This document covers:

  • New features or functionalities
  • Enhancements to existing features or functionalities
  • Open issues or known issues
  • Fixed issues

August 26, 2021

New Features
Volterra Node/Site Management
Enhanced Ability to Update HTTP Proxy After Registration

New CLI command configure-http-proxy is introduced to update HTTP proxy and distribute the update to all K8s nodes at the same time instead of doing it one by one. The command sends the updated information to Volterra SaaS and reloads Volterra software with new HTTP Proxy parameters.

Note: This action is the same as software upgrade. Therefore, rolling update for all software components is expected.

SSL Renegotiation for Origin Pool

This features enables SSL renegotiation by default in case of origin pools.

Path URL Normalization

HTTP load balancer is enhanced to normalize the Path URL according to RFC 3986. Additionally, the slashed is merged when path URL normalization is enabled.

Path normalization is supported with an option to enable it for HTTP load balancer of type HTTPS proxy. In case of HTTP proxy, it is enabled by default.

Advertise Local Prometheus in Managed Kubernetes

This feature allows accessing Prometheus API on local K8s API endpoint on route/prometheus. You can integrate with this endpoint to receive node and kube-state-metrics monitoring.

Enhancement to Cluster Role and Role Binding Manifest

This release introduces support for adding the : character to the YAML format for the K8s cluster and cluster role binding manifests.

Changes to Default Behavior



The following caveats apply:

  • vK8s Role and Role Binding currently does not support user level K8s RBAC and is applicable only for vK8s workloads. vK8s Role and Role Binding are propagated to the K8s cluster and enforced at the K8s cluster only. Currently they are not enforced at the vK8s API server.

August 5, 2021

New Features
Volterra Node/Site Management
Support Licensing VMware Site with NVIDIA vGPU

This features enables unlocking full GPU performance for a VMware site with licensing support. You can enable this by adding VMware site to a fleet that has vGPU enabled in its advanced configuration section. Also ensure that you add license server address and license type.

Health Check Support for HTTPS-Enabled Origin Pool

This feature introduces support for health checks for origin pools enabled with HTTPS. The TLS configuration of the origin pool is used to make TLS connection with the upstream server for the periodic health check requests.

Monitoring for Site Networking

This release introduces Site Networking monitoring views. The dashboard view provides a summary view of site metrics dividied into sections and each section shows Top 10 Sites for that metric. The following metrics are presented:

  • Data Sent
  • Data Received
  • Tunnels by Latency
  • Tunnels by Drop Rate
  • Tunnels by Throughput

The dashboard also provides table view for data for the following:

  • Data when data plane reachability < 75%
  • Data when control plane status is down
  • Data when tunnel health < 70 score.

Note: The view also shows the tunnel alerts in the dashboard.

Support Custom storage class

This feature introduces new storage device and storage class type called Custom, which allows to insert K8s storageclass manifest. This gives ability to enforce own storageclass names or integrations with 3rd party storages.

Notification Preferences for Users

This features allows to set user notification preferences for the following notifications:

  • Access Requests
  • Product updates
  • System Maintenance

You can select a notification to receive or deselect to disable receiving notifications for it. The notification preference setting is available in the General -> Personal Management -> My Account page.

Changes to Default Behavior



vK8s Role and Role Binding currently does not support user level K8s RBAC and is applicable only for vK8s workloads. vK8s Role and Role Binding are propagated to the K8s cluster and enforced at the K8s cluster only. Currently they are not enforced at the vK8s API server.

July 15, 2021

New Features
Volterra Node/Site Management
Ability to Specify Total Worker Nodes Irrespective of Availability Zones

This feature adds support for specifying total number of work nodes, irrespective of the availability zones in case of Azure sites.

Addition of Alternate Region for Azure Sites

This feature introduces support to use the following alternate regions for the Azure VNET sites:

  • northcentralus
  • koreacentral
  • centralindia
  • southindia
  • australiacentral2
  • australiacentral
  • southafricanorth
  • norwayeast
  • swedencentral
  • switzerlandnorth
  • uaenorth
  • uaecentral
  • switzerlandwest
  • norwaywest
  • germanynorth
  • francesouth
  • canadaeast
  • koreasouth
VMware Site Deployment Enhancements

The default certified hardware for VMware site is changed to simplify user experience. The updated certified hardware is called as vmware-regular-nic-voltmesh. This contains by default 2 virtual interfaces eth0 (site local outside) and eth1 (regular interface). The eth1 is optional interface, and can be configured only from VoltConsole through the network interface object.

Storing All Request Logs

This feature enabled storing all request logs without any sampling on cold storage by default.

Handling of HTTP2 Coalescing

Client browsers may employ a performance optimisation known as connection coalescing. In case 2 virtual hosts with different domain names are hosted on the same IP address and present in the same TLS certificate, the HTTP/2 connection is reused between them when connection coalescing is used.

Volterra detects such case and returns 421(Misdirected request) error to the client browser. Client browser receiving a 421 (Misdirected Request) response may retry the request over a different connection.

