- Print
- PDF
Skylight orchestrator 23.12.1 Release Notes
Accedian is pleased to announce release 23.12.1 of Skylight orchestrator.
The following topics are covered in this document:
Corrected Issues
Lists issues that have been corrected in this version of the software.Accedian Technology Support
Covers the applicable Accedian product information.Upgrade Paths
Details the supported upgrade paths for this release.Deployment Considerations
Covers general limitations of the current release and any upcoming changes to product availability and support.Skylight orchestrator 23.12.1 Lifecycle
Lists the planned lifecycle dates of this software release. Includes table with milestones.
For more information, see the Skylight orchestrator Features and User Material section.
Corrected Issues
As part of our commitment to providing ongoing security updates to 23.12 LTS release, the following issues have been addressed:
[Nessus] Ubuntu 18.04 LTS / 20.04 LTS: Linux kernel vulnerabilities (USN-6741-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: GNU C Library vulnerability (USN-6737-1)
[Nessus] Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10: klibc vulnerabilities (USN-6736-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: GnuTLS vulnerabilities (USN-6733-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: NSS vulnerabilities (USN-6727-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: curl vulnerabilities (USN-6718-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: util-linux vulnerability (USN-6719-1)
[Nessus] OpenSSL 3.0.0 < 3.0.13 Vulnerability
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS: AccountsService vulnerability (USN-6687-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10: libssh vulnerabilities (USN-6592-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: OpenSSL vulnerabilities (USN-6622-1)
[Nessus] Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10: python-cryptography vulnerabilities (USN-6673-1)
[Nessus] Ubuntu 18.04 LTS / 20.04 LTS: Linux kernel vulnerabilities (USN-6702-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS: GNU binutils vulnerabilities (USN-6655-1)
[Nessus] Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10: Vim vulnerability (USN-6698-1)
[Nessus] Ubuntu 18.04 LTS / 20.04 LTS: Linux kernel vulnerabilities (USN-6681-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: libxml2 vulnerability (USN-6658-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: libuv vulnerability (USN-6666-1)
[Nessus] Ubuntu 18.04 LTS / 20.04 LTS: Linux kernel vulnerabilities (USN-6648-1)
[Nessus] Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10: less vulnerability (USN-6664-1)
[Nessus] Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10: shadow vulnerability (USN-6640-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: MySQL vulnerabilities (USN-6615-1)
[Nessus] Ubuntu 18.04 ESM / 20.04 LTS: Linux kernel vulnerabilities (USN-6625-1)
[Nessus] Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 23.10: LibTIFF vulnerabilities (USN-6644-1)
[Nessus] Ubuntu 20.04 LTS: Bind vulnerabilities (USN-6642-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS: OpenLDAP vulnerability (USN-6616-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.10: Pillow vulnerabilities (USN-6618-1)
[Nessus] Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10: Ceph vulnerability (USN-6613-1)
[Nessus] Ubuntu 18.04 ESM / 20.04 LTS: Linux kernel vulnerabilities (USN-6605-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10: PAM vulnerability (USN-6588-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10: GnuTLS vulnerabilities (USN-6593-1)
[Nessus] OpenSSL 1.1.1 < 1.1.1x Vulnerability
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10: libssh vulnerability (USN-6561-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10: OpenSSH vulnerabilities (USN-6565-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10: SQLite vulnerabilities (USN-6566-1)
[Nessus] Ubuntu 20.04 LTS / 22.04 LTS: GNU binutils vulnerabilities (USN-6581-1)
[Nessus] Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10: Vim vulnerabilities (USN-6557-1)
[Nessus] MySQL 8.0.x < 8.0.27 multiple vulnerabilities (Oct 2021 CPU)
Based on the Nessus report scan, there are 3 CVEs regarding this issue. After investigating, these CVEs do not impact Skylight orchestrator.
CVE-2021-22926: this CVE only affects MacOS; it does not impact Skylight orchestrator because OS is using Ubuntu OS.
CVE-2021-36222: this CVE is related to krb5 package; it does not impact Skylight orchestrator because the krb5 package is not installed on Skylight orchestrator.
CVE-2021-3711: this CVE mentions that MySQL server can be attacked by remote attackers. By default, Skylight orchestrator only allows access by localhost and blocks all access from outside. Therefore, Skylight orchestrator is not affected by this vulnerability.
