ECP 4.4.0 SAT Release Notes€¦ · possible to register this component to a different Component Directory with this certificate. • Java path has been removed from the JAR packages

ENTSO-E AISBL • Avenue de Cortenbergh 100 • 1000 Brussels • Belgium • Tel + 32 2 741 09 50 • Fax + 32 2 741 09 51 • [email protected] • www. entsoe.eu

ECP Release Notes This document is released by CGM ICT Delivery team and describe the product release specification notes.

Application Name: ECP

Software Version: 4.4.0.933

Release Date: 2019/06/19

Release Notes Date: 2019/06/14


2

Contents

1. Introduction ............................................................................................................................... 3 1.1 Document Scope ............................................................................................................................. 3 1.2 Document Structure ........................................................................................................................ 3 1.3 Change Summary: .......................................................................................................................... 3

2 Supported Configurations and Hardware Guidelines ............................................................... 4 2.1 Standalone Deployment .................................................................................................................. 4 2.2 High Availability Deployment ....................................................................................................... 4 2.3 Clustered High Availability Deployment ....................................................................................... 5

3 Installation and Upgrade Notes ................................................................................................ 6 3.1 Delivery Media ............................................................................................................................... 6 3.2 Installation Prerequisites ................................................................................................................. 6

3.2.1 Hardware Requirements ............................................................................................................. 6 3.2.2 Software Prerequisites ................................................................................................................ 7 3.2.3 Compatibility .............................................................................................................................. 8

3.3 New Installations ............................................................................................................................ 8 3.4 Upgrading an Existing Installation ................................................................................................. 8

4 What's New with This Release/ Patch .................................................................................... 10 5 Summary of Corrected Defects and Open Defects ................................................................ 13

5.1 Closed Defected ............................................................................................................................ 13 5.2 Open Defects ................................................................................................................................ 13

6 Non-Functional Change Control ............................................................................................. 13 7 Removed or Modified Functionality ........................................................................................ 14 8 ECP Documentation Summary ............................................................................................... 15


3

1. Introduction

1.1 Document Scope

This document provides release specific information for ECP 4.4.0.933, developed by UNICORN under the CGM Common Grid Model Program (CGM).

ECP 4.4.0 shall include new features, performance and security improvement.

This document shall be used by:

• Integrators and Supplier Support Engineer, responsible for installing and configuring the ECP product.

• End Users (TSOs, RSCs, ENTSO-e) who use the Application within the CGM Program

1.2 Document Structure

This document is structured in the following manner:

Ø Section 1 : Introduces this release of ECP.

Ø Section 2 : Lists supported configurations and hardware specifications.

Ø Section 3 : Installation and Upgrade Notes

Ø Section 4 : Overview of what’s new with this Release

Ø Section 5 : Summary of Resolved Defects and Open Defect

Ø Section 6 : Non-Functional Change Log Overview

Ø Section 7 : List of removed or modified Functionalities

Ø Section 8 : lists the documents that are included in this release.

1.3 Change Summary:

This is an updated document for EDX release notes which summarizes the differences between ECP 4.3.2.833 and ECP 4.4.0.933.

Note: Please Refer to the ECP Installation guide v 4.4.0 for more information about ECP installation Process


4

2 Supported Configurations and Hardware Guidelines

The ECP components can be installed using several modes. Before starting an installation, it is important to choose one of the following installation modes:

Ø Standalone deployment

Ø High availability (HA) deployment

Ø Clustered high availability deployment

2.1 Standalone Deployment

In standalone mode, no other services are required (such as a database, however it is still possible to configure the use of an external database). This is the simplest installation option. Please note that high availability is not possible in this mode.

2.2 High Availability Deployment

High availability deployment consists of a shared external database and two ECP component deployments. In this mode, when one ECP component goes down, the system will continue to function. Please note that for the HA deployment, two IPs in WAN are required in the following scenarios:

Ø ECP broker

Ø ECP endpoint with enabled direct communication

Figure 1 : HA deployment

Note: Hardware should be set up according to the hardware requirements listed in chapter 3.3.1 of this document with regard to the number of components in the desired configuration.


5

If you also want to have HA at the database level, it is possible to deploy MySQL to the cluster using Galera cluster or by using another solution that works for your database.

