- Print
- PDF
Skylight orchestrator 23.12.2 Release Notes
Cisco is pleased to announce the 23.12.2 release of Skylight orchestrator. These release notes cover the new features, changes, corrected issues, and known limitations for Skylight orchestrator version 23.12.2. Read the release notes before installing this firmware version.
The following topics are addressed in this document:
Corrected Issues: Lists issues that have been corrected in this version of the software.
Technology Support: Covers the applicable product information.
Upgrade Paths: Details the supported upgrade paths for this release.
Deployment Considerations: Covers general limitations of the current release.
Release Lifecycle: Lists the planned lifecycle dates of this software release. Includes table with milestones.
For more information, see the Features and User Material documentation.
Corrected Issues
As part of our commitment to providing ongoing security updates to the 23.12 LTS release, the following key issues have been addressed in Skylight orchestrator 23.12.2.
Ubuntu Security Vulnerabilities
Ubuntu Security Notification for CRM shell Vulnerability (USN-6711-1) - (CVE-2020-35459)
Ubuntu Security Notification for util-linux Vulnerability (USN-6719-2) - (CVE-2024-28085)
Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6726-1) - (CVE-2023-52469)
Ubuntu Security Notification for nghttp2 Vulnerabilities (USN-6754-1) - (CVE-2019-9513)
Ubuntu Security Notification for less Vulnerability (USN-6756-1) - (CVE-2024-32487)
Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6767-1) - (CVE-2024-26598)
Ubuntu Security Notification for GLib Vulnerability (USN-6768-1) - (CVE-2024-34397)
Ubuntu Security Notification for idna Vulnerability (USN-6780-1) - (CVE-2024-3651)
X.509 Certificate Subject CN Does Not Match the Entity Name
TLS/SSL Weak Message Authentication Code Cipher Suites
TLS/SSL Server Supports The Use of Static Key Ciphers
HTTP OPTIONS Method Enabled
TCP timestamp response
Note: The following CVEs do not impact Skylight orchestrator:
Spring Framework < 5.3.41 / 6.0.x < 6.0.25 / 6.1.x < 6.1.14 Multiple Vulnerabilities (CVE-2024-38819)
OpenSSL 3.0.0 < 3.0.16 Vulnerability - (CVE-2024-9143)
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Traceroute vulnerability (USN-6478-1) - (CVE-2023-46316)
Ubuntu 20.04 ESM : NTP vulnerability (USN-5175-1) - (CVE-2020-15025)
HTML Injection and Information Disclosure Vulnerabilities
Vulnerabilities relating to HTML injection, occurring when creating a username that includes HTML characters, and information disclosure, the unauthorized access to system data, have been reported.
Unable to Display NTP Server List Box Using Reverse Proxy
The NTP server list box is not displayed when connecting via reverse proxy, but it works fine with a direct connection. Users cannot see or modify NTP settings through the reverse proxy.
Technology Support
These release notes apply to the following product:
Product Name | Software Version | Software Files |
---|---|---|
Skylight orchestrator virtual machine | 23.12.2 GA | SO_v23.12.2_17_vm_core.ova upgradeAppliance-SO_v23.12.2_17_package- prod.tar
|
Skylight orchestrator virtual machine | 23.12.2 GA | SO_ v23.12.2_17_vm_core. qcow2 upgradeAppliance-SO_v23.12.2_17_package- prod.tar
|
The following table lists key functionality of Assurance Sensors, Assurance Sensor Control, Assurance Sensor Modules, and Assurance Sensor SFPs supported by Skylight orchestrator 23.12.2.
Supported in Skylight orchestrator Version 23.12.2
Functionality | AT | TE | GE | 10 GE | GT/GX | LT/LX | Modules | SFP Compute | Sensor control | FS & FS10G | FSX | Flex 100 | Flex 25 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Device Management | |||||||||||||
Device Commissioning | * | * | * | ||||||||||
Y.1564/RFC2544 | ** | ** | |||||||||||
Metrics Collection | |||||||||||||
Alarms | |||||||||||||
Inventory | |||||||||||||
Performance Session Management |
* CLI step support for Device Commissioning
** Y.1564 with flow template support
Upgrade Paths
The upgrade to Skylight orchestrator 23.12.2 requires that you are running a system with one of these previously-installed software versions:
Virtual machine running:
23.12 5K profile
23.12 15K profile
23.12 30K profile
23.12 60K profile
23.12.1 5K profile
23.12.1 15K profile
23.12.1 30K profile
23.12.1 60K profile
Note: Release 23.12.2 does not have a supported upgrade path to Docker-based Skylight orchestrator releases but be a convergence path will be available in the future.
Consider migrating to Skylight orchestrator Docker prior to moving forward with this maintenance release.
Detailed procedures for upgrading to this release are provided in Upgrading to Skylight orchestrator 23.12.2.
IMPORTANT: You cannot upgrade hardware appliances to version 23.12.2.
For customers running SkyLIGHT Director software on hardware appliances, a rehoming procedure is available that allows the transfer of the software and its configuration to a new virtual machine.
Detailed procedures for rehoming on a virtual machine are provided in Virtual Machine Rehoming for Releases Prior to 20.05.
Deployment Considerations
Hypervisor Guidelines
Skylight orchestrator has been tested against KVM and VMware hypervisors. The following guidelines should be used when deploying to these environments:
The engineering guidelines of the product must be respected. The product ships with a minimal configuration that in most cases needs to be adjusted to meet the requirements stated in Deployment Profile Configuration. Failure to respect these engineering settings can lead to application downtime and possible data loss.
The product was designed assuming MAC addresses and UUIDs assigned on installation of the virtual appliance will persist for the lifetime of the virtual appliance. Licensing functions are tied to these identifiers and unexpected behavior can occur if they are changed. This is especially important when installing the virtual appliance in a cluster. These assignments must be static.
When using hypervisor functions that involve dynamic load balancing of guest virtual appliances in a hypervisor cluster (i.e. VMware DRS), the balancing policy should limit rebalancing operations to be done on virtual appliance startup and/or hypervisor host failures.
When the Skylight orchestrator VM is deployed on the KVM host, ensure to enable all ports after they are added to Skylight orchestrator.
Device Interoperability
The following section details the firmware releases that are known to interoperate with this release of Skylight orchestrator. Please refer to the Administration documentation for a listing of supported functions for each firmware version.
Support for sensor element software releases 4.7.x, 5.4.x and 5.5.x is deprecated. Plans should be put in place to upgrade your performance elements to more recent versions.
For the releases mentioned below, support for maintenance releases is also included.
Product | Supported Releases |
---|---|
AT 1G Sensor Element | 1.2.1 |
AT 10G Sensor Elements | 2.1 -> 2.3 |
CE & NE Sensor Elements | 6.1.0.4 -> 6.4 |
GE Skylight Element | 4.9 |
GT Skylight Element | 7.1.2 -> 7.9.6 |
GX Skylight Element | 7.4 -> 7.9.6 |
LT Skylight Element | 7.1.2 -> 7.9.6 |
LX Skylight Element | 7.9 -> 7.9.6 |
Skylight VCX | 2.5, 2.7 -> 19.07 |
Skylight sensor: control | 19.12 -> 22.12.2 |
Skylight Flex 100 | 22.01.1 -> 23.09.1 |
Skylight Flex 25 | 23.09 -> 23.09.1 |
TE Sensor Element | 6.1.0.4-> 6.4 |
Velocity FS | 1.0 and 1.1 |
Velocity FSX | 2.1 and 2.2 |
ESXi Support
Skylight orchestrator release 20.05 and later will not support ESXi hypervisors running release 5.5 and 6.0. Systems running ESXi 6.5 can be upgraded to release 20.05 and later. ESXi 7.0 is supported for release 22.10 and later.
HTTP Interface
The HTTP interface of Skylight orchestrator is no longer supported for GUI operations. HTTP operations are still supported for the REST and XML APIs, but web service clients are urged to switch to the more secure HTTPS protocol.
Customers using browsers with HTTP protocol on port 6080 will automatically be redirected to HTTPS protocol on the same port (6080). This means no firewall changes are required as part of this change.
