Release Notes 5.0.0 Jaglion V2

From SEPsesam
Revision as of 13:42, 2 June 2022 by Sta (talk | contribs) (Created page with "{{Copyright SEP AG en}} <!--{{note|SEP AG is pleased to announce the beta release of SEP sesam 4.4.3 ''Beefalo V2''. If you are interested in testing the beta version, please...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Copyright © SEP AG 1999-2022. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

What's new in SEP sesam 5.0.0 Jaglion

The new SEP sesam version 5.0.0 Jaglion V2 introduces SEP Immutable Storage, powerful Si3 NG now with encryption, and some UI improvements.

What's new

Fighting ransomware with SEP sesam Immutable Storage – SiS
SiS – SEP Immutable Storage

SEP Immutable Storage or SiS is a file storage feature resistant to ransomware attacks, based on Si3 NG on Linux. Even with full admin access to the SEP sesam backup server, attackers cannot delete, modify, or encrypt data stored on SiS. See more.

Backup to Azure

Backup your data directly to Azure Blob Storage and restore the items you want directly from there with Si3 NG. See more.

Encrypting Si3 NG Deduplication Store

Si3 NG encryption protects your data from unauthorized access and helps ensure compliance See more.

Powerful Deduplication Store for Different Storage Locations

Si3 NG boasts excellent performance and support for different storage locations. It requires a valid license. See more.

SEP sesam Community Edition

SEP sesam now offers a community edition. For more information, please contact SEP sesam sales.

Certificate-based authentication

Now it is possible to authenticate users via a signed certificate instead of a user password if a database-based authentication is enabled. Note that the users from external authentication sources (LDAP/AD) cannot be authenticated using a certificate (only by using a password). For details, see Configuring Certificate-Based Authentication.

Enhancements

Backup
  • Enforced FULL level backup if the backup was successful (on the client), but errors occurred during post-processing on the server side.
  • The new RHEV option -a use_virtioscsi allows disk attachment to data mover via bus type VIRTIO_SCSI, default is VIRTIO.
Restore
  • RHEV restore with overwrite now possible.
  • Fixed failed Oracle restore on older systems in combination with newer SEP sesam Server version.
Si3 NG
  • Improved security for encrypted Si3 NG store. The encryption password is no longer written to the INI file.
  • Corrected check of used space by SEP sesam for Si3 NG stores using S3 or Azure storage backend.

UI enhancements

While the look of the user interface has not changed significantly, we have made some subtle improvements to enhance the user experience. For example:

UI Modes
We have reduced the number of available UI modes (in the GUI) to two, so they are synchronized with the Web UI. You can select the appropriate UI mode: simple or advanced, under Configuration - > Defaults - > General. (The former advanced GUI mode is now replaced by simple mode, while the former expert mode is replaced by advanced.)

GUI-displayed UI mode.jpg

Enhanced Drive dialog
New settings are available in the New Drive dialog for drive type "DISK_STORE" to split channels according to the priority.
Select restore interfaces
Restore interfaces
You can select the Restore mode (restore interfaces) that are available for restore and displayed in the context menu. It is recommended to use the web-based Restore Assistant instead of the Legacy restore (deprecated) option, which refers to the GUI restore wizard.

License

SEP sesam software requires a valid license. For more information, see Licensing.

  • Version 5.0.0.9 introduces a check for the Si3 NG capacity so after an update from version Jaglion (5.0.0.[34]) to a new version the licensed deduplication storage may no longer be sufficient. This only affects customers who are already using Si3 NG deduplication store.
  • This license check does not affect customers with SEP sesam Volume License that does not count the backup storage.
  • License violation leads to 15 days remaining run time, during which the license issue must be fixed in either of two ways:
    1. The capacity of the used Si3 + Si3 NG stores must be fixed (SEP_DeDup_TB)
    2. Contact sales@sep.de and order a replacement license with the correct amount of backup storage TB. Then install it on SEP sesam Server (see Licensing FAQs).

New supported systems

SEP sesam Server 5.0.0.9 Jaglion V2 supports Windows 11. For new supported systems with previous Jaglion version, see Jaglion Release Notes. For a complete list of supported OS and databases, see SEP sesam Support Matrix.

Discontinued systems

No changes. For details on discontinued systems, see Unsupported OS. For a complete list of supported SEP sesam Clients, see SEP sesam Support Matrix.

SEP sesam Server requirements

Java

SEP sesam GUI is based on Java and requires a Java Runtime Environment (JRE). SEP sesam now supports Java 17. The required Java version depends on the SEP sesam version.

Installation and upgrades

  • SEP sesam Jaglion 5.0.0.9 was released on xx June 2022. A direct upgrade from versions 4.4.3.X to version Jaglion 5.0.0.9 is supported.
Information sign.png Note
You always have to update the SEP sesam Server first before updating the client software. For more information on the SEP sesam software updates, see Updating SEP sesam.

The latest released versions are:

  • SEP sesam 5.0.0.9 Linux Tux.gif – released: xx June 2022.
  • SEP sesam 5.0.0.9 Windows Win7.gif – released: xx June 2022.
Tux.gif Linux specific

In order to meet all required dependencies for the SEP sesam Client packages on SLES 15 SP1 or SP2, it may be required to activate the following package modules prior to SEP sesam installation:

Module-Basesystem
Module-Server-Applications
Module-Legacy

These modules are part of the installation DVD; in case no online subscription is available, they can be added via:

zypper ar dvd:/Module-Server-Applications DVD-Server 
zypper ar dvd:/Module-Basesystem DVD-BASE
zypper ar dvd:/Module-Legacy DVD-Legacy 

For details, see Installation on Linux. For a list of supported Linux versions, see the SEP sesam Support Matrix.

Win7.gif Windows specific
Installation
  • When installing SEP sesam Server on Windows, you can now choose to install a PostgreSQL database that is included with the SEP sesam installer (or use the SQLite that does not require a server to be set up and is used with SEP sesam by default). For details, see Installation on Microsoft Windows.
  • Upgrading from SQLite to PostgreSQL is currently not supported, except with the help of SEP support.
  • SEP sesam recommends the use of PostgreSQL for complex enterprise environments with many tasks, high performance expectations (due to PostgreSQL's ability to support multiple concurrent writers and read/write at fast speeds), and security and authentication requirements.

For a list of supported Windows versions, see the SEP sesam Support Matrix.

Upgrade
SEP sesam Server and Client components should be upgraded to the latest version during the upgrade process. This ensures that SEP sesam Clients are fully protected. Customers with a valid license are eligible for a free upgrade of SEP sesam to any new release for the duration of the license. See also Updating SEP sesam and Remote Installation of Windows Clients.

Post update task

Version 5.0.0.x uses the enhanced LIS file format, which increases performance at least 10 times. After updating to version 5.0.0.x, a new full vSphere backup should be performed to allow mounting and attaching VMDKs.

Previous release

Known issues and limitations

Information sign.png Note
Antivirus programs may disrupt network communication and cause SEP sesam processes, such as backup and replication, to fail. One program that is known to cause SEP sesam processes to terminate is Sophos Firewall with IPS (Intrusion Prevention System) enabled. Make sure that there are no antivirus, firewall, IDS or IPS programs preventing interaction with SEP sesam.
5.0.0 Jaglion known issues:

Severity: SECURITY

SEP sesam v. 4.4.3.70-5.0.0.4 – RCE vulnerability in Spring Framework running on JDK 9+
  • As reported by VMware (Spring Framework RCE, Early Announcement), two serious vulnerabilities have been found in Spring MVC and Spring WebFlux applications running on JDK 9+ that may lead to remote code execution (RCE). The specific exploit requires the application to run on Tomcat as a war deployment. To be vulnerable to the exploit, the application must be deployed as a war file in a standalone servlet container. The execution of an executable war file with an embedded container should not be affected by the vulnerability. However, as the nature of the vulnerability is more general, there may be other ways to exploit it. Even though SEP sesam does not ship any war files and is not executed as a servlet and is therefore not affected by this vulnerability, it uses Spring Core version 5.3.16 and will provide a fix in Jaglion V2 by integrating Spring Core version 5.3.18. For more details on the "Spring4Shell" vulnerability, see VMware vulnerability report CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+.
Resolution: Will be fixed with Jaglion V2. Newer sm_ui.jar files containing the fix are available on request for Beefalo and Jaglion V1. You can contact SEP support to get a newer version of sm_ui.jar.
SEP sesam v. 5.0.0.x – (Windows) STPD automatically disables the HTTPS port on Windows
  • (Applies only to Windows) The Sesam Transfer Protocol Server (STPD) automatically disables the HTTPS port if CPU instructions are missing due to unsupported AVX. Consequently, the TLS key and certificate cannot be created.
Workaround : Make sure that you use CPUs with supported AVX versions (AVX, AVX2 or AVX-512) as well as FMA3 (Fused Multiply-Add 3-operand Form) or FMA4 (Fused Multiply-Add 4-operand Form). For the list of supported AVX versions, see Advanced Vector Extensions.

Severity: MAJOR

SEP sesam v. 5.0.0.2-5.0.0.x – Linux backup silently skips a directory if .nosbc file is part of backup source
  • (Linux only) When backing up a backup source that contains one or more .nosbc files, a directory is silently skipped, but the backup is marked as successful. For example, if there is a backup source /data that contains /data/ds1/.nosbc, /data/ds1/pages/ and /data/ds1/trash/, then the pages/ or trash/ directories are not backed up. If a backup source does not contain a .nosbc file, all files are backed up successfully.
Workaround: Since sbc incorrectly excludes a directory from backup if a file .nosbc is part of the backup source, use the -o noexcl switch in the backup options (backup task properties, tab Options -> Backup options) when backing up a backup source with a .nosbc file.
Resolution: SEP is working on this issue and will provide a fix as soon as possible.
SEP sesam v. 5.0.0.3-5.0.0.4 – Hyper-V restore of Hyper-V RCT backup fails with error
  • When restoring a Hyper-V VM from a Hyper-V VM RTC backup under a new VM name, the restore fails with an error: Failed to read metadata file.
Resolution: SEP is working on this issue and will provide a fix as soon as possible.
SEP sesam v. 5.0.0.4 – SharePoint backup fails because browsing via SharePoint VSS writer does not return any objects
  • SharePoint backup fails because browsing via SharePoint VSS writer does not return any objects. This is due to an issue that the SharePoint Services Writer is missing from the writers list.
Resolution: Will be fixed with the next version.

Severity: NORMAL

SEP sesam v. 5.0.0.x – Backup of SEP sesam client version 5.0.0 to SEP sesam Server version 4.4.3.x fails with "XBSA: Perform: curl error 55: Failed sending data to the peer"
  • If package updates are installed on SEP sesam Clients during the regular update before SEP sesam Server is updated to the same version as the clients, the backup may fail with the message "XBSA: Perform: curl error 55: Failed sending data to the peer"
Resolution: Update the SEP sesam Server to the same version installed on the clients. Note that you always have to update the SEP sesam Server first before updating the client software.
SEP sesam v. 5.0.0.3-5.0.0.4 – New Hyper-V RCT backups do not support single file restore (via VFS mount)
  • As of 5.0.0 Jaglion, SEP sesam uses Resilient Change Tracking (RCT) by default for Hyper-V backups on Windows Server ≥ 2016 (Hyper-V VM ≥ 6.2). Single file restore (VFS mount) is currently only supported for VM Hyper-V backups without RCT option (old approach with VSS snapshots creating .avhdx files instead of the new Resilient Change Tracking). The new RCT backups have a 'RCT' attribute and the mount option is not shown. For older backups without the 'RCT' attribute, the mount option is available.
Workaround: When restoring a Hyper-V RCT backup, perform a regular VM restore of the virtual machine as described in Restoring a Hyper-V virtual machine.
Resolution: SEP development is working on a single file restore via mount for Hyper-V RTC backups and will implement it as soon as possible.
SEP sesam v. 5.0.0.3-5.0.0.4 – Hyper-V restore fails, if the data store path from the original VM does not exist on the target server
  • Hyper-V restore fails with error Warning: Cannot create item [D:\]: [87] WIN32 API error: 87 - The parameter is incorrect., if the data store path from the original VM does not exist on the target server, regardless of whether the default Hyper-V folder for VMs is used or an existing data store path is set. The original path is always used.
Resolution: SEP is working on this issue and will provide a fix as soon as possible.

