**************************************************************************** Software Release: Secomea RDM 4.1 - public release Release Date: 2009-11-09 **************************************************************************** (c) Copyright 2009, Secomea A/S. All rights reserved. **************************************************************************** Scope and production information **************************************************************************** This is Secomea Remote Device Management release 4.1. This release note describes changes since Release 4.0 build 9201. Please refer to the older release notes for further information. Products covered: --------------------------------------------------- SiteManager 2029 (Hardware with UMTS interface) SiteManager 2129 (Hardware with UMTS interface) SiteManager 2034 (Hardware with dual DEV interfaces) SiteManager 2134 (Hardware with dual DEV interfaces) SiteManager 3034 (Hardware with DIN mount and 4-port switch) SiteManager 3134 (Hardware with DIN mount and 4-port switch) SiteManager 6040 (Software version, external agent support) SiteManager 6240 (Software version, hosting PC access only) LinkManager 6041 (Software version) GateManager 8250 (Software version) Version and Build numbers: ------------------------------------------------------- GateManager Server software version 4.1.0.206 GateManager Proxy software version 4.1.14 LinkManager Installer version 4.1.0.9454 SiteManager Soft Installer version 4.1.0.9454 SiteManager Soft firmware version 4.1 build 9454 SiteManager PC Installer version 4.1.0.9454 SiteManager 2xxx firmware version 4.1 build 9454 SiteManager 3xxx firmware version 4.1 build 9455 Tray Icon version 2.45.0.9454 **************************************************************************** 1. Highlights of this release **************************************************************************** - Support for new SiteManager 3000 series. - Support for Windows 7 (32-bit versions only). - GateManager server can now run using a "Soft License", as well as the hardware license key. This allows GateManager to run in Virtual Machines without access to a physical USB port. - National characters can now be used in domain names and user names on GateManager, and in appliance and agent names on SiteManagers. Both LinkManagers, SiteManagers and GateManager must be updated to release 4.1 before using national charaters. - Fixed problems with LinkManager not being able to co-exist with programs using Sun VirtualBox environment. - Improved support for accessing timing-sensitive serial devices. - Added "auto subnet agent" feature which automatically makes all devices attached to a SiteManager accessible from LinkManager if no device agents have been defined. **************************************************************************** 2. New features and improvements. **************************************************************************** All Products ---------------------------------- - Implemented various optimizations on LinkManager and SiteManager to reduce end-to-end round-trip time for serial port communication. (#3509) Both LinkManager (including Tray Icon) and SiteManager must be upgraded to release 4.1 to activate the new serial port optimizations. - All products now report their configured GateManager Server address(es) to the GateManager; this information can be useful when moving appliances between GateManagers or preparing to change GateManager addresses. GateManager ---------------------------------- - When joining an account to a domain, the user will now get access to all subdomains of the domain via LinkManager console. To revert to the old behaviour (for all users), set recurse_joined_domains=0 in the proxy configuration. - Personal names are now shown in the Accounts view navigation tree. E-mail is shown in mouse-over tooltip. - Extended Status Command for GateManager server has been extended. It now includes active network connections, routes, and more. Notice that the Extended status utilizes various native Linux tools on your GateManager server; some errors may be printed in the extended status if those tools are not installed or are too old. You can just ignore those errors, or - better - install or update the tools. See the "/px/bin/status.sh" script to see what is required. - Administrator GUI has been improved: - New [Status] button to show GateManager Extended Status. - New [Routes] button to setup static routes on the GateManager server. - New [Sample] button on "Relay Configuration" page, showing the latest relay.conf-sample file installed with server updates. - You can now make the GateManager automatically approve and attach Agents created on an already attached (and approved) SiteManager or TrustGate appliance. To do this, set the "auto_approve" parameter in the "proxy.conf" file for the relevant relay domain(s). When set, agents automatically change state to "Attached" in the GateManager and are attached to the same domain as the SiteManager or TrustGate appliance. Note: Server and Device relays are never