Software Releases

Release 2.5.9.1 - Release Notes Ransomware Defender AirGap 2.0

Home



What’s New in Superna Eyeglass Ransomware Defender Edition Release 2.5.9.1 AirGap 2.0


What’s New! In Superna Eyeglass Ransomware Defender AirGap 2.0 Release 2.5.9.1

  1. Initial config settings are lost after cluster down on ECSsync UI. We added a default configuration which will be loaded at cluster up. There is no email in it, and the path of it is at /opt/emc/ecs-sync/config

  2. We added sync schedules via CLI or cron string to change Airgap jobs schedules

to check the existing schedule:

1igls airgap changeschedule --job="<Job-name>"

to change the airgap job schedule:

1igls airgap changeschedule set --job="<job-name>" --cronstr=<5-fields-cron-string>

       3. File transfer over SSL can use standard encryption and ports to secure the data. 


Supported OneFS releases

Source cluster

8.2.0.x

8.2.1.x

8.2.2.x

9.1

9.2

9.3

9.4


Target Airgap Cluster

8.2.2.x

9.1.0.0

9.2.0.x

9.3.x.x

9.4.x.x

Supported Eyeglass releases

Superna Eyeglass Ransomware Defender Version


Superna Eyeglass Version


2.5.9-222312.5.9-22231
2.5.8.2-22164
2.5.8.2-22164


Inter Release Functional Compatibility


OneFS 8.0

OneFS 8.1
OneFS 8.2

OneFS 8.0 -

OneFS 8.1

OneFS 8.0 or 8.1 - OneFS 8.2
      
     




End of Life Notifications

End of Life Notifications can be found here.


End of Support in Release 2.5.9

No end of support notices in release 2.5.9. 


Deprecation Notices

No deprecation notices at this time.


Technical Advisories

Technical Advisories for all products are available here.

New/Fixed for AirGap 2.5.9

Stability and bug fixes

New/Fixed for AirGap 2.5.8.2-22164

New/Fixed for AirGap 2.5.8.1-22116

Refer to previous 2.5.8.1 releases.

New/Fixed for AirGap 2.5.8.1-22100

Refer to previous 2.5.8.1 releases.

New for AirGap 2.5.8.1-22080

T22072 AirGap Enterprise Events and Disk Usage Retrieval is now a push

For AirGap Enterprise deployments, vault cluster events and disk usage are now pushed to Eyeglass when scheduled AirGap jobs are run. Commands are available to be run from the vault agent to manually initiate a push of this information. Documentation is available here.

T19599 Migrate Configuration from Protected to Vault Cluster

A new tab in the AirGap window, "Migrate Configuration", is now available to copy shares/exports related to AirGap jobs to the vault cluster without the source cluster is available. Documentation is available here - see the section "Configuration Data Sync Steps Eyeglass".

T21214 AirGap Enterprise can now support multiple vaults managed from the same Eyeglass

AirGap Enterprise can now support multiple vaults managed from the same Eyeglass. Commands for the maintenance window have been updated to support this and can be found here. New multi-vault commands can be found here

T22123 Command to send vault agent logs manually

A command is now available manually initiate sending of the vault agent logs to Eyeglass. Requires that the vault has been opened prior to running the command. Documentation can be found here.

T21490 Monitor AirGap SyncIQ Policies for changes to configuration

A new job assesses whether there have been any changes to SyncIQ policy configuration for those policies configured to copy data into the vault each time inventory runs. If any change is found an alarm is raised with alarm code SCA0098.

T21830 AirGap Enterprise Fiber cutter option

AirGap Enterprise can now be configured with a physical fiber cutter for maximum data separation with full optical light borken with a layer 0 device. Requires purchase of a 3rd party device from Echola.

Fixed in AirGap 2.5.8.1-22080


T22930 AirGap Enterprise Replication Nodes require access to Production Network

For AirGap Enterprise, the production cluster nodes that replicate to the vault must also have network connectivity to Eyeglass.