Disk Sizing for New Installations
The default image size for Skylight orchestrator is now 150 GiB. This image is large enough to support small networks of under 100 network elements and 1,000 performance sessions. For larger networks, the disk size of the image must be increased. This can be achieved via VMware and KVM management tools.
Example disk sizing:
For 5,000 elements and 20,000 performance sessions with Round trip delay mode disabled: 370 GiB is recommended
For 5,000 elements and 20,000 performance sessions with Round trip delay mode enabled: 430 GiB is recommended
For 52,000 performance sessions with Round trip delay mode disabled: 482 GiB is recommended
For 52,000 performance sessions with Round trip delay mode enabled: 638 GiB is recommended
For 125,000 performance sessions with Round trip delay mode disabled: 920 GiB is recommended
For 125,000 performance sessions with Round trip delay mode enabled: 1295 GiB is recommended
Please consult the Skylight orchestrator documentation for sizing guidelines and for procedures on how to increase the disk size.
IPv4 Addresses for Hot Standby
The hot standby feature requires the use of IPv4 addresses for its configuration. For planning purposes, it should also be noted that hot standby configuration requires three (3) distinct subnets for the management, data replication, and heartbeat functions.
IPv6 addresses can be used in addition to these IPv4 interfaces for connectivity to the application interfaces (web and REST APIs) and devices being managed. IPv4 addresses are only required strictly for the hot standby functions.
If you wish to make use of this feature, please contact your Solution Engineering representative to initiate network planning activities.
XML Interface Deprecated
The XML interface is deprecated and has been phased out. Northbound systems are urged to migrate to the CSV file format for PM data reception.
Manager Module Interoperability
Conflicts will arise if both Manager Module and Skylight orchestrator are configured to manage the same Skylight sensor: control. Skylight orchestrator will effectively take over all management of the performance sessions for the Skylight sensor: control, and leave the Manager Module with un-acquired supervision endpoint.
Using this release to add Manager Modules as managed elements is not recommended.
Manager API
The performance session management calls defined at the /nbapi REST endpoint were introduced in SDV 1.6 to duplicate the calls present in the Skylight Director Manager Module. This endpoint was preserved in a backwards compatible fashion to allow REST API clients of the Manager Module to seamlessly switch to the Skylight orchestrator.
This endpoint is to be considered capped. Any new features pertaining to performance session management will be implemented using the /nbapiemswsweb REST endpoint in future releases.
CLI Additions and Changes
The CLI command set of the appliance monitor interface was enhanced to duplicate the mgr-commands that are present in the SkyLIGHT Director Manager module.
These commands were preserved in a backwards compatible fashion to allow customers familiar with the Manager Module command set to migrate to the Skylight orchestrator.
This command set is to be considered capped; no new features will be developed on the CLI functionality.
Browser Support Limitations
The minimum recommended screen resolution to operate Skylight orchestrator is 1360 x 768. Lower resolutions will not provide an optimal experience.
Performing a zoom on your display is not recommended due to incompatible implementations with browsers. If a zoom must be applied, please use a Firefox browser as it has the most standard support for this function.
Due to issues with browser compatibility mode and web sockets, Internet Explorer is no longer supported. Please use Google Chrome (version 70 or higher) or Firefox (version 52 or higher) to access the Skylight orchestrator web interface.
For Windows users, it is also recommended to leave the scale and layout option of the Display settings at a value of 100%.
Restoring Virtual Machine Configuration Backups
Configuration backups of the virtual machine (done via the configuration export command) are not portable from release to release. That is to say, a configuration backup from a 1.6 system should not be used to restore a 19.12 system. Unexpected behavior may occur.
Please ensure that configuration backups are restored on systems running the same release from which the backup was taken.
Metrics Collection CSV Filename Timestamp
In order to align with the CSV filename convention of all other Accedian products (Skylight sensor: control and Skylight elements), this naming strategy is changed in Skylight orchestrator. The timestamp in the CSV filename represents the time when the file was created.
In all cases, the timestamps of the metrics themselves (present within the content of the file) represent the time of when the metric was produced. Only the timestamp contained in the CSV filename is impacted by this change.