Note: Handling of 421 error is browser-specific. Not all client browsers handle this error code.

Support NVIDIA Tesla T4 on VMware ESXi

This feature introduces support for NVIDIA Tesla T4 on VoltStack on VMware ESXi on certified commodity hardware. By enabling fleet vGPU option, Volterra site switches runtime to NVIDIA and can deploy vGPU workload applications.

Upgrade to k8s Version

This feature updated the Kubernetes main version support to 1.19.11. Volterra automatically upgrades all sites to this version via the software upgrade.

Credential Create API Expiration Field Update

The expiration option for create and renew API for my credentials and service credentials is changed from expiration_timestamp to expiration_days. In case you are using API to download the credential, ensure that you use the updated expiration field. See Credentials guide for more information on using the credentials.

Note: This effects only users of the API and not the VoltConsole users.

Changes to Default Behavior

Expiration field for create and renew APIs of my credentials and service credentials is changed from expiration timestamp to number of days. Use the updated field expiration_days for create and renew API requests.



June 24, 2021

New Features
Volterra Node/Site Management
Support upgrading to a specific version

This feature allows specifying a particular software or operating system version during a site upgrade.

Note: You must obtain the correct version information before setting it for site upgrade.

Deprecation of Virtual Host Object

The virtual host object creation is deprecated for most of the virtual host types except UDP and SMA proxy types.

Site Service Network Support

HTTP and TCP Load balancers can be configured to be advertised on vK8s network on Volterra ADN. However, for TCP Load balancers, there is a limitation that no two TCP Load balancers can be advertised on the same port. Also, the HTTP and TCP Load balancers can only be advertised on the site local outside or site local inside networks of a customer site.

The site service network allows multiple TCP Load balancers to be advertised on the same port on vK8s network on Volterra ADN. It also allows HTTP and TCP Load balancers to be advertised on vK8s network on customer site.

Implicit Role for Tenant owner

An implicit system assigned role ves-io-tenant-owner-role is added to all the tenant owners. All existing and new tenant owner users will be assigned with this role in the system namespace. This is internally assigned for tenant owners and cannot be assigned to normal users. A tenant admin can go to General -> IAM -> Users and click ... -> Upgrade to Tenant Owner for a user to get this role added implicitly to the user.

Support SSO-based Signup for Free and Individual Accounts

This features allows users to signup for Volterra Free or Individual plan using Single Sign-On (SSO). As part of the initial support, sign in via Google is enabled. Users can use their existing Gmail/Google account credentials to authenticate when they choose SSO.

Changes to Default Behavior



Routing to workload subnet in AWS site fails. The following is a workaround:

In case of AWS VPC Ingress-Egress Gateway and AWS TGW site, for the successful routing towards applications running in workload subnet, an inside static route to the workload subnet CIDR needs to be added on the respective site object.

June 3, 2021

New Features
Volterra Node/Site Management
Enable Site Local K8s API access for VoltStack Cluster Cloud Sites

This feature allows tenant to enable site local K8s API access for AWS, Azure, and GCP VoltStack cluster cloud view sites.

This provides same ability as VoltStack site to link K8s cluster on cloud site and access native K8s API server. See VoltStack Site for information on how to enable site local K8s API access for VoltStack site.

Ability to Disable Advertisement of Services on Public Internet

This feature introduces the ability to disable advertisement on the public internet by default. This prevents unintended data leak to the public. Users are required to open a support ticket to use this feature.

Control Communication across Namespaces Using Implicit Namespace Label

This feature introduces implicit labels for namespaces. These labels can be used by administrators in service policies and network policies to control communication between namespaces.

Note: All objects in a namespace get the implicit label. This label cannot be modified by the user.

Inside and Outside VIP Enhancements for Multi-node Cloud Sites

This release introduces support for using AWS and Azure loadbalancer IP addresses as the Site-Local Outside (SLO) or Site-Local Inside (SLI) VIP addresses to reach the applications advertised using Volterra load balancer on the multi-node sites.

In case of AWS sites, you are required to configure allowed VIP port configuration on multi-node AWS VPC site. This is to explicitly specify which ports are going to be used while configuring the Volterra loadbalancer. After this is configured, you can use the AWS loadbalancer IP address as the SLO/SLI VIP. Also, using AWS loadbalancer frontend IP as the VIP to external K8s or Consul cluster is supported. This is when a discovery object with VIP publishing configuration is enabled on the AWS site.

In case of Azure sites, you can use Azure loadbalancer IP as the SLO/SLI VIP to reach applications advertised using Volterra loadbalancer on Azure multi-node sites.

Changes to Default Behavior



The UI does not support the option to update inside/outside VIP port configuration for AWS VPC Site. However, you can perform the updates using either of the following ways:

  • Using terraform run custom API.
  • Using the following vesctl ciommand
vesctl request rpc terraform_parameters.CustomActionAPI.Run --http-method POST --uri /public/namespaces/system/terraform/aws_vpc_site/<site-name>/run  --json-data '{"namespace":"system","view_kind":"aws_vpc_site","view_name":"<site-name>","action":"APPLY"}'

May 13, 2021

New Features
Volterra Node/Site Management
Factory Reset Using Hardware Push Button on IGW

This feature adds support to do factory-reset on Volterra IGW 5000 series using the hardware reset button. Press the button continuously for 5 seconds to trigger factory-reset.

