Cumulative Release Notes

How to read this document

Start reading this document down from the "What is new…” chapter of the next Sentinet version after your current Sentinet version. For example, if your current version is 5.3, read the document from What is new in version 6.0 chapter, because 6.0 is the next version after 5.3.

What is new in version 4.9

1. Extended support for OpenAPI Specification (aka Swagger).

   1. Handling of wild-card path parameters.
   2. Support for shared parameter definitions.
   3. Automatic creation of missing Uri parameters during import.
   4. Automatic removal of extra Uri parameters during import.
   5. Setting AllowEmptyValue to "true" by default.
   6. Handling of relative TokenUrl in the security definition.
   7. Ignoring empty tags at service and operation levels.
   8. Ignore empty content types at service and operation levels.
   9. Support for URI templates with parameterized tokens, for example /{filename}.json or /document_{number}.
   10. Improved management of boolean, numeric, and datetime enumeration type values when API parameter is defined as a string by enclosing values in single quotes.

2. Extended support for OAuth and OpenID Connect protocols via <webOAuthSecurity> configuration.

   1. Added tokenAuthorizationHeader parameter to support validation of the token validation request that require Authorization HTTP header.
   2. Added tokenParameters parameter to support any additional query or form parameters to be submitted with the token validation request.
   3. Added validation of the active claim value in the token validation response if active claim is present.
   4. Added support for token introspection protocol by changing default configuration values tokenParameterType=FormParameter and tokenParameterName=token.

3. Virtual services’ outbound endpoints can be configured with X.509 certificate identity via optional reference to a certificate installed in the Windows Certificate Store. Reference can be provided by certificate’s thumbprint. Previously the only option was to upload certificate’s PFX file.

4. Certificates generated by Sentinet are now generated using SHA256 algorithm that replaces industry deprecated SHA-1 algorithm.

5. Support for SSL/TLS protocol versions is extended with automatic and out-of-the box support for SSL v 3.0, TLS v1.2, TLS v1.1 and TLS v1.0.

6. Improvement for the Message Pipeline components

   1. Improvement to the XPath value extractor for Context Property component
   2. Context Property is extended with new Value Sources:
      1. HTTP Status Code
      2. Inbound Identity Claim
   3. Added new build-in Context Properties, Sentinet.InboundUserName and Sentinet.InboundPassword for possible use in the pipeline.
   4. XML to JSON transformation component is extended with optional configuration to remove the root of the XML element.
   5. Message transformation pipeline components are extended with configurable Source of transformation. New sources, HTTP Header and Context Property are added to the default Message Body source. Pipeline components that support message transformation Source are:
      1. Regular Expression
      2. String Replace
      3. Namespace Replace
      4. XDT Transformation
      5. XSL Transformation

7. Extended support for REST API Uri Templates where default value and supported values of the Query Parameters must contain Url Encoded special characters.

8. Monitoring Properties new feature. Sentinet 4.9 introduces a new feature and a new concept of Monitoring Properties. A new pipeline component is added, Monitoring Property that can add any custom data to the recorded monitoring data independently from the recorded messages body (independently from the existing Monitoring Profile). Custom data may come from a Context Property which means that literally any custom data associated with the request or response message, or a caller identity can be recorded against the transaction.

9. Search monitoring transactions feature has been extended with searches for transactions by Monitoring Properties and their recorded values.

   Combination of items 6 (e), 7 and 8 from this list creates new and unprecedented API Management capabilities to record any custom data associated with API calls, to query this data, and to build powerful analytics reports.

10. Access Rules and Pipeline Tracing new feature.

1. Virtual services can be enabled with the tracing of the Access Rules execution.
2. Virtual services can be enabled with tracing of the Pipeline execution.

11. Sentinet Node configuration is extended with advanced configuration property, Recycling Mode. New Node Recycling option allows handling instantaneous virtual service restarts when service configuration is changed from the Sentinet Administrative console.

12. Schema of the Sentinet Repository Database is updated to allow tables with large number of records (for example, MonitoringTransactions table) to store up to 9,223,372,036,854,775,807 (bigint) records compare to 2,147,483,647 (int) records before.

13. Purge Historical Data task of the Sentinet Agent service was changed to use minimum count of retained data in days. Previously minimum count was measured in months.

14. Sentinet installation now provides a stand-alone SQL script file that can be used to customize creation and management of the Sentinet Repository Database outside of the Sentinet Repository Configuration Wizard application.

15. CustomerSearch sample SOAP service application that is shipped with the Sentinet product is extended with the REST API version.

16. New Sentinet extensibility sample project, Nevatech.Vsb.Samples.CustomTask has been added to the samples solution that demonstrates how to add a custom Task to the Sentinet Agent Service.

Backward Compatibility

Sentinet is backward compatible with the older product versions with few exceptions listed below that affect upgrades from the versions older than 4.8.257.0.

1. Support for Microsoft SQL Server 2005 is removed.

2. Export packages generated by the product versions before 4.8 for REST APIs may not be compatible with the Sentinet 4.8 or higher versions. Export packages created with older version of Sentinet should be recreated after upgrading Sentinet to the newest version.

3. PurgeData Repository database stored procedure was changed (see item 11 above), which affects customers who use this stored procedure directly by their custom scripts.

4. Value Extractor XPath has been changed for the pipeline Context Property component. Previously, given the following XML document:

   <a>
    <b>
      c
    </b>
   <a>
   

   the XPath like "/*" would return:

   <b>
    c
   </b>
   

   and expression such as "/a/b/text()" would return nothing.

   Now the first expression returns the whole XML document:

   <a>
    <b>
      c
    </b>
   <a>
   

   and expression such as "/a/b/text()" returns "c".

Important

When upgrading from Sentinet version 4.8.257.0 or older, customers may have to wait for extended period of time for the database schema to be updated because of the changes listed as item 12 in the What is new in version 4.9 chapter above. The time required to update database schema dependents on how many monitoring records are stored in the current state of the Sentinet Repository Database.

