CloudLink SecureVM 3.3 Release Notes February 2015
THIS DOCUMENT CONTAINS CONFIDENTIAL AND TRADE SECRET INFORMATION OF CLOUDLINK TECHNOLOGIES AND RECEIPT OR POSSESSION DOES NOT CONVEY ANY RIGHTS TO REPRODUCE OR DISCLOSE ITS CONTENTS, OR TO MANUFACTURE, USE, OR SELL ANYTHING THAT IT MAY DESCRIBE, REPRODUCE, DISCLOSURE, OR USE IN WHOLE OR IN PART WITHOUT THE SPECIFIC WRITTEN AUTHORIZATION OF CLOUDLINK IS STRICTLY FORBIDDEN. The information furnished herein is believed to be accurate and reliable to the best of our knowledge. However, CloudLink Technologies assumes no responsibility for its use, or for any infringements of patents or other rights of third parties resulting from its use. CloudLink Technologies reserves the right to, without notice, modify all or part of this document and/or change product features or specifications and shall not be responsible for any loss, cost, or damage, including consequential damage, caused by reliance on these materials. If you are in any doubt as to whether this is the correct version of the manual for a particular release, contact CloudLink Technologies. Trademarks CloudLink is a registered trademark of CloudLink Technologies. All other brands or product names mentioned herein are for identification purposed only and may be trademarks and/or registered trademarks of their respective companies. Copyright 2015 All Rights Reserved. Document version 1.02 CloudLink Technologies 2680 Queensview Drive, Suite 150 Ottawa, Ontario, K2B 8J9, Canada Tel: +1 (613) 224-5995 Fax: +1 (613) 224-5410 Support Inquiries (866) 356-4060 support@cloudlinktech.com General Inquiries info@cloudlinktech.com Sales Inquiries sales@cloudlinktech.com
Contents Introduction... 4 New in this Release... 5 Supported Platforms... 7 CloudLink Center... 7 SecureVM Agent... 7 Known Issues... 9 CloudLink SecureVM 3.3 Release Notes 3
Introduction These release notes provide details about the following aspects of CloudLink SecureVM version 3.3: New in this Release Supported Platforms Known Issues CloudLink SecureVM 3.3 Release Notes 4
New in this Release This release supports additional platforms for deployment of CloudLink Center and SecureVM Agent (Windows and Linux VMs). See Supported Platforms. The following new features are provided with SecureVM 3.3: Improved consistency for SecureVM Agent Installer. The installer is more consistent across standard and custom installations for Windows and Linux. Broader use of the CloudLink Center server address in FQDN format. Previous releases required that this address be specified as an IP address, with limited support for FQDN format. Because IP addresses can be problematic in cloud environments, the CloudLink Center server address may now be specified using FQDN format across all installation methods, and more widely in the CloudLink Center user interface. Higher security for the secadmin account. For increased security, particularly in cloud environments, a temporary password is generated for the secadmin account used to log in to CloudLink Center for the first time. Immediately after first-time log in, the user is required to change the temporary password. Support for VM clones. VM clones can now be managed in CloudLink Center after manual approval on first-time startup. The serial number of the clone is changed to ensure that all VMs in the CloudLink environment can be uniquely identified. Policy for IP address changes. To minimize the number of VMs that must be manually approved on startup, this release provides a policy for determining whether a VM with a changed IP address is allowed to start up automatically. Changes to VM removal. With this release, you can remove a VM from CloudLink Center only if it s in the Offline state. However, you are not required to decrypt volumes before removing the VM. New recovery tool. To allow VMs to reconnect to CloudLink Center if its IP address changes, a Redirect tool is available with this release. CloudLink SecureVM 3.3 Release Notes 5
