ZXTM 4.0r2 -> 3rd March 2006 ============================ ZXTM 4.0r2 is a minor revision of the ZXTM product family, containing some important bug fixes. You are recommended to upgrade as soon as possible to take advantage of the improvements. Program Alterations and Bug Fixes since 4.0r1 --------------------------------------------- * Fixed an issue where a malformed HTTP request could cause a ZXTM process to hang or crash. * Fixed memory leak when using some XML TrafficScript functions. * When editing a TCP transaction monitor the 'write_string' key no longer disappears. * The 'Reboot' button now functions correctly on all platforms. * It is now possible to manage Pools that use the Weighted Round Robin load balancing algorithm using the SOAP API. * Access Logging and the Admin Server Connections page now correctly report the HTTP status code. * Fixed an issue where under certain circumstances traffic was sent to Nodes that a monitor has marked as failed. This could cause unnecessary alerts to be sent. * connection.sleep(0) now returns straight away rather than sleeping forever. * Multicast messages (used for Traffic IP Groups) are now sent over all networks even if there is a management network configured. This behaviour can be altered using the "flipper!use_bindip" key on the Global Settings UI page. ZXTM 4.0r1 -> 18th November 2005 ================================ ZXTM 4.0r1 is a minor revision of the ZXTM software, released only as part of the ZXTM Appliance. Program Alterations and Bug Fixes since 4.0 ------------------------------------------- * Backups from earlier versions of ZXTM that are uploaded to the UI will be automatically upgraded. * Fixed problem with bandwidth restrictions when applied in a Service Protection rule. * Improved universal session persistence; it can now be used fully in response rules. * Improved performance on ZXTM appliance series when IP Transparency is not being used. * Extra validation on forms in the web-based user interface. ZXTM 4.0 -> 20th October 2005 ============================= ZXTM 4.0 is a major revision of the ZXTM product family, containing a large number of performance and functionality improvements, and many stability improvements and bug fixes over previous releases. You are recommended to upgrade when convenient to take advantage of the changes. Platform Availability for ZXTM 4.0 ---------------------------------- * Linux (x86, IA64, x86_64) * Solaris (SPARC, x86, x86_64) * FreeBSD (x86) Key new features in 4.0 ----------------------- - HTTP Content Caching ZXTM 4.0 includes a full HTTP Content Cache for web content. Common web responses are cached locally, and ZXTM can respond to subsequent requests directly, thus reducing the load on the server nodes and improving the performance of the hosted HTTP services. ZXTM's Content Cache fully supports RFC 2616 Cache-Control and Vary headers as well as legacy Expires headers. Fine-grained control of the cache can be achieved using the new http.cache.* TrafficScript functions, and Differentiated Caching allows a TrafficScript rule to manage multiple variants of the same response. Content Caching is an optional ZXTM feature. - IP Transparency IP Transparency ensures that ZXTM perserves the IP address of the remote client when forwarding requests to a back-end server. Without this capability, the request appears to originate from the ZXTM machine. IP Transparency can be selectively controlled by TrafficScript. A TrafficScript rule can use the request.setRemoteIP() function to spoof the source IP address of a request, for example, when an upstream proxy does not preserve the source IP address. IP Transparency is only supported on the ZXTM 2000, 5000 and 7000 Appliance series. - ZXTM Control API The ZXTM Control API is a standards-conformant SOAP-based API that makes it possible for other applications to query and modify the configuration of a ZXTM cluster. For example, a network monitoring or intrusion detection system may reconfigure ZXTM's traffic management rules as a result of abnormal network traffic; a server provisioning system could reconfigure ZXTM when new servers came online. The ZXTM Control API can be used by any programming language and application environment that supports SOAP services. The ZXTM Control API is available on all ZXTM software and appliances. It is not available on ZXTM LB software or appliances. - RuleBuilder The RuleBuilder has been significantly improved, and several conditions and actions have been added. The RuleBuilder is a visual interface that make it easy to construct TrafficScript rules. - Configuration Audit Log All configuration changes, whether via the ZXTM Admin Server or via