Skip to main content
Versa Networks

Versa Concerto Release Notes for Release 11.1

These release notes describe features, enhancements, fixes, and known issues in Concerto Release 11.1, for Release 11.1.1.

March 22, 2022
Revision 1

Product Documentation

The Versa Networks product documentation is located at https://docs.versa-networks.com.

Install Concerto

If you are installing new Concerto instances, follow the steps in Install Concerto.

Upgrade Concerto

To upgrade Concerto nodes from Releases 10.2.x to Release 11.1.1:

  1. Download the Concerto 10.2.1 bin file to the /var/versa/ecp/share/packages directory on any one of the nodes in the Concerto cluster. The bin file is automatically synced to all other nodes in the cluster.
  2. Before upgrading to Release 11.1.1 from Release 10.2.x, clear the flyway_schema_history in the Postgres database:
    1. Issue the vsh database connect portal CLI command.
    2. Enter the database password.
    3. Delete from "flyway_schema_history;".
    4. \q
  3. To upgrade to the new version of software, issue the vsh system package upgrade package bin file name command. This command triggers the upgrade process on all the nodes in the cluster. The upgrade debug logs are saved to the upgrade.log and install.log files in the /var/log/ecp directory.
  4. After the upgrade process completes, services start automatically on all the nodes. If the upgrade fails, the system automatically rolls back to the previous software image running on all the nodes.
  5. Check that the services are running, issue the vsh status command.
admin@concerto211:~$ vsh status
admin@concerto211:~$ vsh status
postgresql            is Running
zookeeper             is Running
kafka                 is Running
solr                  is Running
glances               is Running
mgmt-service          is Running
web-service           is Running
cache-service         is Running
core-service          is Running
monitoring-service    is Running
traefik               is Running
  1. The docker service ls command also shows the status of the services:

    docker-services-ls-v2.png

Concerto 11.1.1 Enhancements

Concerto adds support for a Secure Access Services Edge (SASE) portal to SaaS services provided on a Versa Networks cloud-hosted SASE services infrastructure. See SASE Configuration.

The following table lists the Secure SD-WAN enhancements.

Feature ID Description
70090

New configuration policy to configure following management services:

  • LDAP
  • NTP
  • RADIUS
  • SNMP
  • Syslog
  • TACACS+

You configure all these server types in a single policy, and they become a reusable policy object. The Management Servers policy is in the Profile Elements > Policies > System folder. See Configure Management Servers.

 

70090-v2-border.png

71410

Improved experience for configuration change propagation and references from parent tenant to multiple levels of subtenants.

 

71410-border.png

77218

Add the Speed Test Server option for WAN interfaces to enable selected appliances to act as speed-test servers on those WAN interfaces. Any SD-WAN device can run speed tests towards any SD-WAN device WAN interface address in the network on which the speed test is enabled.

 

77218-v2-border.png

 

Implicit configurations to enable all the WAN interfaces as speed-test clients towards internet speed-test servers such as Ookla are generated.

 

To perform speed tests from an appliance, select Monitor Appliance in the monitor screen of the appliance, and then select the Speed Test option under Tools.

 

77218-2-v2-border.png

77218-3-monitor-speedtest-border.png

75425

The AFFECTED PATHS monitor replaces the UNREACHABLE monitor. To drive the UNREACHABLE monitor, Concerto stores all the path information among all the appliances in the tenant. In large tenant networks with more than 1000 appliances, the number of paths can be many millions. Concerto polls periodically all the appliances for the information about all the paths in the tenant. The AFFECTED PATHS monitor is a more scalable solution, because it fetches only a summary of the Up and Down path counts from Versa Analytics for the top 100 appliances with down paths. You can drill down to any appliance to display all the Down paths for that appliance. The AFFECTED PATHS monitor displays information from appliances running VOS Releases 21.2.2 or later only. It is not backwards-compatible with earlier Versa Director and VOS releases.

 

The following is a view of tenant-level AFFECTED PATHS monitor.


affected-paths-monitor-border.png

 

The following is a view of an appliance with Down paths.

 

appliances-down-paths-border.png

75143

Add support for aggregated Ethernet (AE) interfaces. To create an AE interface, select the Subcategory as AE on the interface create page.

 

edit-interface-AE-v2-border.png

72878

Add support for the creation of loopback interfaces in LAN VPNs. To create a loopback interface, select Type Virtual and Category Loopback.

 

loopback-interfaces-border.png

71449

Add support for custom applications. Move the Application Groups folder from Elements > Endpoint to Elements > Application.

 

custom-applications-71449-border.png

73679

Add tenant-level Settings Lifecycle to configure tenant global defaults. You can configure branch-to-branch IPsec Transform and DH Group values to overwrite the default values.

