ALTERPATH MANAGER RELEASES

ALTERPATH MANAGER E2000 RELEASES

This document brings all new features and bug fixes regarding AlterPath Manager E2000 versions.

V_1.4.1 Apr/21/06 : (official release; upgrade from V_1.4.0)

a) Warnings

IMPORTANT: If you are upgrading from V_1.3.0 or earlier, please download the installimg file from ftp://ftp.cyclades.com/pub/cyclades/alterpath/apm/e2000/released/V_1.3.1 and replace the /sbin/installimg in the AlterPath Manager with the downloaded file. Do not use the installimg from V_1.3.0 (or earlier) otherwise the system will no longer boot. The installimg was changed to remove the original image from the compact flash due to size increase of the firmware.
ACS V_2.3.1 (and later) is shipped with all ports disabled by default. AlterPath Manager Auto Discovery can only discover ports that are enabled.
After running “restore”, it is recommended that AlterPath Manager is rebooted. Note: If “restore sys” or “restore all” is executed, the “root” password will be restored from the backup file if the backup file was generated with the “System” configuration option. If “restore conf” or “restore all” is executed, the “admin” password will be restored from the backup file if the backup file was generated with the “Conf” configuration option.
After executing “defconf”, if the serial console of AlterPath Manager is not attached during the boot, eth0 will be configured to get an IP from DHCP and the root password will be reset to “cyclades”; the initial configuration wizard is then displayed during first login. In case the IP cannot be retrieved from the DHCP, the IP 192.168.1.20 will be used.
When upgrading from V_1.4.0, the Upload Status for devices that have Dial Up with OTP enabled will be changed to Required, i.e., a configuration upload will be required because the OTP login shell has been changed due to a security fix.

b) New features

Replacement of CLI applet by MindTerm applet. This new applet is compatible with Java 1.3 or later, it allows re-sizing the window and changing the number of rows or columns, font size or text color. Optionally, the CLI can be also launched with Java Web Start.
Support for Eicon Diva Server ISDN cards.
Linux kernel upgraded to 2.6.12.3.

Security Rules Enhancement: In previous versions, if a Security Rule was applied to a group of Users and this group of Users had access to only some Consoles, the Security Rule would be applied to all Consoles to which the user had access. This was changed to apply the Security Rule only to Consoles to which the group of Users has access. For instance, we can now give Power Control to only a group of users, and the user that belongs to this group can power On or Off only the Consoles that this group has access; he can no longer power On or power Off other consoles that he has access through a different group of users.
Column re-size in the Web is saved per user, and a new option was added in User Preferences to reset the column size.
CLI Session Timeout: Creation of an option in User Preferences to enable the disconnections of child CLI when the parent APM web session times out it.

c) Bug fixes

6213 Renaming KVM consoles several times can cause DB connection failures.
6351 Delays to see the keystrokes in the CLI connections once in a while.
6412 Serial console applet could take 2 minutes to launch.
6535 Slowness to open console groups by admin profile users.
6604 Slowness to save outlet if there is no connection to the device where the IPDU is attached to.
6497 Creation/Edit of Admin user page could take too long when there is a large set of Users, Groups and Consoles.
6216 Alarm trigger is not working when Data Buffering is enabled in the ACS/TS.
6528 Alarm notification is not sent if Create Alarm is set to “N”.
6533 Auto-discovery of cascaded KVMnet Plus is not working.
6530 System partition could be re-created even without answering ‘y’ to “Do you want to re-create System file system?” during boot.
6043 RDP window does not support scroll bar.
6320 KVM session does not start if APM web is accessed via https.
6686 No port is available when adding a KVM console for a cascaded KVM/net.
6510 Options ReadWrite and Kill do not work in a KVM session if somebody else is already using the KVM port.
5865 When ACS is configured to redirect http to https, web proxy does not work.
3889 When KVM/net web encryption is enabled, web proxy does not work.
6606 IPDU device 'outlets' screen could show incorrect information if there is no connection to the device to which the IPDU is attached.
6607 IPDU device could not be deleted in some cases.
6301 Admin profile users unable to view some consoles or devices when editing Consoles ACL or Devices ACL of users.
6244 Security fix for dial up with OTP to prevent OTP users of getting shell access.
6007 Blade Module: Accessing Blade Center web using web proxy could remove /dev/null.
4367 “top” command would not work when accessing APM through its serial console.
6320 KVM Viewer “launch Class” Active X object is not downloaded when APM is accessed via https.
5930 Re-running auto-discovery of KVM/net with IPDU’s creates repeated outlets in the Console ACL of the User configuration.
6811 snmptrapd does not report to syslog.
6810 searchlog and page commands from CLI do not work.
5914 Upgrade from V_1.2.x to V_1.4.x was requiring restart of tomcat.
6036 NIS authentication fails for users created before authentication is set to NIS.

HP OpenView:

Power On, Power Off and Power Cycle do not work for IPMI and OnSite consoles (#5978, #6042).
The NNM Selection Name field in the IPDU Outlet Console configuration should be left blank. If it is not left blank, it may create an invalid menu item in HP OpenView NNM (#6011).

d) Known bugs

Upload of configuration to Onsite V_1.0.0 requires Device Admin Name to be “root” (#5045).
Upload of firmware to KVM/net V_2.0.0 (or earlier) requires Device Admin Name to be “root” (#4525).
Web may not start after upgrading from previous versions. If there is a “FAILED” line in /var/log/conf-V_1.4.1.log you may need to run “defconf” and configure the initial configuration wizard. Otherwise restarting tomcat (“/etc/init.d/tomcat restart”) or a rebooting would start the web.

V_1.4.0 Dec/16/05 : (official release; upgrade from V_1.3.1)

a) Warnings

IMPORTANT: If you are upgrading from V_1.3.0 or earlier, please download the installimg file from ftp://ftp.cyclades.com/pub/cyclades/alterpath/apm/e2000/released/V_1.3.1 and replace the /sbin/installimg in the AlterPath Manager with the downloaded file. Do not use the installimg from V_1.3.0 (or earlier) otherwise the system will no longer boot. The installimg was changed to remove the original image from the compact flash due to size increase of the firmware.
ACS V_2.3.1 (and later) is shipped with all ports disabled by default. AlterPath Manager Auto Discovery can only discover ports that are enabled.
After running “restore”, it is recommended that AlterPath Manager is rebooted. Note: If “restore sys” or “restore all” is executed, the “root” password will be restored from the backup file if the backup file contains System configuration. If “restore conf” or “restore all” is executed, the “admin” password will be restored from the backup file if the backup file contains Conf configuration.
After executing “defconf”, if the serial console of AlterPath Manager is not attached during the boot, eth0 will be configured to get an IP from DHCP and the root password will be reset to “cyclades”; the initial configuration wizard is then displayed during first login. In case the IP cannot be retrieved from the DHCP, the IP 192.168.1.20 will be used.
Users with ADMIN rule can no longer change the password of other users. They can create new users and set their local password but only user “admin” can change local password of existing users.
This version introduces ACL for devices. Users other than “admin” need to have ACL to devices to be able to view or access the devices.
To view Health Monitor or Health Modem alarms requires ACL to device instead ACL to console of lowest port.
If a device has Modem Mode enabled (“Primary Network” or “Backup Network”), PPP User and PPP Password are required fields. Those fields were optional in V_1.2.x.

b) New features

Web GUI redesigned for better view and work flow: larger area for user view, re-sizable columns, “Select All” or “Deselect All” for multiple checkbox selection.
Ethernet Bonding support: it allows placing eth0 and eth1 (or other eth devices if the multiport Ethernet card is present) on the same IP address with one interface acting as stand-by. If the primary link goes down, the secondary interface will switch on and resume traffic over Ethernet.
VLAN support for Bonding.
DHCP Client support to allow AlterPath Manager to use DHCP to obtain its own IP address in eth0.
Improvements in Security Rules: the Source Filtering supporting network range or DNS Hostname and domain filters.
KVM/net firmware upload support. This includes uploading the KVM/net firmware, the KVM/IP module firmware, boot code, KVM switch microcode, terminators microcode and KVM RP microcode.
KVM/net Plus support. (Note: firmware upload not supported.)
Cyclades Power Management (AlterPath PM) range of products support. (Note: firmware upload not supported.)
Access Control List (ACL) for Devices to allow restricting access to devices.
HP Open View Integration for Linux, Solaris and Windows: it allows administrators to access consoles or devices managed by AlterPath Manager from the HP Open View Network Node Manager (NNM).
Added support to logrotate for devices.
Added support to logrotate by size. All console data buffering logs that had logrotate frequency set as “never” will be changed to be logrotated by size.
Multiple Auto-Discovery support: Wizard allows discovering consoles and outlets of multiple devices.
Database security enhancement.
mysql upgraded to 4.1.10a.

