Release Notes

Version

A10 Harmony Controller HC-5.3.0

Compatibility

Product
Supported versions
Thunder 5.x
5.2.0, 5.2.1
5.1.0, 5.1.0-P2 to 5.1.0-P5
5.0.0-P1
Thunder 4.1.x
With Config Management:
4.1.4-GR1-P3 to 4.1.4-GR1-P5
No Config Management:
4.1.4-GR1-P1, 4.1.4-GR1-P2
4.1.1-P8 and above
Harmony Apps
ADC App: v3.6
CGN App: v3.6
GiFW App: v3.5
SSLi App: v4.0
GTPFW App: v3.5

New Features for Users Running HC-5.2.0

  1. Support for Remote Authorization (in addition to remote authentication) for Harmony Controller login.

  2. Read-only roles are now available at Provider scope as well as Tenant scopes in addition to read-write roles.

  3. Controller can now be deployed in IPv6 or dual stack network and can communicate with IPv6 enabled services.

  4. Added capabilities to manage the A10 licenses locally, especially for Harmony Controllers deployed in isolated networks, A10 Enterprise License Manager (ELM) is now embedded into Harmony Controller and referred to as “ Local License Manager (LLM)”. This LLM feature is available with the Harmony Controller install. License management at the Provider level performs similar to previous releases.

  5. Controller now also supports multi-node and scaleout type Thunder clusters.

  6. Virtual Thunder can now be orchestrated in Oracle cloud (OCI) environment in addition to previously available AWS, Azure, VMWare and Kubernetes.

  7. Container Thunder orchestrated by Harmony Controller in Kubernetes environment now also supports multiple network interfaces as well as high throughput networking technologies SR-IOV and PCI Passthrough.

  8. Thunders orchestrated via Controller, can now be configured as VRRP-A cluster.

  9. Thunder device network config can now be viewed and managed from Device listing page of Harmony Portal in addition to CLI Snippet and Object Explorer.

  10. Thunder cluster system config can now be viewed and managed from Cluster listing page of Harmony Portal in addition to CLI Snippet and Object Explorer.

  11. Scheduled Thunder cluster upgrades now minimizes disruption of application traffic by upgrading the cluster one device at a time.

  12. Alerts can now be defined on the metrics being displayed in charts in Harmony Apps. This is in addition to canned alert definitions and advance alert definition configurations.

  13. Thunder VCS clusters can now be connected to HC from any network without the need to open incoming ports on the firewall where VCS Thunder cluster is deployed. Note: In previous releases and onward this feature is also supported for Single and HA clusters.

  14. Thunder CLI snippets can now be pushed to multiple partitions in the same devices simultaneously. Ability to push the snippet to multiple devices was already available.

  15. Organizations can configure banners which users will see when logging into Harmony Controller.

Deprecation

  • Use of CentOS/RHEL 7.4 and 7.5 for running Harmony Controller has been deprecated. Customers are advised to upgrade the Operating System of the machines running controller to RHEL/CentOS 7.6 onwards before upgrading to Harmony Controller HC-5.3.0.

  • Direct upgrade support from HC-4.2.1-Px to HC-5.3.0 is not available. Customers are advised to upgrade to HC-5.2.0 from HC-4.2.1-Px before they upgrade to HC-5.3.0.

Fixed Issues

Item ID
Description
HARMONY-16701
With complete Thunder config management from Controller, synchronizing
Thunder users to Controller is no longer needed. Users at controller
can manage all aspects of Thunder with required RBAC.
HARMONY- 18262
The Thunder devices launched via HC can now be added to a cluster.
VRRP-A can be configured on the cluster from controller.
HARMONY-17101
A Thunder VCS cluster deployed in different network from controller
(behind firewall), can now be registered using Tunnel feature.
HARMONY-19051
Upgrading from HC-4.2.1-Px to HC-5.3.0 is NOT supported and hence
this issue is no longer relevant.
HARMONY-19433
PDF reports now display time zone information along with time to
avoid any confusion.
HARMONY-19319
DR Setup now works fine across controller upgrades.
HARMONY-19464
Certificate Admins’ privilege is now limited to management
of certificate and CRL.
HARMONY-20348
When a VCS cluster with scaleout configuration is registered
via Harmony Portal, now member devices get added in the
cluster user is trying them to add.
HARMONY-20385
While registering a scaleout VCS cluster via Harmony Portal,
if user selects ‘Convert’ option, scaleout functionality
now continues to work.
HARMONY-20374
A Thunder 5.2.1, VCS cluster Controller registration is supported
when the Thunder’s IP management interface is configured for DHCP
HARMONY-20502
Shared Object in Provider scope are now being persisted.
HARMONY-20545
In Harmony Portal, opening of Harmony Apps in new window
is now not impacted by the popup blocker.
GUI-3659
While running a device CLI command from Harmony Portal,
multiple partitions of different devices as well as
of same device can be selected to run command.
GUI-3548, HARMONY-20310
When VCS cluster is registered to Harmony Controller, all
interface information of the member devices is now available.
GUI-4033
Harmony Apps work fine when opened from main menu.
GUI-2040
Large Thunder config is now supported in Harmony Controller
for most operations. Other smaller issues are listed
in known issues below.
GUI-3339, GUI-3344
Shared objects are now being deployed properly when pushed
to Thunder from Harmony Controller.
HARMONY-18222
In case of assigning device license to VCS cluster, license
is now being allocated to all the members of the cluster
equally. Refresh may be required to reflect the info.
CM-684, HARMONY-19113
Configuration management of Thunder VCS clusters from
controller is now supported. However, it is still
recommended is to convert VCS clusters to multi-node
clusters to keep management intelligence at one place.
CM-680, GUI-1341, GUI-1342, CM-622, CM-667
Configuration push mechanism from controller to Thunder
is enhanced to avoid failures.
GUI-2039, GUI-3833
On some configuration screens Harmony Portal may accept values
of config parameter that may not allowed by the Thunder device
based on license or some other environmental restriction. Proper
error message is now being provided in Harmony Portal for such cases.
CM-708
Virtual IP addresses (VIPs) created via Harmony Portal are now
being pushed to Thunder devices as soon as they are created.
CM-624, GUI-2303, GUI-1995, GUI-2422
Now Harmony Portal hides pages based on roles and Tenant admins
can’t view the devices and partitions.
HARMONY-20925
After upgrading to this version from HC-5.1.0-Px, access logs in ADC
Harmony Apps will not be visible by default for 12 hours. Please
select time range that doesn’t include the time of upgrade to view the logs.

