HC 5.3.0-P1 Release Notes

Compatibility with Thunder ACOS Versions

ACOS Version

Configuration from HC 5.3.0-P1

Analytics

ACOS 5.2.1-P1 and P2

Supported

Supported

ACOS 5.2.1

Supported

Supported

ACOS 5.2.0

Supported

Supported

ACOS 5.1.0-P2 to P6

Supported

Supported

ACOS 5.1.0

Supported

Supported

ACOS 5.0.0-P1

Supported

Supported

ACOS 5.0.0

Supported

Supported

ACOS 4.1.4-GR1-P2 to P8

Supported

Supported

ACOS 4.1.4-GR1-P1

Not supported

Supported

ACOS 4.1.1-GR1-P8 to P13

Not supported

Supported

New Features and Improvements

  • Harmony Controller now has support for role-based access control at ACOS service partition level. Users can be granted access only to service configurations within an ACOS service partition. For example, allowing different users to manage a subset of VIPs deployed in the shared partition is now possible.

  • User login session can now be extended for up to 72 hours when the user is already logged in to Harmony Controller. This allows service monitoring display ON for long periods. By extending the session, you can keep monitoring the real-time analytics and data without having to log in frequently.

  • You can now store automated daily, weekly, and monthly Harmony Controller system configuration backups and copy and sync backups to a remote Linux machine. Note that these are not Harmony Controller analytics data backup or Thunder device configuration backup. Users now have improved disaster recovery and multiple configuration restoration options.

  • Network security is improved for Harmony Controller deployment. Support for TLSv1.0 and TLSv1.1 protocols and SHA and SHA1 based ciphers is now disabled for improved system security and compliance with enterprise security policies.

  • Additional system validations are added for deployment and upgrade pre-requisites on security hardened virtual machines (VM) to help you avoid deployment and upgrade failures.

  • Consistent user password policy is introduced for for all user accounts created in Harmony Controller. The password policy is now compatible with the password policy in ACOS.

  • User passwords and other sensitive data stored in Harmony Controller are now more secured. This enhancement ensures data security and compliance with enterprise security policies.

  • Harmony Controller user interface is improved for ease of use and enhanced user experience.

  • You can now define measurement units while creating custom triggers. Additional information and actionable links are now added in alert emails providing more clarity on critical system-level and service-level events. This will help you quickly respond to alerts.

  • New features are introduced in ADC and CGN apps. (For more information, refer to ADC and CGN app release notes)

    • ADC app: New chart Top 20 App Services by connections or throughput is added

    • CGN app: New Trace page allows you to search and view Subscriber-specific logs

Try Harmony Controller

Click Harmony_Controller_Trial to explore different options of trial, an on-prem software, or a ready-to-use Harmony Controller as a SaaS application.

Deprecated Features

  • While adding a VRRP-A type cluster, you cannot convert or switch the configuration management to Harmony Controller from aVCS. Also, while editing a cluster, you cannot change the cluster type.

Operating System Support

OS

Single Node

Multi-node

Without Floating IP

With Floating IP

Centos 7.4

Deprecated

Deprecated

Deprecated

Centos 7.5

Deprecated

Deprecated

Deprecated

Centos 7.6

Supported

Supported

Supported

Centos 7.7

Supported

Supported

Supported

Centos 7.8

Supported

Supported

Supported

Centos 7.9

Supported

Supported

Supported

RHEL 7.4

Deprecated

Deprecated

Deprecated

RHEL 7.5

Deprecated

Deprecated

Deprecated

RHEL 7.6

Supported

Supported

Supported

RHEL 7.7

Supported

Supported

Supported

RHEL 7.8

Supported

Supported

Supported

RHEL 7.9

Supported

Supported

Supported

Note

Direct upgrade support from HC-4.2.1-Px to HC-5.3.0-P1 is not available. Upgrade to HC-5.2.0 from HC-4.2.1-Px before upgrading to HC-5.3.0-P1.