Should you experience timeout errors while running Sentinet Repository Configuration Wizard you should increase the default database connection timeout, restart Sentinet Repository Configuration Wizard application and let it execute the upgrade again. To increase default 1 hour timeout change Nevatech.Vsb.Repository.Administration.exe.config configuration file as shown below:

…

<add key="CommandTimeout" value="3600"/> …

You can also manually execute C:\Program Files\Nevatech\Sentinet\SQL\ SentinetRepository.sql SQL script file from the Microsoft SQL Server Management Studio which does not have any timeouts.

What is new in version 4.10

1. Support for URL encoding was added to REST API Query Parameters’ names and their values.

2. Extended REST-to-SOAP mapping with XML encoding of the token values used in the SOAP message templates.

3. Additional Sentinet Node Advanced configuration options

   1. Node Recycling Mode implementation changed from recycling .NET Application Domain to recycling of the IIS Application Pool. This new implementation removes any possible delays in the virtual API actively processing responses, while the API configuration is being changed.
   2. Sentinet Node deployment now includes automatic installation and deployment of the new Windows service, Sentinet Agent Service (Sentinet Node) to support item (a) above.
   3. Sentinet Node can be configured to retrieve original client IP address from either first or last value of a custom HTTP header (e.g. X-Forwarded-For header), when header value contains a list of values.
   4. Extended Sentinet Node configuration with optional Autonomous Mode setting that instructs Sentinet Node to stop communication with the Repository Web Services Application. New optional configuration further improves the Sentinet Node upgrade process, when zero-downtime is required during the upgrade procedure.

4. Sentinet was upgraded to use the latest version of the Microsoft Azure Service Bus, Microsoft.ServiceBus assembly.

5. Database access improvements

6. XPath Value extractor implementation was changed to support multiple XML nodes selection, when the XPath expression returns a list of XML nodes.

7. REST-to-SOAP mapping capabilities extended with support for SOAP services with custom SOAP headers.

8. Generation of the test SOAP messages (for mockup virtual services) extended with support for SOAP services with custom SOAP headers.

9. Added new Pipeline message processing component, Set Relative Path. This new Pipeline component provides flexible capabilities to change a request’s URL path segments.

10. Pipeline Context Property component was extended with the capability to pre-test source and binding templates, when Value Extractor is set to URI Template. The same pre-testing capabilities are also available for the new Set Relative Path Pipeline component.

11. Sentinet command-line utilities extended with support to execute under the current Windows account identity, when Windows Integrated security is required.

12. Import and Export command-line utilities extended with the option to suppress a prompt for username and password.

13. Sentinet REST Management API extended with control of the custom JSON formats for date/time and additional JSON serialization properties.

14. Sentinet Administrative Console with Windows Integrated security extended with additional logic to resolve possible Windows User account or Windows Group membership ambiguities. The order of priority and the flow is: Windows User -> Windows Group membership -> Sentinet user with highest Access Rights -> Sentinet User with access to the root of the Repository.

What is new in version 5

1. Sentinet License Keys for existing Nevatech customers.

   Important

   Sentinet License Keys generation and validation have been changed. Existing Nevatech customers must request new customer license key(s) from support@nevatech.com before upgrading to version 5 from older Sentinet versions.

2. Sentinet Administrative Console has been entirely re-developed using the latest JavaScript/AngularJS/HTML5 technologies. Any modern browser is supported (latest version of Google Chrome is recommended for better User Experience and performance).

3. Added Set HTTP Method Pipeline component.

4. Added Cache Request Pipeline component.

5. Added Cache Response Pipeline component.

6. Added OAuth tracing for messages exchange monitoring.

7. Removed default limited quotas for request and response message sizes. Policies (bindings) configured with explicit quotas will continue to enforce explicit configurations.

8. Added support for Microsoft SQL Server 2017.

Note

To ease migration efforts from older versions to Sentinet 5, existing customers may still use the legacy Silverlight version of the Sentinet Administrative Console with their Sentinet 5 deployments. The legacy version of the Admin Console can be reached at the address:

https://[sentinetserver]/[sentinet]/sl.aspx

What is new in version 5.1

1. Sentinet License Keys for existing Nevatech customers.

   Important

   Sentinet License Keys generation and validation have been changed starting from version 5.0. Existing Nevatech customers must request new customer license key(s) from support@nevatech.com before upgrading to version 5.1 from Sentinet versions older than 5.0.

2. Sentinet 5.1 drops support for Windows 2008 (including R2) servers driven by the new capability to natively support Windows OS configurations with only TLS 1.2 version enabled on Sentinet machines.

3. Sentinet 5.1 now requires .NET Framework version 4.6 or later.

4. Sentinet 5.1 drops requirement for .NET Framework 3.5 to be installed side-by-side with .NET Framework 4.x.

5. Added new feature for Sentinet Nodes configuration, Node Instances Synchronization for advanced configurations with load-balancers.

6. Added Dependency diagrams for all API Repository entities including capability to create declarative dependencies and dependency Notes.

7. Extended many Sentinet User Interface elements with full-screen buttons to help quickly review content-intensive screens.

8. Extended navigation capabilities to review recorded API messages. Users can select any available recording point on the same exact diagram to review recorded message without the need to select inbound or outbound transaction segment.

9. Extended navigation capabilities to allow quick navigation (hover mouse for Go To popup button or right-click for popup context menu with Go To option) from diagraming elements to their respective Repository entities (for example find and select specific service version from the Messages Recording diagrams, Dependency diagrams or Virtual Service design diagrams).

10. Public .NET helper class MessageHelper (in the namespace and assembly Nevatech.Vsb.Repository) was extended with new public helper methods. Developers who create custom extensibility Pipeline Components can use these methods for easier access and modification of API messages in the pipeline component’s .NET programming model (for more details review this class description in the SentinetAPI.chm help file located in the installation’s Documentation folder).