the ZXTM Control API, are recorded in an internal Audit log for later inspection. - Configuration Backup Management Backup Management allows the ZXTM administrator to save, restore and compare various versions of the ZXTM's configuration. Configuration Backups can be exported and imported. - Dedicated Management Port ZXTM can be configured with a dedicated management port so that all management traffic is restricted to a single, dedicated management network. Note that Linux 2.6 kernels earlier than 2.6.12 do not correctly handle management port traffic. - Bandwidth Management ZXTM can impose bandwidth controls on request traffic to the back-end server nodes, either on a per-pool basis, or using the new request.setBandwidthClass() TrafficScript function. Bandwidth Management is an optional ZXTM feature. - TrafficScript Type of Service functions The new request.setToS() and response.setToS() TrafficScript functions can be used to set the Type-of-Service flags in the IP header of requests and responses managed by ZXTM. Other changes in 4.0 -------------------- - Recent Connections list The Connections report in the Activity Monitor now reports recently completed connections as well as current connections. - Session Persistence Cookies ZXTM now encrypts all session persistence cookies. - Cluster Diagnosis ZXTM's problem diagnosis has been extended, and ZXTM can identify and accurately report a wider range of cluster-related problems. - Other new TrafficScript functions http.redirect() can be used in request and response rules to succinctly send a redirect response to a remote client. http.getMultipartAttachment() makes it easier to parse incoming HTTP requests that contain Multipart body data. http.getRawQueryString() returns the querystring from the HTTP request without applying any URL unescaping. - Traffic IP Groups The new 'keeptogether' setting ensures that all IP addresses in a Traffic IP Group are raised on the same ZXTM traffic manager. This is useful when using IP Transparency in an Active-Standby configuration. ZXTM 3.1 -> 24th February 2005 ============================== Platform Availability for ZXTM 3.1 ---------------------------------- * Linux (x86, IA64, x86_64) * Solaris (SPARC, x86, x86_64) * FreeBSD (x86) ZXTM Load Balancer ------------------ ZXTM is now available in a Load Balancer edition, which shares the core technology with ZXTM, but has a feature set suitable for simple Load Balancing, rather than advanced Traffic Management. Contact sales@zeus.com for more information. Other changes in 3.1 -------------------- - SSL SSL performance on Linux IA64 has been improved. TLS 1.1 is now supported, although it is turned off by default. Use the Global Settings page to enable it. - Bandwidth management FTP data connections are now assigned to the configured bandwidth class. - TrafficScript Response rules can now use the http.request.get() and http.request.post() functions. http.request.get() and http.request.post() now provide access to the full HTTP headers returned. http.request.get() and http.request.post() can now perform SSL requests. Service level monitoring and bandwidth classes can now be set using the TrafficScript RuleBuilder. - User Interface The timeout control for the user interface is now configured per group, so different classes of users can have different timeout settings. Individual data points on the Current Activity page can now be examined by moving the mouse pointer over the graph. If you have a large number of virtual servers, the main page will now offer the choice of sorting them by name or port. The status applet can now be detached from the main user interface, which allows it to be used as a separate monitoring tool. Extra system information is now shown on the user interface, as well as the ability to reboot a machine remotely by an admin. The Config Summary page now displays more information, such as which Bandwidth classes are used. ZXTM 3.0 -> 9th December 2004 ============================= Platform Availability for ZXTM 3.0 ---------------------------------- ZXTM 3.0 can be installed on the following platforms: * Linux (x86, IA64, x86_64) * Solaris (SPARC, x86) * FreeBSD (x86) Key New Features in 3.0 ----------------------- * Service Level Monitoring ZXTM monitors response times from back-end nodes, and can alert the system administrator when the responses times fall below a configured threshold. Service Level classes are assigned to virtual servers, and can be changed on the fly for individual connections using TrafficScript. TrafficScript can also be used to monitor Service Level classes and take proactive action when a class fails to meet its target. The Activity Monitor can provide real-time graphing of Service Level performance. New TrafficScript functions for Service Level monitoring: connection.setServiceLevelClass() - Set the class for a connection connection.getServiceLevelClass() - Get the class for a connection slm.conforming() - Get the percent of connections that meet the response time target slm.threshold() - Get the threshold for the percent of connections that need to to conform to mark the SLM as ok slm.isOK() - Find out if a Service Level is being met This optional feature is enabled via the license key. * Bandwidth management ZXTM can enforce bandwidth limits on particular services or individual request types. Bandwidth classes can be assigned on a per-request basis using TrafficScript. New TrafficScript functions for Bandwidth management: connection.setBandwidthClass() - Set the class for a connection connection.getBandwidthClass() - Get the class for a connection Bandwidth measurements are propagated between ZXTM machines to ensure total bandwidth is managed across the cluster. This optional feature is enabled via the license key. * Session Persistence Session persistence information is now configured in separate classes that are assigned to individual pools. Session persistence classes can also be assigned to individual connections using TrafficScript. Session Persistence classes can be shared between multiple pools, which can be used to provide seamless transfer of clients between virtual servers (for example, from HTTP to HTTPS sites) with no loss of session information. New TrafficScript functions for Session persistence: connection.setPersistence() - Set the persistence method for a connection connection.getPersistence() - Get the persistence method for a connection connection.setPersistenceKey() - Set the data used to key the universal persistence algorithm Session persistence mappings are propagated between ZXTM machines to ensure sessions remain persistent even after a failure in a ZXTM machine. * TrafficScript improvements Response Rules -------------- TrafficScript rules can now run when a response is received. This allows ZXTM to execute TrafficScript rules which alter responses, (response rewriting, modification of HTTP headers), or even discard an unacceptable response and retry the request against a different node. New TrafficScript functions for response rules: response.get() - Get the response data response.getLength() - Get the amount of data in the response response.getLine() - Get a line from the response data response.set() - Set the response data response.append() - Append to the response data response.close() - Close the connection to the back-end node response.flush() - Send response data to the client response.getRemoteIP() - Get the IP address of the back-end node response.getRemotePort() - Get the port of the back-end node response.getLocalIP() - Get the IP address connected to the node response.getLocalPort() - Get the port used to talk to the node http.getResponseBody() - Get the HTTP response body http.setResponseBody() - Set the HTTP response body http.getResponseHeader() - Get an HTTP response header http.responseHeaderExists() - Test if an HTTP response header exists http.setResponseHeader() - Set an HTTP response header http.removeResponseHeader() - Remove an HTTP response header http.scrubResponseHeaders() - Send only certain response headers http.getResponseCookie() - Get an HTTP response cookie http.setResponseCookie() - Set an HTTP response cookie http.removeResponseCookie() - Remove an HTTP response cookie http.getResponseCode() - Get the HTTP response code (e.g. 200) http.setResponseCode() - Set the HTTP response code For more information on response rules, refer to the TrafficScript Manual. Improved Request Rules ---------------------- New TrafficScript functions have been added to make it easier for Request Rules to reliably parse persistent protocols such as POP3 or SMTP, and to make it easier to manage the connections to the client and the server. request.endsWith() - Indicate where the current request ends request.endsAt() - Indicate the length of the current request request.retry() - Retry a request against a node request.getRetries() - How many times has a request been retried request.isResendable() - Find out if the request can be resent request.avoidNode() - Avoid using a named node on a retry request.sendResponse() - Send a response for a request For more information and examples on complex connection handling techniques, refer to the TrafficScript manual. Other changes ------------- Some functions, mostly associated with request handling, have been re-named to avoid confusion with the new response rule functionality. The old versions continue to exist, but are marked as deprecated, and warnings will appear when checking the syntax of a rule in the user interface, and on the diagnosis page. lang.ord() and lang.chr() now work as expected. Other new TrafficScript functions: string.encrypt() - Encrypt a string, preventing alteration by clients string.decrypt() - Decrypt an encrypted string string.htmlEncode() - Encode a string so that it is HTML safe string.htmlDecode() - Decode HTML entities string.sprintf() - Format a string, like the standard sprintf xml.validate.xsd() - Validate an XML document against an XML schema resource.getmtime() - Get the time a resource file was altered pool.activeNodes() - Get the number of working nodes in a pool pool.select() - Specify the pool for a connection, without stopping rules processing connection.data.set() - Retrieve per-connection data connection.data.get() - Store per-connection data connection.getNode() - Get the name of the node used by a connection connection.getPool() - Get the name of the pool used by a connection connection.getVirtualServer() - Get the name of the Virtual Server manging the connection http.setCookie() - Set an HTTP cookie in a request http.removeCookie() - Remove an HTTP cookie from a request http.getFormParm() - Read a form parameter from a query string or POST data http.removeHeader() - Remove an HTTP header from a request Changed functions: string.regexmatch() - Can now perform case insensitive matches string.regexsub() - Can now perform case insensitive matches http.request.get() - Extra request headers can now be specified http.request.post() - Extra request headers can now be specified Other changes in 3.0 -------------------- * PCRE regex library ZXTM now uses the PCRE regular expression library (see http://www.pcre.org). This provides consistent regular expression interpretation across all the platforms supported by ZXTM. PCRE provides perl-compatible regular expressions which differ slightly from POSIX regular expressions. In the vast majority of cases, no changes to TrafficScript regular expressions will be needed. * Improved MIME type auto-detection MIME type auto-detection now uses a larger database of MIME type signatures, and should be considerably more useful. * Performance improvements ZXTM 3.0 contains a number of performance improvements to increase the speed and decrease the memory usage of individual connections. * User interface improvements The ZXTM User interface has been improved, to provide a cleaner, easier to use admin interface. ZXTM 2.0r1 -> 1st July 2004 =========================== ZXTM 2.0r1 is a minor revision of Zeus Extensible Traffic Manager 2.0, containing several enhancements and bug fixes. You are recommended to upgrade when convenient to take advantage of the improvements. Program Alterations and Bug Fixes since 2.0 ------------------------------------------- * TrafficScript: Additional functions make it easier to parse binary datastreams: lang.char() and lang.ord() convert between integers and ascii characters; string.intToBytes() and string.bytesToInt() convert between integers and network-order byte strings; string.dottedToBytes() and string.bytesToDotted() convert between IP addresses and network-order byte strings; string.intToBER() and string.BERToInt() convert between integers and BER-encoded integers; string.replaceBytes() and string.insertBytes() give easy ways to modify unparsed strings. Additional functions make it easier to manage external resources: resource.exists() checks whether an external resource file exists; resource.getMD5() returns an external resource file's MD5 hash. * UI: The status applet chart graphs relative traffic amounts for each virtual server. * Bug fixes: improvements to the connection handling, SSL and TrafficScript to resolve several stability problems. ZXTM 2.0 -> 30th April 2004 =========================== Zeus Extensible Traffic Manager (ZXTM) is a powerful Internet traffic management platform that delivers improved availability, scalability, manageability and security for networked applications. The ZXTM platform contains the following components: * Core Traffic Manager software: The software can be installed on one or more machines ('traffic managers') to create a ZXTM cluster. The software accepts and processes network requests before distributing them across back-end server nodes. * Distributed Administration and Configuration: Each traffic manager provides a secure web-based Admin Server. All the traffic managers in a ZXTM cluster share their configuration, so any Admin Server can be used to manage the cluster. * Fault Tolerance: A ZXTM cluster containing two or more traffic managers can operate in a fully fault-tolerant mode. Platform Availability for ZXTM 2.0 ---------------------------------- ZXTM 2.0 can be installed on the following platforms: * Linux (x86, IA64, x86_64) * Solaris (SPARC, x86) * FreeBSD (x86) Key new features in ZXTM 2.0 ---------------------------- Manageability Improvements: * Revised Admin Server user interface. * SNMP support. * Fine-grained user-based control of read and write access to the Admin Server. * Status Applet, Diagnosis and Configuration Summaries give a clear overview of the activity, health and configuration of the system. * Configuration can be backed up, restored and migrated between clusters. Health Monitoring: * ZXTM actively monitors back-end nodes and can raise alerts or execute custom corrective actions if a failure is detected. * Custom monitors can monitor a wide range of services and failure types. SSL Re-encryption: * Any TCP traffic may be encrypted by ZXTM before forwarding on to a server. * HTTPS traffic may be decrypted, managed locally and re-encrypted for full end-to-end security. * Full support for SSL authentication and authorisation using server and client certificates, certificate authorities and CRLs. Service Protection: * ZXTM restricts concurrent connections and new connection rates from individual clients to mitigate against connection-flooding attacks. * ZXTM validates the correctness of HTTP requests, and can protect against a range of HTTP-based attacks. * Custom protection rules to reject requests based on content can be used to protect against web worms and viruses. * Configurable attack logging. * Test and debug modes allow protection policies to be tested without affecting service. Content Compression: * HTTP and HTTPS content can be compressed on-the-fly. XML Validation and Transformation: * ZXTM can validate and translate incoming XML data using XSLT. * Translated data can be used in traffic routing decisions, and to offload translation from back-end servers. TrafficScript: * Additional TrafficScript functions extend the capabilities of ZXTM, including the ability to contact external services to assist in traffic rewriting and routing decisions. Activity Monitoring: * Real-time activity monitoring of traffic through the ZXTM cluster. * Activity statistics available via SNMP. * Activity can be graphed and analysed within the Admin Server, or exported to an external analysis package. * Active Connection reports to describe the precise, instantaneous state of the cluster. Historical Activity: * Historical traffic activity statistics are maintained for analysis. * Can be graphed and analysed within the Admin Server, or exported to an external analysis package. Traffic Logging: * Comprehensive, configurable traffic logging. Documentation: * Improved context-sensitive on-line help. * Updated Getting Started guide. * Added comprehensive User Manual. * Added TrafficScript manual. ZXTM 2.0 Early Adopter Release -> 7th November 2003 =================================================== Key Features in ZXTM 2.0 EA --------------------------- Protocol Support: ZXTM 2.0 supports all TCP-based protocols, and simple UDP-based protocols. It includes specialised protocol-handling support for HTTP and FTP. Load Balancing and Session Persistence: Load Balancing algorithms effectively distribute traffic across a number of back-end server nodes. Session Persistence methods can be used to preserve application-level sessions. Traffic Inspection and Manipulation: TrafficScript rules can be used to inspect and manipulate traffic, and make alternative routing decisions based on the traffic type and contents. SSL Decryption: SSL Decryption allows the traffic managers to decrypt incoming SSL traffic prior to inspection, manipulation and load balancing. Fault Tolerance: Traffic Managers can detect and avoid failures in the back-end server nodes. A ZXTM cluster containing two or more traffic managers can operate in a variety of fully fault-tolerant modes, resistant to failures in both the back-end server nodes and the traffic manager machines. Supported Platforms ------------------- ZXTM 2.0 EA can be installed on the following platforms: * Linux (x86, IA64, x86_64, PPC) * Solaris (SPARC, x86) * FreeBSD (x86) Known issues in ZXTM 2.0 EA --------------------------- Parallel installations: ZXTM can be installed as a fault-tolerant cluster of machines which automatically share their configuration. New machines should be added sequentially to a ZXTM cluster, to ensure that configuration is consistent across the cluster. Scripting the ./configure installation process to add many machines to the same cluster in parallel is not supported.