automatically approved or attached. If SiteManager itself is not attached, those relays are never started either, but even when SiteManager is attached, the relays still need to be attached to work. This includes using "Address on GateManager" in device agents. - You can also make the GateManager automatically approve (but not attach) all new appliances (e.g. SiteManagers, LinkManagers, TrustGates, and agents), meaning that end-to-end traffic is enabled between those appliances without being actively approved by the GateManager operator attaching the device to a domain. (#3534) To do this, set the "auto_approve_all" parameter in the global relay section of the "proxy.conf" file. If set to "1", only appliances using a domain token corresponding to an existing domain on the GateManager will be auto-approved. If set to "2", all appliances will be auto-approved, even if their domain token is unknown. Notice that on the GateManager server, appliances will remain in the Tentative "New" or "Unknown" state until actually attached to a domain by the GateManager operator. This leaves some control over which new appliances actually connects to the GateManager; and it makes it easier to setup configuration backup schedules, alerts, etc. for the new appliances using the "attach appliance wizard". LinkManager ---------------------------------- - A "ping" (icmp echo) request received by LinkManager is now actually performed on the SiteManager, and the remote response is sent back to the requester on the LinkManager PC. Prior to release 4.1, when you "Ping" a remote device IP address known to the LinkManager, the LinkManager itself would answer to the "ping". In particular, this means that the ping time measurement now shows the actual round-trip time, and you will only get a response if the remote device actually responds to the ping. Furthermore, if "auto subnet agent" is enabled for a remote subnet (see below), you can perform a remote device discovery by sending a ping to the remote subnet broadcast address, for example ping 10.0.1.255 - Limited support for forwarding of UDP subnet broadcasts to remote devices. (#3561) Please notice that when LinkManager receives a UDP subnet broadcast, it will select the remote device which best matches the given subnet and target port, and forward the packet as a unicast UDP to the chosen device. This means that the present UDP broadcast support cannot be used as a generic discovery method for all types of remote devices. Also notice that UDP broadcast to 255.255.255.255 is not supported. SiteManager ---------------------------------- - Support for SiteManager 3034 and SiteManager 3134. - Hardware-based SiteManagers now automatically synchronize their system time with the GateManager's system time on connect unless they are configured to use NTP. (#3493) - New "auto subnet agent" feature for device ports. (#3561) When an "auto subnet agent" is used, the entire subnet of a device port on SiteManager is made available to LinkManagers connecting using "" to the SiteManager. This includes access to any of the IP addresses in the remote subnet via TCP (connection initiated in any direction), UDP (initiated from LM to SM), and Ping (ICMP ECHO - from LM to SM). By default, the "auto subnet agent" feature is enabled for all SiteManager DEV ports; this means that the subnet agent will be automatically started on each of the DEV port subnets for which there are NO device agents with a target IP address on that subnet. If you don't use a specific DEVx interface on the SiteManager, you can disable the "auto subnet agent" on the System > DEVx page for that subnet. You also have the option to enable the subnet agent for a DEVx port even if there are agents defined on that port; in that case, those agents control how you access that specific device. Device Agents ---------------------------------- - New Vendor Agents: B&R - Serial PLC Beijer - Exter HMI Koyo - Ethernet ECOM Omron - Ethernet HMI Omron - Serial PLC RockWell Automation - Ethernet and Serial Secomea - SiteManager Secomea - TrustGate - Enhanced Vendor Agents (improved operability): Koyo - Serial PLC Omron - Ethernet PLC Pro-Face - Ethernet Panel - New Generic Agents (for quick device setup): NAT 1-way, NAT 2-way Transparent (2-way) - New Custom Modem Agent with configurable dial-out phone number, making it easy to handle existing modem-attached remote serial devices. (#3684) - Custom Serial Agent now supports a configurable dial-out phone number. - Custom SNMP Agent now has support for Go To Appliance (http only). - Custom Device Agent can now support UDP broadcasts. - Improved support for devices using "passive FTP" protocol. (#3502) - Generally better support for serial agents (lower end-to-end latency). **************************************************************************** 3. Bug Fixes. **************************************************************************** GateManager ---------------------------------- - Fix long delays in generating and sending new certificates, observed on some installations. (#3078) - Fix missing update of