Release Note: BIG- IP LTM and TMOS 1. Security. BIG- IP External Crypto- offload (early access)This release provides early access to the ability to leverage SSL Crypto operations from one BIG- IP system to other BIG- IP systems, offloading cryptographic operations to an external system (a crypto provider). For example, this feature allows an LTM VE instance (the crypto client) to offload RSA operations to an external BIG- IP system with RSA hardware acceleration (the crypto provider). Latency compression selection strategy. This release introduces a new default compression selection strategy, Latency, which favors the latency of compression providers and delays selection of a provider until data arrives. This strategy helps to better distribute the workload placed on each provider. New installations of 1.
Upgrading to 1. 1. For more information, see SOL1. New latency compression strategy and compression provider selection method. OCSP stapling with certificate status caching. OCSP stapling is the process in which a TLS server (acting as the OCSP client) interfaces with the OCSP server for a valid revocation status of its TLS certificate, and . The TLS client receives the stapled OCSP response and verifies the signature, validating the TLS server's certificate. This feature improves certification response time, and helps protect the identity of the client. SSL RSA Root Certificate support in hardware. Due to their ability to provide downstream validation of intermediate certificates, SSL Root Certificates require extra protection. As a result, most new CA Root Certificates are moving to larger key length (4 KB); however this can results in a performance hit. Adding support for SSL RSA Certificates in hardware, along with SSL Keys, provides protection and improves performance. STARTTLS for LDAPSTARTTLS is an extension to plain text communication protocols. This feature offers a way to upgrade a plain text LDAP connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication. Appliance Mode improvements. Content published by Christian Longstaff about Microsoft Azure Essentials - Fundamentals of Azure. 486 Views, 1 Like on Docs.com. Improve boot up time Run a free scan to diagnose your PC and identify the system boottle necks slowing you down. Dear APMG Candidate, Recently you received an email stating that a mandatory update is required in order for your exam to be finalized. In order to proceed, download. 860VAE Series Integrated Services Routers. Cisco 880VA Series Integrated Services Routers combine increased network performance with advanced security to.Appliance Mode provides the ability to lock- down the BIG- IP system, reducing the attack surface and points for exploit. This functionality can make it difficult for 3rd party components that are not fully integrated into the BIG- IP system, for example, those that utilize TMSH commands. These commands are now included to improve configuration, setup, and troubleshooting. Enhanced system authentication methods for LTM BIG- IPUtilizing APM, this release provides enhanced LTM System Authentication for the different methods: LDAP, RADIUS, Local User, TACACS+ to deliver a richer set of options such as AAA, fail- back, and dual- authentication. IPFIX over TLS, over TCPIPFIX over SSL/TLS provides the ability to encrypt the logging information that is sent offbox to a logging destination. Enhanced user access control. This release adds granularity to BIG- IP access control. For any BIG- IP user, a BIG- IP administrator with the appropriate user role can now grant user access to multiple administrative partitions (instead of access to one or all only), and can assign multiple user roles to the user, one for each partition to which the user has access. When you remove a product using the kavremover tool, license information is also removed. Make sure you have the license key or the activation code stored elsewhere. Scroll down for Load balancing & ADC information including Free Trials, Expert Videos & Webinars, How-To’s, Product Reviews, Case Studies and Technical Articles. Hardware/platform support/maintenance. DSCP mapped to eight hardware Co. S queues on egress. This release provides support for traffic being prioritized and dropped selectively using Differentiated Services Code Point (DSCP), based on a limited number of traffic classes that are mapped to eight user- configurable Class of Service (Co. S) priorities on egress. This feature is supported only on these platforms: VIPRION B2. VIPRION B2. 15. 0 blade, VIPRION B2. VIPRION B4. 30. 0 blade, BIG- IP 1. Series platform, BIG- IP 7. Series platform, and BIG- IP 5. Series platform. Disk erase on SSD and HDD platforms. This release now provides end users with the ability to perform a single pass/zero write disk erase operation of solid- state disk (SSDs) drives and hard disk drives (HDDs). For more information, see SOL1. Using the 'Security Erase Unit' ATA command to perform a disk erase for SSDs and HDDs, available at support. BIG- IP 2. 00. 0/4. Series appliance platforms L2 enhancements. This release introduces enhanced L2 support, including these features on the BIG- IP 2. STP (Spanning Tree Protocol), LLDP (Link Layer Discovery Protocol), ARL (Address Resolution Table), and enhanced Traffic Management Shell (tmsh) Layer 2 Forwarding table commands. IPv. 6 support in e. PVA (requires 1. 1. HF5)The 1. 1. 6. 