Severity: MINOR

SEP sesam v. 5.0.0.x – Proxmox VE backup does not work with the client name as plain IP address
  • If the node added to the SEP sesam environment is not set up correctly and an IP address is used as the client name instead of the client's hostname matching the hostname returned by the Proxmox server, the backup fails.
Resolution: This problem can only be solved by correctly configuring the Proxmox clients in the SEP sesam environment. For more details on configuring the client name correctly, see Proxmox VE Backup: Adding the Proxmox server (and nodes) to the SEP sesam environment.
SEP sesam v. 5.0.0.x – Kopano backup containing non-ascii characters fails to create index, but backup is marked as successful
  • A Kopano backup containing non-ascii characters results in the error UnicodeEncodeError: 'ascii' codec can't encode character... Consequently, the mail subject index cannot be created, but the backup is marked as successful.
Resolution: The index problem can only be fixed by creating the correct locale:
#vi /etc/locale.gen and then enable de_DE.UTF-8 UTF-8
#locale-gen
SEP sesam v. 4.4.3.86–5.0.0.x – Initial Seeding functionality temporarily removed
  • As using the Initial Seed option to set up a new Si3 deduplication store for replication resulted in an apparently successful setup, but no data was replicated, the Initial Seeding functionality is no longer available in version 5.0.0.x. It is not yet known whether it will be available again in the future.

}}

End of maintenance and support

Obsolete SEP sesam Server versions

The following versions of SEP sesam are no longer supported:

Discontinued SEP sesam Server OS

The following table lists the last supported version of SEP sesam for specified operating systems. You can continue using the last supported version of SEP sesam on these operating systems, but SEP AG no longer provides updates or fixes for the specified versions.

SEP sesam Release Versions

Operating system Last supported version Release Notes
SLES 11 SP2, SP3, SP4 4.4.3.x Beefalo V2, see notes 4.4.3 Beefalo V2 SEP announced that it would no longer support SLES 11 SP2, SP3, SP4 with SEP sesam Beefalo, but has re-established support for Beefalo V2, where all SEP sesam Beefalo V2 packages (Server, Client, etc.) can be used. However, Beefalo V2 is the last supported SEP sesam release for SLES 11 SP2, SP3, SP4 .
Windows Server 2008 R2 4.4.3.x Beefalo V2, see notes 4.4.3 Beefalo V2 SEP announced that it would no longer support SEP sesam Server on Windows Server 2008 R2 with SEP sesam Beefalo, but has re-established this support already in Beefalo. This actually means that the last supported SEP sesam Server release for Windows Server 2008 R2 is Beefalo V2.
Ubuntu 16.04 4.4.3.84 Beefalo V2 4.4.3 Beefalo V2
RHEL 6 4.4.3.64 Grolar 4.4.3 Grolar
Debian 8 »Jessie« 4.4.3.64 Grolar 4.4.3 Grolar
Debian 7 »Wheezy« 4.4.3.64 Grolar 4.4.3 Grolar Version 4.4.3.64 only available for sesam-cli on amd64
Windows Server 2008 4.4.3.64 Grolar 4.4.3 Grolar
Windows 7 4.4.3.64 Grolar 4.4.3 Grolar
Ubuntu 14.04 4.4.3.48 Tigon V2 4.4.3 Tigon V2
All 32-bit operating systems 4.2.2.40 4.2.2 For some operating systems SEP sesam client is still available in 32-bit.
SLES 10 4.2.2.40 4.2.2
RHEL 5 4.2.2.40 4.2.2
Debian 6 »Squeeze« 4.2.2.40 4.2.2 sesam-cli also available in version 4.4.1.22
Windows Server 2003 4.2.2.40 4.2.2
Debian 5 »Lenny« 4.2.1.34 4.2.1
SLES 11 ≤ SP1 4.2.1.34 4.2.1 Initial SLES 11 Release and Servicepack 1


Major fixes and changes

See also

SEP sesam Release Versions