N2W Software

            Release notes for the latest v2.4.x CPM release

            In order to upgrade to v2.4.x from v2.3.x and earlier, please

            1) Use the upgrade instructions in chapter 1.3.5 "Upgrading the CPM Server Instance" at https://n2ws.com/support/documentation/introduction-to-cpm#13  
            or
            2) Use the patch linked below (should only be used to upgrade from v2.3.0c, v2.3.0d and 2.3.0e to v2.4.x)
                If this patch is used to upgrade from an earlier version, the CPM instance will stop functioning (error 500) and will need to be rebuilt using the upgrade instructions in chapter 1.3.5
               "Upgrading the CPM Server Instance" at https://n2ws.com/support/documentation/introduction-to-cpm#13  
                After installing the patch, it will take a few minutes for the CPM GUI to become responsive again in the browser.
                It is highly recommended to restart the CPM instance after installing the patch (please wait 10 minutes after installing the patch before rebooting), so the changes on OS level will be implemented - otherwise functionality may be compromised.
               The patch can be applied by using the "CPM patches" link at the bottom of the GUI:

            Once the latest version is installed, please upgrade the Agents too (if you are using them).

            Attention: due to the new functionality introduced in v2.4, you may need to update your permission policies. Please see the JSON templates attached to this KB: https://support.n2ws.com/portal/kb/articles/what-are-the-required-minimal-aws-permissions-roles-for-cpm-operation

            Attention 2: starting with v2.4, it is now a requirement to attach an IAM role to the CPM server instance. If the IAM user was previously in use, please create a new IAM role with the same permissions as the user, then attach that IAM role to the CPM server instance before the upgrade.
            "The AWS root user (IAM User) is no longer allowed to control the operation of the CPM server. A user with the Authentication credentials for CPM Instance IAM Role is the only user allowed to install CPM, log on to the system server and operate it."


            Change log:

            November 19, 2018 (CRC 7B4BFE01) - version 2.4.0 (Patch should only be applied to v2.3.0c and later - see note above about "error 500")

            N2WS-946 - Tag scanning may be aborted when encountering the "New policy xyz has more than one template" error
            N2WS-1677 - CPM was allowing to configure DR for Redshift and DynamoDB
            N2WS-1864 - A wrong CPM alert is raised if a tag based instance is terminated
            N2WS-2123 - DR may fail with "DR encountered an internal problem and failed" instead of printing the actual permissions issue
            N2WS-2169 - CPM allowed adding a regular volume to the "cpmdata" policy using tags
            N2WS-2256 - Disabled regions may still appear in the GUI
            N2WS-2538 - Performing failover after entering recovery mode on CPM may fail with "Failed to update license"
            N2WS-2746 - CPM server may restart itself with "Terminating the agent process because of backup keep-alive failure" when running scripts
            N2WS-3373 - CPM may fail to copy RDS tags in Chines regions with the error "Invalid resource name"
            N2WS-3578 - Backups with failed snapshots may be marked as "successful"
            N2WS-3659 - Wrong account may be listed in the Snapshot View Report for snapshots that were replicated cross-account
            N2WS-3701 - Permission check may fail with the error "User not found", if CPM was deployed using CloudFormation
            N2WS-3821 - DR may fail  due to the wrong format of custom key
            N2WS-3904 - Instances in the DR region may not be shown as targets for volume restore
            N2WS-4031 - Fixed the description of the AWS CloudFormation template
            N2WS-4072 - CPM may restore a volume using default encryption, if snapshot is encrypted with a shared key

            new features:

            N2WS-339 - Added support for restoring more than one NIC
            N2WS-1497 - Recovery monitor deletion were added to the audit log
            N2WS-1647 - Added ability to download the Audit Report in CLI
            N2WS-1660 - Added ability to define the VSS/scripts timeout on a policy level
            N2WS-1802 - Added support for VPC capture and clone N2WS-2233 - Added an option to delete all alerts
            N2WS-2413 - Added a new search function to find an instance in backups
            N2WS-3093 - Added support for Cross account DR of RDS instances with custom shared key
            N2WS-3339 - Added support for T3 instances to be used for CPM Server (will be available for deployment no later than December 1st 2018)
            N2WS-4130 - Added backup support for new instance type - R5a & M5a
            N2WS-4244 - Improving cross-account DR to make all snapshots "incremental forever"
            N2WS-4245 - Added support for backup EBS snapshot data to AWS S3 buckets (Advanced Edition and up, for both subscription and direct license customers)
            N2WS-4250 - Extended CPM RESTful API capabilities (API version 1.1.0)

