June#

June 1#

The cloud VPN connections service now supports current security protocols and cryptographic algorithms:
- in addition to IKEv1, we implemented IKEv2, the second version of the Internet Key Exchange protocol;
- AES-CTR, AES-GCM, AES-CCM, Camelia, and ChaCha20-Poly1305 now can be used for encryption along with AES;
- SHA-256, SHA-384 and SHA-512 can be used for hashing in addition to SHA-1;
- All Diffie-Hellman groups 14 through 21 are available, and 2 and 5 for compatibility with legacy hardware.
The list of supported algorithms depends on the selected IKE version and key negotiation phase.

You can now specify the duration of each negotiation phase. A new ReplayWindowsSize parameter has been added to limit replay window size. When specifying a connection in the tunnel mode, you can set both client and cloud-side subnets that are allowed to use the encrypted tunnel.

Cloud users can choose which tunnel options to use when specifying a VPN connection. They can be set through either API or web interface. To this end, the new options have been added to the custom library boto. Also, the VPN connection wizard now features new fields and an optional step called Tunnel parameters.
Users with admin grants for Users service can now make two-factor authentication mandatory for any company account.
If there are not enough resources to deploy a Kubernetes cluster, the cluster wizard will display a warning about exceeding the quota.

Extra connection and VPN tunnel parameters are described in the options VpnConnectionOptionsSpecification and VpnTunnelOptionsSpecification.

An error has been fixed, due to which the web interface of the management console cannot run in older browser versions, such as Firefox 78.0.0 and below.
The number of allocated IP addresses is now counted correctly.

The error code and description are displayed on the cluster page when creating a Kubernetes cluster If the error is due to insufficient resources.
An instance can only be created from a template that has an Available status.

The suspend function is no longer available and has been replaced with hibernation. The Suspend button has been removed from the cloud web interface.
In the VPC section, you can create a default VPC in addition to a new one if it has not already been specified for the project.

The CreateDefaultVpc method allows you to create a default VPC, with a default subnet in each availability zone.
The SuspendInstances method is no longer supported.

When creating a high-availability Kubernetes cluster, a check is performed to ensure subnets belong to different Availability Zones.

Instance types with newer generation processors are displayed first when you select an instance type during the creation of virtual machines, database and Kubernetes clusters.

In the instance wizard, the default virtualization type is hvm.
You can now change the virtualization type in the Information tab on the instance page if the instance is in the Stopped or Error state.
Now, the size of a table is adjusted automatically for all tables that previously lacked this feature.
When entering the SSH key in the SSH wizard, its format is checked.

The Kubernetes cluster can now be managed via the Elastic Kubernetes Service API (EKS API). EKS API methods enable you to create clusters with the desired number of nodes and a set of additional services: Ingress Controller, EBS Provider и Docker Registry; scale them, if necessary, and get information about the clusters you use. The complete list of methods is available here.

The gateway returns to the available state if you attempt to delete a customer gateway with an active VPN connection.
If an error occurs when you create a Kubernetes cluster, the already created resources are deleted.
Length restrictions are checked, and prefixes, names, and descriptions of the created resources are examined for ASCII characters when instances and volumes are exported, or templates are created from volumes and files in a bucket.