Skylight orchestrator 23.12.2 Release Notes
  • 19 Dec 2024
  • 12 Minutes to read
  • Contributors
  • PDF

Skylight orchestrator 23.12.2 Release Notes

  • PDF

Article summary

Cisco is pleased to announce the 23.12.2 release of Skylight orchestrator. These release notes cover the new features, changes, corrected issues, and known limitations for Skylight orchestrator version 23.12.2. Read the release notes before installing this firmware version.

The following topics are addressed in this document:

  • Corrected Issues: Lists issues that have been corrected in this version of the software.

  • Technology Support: Covers the applicable product information.

  • Upgrade Paths: Details the supported upgrade paths for this release.

  • Deployment Considerations: Covers general limitations of the current release.

  • Release Lifecycle: Lists the planned lifecycle dates of this software release. Includes table with milestones.

For more information, see the Features and User Material documentation.

Corrected Issues

As part of our commitment to providing ongoing security updates to the 23.12 LTS release, the following key issues have been addressed in Skylight orchestrator 23.12.2.

Ubuntu Security Vulnerabilities

  • Ubuntu Security Notification for CRM shell Vulnerability (USN-6711-1) - (CVE-2020-35459)

  • Ubuntu Security Notification for util-linux Vulnerability (USN-6719-2) - (CVE-2024-28085)

  • Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6726-1) - (CVE-2023-52469)

  • Ubuntu Security Notification for nghttp2 Vulnerabilities (USN-6754-1) - (CVE-2019-9513)

  • Ubuntu Security Notification for less Vulnerability (USN-6756-1) - (CVE-2024-32487)

  • Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6767-1) - (CVE-2024-26598)

  • Ubuntu Security Notification for GLib Vulnerability (USN-6768-1) - (CVE-2024-34397)

  • Ubuntu Security Notification for idna Vulnerability (USN-6780-1) - (CVE-2024-3651)

  • X.509 Certificate Subject CN Does Not Match the Entity Name  

  • TLS/SSL Weak Message Authentication Code Cipher Suites  

  • TLS/SSL Server Supports The Use of Static Key Ciphers  

  • HTTP OPTIONS Method Enabled                

  • TCP timestamp response

Note: The following CVEs do not impact Skylight orchestrator:

  • Spring Framework < 5.3.41 / 6.0.x < 6.0.25 / 6.1.x < 6.1.14 Multiple Vulnerabilities (CVE-2024-38819)

  • OpenSSL 3.0.0 < 3.0.16 Vulnerability - (CVE-2024-9143)

  • SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

  • Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Traceroute vulnerability (USN-6478-1) - (CVE-2023-46316)

  • Ubuntu 20.04 ESM : NTP vulnerability (USN-5175-1) - (CVE-2020-15025)


HTML Injection and Information Disclosure Vulnerabilities

Vulnerabilities relating to HTML injection, occurring when creating a username that includes HTML characters, and information disclosure, the unauthorized access to system data, have been reported.

Unable to Display NTP Server List Box Using Reverse Proxy

The NTP server list box is not displayed when connecting via reverse proxy, but it works fine with a direct connection. Users cannot see or modify NTP settings through the reverse proxy.

Technology Support

These release notes apply to the following product:

Product Name

Software Version

Software Files

Skylight orchestrator virtual machine

23.12.2 GA

SO_v23.12.2_17_vm_core.ova

upgradeAppliance-SO_v23.12.2_17_package- prod.tar


SO_v23.12.2_17.fsa

Skylight orchestrator virtual machine

23.12.2 GA

SO_ v23.12.2_17_vm_core. qcow2

upgradeAppliance-SO_v23.12.2_17_package- prod.tar


SO_v23.12.2_17.fsa

The following table lists key functionality of Assurance Sensors, Assurance Sensor Control, Assurance Sensor Modules, and Assurance Sensor SFPs supported by Skylight orchestrator 23.12.2.

Supported in Skylight orchestrator Version 23.12.2

Functionality

AT

TE

GE

10

GE

GT/GX

LT/LX

Modules

SFP Compute

Sensor control

FS & FS10G

FSX

Flex 100

Flex 25

Device Management

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

Device Commissioning

checkmark.png*

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png *

checkmark.png *

Y.1564/RFC2544

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png **

checkmark.png **

Metrics Collection

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

Alarms

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

Inventory

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

checkmark.png

Performance Session Management

checkmark.png

checkmark.png

checkmark.png

* CLI step support for Device Commissioning
** Y.1564 with flow template support

Upgrade Paths

The upgrade to Skylight orchestrator 23.12.2 requires that you are running a system with one of these previously-installed software versions:

Virtual machine running:

  • 23.12 5K profile

  • 23.12 15K profile

  • 23.12 30K profile

  • 23.12 60K profile

  • 23.12.1 5K profile

  • 23.12.1 15K profile

  • 23.12.1 30K profile

  • 23.12.1 60K profile


Note: Release 23.12.2 does not have a supported upgrade path to Docker-based Skylight orchestrator releases but be a convergence path will be available in the future.

Consider migrating to Skylight orchestrator Docker prior to moving forward with this maintenance release.


Detailed procedures for upgrading to this release are provided in Upgrading to Skylight orchestrator 23.12.2.

IMPORTANT: You cannot upgrade hardware appliances to version 23.12.2.

For customers running SkyLIGHT Director software on hardware appliances, a rehoming procedure is available that allows the transfer of the software and its configuration to a new virtual machine.

Detailed procedures for rehoming on a virtual machine are provided in Virtual Machine Rehoming for Releases Prior to 20.05.

Deployment Considerations

Hypervisor Guidelines

Skylight orchestrator has been tested against KVM and VMware hypervisors. The following guidelines should be used when deploying to these environments:

  • The engineering guidelines of the product must be respected. The product ships with a minimal configuration that in most cases needs to be adjusted to meet the requirements stated in Deployment Profile Configuration. Failure to respect these engineering settings can lead to application downtime and possible data loss.

  • The product was designed assuming MAC addresses and UUIDs assigned on installation of the virtual appliance will persist for the lifetime of the virtual appliance. Licensing functions are tied to these identifiers and unexpected behavior can occur if they are changed. This is especially important when installing the virtual appliance in a cluster. These assignments must be static.

  • When using hypervisor functions that involve dynamic load balancing of guest virtual appliances in a hypervisor cluster (i.e. VMware DRS), the balancing policy should limit rebalancing operations to be done on virtual appliance startup and/or hypervisor host failures.

  • When the Skylight orchestrator VM is deployed on the KVM host, ensure to enable all ports after they are added to Skylight orchestrator.

Device Interoperability

The following section details the firmware releases that are known to interoperate with this release of Skylight orchestrator. Please refer to the Administration documentation for a listing of supported functions for each firmware version.

Support for sensor element software releases 4.7.x, 5.4.x and 5.5.x is deprecated. Plans should be put in place to upgrade your performance elements to more recent versions.

For the releases mentioned below, support for maintenance releases is also included.

Product

Supported Releases

AT 1G Sensor Element

1.2.1

AT 10G Sensor Elements

2.1 -> 2.3

CE & NE Sensor Elements

6.1.0.4 -> 6.4

GE Skylight Element

4.9

GT Skylight Element

7.1.2 -> 7.9.6

GX Skylight Element

7.4 -> 7.9.6

LT Skylight Element

7.1.2 -> 7.9.6

LX Skylight Element

7.9 -> 7.9.6

Skylight VCX

2.5, 2.7 -> 19.07

Skylight sensor: control

19.12 -> 22.12.2

Skylight Flex 100

22.01.1 -> 23.09.1

Skylight Flex 25

23.09 -> 23.09.1

TE Sensor Element

6.1.0.4-> 6.4

Velocity FS

1.0 and 1.1

Velocity FSX

2.1 and 2.2

ESXi Support

Skylight orchestrator release 20.05 and later will not support ESXi hypervisors running release 5.5 and 6.0. Systems running ESXi 6.5 can be upgraded to release 20.05 and later. ESXi 7.0 is supported for release 22.10 and later.

HTTP Interface

The HTTP interface of Skylight orchestrator is no longer supported for GUI operations. HTTP operations are still supported for the REST and XML APIs, but web service clients are urged to switch to the more secure HTTPS protocol.

