ProVision 7.1.0
ProVision 7.1.0 is a major release with new features, improvements and bug fixes.
Local Software Requirements Update
For local installation customers, ProVision versions 7.0.0 and newer have upgraded software requirements (in red, below):
Required | Link | |
Operating System | Linux/BSD/OSX | |
Apache | Apache 2.4 | |
PHP | PHP 7.1 | |
MySQL | MySQL 5.7 |
Note on MySQL: We recommend setting the max_allowed_packet setting in the MySQL configuration file to 128MB (or similar) to account for the typical dataset size handled in ProVision.
Major Features and Improvements in this release:
- New Features
- Additional Features / Improvements
- Bug Fixes/Minor Improvements
New Features
APIv2 Documentation
Public APIv2 documentation is located at https://cloud.6connect.com/APIv2/.
APIv2 documentation includes:
- IPAM API
Includes actions for LIRs, IP aggregate and block management, VLAN, IP Rules, and SWIP. - Resource API
Includes actions for managing the ProVision Resource System.
The resource API provides CRUD endpoints for resources, resource attributes, resource attachments and resource backups. - DNS API
ProVision DNS API allows you to manage DNS Zones, Records, Servers, Groups and ACLS. - Users API
Includes actions for ProVision Users, permissions and actions. - Usergroups API
Includes actions for ProVision Groups, permissions and actions - Scheduler API
The API Allows you to easily schedule tasks. - API Composer Platform
API Composer Platform (ACP) is an additional module in ProVision to help automate frequently used combinations of calls.
Approvals
CFR / IM - 2937: New Approvals Module integrated with DNSv3 - See Approvals.
The Approvals module stores and queues DNS actions made by selected User Groups, and sends those actions to a Pending Changes list for administrative review.
Later, an administrator (or combination of administrators) can approve or reject these stored actions.
Approvals features include:
- Ability to associate existing ProVision User Groups with "Deny", "Approve", or "Requires Approval" permissions on DNS actions.
- Supports Approval by one or more Admin Groups
- Approval restrictions may be high level or fine-grained; set for the whole of DNS, by DNS Family, Action Type, or any combination thereof
- Option to send notification emails
- Bulk Approve or Reject requests
- View user approval event history
- Filter and Sort Approval request list
- Notification display on DNS pages with pending change requests
Approvals-related updates include:
Admin Approvals Tab
A new "Approvals" tab has been added to the Admin area of ProVision, containing two sub-tabs - "Pending Approvals" and "Permission Groups", the primary areas from which to manage Approvals items.
Pending Approvals Sub-Tab
The Pending Approvals sub-tab lists Pending approval requests for the current Admin user for which they have permissions to "Approve" or "Reject". The Pending Approvals list may be sorted by Name, Family, Action Type, Updated time, or by submitted user and searched by resource name.
Approving and Rejecting change requests may be done individually, or in bulk by selecting multiple item checkboxes / clicking the "select all" checkbox. Once selected, an option to Approve/Reject all selected items will appear. If notifications are enabled for the Group or Action, an email will be sent notifying the request submitter of the status change.
At the bottom of the page, historical approval items for the user are shown. The user may filter their previous approval items by Executed, Approved, Rejected, or Pending by Others (for items requiring multiple Groups to approve). For more information on the Pending Approvals subtab, see Pending Approvals.
Permission Groups Sub-Tab
The Permission Group page contains areas to manage what type of Approval permissions each User Group has, and on what actions. There are two tabs available under Permission Groups - Groups and Actions.
There are two tabs available under Permission Groups - Groups and Actions.In the Groups tab, each ProVision User Group is listed. Clicking the "Assign" button for a group brings up a checklist to select what policy to apply to the group for what Family and Actions (i.e. DNS Zone 'Add' or DNS Group 'Update').
The Actions Tab lists the group permissions organized by Family/Action type. Expanding a Family shows the available actions, and a matrix of how many groups are assigned under each policy.
For more information on the Approvals Permission Groups subtab, see Permission Groups
DNSv3 Approvals Updates
Updates have been made in DNSv3 supporting the Approvals system:
Scheduler Approvals Updates
Added two new scheduler tasks in support of Approvals:
ACP ("Workflows") Gadget
CFR / IM - 3119: Added the ACP "Workflows" Gadget to the available Gadgets list for Resource Entry pages. See Gadgets.