             
            October 1, 2018 (CRC C54A8740) - version 2.3.0e     (Patch can only be applied to v2.3.0c and v2.3.0d)

            N2WS-1633 - CPM may fail to run a policy, if 64 other policies are already running
            N2WS-2096 - Snapshot level reports with time filter may collect all entries, and not just the filtered
            N2WS-2114 - Exploring an instance with multiple volumes may not show all volumes in the Explorer window
            N2WS-2116 - Improve cli behavior in recover-db-instance
            N2WS-2173 - Unable to delete all snapshots from a policy.
            N2WS-2234 -IDP login may fail due to uppercase letters in the CPM username
            N2WS-2332 - Changing a timezone in v2.3.x doesn't work
            N2WS-2400 - Add AWS account number to backup and snapshot reports
            N2WS-2543 - Implicitly choose user in the "run-backup" CLI command
            N2WS-2614 - Long directory names may cause display problems in FIle Level Restore
            N2WS-2696 - Error "Failed to add RDS db snapshot tags xyz. Error Tag keys cannot start with the reserved prefix "aws:"" is printed in the Server log
            N2WS-3097 - Increasing timeout on internal communication for very large policies
            N2WS-3577 - CPM may fail to copy RDS/Aurora tags
            N2WS-3642 - Explore session may fail if initialization takes too long
            N2WS-3696 - Updated Apache to fix the CVE-2018-1333 and CVE-2018-8011 vulnerabilities (AMI only fix)


            new features:

            N2WS-2264 - Added support for new instance types - c5d family & i3.metal
            N2WS-2446 - Added support for new instance types - m5d family
            N2WS-3188 - Added support for new instance types - r5 family & z1d
            N2WS-3418 - Added support for new instance types - T3 family – for backed-up instances

            May 10, 2018 (CRC 54E51779) - version 2.3.0d

            N2WS-1868 - DR of an AMI between Chinese regions may fail with "Failed looking for source KMS"
            N2WS-2119 - RDS Aurora cluster backups may fail if there are more than 100 db-instances in a single account in a single region
            N2WS-2135 - Tags may not be recovered during instance recovery
            N2WS-2156 - Remote Agent in v.2.3.x can't be installed on Windows 2003, 2008, 2008 R2 and 2012

            new features:

            N2WS-2299 - Added support for new RDS types - db.x1 & db.x1e families


            May 1, 2018 (CRC 21E7408F) - version 2.3.0c

            N2WS-1632 - Daily Summary may not alert about policies that are not running
            N2WS-1659 - "Test Connection" for IDP integration may fail with no errors logged/displayed
            N2WS-1783 - After upgrade to v2.3.x customers may fail to add new users or perform IDP integration with error "SAML error IntegrityError: (1048, "Column 'last_login' cannot be null")"
            N2WS-2063 - CPM may continue to backup old cpmdata volume if it still exists after an AMI-based upgrade.
            N2WS-2070 - CPM accepts values only up to 9999 for http proxy port


            April 11, 2018 (CRC EE02F668) - version 2.3.0b Please upgrade to v2.3.0c or newer!

            N2WS-1321 - Daily Summary of non-admin users may include scan logs for other users
            N2WS-1662 - "cpm-manage-regions" utility may not work in 2.3.x
            N2WS-1682 - Daily Summary may stop working after upgrade to v2.3.x

            April 5, 2018 - version 2.3.0a (AMI only) Please upgrade to v2.3.0c or newer!

            N2WS-1640 - Upgrading to v2.3.0 AMI may result in "HTTP Error 500: Internal Server Error" after login

            April 4, 2018 - version 2.3.0 (AMI only) Please upgrade to v2.3.0c or newer!

            N2WS-417 - Schedule may be skipped on the wrong day of the week after a DST change
            N2WS-588 - Recovery of 'c5' instances type fails [(ENA) is required]
            N2WS-882 - Instance tags may be copied into AMI's volumes instead of original volumes' tags
            N2WS-1323 - Protected against SAML vulnerability VU#475445
            N2WS-1344 - ADFS/IDP logout may fail
            N2WS-1472 - "Auto removal" may not work if the same instance is located in several policies
            N2WS-1483 - Tags may not be copied to RDS and Aurora snapshots

            new features:

