Replify Accelerator 6.0.0-22570 Release Notes ============================================= This document details the content of the Replify Accelerator release 6.0.0. This release is a major release that contains several features and improvements along with bug fixes. The previous GA release of Replify Accelerator was version 5.6.0. Release Highlights ==================== - Performance improvements, particularly when accelerating TLS connections without SSL optimization enabled - Stability improvements when system is under stress - Enhanced configuration options around TLS configuration - Newer Linux distribution, compression, connection handling and logging frameworks Upgrade Instructions ==================== The following versions of the Virtual Appliance (VA) and Enterprise Manager (REM) can be upgraded directly to 6.0.0: = 5.6.0 = 5.5.0 = 5.4.1 = 5.4.0 = 5.3.0 = 5.2.1 To upgrade your system, the REM should be updated first (if you have a REM), followed by the Virtual Appliance and then clients. To upgrade the REM or VA please run the following command at the console: replify-ctl upgrade You will be prompted for an activation code after running the above command. Please contact support@replify.com for this code. Windows clients can be updated by navigating to 'Tools > Options > Updates' in the Replify client user interface. To avail of updates, the client must be connected to an upgraded REM or VA. Detailed installation instructions can be found in the Replify Installation & Configuration Guide. The Accelerator Client can also be downloaded from the web interface of VAs and REMs. Disk Space ========== When deploying from VMWare, the default disk configuration will be a 16GB disk with 'Thick Provisioning'. We would recommend this configuration but if resources are particularly constrained on the server, you may change this to 'Thin Provisioning' to ensure the disk space is only consumed when required. For many production environments, 16GB may not be sufficient to hold all cache data. Please see the installation and configuration guide for details on how to add extra disk space. MAC addresses with Hyper-V ========================== Once the image is deployed on the Hyper-V server the MAC address allocation will be set to 'dynamic' by default. When the machine boots Hyper-V will generate a MAC address for the connected virtual network interface. Replify recommends changing this to use a static MAC address instead. Download Links ============== Downloads are available for VMware ESX 6.0 and above and Microsoft Hyper-V 2012/2016. Other deployments, such as Citrix Xen, Amazon EC2 and Microsoft Azure may be available on request from Replify Support. Please refer to the Replify Installation and Configuration Guide for deployment instructions. VMWare ESX ---------- REM OVF: http://s3.replify.com/v6.x/v6.0.0/Replify-Manager-6.0.0-22570/Replify-Manager-6.0.0-22570.ovf REM VMDK: http://s3.replify.com/v6.x/v6.0.0/Replify-Manager-6.0.0-22570/Replify-Manager-6.0.0-22570-disk1.vmdk VA OVF: http://s3.replify.com/v6.x/v6.0.0/Replify-Appliance-6.0.0-22570/Replify-Appliance-6.0.0-22570.ovf VA VMDK: http://s3.replify.com/v6.x/v6.0.0/Replify-Appliance-6.0.0-22570/Replify-Appliance-6.0.0-22570-disk1.vmdk Hyper-V ------- REM: http://s3.replify.com/v6.x/v6.0.0/Replify-Manager-6.0.0-22570-hyperv.zip VA: http://s3.replify.com/v6.x/v6.0.0/Replify-Appliance-6.0.0-22570-hyperv.zip QEMU ---- REM: http://s3.replify.com/v6.x/v6.0.0/Replify-Manager-6.0.0-22570.qcow2 VA: http://s3.replify.com/v6.x/v6.0.0/Replify-Appliance-6.0.0-22570.qcow2 Docker ------ VA: https://hub.docker.com/r/replifyltd/accelerator/ REM: https://hub.docker.com/r/replifyltd/manager/ SHA256SUMS ------ SHA256 hashes for each file listed above have been generated for this release, they can be downloaded from this link: SHA256SUMS: http://s3.replify.com/v6.x/v6.0.0/SHA256SUMS New Features and Improvements ============================= [ACC-4213] - Startup scripts changed to use SystemD [ACC-4851] - Ability to specify network interfaces that are used for LAN and WAN connections [ACC-4966, ACC-5033, ACC-5050, ACC-5054, ACC-5055, ACC-5170, ACC-5192, ACC-5257, ACC-5294, ACC-5339, ACC-5343, ACC-5389, ACC-5390, ACC-5396, ACC-5400, ACC-5401, ACC-5404, ACC-5438, ACC-5440, ACC-5441, ACC-5448, ACC-5451, ACC-5458, ACC-5465, ACC-5498, ACC-5520] - General UI Improvements [ACC-4992, ACC-5202, ACC-5417, ACC-5450, ACC-5461, ACC-5472, ACC-5487, ACC-5494, ACC-5531, ACC-5543, ACC-5557, ACC-5559] - General logging improvements [ACC-5152, ACC-5383] - Custom TCP Congestion Algorithm is now applied in both directions to traffic between peered Virtual Appliances [ACC-5174] - Diagnostic report contains extra information that is of use to Replify Support [ACC-5177] - Commands API handler now available that gives details of available API functions [ACC-5184] - VMs are now built using Debian Buster [ACC-5213] - Using updated version of Lagger logging framework [ACC-5246] - Windows client downloads can be preconfigured with a specified VA/REM using replify-ctl [ACC-5251] - WAN connection pooling can now be enabled via the API [ACC-5272] - Appliances can be configured to encrypt all optimized data connections [ACC-5281, ACC-5309, ACC-5359, ACC-5399] - Improved update mechanism which is available from UI [ACC-5338] - Optional setting to enable/disable application server certificates now available [ACC-5345] - Using updated version of ZStandard compression library [ACC-5358] - The initial cache size can be specified when adding a peer using the API [ACC-5361] - Performance improvement when performing uploads using SMB protocol [ACC-5362] - Improved breakdown of protocols on bandwidth savings UI [ACC-5364] - Using updated version of Ranch connection handling library [ACC-5365] - Secure Peer Authentication functionality available for Accelerator Clients [ACC-5366] - Congestion Control can be configured differently for each peered Virtual Appliance [ACC-5370, ACC-5371, ACC-5377, ACC-5413] - Performance improvements when accelerating SSL traffic when SSL optimization has not been enabled [ACC-5372] - New UI functionality to edit peered appliances [ACC-5378, ACC-5510, ACC-5550] - New functionality to check if a certificate has been revoked when connecting to an application server [ACC-5385, ACC-5540] - Ability to revoke certificate of secure peered appliances [ACC-5394] - Activation time of alarms now shown on health page [ACC-5402, ACC-5410, ACC-5427, ACC-5447] - General performance improvements [ACC-5403] - SSL certificates can now be uploaded using certificates handler of API [ACC-5406] - Add API function to change congestion algorithm for peered virtual appliance [ACC-5408] - SOCKS functionality can now be enabled/disabled from the API [ACC-5409] - Help parameter can now be passed to an API function to determine how it should be used [ACC-5414] - Jitter can now be simulated in impair-network script [ACC-5420] - Linux 5.3 kernel is now supplied on Virtual Machines [ACC-5424] - Ability to specify whitelist of client IPs that use SSL optimization [ACC-5426] - Fragmented RAM can now be identified and fixed [ACC-5435] - Management Connection heartbeat is more resilient in congested networks [ACC-5437] - replify-ctl command now has a help parameter [ACC-5443] - UI now displays warning if cache disk writes are not enabled. [ACC-5444] - Application configuration files have been reorganized [ACC-5460] - Reduced latency when accelerating encrypted SSL connections [ACC-5488] - Dynamically generated certificates now have a lifetime of 397 days [ACC-5503] - Ability to customize SSL versions and cipher suites that the VA presents to clients [ACC-5506] - Extra certificate information displayed on SSL certificate UI [ACC-5507, ACC-5551, ACC-5552] - UI allows users to turn on/off SSL certificate verification for application servers [ACC-5511] - UI now shows optimisation Alerts for TLS App Server Connection Failures [ACC-5512] - UI now shows optimisation Alerts for Secure Peering Failures [ACC-5558] - Extra information available on peered accelerators API handler describing application servers being accelerated Fixes ===== [ACC-4357] - Occasional hang in client service when loading cache has been resolved [ACC-4747] - Errors upon SSL redirect to different domains have been resolved [ACC-4791, ACC-5336, ACC-5392, ACC-5416, ACC-5422, ACC-5457, ACC-5527, ACC-5532, ACC-5542, ACC-5546, ACC-5547, ACC-5548, ACC-5549, ACC-5556] - Stability improvements when system is under load [ACC-4922] - All VM images use hostnames provided by DHCP server [ACC-4928] - Restoring a backup with no application servers/REMs defined is now always restored correctly [ACC-5004] - Deleting a CA cert on the GUI now takes effect immediately when validating certificates [ACC-5120] - Improvements made in calculating required cache resources [ACC-5240] - Accelerator clients screen on local peered VA now shows offload for traffic to remote VA [ACC-5256] - Android client now reports correct version number in App Manager [ACC-5324] - Dynamic SSL functionality now works with HTTP Connect and StartTLS protocols [ACC-5326] - Accelerator service is now shut down cleanly when OS shuts down [ACC-5337] - Peak throughput figures on UI adjust correctly after client reconnections [ACC-5341] - Docker REM images now have hostname set correctly [ACC-5353] - Admin username is no longer case-insensitive when authenticating [ACC-5368] - Messages from unknown peered appliances no longer result in peering relationship being deleted [ACC-5412] - Service information is now sent correctly to both members of a peering relationship [ACC-5431] - Backoff logic for re-connecting to a VA now working correctly in all scenarios [ACC-5433] - Secure imap connection handshakes no longer fail [ACC-5439] - Application server report on REM has correct headings [ACC-5453] - Changing congestion algorithm now causes connections in connection pool to be recreated [ACC-5456, ACC-5473, ACC-5474, ACC-5476] - Extra validation of parameters in API handlers [ACC-5464] - Changing CCA in settings page changes existing peered CCAs on GUI [ACC-5479] - Extra service information is exposed in services API handler [ACC-5480] - Management connections on health graph now correctly include management connections from peered appliances [ACC-5484] - Connected Clients report UI correctly shows latency of clients from Docker appliances [ACC-5485] - Renaming a tag while it is in use no longer causes a HTTP 500 error [ACC-5489] - Searching on the REM client report UI no longer causes a HTTP 500 error [ACC-5490] - Server certificate and private key are now included in VA backups [ACC-5491] - Command line utilities show error message when invoked by an unprivileged user [ACC-5526] - Making a request with an invalid SNI no longer causes conections to terminate [ACC-5528] - Disk space thresholds which cause disk consolidation to occur have been reduced [ACC-5538] - Deleting an appliance on the Linux/Android clients no longer causes a crash [ACC-5544] - Legacy web servers that have non-standard chunk size representation no longer cause connections to be terminated Deprecated Functionality ======================== [ACC-5475] - Cache_warmer API functionality is now deprecated [ACC-5246] - Windows client downloads are no longer automatically configured to connect to REM. [ACC-5497] - Windows splash screen no longer displayed Errata or Known Issues ====================== [ACC-3718] - Intel based processors on Android devices not supported [ACC-3825] - Un-rooted Android devices can only accelerate HTTP(s) traffic [ACC-4137], [ACC-4170]- applications that use SSL pinning (e.g. Skype for Business, Dropbox etc) will have their connections blocked if configured in the VA to use SSL optimization, unless the pinned certificate is also uploaded to the VA. [ACC-4255] - AVG anti-virus software incorrectly detects a threat during Replify client uninstallation [ACC-4427] - Android client requires a reboot before upgrade or client re-install [ACC-4648] - Mac client service stops when it connects to a VA that is using a non-standard block size [ACC-4719] - STARTTLS and HTTP CONNECT content is not cached in client to local VA scenarios [ACC-4896] - Active FTP may fail for some clients when using a client connected to a peered VA setup [ACC-5047] - Functionality to turn off compression for specified MIME types is no longer working [ACC-5083] - SMB Connections are not optimized by the Mac client