2.3 Clustered High Availability Deployment

Clustered high availability deployment is possible only for endpoints that are required to send and receive so many messages that two application servers do not have high enough performance to process them. Please note that in this mode it is not possible to use direct messaging. Clustered HA deployment consists of:

Ø N application servers, each with an ECP endpoint installed These endpoints cannot use embedded active ActiveMQ

Ø Two servers with ActiveMQ – replace the embedded ActiveMQ broker

Ø An external database (e.g. MySQL)

Figure 2 : Clustered HA deployment

Note: For more information, refer to the ECP Installation Guide v4.4.0, chapter 4 ECP General Information.


6

3 Installation and Upgrade Notes

This chapter specifies release-specific installation and upgrade procedures for ECP that supplements the information in the ECP Installation Guide v4.4.0.

3.1 Delivery Media

The ECP delivery media consists of three installation kits: ECP Endpoint (rpm for Linux OS and jar format for Windows OS), ECP Component Directory (rpm for Linux OS and jar format for Windows OS), ECP Broker (zip archive); and documentation.

• Endpoint installer location: Software download page on ENTSO-E Sharepoint

• Broker location: N/A (not published by ENTSO-E)

• Component Directory location: N/A (not published by ENTSO-E)

3.2 Installation Prerequisites

3.2.1 Hardware Requirements

For more details, see ECP 4 System Design v4.4.0 Appendix C, Hardware Requirements. 3.2.1.1 ECP Endpoint For the Endpoint which will at peak send a few thousands of messages per hour, we recommend the following configuration:

CPU 4 cores – each at least at 2Ghz

RAM 8 GB

HDD For ECP: 40 GB

For Message Archive: depends on the message traffic Table 1: Endpoint Hardware Requirements

3.2.1.2 ECP Broker For the Broker which will process messages from a number of Endpoints, we recommend the following configuration:


RAM 16 GB


7

HDD 100 GB

Table 2: Broker Hardware Requirements

3.2.1.3 ECP Component Directory For the Component Directory which will store information about registered components, we recommend the following configuration:


RAM 4 GB

HDD 10 GB

Table 3: Component Directory Hardware Requirements

3.2.2 Software Prerequisites

This section identifies the software prerequisites for ECP.

ECP Endpoint The following software components are required:

• Windows Server 2012 R2 with Java 8 Virtual Machine or Windows Server 2016 or RedHat/CentOS 7

• Java Runtime Environment 8 64-bit with Java Cryptography Extension (JCE)

• Linux rpm only: o ca-certificates – The Mozilla CA root certificate bundle is expected to be installed

o tzdata-java – This package contains timezone information for use by Java runtimes.

ECP Component Directory The following software components are required:



• Linux rpm only:

o ca-certificates – The Mozilla CA root certificate bundle is expected to be installed o tzdata-java – This package contains timezone information for use by Java runtimes.

ECP Broker The following software components are required:



8


• ActiveMQ 5.15.8 binary distribution

3.2.3 Compatibility

This section identifies compatibility with other software, databases or components:

• Java 8 (Both Oracle Java and Oracle OpenJDK are supported)

• ActiveMQ 5.15

• Tomcat 9.0.20

• MySQL 5.7

• Microsoft SQL Server 2016

• Oracle Database 12c Release 2

• PostgreSQL Database 9.6

• Windows server 2012

• RHEL7/CentOS7

• Google Chrome 1.3.33.5 (64-bit) or higher

• Firefox 58.0 or higher

• Safari 5.34.54.16 or higher

• Internet Explorer 11 or higher

• MS Edge 12 or higher

For more info, refer to ECP 4 System Design v4.4.0, Appendix A: Used Technologies.

3.3 New Installations

Compare to the previous version of ECP (4.3.2), the following changes apply to the installation of this version:

• When registering a component to the Component Directory, component’s certificate may be validated depending on the Component Directory’s configuration. Therefore, it may not be possible to register this component to a different Component Directory with this certificate.

• Java path has been removed from the JAR packages when installing the application as a service.

Installation of this ECP version is described in detail in ECP Installation Guide v4.4.0.

