Current Release - Release Notes Ransomware Defender AirGap 2.0
- What’s New in Superna Eyeglass Ransomware Defender Edition Release 2.5.8 AirGap 2.0
- Supported OneFS releases
- Supported Eyeglass releases
- Inter Release Functional Compatibility
- End of Life Notifications
- End of Support in Release 2.5.8
- Deprecation Notices
- Technical Advisories
- New for AirGap 2.5.8.1-22080
- T22072 AirGap Enterprise Events and Disk Usage Retrieval now a push
- T19599 Migrate Configuration from Protected to Vault Cluster
- T21214 AirGap Enterprise can now support multiple vaults managed from the same Eyeglass
- T22123 Command to send vault agent logs manually
- T21490 Monitor AirGap SyncIQ Policies for changes to configuration
- T21830 AirGap Enterprise Fiber cutter option
- Fixed in AirGap 2.5.8.1-22080
- T22930 AirGap Enterprise Replication Nodes require access to Production Network
- T20932 AirGap Job Reports csv do not report failed jobs
- New for AirGap 2.5.8-22028
- New for AirGap 2.5.8-21330
- New for AirGap 2.5.8-21306
- T20945 AirGap - Alarm Conditions (AirGap Enterprise)
- New for AirGap 2.5.8-21240 - Controlled Availability
- T21212 AirGap Enterprise does not require Static Route configuration
- T21042 Automated retrieval of vault cluster logs (AirGap Enterprise required)
- New for AirGap 2.5.8-21213/21222 - Controlled Availability
- T19522 AirGap Enterprise
- Fixed in 2.5.8-21330
- T22171 - Log4j Vulnerability - Upgrade to Log4j 2.17.0 (2.5.8-21330 and higher Log4j 2.17.0 )
- Fixed in 2.5.8-21306
- T22033 Log4j Vulnerability - CVE-2021-44228
- Fixed in 2.5.8-21222
- T20770 AirGap Event Retrieval Job Fails with No route to host
- T20358 Not able to create an AirGap Job Report for a selected period
- T19195, T19221 AirGap Job shows success when failed
- T20766 Cannot view second page of AirGap Config AirGap job list
- Known Issues
- T15104 Default schedule does not run the job
- T15300 Error on manually connecting Airgap not displayed
- T16199 No alarm if Airgap event retrieval from Powerscale cluster is in error
- T16436 Airgap Jobs cannot be manually run from the Airgap window
- T16456 Customized Airgap schedules reset to default after upgrade
- T16457 Airgap window not refreshed
- T16470 Renaming Airgap SyncIQ policy does not preserve original settings
- T16476 AirGap Job continues to run after Powerscale cluster deleted from Eyeglass
- T19609, T19632 User Disabled AirGap Job may have status of having been run when it has not
- T19631 AirGap Config window time uses Eyeglass appliance timezone
- T20966 AirGap Job Configuration lost on rediscover or anyrelease restore
- T21134 AirGap Basic Job can be started from Jobs window without AirGap role
- T21863 AirGap Basic static route remains on error
- T21327 Managed Device Alarms have incorrect date and are sorted oldest to newest
- T21224 Snapshot schedule job created for AirGap Job
- T21147 Customizing AirGap policy prefix results in job errors
- T21659 AirGap state - network disconnected in UI
- T20945 AirGap Open Check may not detect vault open
- T23094 Vault Cluster Event Retrieval fails for AirGap Basic in 2.5.8.1
- T20525 Connectivity check does not work for AirGap Enterprise with Fiber Cutter
- T23399 No validation when adding vault cluster
- T23400 Fiber Cutter Error Handling
- Known Limitations
- T 19614 AirGap Job consideration of Easy Auditor Active Auditor Active Event not configurable
- T21316 Vault stays open for vault cluster event retrieval
- T21274 Alarm raised for vault open in Eyeglass is not cleared after maintenance window is finished
What’s New in Superna Eyeglass Ransomware Defender Edition Release 2.5.8 AirGap 2.0
Supported OneFS releases
Source cluster
8.2.0.x
8.2.1.x
8.2.2.x
9.1
9.2
9.3
Target Airgap Cluster
8.2.2.x
9.1.0.0
9.2.0.x
9.3.x.x
Supported Eyeglass releases