Nodes View for Managed K8s

This feature adds Nodes tab to the monitoring of volterra managed k8s cluster. This tab will give details about nodes in the cluster.

Managed K8s Monitoring Enhancements

This feature allows monitoring of volterra managed K8s cluster even when API access from VoltConsole is disallowed. This is done using metrics collected from the cluster and the monitoring dashboards appear different compared to when API access is allowed. The K8s monitoring is shown as Monitor K8s cluster when API access from voltconsole is allowed. It is shown as Monitor K8s cluster(with metrics) when API access from voltconsole is disallowed.

Global Kubeconfig for Managed K8s

This feature allows to download Kubeconfig for a Volterra managed K8s cluster from VoltConsole gateway. Log into VoltConsole, navigate to Sites -> Site List in the system namespace, and click ... -> Download Global Kubeconfig for your VoltStack site enabled with managed K8s.

Device ID on VoltConsole

Device ID is a real-time, high-precision device identifier that utilizes advanced signal collection and machine learning algorithms to assign a unique identifier to each device visiting your site. This feature introduces Device ID on VoltConsole and associated monitoring to view various dashboards of devices visiting your site. For more information, see Device ID.

Improvements in Subscription Plan Transition Workflow

This feature improves the transition between teams plan and organization plan by enhancing error handling. This is applicable while upgrading from teams to organization plan and vice versa.

Changes to Default Behavior




April 22, 2021

New Features
Volterra Direct Connect Enhancement

Volterra supports enabling direct connectivity to Volterra backbone network. This feature enhances the direct connect functionality by adding support to advertise and discover services. Advertising of services is supported using HTTP and TCP load balancers.

Active Alert Policies in Namespace

This feature simplifies configuration of active alert polices in a namespace. A new API on the namespace is added that takes a list of alert policies and makes them active in that namespace. Corresponding UI enhancement is also added.

Volterra Managed Certificate option for HTTP Connect & DRP proxy

Users can use the TLS interception feature for HTTP Connect & DRP proxy without managing custom certificates with this feature. To use this feature, users need to simply select the Volterra Managed Signing Certificate option in the downstream certificate configuration for TLS intercept configuration. After that they can use Download CA Certificate menu item for the HTTP Connect & DRP proxy to download and use it from the browser and non-browser clients.

Simplified BGP Object Configuration

Configuring BGP object is simplified by removing invalid field combinations. The updated configuration form also allows the user to select interfaces per-peer instead of specifying a single list of interfaces for all peers.

Volterra Node/Site Management
Install CE with Specific Software Version

This feature adds support for specifying a specific software version and a specific operating system version when bringing up a Volterra Customer Edge (CE) site. For view based sites, the versions can be specified when creating the site or during registration approval. For other site types, the versions can be specified during registration approval.

Changes to Default Behavior




April 01, 2021

New Features
FQDN Support in Tunnel Configuration

This feature introduces using Fully Qualified Domain Name (FQDN) in case of establishing IPsec/SSL VPN connection to Volterra Regional Edge sites. A site can be configured to use IPSec/SSL VPN with an option of going through a site proxy. This feature now allows server FQDN in site configuration in addition to IP address. This FQDN gets resolved to establish VPN connection.

In case of proxy configuration being used with OpenVPN tunnels, FQDN is sent in the HTTP Connect request to the configured proxy server. Proxy server is required to resolve the FQDN and relay the connection to the final destination server to establish OpenVPN tunnel.

Cluster Retraction

This feature allows configuring fallback in case of endpoints behind a cluster are not healthy and route points to multiple clusters as part of weighted cluster configuration. In such case, the traffic is distributed only among the remaining clusters that have one more healthy endpoints.

Load Balancing AWS Egress Traffic

This feature introduces load balancing of egress traffic to all the nodes in case of AWS Egress gateway site.

Site Status in vK8s Pods View

vK8s monitoring is enhanced to show the site status in the Pods view. Site status is shown in colored dots in the Node name column. Healthy sites are shown in green color, unhealthy sites are shown in red color, and if health information is not available, grey color is shown for those sites.

Note: If node status is down, then pod status should be considered as unavailable even if it shows as available or running.

Changes to Default Behavior




March 11, 2021

New Features
Volterra Node/Site Management
Monitoring GPU Status

Node monitoring is enhanced to display the GPU status in the node status dashboard view. GPU status shows information such as temperature, power, CPU utilization, throughput, etc. Find the GPU status by navigating to Sites -> Site List, click on your site to load its dashboard, select the Nodes tab, and click on the node for which you want to monitor GPU status.

Volterra Direct Connect

This feature allows tenants to have a direct connecting link to Volterra REs. This enables the CE to RE connectivity to be on the direct private link instead of being in public.