 

branch-to-branch-IPsec-73679-v2-border.png

72401 Integrate support for Prometheus and Grafana to monitor Concerto cluster health. For information about configuring Prometheus and Grafana, see Concerto Administration.

Fixed Bugs

Fixed Bugs and Minor Enhancements in Concerto Release 11.1.1

Bug ID Description

66144

Ability to see at a global tenant view where a particular policy/subprofile/element is being used.

66145

Ability to search for an address object or IP address prefix from the address variable field input when configuring a security or  other policy that requires an IP address.

66148

Add support to publish from provider tenant to any tenant, not just child.

66812

Separate “Delete Appliance” option in action menu.

66888

Compress all log files generated on the disk.

69178

Concerto does not display locked portal users correctly.

69761 Generating tech-support should gather logs from all cluster nodes.
70056 User is NOT able to see full site name and appliance name in honeycomb (when length of name < available space).

71647

Add support to view tenants listing page hierarchically.

72829

Reconcile appliance reachability state with periodic updates from Director node

73499

Allow the reordering of security policies in a basic master profile.

75696

Provide ability to not configure some WAN or LAN interfaces on device using bind variable vni-name with value “Not Present”. You do not need to configure a new master profile to not configure some WAN/LAN interfaces on the device it they are present in the profile.

76208

Admin user force clear transaction occasionally does not work.

76427

Remove usage of log4j2 library from all Concerto services.

76470

Users shown as locked even though user is logged in.

77204

Show proper error message when user login fails.

77706

When services fail over to a secondary region, core services are becoming unreachable.

77887

Link speed bind-data value sends incorrect value to the Director template.

77907

Add option to turn off SLA path polling from Concerto to the appliances. This solution works with Analytics and appliances running Releases 21.2.3 and later. To disable SLA path polling in large networks, where optimized solution is not available through Analytics, issue the below command from a postgres shell.

 

To disable SLA path monitoring, insert into system_setting (uuid, config_group, property, value, create_date) values (gen_random_uuid(), 'MONITOR', 'EnablePathPolling', 'false', now());

 

To enable SLA path monitoring, delete from system_setting where config_group='MONITOR' and property='EnablePathPolling';

78008

Add the vsh database status and vsh database failover commands. The vsh database status command shows database cluster and LAG information.

 

admin@concerto-node1:~$ vsh database

backup connect failover reset status

 

admin@concerto-node1:~$ vsh database status

 => Multi node patroni status

+ Cluster: versaecp (7025472584059707422) ---+----+-----------+

| Member    | Host       | Role    | State   | TL | Lag in MB |

+-----------+------------+---------+---------+----+-----------+

| postgres1 | 10.0.10.29 | Replica | running |  9 |         0 |

| postgres2 | 10.0.10.30 | Replica | running |  9 |         0 |

| postgres3 | 10.0.10.31 | Leader  | running |  9 |           |

+-----------+------------+---------+---------+----+-----------+

78009

Postgres log file rotation fails because of incorrect file permissions.

78096

Bind data values are not preserved when attached service template name changes with same bind-data field names. The fix is to preserve the bind data value by name.

78153

Publish task progress message times out randomly and then the progress bar remains at 0%.

78355

Configuration published to the Director is sometimes merged incorrectly if the previous publish fails. When Concerto is performing a three-way merge, it was incorrectly using the previously failed configuration.

78508

Updat the regulatory country code of WiFi radios does not take effect in the basic master profile.

78739

Support gateway and remote destination monitoring even when ICMP is blocked on the WAN interfaces.

79128

Null point error is thrown when an appliance is published if the traffic-steering rule has only custom SLA parameters configured.

79132

System is slow to respond when adding/deleting and listing sites with large numbers of sites on the system. Multiple optimizations were made to the database queries to address the slowness issues.

79142

Compress nightly database backup files.

79755

Skip the QoS configurations on interfaces when the VNI name is set to Not Present in bind data value.

Concerto Release 11.1 Director Version Compatibility

Concerto Release 11.1.1 is compatible with Versa Director versions 20.2.3 (patch version 5bfb269), 20.2.4, 21.1.2, 21.1.3, 21.2.1, 21.2.2.

For additional compatible patch versions of Release 20.2.3, contact Versa Networks Customer Support.

Request Technical Support

To request technical support, visit http://support.versa-networks.com. If you are contacting support for the first time, register and create an account. You can also send email to support@versa-networks.com or contact your Versa Networks sales account team.

Revision History

Revision 1—Release 11.1.1, March 22, 2022

  • Was this article helpful?