What’s New in CoPilot?

This page provides information about the latest Aviatrix CoPilot features.

For information about corrected issues, known issues, and other release notes for each CoPilot software release, see Aviatrix CoPilot Software Release Notes.

See the documentation for an explanation of Aviatrix Feature Modes.

New and Enhanced Features in 4.16.0

Release Date: 19 December 2024

See the documentation for an explanation of Aviatrix Feature Modes.

Auto Right-Sizing Enable/Disable

You can now enable/disable the Auto Right-Sizing feature. The feature is enabled by default. You can disable it from the Cloud Fabric > Scaling > Auto Right-Sizing > Auto Right-Sizing Settings dialog.

DNS Server for Hostname Resolution

The DNS Server for Hostname Resolution card under Groups > Settings allows you to select either the Gateway’s Management DNS Server (Aviatrix default DNS server) or a custom DNS server to resolve hostnames configured in Hostname SmartGroups for non-HTTP/HTTPs traffic.

Hostname SmartGroups

You can now select a Hostname Resource Type when creating a SmartGroup. Before you do this, ensure that the DNS server you want to use for resolving hostnames is selected on the DNS Server for Hostname Resolution card under Groups > Settings.

Behavior and UI Changes in 4.16.0

  • Moved and renamed the following items:

    • Billing & Cost > Aviatrix Billing moved to Administration > Billing

    • Billing & Cost > CostIQ moved to Monitor > CostIQ

    • Security > Egress > Monitor renamed to FQDN Monitor (Legacy)

    The Aviatrix documentation has been revised and reorganized to reflect these changes.

  • Allow Billing and CostIQ to be hidden

    You can now disable and re-enable CostIQ and Billing Insights (Overview, Explore, and Cloud Accounts pages) from Settings > Configuration > Features.

  • Moved the following items:

    • Rollback on Gateway Creation Error: The ability to enable and disable this feature has been moved from the Controller console to the CoPilot console on the Cloud Fabric > Gateways > Settings tab.

    • Gateway to Controller Communication: The ability to set the Keep-Alive-Speed has been moved in CoPilot from Gateways > Settings to Settings > Configuration > Advanced.

New and Enhanced Features in 4.15.0

Release Date: 14 November 2024

See the documentation for an explanation of Aviatrix Feature Modes.

Microsoft’s SSE Solution

You can now create connections to the Microsoft SSE Solution from Networking > Connectivity > External Connections (S2C). Microsoft SSE Solution has been added to the External Connections To dropdown on the Connectivity page.

Azure VNet Attachment

Attachment of Azure ARM Spoke through Native Peering is now supported on CoPilot.

Updates to the Upgrade Controller Wizard

  • The Cloud Accounts selection dropdown now only displays when Aviatrix Controllers can be accessed by multiple available cloud accounts. If only one Controller cloud account is available, that account will be selected automatically.

  • When upgrading a Controller, if the upgrade time limit is reached, a support bundle is created and a warning message displays with a Work with Support button. Clicking the button displays the Revert to Old Controller and/or Force Completion buttons, depending on the current progress of the upgrade.

  • If you decide to revert the upgrade or the upgrade fails, the Work with Support button also displays. In this circumstance, clicking the button opens a dialog box from which you can copy the support bundle, enable or disable remote support, and access the Aviatrix Support website.

Preview Features in 4.15.0

See the documentation for an explanation of Aviatrix Feature Modes.

Global VPC on GCP (Preview)

In GCP, Aviatrix Platform now supports Global VPC on Aviatrix Spoke Gateways for FireNet Egress.

You can configure the GCP Global VPC on Gateways > Settings.

An Enable Local Egress on VPC/VNets button has been added on Security > Egress > Egress VPC/VNets.

This is a Preview Feature and not intended for production environments.

Auto Right-Sizing of Gateways (Preview)

Enhancements have been made to the right-resizing recommendations for Gateways available on Cloud Fabric > Scaling.

After reviewing the resizing recommendation you now have the option to accept the recommendations, which will be immediately implemented. Aviatrix will not automatically resize the Gateways without user approval.

See About Auto Right-Sizing for more information.

This is a Preview Feature and not intended for production environments.

Behavior Changes in 4.15.0

CoPilot will now disable rollback on gateways when rollback is not possible.

UI Changes in 4.14.0

Release Date: 08 October 2024

  • The page Cloud Fabric > Edge is renamed to Cloud Fabric > Hybrid Cloud. The URL also changed from /cloud-fabric/edge/…​ to /cloud-fabric/hybrid-cloud/…​

Enhanced Features in 4.13.0

Release Date: 04 September 2024

See the documentation for an explanation of Aviatrix Feature Modes.

Appliance v3 Warning Banner

A persistent banner appears in the UI if your CoPilot instance is running an appliance version earlier than Version 3.x. It is strongly recommended that you migrate to the latest version.

Changes to Group Navigation

  • In the navigation menu, SmartGroups is renamed to Groups, and includes a SmartGroups tab.

  • WebGroups is moved from Security > Distributed Cloud Firewall > WebGroups to a tab under Groups.

  • The Groups page now contains tabs for SmartGroups, WebGroups, and Settings.

DCF Auto Refresh is Persistent

On Security > Distributed Cloud Firewall > Monitor the Auto Refresh toggle is now persistent when the option is enabled.

New SmartGroup Cloning Option

On Groups > SmartGroups, the vertical ellipses menu now includes an option to Clone SmartGroup.

When you select a SmartGroup and click Clone SmartGroup, a dialog box opens called Clone SmartGroup: selectedGroupName. The fields will be pre-populated with information from the selected SmartGroup. The cloned SmartGroup name will be Copy-of-selectedGroupName. You can keep or modify the information.

New Details Page for Gateways

On Cloud Fabric > Gateways, the Transit, Spoke, and Specialty Gateways tabs now all include a Details view.

The Details view includes tabular data for General Information, BGP (if applicable), Subnet Information, and Certs Info (if issued).

Enhanced Features in 4.12.0

Release Date: 08 August 2024

See the documentation for an explanation of Aviatrix Feature Modes.

Manage Gateway Attachments Window

An option is added on the Transit Gateways and Spoke Gateways tabs at Cloud Fabric > Gateways. This option opens a Manage Gateway Attachments window from which you can add or delete transit and spoke gateway attachments.

To access the feature, locate the transit or spoke gateway in the table and click the Manage Gateway Attachments icon in the last column to the right.

Save Views of External Connections (S2C)

On Networking > Connectivity > External Connections (S2C) you can filter the table and save the view for later use.

Browser Tab Title Update

The browser tab now provides more descriptive content to better reflect the current state of CoPilot. The tab title is in the format, <tab name> - <menu name> | Aviatrix CoPilot.

Enhanced Features in 4.11.1

Release Date: 17 July 2024

Auto-Right Sizing Preview Feature

Various enhancements to predictions and usability are added.

See Aviatrix Feature Modes for more information about Preview Features.

Preview Features in 4.11.1

Release Date: 17 July 2024

See the documentation for an explanation of Aviatrix Feature Modes.

View vCPU Breakdown Dialog Window

This new dialog window is available as a preview feature in CoPilot version 4.11 with Controller version 7.1.4100.

On Monitor > Performance, if you select the CPU Used (%) metric and the core data is available, the related graph displays a View vCPU Breakdown button. Clicking this button provides a breakdown of core usage for each gateway you selected on the Performance page. A table shows the minimum, maximum, and average percentages. Clicking the Core name opens a graphical view that displays the percentage used per day and time when you move your cursor over the graph.

Preview Features in 4.11.0

Release Date: 27 June 2024

See the documentation for an explanation of Aviatrix Feature Modes.

Gateway Instance Sizing Recommendations Report

This new report is available as a preview feature in CoPilot.

On the Administration > Reports tab, you can generate a Gateway Instance Sizing Recommendations report. This report provides gateway instance size recommendations based on your gateway utilization. The report is currently available in JSON format.

Aviatrix Secure Edge on Megaport

This release of CoPilot has additions to the UX for Megaport support, where Aviatrix Secure Edge can be deployed in Megaport Virtual Edge.

Enhanced Features in 4.11.0

Release Date: 27 June 2024

Topology > Overview Page

  • The Legend has been rearranged and updated with some new icons. Also, only icons for the clouds selected in Cloud Regions/Sites on the side panel will display in the legend.

  • On the side panel, under Connection Latency the Show Average Values toggle was removed. The values are now displayed automatically if the Latency feature is toggled On.

  • On the side panel, SmartGroups is now an option at the top level of Filters. It has been removed from the Condition list.

On Dashboard > Gateways Health

  • The All Up buttons have been disabled, so clicking them no longer opens a list of running gateways. The Down buttons are still in use, providing a list of gateways that are not running.

New Features in 4.10.0

Release Date: 31 May 2024

Controller Image Upgrade from the Copilot UI

This release adds the ability to perform a Controller image upgrade from CoPilot UI.

Unmanaged VMs Available in Topology

Unmanaged VMs are now available in the CoPilot Topology view for Controller versions earlier than 7.1.