c) Bug fixes

Failure to add new user using Reverse Web Proxy of KVM/net V_2.0.0 (#4814).
HTTP Status 404 error when using Reverse Web Proxy to login to ACS V_2.6.0 (#4550).
telnet not working with PAM (#4658).
telnet does not allow root to login (#4669).
Java applet prompts for username and password when user password has semicolon (#4949).
Failure to execute “backup all <filename>” (#4679).
Reverse Web Proxy stops working when the KVM/net IP is changed (#4148).
If the Console List, Device List or User List has “Filter By” filtering by a group and this group is deleted, the Console List, Device List or User List will still be filtered by the deleted group although the group no longer shows up in the “Filter By” selection (#4576).
Auto-Discover does not discover ACS ports when they are configured with “telnetssh” protocol (#4797).

d) Known bugs

Upload of configuration to Onsite V_1.0.0 requires Device Admin Name to be “root” (#5045).
Upload of firmware to KVM/net V_2.0.0 (or earlier) requires Device Admin Name to be “root” (#4525).
In the Edit User-> Console ACL, if there are more consoles than 512 (this value is configurable) pagination will occur. This pagination can show more page index than it should (#5815).
In the Edit User-> Console ACL, console groups that were moved from “Selected consoles” box to “Select console to user access” box will no longer appear in both boxes when the page index is clicked (#5816).
The deletion of multiple devices may fail. In this case, select a smaller number of devices to be deleted. (#5963)
Web may not start after upgrading from previous versions. If there is a “FAILED” line in /var/log/conf-V_1.4.0.log you may need to run “defconf” and configure the initial configuration wizard. Otherwise restarting tomcat (“/etc/init.d/tomcat restart”) or a rebooting would start the web.
Disabling a device group still allows access to the devices via ssh (#5953).
When ACS is configured to redirect http to https, web proxy does not work (#5865).
RDP window does not support scroll bar (#6043)
IPDU device: changing device status to disable does not change outlet consoles status to disable (#6120)
Validation is not checking for duplicated outlet console names (#6152)
Blade Module: Accessing Blade Center web using web proxy deletes /dev/null, which may cause problems to start sshd daemon (#6007). You can re-create /dev/null manually by running the command “rm –rf /dev/null; mknod –m 0666 /dev/null c 1 3” in the AlterPath Manager shell, or download apm_fix_dev_null.sh from ftp://ftp.cyclades.com/pub/cyclades/alterpath/apm/e2000/released/V_1.4.0/BladeModule.
HP OpenView:

Power On, Power Off and Power Cycle do not work for IPMI and OnSite consoles (#5978, #6042).
The NNM Selection Name field in the IPDU Outlet Console configuration should be left blank. If it is not left blank, it may create an invalid menu item in HP OpenView NNM (#6011).

V_1.3.1 Sep/09/05 : (official release; upgrade from V_1.3.0)

a) Warnings

IMPORTANT: Before upgrading to this version, please download the installimg file from ftp://ftp.cyclades.com/pub/cyclades/alterpath/apm/e2000/released/V_1.3.1 and replace the /sbin/installimg in the AlterPath Manager with the downloaded file. Do not use the installimg from V_1.3.0 otherwise the system will no longer boot. The installimg was changed to remove the original image from the compact flash due to V_1.3.1’s increase in size.
ACS V_2.3.1 (and later) is shipped with all ports disabled by default. AlterPath Manager Auto Discovery can only discover ports that are enabled.

After running “restore sys” or “restore all”, AlterPath Manager needs to be rebooted.

b) New features

License controlled model for the following features:

Number of Data Logging Sessions (DLS): The number of DLS continues to be 256 for E2000. The /var/apm/licenses/data/ APM_B_DLS_256.enc file will be present in the AlterPath Manager after the upgrade indicating the 256 DLS are activated.
IPMI: Customers with IPMI support should contact Cyclades and acquire the IPMI license before upgrading to 1.3.1. The license activation file should be then copied to /var/apm/licenses/data directory in AlterPath Manager.

Support for AlterPath OnSite:

Configuration Upload.
Access.

Note: Console Creation Wizard, Auto-Discovery and Firmware Upload are not supported yet. Devices and Consoles must be created individually.

New configuration shell scripts included:

setethernet: sets ethernet speed/duplex negotiation.
ethtool: displays ethernet settings.

c) Bug fixes

Unable to upload firmware package V_2.3.1 to ACS (#4250).
Performance improvement when saving serial consoles. (#4316).
admin being unable to access serial consoles or devices when remote authenticated users were added. The error "admin is not in the sudoers file. This incident will be reported." message was displayed (#3893).
Failure to add local authenticated users after adding more than 90 remote authenticated users (#3887).
Duplicated users that could appear in /etc/passwd (#3821).
User configuration not accepting $ or # in the password (#4022,#3987).
Modem connection failure if modem was added in V_1.2.x. (#3685).
"HTTP Status 500 - No input attribute for mapping path /application/saveEvent" error when saving the Notes field in the alarm.
KVM Proxy not working when KVM/net is in a different network than APM (#4148).
Selecting Firewall in the ACS web during Reverse Web Proxy could lock up session (#3892).
Entering text in the Search For field is very slow and after three or more characters an error message is displayed (#3888).
When the Set Password button is clicked several times, the fields to set the password are multiplied (#3913).
Loopback is listed as one of the network interfaces where the security profile can be applied (#3806).
Unable to login to the serial console of the APM box using Kerberos authentication (#3577).
Unable to set Ethernet speed/duplex/negotiation from the command line (#3480).
Unable to see all logs and sensors of an IPMI device (#3580).
Syslog changing /dev/null permission to 600 (#3814).

Failure to delete console profile after console is deleted (#3584).

IE script error pop up when launching KVM Viewer (#4420).

Page is blank when trying to add KVM console without adding KVM/net device (#3569).
Back button not working when adding new group (#3556).
Error "Fields cannot contain special characters" during Auto-Discovery of ACS (#4155).
Failure to edit KVM console after running Create Consoles wizard for ACS or TS devices (#4499).
Radius Authentication: SSH connections are not sending the flag "Stop" accounting to the Radius Server (#4391).
“ERROR 1040: Too many connections” error during re-connection of consoles to ACS or TS (#4266).

d) Known bugs

If the Console List, Device List or User List has “Filter By” filtering by a group and this group is deleted, the Console List, Device List or User List will still be filtered by the deleted group although the group no longer shows up in the “Filter By” selection (#4576). There are two workarounds to correct the display:

Pressing Enter in the “Search For” field will correct the Console List or Device List.
Changing the “Filter By” selection will correct the User List. If the “Filter By” shows the USER group only, add a new user group (it does not have to have members) to be able to change the “Filter By” selection.

“backup” command may with error "mysqldump: Got error: 2020: Got packet bigger than 'max_allowed_packet' when retrieving data from server" (#5037). If this error happens, replace “/sbin/backup” by the one in ftp://ftp.cyclades.com/pub/cyclades/alterpath/apm/e2000/released/V_1.4.0.

V_1.3.0 Apr/13/05 : (official release; upgrade from V_1.2.1)

a) New features

VLAN and subinterfaces support
Security profiles

define a set of rules regarding permissions and limits for accessing the E2000 features for a user or a group of users
deal with

IP filtering (which IP’s are allowed or not)
interfaces, subinterfaces or VLAN (which interfaces, subinterfaces or VLAN’s are allowed or not)
date and time restrictions (which dates and times are allowed or not)
authorization (types of actions allowed)

Web proxy

connects to the native web interface of any supported device

Dial Back

dials out to the remote ACS unit and authenticates with the ACS. Once authenticated, the ACS drops the line and dials back to a pre-defined number.

sshApplet scroll back configurable
admin icon indication in User List

users with Admin privilege have a special icon displayed in front of the user name in the User List for easy view

Search For

uses auto-complete in the Search For field
added Search For functionality to Device List, User List and Groups List

Filter By

automatically saves the last filtered, ordered list
added Filter By functionality to Device List, User List and Groups List

Info/Reporting

allows sorting by User name, Session Start and Action

Configuration shell scripts included:

setauth: sets the authentication method
setnetwork: sets the Ethernet networks, subinterfaces and VLANs.
setnames: sets the hostname, domain name, and primary nameserver’s IP address.
setdatetime: sets the system date and time based on the selected time zone.
setntp: sets the NTP server’s IP address.
setsmtp: sets the email server’s IP address.