installed plugins when upgrading server. (#3514) - LinkManager would not see appliances if domain was renamed in GateManager. - If a LinkManager with an active connection to a SiteManager loses its connection to the GateManager, both GateManager and SiteManager would keep recording the LinkManager as connected. (#3194) Notice that it can take 1-2 minutes before the broken LinkManager connection is detected and no longer appears as connected on the SiteManager and GateManager. - Add "ip" function button in alert editor. (#3578) LinkManager ---------------------------------- - Login to the GateManager and connecting to a SiteManager could take a long time if LinkManager is located behind a restrictive firewall. (#3700) - Make the :port part optional in default VNC and RDP service rules. (#3535) - Fix occasional problems connecting to remote devices when LinkManager is located inside private GateManager network. (#3537) - Fix rare problem related to not being able to use certain GateManager user certificates for Login on LinkManager. (#3539) - Fix issue with Firefox requesting user to login twice when using the "Advanced" button on LinkManager Login page. (#3540) - Fix LinkManager installation wizard to work with Floating license. (#3555) - In LinkManager Console, the "left triangle arrow" indicator for server relays is now blue instead of red (since red usually indicates an error). - Hitting the Browser's Refresh button (or F5) in LinkManager console when connected to a remote SiteManager would close the connection. (#3588) - After enabling "Setups" in the LinkManager Console, the newly created setup had no associated certificates. Now, as long as you don't make any explicit certificate associations (on the Certificate's Properties page), all certificates are implicitly associated with all defined setups. (#3542) - Fixed problems with LinkManager not being able to co-exist with programs using Sun VirtualBox environment. (#3533) - On some Lenovo laptops running Windows Vista, starting LinkManager could make the PC hang. (#3581) - LinkManager could consume a lot of CPU cycles if it was started while there were no network connection, or when resuming a laptop that had been suspended for several hours. (#3244) - On laptops with "dynamic" internet connections (such as UMTS), LinkManager might not install tunnel routes if it was started before the internet connection was established. (#3593) SiteManager ----------------------------------- - Editing the Agent configuration using Internet Explorer 6 would sometimes make unexpected random changes due to bugs in IE6. A work-around has been added to avoid the problem. (#3531) - Fixed problems with SiteManager Soft and SiteManager PC not being able to co-exist with programs using Sun VirtualBox environment. (#3533) - On some Lenovo laptops running Windows Vista, starting SiteManager Soft or SiteManager PC could make the PC hang. (#3581) - SiteManager Soft and SiteManager PC could consume a lot of CPU cycles if it was started while there were no network connection, or when resuming a laptop that had been suspended for several hours. (#3244) - SiteManager 2029/2129 would sometimes use UPLINK2 (UMTS) instead of UPLINK to connect to GateManager when SiteManager UPLINK internet connection passes through a restrictive firewall. (#3701) - If multiple Serial agents were defined (sharing the serial port), certain changes to the Serial port configuration would be ignored until SiteManager was rebooted. (#3396) Device Agents ---------------------------------- - SNMP Agent's community name parameter field is now treated as a password so it is no longer shown in clear-text. (#3595) - SNMP Agent would sometimes fail to restart after a configuration change. (#3207) **************************************************************************** 4. Upgrade information. **************************************************************************** LinkManager 6041 ----------------------------------- - Since release 4.0, LinkManager does not rely on VMware to operate. Instead it comes with its own virtual "LinkManager Adapter" driver, which is installed and setup by the LinkManager Installer. On Windows XP, this driver is installed silently, but on Windows Vista and Windows 7 you will have to confirm the installation of the adapter. When upgrading a LinkManager 3.7 or older, the LinkManager Installer automatically migrates all configuration and certificates from the VMware based installation. Once upgraded to 4.0 or newer, you cannot downgrade the LinkManager to an older version. - First time you start LinkManager after the upgrade (or after a new installation), you may be prompted to accept the installation of Secomea's CA certificate as a trusted root certificate. You should allow this to prevent Windows from looking for new COM port drivers (it won't find any) each time you establish a serial connection. - The firmware file id for LinkManager has changed from v41 to v6041 to reflect the change from VMware (v41) to non-VMware (v6041). SiteManager PC 6240 ----------------------------------- - SiteManager