The ACP Workflows Gadget allows users to specify and execute Workflows (created in the ACP product) on a ProVision Resource Entry page.
Working with the ACP Workflow Form
The ACP Workflow Form is a Gadget add-on connecting 6connect's ACP (API Composer Platform) with the ProVision interface to run Workflows.
See below for additional information on enabling and using the ACP Workflow Form.
Customers with an ACP license can select and add the "ACP Workflow Form" Gadget to a Section, containing fields to select the desired Workflow to Run, Title, and map input options. Multiple Forms may be added to a Section, in order to run additional Workflows or option settings. When complete, click "Save".
Once enabled, the Gadget will show on the resource page of the section type. Input the field data necessary for the Workflow, and click "Execute Workflow" to process the chain of workflow calls.
In this example, a "Customer Turn-Up" Workflow was selected (created in ProVision's ACP product) that performed six functions with one button click. The successful "Execute" for "Customer Turn-Up" created a new customer resource entry, assigned IPv4 and IPv6 blocks to them, created a DNS zone for the hostname, and lastly created 'A' and 'AAAA' records for the zone.
6connect ACP (API Composer Platform)
6connect ACP (API Composer Platform) is a separate plugin product that enables you to create and share API workflows via a graphical editor.
ACP & Workflows
With ACP, you can pull in data from multiple APIs and easily combine it into a new API endpoint – on the fly – with no code necessary, and share your setup using JSON for convenience or adding to a version control system.
In the example above, a "Customer Turn-Up" Workflow was created in ProVision's ACP product that chained together six ProVision API calls into one function.
When clicking "execute", a prompt displays requesting values for required inputs - such as the customer name for the newly created resource - before continuing.
Then, a successful "execute" creates a new customer resource entry, assigns both an IPv4 and IPv6 block to that resource, creates a DNS zone for the hostname, and lastly creates 'A' and 'AAAA' records for the zone.
For more information, see https://www.6connect.com/acp/. To schedule a demo, visit https://www.6connect.com/demo/ or send an email to info@6connect.com.
Linked IPs Gadget
CFR / IM - 3066: Added a "Linked IPs Gadget" to the available Gadgets list for Resource Entry pages. See Gadgets.
The Linked IPs Gadget lists IP blocks assigned to Linked Resources (via the Resource Linkage Gadget).
SAML Authentication Support
CFR / IM - 3137: Added support for SAML login, and authentication settings to Admin→Admin Settings→ Authentication Options. See the Authentication section under Admin Preferences.
SAML is a Single Sign On (SSO) authentication method that uses an external identity provider to authenticate a user at their first login, saving a token to the user's browser that is then used for subsequent logins, so that the user does not need to re-submit credentials.
SAML Setup
Before configuring SAML in ProVision, you must have an account set up with an Identity Provider (IdP) and ProVision users / groups set up in the IdP.
Set up the IdP
To use SAML authentication, you will need SAML set up for your instance with an Identity Provider (IdP), such as Microsoft ADFS, OneLogin, Elastic SSO, or others. You can view a list of available SAML IdPs at Wikipedia's SAML based products page.
Users and Permissions:
User credentials will need to be created and associated with ProVision permission group names via the IdP. All user creation, management and permissions handling occurs via the IdP, externally from ProVision.
Configure SAML in ProVision
ProVision setup for SAML is located in Admin →Admin Settings → Authentication Options.
Under SAML Configuration:
Enable SAML authentication by clicking the checkbox next to "Enable".
The following fields are required and will need to be obtained from the IdP:
- User Attribute(Required):
- Group Attribute(Required):
- IdP Metadata(Required):
Under SAML Service Provider Configuration:
- Sign logout request:
- Sign redirect request:
- Unencrypted Assertions from IdP Will be rejected:
- Private Key:
- Certificate (Required):
Links are provided below the configuration settings for the ProVision SP Metadata file in php and xml format, which will be needed to provide to the IdP.
You can test the configuration by clicking the "Test SAML Configuration" button, a new page will open giving health check information for your provided attributes.
SAML Login
Once the correct configuration has been established and users set up for SAML in the IdP, users will be able to use SAML logins.
Documentation Note:
Depending on the IdP used, some screens may appear different from what is shown here.
