Illumio Core 21.5 Install, Configure, Upgrade

New UI replaces classic UI to maximize user productivity and enable intuitive platform administration.

Policy templates: predefined policy definitions for some of the most popular security practices

New widgets in Ransomware Protection Dashboard.

Bulk import and export of workload labels.

Enhancements to visualization tools: Vulnerabilities tab, mapping members with no traffic, new group tabs.

New object type: Windows outbound process.

Traffic data for unpaired VENs.

Splunk TA and app version upgraded to 4.0.0, including support for MT4L, multiple PCEs, multiple organizations, and faster search.

New PCE user interface (UI) is default for all new and upgrading customers.

Quick links to workload detail pages from the Dashboard.

Display more related information by clicking in pie charts on the Dashboard.

Policy Check is aware of network type, which makes rule writing easier.

New lost agent warning event indicates when a VEN has been unpaired from the PCE for longer than the uninstall timeout, then returns.

New PCE user interface (UI) to maximize user productivity and enable intuitive platform administration.

Ransomware Protection information is provided for each workload, aggregated in the main Dashboard.

Ringfencing rules shrink the security perimeter from a subnet or VLAN to a single application.

Set the VEN type, server or endpoint, in the pairing profile.

Configurable VEN upgrade timeout.

Configurable second FQDN for southbound traffic from VEN to PCE.

Extended support for RHEL 5 on VENs.

Explore features are enhanced in several ways, including daily auto-generation of a Default Graph report.

Regular maintenance release that solved software and security issues to refine the software and improve its reliability and performance. See "Resolved Issue in 22.5.20" in the Illumio Core Release Notes 22.5.

Deployment of Core VENs on Kubernetes nodes is deprecated. Instead, use Illumio Core for Kubernetes.

VEN dashboard with broad, visualized information about VEN statistics.

VEN tampering protection: require a token with commands to avoid accidental or malicious actions.

Context menus in Illumination Plus.

See the amount of data transferred into and out of workloads and applications in a datacenter.

Mac OS support.

ML/AI-based scanner detection, so that discovered scanners can become workloads.

Usability enhancements in the VEN details page.

Illumio Core REST API enhancements.

Prevent the creation of spurious labels in the PCE.

REST API: SLB and Virtual Server API consistency and filtering.

Support for shared SNAT out of public clouds.

Support for non-domain joined interfaces for the Illumio Endpoint - Windows.

Replication and failover, with a PCE on "warm standby" for increased reliability.

Solved software and security issues to refine the software and improve its reliability and performance. See the Illumio Core Release Notes 22.2.10.

Policy exclusions in ruleset scopes and rules. Define security policy by excluding unwanted labels.

Scopeless rules. Choose whether or not to include scopes when creating new rulesets.

Simplified rule writing UI. Show advanced rule writing features only when you need them.

Label type (Role, Application, etc.) is indicated by an icon, and you can filter by type when entering label names.

Illumination shows whether traffic is blocked by full enforcement or an enforcement boundary.

Disable and enable enforcement boundaries.

Generate reports from Explorer traffic flow queries.

Rule writing available from Explorer

Enforcement Boundary information in Reports

Display of traffic blocked by Enforcement Boundaries in Explorer Reported view

Numerous Explorer usability enhancements

Numerous policy and workload incremental usability improvements

Single Pane of Glass (SPOG) enhancements

Certificate validation for SSO configuration

Signing for SAML requests

VEN compatibility report updates for IPv6 support

Performance enhancements: policy provisioning, container workloads, Kubelink service updates, and convergence times

VEN support on IBM Z systems running RHEL 7 and RHEL 8

Label-based Security setting for IP Forwarding

Rotate database passwords and other internal secrets

PCE Support Bundles: generate support reports in web console instead of command line.

Core services detector

Alerts displayed to tell whether the hardware provisioned for each node meets requirements.

Use FQDN instead of hostname to more easily distinguish messages from different hosts.

Enhanced security for keys and secrets.

8-region Supercluster.

