The following features and functionalities are new in Address Manager v9.5.0:
Introduction of DHCP Activity health telemetry
Address Manager v9.5.0 introduces a new health telemetry service that can be
configured on DNS/DHCP Servers. You can now configure the DHCP
Activity health telemetry service to collect the protocol-level
DHCPv4 DORA (discovery, offer, request, and acknowledge) and DHCPv6 SARR (solicit,
advertise, request, and reply) broadcast operations packets. You can use this new
health telemetry service to gather statistics into your DHCP environments, helping
you identify anomalies or misconfiguration in your infrastructure. For more
information, refer to DHCP Activity.
Kafka and Elasticsearch support for health telemetry and audit data export
services
Address Manager v9.5.0 introduces the ability to log data to Kafka clusters
and Elasticsearch servers for all health telemetry services (DNS Activity, DNS
Statistics, DHCP Activity, DHCP Statistics) and audit data export. For more
information, refer to Health Telemetry and Enabling Audit Data Export.
Enhancements to BlueCat Gateway service on BlueCat DNS/DHCP Servers
A number of features have been added to
Address Manager v9.5.0 to assist with
configuration and maintenance of the BlueCat Gateway service on BlueCat DNS/DHCP
Servers. Users can now configure custom data and logs directories through the
Address Manager UI, remove unused local volumes and the mounted data and logs
directories when disabling the service, and upload Gateway images for servers unable
to access image repositories. This release also resolves an outstanding issue with
Gateway on DNS/DHCP Server data persistence by ensuring that application and plugin
data within the default and custom data and logs directories is retained during
patch or upgrade of the DNS/DHCP Server. For more information, refer to
Configuring Gateway service on a DNS/DHCP Server,
Disabling Gateway Service, and
Deploying and managing BlueCat Gateway.
Attention: Due to the known issue with
upgrade data persistence affecting previous versions, customers with existing
Gateway on DNS/DHCP Server configurations are advised to contact Customer Care
for assistance with data migration when upgrading to v9.5.0.
Authentication for SMTP mail service
New in Address Manager v9.5.0, users have the ability to configure an SMTP
username and password for authentication of email notifications. For more
information, refer to Mail service.
Address Manager firewall
Address Manager v9.5.0 introduces a new firewall for
Address Manager.
The new
Address Manager firewall increases resilience by adding additional
firewall capabilities that were previously only available for
DNS/DHCP Server appliances. The new firewall can be configured directly through the
Address Manager UI, or through the Administration Console with updated
commands for 9.5.0. For more information, refer to
Configuring the Address Manager firewall
and
Address Manager firewall.
Warning: Upon an
upgrade to Address Manager v9.5.0, ping settings will match the
previous configuration. However, enabling the new firewall
option in
Address Manager will replace the previous
firewall configuration with the new default ruleset. Previous
manually created firewall rules will not migrate automatically
and must be configured on the new firewall. Refer to the
Customer Care portal (
KI-17762) for more
information on migrating existing firewall rules to the new
firewall.
Enhancements to syslog service
Address Manager and DNS/DHCP Server v9.5.0 introduces enhancements to the
syslog service. You can now select service information that is sent to syslog, the
logging level, whether syslog messages comply to RFC5424, whether syslog messages
use the ISO 8601 timestamp format, and whether syslog messages are sent using the
TLS protocol. For more information, refer to Configuring syslog on Address Manager and Syslog on DNS/DHCP Server.
Support for configuring health telemetry services using cloud-init
Starting in DNS/DHCP Server v9.5.0, you can now configure the DNS Activity, DNS
Statistics, DHCP Activity, and DHCP Statistics health telemetry services using
cloud-init. For more information, refer to the VM Installation Guide.
New migration engine
Address Manager v9.5.0 introduces a new migration engine that contains
performance improvements to the migration service and addresses issues with the
legacy engine. Users can choose between the new migration engine or legacy engine
when uploading migration data. The new migration engine is inspired by the legacy
engine, but uses a separate DTD file and does not process XML files in the exact
same way. For more information on usage guidelines and legacy compatibility, refer
to Data migration and Engine behavior and legacy compatibility.
Address Manager on Google Cloud Platform
Starting in v9.5.0, Address Manager virtual appliances are now available for
Google Cloud Platform. For more information, refer to the BlueCat GCP Virtual Appliances
guide.
DHCP support for /31 networks
Address Manager 9.5.0 introduces DHCP support for /31 networks. DHCP ranges, options,
roles, and reserved addresses can now be configured on /31 networks, allowing users
to save space when configuring point to point networks.
Note: The introduction of
DHCP support for /31 networks in Address Manager v9.5.0 removed the ability to
perform merge, resize, and split operations involving /31 networks. The
9.5.1 Patch for Address Manager
restores this functionality, allowing users to merge /31 networks, resize
networks to and from /31, and split larger networks into a set of /31 networks.
Address Manager v9.5.2 restores the
ability to split /31 networks into /32 networks.
Note: In order to support two
allocatable IP addresses, /31 networks are special cases that do
not have network, gateway, or broadcast addresses. Resizing or
splitting larger networks to /31 will remove associated network,
gateway, and broadcast addresses.
Note: Resize and merge operations
cannot be performed on a /31 network if a DHCP range is present
on the network.
Quagga replacement with FRRouting
9.5.0 DNS/DHCP Servers now use FRRouting instead of Quagga for Anycast routing.
FRRouting commands must be used when configuring additional BGP or Zebra parameters
through the BGP/Zebra CLIs. For more information, refer to Anycast and BGP Command Line Interface.
Capture lease information of DHCP Reserved addresses
Starting in v9.5.0, when DNS/DHCP Servers lease out an IP address that is in a DHCP
Reserved state in Address Manager, the IP address details page in the Address
Manager UI now displays the
Lease Time and
Expire
Time of the DHCP lease.
Note: The Lease Time
and Expire Time fields will only appear for the DHCP
Reserved IP address type when the DNS/DHCP Server that leases the IP address is
running version 9.5.0. If the DNS/DHCP Server is on version 9.4.0 or earlier,
the fields will not be displayed when the DHCP Reserved IP address is
leased.
Improvements to audit data export service
Address Manager v9.5.0 introduces improvements to the audit data export service by
updating the format of exported data, reducing the default event size, and adding
the ability to set a custom event size. The service now exports audit data as valid
JSON that includes the hostname of the Address Manager server. This allows log
management tools (such as Splunk servers) to properly parse the data as JSON, and
helps users identify data sources in environments with multiple Address Manager
servers. The default event size has also been updated to accommodate default Splunk
limits, and if necessary, users can contact Customer Care to set a custom amount of
data sent per event. For more information, refer to
Enabling Audit Data Export.
Warning: Users with existing audit data export configurations may
need to update the settings of their log management tool (data sink) after
upgrade to v9.5.0, to ensure that messages continue to be received. If messages
are no longer being received after upgrade, ensure that the source and sink type
are set to JSON and restart the log tool.
Hardened SSH
Starting in Address Manager v9.5.0, a script has been added to Address Manager
servers for hardening of the SSH service. Running the hardening script will prevent
the use of weak algorithms by removing them from the SSH client and daemon
configurations. For information on how to run the hardening script, refer to
Hardening SSH.
Attention: The script must be run
manually on all v9.5.0 Address Manager and DNS/DHCP Servers that users wish to
harden SSH on. SSH is not hardened by default for new v9.5.0 servers or
servers upgraded to v9.5.0.