Initial Login:
The initial login process occurs for the first time a user logs in, and anytime afterwards if the browser token is not present (e.g., cookies are cleared from the browser, the browser closed, or a new browser is used).
From the ProVision login page, select SAML from the authentication options dropdown - you do not need to enter Username or Password.
You will be redirected to the IdP site as set up in the Admin Configuration - here, we are using Microsoft ADFS (Active Directory Federation Services).
Log into the IdP site using your SAML credentials, and click "Sign In".
If the sign in is successful, you will be logged into the ProVision home page.
Subsequent Logins:
After the initial login via the IdP (as long as the auth token is present) users will be able to login to ProVision simply by selecting the "SAML" options from the ProVision login page without entering credentials.
The auth token may be destroyed or not available if browser cookies have been cleared, a different browser used, or the browser fully closed, depending on security settings. In these cases, the user will need to sign in again via the IdP.
DUO Mobile Authentication Support
SEC-14 / IM - 3200: Added support for DUO Mobile authentication options to Admin→ Authentication Options. See the Authentication section under Admin Preferences.
To use DUO Authentication, an account must first be set up with DUO. Once an account is set up, obtain the Integration Key, Security Key, and DUO API Host name.
Enter those items into Admin→ Authentication Options → DUO Mobile Configuration, and click "Update" to save your changes.
Peering Communications Page
CFR/ IM - 3261: Added Peering "Emails" Sub-tab to the Peering Tab (Accessible to Global Admins). See Peering and Peering Emails.
The Peering "Emails" page associates a single company peering email account (such as peering@company.com) with your ProVision instance, creating a 'shortcut' email system to keep on top of the most recent peering requests while in ProVision.
Load, view, and reply to the most recent 3 days of emails received at that address, view requests sent from ProVision's Exchange Communications page, and process emails associated with ProVision Peers.
Freely trim down the ProVision 'Inbox' to keep only those emails on your short term ProVision To-Do list; 'deleting' ProVision emails only affects what messages are loaded into the ProVision instance - your original messages remain intact on your original email server.
The Peering→ Emails page is only accessible to Administrative users in the primary "Global Admins" User Group. Ensure that Peering Administrators using ProVision's Peering Emails area are included as members of that group for full access.
Additional Features / Improvements
DNSv3 Improvements
Multiple improvements have been made to DNSv3 areas:
- IM - 2500: Updated the DNS "Scheduled Push" interface to be more user-friendly
- IM - 3019: Added the ability to view/download the zone file to to Zone Details page
- IM - 3046: Added ability to select "Delete all zones" when deleting a DNS Group
- CFR/ IM - 3053: Added the ability to import Zone/Record information to an existing zone via a "Import File" button in the Zone Details page
- IM - 3054: Added additional fields to / support for S64x86 KNOT connector
- IM - 3062: Added individual "Push" buttons to the "Attached Servers" section in the Zone Details page.
- CFR/ IM - 3180: Added "Public IP" field to DNS S64 server types.
- IM - 3126: Added a permissions shortcut button ("Perms") throughout DNS, for quick CRUD permissions adjustments to specific DNS resources. Available to Admins only.
IM - 3202: Added "Advanced Settings Inherited by the Zones" to DNS Group Default Parameters. New zones created from the Group will also inherit the Advanced Settings fields as set from the group defaults.
Open the "Advanced Settings Inherited by the Zones" module by going to any DNS Group and opening the "Group Default Parameters".
The Advanced Settings module will be at the top of Default Parameters area. To expand it, click on the expansion arrow on the right side of the header bar.
Once expanded, settings may be entered for DNSSEC, Dynamic Updates, Master-Slave Handling, Lists, and free lines.
Save your changes!
Important - to ensure that your changes are saved, click the "Save Group Defaults" button under the Default SOA Values section - this save button will save any changes made to Advanced Settings, Default Nameservers, or Default SOA Settings.
For detailed information on DNS, see DNS Tab, Working with DNS Groups, DNS Zones Overview, Working with DNS Zones, and DNS Administration.
Scheduler Updates
New Scheduler Tasks
IM - 3104: Three new scheduler tasks have been added: Delete Archived Data, Approvals - Process Subscriptions, and Approvals - Delete events older than 1 month. See Scheduler Tab and Approvals.