Superna Eyeglass Ransomware Defender Version | Superna Eyeglass Version |
2.5.8.1-22080 | 2.5.8.1-22080 |
2.5.8-22028 | 2.5.8-22028 |
2.5.8-21330 | 2.5.8-21330 |
2.5.8-21306 | 2.5.8-21306 |
2.5.8-21240 Controlled Availability | 2.5.8-21240 Controlled Availability |
2.5.8-21222 Controlled Availability | 2.5.8-21222 Controlled Availability |
2.5.8-21213 Controlled Availability | 2.5.8-21213 Controlled Availability |
2.5.7.1-21161 | 2.5.7.1-21161 |
2.5.7.1-21140 | 2.5.7.1-21140 |
2.5.7-21096 | 2.5.7-21096 |
2.5.7-21081 | 2.5.7-21081 |
2.5.7-21068 | 2.5.7-21068 |
2.5.7-20129 | 2.5.7-20129 |
Inter Release Functional Compatibility
OneFS 8.0 | OneFS 8.1 | OneFS 8.2 | OneFS 8.0 - OneFS 8.1 | OneFS 8.0 or 8.1 - OneFS 8.2 | |
End of Life Notifications
End of Life Notifications can be found here.End of Support in Release 2.5.8
As of Release 2.5.8, OneFS 8.1 is no longer supported.
Deprecation Notices
Technical Advisories
Technical Advisories for all products are available here.
New for AirGap 2.5.8.1-22080
T22072 AirGap Enterprise Events and Disk Usage Retrieval now a push
For AirGap Enterprise deployments, vault cluster events and disk usage are now pushed to Eyeglass when scheduled AirGap jobs are run. Commands are available to be run from the vault agent to manually initiate a push of this information. Documentation is available here.
—————————————————
T19599 Migrate Configuration from Protected to Vault Cluster
A new tab in the AirGap window "Migrate Configuration" is now available to copy shares/exports related to AirGap jobs to the vault cluster without the source cluster being available. Documentation is available here - see section "Configuration Data Sync Steps Eyeglass".
—————————————————
T21214 AirGap Enterprise can now support multiple vaults managed from the same Eyeglass
AirGap Enterprise can now support multiple vaults managed from the same Eyeglass. Commands for maintenance window have been updated to support this and can be found here. New multi-vault commands can be found here.
—————————————————
T22123 Command to send vault agent logs manually
A command is now available manually initiate sending of the vault agent logs to Eyeglass. Requires that the vault has been opened prior to running the command. Documentation can be found here.
—————————————————
T21490 Monitor AirGap SyncIQ Policies for changes to configuration
A new job assesses whether there have been any changes to SyncIQ policy configuration for those policies configured to copy data into the vault each time inventory runs. If any change is found an alarm is raised with alarm code SCA0098.
—————————————————
T21830 AirGap Enterprise Fiber cutter option
AirGap Enterprise can now be configured with a physical fiber cutter for maximum data separation with full optical light borken with a layer 0 device. Requires purchase of a 3rd party device from Echola.
Fixed in AirGap 2.5.8.1-22080
T22930 AirGap Enterprise Replication Nodes require access to Production Network
For AirGap Enterprise the nodes on the production cluster that are used to replicate to the vault must also have network connectivity to Eyeglass.
Resolution: A new flag "--protectedManagementNode" has been introduced for adding then production (protected) cluster in the vault agent to identify which node on the production cluster should be used for communication with Eyeglass.
—————————————————–
T20932 AirGap Job Reports csv do not report failed jobs
AirGap Job reports that are sent out by schedule or created manually do not report on failed jobs in the attached csv. Failed jobs are correctly reported in the email summary.
Resolution: AirGap job reports csv now correctly report on failed SyncIQ jobs.
—————————————————–
New for AirGap 2.5.8-22028
Refer to previous 2.5.8 build information.
New for AirGap 2.5.8-21330
Refer to previous 2.5.8 build information.