0 HF5 release features support for IPv. PVA for the VIPRION B2. UC- APL certification. This release includes features that support UC- APL (Unified Capabilities Approved Product List) certification requirements, including: smart card (CAC) authentication to the management interface, configurable banners for confidentiality, FIPS 1. SSL/TLS key requirements, and Appliance mode for DISA/STIG. System support for multiple hardware (FPGA bitstream) profiles. This release adds system support that enables users to choose from two different available hardware (FPGA firmware) profiles based on provisioning: standard balanced performance profile and an L4- optimized performance profile. This feature is currently available only on the VIPRION B2. C2. 20. 0 chassis. Traffic group limit increased from 1. This release supports a maximum of 1. Sync- Failover device group. Earlier releases supported a maximum of 1. General Functionality. Object move and rename (early access)This release provides early access to the feature that enables move/rename of specific BIG- IP object types, such as virtual servers, virtual addresses, pools (implicitly moves pool members), nodes, monitors, profiles, i. Rules, i. Apps, device names, self IP addresses, i. Call, and folders. Note that this functionality is not provided for VLANs or Partitions. L7 Policy Matching Enhancements. This release provides a variety of enhancements to L7 policy matching (CPM). Cubic and Westwood+ congestion control. This release adds the Cubic and Westwood+ congestion control algorithms. Early retransmit. This release introduces support for an experimental RFC to recover lost segments quickly. Dynamic TCP tuning. Modification of TCP profile parameters via i. Rules. Tail loss probe. This release contains an enhancement to reduce the impact of retransmission timeouts (RTO) on web transactions. TCP profile redesign. This release provides a redesign of the TCP profile page, to enhance usability. FIX protocol- based routing together with low latency. FIX data that is available in the first 2. Sender. Comp. ID. Performance L4 virtual servers can extract application data to make the traffic management decisions. Once the decision has been made, the flow is moved to the e. PVA for low- latency TCP- based data transfer. Adaptive response time monitoring. This release provides Adaptive response time monitoring, which measures the amount of time between when the BIG- IP system sends a probe to a resource and when the system receives a response from the resource. It adds an extra dimension to existing monitor capabilities. Use adaptive response time monitoring to enhance server utilization under heavy load and to optimize moderately configurable web applications that are served by servers with limited capacity. Populate pools by FQDNThis release includes the ability to configure a BIG- IP system with nodes and pool members that are identified with fully- qualified domain names (FQDNs). When configuring pool members with FQDN, addresses dynamically follow DNS changes. Fully dynamic DNS- managed pools may even be created. Device Trust Group on the Device Management Overview page. The Device Management Overview page in the BIG- IP Configuration utility now reports the status of the special trust device group, which contains all devices in the local trust domain. This new status on the Overview page can help users troubleshoot and resolve sync issues, which are sometimes caused by device trust not being properly established. IPFIX support with i. Rules. Ability to use i. Rules to generate log messages encoded in IPFIX/Net. Flow format, containing standard and custom Information Elements. Support Alert Functionality. The new alert system aligns with and is part of the Unified Logging Infrastructure, with its configuration officially part of standard MCP schemas/CMI/DG, and so on, so that alerts can be raised for any message that originated in the system that is potentially destined for any/all endpoints, including offbox destinations. Net- SNMP Upgraded to Version 5. The Net- SNMP software on the BIG- IP system is now upgraded to version 5. Kernel Upgraded to Red. Hat 6. 4 Version. The kernel on the BIG- IP system is now upgraded to Red. Hat 6. 4 version 2. HTTP 2. 0 (experimental) Profile. Local Traffic functionality now includes an HTTP/2 profile type that you can use to manage HTTP/2 traffic, improving the efficiency of network resources while reducing the perceived latency of requests and responses. The Local Traffic HTTP/2 profile enables you to achieve these advantages by multiplexing streams and compressing headers with Transport Layer Security (TLS) or Secure Sockets Layer (SSL) security. Note that subsequent versions of the HTTP/2 protocol might be incompatible with this release. The HTTP 2. 0 specification is currently in a draft phase (draft 1. SPDY 3. 1. This release supports SPDY version 3. Check functionality improves monitors scalability. In this release, the BIG- IP system includes new i. Check functionality, which improves scalability of FTP, SMTP, POP3, and IMAP monitors. For example, FTP monitoring provides a 6. Additionally, i. Check functionality provides smoother performance characteristics as monitors approach full capacity. For example, F5 Networks tested 6,0. High performance SIP proxy. In this release, you can use the BIG- IP system as a Session Initiation Protocol (SIP) proxy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |