Replify Accelerator 6.2.0-25740 Release Notes
=============================================

This document details the content of the Replify Accelerator release 6.2.0. This release contains several features and improvements along with bug fixes. The previous GA release of Replify Accelerator was version 6.1.0.

Release Highlights
====================

 - Support for TLS 1.3 application servers and TLS 1.3 between Replify nodes

 - Performance Improvements when Under High Load

Upgrade Instructions
====================

The following versions of the Virtual Appliance (VA) and Enterprise Manager (REM) can be upgraded directly to 6.2.0:

 = 6.1.0
 = 6.0.0
 = 5.6.0
 = 5.5.0
 = 5.4.1
 
To upgrade your system, the REM should be updated first (if you have a REM), followed by the Virtual Appliance and then clients.

To upgrade the REM or VA please run the following command at the console:

  replify-ctl upgrade

You will be prompted for an activation code after running the above command. Please contact support@replify.com for this code.

Windows clients can be updated by navigating to 'Tools > Options > Updates' in the Replify client user interface. To avail of updates, the client must be connected to an upgraded REM or VA.
Detailed installation instructions can be found in the Replify Installation & Configuration Guide. The Accelerator Client can also be downloaded from the web interface of VAs and REMs.

Disk Space
==========

When deploying from VMWare, the default disk configuration will be a 16GB disk with 'Thick Provisioning'. We would recommend this configuration but if resources are particularly constrained on the server, you may change this to 'Thin Provisioning' to ensure the disk space is only consumed when required.

For many production environments, 16GB may not be sufficient to hold all cache data. Please see the installation and configuration guide for details on how to add extra disk space.

MAC addresses with Hyper-V
==========================

Once the image is deployed on the Hyper-V server the MAC address allocation will be set to 'dynamic' by default. When the machine boots Hyper-V will generate a MAC address for the connected virtual network interface. Replify recommends changing this to use a static MAC address instead.

Download Links
==============

Downloads are available for VMware ESX 6.5 and above and Microsoft Hyper-V 2016 and above. Other deployments, such as Citrix Xen, Amazon EC2 and Microsoft Azure may be available on request from Replify Support. Please refer to the Replify Installation and Configuration Guide for deployment instructions.

VMWare ESX
----------

REM OVF: https://s3.replify.com/v6.x/v6.2.0/Replify-Manager-6.2.0-25740/Replify-Manager-6.2.0-25740.ovf
REM VMDK: https://s3.replify.com/v6.x/v6.2.0/Replify-Manager-6.2.0-25740/Replify-Manager-6.2.0-25740-disk1.vmdk

VA OVF: https://s3.replify.com/v6.x/v6.2.0/Replify-Appliance-6.2.0-25740/Replify-Appliance-6.2.0-25740.ovf
VA VMDK: https://s3.replify.com/v6.x/v6.2.0/Replify-Appliance-6.2.0-25740/Replify-Appliance-6.2.0-25740-disk1.vmdk

Hyper-V
-------

REM: https://s3.replify.com/v6.x/v6.2.0/Replify-Manager-6.2.0-25740-hyperv.zip
VA: https://s3.replify.com/v6.x/v6.2.0/Replify-Appliance-6.2.0-25740-hyperv.zip

QEMU
----

REM: https://s3.replify.com/v6.x/v6.2.0/Replify-Manager-6.2.0-25740.qcow2
VA: https://s3.replify.com/v6.x/v6.2.0/Replify-Appliance-6.2.0-25740.qcow2

Docker
------

VA: https://hub.docker.com/r/replifyltd/accelerator/
REM: https://hub.docker.com/r/replifyltd/manager/

SHA256SUMS
------

SHA256 hashes for each file listed above have been generated for this release, they can be downloaded from this link:

SHA256SUMS: https://s3.replify.com/v6.x/v6.2.0/SHA256SUMS

New Features and Improvements
=============================

[ACC-4662, ACC-5647, ACC-5700, ACC-5715, ACC-5717, ACC-5723, ACC-5735, ACC-5787, ACC-5802, ACC-5809, ACC-5811, ACC-5818, ACC-5829, ACC-5833, ACC-5834, ACC-5836, ACC-5837] - Logging improvements
[ACC-4795] - Android client now uses latest SDK and NDK
[ACC-5369] - macOS client installers are now notarized
[ACC-5496] - SSL Certificates can now be included in a backup
[ACC-5596] - A UI notification is displayed thirty days before the VA's CA certificate is due to expire
[ACC-5598] - ZStandard 1.4.5 library is now being used for compression
[ACC-5602, ACC-5800] - Improved cache performance under load
[ACC-5610, ACC-5612, ACC-5639, ACC-5643, ACC-5670, ACC-5689, ACC-5695, ACC-5696, ACC-5697, ACC-5698, ACC-5699, ACC-5701, ACC-5702, ACC-5705, ACC-5749, ACC-5760] - Performance improvements when a large number of application servers are present
[ACC-5613] - Nftables is now used when applying interception rules on a peered virtual appliance
[ACC-5614] - When adding a peered appliance using the API, the export parameter no longer needs to be specified
[ACC-5615, ACC-5616. ACC-5617, ACC-5820] - API Validation improvements
[ACC-5649] - VA is able to start correctly in Docker when all volumes are empty
[ACC-5651] - Using Ranch 2.0 library for connection handling
[ACC-5654, ACC-5657] - TLS 1.3 is now used to secure connections between Replify nodes
[ACC-5658, ACC-5721, ACC-5816] - TLS 1.3 will now be used if available when making TLS connections to application servers
[ACC-5660] - Accelerator service will now always shut down within 30s
[ACC-5656] - Virtual Machines are now configured by default with Google public DNS servers
[ACC-5662] - TLS client ciphers are now passed through and used when connecting to TLS servers
[ACC-5666] - Trial Licence description has been renamed to "Timed Licence"
[ACC-5691] - Improved CPU scheduling when system is under load
[ACC-5694] - Improved memory allocation under load
[ACC-5704] - VA server certificate is automatically regenerated whenever it expires
[ACC-5711] - Using OpenSSL 1.1.1h for crypto operations
[ACC-5713] - Replify Accelerator is now built using Erlang 23.1
[ACC-5725, ACC-5778, ACC-5780, ACC-5803] - Improved performance when system is under load
[ACC-5729] - ADMX Group policy template is now available for configuring client settings
[ACC-5739] - Secure Peering configuration on client no longer requires manual modification of configuration files
[ACC-5770, ACC-5815, ACC-5823, ACC-5835] - Optimization Alerts framework has been improved
[ACC-5794] - Resource checker takes cache write queue into consideration when determining disk usage thresholds
[ACC-5804] - Health graph now contains instructions how to turn on/off counters
[ACC-5824, ACC-5828] - TCP Keep-alives are now used on all WAN data sessions