Delete Archived Data
The "Delete old archived data" task removes data of the following types older than 30 days from your ProVision instance:
- Archived resources
- Logs
- System logs
- Statistics
Be sure to use care with running this task, to prevent accidental deletion of log data that may still be necessary for reference. It is typically recommended to run this task once every 1-3 months to reduce log data volumes.
Approvals - Process Subscription
The "Approvals - Process Subscription" task processes approval request events and handles the sending of notification emails to subscribed Approvals Groups.
If Approvals are in use with notifications, it is recommended to create this task with a run time of "every 5 minutes" and no end date.
Approvals - Delete events older than 1 month
The "Approvals - Delete events older than 1 month" task deletes any Approvals history events older than 30 days. It is recommended to run this task monthly to clear out obsolete approvals items and reduce approvals page load time.
Scheduler "Forever" Tasks Are Back
IM - 2422: "Forever" Tasks are once again able to be set in the Scheduler. See the Scheduler Tab documention.
To set a "Forever" task, just leave the "End Date" field blank when setting up the scheduler task.
IPAM Gadget Updates
The IPAMv2 Gadget has been updated to more closely match the functions available in IPAM Manage. See: Gadgets and IPAM Tab documentation.
- IM - 3144: Added Split, Merge, and Assign functionality to the IPAMv2 Gadget Action Menu.
- IM - 2155: Updated IPAMv2 Gadget Action Menu to correlate to IPAM Manage available actions and functionality, including multi-select.
Action Menu (right click) updates include the additions of Split, Merge, Assign, Unassign - Skip Holding, IP Rules, Templates, and Multi-block Edit.
To select multiple blocks in the IPAMv2 Gadget, left click on a single block, and the shift-click or cmd-click to select additional blocks. Once all desired blocks have been selected, right click to show the multi-block Action Menu.
Log Updates
IM - 3107: Added a color-coded "Chart View" to Admin Logs. See: Log.
To view the graphical chart version of Logs, click the "chart" toggle on the bottom right of the search fields. Each log event will be displayed as a color-coded box.
View log details by hovering the mouse arrow over an event box.
IPAM Regions Updates
IM - 3156: Updated IPAM Regions to support a Google Geocode API key setting (required for proper geolocation function of IPAM Maps). See: IPAM Tab and IPAM Parameters.
IM - 3214: Added Address validation if IPAM Maps is enabled, and a Google Geocode API key field setting has been provided.
Valid addresses (according to Google's API) will show a green check mark next to the address field, invalid addresses (unable to be mapped) will show a yellow exclamation mark.
Google Geocode API Key Requirement
Due to changes in Google's licensing and Geocoding API, the previous geolocation method used in ProVision is no longer supported. IPAM Regions now requires a Google Geocode API Key in order for IPAM Maps to properly determine a Region's location.
6connect is exploring adding additional map integration options for ProVision.
Any customers who require an alternative geocode option supported apart from Google Geocode API key, please contact us at feedback@6connect.com.
Applying a Google Geocoding API Key:
Step 1: Obtain a Google Geocoding API Key
To get a Google Geocoding API Key, follow the instructions listed here:
How to get a Google Geocoding API Key
Note: In order to obtain a Google Geocoding API Key, a company must have a subscription enabled to Google Cloud Platform Console.
Step 2: Assign the API Key to IPAM Regions
Once assigned a Google Geocoding API Key, paste the API key into the IPAM regions page under "Apply google geocode api key" and click the "Assign" button.
IPAM 'Advanced' Button
CFR - 143: The IPAM "Advanced" button has been brought back, by popular demand. See:IPAM Tab
The IPAM "Advanced" Button opens the IPAM Manage screen for all blocks, under all aggregates. See Working with IP Blocks for more information on working in IPAM Manage.
Bug Fixes/Minor Improvements
IM - 2524: Fixed minor console errors in the DNSv3 Server Settings page.
IM - 2657: Updated the default 'Router' Section to be a required Section, preventing deletion.
IM - 2668: Resolved a Scheduler calendar selector display issue where "End Date" would display as the day after the user provided value.
IM - 2948: Improved label display and behavior in the Dashboard IP Charts gadget.