Service Account management in the PCE web console

SSO support for service providers

Enhancements for the HAProxy TLS version limit

Service Accounts: Instead of being associated with a user, an API key can be associated with a service.

Parallel Coordinates: In Explorer, search results using the Parallel Coordinates format are improved.

Illumio Core Maintenance Release

Cloud available through the PCE web console

RHEL 8 supported for PCE

Enforcement Boundaries: Build deny-list type rules without rule conflict, and maintaining Zero Trust.

Global Explorer: Unified results for members from every region in a supercluster.

Asynchronous Explorer queries: No need to wait for query to return results. Results can be retrieved for up to 24 hours.

Label groups for RBAC: Use label groups to define user permissions.

Supercluster replication enhancements.

Supercluster rolling upgrade when upgrading to a hotfix or a maintenance release.

LDAP improvements to support better user lookup.

Enhanced security for PCE TLS configuration.

Reports (preview): generate executive summary and app group summary reports.

RHEL 8 supported for PCE (preview)

LDAP authentication: PCE supports LDAP authentication for users with OpenLDAP and Active Directory.

Label restrictions for Kubernetes namespaces: Illumio administrators have a way to control which labels can be assigned by the developers managing their Kubernetes environments.

PCE hardening: PCE now takes additional steps to ensure its own security.

VEN proxy support on Linux, AIX, and Solaris: Extends VEN proxy support from Windows systems to Linux, AIX, and Solaris devices.

Aggressive tampering protection for nftables: Provides support for nftables that runs on RedHat. Detection of external firewall configurations are called aggressive tampering and the VEN will log such errors. Now, the VEN can detect any configuration that is not explicitly configured on the VEN.

Selective enforcement: Set enforcement policy to protect only a subset of applications or processes on a workload.

Access restrictions: Restrict the usage of API keys and the PCE web interface by IP address and block API requests coming in from non-allowed IP addresses.

Multi-node traffic database: Scale traffic data by sharding it across multiple PCE data nodes to store more data and improve read and write performance.

Centralized, automated VEN upgrade.

RBAC for app owners: Delegate policy writing to downstream teams; read-only access; per-app read/write. Think of this as zero-trust views into Illumination.

Reject connections: Configure workloads to send reject messages if there is a policy violation.

Flow collection: Windows broadcast traffic can clog up the system. Configure the PCE to drop or aggregate it.

Health Metrics: Application metrics with configurable thresholds have been added to PCE health monitoring.

Workload clone alerts: Filter workloads by whether a clone has been detected.

Oracle Exadata support.

Containers now available in Supercluster member regions.

Containers are now supported with visibility and enforcement for Kubernetes and OpenShift.

UI: The App Group map is enhanced; in Explorer, the Connection State and draft view are improved.

Switch visibility and enforcement with Network Enforcement Node: Secure workloads that are attached to network switches.

Use Rule Search to search and analyze rules, so you can fine-tune them and optimize enforcement.

Internal PCE log file rotation: To increase the amount of log data, customize the rotation of PCE log files.

Export reports in JSON and CSV to share the information with anyone who doesn’t have access to the PCE.

Workload Manager: A new user role to manage workloads, pairing profiles, and API keys.

Internal syslog: You no longer need to manage the syslog and log rotation.

Policy revert: Return to previous version if a policy rollout is unsuccessful.

Session timeout can be set by organization owner to control timeout on user sessions.

Firewall coexistence between Illumio firewall and existing firewalls that use WFP or IPTables (requires upgrade to VEN 18.3.1)

Common Criteria certified.

Risk & Compliance capability.

Vulnerability Maps: tune your segmentation to reduce the exposure of unpatched workloads

Events storage: Improved use of capacity in the events database.

Download the software, check upgrade prerequisites, and do a few additional preparation steps.

Back up the PCE and stop it.

Install the software.

You might need to update the PCE’s runtime environment file, depending on your currently installed version.

Migrate the PCE database.

To migrate the PCE from one datacenter to another, refer to the Knowledge Base article Migrate the PCE from one Datacenter to Another.