Allow VIP Usage for DNS Resolution

This feature allows VIP address to be used as DNS server to resolve domain names configured in the load balancers. DNS queries can be sent to the VIP addresses configured on CE. Volterra software on the CE runs DNS server on the VIP addresses and resolves queries for domain names configured in the load balancers. It will also forward other requests to external DNS servers.

Server Response Header Manipulation for HTTP Load Balancer

Support for manipulating server token in the HTTP load balancer response headers is introduced. User can now configure the response header to do the following:

  • Set a default value
  • Set a specific value
  • Append a server name if no server header is not present
  • Set to pass through if the server header is present
Malicious User Mitigation Enhancements

Malicious user detection and mitigation is enhanced in the HTTP load balancer monitoring. In the Security Monitoring view, the Malicious Users tab now allows admin to view and act upon malicious users identified by a user-identification object or the source IP address in case a user identification object is not defined. The following monitoring functionalities are added:

  • Malicious user security events
  • Activity timeline for the identified user
  • Activity that contributed to the current suspicion score
  • Time series variation for the suspicion score
  • Options to block or whitelist users

Volterra uses advanced machine learning techniques and analyzes information to identify the malicious users. Analysis is performed on information such as WAF security events, forbidden access events, failed login attempts, and anomalous behavior.

Changes to Default Behavior




February 18, 2021

New Features
Volterra Node/Site Management
Monitoring GPU Status

Node monitoring is enhanced to display the GPU status in the node status dashboard view. GPU status shows information such as temperature, power, CPU utilization, throughput, etc. Find the GPU status by navigating to Sites -> Site List, click on your site to load its dashboard, select the Nodes tab, and click on the node for which you want to monitor GPU status.

TGW Service Policy for East-West Traffic

The AWS Transit Gateway (TGW)site allows for attaching multiple VPCs and forwarding of traffic between VPCs. This feature introduced support for service policy on the VPC-to-VPC traffic or east-west traffic and can be set in the security configuration section of TGW configuration wizard. User can enable the east-west service policy in the Manage East-West Service Policy section and attach a service policy. The service policy can be created in system namespace in the Security -> Firewall -> Service Policies page. It can also be created and attached from within the TGW configuration wizard.

Note: User can also enable east-west service policy with allowing all traffic to be sent via proxy.

Policy Based Security Challenge

Support for enabling policy-based security challenges is introduced. User can now set policy based challenge in load balancer configuration and specify whether to always enable a challenge or disable it while also setting override rules for specific match conditions. Both javascript challenge and captcha challenge are supported. The matching parameters include IP, domain, path, peader, query parameters, etc. These are similar to the parameters in service policy rules.

Note: The security challenge can be enabled in the advanced configuration section of HTTP load balancer configuration. See Configure Javascript Challenge for more information.

Server Response Header Manipulation for HTTP Load Balancer

Support for manipulating server token in the HTTP load balancer response headers is introduced. User can now configure the response header to do the following:

  • Set a default value
  • Set a specific value
  • Append a server name if no server header is not present
  • Set to pass through if the server header is present
WAF Rule Exclusion for Security Events

Support to set WAF rules for exclusion in HTTP load balancer security events is introduced. User can now select security events and create an exception rule for them from the HTTP load balancer monitoring page in VoltConsole. Navigate to Virtual Hosts -> HTTP Load Balancers in your namespace and click on your load balancer. Select Security Events tab and click ... -> Create Exception Rule for the security event entries for which you want to enable the WAF rule exception.

Note: Creating exception rule for an event will open HTTP load balancer configuration form with the WAF excluded rule added to the security configuration section. Click Save and Exit to update the configuration.

IP/User Blocking Rules for HTTP Load Balancer

Support for whitelisting or blocking specific clients for HTTP load balancer is introduced. The load balancer configuration is added with client blacklisting rules and trusted client rules sections. User can set to block or whitelist specific clients based on the IP addresses or AS numbers.

Route Options for TCP Load Balancer

TCP load balancer is enhanced to set load balancing schemes for the traffic to the origin servers. The schemes supported are round-robin, least active, random, and hash of source IP.

BGP Peering in Multiple Networks

This feature introduces ability to do BGP peering on multiple networks on a customer edge site. Networks could be site local, site local inside, or per site networks.

Default Workload Flavor for vK8s

Support for setting default resource limits for vK8s containers is introduced using a default workload flavor object. User can now create a workload flavor object in the shared namespace at the Manage -> Workload Flavors page and attach it as a default limit in vK8s configuration. See Create Default Workload Flavor for more information.

Physical K8s Access for VoltStack Site

This feature gives ability to access customer edge (CE) K8s cluster through a kubeconfig file on the local network. Using this feature, user can deploy applications that can manage kubernetes workloads on the CE K8s cluster.

Changes to Default Behavior




January 21, 2021

New Features
Volterra Node/Site Management
VoltStack Site Support

This release introduces support for creating Data Center (DC) or physical hardware edge sites using the VoltStack site object from VoltConsole.