11. Default external online version of the Swagger Viewer (http://petstore.swagger.io/) was replaced with the Sentinet’s own local copy of this open source tool with the customized Sentinet User Interface. Users can change it back to the online version by modifying Repository Web Services application web.config file as described in the User Guide.

12. Context Property pipeline component was replaced with Context Properties component to allow configuration of multiple Context Properties within a single User Interface pipeline component.

Note

To ease migration efforts from older versions to Sentinet 5.1, existing customers may still use the legacy Silverlight version of the Sentinet Administrative Console with their Sentinet 5.1 deployments. The legacy version of the Admin Console can be reached at the address:

https://[sentinetserver]/[sentinet]/sl.aspx

What is new in version 5.2

1. Sentinet License Keys for existing Nevatech customers.

   Important

   Sentinet License Keys generation and validation have been changed starting from version 5.0. Existing Nevatech customers must request new customer license key(s) from support@nevatech.com before upgrading to version 5.2 from Sentinet versions older than 5.0.

2. Sentinet 5.2 adds new capabilities to execute automated and silent product installations, configurations and updates (detailed documentation is provided in the Sentinet Installation Guide, Appendix A).

3. Added support for Windows Server Core deployments.

4. Repository Configuration Wizard application file is renamed to RepositoryConfiguration.exe. Its functionality is extended to run as a command-line tool for automated, scripted and silent deployments.

5. New command-line utility, NodeConfiguration.exe has been added to provide automated, scripted and silent deployments and configurations of the Sentinet Node(s).

6. Sample PowerShell scripts have been added for automated and silent installations, uninstallations, reinstallations and configurations of the product components.

7. Added new Value Extractor, JSON Pointer for the Context Property pipeline component. JSON Pointer syntax can be used for extracting a specific value from a JavaScript Object Notation (JSON) document and initializing a Context Property with the extracted value. JSON Pointer Value Extractor can be used against request and response messages’ body and other message parts (see JSON Pointer specification at https://tools.ietf.org/html/rfc6901)

8. XML templates generated by Sentinet for SOAP to REST transformations have been extended with new capability to use Context Properties in the templates.

9. User Interface and User Experience improvements such as:

   1. Configurable layout for service version SUMMARY screens. Users can choose to use vertical layout or horizontal layout.
   2. Automatic saving of the screen elements’ positions and sizes (for example, grid column sizes, sorting order, horizontal and vertical splitter positions, etc.)
   3. Added Go To Service Version buttons for service version lists and SLA scopes.
   4. Extended User Preferences with default settings for:
      1. Service SUMMARY screen layouts.
      2. Default filters for Repository tree items.
      3. Default filters for Dependency Diagram filters.

Note

To ease migration efforts from older versions to Sentinet 5.2, existing customers may still use the legacy Silverlight version of the Sentinet Administrative Console with their Sentinet 5.2 deployments. The legacy version of the Admin Console can be reached at the address:

https://[sentinetserver]/[sentinet]/sl.aspx

What is new in version 5.3

Sentinet 5.3 is a cumulative update of the User Interface improvements and fixes with the focus on UI performance improvements since version 5.2 release. Sentinet 5.3 implements internal upgrade from AngularJS 4.0 framework to the latest AngularJS 7.0. Minor improvements include:

• Added Sentinet.TransactionId built-in Context Property

• Pipeline: added Context Property as a Value Source for extraction into some other Context Property.

What is new in version 6.0

Sentinet Administrative Console and Sentinet Nodes were extended to support new Developer Portal concepts, including API Products, Subscriptions, and API Keys’ management.

A new Developer Portal Web application is now offered as a fully customizable and branded Content Management System (CMS).

Important

Sentinet License Keys generation and validation have been changed. Existing Nevatech customers must request new customer license key(s) from support@nevatech.com before upgrading to version 6 from older Sentinet versions.

Other improvements include:

• Added Sentinet.ProductKey built-in Context Property that contains the Key value of an API Product that a particular message transaction is associated with.

• Added Sentinet.AuthorizationRuleName Context Property that contains the name of a Sentinet Access Rule that permitted access to a virtual service via its Access Control assignment.

• Access Rules Designer: added Context Property as an Access Rule Expression.

• Access Rules Designer: added JSON Pointer as an Access Rule Expression.

• Pipeline: added JSON Pointer Value Extractor for Context Property pipeline component.

• Pipeline: added GUID as Value Source for Context Property pipeline component.

• Pipeline: added JSON Pointer for If Condition pipeline component.

• Pipeline: added Liquid Transformation pipeline component.

• SOAP to REST transformation: added Context Property in the usage of SOAP-to-REST transformation templates.

• Sentinet Management API: added JSON POST version to the LogOn API method.

• Repository Search: added capability to search API Repository entities by Description Tags.

What is new in version 6.1

1. Extended support for services’ and APIs’ versions.

   • New optional field, Version is added to all REST and SOAP services registered in the Sentinet API Repository.

     Sentinet continues supporting API versions with backward compatibility for all its previous versions. When new field, Version is populated - it is shown in the Repository tree.

     

   • User Preferences were extended with new tokens to support new Version field. New tokens added are:

     • {VersionOrNumber} – this token will now be used by default for all new Sentinet installations and upgraded Sentinet installations with the User Preference set to Version {VersionOrNumber}. Repository services tree will show service/API version entered in API’s Version field if that field is populated, otherwise it will use internal Sentinet sequential number to represent API version (as it was used in the previous Sentinet versions).
     • {VersionOrName} - Repository services tree will show service/API version entered in API’s Version field if that field is populated, otherwise it will use service version’s friendly name.

     

   • Developer Portal is extended with support for new Version field.

