Note
We have included a security patch in version 21.2.1; therefore, version 21.2.0 is not released, and 21.2.1 is made available directly.Common Gateway Security Fixes
Google Chrome Security Update
OpsRamp has updated Google Chrome to 149.0.7827.103 in Gateway version 21.2.1, addressing 429 security vulnerabilities across components such as ANGLE, extensions, and media subsystems. These include critical memory safety issues, such as use-after-free and out-of-bounds flaws, which could lead to remote code execution or sandbox escape. This update strengthens overall gateway security and reduces exposure to potential exploits.
For the above security fix,
- If you are planning to upgrade to version 21.2.1, no action is required. The patch will automatically update the package.
- If you are not upgrading to 21.2.1, you must manually update the package using one of the following methods:
- For NextGen Gateway, see Update Instructions page.
- For Classic Gateway, see Update Instructions page
Cloud Kernel Security Update
OpsRamp has updated the cloud kernel packages to a secured version as part of Gateway version 21.2.1, addressing known vulnerabilities in the Linux kernel used in GCP environments. This update enhances the security and stability of your gateway infrastructure on Ubuntu 22.04 by reducing exposure to potential exploits while maintaining reliable performance.
Common Gateway Bug Fixes
Enhanced Gateway Upgrade Visibility
OpsRamp Gateway now provides improved activity tracking for Classic Gateway and NextGen Gateway upgrades. You can view prechecks and upgrade stages in real time from the OpsRamp interface. This visibility helps you identify and resolve upgrade issues faster.
This release also standardizes upgrade workflows. It consolidates activity logging and replaces legacy background jobs with scheduled updates to improve reliability, transparency, and security.
Classic Gateway Bug Fixes
Improved NTP Server Validation in Gateway Web Console
OpsRamp fixed an issue in the OpsRamp Gateway web console where valid Network Time Protocol (NTP) server entries were rejected with an “Invalid NTP entry” message during save operations. This issue prevented the system from saving NTP settings.
The updated validation logic now accepts both Internet Protocol (IP) addresses and domain names, including multi-segment hostnames. With this fix, the system saves NTP configuration correctly and time synchronization works as expected.
Enhanced Virus Definition Alerting for Gateways
OpsRamp fixed an issue where the platform did not generate Alert notifications when ClamAV virus definitions became outdated. This issue occurred because the AppArmor profile blocked the ClamAV freshclam process from running alerting hooks when updates failed.
OpsRamp updated the AppArmor configuration so alerting scripts run correctly during installation and upgrade. With this fix, you receive Alert notifications when virus definitions are outdated, which improves visibility into gateway antivirus health.
Reliable Antivirus Service Management for Classic Gateway
OpsRamp now manages the ClamAV freshclam service automatically so the service state matches your antivirus configuration.
The clamav-freshclam service starts automatically during gateway installation or reboot when antivirus Alert notifications are enabled. It stops automatically when antivirus is disabled.
This change fixes an issue where the service was not enabled on some gateway installations. It ensures consistent antivirus updates and Alert generation without manual intervention.
NextGen Gateway Enhancements
Ability To Reset Gateway Admin Credentials from OpsRamp Portal
You can now reset gateway-admin credentials for OpsRamp Gateway directly from the OpsRamp portal by using the Collector Profiles Details screen. This enhancement removes the need for host-level access.
This feature supports only ISO-deployed gateways. It performs a cluster-wide reset by using a Kubernetes DaemonSet that runs a host-level script to reset the password and enforce a password change at next login.
See Reset gateway-admin Credentials from OpsRamp page for more details.
Ability To Preserve Elastic Collector Profile Configuration During Gateway Appliance Upgrade
You can now preserve and restore Elastic Collector Profile configuration during a Gateway Appliance upgrade. This enhancement removes the need to manually rebuild replica topology and Resource distribution.
You can export the configuration before upgrade and import it into the new gateway after upgrade. This process helps maintain consistent workload distribution with minimal upgrade impact.
