VNS3 Version 4 is a major release in the lifecycle of the VNS3 product family. Version 4 will be the foundation for a sequence of feature dot releases in the near future. The initial version 4.0 release focuses on updating the 3.5 product line in preparation for the upcoming feature additions. Here is a summary of those changes.
Beta – April 1st, 2014 | Alpha – January 28th, 2014 VNS3:vpn and VNS3:net had a major release in April 2014, Version 3.5 A series of dot releases have been made since then to address feedback from customers on the overall release, the new L4-L7 Container system and to support VNS3:turret in private clouds and virtual infrastructures. Here is a summary of those changes.
Fixed omission where Status page stopped displaying “Connected”/”Disconnected” status in green or red as appropriate.
Beta – April 1st, 2014 | Alpha – January 28th, 2014 Version 3.5 that contains additional features and user-requested updates. Version 3.5 is currently available in AWS Marketplace and on request.
TrendMicro Integration Use both VNS3 and Trend Micro Deep Security central management platform to simplify and streamline security operations. Integrate your security functions across all of your physical, virtual and cloud environments. “Routing Robot” The new “routing robot” keeps your topology connected. The client-side routing agents automatically manages any cloud network modifications by checking the network addresses with the VNS3 Manager routing agent. Automatic routing saves network operators time and resources while increasing network uptime. Docker Integration VNS3 3.5 now provides the ability to co-create customizable, flexible networks with Docker containers built in, and tailor virtual networking functionality to specific use cases when extending corporate and data center networks to public, private and hybrid clouds. VNS3 3.5 delivers a new way for partners and customers to collaborate on the creation of custom network functions – including proxy, reverse proxy, WAN optimization, load balancing, and more – giving IT teams more control over network security and connectivity. VNS3 OS Update The VNS3 Network OS (specially tuned network specific OS based on Ubuntu) has been updated. Component Updates The components of the underlying VNS3 network stack have been updated to the latest versions and ensuring backward compatibility with all previous supported versions of VNS3. Support for GRE Tunneling VNS3 Manager can now provide Layer 2 Bridging over GRE as well as GRE tunneling over IPsec. This increases the connectivity options when building hybrid clouds between parties that have connection agreements like AWS direct Connect and Equinix Data Centers worldwide Clientpack Road Warrior Support Features Clientpacks now include a per-pack detail popup that shows connection information, specific log messages for that clientpack and a regenerate clientpack feature. Quickly and easily regenerate and redistribute any lost or compromised clientpacks to get remote users up and running. Scriptable Networks Additional Support The Clientpack API call fetch_next_clientpack now allows the user to specify a range of IPs to fetch the next clientpack. This feature released backed by popular demand as more and more users are building their cloud-based Overlay Networks automatically and on-demand. System Health UI Addition Added displays for basic VNS3 Manager system health information like memory utilization, swap and disk space. Additional Key Randomness Added entropy for added randomness when generating larger key sizes for the Overlay clientpacks. Support Access Improvements Simplified the Multi-party/factor support access allowing customers to easily regenerate new or revoke outstanding ssh credentials.
Version 3.0.4 will be the last release in the 3.0 line before the upcoming 3.5 release. This release is an update rollup of the VNS3 across all cloud deployment targets that contains fixes and feature updates.