Accedian Technology Support
These release notes apply to the following Accedian products:
Product Name | Product ID | Software Version | Software Files |
---|---|---|---|
Skylight orchestrator virtual machine | 7NV-VMW | 23.12.1 GA | SO_v23.12.1_15_vm_core.ova upgradeAppliance-SO_v23.12.1_15_package- prod.tar
|
Skylight orchestrator virtual machine | 7NV-KVM | 23.12.1 GA | SO_ v23.12.1_15_vm_core. qcow2 upgradeAppliance-SO_v23.12.1_15_package- prod.tar
|
The following table lists key functionality of Accedian Skylight sensor elements, sensor control, modules, SFP compute and Flex supported by Skylight orchestrator 23.12.1.
Supported in Skylight orchestrator Version 23.12.1
Functionality | AT | TE | GE | 10 GE | GT/GX | LT/LX | Modules | SFP Compute | Sensor control | FS & FS10G | FSX | Flex 100 | Flex 25 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Device Management | |||||||||||||
Device Commissioning | * | * | * | ||||||||||
Y.1564/RFC2544 | ** | ** | |||||||||||
Metrics Collection | |||||||||||||
Alarms | |||||||||||||
Inventory | |||||||||||||
Performance Session Management |
* CLI step support for Device Commissioning
** Y.1564 with flow template support
Upgrade Paths
The upgrade to Skylight orchestrator 23.12.1 requires that you are running a system with one of these previously-installed software versions:
Virtual machine running:
23.12 5K profile
23.12 15K profile
23.12 30K profile
23.12 60K profile
Note: Release 23.12.1 does not have a supported upgrade path to Docker-based Skylight orchestrator releases but be a convergence path will be available in the future.
Consider migrating to Skylight orchestrator Docker prior to moving forward with this maintenance release.
Detailed procedures for upgrading to this release are provided in Upgrading Skylight orchestrator 23.12.1.
IMPORTANT: You cannot upgrade hardware appliances to version 23.12.1.
For customers running SkyLIGHT Director software on hardware appliances, a rehoming procedure is available that allows the transfer of the software and its configuration to a new virtual machine.
Detailed procedures for rehoming on a virtual machine are provided in Virtual Machine Rehoming for Releases Prior to 20.05.
Deployment Considerations
Hypervisor Guidelines
Skylight orchestrator has been tested against KVM and VMware hypervisors. The following guidelines should be used when deploying to these environments:
The engineering guidelines of the product must be respected. The product ships with a minimal configuration that in most cases needs to be adjusted to meet the requirements stated in Deployment Profile Configuration. Failure to respect these engineering settings can lead to application downtime and possible data loss.
The product was designed assuming MAC addresses and UUIDs assigned on installation of the virtual appliance will persist for the lifetime of the virtual appliance. Licensing functions are tied to these identifiers and unexpected behavior can occur if they are changed. This is especially important when installing the virtual appliance in a cluster. These assignments must be static.
When using hypervisor functions that involve dynamic load balancing of guest virtual appliances in a hypervisor cluster (i.e. VMware DRS), the balancing policy should limit rebalancing operations to be done on virtual appliance startup and/or hypervisor host failures.
When the Skylight orchestrator VM is deployed on the KVM host, ensure to enable all ports after they are added to Skylight orchestrator.
Device Interoperability
The following section details the firmware releases that are known to interoperate with this release of Skylight orchestrator. Please refer to the Skylight orchestrator Administration documentation for a listing of supported functions for each firmware version.
Support for sensor element software releases 4.7.x, 5.4.x and 5.5.x is deprecated. Plans should be put in place to upgrade your performance elements to more recent versions.
For the releases mentioned below, support for maintenance releases is also included.
Product | Supported Releases |
---|---|
AT 1G Sensor Element | 1.2.1 |
AT 10G Sensor Elements | 2.1 -> 2.3 |
CE & NE Sensor Elements | 6.1.0.4 -> 6.4 |
GE Skylight Element | 4.9 |
GT Skylight Element | 7.1.2 -> 7.9.6 |
GX Skylight Element | 7.4 -> 7.9.6 |
LT Skylight Element | 7.1.2 -> 7.9.6 |
LX Skylight Element | 7.9 -> 7.9.6 |
Skylight VCX | 2.5, 2.7 -> 19.07 |
Skylight sensor: control | 19.12 -> 22.12.2 |
Skylight Flex 100 | 22.01.1 -> 23.09.1 |
Skylight Flex 25 | 23.09 -> 23.09.1 |
TE Sensor Element | 6.1.0.4-> 6.4 |
Velocity FS | 1.0 and 1.1 |
Velocity FSX | 2.1 and 2.2 |
SDLS | 1.6.0.2 |
Note: Support for Classic Actuator has been removed.
ESXi Support
Skylight orchestrator release 20.05 and later will not support ESXi hypervisors running release 5.5 and 6.0. Systems running ESXi 6.5 can be upgraded to release 20.05 and later. ESXi 7.0 is supported for release 22.10 and later.
HTTP Interface
The HTTP interface of Skylight orchestrator is no longer supported for GUI operations. HTTP operations are still supported for the REST and XML APIs, but web service clients are urged to switch to the more secure HTTPS protocol.
Customers using browsers with HTTP protocol on port 6080 will automatically be redirected to HTTPS protocol on the same port (6080). This means no firewall changes are required as part of this change.
Disk Sizing for New Installations
The default image size for Skylight orchestrator is now 150 GiB. This image is large enough to support small networks of under 100 network elements and 1,000 performance sessions. For larger networks, the disk size of the image must be increased. This can be achieved via VMware and KVM management tools.
Example disk sizing:
For 5,000 elements and 20,000 performance sessions with Round trip delay mode disabled: 370 GiB is recommended
For 5,000 elements and 20,000 performance sessions with Round trip delay mode enabled: 430 GiB is recommended
For 52,000 performance sessions with Round trip delay mode disabled: 482 GiB is recommended
For 52,000 performance sessions with Round trip delay mode enabled: 638 GiB is recommended
Please consult the Skylight orchestrator documentation for sizing guidelines and for procedures on how to increase the disk size.
IPv4 Addresses for Hot Standby
The hot standby feature requires the use of IPv4 addresses for its configuration. For planning purposes, it should also be noted that hot standby configuration requires three (3) distinct subnets for the management, data replication, and heartbeat functions.
IPv6 addresses can be used in addition to these IPv4 interfaces for connectivity to the application interfaces (web and REST APIs) and devices being managed. IPv4 addresses are only required strictly for the hot standby functions.
If you wish to make use of this feature, please contact your Solution Engineering representative to initiate network planning activities.
XML Interface Deprecated
The XML interface is deprecated and has been phased out. Northbound systems are urged to migrate to the CSV file format for PM data reception.
Manager Module Interoperability
Conflicts will arise if both Manager Module and Skylight orchestrator are configured to manage the same Skylight sensor: control. Skylight orchestrator will effectively take over all management of the performance sessions for the Skylight sensor: control, and leave the Manager Module with un-acquired supervision endpoint.
Using this release to add Manager Modules as managed elements is not recommended.
Manager API
The performance session management calls defined at the /nbapi REST endpoint were introduced in SDV 1.6 to duplicate the calls present in the Skylight Director Manager Module. This endpoint was preserved in a backwards compatible fashion to allow REST API clients of the Manager Module to seamlessly switch to the Skylight orchestrator.
This endpoint is to be considered capped. Any new features pertaining to performance session management will be implemented using the /nbapiemswsweb REST endpoint in future releases.
CLI Additions and Changes
The CLI command set of the appliance monitor interface was enhanced to duplicate the mgr-commands that are present in the SkyLIGHT Director Manager module.
These commands were preserved in a backwards compatible fashion to allow customers familiar with the Manager Module command set to migrate to the Skylight orchestrator.
This command set is to be considered capped; no new features will be developed on the CLI functionality.
Browser Support Limitations
The minimum recommended screen resolution to operate Skylight orchestrator is 1360 x 768. Lower resolutions will not provide an optimal experience.
Performing a zoom on your display is not recommended due to incompatible implementations with browsers. If a zoom must be applied, please use a Firefox browser as it has the most standard support for this function.
Due to issues with browser compatibility mode and web sockets, Internet Explorer is no longer supported. Please use Google Chrome (version 70 or higher) or Firefox (version 52 or higher) to access the Skylight orchestrator web interface.
For Windows users, it is also recommended to leave the scale and layout option of the Display settings at a value of 100%.
Restoring Virtual Appliance Configuration Backups
Configuration backups of the virtual appliance (done via the configuration export command) are not portable from release to release. That is to say, a configuration backup from a 1.6 system should not be used to restore a 19.12 system. Unexpected behavior may occur.
Please ensure that configuration backups are restored on systems running the same release from which the backup was taken.
Metrics Collection CSV Filename Timestamp
In order to align with the CSV filename convention of all other Accedian products (Skylight sensor: control and Skylight elements), this naming strategy is changed in Skylight orchestrator. The timestamp in the CSV filename represents the time when the file was created.
In all cases, the timestamps of the metrics themselves (present within the content of the file) represent the time of when the metric was produced. Only the timestamp contained in the CSV filename is impacted by this change.
Vision Collect Streaming Limitations on 6.4.1.2 and 6.4.2
When using release firmware 6.4.1.2 with Vision Collect, a disconnection from Skylight orchestrator may incur data loss. The data retention periods are not respected and data loss can occur after a few seconds of disconnection.
When using firmware release 6.4.2 in Skylight elements in high resolution mode with packet loss greater than 10% of the management network, some reporting periods may be lost. Please ensure a reliable management network is in place.
These issues are corrected in Skylight element firmware releases 6.4.3 and higher.
The First Result Records for a New Session Are Skipped by CSV Export
When the CSV producer detects a new performance session, it marks its data for extract from the first time it views the session. If the CSV producer is configured to run every five (5) minutes, this can mean that the first five minutes of result data for a new session will not be exported.
This is expected behavior; all performance data after this initial detection phase will be captured by the CSV producer.
Number of Acceptable Firmware Loads
Before upgrading or starting app_server on Skylight orchestrator, you must validate the number of acceptable firmware loads based on the specific profile of the system and upgrade version.
Skylight orchestrator Profile and Acceptable Firmware Loads
Skylight orchestrator Profile | Skylight orchestrator 22.10 (upgrade from previous releases) and 22.07 or prior | Skylight orchestrator 22.10 or later | Skylight orchestrator 23.12 or later |
---|---|---|---|
60K profile system | 1 sensor: control or 5 performance element loads | 2 sensor: control or 10 performance element loads | 4 sensor: control or 20 performance element loads |
30K profile system | 2 sensor: control or 10 performance element loads | 4 sensor: control or 20 performance element loads | 8 sensor: control or 40 performance element loads |
15K profile system | 4 sensor: control or 20 performance element loads | 8 sensor: control or 40 performance element loads | 16 sensor: control or 80 performance element loads |
5K profile system | 12 sensor: control or 60 performance element loads | 24 sensor: control or 120 performance element loads | 24 sensor: control or 120 performance element loads |
Note: When the requirements from the table above are met, the upgrade can be performed and the system will restart. After the system restarts, the partition can be checked. The partition must have at least 1 GB of free space remaining.
vMotion Support Limitations
VMWare’s vMotion feature, technology that enables live migration of a virtual appliance from one physical server to another, has certain limitations when used with Skylight orchestrator:
vMotion should be configured static; no load balancing
MAC preservation
Cannot be used in conjunction with Skylight orchestrator HA or standby protection
If using VSAN disk shared between many hosts, ensure disk IOPs of Skylight orchestrator will meet the minimum requirement.
Result Records for Sync Sessions Are Not Exported in Real Time
Sync sessions are not properly aligned with CSV export. Results are not being exported in real time as Skylight sensor: control is delivering measurement results and Skylight orchestrator is generating CSV files at the exact same time.
If the CSV producer is configured to run every five (5) minutes and sync session has five (5) minute interval, this can indicate that result data for that session will be exported five minutes late.
Memory Limitations
In the event of an excessive number of simultaneous commands being executed, it is recommended that JVM memory be increased.
FTP Support
Support for the FTP transfer method has been removed for the functions below:
CSV export
Inventory export
Please ensure the FTP export method is not used on Inventory Export and CSV Export before upgrading.
Skylight orchestrator 23.12.1 Lifecycle
This section lists the planned lifecycle dates of this software release. See the table below outlining the following milestones:
Note: Virtual machine-based deployment support is for 2 years after General Availability of release 23.12 (until 2025-12-19) as part of a Long-Term Support (LTS) program. Please ensure migration to Docker before that time.
Milestone | Description | Date |
---|---|---|
General Availability | Date where the product is available for general field deployment for both new installations and upgrades. | 2024-05-30 |
End of Security Support | Date where security patches will no longer be delivered for this release. Any correctives for security defects required after this date will be delivered using the next major release of the software. | 2025-12-19 |
End of Product Support | Date where functional patches will no longer be delivered for this release. Any correctives for functional defects required after this date will be delivered using the next major release of the software. | 2024-12-19 |
End of Technical Support | Date where technical assistance is no longer available from the Accedian Technical Assistance Center for this release. | 2028-12-19 |
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks