What's New in 25.4
Here's a summary of the new and enhanced features in 25.4.
Support for safeguarding VENs from accidental unpairing
To prevent a VEN from being unpaired or deactivated, designate it as a golden image through the VEN Details page in the PCE.
This feature focuses on protecting golden image VENs from accidental unpairing or deactivation. In an Illumio context, a golden image is a standardized template for cloning multiple pre-configured workloads with a specific operating system, VEN version, labels, enforcement state, security patches, applications, settings, and/or hardware specifications.
After a golden image is cloned, it is typically inactive for extended periods and the associated VEN doesn't send heartbeats to the PCE. This inactivity may make the VEN seem unnecessary and lead some users to unpair or deactivate it mistakenly. This feature is designed to prevent that.
This feature provides these additional benefits:
Protects Golden Image-designated VENs (GIDVs) from accidental unpairing or deactivation. A GIDV must first be undesignated before it can be unpaired or deactivated.
Applies a unique icon to GIDVs so they're easily identifiable in the PCE.
Suppresses events that are generated when a GIDV is cloned. This prevents clogging up the PCE's event stream with events. However, an event is generated when a VEN is designated as a golden image.
Allows you to filter the VEN List page for GIDVs.
Setting up the Golden Image Flag
The golden_image flag is added to prevent accidental deletion of images that are kept offline and used for cloning. Administrators can create a flag that can be toggled in the PCE to indicate VENs as golden images.
Key features of the Golden Image flag include:
Toggleable Flag Creation: Administrators can create a toggleable flag in the PCE to mark VENs as golden images.
Filtering Option: Administrators can filter VENs based on whether they have been marked as golden images.
Visibility: You have clear visibility of golden image flags in the PCE interface.
CSV Export Capability: You can use CSV exports to determine whether the golden image flag is turned on for VENs.
To set up the Golden Image flag:
Go to Servers & Endpoints > Workloads > VENs
From the "Select properties to filter view" list, scroll down to the category "Golden Image". This flag can be set to True or False.
Figure 1. Golden Image for VENs
To see VENs that are golden images, set the flag to True.
If you select False, the VENs that are not golden images will be listed.
Support for removing inactive VENs
Some PCE Segmentation environments may have several inactive VENs that have stopped sending heartbeats to the PCE. This commonly occurs in organizations that deliver Illumio VEN-protected Virtual Desktop Infrastructure (VDI) to end-users who may only use the VDI for a short time. Eventually, the VDI is turned off, abandoned, or destroyed. This can also occur when an organization decommissions a server or when a user's VEN-protected laptop is retired. Although the PCE in these cases can't receive heartbeats from the installed VEN (assuming it still exists), a VEN object representing the actual VEN still resides in the PCE database, unnecessarily consuming VEN licenses and possibly leading to unnecessary costs to the customer.
The Inactive VEN Removal feature removes VEN objects from the PCE that match criteria you define in easily configurable rules.
See Remove Inactive VENs.
Support for more than eight labels for rule search
A new parameter has been provided for the runtime environment, as explained in New and Changed APIs in Release 25.4