New for AirGap 2.5.8-21306
T20945 AirGap - Alarm Conditions (AirGap Enterprise)
New alerts raised under following conditions for AirGap Enterprise
starting AirGap job - Informational alert
finishing AirGap job; - Informational alert SCA0090 Vault AirGap job <job> Succeeded
reviewing vault agent for new policies or schedule; - Informational alert SCA0095 Ransomware Defender AirGap Schedules query
AirGap job not respecting schedule; Critical Alert -SCA0096 - Ransomware Defender AirGap job did not run according to scheduled
failed AirGap job; Critical alert - SCA0082 - Ransomware Defender AirGap job <job> failed - needs attention
vault is opened when no AirGap job is running; Critical alert - SCA0091 - Vault is opened - No running tasks on vault
maintenance window alarm. - Critical Alert - SCA0091 Vault is opened - Vault is opened for x minutes, when the maintenance window expires the alarm is cleared from active alarms
New for AirGap 2.5.8-21240 - Controlled Availability
T21212 AirGap Enterprise does not require Static Route configuration
Managing AirGap Enterprise incorrectly required that the AirGap Basic static route be configured. The static route configuration is no longer required when the airgap job is managed by the vault agent.
T21042 Automated retrieval of vault cluster logs (AirGap Enterprise required)
Automated retrieval of vault cluster logs can now be configured. More information can be found here.
New for AirGap 2.5.8-21213/21222 - Controlled Availability
T19522 AirGap Enterprise
AirGap solution with an inside the vault host and VM that opens and closes the vault from within the vault. This is done by removing the replication interfaces from the IP pool which removes the IP address from the interfaces. This mode places a VM inside the vault and disables the IP stack that connects the vault cluster to any outside network.
Documentation for AirGap Enterprise is available here:
Fixed in 2.5.8-21330
T22171 - Log4j Vulnerability - Upgrade to Log4j 2.17.0 (2.5.8-21330 and higher Log4j 2.17.0 )
Fixed in 2.5.8-21306
T22033 Log4j Vulnerability - CVE-2021-44228
Resolution: log4j version updated to 2.15.0 which has patch for the vulnerability.
—————————————————
Fixed in 2.5.8-21222
T20770 AirGap Event Retrieval Job Fails with No route to host
AirGap Event Retrieval job uses the IP address configured in Eyeglass to manage the production Powerscale cluster. If that IP address is not associated with a node that is configured in the AirGap pool for replication to the vault then event retrieval fails because the static route applied to the AirGap pool is only applied to the nodes in the pool.
Resolution: IP address from a node in the AirGap pool is now used for event retrieval. Note that additional sudoer permissions required as documented here.
T20790 AirGap SyncIQ policy timeout uses failover timeout setting
The amount of time that RansomwareDefender will wait for an AirGap SyncIQ job to complete is defined in the Eyeglass system.xml "failovertimeout" setting. Impact: If the "failovertimeout" setting is lower than the time required for the SyncIQ policy to complete, the AirGap job will timeout and remove the static routes causing the AirGap SyncIQ job to fail with an incomplete update to the vault copy of the data.
Resolution: Eyeglass system.xml now has separate tag for timeout setting for AirGap SyncIQ policy: airgapJobTimeout. Post upgrade this tag will need to be set to the desired value. Default is 240 minutes.
T20358 Not able to create an AirGap Job Report for a selected period
The AirGap Reports tab feature to Create Report for a custom time frame results in an error and the report is not produced. Impact: This does not affect the daily AirGap job report that is sent out. The issue is specific to custom report generation.
Resolution: Specific timeframe can now be selected.
T19195, T19221 AirGap Job shows success when failed
Under some circumstances if an AirGap job fails, such as running the AirGap SyncIQ job or AirGap job source cluster unreachable, the AirGap Config window job status shows success.
Resolution: Alarm and running job info and job history correctly show the failure.
Fixed in 2.5.8-21213
T20766 Cannot view second page of AirGap Config AirGap job list
The AirGap Config list of AirGap jobs list is limited to 10 jobs per page. If you have configured more than 10 jobs, when you navigate to the second page the display is blank.
Resolution: AirGap Jobs are now displayed on all pages.
Known Issues
T15104 Default schedule does not run the job
Airgap jobs are created with a default schedule (daily at midnight) but Status shows as Not Scheduled and jobs never run.
Workaround: Set a manual schedule.