Resolution: A new flag "--protectedManagementNode" has been introduced for adding the production (protected) cluster in the vault agent to identify which node on the production cluster should be used for communication with Eyeglass. 

T20932 AirGap Job Reports CSV does not report failed jobs

AirGap Job reports sent out by schedule or created manually do not report on failed jobs in the attached CSV.  Failed jobs are correctly reported in the email summary.

Resolution: AirGap job reports CSV now correctly report on failed SyncIQ jobs.


New for AirGap 2.5.8-22028

Refer to the previous 2.5.8 build information.

New for AirGap 2.5.8-21330

Refer to the previous 2.5.8 build information.

New for AirGap 2.5.8-21306

T20945 AirGap - Alarm Conditions  (AirGap Enterprise)

New alerts were raised under the following conditions for AirGap Enterprise

  • starting AirGap job - Informational alert

  • finishing AirGap job; - Informational alert SCA0090  Vault AirGap job <job> Succeeded

  • reviewing vault agent for new policies or schedule; - Informational alert SCA0095 Ransomware Defender AirGap Schedules query

  • AirGap job not respecting schedule; Critical Alert -SCA0096 - Ransomware Defender AirGap job did not run according to schedule

  • failed AirGap job; Critical alert - SCA0082 - Ransomware Defender AirGap job <job> failed - needs attention

  • vault is opened when no AirGap job is running; Critical alert - SCA0091 - Vault is opened - No running tasks on vault

  • maintenance window alarm. - Critical Alert - SCA0091 Vault is opened - Vault is opened for x minutes; when the maintenance window expires, the alarm is cleared from active alarms


New for AirGap 2.5.8-21240 - Controlled Availability

T21212 AirGap Enterprise does not require Static Route configuration

Managing AirGap Enterprise incorrectly required that the AirGap Basic static route be configured. The static route configuration is no longer required when the airgap job is managed by the vault agent.

T21042 Automated retrieval of vault cluster logs (AirGap Enterprise required)

Automated retrieval of vault cluster logs can now be configured. More information can be found here.

New for AirGap 2.5.8-21213/21222 - Controlled Availability

T19522 AirGap Enterprise

AirGap solution with an inside-the-vault host and VM that opens and closes the vault from within the vault. This is done by removing the replication interfaces from the IP pool which removes the IP address from the interfaces.  This mode places a VM inside the vault and disables the IP stack that connects the vault cluster to any outside network.

Documentation for AirGap Enterprise is available here:




Fixed in 2.5.8-21330

T22171 - Log4j Vulnerability - Upgrade to Log4j 2.17.0 (2.5.8-21330 and higher Log4j 2.17.0 )

Fixed in 2.5.8-21306

T22033 Log4j Vulnerability - CVE-2021-44228

Resolution: log4j version has been updated to 2.15.0, which has a patch for the vulnerability.


Fixed in 2.5.8-21222

T20770 AirGap Event Retrieval Job Fails with No route to host

AirGap Event Retrieval job uses the IP address configured in Eyeglass to manage the production Powerscale cluster. If that IP address is not associated with a node that is configured in the AirGap pool for replication to the vault then event retrieval fails because the static route applied to the AirGap pool is only applied to the nodes in the pool.

Resolution: The IP address from a node in the AirGap pool is now used for event retrieval. Note that additional sudoer permissions are required as documented here.

T20790 AirGap SyncIQ policy timeout uses a failover timeout setting

The amount of time that RansomwareDefender will wait for an AirGap SyncIQ job to complete is defined in the Eyeglass system.xml "failovertimeout" setting. Impact: If the "failovertimeout" setting is lower than the time required for the SyncIQ policy to complete, the AirGap job will timeout and remove the static routes causing the AirGap SyncIQ job to fail with an incomplete update to the vault copy of the data.

Resolution: Eyeglass system.xml now has a separate tag for the timeout setting for AirGap SyncIQ policy: airgapJobTimeout. This tag will need to be upgraded to the desired value. Default is 240 minutes.

T20358 Not able to create an AirGap Job Report for a selected period

The AirGap Reports tab feature to Create Report for a custom time frame results in an error and the report is not produced. Impact: This does not affect the daily AirGap job report that is sent out. The issue is specific to custom report generation.