UI Changes in 4.9.0

Release Date: 30 Apr 2024

Access Gateway Details from Topology

A View Gateway button is added to the Gateway Details in the Side Panel for Topology.

When you select a gateway instance (the Gateway Virtual Machines, in the outermost circle of the topology map) in your topology map, buttons display below the Properties table.

Click View Gateway to open Cloud Fabric > Gateways with details about the Gateway.

View Packet Count in FlowIQ

Overview and Flows pages now support displaying the traffic breakdown by Packet Count.

In the Monitor > FlowIQ > Overview page, Packet Count is added to the View By dropdown list. A card that displays Total Packet Count is also added below the View By field.

Updates to Edge Properties in Topology

In the Properties panel for Edge resources, labels are changed or removed to better reflect Edge resources and terminology.

The following fields are added:

  • Instance ID

  • Site ID

  • Managed (true/false)

The following field name changed:

  • Insane Mode is now High Performance (yes/no)

Items Renamed in the CoPilot UI

  • Aviatrix Edge is renamed to Aviatrix Edge Platform

  • Edge Gateways is renamed to Gateways

  • Interface Tags is renamed to Interface Labels

  • CSP Tags is renamed to Cloud Tags

Enhanced Features in 4.8.0

Release Date: 08 Apr 2024

Aviatrix Network Insights API Is Now GA

The Network Insights API is now a General Availability (GA) feature.

The Aviatrix Network Insights API allows you to retrieve network metric and status data across your Aviatrix data plane. Using the API, you can integrate with third-party tools for data analysis and visualization of the performance and health of your Aviatrix-managed resources. The API also supports data retention for compliance.

The Network Insights API supports Prometheus and JSON formats. All data transmissions are encrypted using industry-standard protocols. An API key is used to authenticate requests for your Aviatrix services.

To use the Network Insights API, you must have an add-on license and enable it from Settings > Configuration > License.

For more information, see Monitoring with Network Insights API.

Controller Diagnostics in CoPilot

Two enhancements were made on Diagnostics > Diagnostic Tools.

  • On the Controller Diagnostics page, a new Diagnostics Tool is available. You can run a comprehensive diagnostics report that you can download and analyze or send to Aviatrix Support. The Diagnostics report provides details on routes, NTP, DNS, SSH, IPsec, and other services operating on the gateway to aid in identifying active or inactive services.

    For more information, see Aviatrix Controller Diagnostics.

  • If you select the Diagnostics Tool on the Gateway Diagnostics page, an option is now available that allows you to run Controller diagnostics along with Gateway diagnostics.

UI Changes in 4.8.0

This section identifies any significant changes or updates to the CoPilot UI.

Reorganization of Settings Page

The Settings > Configuration > General section has been reorganized to provide clearer navigation.

New Features in 4.7.0

Release Date: 11 Mar 2024

New Aviatrix Billing Reports

The Aviatrix Billing feature has been enhanced to include multiple Report views that provide reports based on your actual Aviatrix Billing Plan.

You can access the reports in CoPilot from the Billing & Cost > Aviatrix Billing > Report tab. The Report page includes the Summary view, Usage Breakdown view, and Billing Breakdown view. It also provides an overview of your Aviatrix Billing Plan.

From the various Report views, you can determine the rate of consumption against your billing plan and whether there are any overages. The information in these views can help you identify patterns or trends that could assist in determining the reasons behind any overages and potentially predict whether costs are likely to remain within the billing plan commitment.

See more information in the Aviatrix Billing documentation.

UI Changes in 4.7.0

UserVPN Diagnostics

An option called UserVPN Diagnostics is added to the More action menu 25 in the UserVPN gateway list. This new feature is available at Cloud Fabric > UserVPN.

IAM Policy Updates and Account Audit

You can now perform IAM policy updates and account audits on multiple accounts at one time. On the Cloud Resources > Cloud Account page, select the checkbox to the left of the accounts on which you want to perform an action. Click the Actions menu and select Audit Account or Update IAM Policy. Select the checkbox in the table header to select or deselect all accounts.

The Update IAM Policy option only applies to AWS accounts. If you select non-AWS cloud accounts when updating policies, the non-AWS accounts are skipped during the update process. Also, the current version of the IAM policy is saved by AWS. Up to 5 (latest) non-default policy versions are retained.

Messages Display with Job Status

When running a background job in CoPilot, toast pop-up messages now display the result of the job directly in the UI. The messages display on the right side and indicate whether the job completed successfully or failed. You can click Task Details in the message to open the Monitor > Notifications > Tasks tab for more information.

Preview Features in 4.6.0

Release Date: 26 Jan 2024

This section lists preview features in this release.

New Gateway Group Upgrade and Upgrade Plan

The Gateway Group Upgrade and Upgrade Plan is available as a preview feature.

This feature allows users to put gateways into groups to perform upgrades. For example, groupings could be by region, cloud, or gateway type. Once grouped, a sequence can be configured to perform upgrades in priority order.

This new upgrade option can be found at CoPilot > Administration > Upgrade. See more information in the Gateway Upgrade Groups documentation.

UI Changes in 4.6.0

Gateway Type Renamed

Under Gateways > Gateway Management, the Gateway Type column that identified a primary or secondary HA type is now renamed to Instance Type. This change also applies anywhere in the CoPilot UI where a primary or secondary type is identified.

The Gateway Type column still exists but specifically identifies the gateway type for spoke, transit, etc.

Enhanced Features in 4.5.0

Release Date: 22 Dec 2023

View Managed and Unmanaged VPCs in Topology

The Aviatrix CoPilot Topology Network View now displays both unmanaged VPCs (VPCs with no Aviatrix Gateway) and managed VPCs (VPCs with an Aviatrix Gateway). For more information for filtering resources in topology, see Visibility into Cloud Resources.

Save Time Zone Changes Across Browsers

You can now save changes to the time zone displayed in Aviatrix CoPilot across different browsers. To change your time zone, click on the profile icon in the top right and select the Time Zone icon.

CoPilot operations always work in UTC (Coordinated Universal Time), but you can change the display to reflect different time zones.

Saving, Editing, and Deleting Views

You can now create, edit, and delete views on some CoPilot pages, including the Aviatrix CoPilot > Security > Distributed Cloud Firewall → Monitor tab.

Performance Page Views

You can now save and preserve views on the Aviatrix CoPilot > Monitor > Performance page.

Spoke to Spoke Gateway Attachments

Added support for Spoke-to-Spoke attachment management in Aviatrix CoPilot. See Spoke Gateway Attachments.

Spoke to Egress Transit FireNet Gateway Attachments

Added support for Spoke-to-Egress Transit attachment management in Aviatrix CoPilot. See Spoke Gateway Attachments.

Preview Features in 4.5.0

Geoblocking in Preview Mode

The Geoblocking feature under ThreatIQ is now in Preview mode by default. To use Geoblocking, manually enable the feature from the Aviatrix CoPilot > Settings > Configuration page > License tab under Feature Previews.

  • Existing CoPilot accounts with Geoblocking countries enabled will remain enabled. You do not need to make any changes after the upgrade.

  • If your account does not have Geoblocking enabled for any countries, then Geoblocking will be disabled during the upgrade. After the upgrade, manually re-enable Geoblocking.

URLs in WebGroups

WebGroups (Domain Names and URLs) became available in Preview Mode in CoPilot 3.10. As of release 4.5 only WebGroups that use URLs are in Preview Mode.

This is applicable only if you are using the latest 7.1 Controller.

Enhanced Features in 4.4.3

Release Date: 8 Dec 2023

Improved CoPilot Data Collection Method

Improved CoPilot’s method of collecting data. Previously, CoPilot used rates calculated by the gateway. Now, CoPilot will discard rates calculated by the gateway and determine them from raw counters instead.

This improvement ensures that CoPilot traffic statistics are internally consistent and unaffected by control plane interruptions, which could cause CoPilot to incorrectly record some throughout rates as 0 and to overestimate percentage-based metrics.

Enhanced Features in 4.4.4

Release Date: 15 Dec 2023

Improved CoPilot Data Collection Method

Improved CoPilot’s method of collecting data. Previously, CoPilot used rates calculated by the gateway. Now, CoPilot will discard rates calculated by the gateway and determine them from raw counters instead.

This improvement ensures that CoPilot traffic statistics are internally consistent and unaffected by control plane interruptions, which could cause CoPilot to incorrectly record some throughout rates as 0 and to overestimate percentage-based metrics.

Enhanced Features in 4.4.0

Release Date: 28 Nov 2023

Exporting Data from Aviatrix Billing

Added an option to export the data from the Aviatrix Billing - Explore Page. This option allows you to export all the individual gateway costs for all CSPs and regions into a single csv file.

New Status Type for BGP Connections

Added a new type of status to the BGP Info page to clarify when some connections are up and others are down. This new status is "Partially Established."

When the BGP Info page displays this "Partially Established" status, review the Status column for each individual connection to see whether it is Established or Not Established.

UI Changes in 4.4.0

New Display of Threats and Geoblocking

The CoPilot Dashboard now displays new information:

  • A summary of threats from ThreatIQ

  • A map of countries that have Geoblocking applied

This display gathers data from the previous 24 hours.

For a description of all data shown on the CoPilot Dashboard, see CoPilot Dashboard Page Reference.

Topology Map Changes

Distinguishing HPE vs. Non-HPE Connections in Topology

The Topology Overview has visual enhancements to help distinguish between different types of connections.

  • Each connection type is represented by a dotted or solid line.

  • The line’s color indicates the health of the connection.

In Aviatrix CoPilot > Networking > Overview tab:

Line and Color Meaning

Solid line

HPE connection

Dotted line

Non-HPE connection

Red

The connection is down

Green

The connection is up

For more information, please see the Legend in the Topology Overview tab.

BGP Routes Column Name Standardized

The label for a column for BGP Learned Routes and BGP Advertised Routes has been edited for consistency. Previously, the same column was labeled “Learned Routes” on the BGP Learned Routes page and “Network” on the BGP Advertised Routes page. Now, the column’s label is “Advertised Routes” in both places.

Enhanced Features in 4.3.0

Release Date: 24 Oct 2023

For known issues in CoPilot 4.3.0, see Aviatrix CoPilot Software Release Notes.

Alerts Enhancements

You can now configure alerts based on the number of gateways that match the following alert-trigger criteria:

  • Number of gateways in the DOWN state

  • Number of gateways in the KEEPALIVE_FAIL state

CoPilot Dashboard Enhancements

The CoPilot > Dashboard is redesigned. The dashboard has separate sections for monitoring network health and network resources. The information more critical in determining network health is at the top of the dashboard to help you quickly determine the overall health of your network. This section provides links to other CoPilot pages where you can analyze the data in more detail.

For information about added, removed, and changed elements in the CoPilot Dashboard, see Dashboard UI Changes.

For a description of all data shown on the CoPilot Dashboard, see CoPilot Dashboard Page Reference.

The count for number of gateways shown on the CoPilot Dashboard reflect gateways that currently exist in your Aviatrix-managed networks. If you are troubleshooting a network problem and want to see a list of all gateway instances, you can open the CoPilot > Cloud Fabric > Gateways page, and from the applicable gateway view (Transit, Spoke, or Specialty), locate the table row of the desired gateway. You can click the Gateway Diagnostics icon to run diagnostics from any gateway instance.

Performance Details from Gateways Page

The CoPilot > Cloud Fabric > Gateways > Transit/Spoke Gateways page now includes a Performance tab. Use the Performance view to readily look up telemetry statistics for the given gateway such as a gateway’s trend chart for CPU usage.

Topology Map Enhancements

The CoPilot > Cloud Fabric > Topology map includes the following enhancements:

  • New Geo View

    In the Topology > Overview page, there is now a selection for Geo View. This shows a bird’s eye view of all your cloud network constructs on a geographic map. CoPilot shows all cloud network constructs that are associated with the cloud account you onboarded in Aviatrix.

    The constructs can be those running in a VPC/VNet where no Aviatrix gateway is running also (unmanaged constructs) .

  • Improved presentation of Edge nodes

    The map shows more clearly the connection between edge sites and transit VPCs.

  • Improved presentation of GCP gateway nodes

    The map shows more clearly the Aviatrix gateways deployed in GCP global VPCs.

(Azure) Configure Spoke Subnet Groups

For Microsoft Azure, the ability to configure a subnet group for Spoke Gateways when configuring FireNet Gateway policies is now available in CoPilot. For detailed information, see Configuring Azure Spoke Subnet Groups.

The CoPilot navigation-menu search is enhanced to consider page sub-menus in search results based on keywords. For example, search results after typing the word ping will include the controller and gateway Diagnostics pages because they each contain a sub-menu for the ping tool.

UI Changes in 4.3.0

The following UI changes were made in the CoPilot 4.3.0 release:

Dashboard Changes

The CoPilot Dashboard is redesigned with a separate Health and Resources section.

The following UI elements were changed in the CoPilot Dashboard in 4.3:

  • The resource inventory cards were moved from the top of the dashboard to the Resources section.

  • The map showing the approximate geographic location of VPC/VNets was moved to the top of the dashboard.

  • The charts for Gateway per Cloud and Gateway by Type were collapsed.

  • The VPN Users resource inventory card was changed to a time series graph for showing VPN user count.

The following UI elements were added to the CoPilot Dashboard in 4.3 for showing network health:

  • Threats view in geographic map of VPC/VNets

  • Card for Gateway Health

  • Card for Connection Health

  • Card for Detected Intrusions

  • Card for CoPilot Health

  • Card for Controller Health

  • Threats list

  • Alerts list

The following UI elements were removed from the CoPilot Dashboard in 4.3:

  • Card for Count of AWS TGW

  • Card for Count of TGW Attachments

  • Card for Transit Gateways by CSP

Please note the count for number of gateways shown on the CoPilot Dashboard reflects the following:

  • For controllers 7.1 and later, counts reflect the sum of gateways.

  • For controllers 7.0 and earlier, counts reflect the sum of primary gateway instances.

For a description of all data shown on the CoPilot Dashboard, see CoPilot Dashboard Page Reference.

Topology Map Changes

  • The Geo View is added to the Topology Map.

Audit Page Changes

The CoPilot > Administration > Audit page is redesigned.

Enhanced Features in 4.2.0

Release Date: 22 Sep 2023

For known issues in CoPilot 4.2.0, see Aviatrix CoPilot Software Release Notes.

Additional Percentage-based Metric Conditions

CoPilot offers additional percentage-based metric conditions to choose from when you set conditions for triggering alerts or for monitoring resource performance.

See the metrics list in CoPilot > Monitor > Performance.

See the metrics list in CoPilot > Monitor > Notifications > Configure Alerts.

The following percentage-based metrics are now available:

  • per_bandwidth_egress_limit_exceeded

  • per_bandwidth_ingress_limit_exceeded

  • per_conntrack_limit_exceeded

  • per_linklocal_limit_exceeded

  • per_pkt_drop

  • per_pkt_fail

  • per_pps_limit_exceeded

  • per_rx_drop

  • per_rx_errs

  • per_tx_drop

  • per_tx_errs

Improved Geographic Map (FlowIQ)

The CoPilot geographic map display and behavior is improved.

See the map in the CoPilot > FlowIQ > Network > Geolocation page.

UserVPN Now Available in CoPilot

The UserVPN feature is now available in Aviatrix CoPilot. You can use this feature to add VPN gateways, profiles, users, and authentication against supported Identity Service Providers such as AWS SSO, Azure AD, and Centrify.

See the CoPilot > Networking > Connectivity > UserVPN page.

For more information, please see the UserVPN Overview or the UserVPN FAQ.

See also the release note about editing UserVPN profiles.

Topology Filter Improvements

The CoPilot topology map includes improved search/filter controls and a more streamlined filter menu design.

You can use quick filters to filter by cloud, region, and resource type.

You can choose to display or hide the average-value details for latencies between VPC/VNet connections.

You can set any saved topology filter as a default view.

You can easily reset filters to a default state.

See the search and filter pane in the CoPilot > Cloud Fabric > Topology > Overview page.

New Hardware Model Supported for Aviatrix Secure Edge

Aviatrix Secure Edge now supports the Dell R450 hardware for the Aviatrix Edge Platform. For more information, see:

UI Changes in 4.2.0

This section describes UI changes in CoPilot 4.2.0.

Topology Classic Experience Enablement

In CoPilot 4.2.0, the option to enable the classic experiences of Topology map has moved from the Topology page to the Settings page.

If you want to enable the classic experiences for Topology map, do the following:

  1. Go to the CoPilot > Settings > Configuration page, enable the Old Topology Experiences option, and click Save.

  2. In the Copilot > Cloud Fabric > Topology page, click on the New Topology Experience toggle.

    This disables the New Experience in the Overview tab and shows the Classic Experience and the Transit and MCNA tabs of the Topology page are also shown.

Enhanced Features in 4.1.0

Release Date: 24 Aug 2023

For known issues in CoPilot 4.1.0, see Aviatrix CoPilot Software Release Notes.

View VPC/VNets Running in your Clouds

CoPilot now shows in a central location all the VPC/VNets running in your clouds for cloud accounts onboarded onto Aviatrix Controller.

In the CoPilot > Cloud Resources > Cloud Assets > VPC/VNets & Subnets page:

CoPilot shows VPC/VNets that were created in the CSP environment as well as those that were created as part of deploying Aviatrix resources such as those created during the deployment of your controller, CoPilot, and gateways.

A VPC/VNet can be marked as Aviatrix managed where:

  • Aviatrix managed = Yes — Indicates an Aviatrix gateway is running in the VPC/VNet.

  • Aviatrix managed = No — Indicates no Aviatrix gateways exist in the VPC/VNet.

If you create a VPC/VNet by using Cloud Service Provider tools instead of the Aviatrix Controller or CoPilot UI, the VPC/VNet is still marked as managed as long as an Aviatrix gateway is running in it.

You can use the filter and search functions to sort and find VPC/VNets by cloud, region, IP address CIDR, CSP tag(s), Aviatrix SmartGroup, and other criteria.

You can create SmartGroups from the VPC/VNets & Subnets page. You can create a SmartGroup from one or more VPC/VNets with a maximum of 20 VPC/VNets per SmartGroup.

Only Aviatrix-managed VPC/VNets are shown for Alibaba Cloud and Oracle Cloud Infrastructure (OCI).

FlowIQ Filter Improvements

In FlowIQ, CoPilot now automatically creates flow filter rules or quick filters for a host’s IP address or port. After you enter a host’s IP address or port number, CoPilot shows all traffic flows sent to and received from that IP address or port in FlowIQ charts. The quick filters are available in the custom rule dialog if you want to use them in a custom flow query.

Quick filter created when typing an IP address:

( Source IP Address = IP_address OR Destination IP Address = IP_address )

Quick filter created when typing a port number:

( Source Port = port_number OR Destination Port = port_number )

To use quick filters:

  1. Go to the CoPilot > Monitor > FlowIQ page, type an IP address or port number in the Filters field, set the desired time period to analyze flow data for, and hit Enter or click Apply.

    Each chart in the FlowIQ page is updated to show all traffic for those IP address or port filters.

  2. Click the down arrow (v) in the Filters box to open the custom rules dialog.

  3. To delete a quick filter, hover over its entry and click the Delete icon.

  4. To add more rules to build a custom query, click + Add condition or + Add group as needed.

  5. After setting all conditions, click Apply.

  6. To save a custom filter view, click Save View.

Create an AWS TGW

You can now use CoPilot to create an AWS TGW and orchestrate TGW attachments.

See the CoPilot > Networking > Connectivity > AWS TGW page.

New Features in 4.0.0

Release Date: 21 July 2023

For issues corrected and known issues in CoPilot 4.0.0, see Aviatrix CoPilot Software Release Notes.

View Virtual Machines Running in your Clouds

CoPilot now shows in a central location all the virtual machines running in your clouds for cloud accounts onboarded onto Aviatrix Controller.

In the CoPilot > Cloud Resources > Cloud Assets > Virtual Machines page:

CoPilot shows VMs that were created in the CSP environment as well as those that were created when deploying Aviatrix resources such as those running your controller, CoPilot, and gateways.

A VM can be marked as Aviatrix managed where:

  • Aviatrix managed = Yes — Indicates the VM is behind an Aviatrix Gateway; that is, running in a VPC/VNet where an Aviatrix gateway is deployed.

  • Aviatrix managed = No — Indicates the VM is running in a VPC/VNet where no Aviatrix gateways exist.

  • Aviatrix managed = Gateways — Indicates the VM is running an Aviatrix Gateway (Transit, Spoke, or Specialty/Other)

You can use the filter and search functions to sort and find VMs by cloud, region, IP address, instance size, tag(s), Aviatrix SmartGroup, and other criteria.

You can create SmartGroups from the Virtual Machines page. You can create a SmartGroup from one or more VMs with a maximum of 20 VMs per SmartGroup.

Only Aviatrix-managed VMs are shown for Alibaba Cloud and Oracle Cloud Infrastructure (OCI).

Enhanced Features in 4.0.0

Enhancements made in CoPilot 4.0.0 include performance improvements and added controls for functions that previously could only be done via the Controller UI.

FlowIQ Performance

Performance optimizations were applied to FlowIQ that improve page-load times when querying traffic flows.

You will notice page load is faster for the following pages:

  • FlowIQ > Overview tab

  • FlowIQ > Trends tab

  • FlowIQ > Geo tab

Page load performance optimizations do not apply to the following pages:

  • FlowIQ > Flows tab

  • FlowIQ > Records tab

The Flows and Records pages render granular flow data details that take longer to load. The numbers in charts reflect the raw bytes value based on the most recently received raw data.

Note the following about the Overview, Trends, and Geo pages where page-load performance optimizations now apply:

  • They show only the most recent 120 days of data. This is a change in behavior from previous CoPilot releases. You can see historical flow data earlier than the last 120 days by using the Flows and Records tabs.

  • The granularity of the data is traded for increased performance so some charts could show numbers that do not match the raw bytes value. Thus, if you were to compare the total byte value of a flow with the total byte value of the same flow as seen and tabulated in the Records tab, there may be a minor discrepancy.

While your CoPilot instance is upgrading to software version 4.0.0, historical flow data records will be aggregated in order to implement FlowIQ performance improvements. During this time, the CPU utilization of your CoPilot virtual machine will increase.

Upload and Update Certificates for Aviatrix Controller

You can use CoPilot to upload and update certificates for Aviatrix Controller.

See the Controller Certificate card in the CoPilot > Settings > Configuration page.

For information about using the CoPilot UI to update Controller certificates, see Controller Certificate Management

Apply Patches onto Aviatrix Controller

You can use CoPilot to apply software patches onto Aviatrix Controller.

See the Install Patches card in the CoPilot > Settings > Maintenance > Upgrade page.

For more information, see Installing Software and Security Patches.

Perform Controller Security Group Management

You can use CoPilot to enable the Aviatrix Controller security group management feature.

See the Controller Security Group Management card in the CoPilot > Settings > Configuration > Security section.

For more information, see Controller Security Group Management.

Perform CoPilot Security Group Management

You can use CoPilot to enable the CoPilot Security Group Management feature.

See the CoPilot Security Group Management card in the CoPilot > Settings > Configuration > Security section.

Perform Native Peering for CSP VPC

You can use CoPilot to perform native peering with cloud service provider (CSP) VPCs.

See the CoPilot > Networking > Connectivity > Native Peering page.

This functionality requires a Controller software build version higher than 7.1.1577.

Configure Additional Aviatrix Controller Settings

You can use CoPilot to configure these Aviatrix Controller settings:

  • Controller IP Access

    See the Controller IP Access card in the CoPilot > Settings > Configuration page.

  • Controller DNS Server, WAF, Tunnel, FIPS 140-2

    See the Federal Information Processing Standard (FIPS) 140-2 card in the CoPilot > Settings > Configuration > Advanced section.

  • Controller Session Timeout

    See the Session Timeout card in the CoPilot > Settings > Configuration > General section

  • Controller Logging

    See the Logging Services tab in the CoPilot > Settings > Configuration page.

Preview Features in 4.0.0

Getting-Started Workflow for Secure Egress

A workflow wizard is available to help deploy and configure Secure Egress traffic rules and monitoring. After you enable Distributed Cloud Firewall (formerly named Micro-segmentation/Distributed Firewalling) and enable the WebGroups preview feature, the wizard will appear in your CoPilot Dashboard. You can click Start to go through the workflow or dismiss it.

Note that WebGroups and TLS Decryption and IDS traffic rule options are in preview. Preview Features are not safe for deployment in production environments. The purpose of the quick-start workflow is to offer you the opportunity to experiment with the Secure Egress feature and use WebGroups.

Secure Egress Wizard

GUI Changes in 4.0.0

This section lists GUI changes made in the 4.0.0 release.

The following top-level menu options are renamed:

  • AirSpace is renamed Cloud Fabric.

  • Troubleshooting is renamed Diagnostics.

nav-changes.png

The following pages are renamed:

  • Distributed Firewalling is renamed Distributed Cloud Firewall.

  • Distributed Firewalling > Policy Monitor is renamed Distributed Cloud Firewall > Monitor.

  • Asset Visibility is renamed Cloud Assets.

The following pages have been moved:

  • Connectivity is a page under CoPilot > Networking.

  • Anomaly Detection is a page under CoPilot > Security.

Enhanced Features in 3.14.0

Release Date: 28 June 2023

For issues corrected in CoPilot 3.14.0, see Aviatrix CoPilot Software Release Notes.

CoPilot Alert Details include Name and Condition of Trigger Metric(s)

CoPilot now shows the following information about triggered alerts.

  • The name of the metric(s) whose condition(s) triggered the alert

  • The value(s) of the metric condition(s) that triggered the alert

The information is shown for each triggered alert in the CoPilot > Monitor> Notifications> Alerts page, in emails sent to configured alert recipients, and in the webhook payload that CoPilot generates.

For the webhook payload, the new metric_info field is added alongside the existing alert, event, and extra fields. To view a sample of the metric_info field format, go to the CoPilot > Monitor > Notifications > Recipients > Webhooks page, click + Webhook, and then click Preview Sample Payload.

Perform Native Peering for CSP VPC via CoPilot UI

A new page was added to the CoPilot UI for performing native peering with cloud service provider (CSP) VPCs.

See the CoPilot > AirSpace > Connectivity > Native Peering page.

This functionality requires a Controller software build version higher than 7.1.1577.

Apply Software Patches to Controller via CoPilot UI

A new page was added to the CoPilot UI for applying security patches and general software patches onto Aviatrix Controller.

See the Install Patches card in the CoPilot > Settings > Maintenance > Upgrade page.

This functionality requires a Controller software build version higher than 7.1.1577.

Back up and Restore Controller via CoPilot UI

A new page was added for backing up and restoring Aviatrix Controller from the CoPilot UI.

See the Back Up Controller and Restore Controller cards in the CoPilot > Settings > Maintenance > Back Up & Restore page.

This functionality requires a Controller software build version higher than 7.1.1577.

For more information, see CoPilot System Administration.