—————————————————–
T15300 Error on manually connecting Airgap not displayed
If the command to manually establish connectivity igls airgap connect fails it correctly does not apply the static route but the status message indicates that connectivity has been established.
Workaround: Verify from Isilon interface whether pool has static route applied.
—————————————————–
T15333 No notification if Airgap jobs are globally disabled
After using the command igls airgap disable to globally disable Airgap jobs there is no alarm to notify administrator of this action and no indication in the GUI that action has been taken.
Workaround: Airgap last run date can be used to determine whether it is running on it's schedule.
—————————————————–
T16199 No alarm if Airgap event retrieval from Powerscale cluster is in error
If the job to retrieve events from Powerscale cluster encounters an error there is no alarm raised to notify administrator.
Workaround: Login to the Eyeglass GUI and check the status of the event retrieval job.
—————————————————–
T16436 Airgap Jobs cannot be manually run from the Airgap window
Airgap Jobs cannot be manually run from the Airgap window.
Workaround: Airgap jobs must be manually run from the Eyeglass Jobs window.
—————————————————–
T16456 Customized Airgap schedules reset to default after upgrade
After an upgrade, the Airgap schedules get reset to the default once a day setting.
Workaround: Document schedules prior to upgrade and reapply post upgrade.
—————————————————–
T16457 Airgap window not refreshed
After adding a new job the Airgap window is not refreshed to show the new job.
Workaround: Close and reopen the Airgap window.
—————————————————–
T16470 Renaming Airgap SyncIQ policy does not preserve original settings
If an Airgap SyncIq policy is renamed the settings related to this SyncIQ policy are not preserved in Eyeglass.
Workaround: Reapply settings in Eyeglass once Inventory has run and the Airgap job with new name is visible in Eyeglass.
—————————————————–
T16476 AirGap Job continues to run after Powerscale cluster deleted from Eyeglass
If there are Airgap jobs related to Powerscale cluster that has been deleted from Eyeglass, Eyeglass will continue to attempt to run them but the job will not succeed.
Workaround: None required. No alarm is generated.
—————————————————–
T19609, T19632 User Disabled AirGap Job may have status of having been run when it has not
If an AirGap Job is User Disabled in the Jobs window, it may appear in Running Jobs, AirGap Jobs History or show a Last Run date as though it had run after being user disabled even though it did not actually open the vault and run the airgap SyncIQ job.
Workaround: Check on Powerscale directly to confirm that AirGap SyncIQ job has not been run.
—————————————————–
T19631 AirGap Config window time uses Eyeglass appliance timezone
The date and time shown in the AirGap Config window uses the Eyeglass appliance timezone instead of the timezone of the computer which is accessing Eyeglass as is done elsewhere in the GUI.
Workaround: If Eyeglass appliance and local browser time zone are different, manually convert the date / timestamps in the AirGap Config window to the local browser time zone to be able to compare run times in different windows.
—————————————————–
T20966 AirGap Job Configuration lost on rediscover or anyrelease restore
If the igls rediscover command is executed on Eyeglass with AirGap configuration or an anyrelease restore to a new appliance the AirGap Job Configuration for subnet mask and gateway are lost. Schedule is maintained.
Workaround: Consult with support.superna.net before performing either of those operations. Keep an independent record of AirGap job configuration.
—————————————————–
T21134 AirGap Basic Job can be started from Jobs window without AirGap role
Any member of a User Role with the Jobs Modify permission can run an AirGap Basic job.
Workaround: Only include Jobs Modify permission for roles where it is required and limit membership to Roles with the Jobs Modify permission.
—————————————————–
T21863 AirGap Basic static route remains on error
If an error occurs which leaves the static route behind, there is no mechanism that will automatically remove the static route and it will cause the next scheduled AirGap job to fail.
Workaround: Static route must be removed manually. Introduced in Release 2.5.8 there is a check every 5 minutes to determine whether the vault is open when it shouldn't be that can be used to alert to this condition and that manual removal of static route is required.
—————————————————–
T21327 Managed Device Alarms have incorrect date and are sorted oldest to newest
The vault cluster events displayed in Managed Device Alarms have the date/time they were retrieved rather than the actual event date and are sorted oldest to newest.