RSA SecurID support in RADIUS and TACACS+ authentication

allows access to consoles and devices when users are authenticated by a RADIUS or TACACS+ server configured with RSA SecurID.
this feature is enabled on the E2000 initial configuration wizard or by the “setauth” shell script.

Security patches applied to the Linux kernel

Inclusion of Apache (httpd-2.0.52) to support web proxy
Upgrade of Java VM to 1.5.0
Upgrade of Jakarta Tomcat to 5.0.28

b) Bug fixes

Errors in backup/restore operations (#3396, #3496, #3453).
Autodiscover overwrites DNS and domain name in the ACS (#3151).
KVM Proxy not working when more than one KVM/net were added (#3319)
KVM/net NTLM configuration loss after upload (#3127).
KVM/net power configuration loss after upload (#2899).
Arbitrary connection to consoles and devices (#2984).
Renamed consoles displayed with old names in the Access selection screen (#3518).
Deleted kvm consoles could re-appear in the Access selection screen (#3519)
Link in User column in Info/Reporting web page could open a web page without data when the user didn’t perform any action in his session (#2624)

c) Known bugs

Failure to delete console profile after console is deleted (#3584).
IPMI: log and sensor data page does not have scroll (#3580).
Page is blank when trying to add KVM console without adding KVM/net device (#3569).
The AlterPath Manager user manual describes support for Blades. The Blade support is not available on the AlterPath Manager only on Blade Manager, and the user manual for 1.3.0 for APM will be changed and an updated version will be part of the 1.3.1 release.
Unable to upload firmware package V_2.3.1 to ACS (#4250).

d) Warning

In this version the input fields (e.g. password field in the user configuration) in the Web interface are not accepting $ or #. Only the following special characters are accepted: _!@%&()[]{}<>?=+-*/,.;:^~

V_1.2.1 Dec/09/04 : (official release; upgrade from V_1.2.0)

a) New features

None

b) Bug fixes

Security fix on URL parameters
Deleted consoles were not being removed from groups after auto-discovering device the second time

V_1.2.0 Nov/01/04 : (official release; upgrade from V_1.1.0)

a) New features

IPMI v1.5/v2.0 support (sensor, power, Serial Over LAN)
Cyclades KVM over IP support
WEB user interface enhancement

navigation improvements
firmware import progress bar
autoUpload progress bar
required field indication
console list with filters, search and save view.

Groups for user, consoles and devices
Access control list and notification list based on groups
NIS authentication
Active Directory
MySQL upgraded to 4.0.20
Database transaction support
Device log

b) Bug fixes

LDAP configuration based on hostname was not working due to a bug on glibc

V_1.1.0 Jul/07/04 : (official release; upgrade from V_1.0.0)

a) New features

Included progress bar for firmware/configuration upgrade
Included sort on console list
Modified Device/Console name hyperlink to launch SSH applet
Included data buffer view by pages
Allowed connection to console straight from SSH username:consolename
Included configuration/system/log backup and restore
Included maintenance command for log (save, rotate and flush logs)
Included support for console on-demand
Included support for PPP primary network and PPP network backup
Included support for modem
Included console add wizard
Included support for device discovery
Included health monitoring of device with alarm notification via e-mail
Included new way to customize e-mail alarms
Included timezone configuration via zoneinfo
Included support for authentication type: kerberos and tacacs+
Included support for cut&paste on SSH applet
Included support for serial cards (Cyclades, Perle)
Allowed 256 simultaneous console connections

b) Bug fixes

Fixed memory overflow due to large data buffer log files
Upgraded Linux kernel to 2.4.25 with all security patches
Upgraded Java VM to j2sdk1.4.2_03
Upgraded OpenSSH to version 3.8p1
Upgraded OpenSSL to version 0.9.7d
Eliminated echo back latency on SSH applet

V_1.0.0 Dec/16/03 : (official release; first release)

a) New features

Initial release

b) Bug fixes

None