Resolution: Specific timeframe can now be selected.

T19195, T19221 AirGap Job shows success when failed

Under some circumstances if an AirGap job fails, such as running the AirGap SyncIQ job or AirGap job source cluster unreachable, the AirGap Config window job status shows success.

Resolution: Alarm and running job info and job history correctly show the failure.


Fixed in 2.5.8-21213

T20766 Cannot view second page of AirGap Config AirGap job list

The AirGap Config list of AirGap jobs list is limited to 10 jobs per page. If you have configured more than 10 jobs, when you navigate to the second page the display is blank.

Resolution: AirGap Jobs are now displayed on all pages.

 


Known Issues

T15104 Default schedule does not run the job

Airgap jobs are created with a default schedule (daily at midnight) but Status shows as Not Scheduled and jobs never run.

Workaround: Set a manual schedule.

T15300 Error on manually connecting Airgap not displayed

If the command to manually establish connectivity igls airgap connect fails it correctly does not apply the static route but the status message indicates that connectivity has been established.

Workaround: Verify from Isilon interface whether pool has static route applied.

T15333 No notification if Airgap jobs are globally disabled

After using the command igls airgap disable to globally disable Airgap jobs there is no alarm to notify administrator of this action and no indication in the GUI that action has been taken.

Workaround: Airgap last run date can be used to determine whether it is running on it's schedule.

T16199 No alarm if Airgap event retrieval from Powerscale cluster is in error

If the job to retrieve events from Powerscale cluster encounters an error there is no alarm raised to notify administrator.

Workaround: Login to the Eyeglass GUI and check the status of the event retrieval job.

T16436 Airgap Jobs cannot be manually run from the Airgap window

Airgap Jobs cannot be manually run from the Airgap window.

Workaround: Airgap jobs must be manually run from the Eyeglass Jobs window.  

T16456 Customized Airgap schedules reset to default after upgrade

After an upgrade, the Airgap schedules get reset to the default once a day setting.

Workaround: Document schedules prior to upgrade and reapply post upgrade.

T16457 Airgap window not refreshed

After adding a new job the Airgap window is not refreshed to show the new job.

Workaround: Close and reopen the Airgap window.

T16470 Renaming Airgap SyncIQ policy does not preserve original settings

If an Airgap SyncIq policy is renamed the settings related to this SyncIQ policy are not preserved in Eyeglass.

Workaround: Reapply settings in Eyeglass once Inventory has run and the Airgap job with new name is visible in Eyeglass.

T16476 AirGap Job continues to run after Powerscale cluster deleted from Eyeglass

If there are Airgap jobs related to Powerscale cluster that has been deleted from Eyeglass, Eyeglass will continue to attempt to run them but the job will not succeed.

Workaround: None required. No alarm is generated.

T19609, T19632 User Disabled AirGap Job may have status of having been run when it has not

If an AirGap Job is User Disabled in the Jobs window, it may appear in Running Jobs, AirGap Jobs History or show a Last Run date as though it had run after being user disabled even though it did not actually open the vault and run the airgap SyncIQ job.

Workaround: Check on Powerscale directly to confirm that AirGap SyncIQ job has not been run.

T19631 AirGap Config window time uses Eyeglass appliance timezone

The date and time shown in the AirGap Config window uses the Eyeglass appliance timezone instead of the timezone of the computer which is accessing Eyeglass as is done elsewhere in the GUI.

Workaround: If Eyeglass appliance and local browser time zone are different, manually convert the date / timestamps in the AirGap Config window to the local browser time zone to be able to compare run times in different windows.

T20966 AirGap Job Configuration lost on rediscover or anyrelease restore

If the igls rediscover command is executed on Eyeglass with AirGap configuration or an anyrelease restore to a new appliance the AirGap Job Configuration for subnet mask and gateway are lost. Schedule is maintained.

Workaround: Consult with support.superna.net before performing either of those operations. Keep an independent record of AirGap job configuration.