Vision Collect Streaming Limitations on 6.4.1.2 and 6.4.2
When using release firmware 6.4.1.2 with Vision Collect, a disconnection from Skylight orchestrator may incur data loss. The data retention periods are not respected and data loss can occur after a few seconds of disconnection.
When using firmware release 6.4.2 in Skylight elements in high resolution mode with packet loss greater than 10% of the management network, some reporting periods may be lost. Please ensure a reliable management network is in place.
These issues are corrected in Skylight element firmware releases 6.4.3 and higher.
The First Result Records for a New Session Are Skipped by CSV Export
When the CSV producer detects a new performance session, it marks its data for extract from the first time it views the session. If the CSV producer is configured to run every five (5) minutes, this can mean that the first five minutes of result data for a new session will not be exported.
This is expected behavior; all performance data after this initial detection phase will be captured by the CSV producer.
Number of Acceptable Firmware Loads
Before upgrading or starting app_server on Skylight orchestrator, you must validate the number of acceptable firmware loads based on the specific profile of the system and upgrade version.
Skylight orchestrator Profile and Acceptable Firmware Loads
Skylight orchestrator Profile | Skylight orchestrator 22.10 (upgrade from previous releases) and 22.07 or prior | Skylight orchestrator 22.10 or later | Skylight orchestrator 23.12 or later |
---|---|---|---|
60K profile system | 1 Sensor Control or 5 Assurance Sensor loads | 2 Sensor Control or 10 Assurance Sensor loads | 4 Sensor Control or 20 Assurance Sensor loads |
30K profile system | 2 Sensor Control or 10 Assurance Sensor loads | 4 Sensor Control or 20 Assurance Sensor loads | 8 Sensor Control or 40 Assurance Sensor loads |
15K profile system | 4 Sensor Control or 20 Assurance Sensor loads | 8 Sensor Control or 40 Assurance Sensor loads | 16 Sensor Control or 80 Assurance Sensor loads |
5K profile system | 12 Sensor Control or 60 Assurance Sensor loads | 24 Sensor Control or 120 Assurance Sensor loads | 24 Sensor Control or 120 Assurance Sensor loads |
Note: When the requirements from the table above are met, the upgrade can be performed and the system will restart. After the system restarts, the partition can be checked. The partition must have at least 1 GB of free space remaining.
vMotion Support Limitations
VMWare’s vMotion feature, technology that enables live migration of a virtual appliance from one physical server to another, has certain limitations when used with Skylight orchestrator:
vMotion should be configured static; no load balancing
MAC preservation
Cannot be used in conjunction with Skylight orchestrator HA or standby protection
If using VSAN disk shared between many hosts, ensure disk IOPs of Skylight orchestrator will meet the minimum requirement.
Result Records for Sync Sessions Are Not Exported in Real Time
Sync sessions are not properly aligned with CSV export. Results are not being exported in real time as Assurance Sensor Control is delivering measurement results and Skylight orchestrator is generating CSV files at the exact same time.
If the CSV producer is configured to run every five (5) minutes and sync session has five (5) minute interval, this can indicate that result data for that session will be exported five minutes late.
Memory Limitations
In the event of an excessive number of simultaneous commands being executed, it is recommended that JVM memory be increased.
FTP Support
Support for the FTP transfer method has been removed for the functions below:
CSV export
Inventory export
Please ensure the FTP export method is not used on Inventory Export and CSV Export before upgrading.
23.12.2 Lifecycle
This section lists the planned lifecycle dates of this software release. See the table below outlining the following milestones:
Note: Support for virtual machine-based deployments will be 2 years after 23.12 General Availability as part of a Long-Term Support (LTS) program. Please ensure migration to Docker before that time.
Milestone | Description | Date |
---|---|---|
General Availability | Date where the product is available for general field deployment for both new installations and upgrades. | 2024-12-19 |
End of Security Support | Date where security patches will no longer be delivered for this release. Any correctives for security defects required after this date will be delivered using the next major release of the software. | 2025-12-19 |
End of Product Support | Date where functional patches will no longer be delivered for this release. Any correctives for functional defects required after this date will be delivered using the next major release of the software. | 2024-12-19 |
End of Technical Support | Date where technical assistance is no longer available from the Technical Assistance Center for this release. | 22028-12-1 |
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks