Release Notes¶
Version¶
A10 Harmony Controller HC-5.3.0
Compatibility¶
Product
|
ACOS Supported versions
|
|---|---|
ADC App v3.6
|
ACOS 5.2.1-P1
ACOS 5.2.1
ACOS 5.2.0
ACOS 5.1.0-P2
ACOS 5.1.0
ACOS 5.0.0
ACOS 5.0.0-P1
|
CGN App v3.6
|
ACOS 5.2.1-P1
ACOS 5.2.1
ACOS 5.2.0
ACOS 5.1.0-P2
ACOS 5.0.0-P1
ACOS 4.1.4-GR1-P1 & P2
ACOS 4.1.1-P8-P12
|
SSLi App v4.1
|
ACOS 5.2.1-P1
ACOS 4.1.4-GR1-P5
|
GiFW App v3.5
|
ACOS 5.2.1-P1
ACOS 5.2.1
ACOS 5.2.0
ACOS 5.1.0-P2
ACOS 5.0.0-P1
ACOS 4.1.4-GR1-P1 & P2
ACOS 4.1.1-P8-P12
|
GTPFW App v3.5
|
ACOS 5.2.1-P1
ACOS 5.2.1
ACOS 5.2.0
ACOS 5.1.0-P2
ACOS 5.0.0
ACOS 5.0.0-P1
ACOS 5.1.0
|
New Features for Users Running HC-5.2.0¶
Support for Remote Authorization (in addition to remote authentication) for Harmony Controller login.
Read-only roles are now available at Provider scope as well as Tenant scopes in addition to read-write roles.
Controller can now be deployed in IPv6 or dual stack network and can communicate with IPv6 enabled services.
Added capabilities to manage the A10 licenses locally, especially for Harmony Controllers deployed in isolated networks, A10 Enterprise License Manager (ELM) is now embedded into Harmony Controller and referred to as “ Local License Manager (LLM)”. This LLM feature is available with the Harmony Controller install. License management at the Provider level performs similar to previous releases.
Controller now also supports multi-node and scaleout type Thunder clusters.
Virtual Thunder can now be orchestrated in Oracle cloud (OCI) environment in addition to previously available AWS, Azure, VMWare and Kubernetes.
Container Thunder orchestrated by Harmony Controller in Kubernetes environment now also supports multiple network interfaces as well as high throughput networking technologies SR-IOV and PCI Passthrough.
Thunders orchestrated via Controller, can now be configured as VRRP-A cluster.
Thunder device network config can now be viewed and managed from Device listing page of Harmony Portal in addition to CLI Snippet and Object Explorer.
Thunder cluster system config can now be viewed and managed from Cluster listing page of Harmony Portal in addition to CLI Snippet and Object Explorer.
Scheduled Thunder cluster upgrades now minimizes disruption of application traffic by upgrading the cluster one device at a time.
Alerts can now be defined on the metrics being displayed in charts in Harmony Apps. This is in addition to canned alert definitions and advance alert definition configurations.
Thunder VCS clusters can now be connected to HC from any network without the need to open incoming ports on the firewall where VCS Thunder cluster is deployed. Note: In previous releases and onward this feature is also supported for Single and HA clusters.
Thunder CLI snippets can now be pushed to multiple partitions in the same devices simultaneously. Ability to push the snippet to multiple devices was already available.
Organizations can configure banners which users will see when logging into Harmony Controller.
Deprecation¶
Use of CentOS/RHEL 7.4 and 7.5 for running Harmony Controller has been deprecated. Customers are advised to upgrade the Operating System of the machines running controller to RHEL/CentOS 7.6 onwards before upgrading to Harmony Controller HC-5.3.0.
Direct upgrade support from HC-4.2.1-Px to HC-5.3.0 is not available. Customers are advised to upgrade to HC-5.2.0 from HC-4.2.1-Px before they upgrade to HC-5.3.0.
Fixed Issues¶
Item ID
|
Description
|
|---|---|
HARMONY-16701
|
With complete Thunder config management from Controller, synchronizing
Thunder users to Controller is no longer needed. Users at controller
can manage all aspects of Thunder with required RBAC.
|
HARMONY- 18262
|
The Thunder devices launched via HC can now be added to a cluster.
VRRP-A can be configured on the cluster from controller.
|
HARMONY-17101
|
A Thunder VCS cluster deployed in different network from controller
(behind firewall), can now be registered using Tunnel feature.
|
HARMONY-19051
|
Upgrading from HC-4.2.1-Px to HC-5.3.0 is NOT supported and hence
this issue is no longer relevant.
|
HARMONY-19433
|
PDF reports now display time zone information along with time to
avoid any confusion.
|
HARMONY-19319
|
DR Setup now works fine across controller upgrades.
|
HARMONY-19464
|
Certificate Admins’ privilege is now limited to management
of certificate and CRL.
|
HARMONY-20348
|
When a VCS cluster with scaleout configuration is registered
via Harmony Portal, now member devices get added in the
cluster user is trying them to add.
|
HARMONY-20385
|
While registering a scaleout VCS cluster via Harmony Portal,
if user selects ‘Convert’ option, scaleout functionality
now continues to work.
|
HARMONY-20374
|
A Thunder 5.2.1, VCS cluster Controller registration is supported
when the Thunder’s IP management interface is configured for DHCP
|
HARMONY-20502
|
Shared Object in Provider scope are now being persisted.
|
HARMONY-20545
|
In Harmony Portal, opening of Harmony Apps in new window
is now not impacted by the popup blocker.
|
GUI-3659
|
While running a device CLI command from Harmony Portal,
multiple partitions of different devices as well as
of same device can be selected to run command.
|
GUI-3548, HARMONY-20310
|
When VCS cluster is registered to Harmony Controller, all
interface information of the member devices is now available.
|
GUI-4033
|
Harmony Apps work fine when opened from main menu.
|
GUI-2040
|
Large Thunder config is now supported in Harmony Controller
for most operations. Other smaller issues are listed
in known issues below.
|
GUI-3339, GUI-3344
|
Shared objects are now being deployed properly when pushed
to Thunder from Harmony Controller.
|
HARMONY-18222
|
In case of assigning device license to VCS cluster, license
is now being allocated to all the members of the cluster
equally. Refresh may be required to reflect the info.
|
CM-684, HARMONY-19113
|
Configuration management of Thunder VCS clusters from
controller is now supported. However, it is still
recommended is to convert VCS clusters to multi-node
clusters to keep management intelligence at one place.
|
CM-680, GUI-1341, GUI-1342, CM-622, CM-667
|
Configuration push mechanism from controller to Thunder
is enhanced to avoid failures.
|
GUI-2039, GUI-3833
|
On some configuration screens Harmony Portal may accept values
of config parameter that may not allowed by the Thunder device
based on license or some other environmental restriction. Proper
error message is now being provided in Harmony Portal for such cases.
|
CM-708
|
Virtual IP addresses (VIPs) created via Harmony Portal are now
being pushed to Thunder devices as soon as they are created.
|
CM-624, GUI-2303, GUI-1995, GUI-2422
|
Now Harmony Portal hides pages based on roles and Tenant admins
can’t view the devices and partitions.
|
HARMONY-20925
|
After upgrading to this version from HC-5.1.0-Px, access logs in ADC
Harmony Apps will not be visible by default for 12 hours. Please
select time range that doesn’t include the time of upgrade to view the logs.
|
Known Issues¶
Item ID
|
Description
|
|---|---|
HARMONY-9508
|
In case of HA Failover, analytics show the new active device status even
for historical data that belongs to old device.
|
CM-473
|
When Thunder configuration is modified directly on Thunder, it does not
automatically synchronize with the Controller. Using ‘Scan’ option brings
the configuration to Controller from the device. However, making all
configuration changes from Harmony Portal (Global Object Explorer) is
recommended after registering Thunder to Controller.
|
GUI-599
|
Options for scheduled device configuration backup and restore from
Harmony Portal are temporarily reduced and only daily backup is available
for now.
|
GUI-1198
|
When existing configuration is imported or scanned from Thunder device,
some properties may not show up properly in Harmony Portal.
|
GUI-1302
|
The Thunder Onboarding help that pops up on first time login does not
display how-to perform the steps. It is recommended is to use product
documentation for details.
|
GUI-2454
HARMONY-22044
|
When size of Thunder configuration is large, configuration exchange
actions (e.g. config push/scan, config backup/restore) between
Harmony Controller and Thunder may fail.
|
GUI-1748
GUI-2207
|
In some cases, to avoid disruption of environment or application traffic,
configuration push from Harmony Controller to Thunder may not succeed.
|
GUI-2630
|
A few system created Partitions may be visible to admins. These are for
internal use by Controller sub-system. Users are advised not to change
anything in those accounts.
|
HARMONY-19017
GUI-2807
|
For old version of Thunders, some information like log collection rate,
request rate, detailed service status etc., may be displayed incorrectly.
Please consider upgrading Thunder to ACOS 5.x.
|
HARMONY-19245
|
Thunder image upgrade from Harmony Controller fails for a few versions
(4.1.1-Px) of Thunder. Please use Thunder device CLI for upgrading the
Thunder.
|
HARMONY-22034
|
After controller upgrade, in some cases, newly introduced device information
(e.g. network info) may not be available in Harmony Portal. Scanning the
cluster config brings all the information.
|
HARMONY-22042
|
Controller upgrade may take long time in case there are large number of
Thunder objects registered with controller.
|
GUI-4102, HARMONY-21613
|
Scheduled CLI Snippet execution tasks are not deleted with deletion of
devices. They need to be manually deleted.
|
HARMONY-21107
|
Thunder orchestration via Harmony Controller in IPv6 network is
not yet supported.
|
HARMONY-21347
|
If multiple access-groups of same Provider are assigned to a user,
Harmony Portal renders based on only one access-group and the user
may not get all intended privileges. Consolidate all intended privileges
for such a user into one access group and assign that to the user.
|
HARMONY-21822
|
App admin role is temporarily discontinued. However, in case your controller
installation has access groups based on this role, it will continue to work
and users will be able to login.
|
GUI-4705, GUI-4615
|
For old versions of Thunder, configuring some attribute from controller may
result in error. Please use CLI snippet push functionality of controller
if the case arises.
|
GUI-5067
|
After deleting a Scaleout Thunder cluster, if it is again mapped to the same
tenant, analytics information may not resume. Workaround is to map it to
a different tenant.
|
HARMONY-20761
|
Registration of a Scaleout Thunder cluster without VCS may result into issues
when registered from Thunder side. Recommended is to initiate registration
of such clusters from Harmony Portal.
|
GUI-5047
|
Scaleout Traffic Map in harmony Portal may not display properly
for Thunder Scaleout clusters without VCS.
|
GUI-5279
|
In some cases for VRRP-A Thunder clusters, configuration changes from
controller may fail on standby device. Suggested is to use CLI snippet
push functionality of controller if the case arises.
|
Known limitations¶
Item ID
|
Description
|
|---|---|
HARMONY-22119
|
HC installation and functioning requires firewalld to be disabled and inactive on the host machine(s).
If firewalld is enabled and/or is active on the host machine at the time of installation, HC installer
will prompt the user and disable the firewalld.
|
HARMONY-22113
|
When upgrading an older CentOS version to a currently supported version (CentOS 7.9 onwards), a blanket yum update
should not be made. It causes an upgrade of the Docker version to 20.x, which is not supported.
So, it is recommended that OS components be upgraded selectively or to exclude Docker from the OS upgrade.
|
GUI-5326
|
In ACOS 5.2.1-P1, when HC retrieves and scans ACOS objects with encrypted attributes and later re-deloys the objects if any updates
are made to the objects, ACOS rejects the objects. This issue happens only for objects with encrypted attributes,
configured on the device. The objects are initially scanned from the device. The issue does not
happen if objects are created initially from Harmony Controller.
|
Assumptions/note¶
Item ID
|
Description
|
|---|---|
HARMONY-22154
|
HC Installer fails to complete properly when node has HTTP-Proxy configured.
|
Support¶
A10 networks is available for support by Phone and/or Email:
Phone: 1-888-TACS-A10 (Toll-Free USA & Canada). 1-408-325-8676 (International)