Stream Logs to External Service

Support for stream request logs to syslog service is introduced. User can now create a log receiver object and attach to the Volterra fleet of sites. Log receiver object can be created in VoltConsole in the Manage -> Site Management -> Log Receivers.

Note: The host IP of the external service must be reachable from the Volterra site.

AWS View Site Enhancements

The following enhancements are added to AWS VPC site and AWS TGW site:

  • Configuring workload subnets
  • Configuring worker nodes - Supported only for AWS VPC site
  • Site admin state field is added in the Manage -> Site Management -> AWS VPC Sites page and also in the JSON view for the AWS VPC site object.
AWS TGW Site Monitoring Enhancements

The Sites -> Connectivity page view for the AWS TGW site is enhanced with representing the site with transit gateway, tunnels, and attached VPCs. Also, the details view for the AWS TGW site is enhanced to show the information on tunnels to TGW. This information includes the data transfer, throughput, and BGP connection status.

USB Whitelisting with Volterra Fleet

Support for whitelisting USB devices from Fleet is introduced. Users can now create a USB policy to allow specific USB devives and apply the policy using Fleet.

Site Local UI Enhancement

Site local UI URL is enhanced to be more usable. User can now access site local UI using the https://volterra.local:65500 URL. For more information on using site local UI, see Site Local UI guide.

Active Policies in Application Namespace

Support for adding active network and service policies in the application namespace is introduced. User can add active policies in the Security -> vK8s Network Policy -> Active Network Policies and Security -> Service Policy -> Active Service Policies pages.

PVC Disk Usage

Volterra virtual K8s (vK8s) dashboard and PVCs view are enhanced to display the disk usage of PVCs.

Changes to Default Behavior



Deploying Volterra sites on the same broadcast domain/subnet with other Volterra sites/devices enabled with VRRP is not supported. This will be supported in a future update.

December 17, 2020

New Features
Volterra Node/Site Management
Volterra Operating System Update

The Volterra OS is updated with CentOS release 7-9.2009 and kernel release 4.18.0-193.28.1.ves1.el7.x86_64

Proxy Support for VMware CE Site

Support for configuring HTTP Proxy for VMware CE site is introduced. During the initial configuration using CLI, user can set HTTP proxy. For more information on VMware site installation, see Create VMware Site. Download the latest image from the VMware Site Images page.

Site Monitoring Enhancements
  • The tcpdump collection is improved for usability in the Tools tab of the site monitoring page. User can now start, fetch, and stop the tcpdump from single page for a selected target.
  • Traceroute utility is added to the Tools tab of the site monitoring page.

Note: Navigate to Sites -> Site List in the System namespace and click on any site to display its monitoring view. The dashboard tab is loaded by default.

Fast ACL Updates

The following updates are made to Fast ACLs:

  • Fast ACL set table list is removed from the VoltConsole
  • Fast ACLs for Internet VIPs object is introduced. The Fast ACL objects can be directly added to this.
DNS Management Enhancements for Load Balancers

In addition to the supporting the HTTPS load balancer, the Volterra DNS management is extended to TCP and HTTP load balancers. With this, users can now delegate domain to Volterra and use the domains in load balancer of type TCP and HTTP.

AppType Creation for Application Namespace

App Type object support is enhanced so that it can be created from within the App Settings object in the application namespace.

Service Discovery for Kubernetes Headless Service

Volterra service discovery is enhanced to discover and route to headless K8s services without depending on K8s DNS.

Note: This requires Layer 3 routing to be established between the CE site and the K8s pods.

vK8s Resource Enhancements

Volterra virtual K8s (vK8s) is enhanced to configure daemonsets, cronjobs, and service accounts.

vK8s Deployment Quota Increment

The deployments per vK8s is increased to 25.

Isolation for vK8s Services Across Namespaces

Support for restricting communication between vK8s services belonging to different namespaces is introduced. User can enable namespace isolation in the vK8s configuration and override this behavior for specific services by setting the annotation to false for that service.

Changes to Default Behavior
Cloud View Site Object Management Updates

The cloud sites created using the Manage -> Site Management page are updated to be edited and deleted only from the cloud site object menu and not from the Sites -> Site List menu. Navigate to Manage -> Site Management and click ... for your cloud site object to edit or delete the object and this in turn applies the operation on the sites.

November 25, 2020

New Features
Volterra Node/Site Management
Enhanced HA on SLI

Node mastership is now based on all configured VIPs across Site Local Outside (SLO) and Site Local Inside (SLI) interfaces.

Local UI Enhancements

Introduced status and tooling enhancements to the local UI dashboard of Volterra site.

Automatic API Schema Generation

Introduced per API endpoint Swagger API schema documentation generation. This can be found under App Namespace -> Mesh -> Service Mesh -> API Endpoints -> Endpoints Details -> Swagger.

Active Service Policies for HTTP Load Balancers

Introduced the ability to define active service policies for a specific HTTP Load Balancer. You can choose one of the following service policy options for the load balancer:

  • Set a default service policy
  • Apply active service policies
  • Disable the active service policy
IP Prefix & Prefix List Options for Forward Proxy Policy

Introduced ability to match destinations based on IP prefix and IP prefix lists under the custom rule list of the forward proxy policy.