Fixed Issues

Item ID

Description

HARMONY-16701
With complete Thunder config management from Controller, synchronizing Thunder users to Controller is no longer needed. Users at controller can manage all aspects of Thunder with required RBAC.
HARMONY- 18262
The Thunder devices launched via HC can now be added to a cluster. VRRP-A can be configured on the cluster from controller.
HARMONY-17101
A Thunder VCS cluster deployed in different network from controller (behind firewall), can now be registered using Tunnel feature.
HARMONY-19051
Upgrading from HC-4.2.1-Px to HC-5.3.0 is not supported and hence this issue is no longer relevant.
HARMONY-19433
PDF reports now display time zone information along with time to avoid any confusion.
HARMONY-19319
DR Setup now works fine across controller upgrades.
HARMONY-19464
Certificate Admin’s privilege is now limited to management of certificate and CRL.
HARMONY-20348
When a VCS cluster with scaleout configuration is registered via Harmony Portal, now member devices get added in the cluster user is trying them to add.
HARMONY-20385
While registering a scaleout VCS cluster via Harmony Portal, if user selects ‘Convert’ option, scaleout functionality now continues to work.
HARMONY-20374
A Thunder 5.2.1, VCS cluster Controller registration is supported when the Thunder’s IP management interface is configured for DHCP
HARMONY-20502
Shared Object in Provider scope are now being persisted.
HARMONY-20545
In Harmony Portal, opening of Harmony Apps in new window is now not impacted by the popup blocker.
GUI-3659
While running a device CLI command from Harmony Portal, multiple partitions of different devices as well as of same device can be selected to run command.
GUI-3548, HARMONY-20310
When VCS cluster is registered to Harmony Controller, all interface information of the member devices is now available.
GUI-4033
Harmony Apps work fine when opened from main menu.
GUI-2040
Large Thunder config is now supported in Harmony Controller for most operations. Other smaller issues are listed in known issues below.
GUI-3339, GUI-3344
Shared objects are now being deployed properly when pushed to Thunder from Harmony Controller.
HARMONY-18222
In case of assigning device license to VCS cluster, license is now being allocated to all the members of the cluster equally. Refresh may be required to reflect the info.
CM-684, HARMONY-19113
Configuration management of Thunder VCS clusters from controller is now supported. However, it is still recommended is to convert VCS clusters to multi-node clusters to keep management intelligence at one place.
CM-680, GUI-1341, GUI-1342, CM-622, CM-667
Configuration push mechanism from controller to Thunder is enhanced to avoid failures.
GUI-2039, GUI-3833
On some configuration screens Harmony Portal may accept values of config parameter that may not allowed by the Thunder device based on license or some other environmental restriction. Proper error message is now being provided in Harmony Portal for such cases.
CM-708
Virtual IP addresses (VIPs) created via Harmony Portal are now being pushed to Thunder devices as soon as they are created.
CM-624, GUI-2303, GUI-1995, GUI-2422
Now Harmony Portal hides pages based on roles and Tenant admins can’t view the devices and partitions.
HARMONY-20925
After upgrading to this version from HC-5.1.0-Px, access logs in ADC Harmony Apps will not be visible by default for 12 hours. Please select time range that doesn’t include the time of upgrade to view the logs.