     Developer Portal will show API version populated from its Version field if it was specified in the Sentinet Administration Console, otherwise Developer Portal will use Sentinet internal version number as it was in Sentinet 6.0.

     

     Note

     Since Version field is introduced in Sentinet 6.1, Swagger::Version tag assigned to a service version as a Description Tag is now deprecated, and will be automatically converted in the value of the Version field during Sentinet upgrade process.

2. Added Deprecated field to service version operations’ properties. Deprecated flag causes operations to be displayed in gray color and the strikeout font in the Repository tree of the Sentinet Administrative Console and the Developer Portal. REST APIs will get this flag in the generated Swagger/OpenAPI documents according to Swagger/OpenAPI specification(s).

   

   

3. Added Clone Operation function to physical REST services’ operations.

   

4. Added new function to Reload service version metadata (Swagger/OpenAPI/WSDL). Metadata for any existing physical service version (REST or SOAP) can be updated by reloading its updated metadata document. This new feature requires a careful usage as it can cause undesirable results especially when physical service is already virtualized through an active virtual service. Most often, Reload feature is used when changes to existing physical service are not too “drastic” (for example, new operation is added or existing operation is removed).

   

5. Attachments are added to Access Rules and Service Agreements.

   Repository search has also been extended with advanced searches for Access Rules and Service Agreements by Keyword Tags and Description Tags.

   

   

   

6. Access Rule assignments in Access Control can be exported in the XML Report spreadsheet file.

   

7. REST operation’s Absolute Path can be copied in a clipboard with Copy to Clipboard button.

   

8. Added Full Screen button to Access Rule, Behavior and Policy screens.

   

9. Added new Pipeline components for messages processing.

   • HTTP Invoke component allows to make any external call from the pipeline to use its response for further message processing and/or modification. This component allows to create Pipeline workflows that previously were available only through Custom Pipeline component(s).

   • Set Absolute URL component allows to rewrite the entire URL of a forwarded Request (note that Query Parameter and Set Relative URL components are still available).

   Note

   The order of Pipeline components in the Pipeline Components Toolbox slightly changed.

10. Individual Pipelines for individual operations.

    Each operation of a virtual service can now have its own individual Pipeline that works in conjunction with the service’s global Pipeline.

    

11. The following description fields in the Sentinet Administrative Console can be populated with text entered in markdown language, in which case these fields will be shown in the Developer Portal formatted with proper HTML tags (for example: bold fonts, hyperlinks, etc.):

    • Service version Description
    • Virtual service version operation’s Description
    • Virtual endpoint Description
    • Swagger::Operation Description Tag of a virtual operation
    • API Product Description

    

12. Added default expiration for Subscriptions (Subscription Default Lifetime in days).

    For API Products that require Subscription, a Sentinet user can enter default lifetime for any new Subscription requested or created for Developer Portal users.

    

13. New Policy Designer.

    Sentinet Policies can now be configured using User Interface Policy Designer. Source view can still be used for advanced and custom policies with backward compatibility with previous versions of Sentinet.

    

14. Email Templates for Developer Portal Settings were extended with the Preview of configured HTML templates.

    

15. Deployment in Windows Docker Containers.

    Sentinet 6.1 support deployments in Windows Docker Containers. New set of Docker sample scripts is shipped with the product for such deployments.

16. Automated deployment scripts were updated to unify approach for stand-alone server/virtual machines and Docker container deployment processes.

    Note

    Scripts distributed with previous versions of Sentinet are still valid for automated deployments.

17. Sentinet 6.1 Administrative Console was recompiled with Angular version 8.3.21.

Backward Compatibility

Sentinet is backward compatible with the older product versions with the few exceptions listed below.

1. API Products created in Draft state cannot be promoted to Active or Obsolete state unless all virtual service versions that are part of this API Product are also in Active or Obsolete state.

2. When upgrading from an older version of Sentinet to version 6.1, sample shared OAuth policies may show errors when switching to shared REST AUTH TEMPLATE (Service). This is caused by the previously used incomplete sample base-63 encoded values configured with this template policy. Example of an error message received by navigating to this policy is shown below:

   

   Sentinet user can either ignore these errors and modify Source to provide valid base-64 sample values, or delete existing OAuth template policies and recreate them with valid sample base-64 values by running SQL script, C:\Program Files\Nevatech\Sentinet\SQL\SentinetRepository.sql against Repository database.

What is new in version 6.2

1. Sentinet Administrative Console screens and dialog boxes were enabled with Context-Sensitive Online Help System.

   

   Figure. Help buttons for integrated Online System on the Sentinet screens and dialog boxes.

   Online Help system is integrated into https://www.nevatech.com web site (default configuration), or it can be installed by Nevatech customers at any location of their choice.

2. New deployment options. Sentinet can now be deployed with three additional advanced deployment options that provide performance and maintenance benefits for the Sentinet Repository.

   • Use partitioned tables for all the tables that may contain a lot of monitoring data records.
   • Use separate (stand-alone) database for all tables that may contain a lot of monitoring data records (Monitoring database).
   • Use partitioned tables and a separate (stand-alone) database for all tables that may contain a lot of monitoring data.
   
   

   Sentinet Repository Configuration Wizard and Developer Portal Configuration Wizard were extended to support new deployment options. Command-line scripted execution of these configurations was also extended with support for new deployment options.

   

   Figure. New screens to configure optional partitioned tables and/or stand-alone Monitoring database.

3. A single SQL script file, SentinetRepository.sql was replaced with separate SQL files that must be executed sequentially to support all different deployment models.

4. Sentinet Repository Configuration Wizard and Developer Portal Configuration Wizard can be executed with no requirements for SQL Server sysadmin permissions. Automated deployment/upgrade script can also be executed without SQL Server sysadmin permissions.

5. Sentinet was extended with configurable Custom Users Roles, where a User Role is defined as a set of different permissions to access different parts of the Sentinet Administrative Console and the Sentinet Repository Management API.