VNS3 Firewall Upgrade Outbound NAT capabilities have been added to allow VNS3 to replace the AWS VPC NAT AMI. When running Private VPCs you can use your VNS3 Manager in the place of the NAT AMI reducing your deployment complexity and saving the NAT AMI runtime fees. IPsec Tunnel Management Improved IPsec tunnel state to allow for easier management and troubleshooting. Tunnel home pages now show Phase 1 (IKE) and Phase 2 (IPsec) remaining lifetime. It also shows the IPsec SA inbound and outbound “SPIs” (Security Parameter Index). These designations are shared with the connecting endpoint and are useful debugging connection issues. Cloud Consistency Consistency improvements for clouds other than Amazon EC2. All VNS3-supported clouds are now based off of a common source tree which differentiates cloud environment by configuration settings. This creates a much more uniform customer experience when federating cloud networks. Larger Web UI Keysize The SSL Certificate for the VNS3 Manager Web UI Server has been upgraded to 2048 bits. Increased Overlay Network Security The overlay network has been enhanced to use a high level negotiation handshake which improves VNS3 Manager resilience against some DDOS attack attacks. Check IN/Check OUT Clientpacks can now be marked as “checked in” or “checked out” via the Web UI. This functionality was previously only controllable via the API. Shutdown Removal The “Shutdown” link has been removed from the Web UI. Please use the cloud or virtual infrastructure console to shutdown an instance of VNS3. Browser Topology Naming VNS3 Topology Name now shows up in Web browser title bar. This makes it easier to work with multiple VNS3 Managers and topologies via the UI. Native IPsec Improved native IPsec interoperability with older (approaching EOL) Cisco routers.
This is a minor release that contains a bug fix and feature updates.
Fixed potential race condition in version 3.0 There is a set of conditions that can cause newly created IPsec Endpoints and Remote Subnet additions to not be appropriately added to the VNS3 IPsec Subsystem. The UI will display the connections, but the tunnels will not be negotiated and will not return any log messages. Version 3.0 users will be contacted separately with patch and upgrade information but are also free to contact support.
“NAT’ing” Outbound NAT capabilities have been added to allow VNS3 to replace the AWS VPC NAT AMI. When running Private VPCs you can use your VNS3 Manager in the place of the NAT AMI reducing your deployment complexity and saving the NAT AMI runtime fees. Port Forwarding Use your VNS3 Manager as the “front door” to your VNS3 virtual network and your VPC by specifying both port and src/dst IP to allow you to forward traffic to specific hosts protected in your VPC. Enhanced VLAN Support Dual honed network support for clouds that use eth1 for VLAN capabilities (IBM SCE, GoGrid, ElasticHosts, etc.). In these clouds just a click on the “Private VLAN” menu item and enter the VLAN network and gateway information. SNMP Support for the most popular MIBs! VNS3 now provides SNMP support for most major commercial and open source monitoring systems. Network monitoring systems like Zenoss and Cacti. Easier Client Configuration Clientpacks are now available via a single configuration file for Linux/Mac, Windows, iOS and Android target environments. Additionally each clientpack configuration file comes pre-configured with remote entries for the VNS3 Manager already included. Simply load the clientpack to the configuration directory on your cloud servers to join the VNS3 virtual network. No additional configuration necessary. Enhanced Snapshot Management The VNS3 snapshot feature is a powerful means for recovering and re-creating VNS3 Managers in the cloud. Now it has gotten easier allowing you to use the username/password set embedded in the snapshot – or to set new UI and API credentials for you rnew VNS3 installation.
This is a major release that contains feature updates. VPN-Cubed was rebranded to VNS-Cubed (VNS3) as part of this release.
Expanded Network Sniffer Functionality VNS3 Network Sniffer (Network Interface Monitor) can monitor either the tun0 (Overlay Network) or eth0 (IPsec Connections) interfaces. IPsec troubleshooting no longer requires intervention from the Cohesive Networks support team. Simply monitor the interface for detailed packet/traffic analysis.
Improved IPsec Tunnel Management Increased visibility of IPsec tunnel status on both the UI and API. Tunnel pages display all negotiated tunnel parameters, encryption domains, tunnel history and log messages for the specific tunnel. The tunnel pages also allow restart and delete of individual tunnels.
License Upgrade Upgrading between Editions or adding capacity to SME/Enterprise now requires no operational window. Upgrades are applied to running Managers via the License Upgrade feature and additions are immediately available.
Updated API Deploy scriptable cloud networks using an expanded REST API. Not only have the number of calls increase to provide greater programatic control over a VNS3 topology, individual calls are now more powerful.
CloudWAN Use your VNS3 topology as your low cost, rapidly deployable global WAN leveraging the globally distributed public cloud data center network. The CloudWAN feature allows users to establish connectivity between multiple endpoints to launch a “telco-ready” network.