Active Directory membership and keystore enhancements. After joining an Active Directory domain, CloudLink Center uses LDAP binds to authenticate domain users. With this release, you are not required to specify the primary or secondary hosts. If neither host is specified, all hosts in the domain are searched. LVM support. If you are deploying SecureVM into an existing Linux virtual machine, LVM is now supported. CloudLink SecureVM 3.3 Release Notes 6
Supported Platforms This section describes the supported platforms for CloudLink Center and SecureVM Agent. CloudLink Center SecureVM 3.3 supports the following platforms for CloudLink Center: VMware vsphere Microsoft Hyper-V Microsoft Azure VMware vcloud Air Amazon Web Services (AWS) IBM SoftLayer (Virtual) Google Cloud SecureVM Agent SecureVM 3.3 supports the following 64-bit operating systems for SecureVM Agent: Windows 7 Windows 8 and 8.1 Windows Server 2008R2 Windows Server 2012 Windows Server 2012R2 SUSE Linux Enterprise Server 11 Linux Ubuntu 12.04 LTS and 14.04 LTS RedHat 6.5 CentOS 6.5 CloudLink SecureVM 3.3 Release Notes 7
The following table identifies the images that have been tested for each cloud environment: Microsoft Azure VMware vcloud Air Amazon Web Services* IBM SoftLayer (Virtual) Google Cloud Windows Server 2008R2 Windows Server 2012 Windows Server 2012R2 yes yes yes yes yes yes yes yes yes yes yes yes yes SUSE Linux Enterprise Server 11 yes yes Linux Ubuntu 12.04 LTS and 14.04 LTS RedHat 6.5 yes yes yes yes yes yes CentOS 6.5 yes (OpenLogic) yes *Note: Only HVM AMIs are supported in Amazon Web Services. CloudLink SecureVM 3.3 Release Notes 8
Known Issues This section describes the known issues in CloudLink SecureVM 3.3. Description When a data disk is added to a VM using the AllData or BootAllData volume encryption policy, CloudLink detects the new disk and begins encryption automatically. For some Windows operating systems, during the process of initializing the new disk, you re prompted twice to format the disk. The second prompt appears in a new window. If you confirm the format operation in this second window, the disk will not be encrypted. (9077) Workaround If prompted by a second window to format the disk, choose the cancel option. If you inadvertently confirm the format operation, ensure that you manually encrypt the disk in CloudLink Center. Windows does not boot after a GPT (GUID Partition Table) data disk is added and encrypted. (9151) The second (or more) GPT drive could be added if there are at least two MBR data disks. After running the Redirect application for a Windows VMs deployed in a VMWare environment, Secure VM Agent shows the previous CloudLink Center server address and the status of Unconnected. (9135) Do the following: 1. In the Windows Task Manager on the VM, end the SecureVM Client process. 2. Restart the service. For information, see the CloudLink Center Administration Guide for CloudLink SecureVM. If a CloudLink Center cluster is upgraded without removing the slave, VMs may appear twice in CloudLink Center. For information about upgrading a cluster, see the CloudLink Center Administration Guide for CloudLink SecureVM. (9162) One instance of the VM will never appear online and can be manually removed in CloudLink Center. In some cloud environments, a VM may include an ephemeral disk. The cloud environment may remove the contents of this disk if the VM is stopped. If you encrypt the ephemeral disk with SecureVM you may find the encryption removed if the VM is stopped and started. (9191) The ephemeral disk must be encrypted again using SecureVM. After upgrading CloudLink Center in Microsoft Azure, the version number displayed (System tab, Version Control) is not updated. (9163) On the System tab, in the Version Control panel, press the F5 key. When upgrading CloudLink Center deployed in the cloud, CloudLink Center requires external access. (9230) n/a If you uninstall the SecureVM Azure Extension for a VM that has encrypted volumes, the SecureVM Agent software is not uninstalled. The SecureVM Azure Extension is uninstalled. (9237) n/a CloudLink SecureVM 3.3 Release Notes 9
Description SecureVM Agent setup options (SecureVM tab, Setup) contain a package named securevm-windows-x64-uefi.msi. This is an experimental feature for previewing UEFI support. This feature is not supported. Workaround n/a CloudLink SecureVM 3.3 Release Notes 10