   

   Figure. Add and manage Custom User Roles.

   

   Figure. Configuring a Custom User Role with fine-grained permissions.

6. Searching Repository for Users was extended to support built-in and Custom User Roles.

   

   Figure. Searching Repository for Users.

7. Email notification System was extended to support Custom User Roles.

   

   Figure. Configuring User Roles for Notification system.

8. Sentinet Monitoring capabilities were extended with configurable Monitoring Filters. Monitoring Filters can filter recorded messages’ content before messages are recorded in the Sentinet Repository. Sentinet 6.2 introduces built-in Masking Filter that allows to obscure (to mask) recorded data before it is stored in the Repository.

   

   Figure. Monitoring Control Filters.

   Monitoring Filter can replace any part(s) of the recorded message based on Regular Expressions, XPath and JSON Pointer expression.

9. Sentinet Developer Portal entities such as API Product, Subscription and Customer can be extended with Custom Fields. Custom Fields can be defined with types and different requirements on access from the Developer Portal.

   

   Figure. Custom Field added to Consumer entity.

10. Caching of Windows Groups membership for Sentinet User that are authenticated against local Active Directory group membership.

11. Sentinet extensibility samples were extended with OpenAPI .NET project which demonstrates how to use Sentinet RESTful Management API.

12. Added support for xsl:output options for XSL Transformation Pipeline component.

13. API Products which require API Keys were extended with requirements for API Keys generated in their Swagger/OpenAPI documents.

14. Added email notification and new email template for API Subscriptions that about to expire (API Keys are about to expire).

    

    Figure. API Key expiration email template.

15. API Developer Portal dashboards was extended with clickable (drill-down) doughnut charts.

    

    Figure. Drill-down to the list of expired API Subscriptions from the doughnut chart, By Expiration.

16. API Developer Portal was extended with configurable complexity of the Developer Portal user passwords.

Backward Compatibility

When using SQL Server custom Job(s) to purge Repository database from old data, custom Job(s) must be changed to use two new Stored Procedures (PurgeConfiguration and PurgeMonitoring) instead of old single PurgeData Stored Procedure.

What is new in version 6.3

1. Sentinet configuration was extended to support “one-click” virtualization feature through a new concept of Virtualization Profiles. A Virtualization Profile’s configuration combines information of selected Sentinet Node, its selected base address, selected security policy and selected Access Rule. Users can create any number of pre-configured Virtualization Profiles for REST APIs and SOAP services, and use them to quickly virtualize physical services with “one-click”.

   

   Figure. Example of virtualization profiles created for REST APIs and SOAP services.

   To quickly virtualize any physical service version, user can click VIRTUALIZE toolbar button (or right-click and select Virtualize pop-up menu option) and confirm creation of a fully functional virtual service with just one click on OK button.

   

   Figure. Confirming virtualization of a physical REST API through default REST – HTTPS virtualization profile.

2. Virtual services’ design was extended with inbound and outbound endpoint’s identities for OAuth credentials. Previously these identities (OAuth secrets) where configured inline and in clear text in the Policies’ XML. This is still possible and available, but explicit assignment of OAuth identities to the outbound endpoint(s) allows to hide OAuth secrets from being exposed in the UI, and decouples XML Policy configuration from the OAuth secrets usage.

   

   Figure. Add Identity dialog box extended with OAuth Client Credentials for outbound endpoint

3. Sentinet Repository was extended with new entity type, Identities. Identities are stored in Repository folders just like any other Repository entities, and they represent shared identities which can be configured with virtual or physical service endpoints. For example, a Username/Password identity can be registered with Sentinet Repository as a shared identity and configured with more than one outbound endpoint of many virtual services.

   

   Figure. Example of registered shared identities and different identity types which can be registered

   Shared identities provide more secure way for their usage, controlled visibility and modification. Any changes to Identities are audited just like any other Repository entities. Identities’ dependencies allow to track which services use them.

   

   Figure. Example of Identity Dependencies diagram.

4. Sentinet Repository was extended with new entity type, Access Rule Group. An Access Rule Group represents an ordered list of other Access Rules and/or other Access Rule Groups. Access Role Groups simplify management of complex access rule scenarios where common set of access rules must be applied along with specific Access Rules. Access Rule Groups can be applied to virtual services Access Control, and they can be a filter for Service Agreements.

   

   Figure. Example of an Access Rule Group that consists of two Access Rules and one Access Rule Group.

5. Sentinet Pipeline Designer was extended with the new Custom Code component. Custom Code component is very similar to a generic Custom pipeline component, except that its code is entered inline in component’s configuration, and does not require any up-front compilation and deployment of a custom assembly. Custom Code component is best suited for custom extensibility that requires reasonably little of custom C# code that can fit in a single C# method.

   

   Figure. Example of a Custom Code component that creates custom HTTP Header with custom Date/Time formatting, such as XDate: Tue, 30 Mar 2021 17:44:43 GMT

6. Context Property pipeline component was extended with JSON Path extractor that can extract JSON content based on JSONPath syntax.

   Note

   Existing JSON Pointer extractor’s representation in XML source was renamed from <EXTRACT-JSON> element to <EXTRACT-JSON-POINTER> element. This renaming does not cause backward compatibility issue unless customers want to use pipeline‘s XML source created with older naming convention with Sentinet 6.3 or higher version.

   

   Figure. JSON Path extractor for pipeline’s Context Property.

7. Sentinet Monitoring Masking Filter was extended with <JSON-PATH-REPLACE> element. In addition to existing content replacement elements, <JSON-PATH-REPLACE> allows to replace content based on JSONPath syntax.

   

   Figure. Example of <JSON-PATH-REPLACE> element in the Masking Filter.

   Note

   Existing <JSON-REPLACE> element used for JSON Pointer syntax by the previous Sentinet versions was renamed to <JSON-POINTER-REPLACE> element. Sentinet upgrade to newer version(s) will automatically rename elements appropriately causing no backward compatibility issue for existing upgraded configurations.

8. Extended Sentinet Monitoring Filters with <CUSTOM-FILTER> element to support custom filtering of the recorded messages. Sample Visual Studio .NET project, CustomMonitoringFilter was added to demonstrate two simple custom Monitoring Filters.

   

   Figure. Example of two Custom Filters injected before and after Masking Filter.

9. Extended processing of internal errors generated by Sentinet Nodes with the capability to add custom error handler. New sample project, CustomErrorHandler was added to distributed samples.

   

   Figure. Example of a custom error handler configured to process errors generated by Sentinet Nodes.

10. Extended Access Rules Designer and runtime Authorization Engine with validation based on JSON Path expression.

    

    Figure. JSON Path expression

11. Added new permissions to custom User Roles to view or modify Virtualization Profiles and shared Identities.

    

    Figure. New permissions added

12. Extended runtime to pass-through HTTP Response headers, which are explicitly defined in RESTful API responses.

13. Extended selection of shared Policies for the endpoints by filtering policies by their fitness to service shape (REST or SOAP) and transport protocol. Provided different icons for REST and SOAP policies.

    

    

    Figure. Different icons for REST and SOAP policies and pre-filtered policies that match service shape and endpoint transport.

14. Changed default behavior for outbound Basic Authentication policy to send Basic Authentication HTTP headers without waiting for the challenge from a physical service.

15. Extended Repository Search with searches for new entity types, shared Identities and Access Rule Groups.

16. Provided special marking icon for service operations that have their own individual Messages Pipeline configured at operation level.

    

    Figure. Operation marked to have its own individual Messages Pipeline.

17. OAuth tracing, Access Rules tracing and Pipeline tracing settings were moved from PROCESSING -> SETTINGS tab to MONITORING -> CONTROL -> TRACING tab.

    

    Figure. New location of the Tracing settings.

18. User Preferences were extended with First day of week is Monday checkbox. The checkbox allows to control first day of a week (Sunday or Monday) for Sentinet Administrative Console drop down calendars and Dashboard Reports that use This week as the selected time period.

    

    Figure. First day of week is Monday checkbox.

19. Node Instances Synchronization feature was extended with optional syncFileName configuration attribute to support optional custom file name for the synchronization file. For example:

    <configuration>
    …
     <nevatech.vsb.runtime>
    …
         <instanceSynchronization enabled="true" maxLockWaitTime="300" waitTimeBeforeUpdate="60"
           waitTimeAfterUpdate="60" syncFilePath="c:\SyncFolder" syncFileName=”Sentinet.sync”/>
    …
     </nevatech.vsb.runtime>
    </configuration>
    

20. Provided separate Power Shell script to execute minimal and optional installation prerequisites.

21. Extended Sentinet Developer Portal to support Single Sign-On during Developer Portal Sign Up and Log In through an external OpenID Connect or WS-Federation authentication provider such as Azure Active Directory (AAD), Active Directory Federation Services (ADFS), Okta, Google, etc. More than one external provider can be configured with the Sentinet Developer Portal, and integration with them can be customized.

    

    Figure. Example of the Sentinet Developer Portal Log In page with configured authentication via Azure Active Directory, Okta, Google and Microsoft ADFS provider.

Backward Compatibility

When inbound side of a virtual services is configured with OAuth security and Sentinet fails to validate received JWT token, Sentinet responds with HTTP 401 Unauthorized status code. Previous Sentinet versions returned HTTP 403 Forbidden status code. This change reflects more accurate recommendations of RFC specs.

What is new in version 6.4

1. Sentinet 6.4 requires .NET Framework version 4.8 Runtime to be installed on the computer(s) where Sentinet is running to take advantage of the latest Microsoft full .NET Framework version.

2. Extended support for automated Sentinet deployments in the Microsoft Azure platform by providing Azure ARM templates, supporting files and documentation. Sentinet can now be installed in any cloud and in the Microsoft Azure Platform specifically from a single command with all required components, and with auto-scalability and network security requirements.

3. Sentinet Virtualization Profiles feature, introduced in Sentinet 6.3, was further enhanced in Sentinet 6.4 to support additional configuration settings for “one-click virtualizations”. Each Virtualization Profile can be now configured with additional and optional Processing settings, Processing Pipeline and Monitoring settings, which include Monitoring Profile, Monitoring Tracing and Monitoring Filters.

   

   

   Virtual Services’ Name can be constructed using either a predefined Prefix, Suffix, or both. The default is still _vs Suffix.

   

4. Added new Pipeline Component, Cache Properties which allows to cache values of Context Properties and use them anywhere in the Processing Pipeline. Cache Property’s value is valid and available across multiple API calls until cache is expired. For example, you may make a custom external call from the Pipeline using HTTP Invoke component, and store something from its response in the Cache Property with the goal to use this response from the cache, and to avoid making external calls until Cache Property’s value expires.

   

5. Extended Context Property component’s configuration to specify Cache Property as a Value Source. This allows to use Context Properties with values assigned from the values of Cache Properties (see example above, where Context Property value assigned from the Cache Property value can be used to examine if external calls must be bypassed).

6. Extended Context Property component’s configuration to allow using other Context Properties’ values in the name of this Context Property.

   

7. Context Property component’s configuration was extended to support Encrypted String Value Extractor to allow hidden usage of secrets in the Pipeline’s User Interface.

   

8. Set HTTP Status Code and Stop pipeline components were extended to allow usage of a Context Property as the value of HTTP Status Code field.

   

9. Monitoring Filters are extended with Design view, where Monitoring Filters can be added/removed or modified interactively. Source view can still be used to configure Filters in raw XML format as in Sentinet version 6.3.