T21134 AirGap Basic Job can be started from Jobs window without AirGap role

Any member of a User Role with the Jobs Modify permission can run an AirGap Basic job.

Workaround: Only include Jobs Modify permission for roles where it is required and limit membership to Roles with the Jobs Modify permission.

T21863 AirGap Basic static route remains on error

If an error occurs which leaves the static route behind, there is no mechanism that will automatically remove the static route and it will cause the next scheduled AirGap job to fail.

Workaround: Static route must be removed manually. Introduced in Release 2.5.8 there is a check every 5 minutes to determine whether the vault is open when it shouldn't be that can be used to alert to this condition and that manual removal of static route is required.

T21327 Managed Device Alarms have incorrect date and are sorted oldest to newest

The vault cluster events displayed in Managed Device Alarms have the date/time they were retrieved rather than the actual event date and are sorted oldest to newest.

Workaround: Use pagination to navigate to newer alerts.

T21224 Snapshot schedule job created for AirGap Job

A Snapshot Schedule Configuration Replication job is incorrectly created for each AirGap job and is enabled.  When Configuration Replication runs the Snapshot Schedule jobs are also run and result in error for AirGap jobs as the target cluster (vault cluster) is not reachable.

Workaround: Set the Snapshot Schedule jobs for the AirGap Jobs to User Disabled.

T21147 Customizing AirGap policy prefix results in job errors

If the AirGap Job SyncIQ policy prefix is customized, existing and new AirGap jobs are in error.

Workaround: Contact support.superna.net for assistance to remove references to previous prefix jobs.

T21659 AirGap state - network disconnected in UI

If a scheduled AirGap job runs and finishes while a maintenance window is active to keep the vault open, on the GUI the AirGap State shows Network Disconnected even though the AirGap is still open as per the maintenance window parameters.  Impact: Display only, the AirGap stays open as expected until the maintenance window timer expires at which point it is closed.

Workaround:  None required.  Once the maintenance window expires, the vault will be closed and you will receive notification as an informational alert 

T20945 AirGap Open Check may not detect vault open

AirGap Open Check uses the IP address configured in Eyeglass to manage the production Powerscale cluster. If that IP address is not associated with a node that is configured in the AirGap pool for replication to the vault then the open check will find that the vault cluster is always closed and not detect an open state.

Workaround: For AirGap basic the next AirGap job will error due to static route still being present. For AirGap Enterprise, the vault agent will detect the open vault and close it without any manual intervention and no alarming.

T23094 Vault Cluster Event Retrieval fails for AirGap Basic in 2.5.8.1

As of 2.5.8.1, the task to retrieve alarms from vault cluster during the AirGap job fails and no alarms from the vault cluster are gathered.

Workaround:  None available.  Until this issue is fixed, AirGap basic customer should not upgrade.  Plan to address in a patch release.

T20525 Connectivity check does not work for AirGap Enterprise with Fiber Cutter

The connectivity check command ecactl airgap check --prod <cluster> run from the vault agent does not work for AirGap Enterprise configured with Fiber Cutter.

Workaround: Manually open the vault and manually check connectivity.

T23399 No validation when adding vault cluster

There is no validation when adding vault cluster that all required parameters have been configured and that entries have valid format.  If misconfigured, AirGap jobs will not run.

Workaround: Use manual process and connectivity check to verify configuration.

T23400 Fiber Cutter Error Handling

If there is an configuration or environmental issue that prevents connectivity on the Fiber Cutter deployment, no error is provided when the AirGap jobs fail.

Workaround: Contact support.superna.net for assistance.

