNS name field in the VM creation wizard will auto populate the VM name as the DNS name.

VPC deletion wizard

A VPC is a construct with many sub resources and/or attached resources. A VPC deletion wizard was added to easily delete a VPC and it’s related resources as long as there are no running workloads in the VPC.

Allow user to set VPC as default VPC

The user is now able to change the default VPC by setting a new VPC as the default one.

Major Changes & bug fixes

  • NK-1103 - Clone image operation to allow creation of an image with IDE devices or extra data disks

  • NK-1082 - Add the option to export filtered event list to CSV from the management user interface

  • NK-1108 - Delete project now deletes all the default resources created with the project

  • NK-797 - Fixed an issue where Compute Overview’s “Top VMs” sort worked only with CPU

R5 (V21.1.0) - Key Enhancements

  • NK-227 - Managed resources (like: ENI, EIP, Security Groups,etc…) are now hidden by default and need to explicitly toggle to see them in all views

  • NK-294 - Added a capability to the GUI to change Direct Network IP addresses allocation pool

  • NK-470 - An issue if a wrong error when extending volume on a live instance was resolved

  • NK-502 - VM snapshots are now restored to the requested pool

  • NK-594 - MFA is now supported using authenticator application on a mobile device (e.g. Google Authenticator), for both Console and CLI login

  • NK-771, NK-777 - The system now allows admins and tenant_admins to create instance types and also specify the CPU topology over sockets

  • NK-795 - A network mini-graph was added on the nodes list view

  • NK-809 - Added clear indication and system alarm to the cloud admin when running out of EIP per IP pool

  • NK-831 - Prevent deletion of ENI from the GUI

  • NK-865 - Ability to export filtered lists as CSV file was added to all GUI tables

  • NK-897 - GUI and Sym/AWS web shell now work even if firewall is forwarding different public port to 443

  • NK-904 - Snapshots and volumes are now deleted when deleting image from the marketplace

  • NK-906 - Tenant Admin gets all the permissions of a member

  • NK-913 - Images and Marketplace Images now have an Operating system field The Operating system is inherited by the Instances created out of these images

  • NK-955 - The reboot button was removed from the instance view

  • NK-967 - A new inspector command was added that can be used to validate the MTU of all network interfaces after changing the MTU in the cluster

R4 (V5.5.4) - Key Enhancements

Improvements to the VM Creation dialogue

NK-733 - Instance creation wizard Steps are according to functionality

Step1 - Compute

Step2 - Storage

Step3 - Network

Step4 - Config

image42


Show the VPC virtual router IP on the direct subnet

NK-668 - It is, now, easier to set the static routes in the external routers in case that VMs on non direct VPC subnets need to be accessed via the direct subnets or need to access entities on the direct subnet that are outside of the direct subnet allocation pool

image41

Major Changes & bug fixes

  • NK-234 - An issue, where direct-network was not listed as route in route-table, was fixed

  • NK-444 - Improved Resource Consumption tile to make it easier to understand

  • NK-546 - create default VPC operation was added to the GUI

  • NK-621 - When attaching Elastic IP, if there is only one network available, it’s now selected automatically

  • NK-648 - The issue of Load Balancer creation with elastic IP that belong to an instance was resolved

  • NK-661 - Basic event filtering was fixed, and now working as expected

  • NK-663 - Project delete is now possible even if a NAT gateway still exists in the project but in a deleted state

  • NK-681 - AWS compatible API now support import from snapshot

  • NK-703 - CoreDNS VMs removed from the network topology diagram. Clicking the VPC shows if DNS is enabled

  • NK-729 - When creating key pair for a VM the keys are automatically download, to prevent inaccessible instance

  • NK-730 - Neokarm Policies were renamed Symp Policies

  • NK-739 - Cleanup of aging images from the marketplace

  • NK-800 - The “default” security group is properly displayed even if a load balancer is configured in the same VPC

R3 (V5.5.3) - Key Enhancements

Quick start button and screens

Look for the quick start button on the main navigation bar

image1

It will easily guide you via the most common tasks such as creating VM instances, attaching storage volumes, etc…

image2

New VPC creation wizard

A wizard was added to assist you with creating the 3 common topologies of VPCs with private or public subnets

image3

The Wizard can activated from the Quick Start and from the VPCs pane

image4

Elastic Network Interfaces

A new screen was added to manage Network Interfaces. Network interfaces may be attached and detached from an instance and may even move between instances or be a route target. Until now, you could only create it implicitly when connecting an instance to a subnet. Now it has its own screen that exposes the full functionality.

A user can now Create/attach/detach/add security groups and update the name of any network interface.

image5

Toolbox

A VM with client tools available on the marketplaces Toolbox v5.5.0. The images contain the Symp CLI, AWS CLI, Python 2.7, Boto3 and Terraform. The instance should be created with an SSH key pair.

Major Changes & bug fixes

  • NK-386 - Added Storage Pool update mechanism

  • NK-405 - The GUI was fixed to allow subnet name change

  • NK-422 - The GUI was fixed to enable detach security groups from a network interface

  • NK-467 - Account members can now generate Access keys

  • NK-468 - All the networking related tabs are now merged into the networks tab Under instance view. EIP, Security groups and Interfaces operations are done from the same place.

Revision History

  • R7, V21.4.0, April 2021

  • R5, V21.1.0, January 2021

  • R4, V5.5.4, November 2020

  • R3, V5.5.3, October 2020