   

10. Importing Sentinet export packages using Sentinet Administrative Console was extended to support User Interactive resolution of unmatched Sentinet Node(s). Previously, if Sentinet export package contains references to Sentinet Nodes which are not found in the target environment (there is no actual Node with the same Node Key as in the export package), Sentinet users had to either modify export package before it is used for import, or change Node Key to “pre-synchronize” source and target environments. With Sentinet version 6.4 Import Repository dialog box will show any Nodes that are not found in the target environment and suggest to resolve (to match) them against available Nodes. This simple step helps to avoid any manual changes in export packages or reconfigurations of the Nodes.

    

11. Extended X.509 Certificates’ expiration notifications with additional certificates, which are not monitored by default. For example, users can add their own Nodes’ SSL certificates to the list of certificates monitored by Sentinet.

    

12. Added optional filtering of Access Rules based on the API element selected in the virtual service’s tree.

    

    Figure. All Access Rules without filtering.

    

    Figure. Access Rules applicable only to selected Multiply two integers selected API operation.

13. Added Sentinet.ApiKey built-in Context Property which contains API Key provided in the request message.

14. Added configurable number of days when Developer Portal Users start receiving API Key Expiration notification emails.

    

15. Added context specific prompt suggesting to use correct SQL syntax when searching transactions logs by the content of request and response messages, and Monitoring Properties’ values.

    

16. Sentinet configuration (including its Repository Configuration Wizard) was extended to support SQL server Remote Distributor.

    

    Note

    This feature was supported in some latest Sentinet 6.3 builds.

17. Sentinet configuration (including its Repository Configuration Wizard) was extended to support bypassing Setup of SQL server replication, and allowing to configure replication outside of the Sentinet configuration.

    

Backward Compatibility

1. API Consumer Identity field’s value under Monitoring LOGS DETAILS tab will not be shown unless Sentinet Users have View Recording and Properties permission in their User Role. Previously, Consumer Identity is shown if Sentinet Users have View Logs permission in their User Role.

   

2. During Automated Deployment and Configuration, if Node with the Node Key defined in Node’s .INI file (or XML configuration file) does not exist in the Repository, then the Node will be automatically created by the scripts. Previously, scripts were generating error in this case and Node with the Node Key unknown to the Repository is not created. This change helps to implement “fresh” on-premises and cloud automated Sentinet deployments in the environments where Sentinet is installed along with its new Repository (and Monitoring if applicable) database(s).

What is new in version 6.5

1. Previously, management of the SSL server certificates trusted by Sentinet Node(s), was available only through Windows Certificates Stores’ configuration of the Sentinet Node server. Sentinet 6.5 version allows to remotely add individual SSL certificates by extending the existing Trusted Names Issuers feature with the upload of SSL certificates, which will be trusted by Sentinet Node.

2. Sentinet’s certificates generation procedure was modified to ensure that issued certificates cannot expire after expiration of their authority Signing Certificate.

3. Not long before Sentinet 6.5 version was released, most typical browsers (ex. Chrome, Firefox, Microsoft Edge) were updated by their respective vendors to tighten browsers’ requirements for accepted SSL server certificates. As a result, Sentinet’s Repository Signing Certificate when used as SSL certificate, and SSL certificates issued by the Sentinet Administrative Console and Sentinet Configuration Wizards, may not work anymore in these updated browsers. Sentinet 6.5 has updated the process of generating certificates to adapt to these recent browsers’ changes.

   Important

   Customers who are using SSL certificates issued by Sentinet (for example issued for their non-production environments) may need to regenerate these SSL certificates using Sentinet 6.5, and replace existing SSL certificates with the new ones if they are used from the browser application(s).

   For example, SSL certificates used for the Repository Web Application, which is accessed by the browser-based Sentinet Administrative Console, may need to be replaced. At the same time, Sentinet Node’s SSL certificates may not have to be replaced if they are used by API Client application(s) other than browser applications.

4. Sentinet adds support for “Use Your Own Cache” feature, when a third-party or a custom caching product or technology can be used instead of the default, built-in Sentinet’s in-memory caching. Sentinet Nodes’ configuration is extended with the settings for a Cache Provider. Changing Sentinet Cache Provider affects the following Sentinet components:

   1. Access Rules’ Transaction Count component.
   2. Cache Request and Cache Response pipeline components.
   3. Generic Cache Properties pipeline component.

   A complete sample of configuring Sentinet Nodes with Redis distributed cache is provided with precompiled assemblies and the source code. Using distributed and persistent caching allows Sentinet Nodes to implement caching which can be shared by multiple load-balanced Nodes and survives Sentinet Nodes’ restarts.

5. Access Rules’ Transaction Count component was extended with optional Counter Name property to support a broader range of use cases for Rate Limiting scenarios. For distributed and persistent caches (like Redis) this property allows sharing cache between load-balanced Sentinet Nodes, surviving Node’s restarts, and using large values for Time Interval property.

   

6. The format of Time Interval property of the Transaction Count pipeline component, Min Cache Lifetime and Max Cache Lifetime of the OAuth Client Policy, were extended to support days for their values (see example of 30 days below).

   

7. Cache Properties pipeline component was modified to support explicit removal of cached values using component’s User Interface (previously this could be done only using components Source XML).

   

8. Cache Request pipeline component has been extended with Bypass Response Pipeline property (default behavior) to allow cached response to be processed by the Inbound-Response pipeline.

   

9. Stop pipeline component has been extended with two additional properties:

   1. Bypass Response Pipeline property to allow response to be processed by the Inbound-Response pipeline (default behavior), or to return response message configured by the Stop component directly to an API client bypassing Inbound-Response pipeline.
   2. Content Type property specifies Content-Type HTTP header for the response message’s body content if response body is configured in this Stop component.

   

10. Configuration of shared and private OAuth Client Credentials is extended with optional expiration to support OAuth servers that enforce such expirations (for example, OAuth Client Secrets issued for registered Azure AD Applications).