Customers using browsers with HTTP protocol on port 6080 will automatically be redirected to HTTPS protocol on the same port (6080). This means no firewall changes are required as part of this change.

Disk Sizing for New Installations

The default image size for Skylight orchestrator is now 150 GiB. This image is large enough to support small networks of under 100 network elements and 1,000 performance sessions. For larger networks, the disk size of the image must be increased. This can be achieved via VMware and KVM management tools.

Example disk sizing:

  • For 5,000 elements and 20,000 performance sessions with Round trip delay mode disabled: 370 GiB is recommended

  • For 5,000 elements and 20,000 performance sessions with Round trip delay mode enabled: 430 GiB is recommended

  • For 52,000 performance sessions with Round trip delay mode disabled: 482 GiB is recommended

  • For 52,000 performance sessions with Round trip delay mode enabled: 638 GiB is recommended

  • For 125,000 performance sessions with Round trip delay mode disabled: 920 GiB is recommended

  • For 125,000 performance sessions with Round trip delay mode enabled: 1295 GiB is recommended

Please consult the Skylight orchestrator documentation for sizing guidelines and for procedures on how to increase the disk size.

IPv4 Addresses for Hot Standby

The hot standby feature requires the use of IPv4 addresses for its configuration. For planning purposes, it should also be noted that hot standby configuration requires three (3) distinct subnets for the management, data replication, and heartbeat functions.

IPv6 addresses can be used in addition to these IPv4 interfaces for connectivity to the application interfaces (web and REST APIs) and devices being managed. IPv4 addresses are only required strictly for the hot standby functions.

If you wish to make use of this feature, please contact your Solution Engineering representative to initiate network planning activities.

XML Interface Deprecated

The XML interface is deprecated and has been phased out. Northbound systems are urged to migrate to the CSV file format for PM data reception.

Manager Module Interoperability

Conflicts will arise if both Manager Module and Skylight orchestrator are configured to manage the same Skylight sensor: control. Skylight orchestrator will effectively take over all management of the performance sessions for the Skylight sensor: control, and leave the Manager Module with un-acquired supervision endpoint.

Using this release to add Manager Modules as managed elements is not recommended.

Manager API

The performance session management calls defined at the /nbapi REST endpoint were introduced in SDV 1.6 to duplicate the calls present in the Skylight Director Manager Module. This endpoint was preserved in a backwards compatible fashion to allow REST API clients of the Manager Module to seamlessly switch to the Skylight orchestrator.

This endpoint is to be considered capped. Any new features pertaining to performance session management will be implemented using the /nbapiemswsweb REST endpoint in future releases.

CLI Additions and Changes

The CLI command set of the appliance monitor interface was enhanced to duplicate the mgr-commands that are present in the SkyLIGHT Director Manager module.

These commands were preserved in a backwards compatible fashion to allow customers familiar with the Manager Module command set to migrate to the Skylight orchestrator.

This command set is to be considered capped; no new features will be developed on the CLI functionality.

Browser Support Limitations

The minimum recommended screen resolution to operate Skylight orchestrator is 1360 x 768. Lower resolutions will not provide an optimal experience.

Performing a zoom on your display is not recommended due to incompatible implementations with browsers. If a zoom must be applied, please use a Firefox browser as it has the most standard support for this function.

Due to issues with browser compatibility mode and web sockets, Internet Explorer is no longer supported. Please use Google Chrome (version 70 or higher) or Firefox (version 52 or higher) to access the Skylight orchestrator web interface.

For Windows users, it is also recommended to leave the scale and layout option of the Display settings at a value of 100%.

Restoring Virtual Machine Configuration Backups

Configuration backups of the virtual machine (done via the configuration export command) are not portable from release to release. That is to say, a configuration backup from a 1.6 system should not be used to restore a 19.12 system. Unexpected behavior may occur.

Please ensure that configuration backups are restored on systems running the same release from which the backup was taken.

Metrics Collection CSV Filename Timestamp

In order to align with the CSV filename convention of all other Accedian products (Skylight sensor: control and Skylight elements), this naming strategy is changed in Skylight orchestrator. The timestamp in the CSV filename represents the time when the file was created.

In all cases, the timestamps of the metrics themselves (present within the content of the file) represent the time of when the metric was produced. Only the timestamp contained in the CSV filename is impacted by this change.

Vision Collect Streaming Limitations on 6.4.1.2 and 6.4.2

When using release firmware 6.4.1.2 with Vision Collect, a disconnection from Skylight orchestrator may incur data loss. The data retention periods are not respected and data loss can occur after a few seconds of disconnection.

When using firmware release 6.4.2 in Skylight elements in high resolution mode with packet loss greater than 10% of the management network, some reporting periods may be lost. Please ensure a reliable management network is in place.

These issues are corrected in Skylight element firmware releases 6.4.3 and higher.

The First Result Records for a New Session Are Skipped by CSV Export

When the CSV producer detects a new performance session, it marks its data for extract from the first time it views the session. If the CSV producer is configured to run every five (5) minutes, this can mean that the first five minutes of result data for a new session will not be exported.

This is expected behavior; all performance data after this initial detection phase will be captured by the CSV producer.

Number of Acceptable Firmware Loads

Before upgrading or starting app_server on Skylight orchestrator, you must validate the number of acceptable firmware loads based on the specific profile of the system and upgrade version.

Skylight orchestrator Profile and Acceptable Firmware Loads

Skylight orchestrator Profile

Skylight orchestrator 22.10 (upgrade from previous releases) and 22.07 or prior

Skylight orchestrator 22.10 or later

Skylight orchestrator 23.12 or later

60K profile system

1 Sensor Control or 5 Assurance Sensor loads

2 Sensor Control or 10 Assurance Sensor loads

4 Sensor Control or 20 Assurance Sensor loads

30K profile system

2 Sensor Control or 10 Assurance Sensor loads

4 Sensor Control or 20 Assurance Sensor loads

8 Sensor Control or 40 Assurance Sensor loads

15K profile system

4 Sensor Control or 20 Assurance Sensor loads

8 Sensor Control or 40 Assurance Sensor loads

16 Sensor Control or 80 Assurance Sensor loads

5K profile system

12 Sensor Control or 60 Assurance Sensor loads

24 Sensor Control or 120 Assurance Sensor loads

24 Sensor Control or 120 Assurance Sensor loads

Note: When the requirements from the table above are met, the upgrade can be performed and the system will restart. After the system restarts, the partition can be checked. The partition must have at least 1 GB of free space remaining.

vMotion Support Limitations

VMWare’s vMotion feature, technology that enables live migration of a virtual appliance from one physical server to another, has certain limitations when used with Skylight orchestrator:

  • vMotion should be configured static; no load balancing

  • MAC preservation

  • Cannot be used in conjunction with Skylight orchestrator HA or standby protection

  • If using VSAN disk shared between many hosts, ensure disk IOPs of Skylight orchestrator will meet the minimum requirement.

Result Records for Sync Sessions Are Not Exported in Real Time

Sync sessions are not properly aligned with CSV export. Results are not being exported in real time as Assurance Sensor Control is delivering measurement results and Skylight orchestrator is generating CSV files at the exact same time.

If the CSV producer is configured to run every five (5) minutes and sync session has five (5) minute interval, this can indicate that result data for that session will be exported five minutes late.

Memory Limitations

In the event of an excessive number of simultaneous commands being executed, it is recommended that JVM memory be increased.

FTP Support

Support for the FTP transfer method has been removed for the functions below:

  • CSV export

  • Inventory export

Please ensure the FTP export method is not used on Inventory Export and CSV Export before upgrading.

23.12.2 Lifecycle

This section lists the planned lifecycle dates of this software release. See the table below outlining the following milestones:

Note: Support for virtual machine-based deployments will be 2 years after 23.12 General Availability as part of a Long-Term Support (LTS) program. Please ensure migration to Docker before that time.

Milestone

Description

Date

General Availability

Date where the product is available for general field deployment for both new installations and upgrades.

2024-12-19

End of Security Support

Date where security patches will no longer be delivered for this release. Any correctives for security defects required after this date will be delivered using the next major release of the software.

2025-12-19

End of Product Support

Date where functional patches will no longer be delivered for this release. Any correctives for functional defects required after this date will be delivered using the next major release of the software.

2024-12-19

End of Technical Support

Date where technical assistance is no longer available from the Technical Assistance Center for this release.

22028-12-1

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.