BGP ASN and GeoIP Support for Forward Proxy Policy

Introduced ability to create a forward proxy policy matching on a specific BGP AS, ASN list, and GeoIP labels.

Forward Proxy Support for Global Networks

Introduced support for configuring forward proxy in the network connector when connecting Site Local Inside (SLI) to Global Network Type VNs.

Enhanced vK8s Workload Dashboard

Enhancements are added to the vK8s workload dashboard under App Namespace -> Applications -> Virtual K8s -> Workloads.

Container Registries

Introduced the ability for users to configure private registries for their vK8s workloads.

Flow Table Under Site Management

Introduced the ability for the user to view existing flows per node.

Sidebar Navigation Enhancements

Several enhancements are added to the UX of the sidebar in VoltConsole.

Beta Release of Public Terraform Provider

Introduced beta support for Volterra's public terraform provider. See Volterra Terraform Provider for more information.

Changes to Default Behavior
Change to Packaging and Management Providers

In case of a Volterra CE site behind a firewall that is performing URL filtering, ensure that you update it with the latest domains listed in the Network Cloud Reference page.

November 5, 2020

New Features
Volterra Node/Site Management
Upgrade Guided Sites (AWS VPC/TGW, Azure & GCP) directly from Site List

Introduced support for users to directly upgrade site deployments via Site Management for AWS/Azure/GCP/TGW sites and also from the Site List page for sites.

GCP and Azure support for VoltStack Cluster Deployment Option

Enhanced the Site Management page for Azure VNET & GCP VPC to support a 3rd deployment option called VoltStack Cluster (One Interface).

Site Health Calculation Enhancements

Enhanced health score calculation to take Site Admin state into account.

TLS interception support for HTTP Connect & DRP

Introduced support for TLS interception when configuring an HTTP Connect or DRP (Dynamic Reverse Proxy) virtual host.

Descriptions for Policy Rules

Introduced logging of the description field for the configured policy in the hit logs. The policies include service policy, forward proxy policy (simple and custom rule set), network policy, and secret policy.

AWS TGW - East - West Forward Proxy Support

When provisioning an AWS TGW Site, East-West traffic now supports forward proxy policies by default.

vK8s Workload & Jobs View Enhancements

Enhanced the vK8s workload & Pods table view to include deployment name, running pods, total pods, total sites, sites with error, sites without pods, virtual site, upgrade, and actions.

vK8s Virtual Site Descriptions

During vK8s virtual site selection, the selection table now shows descriptions for the virtual sites (system or user created).

Site Security Dashboard

Introduced the beta version of the site security dashboard. This view provides tenant and site level firewall events and logs. This is available at Sites -> Site Security.

API Endpoint Enhancements & Fixes

Enhanced UX and navigation of endpoint details in the API Endpoint page.

Notification Dashboard Enhancements

Enhanced Alerts and Audit Logs pages under Notifications section.

Revoking API Certificates and Kubeconfig

Support for revoking API certificates and Kubeconfigs is introduced. In case of API certificates and Kubeconfigs created prior to this release, you might receive the Client certificate is invalid or revoked response for API requests. In such case, create new certificates and download for use.

Volterra Hardware
ISV 8000 Series GA

The Industrial Server (ISV) 8000 is now Generally Available. The Volterra Industrial Server is a series of ruggedized edge computing devices providing hyper-converged compute, GPU, storage and networking. They are easy to deploy and operate systems capable of running learning, inference, containerized or legacy (VM) workloads—from manufacturing plants to retail stores and small branch offices. Volterra Industrial Servers combine the capabilities of hyper-converged infrastructure (HCI) with a GPU for machine learning and robust connectivity (4G LTE/GPS/Wi-Fi/Bluetooth) in a single ruggedized device designed to meet the rigorous demands of edge and industrial environments. You can learn more about the Volterra Industrial Server from the data sheet here and the User Manual here.

Changes to Default Behavior

The System -> Security -> Advanced page is deprecated.

October 14, 2020

New Features
Volterra Node/Site Management
Enhanced Remote Tooling (show service status)

The user can now query service specific status on a Per Node basis from VoltConsole. System -> Site -> Tools -> Show services status

Default Fleet

During CE setup the user can now configure a default type. This is helpful in scenarios where CEs required a basic working configuration on CE registration (i.e., Local breakout).


VoltConsole now supports the deployment of Volterra Sites and management of AWS TGW's. System -> Site Management -> AWS TGW Site.


VoltConsole now supports the deployment and management of Volterra Sites in GCP. System -> Site Management -> GCP VPC Site.

Site Wizard Improvements

The Site Wizard Page has been improved for better UX, readability and error/status reporting.

DDoS forensics and analysis

DDoS forensics and analysis for Load Balancers and Site (Forward Proxy) Enhanced ability to perform forensics and analysis of configured HTTP & TCP Load Balancers and per Site Forward Proxy.