Perform a Controller Image Migration via CoPilot UI

A new page was added to the CoPilot UI for migrating your Controller to a new Controller image.

See the Upgrade Controller Image card in the CoPilot > Settings > Maintenance > Upgrade page.

This functionality requires a Controller software build version higher than 7.1.1577.

For more information, see CoPilot System Administration.

Set Recipients for Controller-Generated Alert Emails via CoPilot UI

A new page was added to the CoPilot UI for setting email recipients for Controller-generated alert emails.

In this page, you can specify email accounts or aliases that can receive important notification emails that are sent from your Controller.

Aviatrix Controller email notification setting Description

Account and Certificate Alerts

Specifies the email account to receive important account and certification information.

Example: aviatrix_administrators@yourcompany.com

Security Events

Specifies the email account to receive security and CVE (Common Vulnerabilities and Exposures) notification emails.

Example: aviatrix_securitynotices@yourcompany.com

Critical Alerts

Specifies the email account to receive field notices and critical notices.

Example: aviatrix_criticalnotices@yourcompany.com

Status Change Notifications

Specifies the email account to receive system/tunnel status notification emails.

Example: aviatrix_statuschangenotifications@yourcompany.com

Send Software Exception Notification Emails to Aviatrix

Enables or disables the sending of software exception emails to Aviatrix Systems.

See the CoPilot > Monitor > Notifications > Settings page to access the settings.

This functionality requires a Controller software build version higher than 7.1.1577.

Set SMTP Service for Controller-Generated Alert Emails via CoPilot UI

A new page was added to the CoPilot UI for setting the SMTP service you want to use for Controller-generated alert emails.

By default, the SMTP service is provided by a third-party, Sendgrid. Even though Aviatrix implements third-party risk monitoring, we are not responsible for Sendgrid controls. Aviatrix recommends that you configure your own SMTP service.

See the SMTP Service card of the CoPilot > Monitor > Notifications > Settings page.

This functionality requires a Controller software build version higher than 7.1.1577.

Enhanced Features in 3.13.0

Release Date: 14 June 2023

For issues corrected in CoPilot 3.13.0, see Aviatrix CoPilot Software Release Notes.

CoPilot Appliance V2 to V3 Migration Support

Support for a more simplified CoPilot image migration using backup and restore is now available. This image migration method is supported for AWS cloud between two simple CoPilot deployments running Appliance Version 2 images. See Migrate CoPilot to Appliance V3 (AWS).

For information about CoPilot image releases, see Aviatrix CoPilot Image Release Notes.

Diagnostic Tool Updates

Enhancements were made for accessing diagnostic tools in CoPilot.

You can perform the following actions in Controller Diagnostics from the CoPilot > Troubleshoot > Diagnostic Tools page:

  • Run ping from the Controller virtual machine.

  • Run and restart Controller services such as CloudXD, PERFMON, rsyslog, and more.

  • View Controller command logs. Click Run to refresh to the latest logs.

  • View Controller event logs by event type, such as by account creation, gateway deletion, tunnel creation, and so on.

See Diagnostic Tools for more information.

System Health Page Redesign

The System Health view of the CoPilot > Settings > Resources page is redesigned. Check the CPU Used, Memory Used, and Disk Free status of the CoPilot virtual machine from this page.

VPC/VNet Cloud Routes Page Redesign

The VPC/VNet Routes view of the CoPilot > Monitor > Cloud Routes page is redesigned. The search capability is expanded to all table column fields.

Performance Improvement for Reports

The performance of rendering the CoPilot Resource Utilization report is improved. A limited preview of performance metric charts is shown in the report in the CoPilot UI. The PDF output of the report does not show performance metric charts.

Swap Memory Monitored as Global Health Alert

The Global Memory Swap Surge alert monitors the virtual machines of all your Aviatrix Gateways and triggers an alert when any gateway meets both of the following conditions:

  • Swap memory (mem_swapped) is more than 0B.

  • Total memory is more than 1GB.

You can change the default trigger conditions for this alert. For details, see Global Memory Swap Surge Alert.

Creation of VPC/VNet via CoPilot

A new page was added for creating and deleting VPC/VNets from the CoPilot UI.

For more information, see Creating a VPC/VNet using CoPilot.

New Features in 3.12.0

Release Date: 31 May 2023

For issues corrected in CoPilot 3.12.0, see Aviatrix CoPilot Software Release Notes.

Vertical Scaling Supported for SNAT-Enabled Gateways

Vertical scaling is now available for SNAT-enabled gateways. See Creating a Manual Scaling Policy for more information.

Configure a Time Zone in CoPilot

You can now configure a time zone in CoPilot so that every timestamp in the UI displays in the configured time zone. All time zones are supported. By default, CoPilot uses the browser time zone.

To configure a different time zone, click the user profile icon, click Local, select a time zone from the list, and then click Save. All timestamps visible in the CoPilot UI are rendered for the selected time zone.

When clicking on the icon, it will toggle between UTC and local. When the set time zone is different than your browser time zone, CoPilot shows the time zone abbreviation of the zone you are looking at in the browser bar.

The time zone is set at the browser level (not application wide for all user accounts). If the browser cache and cookies are cleared, CoPilot resets to using the browser time zone.

The timestamps in notification alerts (sent via email and webhook) use UTC regardless of the time zone configured in CoPilot.

Enhanced Features in 3.12.0

Diagnostic Tool Updates

Enhancements were made for accessing diagnostic tools from the CoPilot > Topology page (classic and new experience) and the CoPilot > Troubleshoot > Cloud Routes page. A new design allows access to the following gateway diagnostic tools for gateways:

  • Gateway Diagnostics

  • Connectivity Diagnostics - If the gateway instance has Site2Cloud connections, you can access Connectivity Diagnostics.

  • BGP Diagnostics - If the gateway has BGP connections, you can access BGP Diagnostics.

Previously, only Gateway Diagnostics could be accessed from these pages. You must have Controller version 7.0.1577 or higher to view these enhancements.

You can also access gateway diagnostic tools from the CoPilot > Airspace > Gateways page (in all views: transit, spoke, and specialty) and from the CoPilot > AirSpace > Connectivity page.

See here for more information.

Pass a Custom Authorization Header in Webhook Requests

You can now set an authorization header in the webhook requests CoPilot sends out. Passing a custom authorization header may be used for integrating with downstream third-party alerting systems.

For more information, see Specifying the Webhook Payload URL.

Configuration Page Updates

Enhancements were made to the CoPilot > Settings > Configuration page that is organized into separate views for performing general configuration, license and SKU related configuration, and more advanced (and less used) configuration tasks.

GUI Changes in 3.12.0

Removed Legacy Traffic & Latencies View

The following view in Traffic & Latencies is removed:

  • Monitor > Traffic & Latencies > Latency Monitor with Classic Experience enabled

The classic view is superseded by the CoPilot > Monitor > Traffic & Latencies > Latencies page which offers equal and improved functionality.

Removed Legacy FlowIQ View

The following view in FlowIQ is removed:

  • Monitor > FlowIQ with Classic Experience enabled

The classic view is superseded by the CoPilot > Monitor > FlowIQ > Overview page which offers equal and improved functionality.

New Features in 3.11.0

Release Date: 22 May 2023

For issues corrected in CoPilot 3.11.0, see Aviatrix CoPilot Software Release Notes.

Enhanced Features in 3.11.0

New Pages for Gateway, Connectivity and BGP Diagnostic Tools

Gateway, Connectivity, and BGP Diagnostics tools are now available in CoPilot. You can access these tools from the CoPilot Troubleshoot > Diagnostic Tools menu, or in the Topology (New Topology Experience) (if you select a gateway instance).

If the gateway instance has Site2Cloud connections, you can also access Connectivity Diagnostics. If the gateway has BGP connections, you can also access BGP Diagnostics.

See here for more information.

Improvements in Support of Private Mode

The backup and Support functions for Private Mode are improved. If you use Private Mode, you can use the troubleshooting tools for uploading log bundles and enabling remote support.

In-App Help Content for SmartGroups

Help content is now available in the CoPilot application for the SmartGroups feature. You can read the help content by clicking the question mark icon in the SmartGroups' overview page.

New Features in 3.10.0

Release Date: 11 May 2023

For issues corrected in CoPilot 3.10.0, see Aviatrix CoPilot Software Release Notes.

Aviatrix Secure Edge for On-Premises and Aviatrix Edge Platform

This release enables support for Aviatrix Secure Edge Gateway to be deployed via a turnkey solution from Aviatrix by leveraging an appliance wherein appliance onboarding and orchestration is driven from the Cloud. Deployment of the Edge gateway is via a zero touch provisioning model. The solution enables a seamless management and configuration model from Cloud to edge. This functionality requires Controller software version 7.1.1710 or later.

VLAN, VRRP Support on Aviatrix Secure Edge

Aviatrix Edge Gateway can be used to terminate VLANs on the Edge Gateway. This also includes VRRP support. This can be used leveraging Aviatrix Edge platform on a device with secure edge gateway acting as a LAN side router. This functionality requires Controller software version 7.1.1710 or later.

VLAN at Edge to CSP VPC/VNET Segmentation Support

Aviatrix Secure Edge at a customer on-premises location can be used as a LAN side Gateway with VLANs and this now enables cloud to Edge segmentation model, where segmentation domains and corresponding policies allow customers to define isolation across CSP VPCs and VNETs to onpremises networks and viceversa. This functionality requires Controller software version 7.1.1710 or later.

Aviatrix Secure Edge in Equinix - BGP Underlay Support

Aviatrix Secure Edge in Equinix Network Edge platform now supports setting up private virtual connections from Aviatrix Secure Edge to CSPs such as AWS, Azure, GCP and OCI and use BGP for peering to the CSP private connections (for example, Direct Connect, Express Route, Interconnect). This functionality requires 7.1.1710 Controller release.

L4 Firewall Support on Aviatrix Secure Edge

Aviatrix Secure Edge now supports L4 firewall capabilities where CIDR and IP addresses can be used along with ports and protocols to define policies for granular traffic control.

Edge GW A/A and A/S Support

Edge in Equinix is only a single Gateway per site in this release.

Edge on ESXi/KVM is untested in Controller version 7.1.1710. For Edge on ESXI/KVM self managed environments, please use Controller version 6.8 , 6.9 or 7.1.

The Controller release 7.1.1710 supports two active/active Gateways when deployed in on-premises.

Enhanced Features in 3.10.0

Updated Cloud Routes page

The CoPilot > Troubleshoot > Cloud Routes page has an updated layout and improved format for tables and search controls.

Additional Info in ThreatIQ Alert Email/Webhook

For ThreatIQ alerts, additional information is now included for both email and webhook alert notification channels.

  • Webhooks: The event.threatIqInfo field is added. The Webhook fields matchingHosts, newlyAffectedHosts, and recoveredHosts used to contain only the threat IP. With the addition of the event.threatIqInfo field, these fields also contain the affected gateway name.

    The event.threatIqInfo field is only available for threatIQ alerts and is automatically sent out with the ThreatIQ webhook; the field is not accessible through the webhook template in the CoPilot UI.

  • Emails: The Newly Affected Hosts table row now provides the affected gateway name in addition to the threat IP and threat severity as defined by the threat-IP source.

New Pages for Gateway Functional Areas

New pages were added to CoPilot for these functional areas:

  • Transitive Routing (Edge)

    The Transitive Routing option is added to allow Edge Gateways to forward traffic between multiple Transit Gateways. See Configuring Transitive Routing with Edge Gateway.

  • Setup Gateways

Support for Edge HA Gateway Creation

You can now use the CoPilot > AirSpace > Edge page to create edge high availability (HA) gateways.

This functionality requires Controller software version 7.1.1710 or later.

Distributed Firewalling with WebGroups

You can now use WebGroups (Preview feature) when defining Distributed Firewalling (DFW) rules in the CoPilot > Security > Distributed Firewalling page. WebGroups define Domains and URLs into a group which can be used into the DFW Rules as a matching condition for the Rule action to be enforced.

This functionality requires Controller software version 7.1.1710 or later.

Enhancements to Intra VPC/VNet Distributed Firewalling

If you have Controller version 7.1.1710 or later, you can perform Security Group orchestration for VPC/VNets that have Intra VPC/VNet enabled. See the CoPilot > Security > Distributed Firewalling > Settings tab.

You can view the Intra VPC/VNet configuration in the Topology map and see how many VPC/VNets have Intra VPC/VNet enabled.

Support for Spoke Attachment while Creating/Editing a FireNet Gateway

You can now attach a Spoke Gateway to a FireNet Gateway while creating or editing the FireNet Gateway in the CoPilot > Security > FireNet page.

Preview Features in 3.10.0

This section lists Preview Features in this release.

Decryption CA Certificate Functions for Distributed Firewalling

If you have CoPilot 3.10.0 and Controller version 7.1.1710 or later, the following decryption CA certificate functions are available as a preview feature:

In CoPilot > Security > Distributed Firewalling > Settings > Decryption CA Certificate:

  • Upload your own CA certificate so that you can use TLS (recommended)

  • Download the default Aviatrix CA certificate for use in your environment

  • Add the Aviatrix CA certificate to your trust bundle

  • Upload your own trust bundle

  • Change the enforcement level to determine how Distributed Firewalling handles origin certificates that are not signed by a trusted Certificate Authority.

  • Renew certificates

When using a Controller version earlier than 7.1.1710, you can download the Aviatrix CA certificate for use in your environment but other functions (described above) are not available.

GCP Global VPC Routing (Global Spoke for GCP)

Global Spoke for GCP is a preview feature available in CoPilot 3.10.0.

Global Spoke for GCP creates regional awareness between the VPC and Aviatrix gateways allowing you to restrict spoke gateway traffic to transit gateways in the same region as the spoke gateway. Without global VPC, communications between spokes over transit in the same region are routed outside the region. Regional awareness is achieved by appending regional network tags to virtual machines and adding regional routes to the gateways in the routing table using tags. You can configure the method of appending the network tags in the CoPilot > AirSpace > Gateways > Settings page. For more information, see GCP Global VPC Routing.

WebGroups

WebGroups are used in Distributed Firewalling rules. WebGroups define Domains and URLs into a group which can be used into the DFW Rules as a matching condition for the Rule action to be enforced.

New Features in 3.9.0

Release Date: 25 April 2023

For issues corrected in CoPilot 3.9.0, see Aviatrix CoPilot Software Release Notes.

Enhanced Features in 3.9.0

ThreatIQ and Geoblocking Uses IP Sets for Blocking

The mechanism for blocking traffic for the ThreatIQ and Geoblocking features has been enhanced to use IP sets. This supports blocking on a larger scale because IP sets require less rules (need only 2 rules per gateway rather than 2 rules per IP address per gateway).

Selection of Range for CoPilot Backups

When performing a backup of CoPilot data, you can now select the range of data to back up. From CoPilot > Settings > CoPilot Management, you can select or specify a time period for data backups.

Download Gateway Summary Details in CSV Format

You can now download in CSV format each category of gateway information shown in the CoPilot > AirSpace > Gateways > Overview page.

FireNet Configuration Supported

You can now use the CoPilot > Security > FireNet page to configure FireNet.

This functionality requires Controller software version 7.0.1577 or later.

New Features in 3.8.0

Release Date: 05 April 2023

(05 Apr 2023)

For issues corrected in CoPilot 3.8.0, see Aviatrix CoPilot Software Release Notes.

Performance Improvements for Topology

Enhancements have been made to improve the performance of the CoPilot > Airspace > Topology functional area.

Gateway Upgrade Supported on CoPilot

You can now use the CoPilot > Gateways > Gateway Management page to upgrade your gateways.

This functionality requires Controller software version 7.0.1577 or later.

gateway upgrade

SAP-Services Discovery Enablement

In this version, SAP-services discovery is now disabled by default. You can opt in to enable the feature upon first login to CoPilot 3.8.0. You can also enable SAP-services discovery at any time from the CoPilot > Settings > Configuration page.

For more information, see Setting CoPilot UI Preferences.

Packet Drop Rate for Performance, Gateway Alert, and Manual Scaling

You can now select the Packets Drop Rate option or Packets Drop Rate(%) option for:

  • Performance Metric Setting: From the CoPilot > Monitor > Performance page, you can now select the Packets Drop Rate and the Packets Drop Rate(%) option for the performance metric setting.

  • Gateway Alert Configuration: From the CoPilot > Monitor > Notifications > Alerts Configuration page, select Gateways. You can select Packets Drop Rate and the Packets Drop Rate(%) option for the condition setting.

  • Manual Scaling Policy Setting: From the CoPilot > Airspace > Policy > Create New Scaling Policy page, select Manual Scaling. You can select Packets Drop Rate and the Packets Drop Rate(%) option for the condition setting.

Metric API Authentication (Preview Feature)

The Metric API authentication allows you to retrieve network metric data across your Aviatrix data plane. The metric API key is used to authenticate service requests for your Aviatrix services.

To use the Metric API authentication feature, you must first enable it by going to the CoPilot > Settings > Configuration > License page. Once enabled, you can download your Metric API specification from the CoPilot > Settings > Configuration > General page.

For more information, see Monitoring with Network Insights API.

New Features in 3.7.1

Release Date: 19 March 2023

(Note: The following release was built for internal use only: 3.7.0)

For issues corrected in CoPilot 3.7.1, see Aviatrix CoPilot Software Release Notes.

Alerts that Support Global Health

The Global Control Plane Health and Global Network Health alert types are introduced in this release:

alerts global new

Alert for Controller and CoPilot Health Status

The Global Control Plane Health alert monitors the health of your Controller and CoPilot instances, sending an alert if their respective virtual machines are low in CPU, memory, and disk space.

You must set the recipients for this alert type by editing its default configuration if you want to receive notifications via email or webhook.

For more information, see Global Control Plane Health Alert.

Alert for Gateway and Network Health Status

The Global Network Health alert monitors the health of your Aviatrix Gateway instances, sending an alert if their respective virtual machines exceed a given packets per second drop rate or are in a down status.

You must set the recipients for this alert type by editing its default configuration if you want to receive notifications via email or webhook.

For more information, see Global Network Health Alert.

CoPilot User Visibility Controls

You can use the CoPilot > Administration > User Access page to set user account permissions for CoPilot and the Controller. For each CoPilot navigation menu item, you can set permissions that control what pages and tabs users can see. You can also create Controller user groups from this page as well as add, edit, and remove users. This feature does not change the allocation of user groups in Controller. The user groups are the same; this new feature enables you to create the groups from the CoPilot UI.

For instructions on how to assign user permissions for controlling CoPilot user visibility, see CoPilot User Access & Visibility

copilot-user-visibility-tabs

Enhanced Features in 3.7.1

Egress FQDN Configurable and Workflow Improved

You can now use the CoPilot > Security > Egress page to set egress-traffic rule conditions for selected VPC/VNets.

For information about setting egress-traffic rules in CoPilot, see Securing and Controlling Egress Traffic.

Improved Alert Recipients Page

A separate CoPilot > Monitor > Notifications > Recipients page is introduced for defining alert notification channels (email or webhook). When defining webhook templates, you can preview the webhook payload to check your in-progress configuration.

webhook-preview-payload

Aviatrix Billing Shows Subscription-Level Billing Information

CoPilot > Billing & Cost > Aviatrix Billing shows the billing information on a subscription level.

Performance Improvements

Topology rendering speed is optimized.

ThreatIQ blocking and CostIQ scale characteristics are improved.

Tasks are more efficient and resilient to outages.

Metric Threshold Comparator Update

In the new alert UI, we standardized comparators for metrics' thresholds to be either "more than (>)" or "less than (<)".

Alerts using ">=" and "<=" were migrated to "more than (>)" and "less than (<)", respectively.

To preserve behavior, we adjusted the threshold for metrics tracking small integer values.

Metrics tracking large integers (bytes and bps) or continuous values (percent) are not adjusted.

For example, "dropped packets >= 10" would be migrated to dropped packets  9, while "cpu >= 80%" would be translated directly to cpu  80%.

GUI Changes in 3.7.1

Dark Mode Button Moved

The dark mode button is now an option under the application bar’s User Profile icon.

dark-mode

Upgrade Impacts and Notes for 3.7.1

Alert Configurations Migrated

3.7.1 offers a new Alert UI that provides a more streamlined workflow for configuring alerting for monitored hosts in your Aviatrix platform.

Pre-existing alert configurations continue to alert on events as before.

For pre-existing alert configurations migrated to CoPilot 3.7.1, note the following:

  • If they monitored the Controller host AND other hosts to alert on health or network metrics (or both), the Controller host was removed as a monitored host for that alert configuration. In addition, if the Controller host was the only host monitored for these metrics, the entire alert configuration was removed.

  • If they monitored both your Controller host AND Gateway hosts to alert on system metrics, the Controller host remained as a monitored host for that alert configuration but you cannot specify additional monitored hosts or additional conditions. You can change the name of the alert configuration, change existing condition thresholds, and change the list of alert recipients. You can also newly set an Evaluation Period for the alert configuration.

For information about setting an Evaluation Period for alerts, see Setting an Evaluation Period for an Alert.

For information about alerting on Controller and CoPilot health status, see Global Control Plane Health Alert.

In the new Alert UI, the comparators for metrics' thresholds were standardized to be either "more than (>)" or "less than (<)". For more information, see Metric Threshold Comparators.

Webhook Format New Fields

3.7.1 offers a new Alert UI that provides the ability to configure multi-metric conditions for alerts. Existing webhooks were for single condition alerts.

The Webhook Format contains the following new fields:

  • alert.defId: The id of the alert that sends out the webhook

  • alert.metrics: An array of strings that contains all the metric(s) the alert has. i.e. ['CPU Used (%)', 'Memory Used (%)', 'Disk Free (%)']

  • alert.version: This field is always 'v2'. It’s used to distinguish from the previous webhook format.

  • alert.query: This field is a more detailed version of alert.metrics. For each metric, it also has its duration, comparator, threshold, and unit.

    For example:

    [
                  {
                    duration: 15,
                    comparator: 'more than',
                    metric: 'cpu_used_per',
                    threshold: 90,
                    unit: 'Percent'
                  },
                  {
                    duration: 15,
                    comparator: 'more than',
                    metric: 'memory_used_per',
                    threshold: 90,
                    unit: 'Percent'
                  },
                  {
                    duration: 15,
                    comparator: 'less than',
                    metric: 'hdisk_free_per',
                    threshold: 5,
                    unit: 'Percent'
                  }
                ] ​
  • event.condition: This is a human-readable string that explains when the alert would be triggered.

    For example:

    '(CPU Used (%) more than 90%) OR (Memory Used (%) more than 90%) OR (Disk Free (%) less than 5%) '

Pre-existing webhooks are migrated to contain the new format. Existing webhook high level objects remain the same.

The Webhook Format contains the following modifications on some old fields:

  • alert.metric: If the alert is a multi-metric alert, this field would be "Please refer to alert.query key".

  • event.exceededOrDropped: If the alert is a multi-metric alert, this field would be "Please refer to event.condition or alert.query key".

Any existing webhooks (for single condition alert) created prior to release 3.7.1 will have no changes to existing fields, and only new fields would be added. Newly added multi-metric alerts will have modifications to the two old fields as they are explained above.

New Features in 3.6.0

Release Date: 22 Feb 2023

For issues corrected in CoPilot 3.6.0, see Aviatrix CoPilot Software Release Notes.

Enhanced Features in 3.6.0

Page for Specialty (Regular) and Edge Gateways

CoPilot includes a page for launching specialty (regular) and edge gateways in CoPilot > Gateways. This page requires Controller version 7 and the enablement of the feature.

Page for Site2Cloud (S2C) and External Connections

CoPilot includes a page for establishing S2C and external connections. This page requires Controller version 7 and the enablement of the feature.

Date Picker for Data Migration

When migrating CoPilot data from one CoPilot instance to another, you can now select the time from which to migrate data indices.

Performance Page Improvements

The CoPilot > Monitor > Performance page is improved.

Improved SmartGroups Workflow

The workflow for creating SmartGroups is improved.

Support for Multiple Conditions in Alert Configurations

When defining alert configurations, specify multiple conditions for triggering alerts.

GUI Changes in 3.6.0

To reduce the number of clicks needed for accessing functional pages, the CoPilot navigation menu has the following changes:

  • Programmable Intent is now a section header rather than an expandable sidebar option.

  • A new top-level menu option Networking now contains these options:

    • Network Segmentation page

    • Anomaly Detection page

  • A new top-level menu option Security now contains these options:

    • Distributed Firewalling page

    • ThreatIQ page

    • Geoblocking page

Field Renamed

In the Gateways > Scaling configuration page and the Distributed Firewalling configuration page, the field Wait Time is renamed Evaluation Period.

New Features in 3.5.2

Release Date: 19 Jan 2023

(Note: The following releases were built for internal use only: 3.5.0, 3.5.1)

For issues corrected in CoPilot 3.5.2, see Aviatrix CoPilot Software Release Notes.

Scheduled Auto Scaling

You can now create a Scheduled Scaling policy to add gateway high availability (HA) instances (scale out) or remove HA instances (scale in) at configured time periods. Scheduled (time of day) scaling applies to horizontal scaling only.

Proxy Support for CoPilot (Private Mode Only)

If you are running in Private Mode, you can now configure HTTP or HTTPS proxy settings if you want to run CoPilot only on internal IPs, and use a proxy to pass updates back to those IPs. You configure the proxy server settings in CoPilot > Settings > Configuration.

Cloud Accounts Page

Onboard your cloud accounts in CoPilot by using the CoPilot > Cloud Resources > Cloud Accounts page. The Audit Settings options allow you to run regular background audits on the health of your cloud accounts and receive email notifications if issues are encountered.

Enhanced Features in 3.5.2

"Amount for Time Period" field in CostIQ Shared Service

Added a new field, "Amount for Time Period," to each Shared Service (CoPilot > Billing & Cost > CostIQ > Shared Services tab > select a Shared Service). You can enter the amount of your bill for the specified time period in this field to create a data visualization of the cost of this shared service for each resource defined in the cost center.

SAP Discovery Disable/Enable

On the CoPilot > Settings > Configuration > General tab, you can now disable/enable SAP Discovery. SAP Discovery facilitates the selection of SAP instances to use in your SmartGroups or in AppIQ report queries. If you do not use SAP in your infrastructure, you can disable the option.

Topology Map Updates

Enhancements were made for showing regular gateways in the topology map.

Zooming in on the topology map is improved for large networks.

Traffic & Latencies Page Updates

Enhancements were made to the CoPilot Home > Monitor > Traffic & Latencies page.

Organization of Task Server Settings

CoPilot administration task server settings are now organized under the CoPilot Home > Settings > Tasks tab. In the Overview tab, you can click on the name of a task server setting to change the frequency of the task. In the History tab, you can see historical information about how tasks ran in your environment.

Intelligent Cloud Analytics Dashboard

SAP SmartGroups and Traffic Flows were added to the Intelligent Cloud Analytics Dashboard.

General Performance Improvements

CoPilot 3.5.2 includes general performance improvements.

New Features in 3.4.1

Release Date: 12 Dec 2022

Gateway Overview Page

An overview page is added to AirSpace > Gateways.

Aviatrix Gateways Overview allows for a quick view into the status and health of your Aviatrix Airspace. Visualize the most and least utilized instances and quickly diagnose issues by seeing gateways with the highest packet drop rates.

Preview Features in 3.4.1

This section lists preview features in this release.

Intelligent Cloud Analytics for AppIQ

The Intelligent Cloud Analytics view in Monitor > AppIQ is a preview feature available in CoPilot 3.4.1.

The charts and visualizations of the Intelligent Cloud Analytics view help you pinpoint and troubleshoot possible application-to-application networking issues. You can create custom dashboards that give you the network visibility you need to diagnose issues in your business critical applications.

For information about AppIQ features, see Troubleshooting Application Connectivity Issues with AppIQ.

Topology Builder Preview

The Topology Builder is a preview feature available in CoPilot 3.4.1. The Topology Builder feature requires Controller 7.0 or later.

The Topology Builder enables you to build and deploy Aviatrix gateways whereby your design and build constructs are plotted visually on a topology map. The map dynamically updates to show your Aviatrix core network as you design it and as you build it out in the cloud provider environment. You can also convert your newly built topology into Terraform scripts.

Enhanced Features in 3.4.1

Updated Traffic & Latencies pages

The New Latency Monitor Experience view is added to Monitor > Traffic & Latencies.

The classic view and new view have the same feature capabilities. The New Latency Monitor Experience view allows you to select specific gateways to show their latencies on demand. For large environments, the new view reduces loading time when opening the Traffic & Latencies page. When the classic view is enabled, CoPilot will automatically attempt to load the full traffic and latency details for all gateways in your infrastructure when the Traffic & Latencies page is opened.

For information about using the Traffic & Latencies page, see Monitoring Latencies.

General Performance Improvements

CoPilot 3.4.1 includes general performance improvements.

New Features in 3.3.1

Release Date: 21 Nov 2022

Ability to Deploy Gateways in New Gateways Page

A new Gateways functional area that enables you to create and deploy the following Aviatrix constructs onto your network environments:

  • Transit Gateways

  • Spoke Gateways

  • Edge Gateways

The Gateways table gives you a list view of all Aviatrix gateways deployed in your network environments.

The Scaling tab, enables you to set vertical scaling and horizontal scaling policies for scaling spoke gateways.

You must have Controller 7.0 or higher to use the feature.

Vertical Scaling of Aviatrix Spoke Gateways (Manual Scaling)

You can manually increase or decrease the virtual machine size (CPU and memory) of spoke gateways in your Aviatrix-managed network based on specific network and system metrics monitored for spoke gateways (manual vertical scaling). You can also manually add or remove spoke gateways (spoke virtual machine instances) to/from your Aviatrix-managed network based on specific network and system metrics monitored for spoke gateways (manual horizontal scaling).

For more information, see the discussion about creating scaling policies in Performance Improvement with Gateway Scaling.

You must have Controller 7.0 or higher to use the feature.

Preview Features in 3.3.1

This section lists preview features in this release.

Horizontal Scaling of Aviatrix Spoke Gateways (Automatic Scaling)

You can set policies to automatically add or remove spoke gateways (spoke virtual machine instances) to/from your Aviatrix-managed network based on specific network and system metrics monitored for spoke gateways (automatic horizontal scaling).

For more information, see the discussion about creating scaling policies in Performance Improvement with Gateway Scaling.

You must have Controller 7.0 or higher to use the feature.

Intra VPC/VNet Distributed Firewalling (Security Group Orchestration)

Intra VPC/VNet Distributed Firewalling, also referred to as virtual network micro-segmentation, is a preview feature available in 3.3.1.

For information about using the feature including the required Controller version, see the discussion about intra-VPC/VNet distributed firewalling in Virtual Network Micro-Segmentation.

Enhanced Features in 3.3.1

High Availability Gateway Instances

The Aviatrix Gateway High Availability feature has been enhanced to enable you to deploy multiple high availability (HA) gateway instances for Spoke Gateway. Deploying multiple HA gateways serves to minimize and reduce network downtime and improve network stability and performance to mitigate packet loss.

For information about gateways and high availability, see Transit and Spoke High Availability.

GUI Changes in 3.3.1

This section lists GUI changes made in the 3.3.1 release. For information about fixed and known issues, see Aviatrix CoPilot Software Release Notes.

The following top-level menu options are renamed or new:

  • Networking is renamed AirSpace.

  • Secured Networking is renamed Programmable Intent.

  • SmartGroups is a new page for creating reusable constructs for policy enforcement.

The following pages are renamed:

  • Micro-Segmentation is renamed Distributed Firewalling.

The following pages have been moved:

  • Network Segmentation is a tab under Home > Programmable Intent > Security.

  • Distributed Firewalling is a tab under Home > Programmable Intent > Security.

  • ThreatIQ is a tab under Home > Programmable Intent > Security.

  • Anomaly Detection is a tab under Home > Programmable Intent > Security.

  • GeoBlocking is a tab under Home > Programmable Intent > Security.

Deprecated Names for Features and Constructs

Micro-segmentation is renamed Distributed Firewalling. Micro-segmentation is one facet of the broader Distributed Firewalling feature.

The term App Domain is deprecated and renamed SmartGroup.

The term ThreatGuard is deprecated; its associated functionality of blocking threat-IP traffic is still a facet of the broader ThreatIQ feature.

New Features in 3.1.3

Release Date: 21 Oct 2022

Support for SAP Services in AppIQ

You can now run an AppIQ report for SAP instances using CoPilot in CoPilot Home > Troubleshoot > AppIQ.

This report can help SAP Basis engineers diagnose or rule out issues with SAP applications running in their networks.

sap-appiq-tip
sap-appiq
sap-discovered

Enhanced Features in 3.1.3

FlowIQ includes performance improvements.

New Features in 3.0.5

Release Date: 13 Oct 2022

CoPilot now calculates and shows units in International Electrotechnical Commission (IEC) binary-prefix notation (pages that used to show units as MB, GB, TB, and PB now show them as MiB, GiB, TiB, and PiB, respectively.

New Features in 3.0.2

Release Date: 07 Oct 2022

(Note: The following releases were built for internal use only: 2.6.0, 2.7.0, 3.0.0, 3.0.1)

Feature Enhancements in CoPilot release 3.0.2

  • Improved UI Experience with updated color scheme and layout for a streamlined, simplified, and consistent design. Consistent formats for tables and search/filter controls across user interface. Improved dark mode.

    tip_walk
  • New navigation menu and menu search offers improved organization of functional areas. Search on menu names or keywords related to pages and views you want to access.

    tip_walk_1
    tip_walk_2
    tip_walk_3
  • UI Walkthrough upon initial login provides tips for what’s new.

    tip_walk_4
  • CostIQ Shared Services offers visibility into shared services used by cost centers for billback purposes. Shows which teams are creating the most traffic to your shared services. CostIQ is available as a public preview feature in CoPilot Release 3.0.0. See Public Preview Features. CostIQ requires Controller release 6.7 or later. For information about enabling and using the CostIQ feature, Working with CostIQ. CoPilot Home > Billing & Cost > CostIQ.

    cost-overview
    cost-centers
    cost-shared-services
  • Aviatrix Billing Page offers visibility into costs of your Aviatrix Controller and gateways. You can review your account’s Total Cost and review costs by CSP (Cloud Service Provider), region, group of Cloud Accounts, and individual Cloud Account. For information about the Aviatrix Billing page, see Working with Aviatrix Billing. CoPilot Home > Billing & Cost > Aviatrix Billing.

  • New Topology Experience with improved topology map that displays large network topologies. Streamlined and simplified map design. Use the toggle to switch to Topology Experience V1. Some functions have not migrated to V2 such as gateway diagnostics (note you can run gateway diagnostics from the Cloud Routes page also). CoPilot Home > Networking > Topology.

    topology_v2
    topology_map_v2
  • New FlowIQ Experience with updated UI design for Geolocation page, visualization of source and destination flows (Sankey chart), and other views. Updated FlowIQ overview page with more capabilities for viewing flow details. CoPilot Home > Monitor > FlowIQ.

  • Disk Utilization UI in Settings shows the number of days/weeks before the current data disk usage is expected to reach the free space threshold. Provides recommendations for what disk size would meet data retention needs based on existing disk usage. Set data retention policies for CoPilot data. CoPilot Home > Settings > Disk Utilization.

    disk_util_1
    disk_util_2
  • CoPilot licensing unified with Controller — A separate license for CoPilot is no longer required. The Aviatrix Controller license covers the use of CoPilot. The CoPilot licensing page now displays the Aviatrix Controller license details. CoPilot Home > Settings > Licensing.

  • Performance Improvements for Alerts (Notifications) and database lookup tasks that run behind the scenes.

  • CoPilot Feature Enablement SKU workflows for application administrators to enable and disable CoPilot features. CoPilot Home > Settings > Licensing.

  • Security updates