PC comes with its own virtual "LinkManager Adapter" driver, which is installed and setup by the SiteManager PC Installer. On Windows XP, this driver is installed silently, but on Windows Vista and Windows 7 you will have to confirm the installation of the adapter. SiteManager Soft 6040 ----------------------------------- - SiteManager Soft requires VMware to operator, also after the update. - To upgrade an existing SiteManager Soft, you must first run the SiteManager Soft Installer program to upgrade the associated programs and drivers, and subsequently upgrade the firmware via the advanced web GUI. SiteManager 2034 / 2134 ----------------------------------- - This firmware includes a new flash driver for SiteManager 2034/2134. Once firmware 4.1 has been loaded, it is not possible to downgrade to a firmware using the old flash driver (i.e. release 4.0 build 9201 or older). SiteManager 2029 ----------------------------------- - Due to changes to the flash memory handling on SiteManager 2029, it is only possible to downgrade from this firmware release to a firmware release 3.7 build 8481 or newer. Device Agents ----------------------------------- - Previously installed standard agents are automatically removed when you upgrade to this firmware which includes all of the standard agents. - This means that you will need to reinstall the agents if you downgrade to a firmware release older than 4.0. **************************************************************************** 5. Known issues or limitations **************************************************************************** - GateManager Console (Java application) may shutdown unexpectedly. This problem happens to several Java-based applications due to a conflict with a Samsung LCD monitor utility called Multiscreen. This utility supposedly hooks into the Windows display drivers in a non-complient way which can cause Java applications to fail when trying to update the display. If you encounter this type of error and you use the Samsung Multiscreen utility, disabling or exiting the Multiscreen utility (via the Tray icon) will resolve the issue. - Due to new restrictions on secure web-site certificate authentication, both Internet Explorer 7 or Mozilla Firefox 3 may prevent you from accessing https based services via the LinkManager's Go To Appliance functionality in the non-activated state (Domain view). This is because the Go To Appliance function uses a different IP address than the actual IP address of the remote device, so the browser suspects that the target device's (typically self-signed) certificate may be a forgery. There is no easy way to get around this problem, so you will have to follow the somewhat tedious procedure of your browser to bypass the warnings and connect to the device anyway. Note 1: You should not store the certificate permanently in Firefox 3. Note 2: If you use release 4.0 or newer of both LinkManager, SiteManager, and the GateManager, connecting with Go To Appliance from LinkManager to a SiteManager now uses "http" rather than "https" to circumvent this problem. This is safe, since the http traffic is sent through the encrypted GateManager connection. **************************************************************************** 6. Agent firmware versions **************************************************************************** SiteManager firmware files now includes upgrades for all relevant agents. Older agent firmware versions are automatically removed when upgrading. This also means that if you later want to downgrade to a version before release 4.0, you must reinstall the corresponding agent files manually. **************************************************************************** 7. Special notes for GateManager Owners **************************************************************************** In the following table, the "Revision" field column is the text you must enter when you add a firmware file to the Appliance Products repository: Product Firmware file "Revision" field ---------------- ---------------------- ---------------------- SiteManager 2029 v29_9454.ffs oper:v29_9454 SiteManager 2129 v2129_9454.ffs oper:v2129_9454 SiteManager 2034 v34_9454.ffs oper:v34_9454 SiteManager 2134 v2134_9454.ffs oper:v2134_9454 SiteManager 3034 v3034_9455.ffs oper:v3034_9455 SiteManager 3134 v3134_9455.ffs oper:v3134_9455 SiteManager 6040 v6040_9454.ffs oper:v6040_9454 SiteManager 6240 n/a oper:v6240_9454 LinkManager 6041 n/a oper:v6041_9454 Agents n/a (see below) agent:v09_xxxx_yyyy Agents are now included in the base firmware, so there is no separate agent firmware file. Agent firmware versions shown in the "Revision" field follows the build number, yyyy, of the base firmware. No "ffs" files are released for the LinkManager and SiteManager PC models; to upgrade these, just run the relevant Installer to upgrade the firmware as well as the associated programs and drivers. **************************************************************************** END ****************************************************************************