Enhanced Alerting of DoS/DDoS

Using Time Series Analysis (TSA) of the Request Rate, Response Throughput, Latency and Error Rate anomalous enhanced DoS/DDoS alerting has been enabled.

HTTP/HTTPS on additional ports

This release has added additional HTTP & HTTPS ports to be advertised on Volterra's REs (Public Network). Supported HTTP ports are 80 8080 8880 2052 2082 2086 2095 25565. Supported HTTPS ports are 443 2053 2083 2087 2096 8443 25565.

Forward Proxy in Denied Rules Hit

Site Dashboard Denied Rules Tile now includes Forward Proxy. The site dashboard Denied Rules tile now includes Forward Proxy as an option, in addition to Service & Network Policy.

VoltStack DC Cluster

Guided Configuration for Volterra DC Cluster - This feature brings in vK8s application deployment workflow to ease deploying applications on Volterra platform. The interface given caters to the developers, provides application level interface and hides some of the underlying infrastructure related tasks.


Storage Device Support - This feature brings support for Dell EMC Isilon F800 & HPE Nimbus Storage AF40, this is configured in the Fleet object under Storage Configuration.

Simplified Workload Deployments on vk8s

Simplified Workload Deployments on vk8s - This feature brings in vk8s application deployment workflow to ease deploying applications on Volterra platform. The interface given caters to the developers, provides application level interface and hides some of the underlying infrastructure related tasks.

Volterra Hardware

NVIDIA GPU support on ISV 8000 Series - Updated the ISV Certified Hardware Profiles to download to support NVIDIA GPUs.

New User Type: Debug User

There is a new user type called "Debug User". This allowed the tenant admin to provide the Volterra Support team access to the tenant to enhance troubleshooting.

New Alert Receivers (SMS/Email)

Email and SMS are supported receivers under Alert Management.

Enhanced Connection Log Views

The connection log page has been enhanced to render the data in a more user friendly format.

Upcoming Changes to Default Behavior

In the planned November release, the System -> Security -> Advanced will be deprecated.


In case of node hardware, the USB device whitelisting is enabled by default. Connecting a new device after registration of the node does not work.

Note: You can see the USB devices by navigating to your site dashboard via Sites -> Site List path. Open the Nodes tab and click on a node to open its dashboard view. Click Hardware Information tab to see the USB devices list.

September 24, 2020

New Features
Volterra Node/Site Management
Per Node Tooling from Site Dashboard

The site dashboard in VoltConsole allows additional troubleshooting and status commands to be executed remotely.

Fleet Configuration Enhancements

Fleet Configuration and related objects (Network Interface, Virtual Networks, Network Connectors, Network Firewall, Network and Forward Policies) can be initially configured during Fleet creation. This is configured under System -> Site Management -> Fleets.

For information on fleet configuration, see Create Fleet.

Fast ACL Configuration Enhancements

Guided form is introduced to enable easier configuration of fast ACLs. See Fast ACLs for configuration instructions.

Hub Group Only Mesh

For smaller deployments, it is desired to configure site-to-site mesh groups without a hub & spoke model. This release introduces the ability to configure a mesh with a hub group only.

HTTP Connect & Dynamic Reverse Proxy Wizard

Guided forms are introduced to enable easier configuration of HTTP Connect & Dynamic Reverse Proxy under the <Namespace> -> Manage -> Load Balancer.

vK8s Dashboard

The vK8s dashboard is updated for a better UX experience and end-to-end view of pods deployments, statistics, and health.

Volterra Hardware
IGW 5000 Series

GA Support for Volterra's Industrial Gateway 5008 & 5508 series is introduced.

Site List & Connectivity Enhancements

Updates are made to the default System -> Sites -> Site List page to provide clear views of per site data. Connectivity topologies are now arranged based on site longitude/latitude and no longer based on alphabetical order.

App Traffic Enhancements in App Namespaces

Optimizations are delivered to the app traffic graphs views under <Namespace> -> Sites -> App Traffic.

General Tab Updates

Updates are introduced to the General tab and layout for simplified UX for Billing, Support, IAM, and Personal Management.

Tenant Settings

A new section called Tenant Settings is added. The tenant settings section provides an overview of tenant information such as tenant ID, domain and company name. System wide IAM credentials can be configured here.

Billing Enhancements

Updates are introduced to billing reports, usage details, and billing settings. These include options to request changes to existing plans and viewing existing tenant wide quotas.


Updates to the escalation processes are added to team and organizational plans.

Changes to Default Behavior

The default time interval for App Firewall Dashboard is changed to 12hrs from 5 minutes.

  • Performing reboot of active master node of a multi-node site from the VoltConsole requires you to wait till the reboot is completed before attempting the reboot of other nodes.

August 13, 2020

New Features Volterra Node/Site Management
Site Deployment Wizards In this release, we've introduced a simplified Site Deployment Wizard. Initial Cloud Providers include AWS and Azure.
Site Local UI and Volterra CLI Enhancements

Introduction of Site Local UI Dashboard at https://<volterranode-ip>:65500. Various debugging enhancements to Volterra Admin CLI are added.