Known Issues

Item ID
Description
HARMONY-9508
In case of HA Failover, analytics show the new active device status even
for historical data that belongs to old device.
CM-473
When Thunder configuration is modified directly on Thunder, it does not
automatically synchronize with the Controller. Using ‘Scan’ option brings
the configuration to Controller from the device. However, making all
configuration changes from Harmony Portal (Global Object Explorer) is
recommended after registering Thunder to Controller.
GUI-599
Options for scheduled device configuration backup and restore from
Harmony Portal are temporarily reduced and only daily backup is available
for now.
GUI-1198
When existing configuration is imported or scanned from Thunder device,
some properties may not show up properly in Harmony Portal.
GUI-1302
The Thunder Onboarding help that pops up on first time login does not
display how-to perform the steps. It is recommended is to use product
documentation for details.
GUI-2454
HARMONY-22044
When size of Thunder configuration is large, configuration exchange
actions (e.g. config push/scan, config backup/restore) between
Harmony Controller and Thunder may fail.
GUI-1748
GUI-2207
In some cases, to avoid disruption of environment or application traffic,
configuration push from Harmony Controller to Thunder may not succeed.
GUI-2630
A few system created Partitions may be visible to admins. These are for
internal use by Controller sub-system. Users are advised not to change
anything in those accounts.
HARMONY-19017
GUI-2807
For old version of Thunders, some information like log collection rate,
request rate, detailed service status etc., may be displayed incorrectly.
Please consider upgrading Thunder to ACOS 5.x.
HARMONY-19245
Thunder image upgrade from Harmony Controller fails for a few versions
(4.1.1-Px) of Thunder. Please use Thunder device CLI for upgrading the
Thunder.
HARMONY-22034
After controller upgrade, in some cases, newly introduced device information
(e.g. network info) may not be available in Harmony Portal. Scanning the
cluster config brings all the information.
HARMONY-22042
Controller upgrade may take long time in case there are large number of
Thunder objects registered with controller.
GUI-4102, HARMONY-21613
Scheduled CLI Snippet execution tasks are not deleted with deletion of
devices. They need to be manually deleted.
HARMONY-21107
Thunder orchestration via Harmony Controller in IPv6 network is
not yet supported.
HARMONY-21347
If multiple access-groups of same Provider are assigned to a user,
Harmony Portal renders based on only one access-group and the user
may not get all intended privileges. Consolidate all intended privileges
for such a user into one access group and assign that to the user.
HARMONY-21822
App admin role is temporarily discontinued. However, in case your controller
installation has access groups based on this role, it will continue to work
and users will be able to login.
GUI-4705, GUI-4615
For old versions of Thunder, configuring some attribute from controller may
result in error. Please use CLI snippet push functionality of controller
if the case arises.
GUI-5067
After deleting a Scaleout Thunder cluster, if it is again mapped to the same
tenant, analytics information may not resume. Workaround is to map it to
a different tenant.
HARMONY-20761
Registration of a Scaleout Thunder cluster without VCS may result into issues
when registered from Thunder side. Recommended is to initiate registration
of such clusters from Harmony Portal.
GUI-5047
Scaleout Traffic Map in harmony Portal may not display properly
for Thunder Scaleout clusters without VCS.
GUI-5279
In some cases for VRRP-A Thunder clusters, configuration changes from
controller may fail on standby device. Suggested is to use CLI snippet
push functionality of controller if the case arises.

Support

A10 networks is available for support by Phone and/or Email:

Phone: 1-888-TACS-A10 (Toll-Free USA & Canada). 1-408-325-8676 (International)

Email: cloud-support@a10networks.com