AIRGAP- 404 [Airgap Reports] It shows an Error for the Job when creating a report manually

Manual report creation test- Failed

Reports are getting generated when create manually but It shows an Error for Job

When clicking on AIRGAP Icon & Navigate to Airgap reports and creating a report you observe an error in the jobs window

AIRGAP 416-Vault Agent log archive has incorrect naming

Vault Agent log archive has incorrect naming

AIRGAP-429 Data is replicated when there are active ransomware events

Setup:

  1. Pause data replication when active ransomware events detected option checked
  2. ransomware events raised
  3. Airgap ECS sync job runs on schedule

Reproduced on: 2.5.9-22231

Expected behaviour: The job failed due to active rsw events

Actual behaviour: the job is finished, data replicated, and only a warning message showed

AIRGAP- 434 CAS jobs are not pushed into Eyeglass

AIRGAP-490 The event Retrieval job fails for Basic AirGap

Once the AirGap job starts to run, the Event Retrieval job also starts.


Known Issues ECS

Airgap-147 Total number of jobs in AirGap report is incorrect

In some cases, there can be a discrepancy between the total shown in the pagination view of airgap jobs history and the number shown in the job report. The number in the report is accurate.

Workaround: use the job report to determine the actual number of jobs run.

Airgap-221 NULL is displayed for Source in Managed Devices Alerts

When proxying alerts from the vault ECS cluster in the ECS airgap solution, the Source is listed as null.

Workaround: none

Airgap-224 Job update to Eyeglass is not working as expected

When adding a new job to ecssync, sometimes the update does not get pushed to eyeglass and the user has to run ecactl ecssync updatejobs to force it to update.

Workaround: run ecactl ecssync updatejobs every time after modifying the jobs on ecssync.

Airgap-289 Active RWD events are ignored when starting AirGap ECSsync jobs from UI using Run Now

AirGap ECSsync jobs with the ‘Pause data replication when active ransomware events detected’ option selected and the jobs are started from UI using Run Now, the jobs will continue to run with active RWD events.

Workaround: Setup the schedule for the jobs or start the job with CLI command 'ecactl ecssync startjob --job xxx'

Airgap-226 Docker issues in Vault Agent

Docker may stop working if the ECS sync cluster up for a long period of time.

Workaround: Contact Superna customer support or run

  • ecactl cluster down

  • sudo systemctl restart docker

  • remove docker network: docker network rm <TAB>

  • ecactl cluster up

AIRGAP-372 Not all the AirGap ECSsync jobs are started when scheduled

On the multi-vault system that has 3 vaults managed by the same eyeglass, each vault has 5 jobs. All 15 AirGap ECSsync jobs are scheduled to run at the same time, every 15 minutes. On the second vault agent, only 3 out of 5 jobs are started automatically

 

 

 

Known Limitations

T19614 AirGap Job consideration of Easy Auditor Active Auditor Active Event not configurable

Suppose in the Easy Auditor Active Auditor "Active Events" list, and there is an Active Event listed at the time when the AirGap job is scheduled to run. In that case, the AirGap Job will be blocked from running with the message "Found active RSW events, will not run AirGap job...." In the AirGap Config GUI, the job AirGap State is "Disabled for Active Events", and the Status is Error.

Easy Auditor Active Events should be managed and cleared not to impact AirGap jobs. This behaviour may be configurable in a future release to specify whether or not active auditor events block AirGap jobs.

T21316 Vault stays open for vault cluster event retrieval

If event retrieval from the vault cluster takes longer than running the AirGap SyncIQ job, the vault will stay open until the event retrieval step completes after which it will be closed.

T21274 Alarm raised for vault open in Eyeglass is not cleared after maintenance window is finished

Alarm raised when vault manually opened for maintenance window is not cleared once the maintenance window is ended and vault is closed again. Alarm is able to be manually cleared.

T21851 AirGap Enterprise vault open alarm limitation

In the interval between when the the vault is opened and the associated task is started, a vault open alarm may be triggered as the related task has not been started so the condition of vault open when it should not be is detected. 

Workaround: Verify that an associated vault task such as running airgap job or checking for schedule has started shortly after the alarm was raised.

Airgap-329 Vault agent names must be case-insensitively unique

Vault agent names must be case-insensitively unique when you have multiple vault agents added. 

AIRGAP-427 Airgap ECS sync jobs get duplicated sometimes

Airgap ECS sync jobs get duplicated sometimes

workaround:

Remove the duplicated job from ECS sync UI





© Superna Inc