Known Issues

Item ID
Severity
Description
Reported version
HARMONY-22456
Major
When Harmony Controller is deployed in IPv6 environment, emails fail to generate for user management actions. For example, an email fails to reach the recipient or user after resetting a password.
HC-5.3.0-P1
HARMONY-22431
High
On the Log Processing page in Harmony Controller, log rate is not reported accurately because of inconsistency in how the logs processed by the device are reported to the Harmony Controller. This impacts harmony Controller’s log capacity management and allocation. The issue is impacting devices running ACOS 5.2.1-P1 or ACOS 5.2.1-P2.
HC-5.3.0
HARMONY-22181
High
When a Thunder with ACOS 5.2.1 is deployed in a Scaleout cluster, any cluster configuration changes made later in Harmony Controller are saved in Harmony Controller, however these changes fail to reflect in the Thunder device.
HC-5.3.0
HARMONY-22214
High
Partition provisioning to tenants fails in Harmony Controller because Thunder with ACOS 5.2.1-P1 fails to establish a SaaS Tunnel with Harmony Controller.
HC-5.3.0
HARMONY-9508
High
In case of High Availability failover, analytics show the new active device status even for historical data generated by the previous active device.
HC-4.0.0
GUI-2454
HARMONY-22044
High
When size of Thunder configuration is large, configuration exchange actions (e.g. config push/scan, config backup/restore) between Harmony Controller and Thunder may fail.
HC-5.3.0
HARMONY-19017
GUI-2807
High
For devices running ACOS version older than 5.0.0, some information like log collection rate, request rate, detailed service status etc., may be displayed incorrectly. Please consider upgrading Thunder to ACOS 5.x.
HC-5.1.0-P1
HARMONY-21347
High
If a user is assigned multiple access groups, user may not get access to all privileges. Workaround is to consolidate all intended privileges into one access group and assign that to the user.
HC-5.3.0
GUI-4102, HARMONY-21613
Medium
Scheduled CLI Snippet execution tasks are not deleted with deletion of devices. They need to be manually deleted.
HC-5.2.0
GUI-4705, GUI-4615
Medium
For ACOS versions older than 5.2.0, pushing configuration changes to device from Harmony Controller may fail. Use CLI snippet push functionality of in such a case.
HC-5.3.0
GUI-5067
Medium
After deleting a Scaleout Thunder cluster, if it is again mapped to the same tenant, analytics information may not resume. As a workaround, create a new tenant and then map the cluster to the tenant.

GUI-599
Medium
Scheduled device configuration backup and restore options are available with restrictions and only one-time scheduled backup is available for now.
HC-5.2.0
GUI-1198
Medium
When existing configuration is imported or scanned from Thunder device, some properties may not show up properly in Harmony Portal.
HC-5.0.0
GUI-1748
GUI-2207
Medium
In some cases, to avoid disruption in application services, configuration changes are not pushed from Harmony Controller to Thunder devices.
HC-5.1.0
HARMONY-20761
Medium
Registration of a Scaleout Thunder cluster without VCS may result into issues when registered from Thunder side. Recommended is to initiate registration of such clusters from Harmony Portal.
HC-5.3.0
GUI-5047
Medium
Scaleout Traffic Map in the Harmony Portal may not display properly for Thunder Scaleout clusters without VCS.
HC-5.3.0
GUI-5279
Medium
In some cases for VRRP-A Thunder clusters, configuration changes from controller may fail on standby device. Suggested is to use CLI snippet push functionality of controller if the case arises.
HC-5.3.0
HARMONY-22154
Medium
HC Installer fails to complete properly when node has HTTP-Proxy configured.
HC-5.3.0

Known Limitations

Item ID

Description

CM-473
When Thunder configuration is modified directly on Thunder, it does not automatically synchronize with the Controller. Using ‘Scan’ option brings the configuration to Controller from the device. However, making all configuration changes from Harmony Portal (Global Object Explorer) is recommended after registering Thunder to Controller.
GUI-5326
In ACOS 5.2.1-P1, when HC retrieves and scans ACOS objects with encrypted attributes and later re-deloys the objects if any updates are made to the objects, ACOS rejects the objects. This issue happens only for objects with encrypted attributes, configured on the device. The objects are initially scanned from the device. The issue does not happen if objects are created initially from Harmony Controller.
HARMONY-22407
Harmony Controller 5.3.0-P1 now has support for ACOS Service partitions. However, if an ACOS service partition was already provisioned in an earlier version of the Harmony Controller, it would still be displayed as an L3V partition after upgrade to Harmony Controller 5.3.0-P1. It is recommended to de-register these ACOS devices and register them again to update the partitions.

Assumptions and Notes

Item ID

Description

HARMONY-22119
Harmony Controller installation and functioning requires firewalld to be disabled and inactive on the host machines. If firewalld is enabled and active on the host machine at the time of installation, a warning message is displayed and the firewalld process is disabled.
GUI-5756
Significant clock difference between Harmony Controller and Thunder devices results in inconsistent analytics. Synchronizing the device and Harmony Controller clock is recommended for accurate display.

Support

A10 networks is available for support by Phone and/or Email:

Phone: 1-888-TACS-A10 (Toll-Free USA & Canada). 1-408-325-8676 (International)

Email: cloud-support@a10networks.com