What's New in Address Manager v9.5.0 - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0

The following features and functionalities are new in Address Manager v9.5.0:

Introduction of DHCP Activity health telemetry

Address Manager v9.5.0 introduces a new health telemetry service that can be configured on DNS/DHCP Servers. You can now configure the DHCP Activity health telemetry service to collect the protocol-level DHCPv4 DORA (discovery, offer, request, and acknowledge) and DHCPv6 SARR (solicit, advertise, request, and reply) broadcast operations packets. You can use this new health telemetry service to gather statistics into your DHCP environments, helping you identify anomalies or misconfiguration in your infrastructure. For more information, refer to DHCP Activity.

Kafka and Elasticsearch support for health telemetry and audit data export services

Address Manager v9.5.0 introduces the ability to log data to Kafka clusters and Elasticsearch servers for all health telemetry services (DNS Activity, DNS Statistics, DHCP Activity, DHCP Statistics) and audit data export. For more information, refer to Health Telemetry and Enabling Audit Data Export.

Enhancements to BlueCat Gateway service on BlueCat DNS/DHCP Servers

A number of features have been added to Address Manager v9.5.0 to assist with configuration and maintenance of the BlueCat Gateway service on BlueCat DNS/DHCP Servers. Users can now configure custom data and logs directories through the Address Manager UI, remove unused local volumes and the mounted data and logs directories when disabling the service, and upload Gateway images for servers unable to access image repositories. This release also resolves an outstanding issue with Gateway on DNS/DHCP Server data persistence by ensuring that application and plugin data within the default and custom data and logs directories is retained during patch or upgrade of the DNS/DHCP Server. For more information, refer to Configuring Gateway service on a DNS/DHCP Server, Disabling Gateway Service, and Deploying and managing BlueCat Gateway.
Attention: Due to the known issue with upgrade data persistence affecting previous versions, customers with existing Gateway on DNS/DHCP Server configurations are advised to contact Customer Care for assistance with data migration when upgrading to v9.5.0.

Authentication for SMTP mail service

New in Address Manager v9.5.0, users have the ability to configure an SMTP username and password for authentication of email notifications. For more information, refer to Mail service.

Address Manager firewall

Address Manager v9.5.0 introduces a new firewall for Address Manager. The new Address Manager firewall increases resilience by adding additional firewall capabilities that were previously only available for DNS/DHCP Server appliances. The new firewall can be configured directly through the Address Manager UI, or through the Administration Console with updated commands for 9.5.0. For more information, refer to Configuring the Address Manager firewall and Address Manager firewall.
Warning: Upon an upgrade to Address Manager v9.5.0, ping settings will match the previous configuration. However, enabling the new firewall option in Address Manager will replace the previous firewall configuration with the new default ruleset. Previous manually created firewall rules will not migrate automatically and must be configured on the new firewall. Refer to the Customer Care portal (KI-17762) for more information on migrating existing firewall rules to the new firewall.

Enhancements to syslog service

Address Manager and DNS/DHCP Server v9.5.0 introduces enhancements to the syslog service. You can now select service information that is sent to syslog, the logging level, whether syslog messages comply to RFC5424, whether syslog messages use the ISO 8601 timestamp format, and whether syslog messages are sent using the TLS protocol. For more information, refer to Configuring syslog on Address Manager and Syslog on DNS/DHCP Server.

Support for configuring health telemetry services using cloud-init

Starting in DNS/DHCP Server v9.5.0, you can now configure the DNS Activity, DNS Statistics, DHCP Activity, and DHCP Statistics health telemetry services using cloud-init. For more information, refer to the VM Installation Guide.

New migration engine

Address Manager v9.5.0 introduces a new migration engine that contains performance improvements to the migration service and addresses issues with the legacy engine. Users can choose between the new migration engine or legacy engine when uploading migration data. The new migration engine is inspired by the legacy engine, but uses a separate DTD file and does not process XML files in the exact same way. For more information on usage guidelines and legacy compatibility, refer to Data migration and Engine behavior and legacy compatibility.

Address Manager on Google Cloud Platform

Starting in v9.5.0, Address Manager virtual appliances are now available for Google Cloud Platform. For more information, refer to the BlueCat GCP Virtual Appliances guide.

DHCP support for /31 networks

Address Manager 9.5.0 introduces DHCP support for /31 networks. DHCP ranges, options, roles, and reserved addresses can now be configured on /31 networks, allowing users to save space when configuring point to point networks.
Note: The introduction of DHCP support for /31 networks in Address Manager v9.5.0 removed the ability to perform merge, resize, and split operations involving /31 networks. The 9.5.1 Patch for Address Manager restores this functionality, allowing users to merge /31 networks, resize networks to and from /31, and split larger networks into a set of /31 networks. Address Manager v9.5.2 restores the ability to split /31 networks into /32 networks.
Note: In order to support two allocatable IP addresses, /31 networks are special cases that do not have network, gateway, or broadcast addresses. Resizing or splitting larger networks to /31 will remove associated network, gateway, and broadcast addresses.
Note: Resize and merge operations cannot be performed on a /31 network if a DHCP range is present on the network.

Quagga replacement with FRRouting

9.5.0 DNS/DHCP Servers now use FRRouting instead of Quagga for Anycast routing. FRRouting commands must be used when configuring additional BGP or Zebra parameters through the BGP/Zebra CLIs. For more information, refer to Anycast and BGP Command Line Interface.

Capture lease information of DHCP Reserved addresses

Starting in v9.5.0, when DNS/DHCP Servers lease out an IP address that is in a DHCP Reserved state in Address Manager, the IP address details page in the Address Manager UI now displays the Lease Time and Expire Time of the DHCP lease.
Note: The Lease Time and Expire Time fields will only appear for the DHCP Reserved IP address type when the DNS/DHCP Server that leases the IP address is running version 9.5.0. If the DNS/DHCP Server is on version 9.4.0 or earlier, the fields will not be displayed when the DHCP Reserved IP address is leased.

Improvements to audit data export service

Address Manager v9.5.0 introduces improvements to the audit data export service by updating the format of exported data, reducing the default event size, and adding the ability to set a custom event size. The service now exports audit data as valid JSON that includes the hostname of the Address Manager server. This allows log management tools (such as Splunk servers) to properly parse the data as JSON, and helps users identify data sources in environments with multiple Address Manager servers. The default event size has also been updated to accommodate default Splunk limits, and if necessary, users can contact Customer Care to set a custom amount of data sent per event. For more information, refer to Enabling Audit Data Export.
Warning: Users with existing audit data export configurations may need to update the settings of their log management tool (data sink) after upgrade to v9.5.0, to ensure that messages continue to be received. If messages are no longer being received after upgrade, ensure that the source and sink type are set to JSON and restart the log tool.

Hardened SSH

Starting in Address Manager v9.5.0, a script has been added to Address Manager servers for hardening of the SSH service. Running the hardening script will prevent the use of weak algorithms by removing them from the SSH client and daemon configurations. For information on how to run the hardening script, refer to Hardening SSH.
Attention: The script must be run manually on all v9.5.0 Address Manager and DNS/DHCP Servers that users wish to harden SSH on. SSH is not hardened by default for new v9.5.0 servers or servers upgraded to v9.5.0.