    

    

11. New Repository ALERTS tab was added to the Repository's CONFIGURATION tab.

    ALERTS tab manages configuration of the Certificate alerts previously available under CONFIGURATION->CERTIFICATES tab. ALERTS tab also adds support for new alerts configured for those OAuth Client Credentials that have expiration time (see item 10 above).

    

12. Sentinet User Roles were extended with additional permissions to View and Modify Alert Notifications configured as described in item 11 above.

    

13. Configuration of JSON Pointer’s and JSON Path’s Value Extractors of the Context Property components were extended with optional flag to automatically trim extracted JSON values from the double quote characters if they are present in extracted values. Previously, additional String Replace pipeline component was required for this purpose to add removal of a leading and trailing double quote.

    

14. Added configuration setting to the Developer Portal application that allows hiding public service endpoints of published APIs from anonymous (unauthenticated) Developer Portal users.

15. Added support for TLS 1.3 protocol for virtual services' outbound HTTPS connections that require TLS 1.3.

16. Added Version name property to the query input and result of the FindServiceVersions operation of the Sentinet Management API.

17. Added Repository object's unique identifier, Key to the Subtree class, which allows for optimized usage of the Sentinet Management API in certain scenarios.

18. Added GetLogOnToken operation to the Sentinet Management API. This operation can be used instead of existing LogOn operation by custom applications or scripts that use Sentinet Management API and do not have capability to automatically use HTTP Cookies (example: Microsoft Power BI Desktop application that uses Sentinet Management API for custom reporting).

19. Added Microsoft Power BI Desktop sample reports that demonstrate the usage of Sentinet Management API for building Power BI reports.

20. Added OpenAPI v3 (former Swagger) document which describes Sentinet Management API, to the Sentinet deployment. Sentinet Management API.json was added to the OpenAPI sample project.

21. Updated Repository Configuration Wizard application to keep Sentinet Windows Agent's process account unchanged when running Repository Configuration Wizard to reconfigure existing Sentinet Repository server deployment. Previously, process account was always changed to Local System with every run of the wizard.

22. Added sample PowerShell script which changes Sentinet Windows Agent's process account after Sentinet redeployment.

23. Fixed issue when request with HTTP HEAD method returns response with HTTP Header Content-Length set to 0 (zero).

What is new in version 6.6

1. Updated Sentinet Administrative Console application to run on Angular version 14.2.12.

2. Transaction Count access rule expression was extended to support Context Properties for the Counter Name field. When this component is used in a virtual service’s Pipeline, it allows implementation of the dynamic rate limiting per specific message content or based on some other condition. For example, the Pipeline below maintains individual rate limiting counters for different phone numbers found in the request message.

   

3. Added Export to Postman button for the recorded Request messages to generate and download Postman Collection file, which can be imported directly in the Postman desktop or online application.

   

4. Extended HTTP Invoke pipeline component to handle possible exceptions in the components execution (for example, when remote invocation address is invalid or unavailable). If Continue On Exception is checked, then execution of a pipeline will continue even if an exception happens during HTTP Invoke component’s execution.

   

5. Extended Dependencies Explorer tree view to show dependencies per individual service’s operation. For example, you may have a physical service, which is virtualized through multiple virtual services or multiple service versions. Each virtual service version virtualizes only a subset of operations from the physical service version. By looking at Operations dependencies of the physical service version you can find out which of its operations are used by which virtual service versions.

   

6. Extended Virtualization Profiles with support for multiple Default Inbound Endpoints. Default Inbound Endpoints can be created for the same Node, or for different Nodes. Default Inbound Endpoints can have different Policies assigned to them.

   

7. Extended monitoring and logging capabilities with MONITORING tab for Folder Repository tree elements (including Repository root) and Nodes Repository tree group element. These features allow to collect and visualize monitoring for all virtual services across entire Repository, for a particular Folder with all its subfolders, and for all Nodes under a particular Nodes group element.

   

8. Extended Service Version’s monitoring graphs with filtering by service version’s endpoints, which may be helpful when a service version has more than one endpoint.

   

9. Extended Service Version’s logs’ searching with filtering by service version’s endpoints, which may be helpful when a service version has more than one endpoint.

   

10. Added DASHBOARD tab with reports for the physical and virtual service containers. These reports show aggregate data across all versions of the service.

    

11. Added two new pipeline's built-in Context Properties, Sentinet.ProductName and Sentinet.ApplicationName, which carry the values of API Product name and API Subscription’s Application name associated with an API Key when it is available in the request message.

12. Increased default values of maxUrlLength="65536" and maxQueryStringLength=”32768” in the Node’s default web.config file.

13. Added new built-in Alert Data Tokens for Service Agreement (SLA) alert violation events:

    {Data.ViolationMetricId} - identifier of the metric that triggered the violation

    {Data.ViolationMetricType} - name of the metric that triggered the violation

    {Data.ViolationMetricValue} - metric value read when violation was detected

14. Identification of an SLA Violation for the metrics Error %, Fault %, Response Bytes %, Average Duration, Average Size was shifted (changed) to the end of the metric's time period. This change of the calculation logic offers better accuracy in interpreting users' intent to monitor violations that represents aggregate or relative values (as opposed to monitoring absolute values, such as for example Error Count, Total Count, etc.)

15. Added sample PowerShell script which changes Sentinet Windows Agent’s process account after Sentinet redeployment.

16. Fixed issue when request with HTTP HEAD method returns response with HTTP Header Content-Length set to 0 (zero).

17. Added static method GetOrSet for CacheProperty .NET class in the Sentinet Management API, to guarantee safe access to a shared cache in multi-threaded and multi-process scenarios.

18. Fixed an issue when XSL Transformation pipeline component was always expecting result in XML format in case component’s Source property was set to Message Body. Now this pipeline component can produce result in any format.