Workaround: Use pagination to navigate to newer alerts.
—————————————————–
T21224 Snapshot schedule job created for AirGap Job
A Snapshot Schedule Configuration Replication job is incorrectly created for each AirGap job and is enabled. When Configuration Replication runs the Snapshot Schedule jobs are also run and result in error for AirGap jobs as the target cluster (vault cluster) is not reachable.
Workaround: Set the Snapshot Schedule jobs for the AirGap Jobs to User Disabled.
—————————————————–
T21147 Customizing AirGap policy prefix results in job errors
If the AirGap Job SyncIQ policy prefix is customized, existing and new AirGap jobs are in error.
Workaround: Contact support.superna.net for assistance to remove references to previous prefix jobs.
—————————————————–
T21659 AirGap state - network disconnected in UI
If a scheduled AirGap job runs and finishes while a maintenance window is active to keep the vault open, on the GUI the AirGap State shows Network Disconnected even though the AirGap is still open as per the maintenance window parameters. Impact: Display only, the AirGap stays open as expected until the maintenance window timer expires at which point it is closed.
Workaround: None required. Once the maintenance window expires, the vault will be closed and you will receive notification as an informational alert
—————————————————–
T20945 AirGap Open Check may not detect vault open
AirGap Open Check uses the IP address configured in Eyeglass to manage the production Powerscale cluster. If that IP address is not associated with a node that is configured in the AirGap pool for replication to the vault then the open check will find that the vault cluster is always closed and not detect an open state.
Workaround: For AirGap basic the next AirGap job will error due to static route still being present. For AirGap Enterprise, the vault agent will detect the open vault and close it without any manual intervention and no alarming.
—————————————————–
T23094 Vault Cluster Event Retrieval fails for AirGap Basic in 2.5.8.1
As of 2.5.8.1, the task to retrieve alarms from vault cluster during the AirGap job fails and no alarms from the vault cluster are gathered.
Workaround: None available. Until this issue is fixed, AirGap basic customer should not upgrade. Plan to address in a patch release.
—————————————————–
T20525 Connectivity check does not work for AirGap Enterprise with Fiber Cutter
The connectivity check command ecactl airgap check --prod <cluster> run from the vault agent does not work for AirGap Enterprise configured with Fiber Cutter.
Workaround: Manually open the vault and manually check connectivity.
—————————————————–
T23399 No validation when adding vault cluster
There is no validation when adding vault cluster that all required parameters have been configured and that entries have valid format. If misconfigured, AirGap jobs will not run.
Workaround: Use manual process and connectivity check to verify configuration.
—————————————————–
T23400 Fiber Cutter Error Handling
If there is an configuration or environmental issue that prevents connectivity on the Fiber Cutter deployment, no error is provided when the AirGap jobs fail.
Workaround: Contact support.superna.net for assistance.
Known Limitations
T19614 AirGap Job consideration of Easy Auditor Active Auditor Active Event not configurable
If in the Easy Auditor Active Auditor "Active Events" list there is an Active Event listed at the time when the AirGap job is scheduled to run, the AirGap Job will be blocked from running with the message "Found active RSW events, will not run AirGap job...." and in the AirGap Config GUI the job AirGap State is "Disabled for Active Events" and Status is Error.
Easy Auditor Active Events should be managed and cleared to not impact AirGap jobs. This behaviour may be made configurable in a future release to be able to specify whether or not active auditor events block AirGap jobs.
T21316 Vault stays open for vault cluster event retrieval
If event retrieval from the vault cluster takes longer than running the AirGap SyncIQ job, the vault will stay open until the event retrieval step completes after which it will be closed.
T21274 Alarm raised for vault open in Eyeglass is not cleared after maintenance window is finished
Alarm raised when vault manually opened for maintenance window is not cleared once the maintenance window is ended and vault is closed again. Alarm is able to be manually cleared.
T21851 AirGap Enterprise vault open alarm limitation
In the interval between when the the vault is opened and the associated task is started, a vault open alarm may be triggered as the related task has not been started so the condition of vault open when it should not be is detected.
Workaround: Verify that an associated vault task such as running airgap job or checking for schedule has started shortly after the alarm was raised.