IM - 2988: Updated Smart Browse to assign the next available single block for /32s and /128s, if the first block found meeting criteria is reserved via an IP Rule.
IM - 2998: Updated APIv1 IPAM Get Blocks call to better handle ONLY_FULL_GROUP_BY setting.
IM - 2999: The APIv1 IPAM Update 'tag' attribute has been updated to remove duplicate tags.
IM - 3025: DNSv3 now allows the last nameserver under "Group Default Parameters" to be deleted.
IM - 3031: Updated sample .csv links and page layout in the Admin → Data Import tab.
IM - 3035: Added an error message response when 'Name' and 'Code' fields are not provided when adding a new IPAM Region.
IM - 3041: The IPAM Configuration "Scanner Max Block Size" option is once again editable (API only feature).
IM - 3042: the Mask/Host field in Edit IPAM Columns / IPAM Manage has been disabled by default. It may be re-enabled at any time in IPAM Admin→ Edit Columns.
IM - 3044: Fixed an issue in the IPAM Gadget where the IPAM Edit Block modal would display partially offscreen while direct and smart assign modules were expanded.
IM - 3045: Added error messaging to IP Rules - Create New Rule if block positions have not been provided.
IM - 3047: Resolved an issue in IPAM Manage where the 'Merge' option was not updating properly after unassignment.
IM - 3055: Resolved a PowerDNS-SQL push connection issue.
IM - 3056: Added subassignable status (blue arrow display) to the IPAM Gadget address column.
IM - 3057: Added the ability to "clear" error alerts from DNS records and zones (Note: use with caution!).
IM - 3058: Fixed DNS record pagination on DNS Zone View pages.
IM - 3059: Updated the IPAM gadget to no longer erroneously show IP Aggregates/Split Parent blocks.
IM - 3061: Updated DNS Groups' Zone list individual push buttons to limit the push to the specific DNS Group.
IM - 3064: Minor bug fixes made to DHCP module creation.
IM - 3069: DNS "Add Server" IP/FDQN field will now be grayed out when using non FQDN/IP based services.
IM - 3094: Fixed an issue in IPAM Regions → Edit Regions list where the "Address" value would not save for newly created regions.
IM - 3095: IPAM Regions now checks for duplicate name values when creating a new IPAM Region.
IM - 3096: IPAM Admin → Subnet lists have been updated to check for valid values when adding a subnet.
IM - 3099: Improved error handling and messaging in the DNSv3 error monitor
IM - 3118: Removed extraneous border display from the DNS Gadget.
IM - 3121: Updated the Resource Linkage Gadget with minor interface changes, and for automatic reciprocal links.
IM - 3129: Revised DNS Error check messaging to be more informative.
IM - 3130: Resolved save issues with S64x86 DNS server types.
IM - 3133: Updated the IPAM Gadget and IPAM Manage Block Edit modals to restrict height to the visible screen area.
IM - 3134: Added DHCP Pool links to the IPAM Manage interface.
IM - 3139: Improved push handling of DHCP pools when a pool is duplicated to multiple DHCP groups.
IM - 3140: DNS Bind server settings "Freelines" field now correctly supports multi-line freeline entries.
IM - 3141: Resolved connection errors that would sometimes occur when clicking "Test Connection" with DynDNS servers.
IM - 3145: Fixed handling of Aggregate Locations/ map coordinates in IPAM Map.
IM - 3157: Resolved an issue in IPAM Manage where "Propagate to Children" would not propagate IPAM Tags.
IM - 3164: Added the parameter "assignedResourceId" for IPAM / DHCP direct assign to APIv1.
IM - 3179: Updated handling of Gadgets in the Resource Entry page when viewed in Edge /IE browsers.
IM - 3185: DNS Add Zone → Clone Zone option no longer prevents the clone if a record error exists in the zone.
IM - 3190: Users are no longer limited to 50 IPAM Tags in IPAM Admin. Add tags to your heart's content!
IM - 3191: When adding IPAM tags to a block in IPAM Mange "Edit Block", a scroll bar will now appear if over three lines of tags have been added.
IM - 3219: Improved LDAP authentication system.
IM - 3239: Truncated very long resource names appearing under the "Recent Assignments" area of IPAM Aggregates.
IM - 3242: Added informational message to the Peering→Sessions page if the user does not have sufficient permissions.