Fixes
=====

[ACC-5501] - Certificate validation now detects when intermediate certificates that use SHA-1 are in use
[ACC-5515, ACC-5625, ACC-5661, ACC-5679, ACC-5680, ACC-5765, ACC-5768, ACC-5783] - UI improvements
[ACC-5616, ACC-5619] - API documentation corrections
[ACC-5608] - SNMP agent now reports group log levels correctly
[ACC-5634] - CA Cert IDs are persistent between service restarts
[ACC-5646] - Diagnostic messages that aren't errors are no longer logged to syslog
[ACC-5650] - TLS verification now works on Raspbian
[ACC-5664] - Changing proxy configuration on macOS/Linux/Android clients no longer causes crash
[ACC-5655] - Ulimit values have been corrected in Docker YML files
[ACC-5672] - peered_accelerators_api list call no longer fails when peers are added with duplicate IPs but different GUIDs
[ACC-5675] - System API handler is now correctly displays memory usage information
[ACC-5682] - Race condition when generating a diagnostic report has been fixed
[ACC-5685] - IP forwarding is now enabled (if available) when running in a container
[ACC-5706] - Improved validation in impair-network script
[ACC-5707, ACC-5708] - Increased stability when REM is under load
[ACC-5715] - Unnecessary non default sysctl parameters applied on the REM have been removed
[ACC-5716, ACC-5726, ACC-5746] - If different SSL configurations are supplied for overlapping application servers subnets, the correct configuration is now used
[ACC-5754] - It is now possible to add a service using the HTTP CONNECT handler via the API
[ACC-5755] - Issue where API set_property call turns off SSL optimization has been resolved
[ACC-5762] - replify-ctl set-config-value now works correctly with configuration values of type 'term'
[ACC-5763] - SNMP agent can now be enabled in Docker containers
[ACC-5779] - Appliance secure mgmt port is now exposed on Docker containers
[ACC-5786] - Reuseaddr socket option is used for TCP acceptors
[ACC-5789] - Condition where disk writes could be permanently disabled has been removed
[ACC-5790] - Improvements in connection handling to avoid "zombie" connections
[ACC-5792] - Condition where StartTLS connections could be terminated prematurely has been resolved
[ACC-5799] - Errors in calculating WAN throughput figure on health graph have been corrected
[ACC-5806] - Crash when changing LAN/WAN interfaces from GUI has been resolved
[ACC-5813] - Issue where health statistics collection stopped happening has been resolved
[ACC-5814] - Option to use diagnostic utilities is not displayed for application servers that are subnets
[ACC-5842] - SSL Certificates can now be added to a VA running in a Docker container
[ACC-5860] - Ensure that SystemD is responsible for monitoring the Linux client process (not Erlang heart)

Removed functionality
======================

[ACC-5663] - SSL v3.0 can no longer be used to connect to application servers
[ACC-5648] - Ability to turn off compression for specific MIME types is no longer available

Errata or Known Issues
======================

[ACC-3718] - Intel based processors on Android devices not supported
[ACC-3825] - Un-rooted Android devices can only accelerate HTTP(s) traffic
[ACC-4137], [ACC-4170]- applications that use SSL pinning (e.g. Skype for Business, Dropbox etc) will have their connections blocked if configured in the VA to use SSL optimization, unless the pinned certificate is also uploaded to the VA.
[ACC-4255] - AVG anti-virus software incorrectly detects a threat during Replify client uninstallation
[ACC-4427] - Android client requires a reboot before upgrade or client re-install
[ACC-4648] - Mac client service stops when it connects to a VA that is using a non-standard block size
[ACC-4719] - STARTTLS and HTTP CONNECT content is not cached in client to local VA scenarios
[ACC-4896] - Active FTP may fail for some clients when using a client connected to a peered VA setup
[ACC-5083] - SMB Connections are not optimized by the Mac client
[ACC-5759] - Connections are blocked to some servers that don't support HTTP/1.1
[ACC-5821] - Certificate validation will fail for certificate bundles that contain expired, unused or out of order certificates
[ACC-5825] - Intermittent High Latency with WAN Connection Pooling