3.4 Upgrading an Existing Installation

Compare to the previous version of ECP (4.3.2), the following changes apply to the upgrade procedure to this version:

• When upgrading via an RPM package, current config files will be kept and new ones will be created with .rpmnew suffix (this prevents renaming .rpmsave to the actual version).


9

• Follow the Update configuration chapter (appropriate for your installation), to add new properties, if any.

• Note about new prerequisites for the Linux installation (ca-certificates and tzdata-java)

• Note about security improvements.

o If you want to keep anonymous access to the ECP Endpoint GUI or WS integration channel, you must add profiles in the ecp.properties that switch off the authentication.

o By default, disabled JMX interface and removed Hawtio monitoring console

Upgrade to this ECP version is described in detail in ECP Upgrade Guide v4.4.0.


10

4 What's New with This Release/ Patch

This chapter contains information about major changes between ECP 4.3.0.750 and ECP 4.4.0.933

Key Requested by Summary Priority Date ECPE-959 ENTSO-E

C. Montoisy Review installation and upgrade packages Installation and upgrade packages have been reviewed to allow easier manipulation, such as keeping the old configuration in the RPM packages or removing the Java path from the service in the JAR packages.

B 2019/03/21

ECPE-956 ENTSO-E C. Montoisy

Validate the owner of the configuration content pushed by a component A mechanism to validate the component pushing its configuration to its Component Directory has been added to ECP.

B 2019/03/21


User Management There is now a possibility to define user access roles with authentication on ECP Endpoint and EDX Toolbox.

B 2019/03/21


Implement Audit log, review Logging events, provide weel set default (categories, levels, …) An audit log has been added to the ECP and EDX GUI.

B 2019/03/21

ECPE-944 Statnett O.M. Stalheim

Multiple root CAs Added the possibility to have more root certificate authorities per one Component Directory. This should ensure successful synchronization with components registered to other Component Directories.

B 2019/03/19

ECPE-910 ENTSO-E E. Wolfs

Registration keystore limited for specific vCode Added the possibility to generate a unique registration keystore for each Endpoint code.

B 2019/02/18


Perform validation of registration certificate during registration Added a validation on Component Directory to check if the registration certificate of an Endpoint requesting a registration is issued by this Component Directory.

B 2019/02/18


Restrict access control to components API by certificate An authentication certificate is now used to check whether the component communicating with the Component Directory is registered to it or to any of the synchronized Component Directories.

B 2019/02/18


ECP4 - Message paths from various senders Added the possibility to configure a message path with the same message type for various senders and brokers.

B 2019/01/07


11

ECPE-867 Statnett M. Simonsen

ECP4 - ECP Endpoint behavior after rejection of registration The behavior of an endpoint has been improved to keep the user on the registration screen instead of the dashboard after rejection of registration request.

B 2018/12/12


ECP Endpoint – Archiving The logging of archiving functionality has been improved so that the log only contains one entry of an inaccessible path. The documentation on archiving has been changed to contain a relative path to the ECP installation directory as an example instead of the system root path.

B 2018/11/15


ECP CD Push Synchronization Component Directory now uses push mechanism to synchronize with other Component Directories, allowing the synchronization to be one-directional.

B 2018/11/13


ECP4/EDX MySQL JDBC driver change to MariaDB driver MySQL JDBC driver is now replaced by MariaDB Connector/J driver for licensing purposes.

B 2018/11/13


ECP4, EDX switch to OpenJDK ECP’s primary JAVA platform is now OpenJDK 8.

B 2018/11/13


ECP CD Content Filtering It is now possible to filter out (un)available components in the network on the side of ECP Endpoint to provide a more efficient way to create paths or exchange messages.

B 2018/11/13


ECP Central CD Synchronization Component Directory can now synchronize its content with central Component Directory which will have aggregated content of all Component Directories in the network.

B 2018/11/13

ECPE-769 ENTSO-E ECP4 - Automatic certificate renewal is not enabled by default Certificates are now renewed automatically by default.

B 2018/07/13

ECPE-694 ENTSO-E ECP Dashboard - reflect the status of synchronisation with ECP CD ECP Endpoint Dashboard now reflect the status of synchronisation with its Component Directory: Green – Synchronised Orange – Warning – a number of failed connection attempts Red – Error – synchronisation did not succeed and configuration expired

B 2018/04/11


Geographical Broker HA - primary/secondary for message path There can now be multiple brokers set up for a message path to allow high-availability.

B 2017/12/21


12

ECPE-625 Statnettt P. Tønnessen

Central management of endpoint configuration Added the possibility to set up message paths for Endpoints centrally via their parent Component Directory. Message paths that were set up in the Endpoints will still be preferred.

B 2017/12/20

Table 4: Improvements and Change Requests


13

5 Summary of Corrected Defects and Open Defects

5.1 Closed Defected

ECP 4.4.0.933 is a major patch release following the ECP 4.3.0.750 release and ECP 4.3.2.833 patch issued on April 08th, 2019. The following table summarizes the defects that have been resolved since version ECP 4.3.0.750.

Key Requested by Summary Priority Date


ECP4 - Component list shows wrong certificate expiration date Fixed the bug where the component list in the Component Directory showed expiration dates of already expired certificates.

B 2019/04/05


ECP4 - Compatibility module - configuration of timeout Fixed the bug where the compatibility job stopped downloading/uploading messages from/to ECP3 Node by adding a timeout to the web services.

B 2019/03/20

Table 5: Bugfixes

5.2 Open Defects Key / Origin Summary Priority Date

- - - -

Table 6: Known Bugs

6 Non-Functional Change Control

In order to meet the MVS Security Plan, the following table shows the Critical Cyber Assets and Non-functional Requirements that have changed in the ECP 4.4.0.933 release. Key Summary Priority Date ECPE-953 (ECP,EDX)

Security enhancements There is a number of security enhancements such as a password management system or updates of libraries and dependencies: Tomcat upgraded to 9.0.14 Spring Boot upgraded from 1.2.8 to 1.5.19

B 2018/11/13


14

Spring Framework upgraded from 4.1.9 to 4.3.22 Hibernate upgraded from 4.3.11 to 5.0.12 Apache Camel upgraded from 2.17.7 to 2.21.5 Apache ActiveMQ upgraded from 5.14.0 to 5.15.8 qpid-proton-j upgraded from 0.13.1 to 0.29 Netty upgraded from 4.1.6 to 4.1.22 Hawtio upgraded from 1.4.64 to 1.5.11 Jolokia upgraded from 1.2.3 to 1.5.0 liquibase upgraded from 3.4.2 to 3.5.5 Derby upgraded from 10.14.1.0 to 10.14.2.0 MS SQL client upgraded from 6.4.0.jre8 to 7.2.1.jre8 PostgreSQL client upgraded from 42.2.2 to 42.2.5 MariaDB client upgraded from 2.3.0 to 2.4.1 Angular upgraded from 1.5.7 to 1.7.8 JQuery upgraded from 2.2.3 to 3.3.1 The Spring Boot Actuator dependency has been removed. Authentication in JMX and monitoring interfaces can be enabled using Java system properties. Detailed error messages have been disabled.

Table 8: Non-Functional Changes

ECP external library dependencies were scanned for known vulnerabilities using the https://ossindex.sonatype.org. Report on known vulnerabilities is provided as part of the ECP Documentation in the ECP Dependencies Audit Report v 4.4.0.xlsx[9].

7 Removed or Modified Functionality

The following features have been retired in the ECP 4.4.0.933 version:

Key / Origin Summary Priority Date

- - - -

Table 9: Retired or Changed Functionalities


15

8 ECP Documentation Summary

The following table lists the system-level documents that are available with this release. [#] Document title PDF Document Updated

[1] ECP 4.4.0.933 Release Notes

[2] ECP Installation Guide v4.4.0

[3] ECP Administration Guide v4.4.0

[4] ECP Upgrade Guide v4.4.0

[5] ECP Public Interface v4.4.0

[6] ECP 4 High Level Concept v4.4.0

[7] ECP 4 Functional Specification v4.4.0

[8] ECP 4 System Design v4.4.0

[9] ECP4 Dependencies Audit Report v4.4.0

[10] ECP4 AuditLog v4.4.0

Documents

ECP 4.4.0 SAT Release Notes€¦ · possible to register this component to a different Component Directory with this certificate. • Java path has been removed from the JAR packages