Volterra CLI for Cloud Instances Cloud instances for Volterra Node now support the Volterra CLI for enhancement debugging. Users can access it using the ssh key used when used in the deployment of the Cloud instance.
Enhanced Site Monitoring This feature enhanced existing site monitoring pages in the Site Dashboard. Enhancements included per node health, metrics (CPU/Memory), DHCP Server (Client Leases, Hostnames, IPs, etc.), Per Interface metrics, etc.
Multi-Node Master Node Replacement Support

Support for replacing a master node in a multi-node cluster configuration. Details can be found here.

VoltMesh - Virtual Hosts - Load Balancers

Default Pages Error Pages for JS Challenge, Captcha and Errors Added default pages for all VIPs configured using an HTTP Load Balancer or advanced Virtual Host configurations.

VoltMesh - Delegated Domains

Delegated Domain - Enhancements We now support native integration with LetsEncrypt for those customers who don't want to BYOC and want a secure app experience, this is available as part of the Virtual Host -> HTTP Load Balancer configuration. Provided enhancements in the Domains Verification setup and post-verification displays.
Delegated Domain - DNSSEC

We now support DNSSEC for Delegated Domains. More information here.

VoltStack - vK8s

vK8s Auditability This enables the ability to get audit logs for Create/Update operations on k8s objects (for e.g deployment, service, etc.) in vk8s.


UI/UX Enhancements VoltConsole sidebar and overall navigation has been augmented to enhance the UX and to simply NetOps, DevOps, Secops and Developer workflows.
2FA Authentication This feature allows the ability for customers to enable 2FA Authentication for freemium tenants and tenants who use Volterra for Authentication. This does not apply to tenants that use SSO Authentication.
Okta SSO support This release introduces tenant SSO support for Okta.

July 23, 2020

New Features
vK8s PVC Storage on Regional Edges

Volterra Regional Edge sites the Volterra ADN now support Persistent Volume Claims (PVC) for vK8s pods.

Ability to Select a List of Sites for vK8s Objects

This feature provides the ability to select a list of sites (using the ves-io/sites: site1,site2 annotation) for vK8s objects. This is an enhancement to the current ability to select a list of virtual sites(using the vsite1,vsite2 annotation). See vK8s Resource Management for more details.

Audit Logs for Operations on K8s Objects in vK8s This feature enables audit logs for the Create/Update operations on K8s objects (such as deployment, service, etc.) in vK8s.
Ability to Test Alert Notifications

This feature enables user to test alert notifications to an alert receiver. Once an alert receiver is created, a verify API on the alert receiver will generate a test alert to that receiver.

API User/Client Rate Limiting

This feature introduces the support for rate limiting the number of API requests per user over a time period. Rate limiting per user is based on the user identification configured on the rate limiter object. For more information, see Configure Rate Limiting.

Support TLS Fingerprinting in Service Policy Rules

This feature introduces the support for configuring a service policy rule to match TLS fingerprint and action. Actions are deny and rate-limit. For more information, see Configure TLS Fingerprinting.

Two Factor Authentication (2FA) VoltConsle Support

This feature introduces support for enabling 2FA for all plans for customers who use Volterra for authentication. This does not apply to tenants that use SSO for authentication.

API Tokens for Volterra APIs

This feature introduces support for API tokens to be used with Volterra APIs. This is in addition to the already supported API certificates. For more information, see Obtain Credentials.

Delegate Domains to Volterra

This feature introduces support for delegation of domains to Volterra for DNS management. When a domain is delegated to Volterra, all subsequent HTTP load balancer names created will result in the proper DNS RR records to be created. For more information, see Delegate Domains.

HTTPS Load Balancer Automatic SSL certificate Creation for Delegated Domains

This feature introduces support to enable automatic TLS certificate minting and verifying for a HTTPS load balancer provided a DNS domain is delegated to Volterra. For more information, see Create HTTP Load Balancer.

Support for GCP

This feature introduces support for site deployment in GCP using the Volterra Node GCP images.

CentOS Support for VMWare Images Volterra Node CentOS support is introduced on VMware ESXi hypervisors.

June 9, 2020

New Features
Verify Domain Ownership in the Bring Your Own Certificate (BYOC) Volterra will confirm domain ownership by verifying the domain in the virtual-host field matches that in the TLS certificates. If there is no match, the configuration is rejected.
Enable Wizard Forms for Alert Notifications This feature presents simplified configuration views for alert notifications.
Volterra Site on MiniKube, EKS, and AKS This feature introduces the ability to deploy a Volterra node on MiniKube, EKS, and AKS for site creation and use in VoltConsole tenant.
vK8s: K8s Pod Delete This feature introduces support for pod deletion in vK8s and is supported using kubectl.
Support API Token In addition to certificates, this introduces support for API tokens for 3rd party/external API to access VoltConsole services.
Caveats & Changes to Default Behavior

Network policies to implicitly deny traffic is now the system default behavior the moment network policy is configured. Prior to R1.2, the behavior was an implicit allow. In case you have an existing network policy set with no explicit rule to allow the ingress or egress traffic, the traffic will be dropped.