WebProbe and Synthetic Monitoring Support on ARM64
OpsRamp NextGen Gateway now supports WebProbe and Synthetic Monitoring on ARM64 deployments.
On ARM64 platforms, Chrome and Edge are not supported. If you select either browser, the gateway uses Chromium in the background. Some synthetic scripts or actions can behave differently in this mode. Validate your scripts when you run them in ARM64 environments.
Updated Default Redis Resource Limits
Starting in OpsRamp Gateway 21.2.1, the default Redis resource limits are updated to improve stability and resource utilization.
Redis is now configured with the following limits:
- CPU: 750m
- Memory: 768Mi
You can increase these limits based on workload requirements, such as the number of SDK devices configured on the gateway.
See Modify Redis Memory Limits page for more details.
Enable Centralized Load Balancing for NPM collector
OpsRamp NextGen Gateway 21.2.1 introduces a single load balancer controller for Network Performance Monitoring (NPM). This controller uses a centralized virtual IP address to process NPM traffic through a dedicated load balancer controller pod.
This enhancement improves scalability by distributing traffic automatically across NPM collector pods. It also supports autoscaling based on traffic load.
This enhancement applies only to NPM workloads and does not affect existing gateway services or user interfaces. To use this feature, configure an additional MetalLB virtual IP address for NPM traffic and enable the feature during installation or upgrade.
See Configure Single Load Balancer Controller for NPM page for more details.
NextGen Gateway Bug Fixes
Ensure Reliable Heal Alert Generation on NextGen Gateway
OpsRamp fixed an issue where heal Alert notifications could be missed on NextGen Gateway during ungraceful pod or node shutdowns, such as unexpected restarts or power interruptions.
OpsRamp Gateway now persists Alert state more reliably. Triggered Alert notifications are now followed by corresponding heal notifications after recovery. This improvement maintains consistent alert-to-heal transitions across restart scenarios.
Classic Apps Enhancements
Enable Interface Alias Filtering in MetricsQL
Simple Network Management Protocol (SNMP) network interface metrics now support the ifAlias label. You can use this label in MetricsQL queries to filter interfaces by human-readable alias names. This enhancement improves visibility for critical interfaces in dashboards and Alert workflows.
Display Virtual Disk Provisioning Details for Virtual Machines
You can now view virtual disk (vDisk) details for virtual machines discovered through vCenter or standalone host integrations. This enhancement displays the disk name and provisioning type (Thin or Thick), which helps you understand storage allocation for each virtual machine.
Display vCenter Folder Information for Virtual Machines
You can now view vCenter folder information for virtual machines. This enhancement displays the associated folder path or name for each virtual machine, which gives you better context for managing VMware Resource grouping by application, environment, or business unit.
Enable Instance-Specific Credential Mapping for Database Monitoring
You can now specify credential names in configuration parameters to map credentials to individual database instances. This mapping ensures that each instance uses the correct credential during authentication.
You can define instance-level credential mapping by using the instance, port, and credential format.
This enhancement helps prevent failed logins and avoid account lockouts in multi-instance environments.
Supported databases include MySQL, PostgreSQL, MSSQL, and Oracle.
Relate Datastores to Underlying Storage Volumes
You can now view world wide name (WWN) information for datastores discovered through VMware vCenter or standalone hosts. This enhancement displays datastore WWN as a custom attribute and improves visibility into underlying storage mappings and dependencies.
Classic Apps Bug Fixes
Enhanced SSL Handling and Session Management for UCM Monitoring
Secure Sockets Layer (SSL) verification is now enforced at the individual device connection level instead of globally. Each device now follows its own SSL configuration independently.
Session validation now detects and recreates expired or invalid sessions before reuse. This change prevents session-related errors and improves monitoring reliability.
These enhancements improve security, connection stability, and overall UCM monitoring performance.
Support Datastore Capacity and Usage Metrics for Standalone Host
OpsRamp now supports missing datastore capacity and usage Metric data for VMware standalone host datastores.