            N2WS-275 - Added support for DynamoDB backup and recovery
            N2WS-279 - New "Reporting" tab
            N2WS-300 - Disabled days of the week selection in Weekly and Monthly schedules
            N2WS-580 - Added support for Aurora DR and Cross-account DR
            N2WS-692 - New RESTful APIs: currently supporting creation and manipulation of users, accounts, schedules and policies
            N2WS-1032 - Added a CloudFormation template to launch CPM in AWS Marketplace
            N2WS-1041 - Enable login into CPM from Okta's console.
            N2WS-1160 - User management enhancement - ability to assign managed users to independent users
            N2WS-1172 - Added checking IAM permissions and option to download IAM policies in JSON format
            N2WS-1182 - New reports: "Protected resources" and "Unprotected resources"
            N2WS-1211 - Security hardening: disabled dangerous ciphers: RC4, 3DES and more. CPM remote agent now supports TLS 1.2.
            N2WS-1273 - Added support for Instance Recovery to a dedicated host

            February 16, 2018 - version 2.2.0a


            new features:

            N2WS-1054 - (AMI only) Provided OS updated against Meltdown (CVE-2017-5754) and one Spectre variant (CVE-2017-5753) Vulnerabilities
            N2WS-739 – Improved the look and arrangement of the "General Settings" page
            N2WS-740 - Added an option to use custom CPM DNS/IP for IDP
            N2WS-767 - Added an option to select NameID format for IDP

            January 8, 2018 - version 2.2.0


            new features:

            N2WS-585 - Simplified initial configuration of CPM, especially for new free trials
            N2WS-505 - Added instance and CPM tags to volumes of AMIs created by CPM
            N2WS-568 - Proxy password is now obfuscated in UI
            N2WS-662 - Reject access and secret keys belonging to an AWS root account
            N2WS-612 - Added support for new regions:  Paris (France) & Ningxia (China)
            ea89a118c6 - Added support for SAML-base IDP providers.
            6cae32989c - Added support for new instance types: x1e.32xlarge, P3 family, C5 family, xe1 family, m5 family, H1 family.
            58b86bbfc6 - Added support for new Redshift node types: dc2.large & dc2.8xlarge, added support for the Aurora db.r4 family, added support for RDS R4 and M4 families
            e8772c3f31 - More data for the Snapshot View report - Added start time, account, policy and status
            2d61283f34 - Added support for Windows 2016 Server Core (previously CPM Agent service failed to start on Windows 2016 Server Core)
            6a50d9e6f7 - Added support for Aurora Clusters using PostGreSQL engine
            e5de964f41 - CPM now adds tags to snapshots and AMIs using a single API call


            November 3, 2017 - version 2.1.3c (AMI Only)
            This version is meant to address the "debian-sys-maint" vulnerability for new installations

            August 17, 2017 (CRC 6D3629F8) - version 2.1.3b

            August 10, 2017 (CRC 6575515E) - version 2.1.3a
            If you have used this patch or installed the v2.1.3a AMI - please install the latest patch ASAP

            1b47a156e7 - Downloaded csv log's name contains log download time instead of a more informative time
            572c4d8e57 - Wrong version is displayed in SSH prompt

            August 8, 2017 (CRC A422F5EA) - version 2.1.3
            If you have used this patch, the patch from August 1st 2017 (CRC  2D2D8122) or installed the v2.1.3 AMI - please install the latest patch ASAP

            982e480909 - Remote agents should restart after local agent restart

            new features:

            aa871b39c6 - Aurora - added support for 'db.t2.small' type
            6cae32989c - Added support for new instance types: g3 family


            June 12, 2017 (CRC  2032E883) - version 2.1.2

            f887a2fb9e - Move the "delete" button to the top of the snapshots list
            24392b27f6 - Fail gracefully if the remote agent does not support VSS
            692cef9882 - "No matching KMS alias on target region" error may happen with a newly created KMS alias
            86a4b5e807 - Adding internal keepalives during the run-Snapshot stage


            new features:

            6cae32989c - Added support for new instance types: f1 family


            March 1, 2017 (CRC  6A524506) - version 2.1.1

            baa25a13ed   - Fixed display clock for backup targets and patches pages.

            d8f5a39ccc    - backup tag - don't add terminated/shutting down instances to policies
            4ca2fa2b0d   - Fixed the  redshift 'node type' field length
            9c60a5ff8f    - Additional performance improvement for large scale backups
            83bdc5961c   - Run ASAP now starts the backup immediately
            a56aa827de - Snapshot and Backup reports do not contain the managed users' data








            new features:

            6cae32989c – Added support for the new i3 instance types


            February 7, 2017 (CRC  156A3AB4)

            16a86dd6a1   - Assume role fails in agent if assuming account from another user
            dfc02fec0c    - Increasing the system-wide timeout for VSS and scripts from 300 to 900 seconds (requires the Agents to be updated to this version)
            2da742439d - Remote Agent – Disable proxy when connecting to internal addresses
            196a00ef22  - Failed backups may not be retried if schedule is limited to certain days of the week
            6676511295  - Recovery of encrypted volumes across accounts may fail
            d1074555ba - Improved LVM  volume exploring

            new features:

            baa25a13ed – Display CPM Server time in console


            January 23, 2017 (CRC  440C3E83)

            1d8ad48487   - Explore of entire volume/logical drive may not work
            d27d5fe7f3    - Single AMI backup may fail, if root device name is not equal to the mapped device name
            2694b2d820 - "Request Limit Exceeded" may fail backups
            d22412090a  - During volume recovery, instance id in 'attach to instance' column may stretch over 2 lines
            882874dd47 - Incorrect error message about reaching the edition's limit

            new features:


            ebfa7f7c48   - Add support for new region EU (London), eu-west-2
            5121742511   - 'script timeout'  is now used across the system as timeout for remote agent operations - requires the Agents to be upgraded to this version first.
            d1074555ba - File Level Restore ("Explore") now supports LVM
            19ef824a94  - Add support copying encrypted snapshots of RDS across regions
            6676511295  - implement cross account recovery of encrypted volumes (snapshots are copied as part of the recovery process)

            December 11, 2016 (CRC  E30D72D6)

            ce24d493d8 - Increase the default timeout on remote agent operation

            88db9f5175 - Wrong credentials may be used during File Level Recovery ("Explore")

            98d18ddef6 - Single AMI may be marked as orphan and deleted by mistake

            603ee18a1b - Remote agent crashes every 10 hours
            721c726d8b - Single AMI creation may fail








            new features:








            6cae32989c - Added support for new instance types: t2.xlarge, t2.2xlarge, r4 family

            3df18ef9a9 - Added support for new the region "Canada (Central)" - ca-central-1
            f4b052f82c - Added support for T2.Medium Aurora instances
            049379b03c - Added the "scan now" operation to CLI

            November 17, 2016 (CRC  99E26F8A)

            6ccf7f6779   - Adjusting API and CLI call to support new 2.1 accounts

            7fe4e1a181    - Explore - show all error messages before closing explore tab
            6a6ab919cd - Volume recovery - filter AWS special tags (don't try to add them to volume/instance)
            882dbdd315 - Reducing amount of data used by remote agent to reduce strain on the web server
            eafa452e2b - GUI Improvements: Added “num records in page” for schedules, policies, agents, freezer, accounts and users
                                                                     Added free search text will also catch schedule name and description in policies and vice versa
                                                                     Limited number of policies in schedule tab

            7d49598eb7 - Fixed assume role issue when account name contains spaces



            November 7, 2016 (CRC  97B6D8B6)

            fdea85d37a - Recover instance now catches all exception types

            b7ea470fbd - Backing up Aurora Cluster - Backup is aborted due to an internal agent error
            aa01cc8cfe  - Windows instance recovery can crash if instance launch does not succeed
            e230b8515f - DR keeps failing due to checking status too quickly

            f3e74eaf35 -  DR fails after network disconnection


            October 30, 2016 (CRC 54234006)

            9227e37d66 - AMI is selected automatically during cross account instance recovery from the wrong account, AMI wasn't copied to the DR account
            623fe723fa   - RDS DR may fail if exceeded number of concurrent copies

            October 23, 2016 (CRC 7286957B)

            ae435e11e1    - DR fails on AMIs with ephemeral storage
            e2d2fc1278   - Fixing params in API for CLI access (userdata + others)
            82b41c2957  - Fix dr volume/rds/ami, when encryption key is from another account (alias not available)
            eb9068cfcb  - Boto3 fails to connect with proxy+IAM role (assume role to other account failed)
            83eccce5b3  - "Cpmdata" policy stops working after patch update

            new features:

            6cae32989c  - Added support for new instance types: p2.xlarge - p2.8xlarge - p2.16xlarge - m4.16xlarge
            de4d2c031f    - Added support for new Ohio region (us-east-2)
            469b0d5d96 - Allow assuming from accounts of the root user
            xyz                  - Minor changes to Explore – some cosmetic + make the search case insensitive






            -




            Helpful?  
            Help us to make this article better
            0 0