2023.4.0
Release date: 25 April 2024
- Automation Hub
- Process Mining
- Test Manager
- Insights
Release date: 26 April 2023
We are happy to announce the General Availability of Disaster Recovery in Active/Passive configuration. Now you can configure Automation Suite in a way that can withstand the complete failure of nodes, entire data centers, or even regions.
Automation Suite deployments in Active/Passive mode support the following scenarios:
- Same-site deployment
- Cross-site deployment
- Same-region deployment
- Cross-region deployment
While you can deploy most Automation Suite products in Active/Passive mode, there are a few that do not support this topology:
|
Product |
Support for Active/Passive mode |
|---|---|
|
Action Center |
|
|
AI Center |
|
|
Apps |
|
|
Automation Ops |
|
|
Automation Suite Robots |
|
|
Computer Vision |
|
|
Data Service |
|
|
Document Understanding |
|
|
Orchestrator |
|
|
Test Manager |
|
|
Automation Hub |
|
|
Insights |
|
|
Process Mining |
|
|
Task Mining |
|
For details, see Disaster Recovery – Active/Passive and Quick links.
You can now configure your external Docker registry or any other OCI-compliant registry with Automation Suite in an offline setup. You can do that either during the default installation, using the Automation Suite interactive installer, or as part of the advanced installation.
There are some limitations you should be aware of, though.
Automation Suite can currently connect only with a Docker registry that is signed by a public certificate (for example, a public certificate provided by cloud providers such as ACR, ECR, etc.). We are still working on providing support for Docker registry signed by a private authority host.
You can opt for an external Docker registry only in new installations of Automation Suite. Migrating from the internal Docker registry to an external Docker registry is currently not supported.
For more details on external Docker registry, see Configuring the external docker registry.
If you must comply with the Federal Information Processing Standard 140-2 (FIPS 140-2), we have good news for you. It is now possible to enable FIPS 140-2 on machines on which you plan to perform a new manual installation of Automation Suite. In addition to that, you can also enable the standard on machines on which you have already installed our suite.
We have prepared a set of instructions for you to easily enable FIPS 140-2 on the Security and compliance page.
There are still a couple of areas that require some work:
- For the time being, you cannot enable FIPS 140-2 on the machines where you plan to install Automation Suite via the deployment templates. You can only enable the security standard post-installation.
- Insights is currently not supported on FIPS 140-2-enabled hosts. As a result, you must disable Insights when installing Automation Suite on a FIPS-enabled host.
If you are an Insights user, you can now use real-time data export to Splunk to export UiPath® Orchestrator events to Splunk in real time.
For more information, check the Real-time data export section.
You can now watch a live stream of unattended jobs started from Orchestrator, and, if you notice any issues during the video stream, take remote control of the execution for troubleshooting purposes. This feature is enabled by the newly launched Remote control service.
For more information, see the Live streaming and remote control section.
Starting with the 2023.4.0 release, MongoDB is no longer delivered with the Automation Suite bundle. UiPath® Apps now uses an SQL Server instead of MongoDB as data storage. The implication of this change is that you now need to provide an ODBC connection string when installing or upgrading Apps. This brings several improvements, such as lower hardware requirements.
For details, see the Bring Your Own Database section from the Advanced Installation Experience page
Automation Suite no longer uses Rancher Server as an internal third-party component. Rancher Server was primarily used to monitor the stack and expose tools such as Grafana, Prometheus, and AlertManager. With the removal of the Rancher Server, you can still use these tools; it’s just that different access mechanisms are now required.
uipathctl is the tool that helps you configure your email to receive and view the active firing alerts.
For more information, see Using the monitoring stack.
We have removed RabbitMQ from the list of internal components shipped with Automation Suite. In Automation Suite versions prior to 2023.4, some products used RabbitMQ for messaging. Now all products use databases for this purpose. As a result, RabbitMQ is no longer bundled with Automation Suite.
Rest assured that this change has no impact on how you install and manage Automation Suite.
Since .NET Runtime 3.1 is now out of support, you must now install .NET 6.0 or later to start using the MSIToAutomationSuiteTenantMigrator tool when migrating from a standalone UiPath® product to Automation Suite.
For details on the supported .NET versions, see Microsoft documentation.
Starting with the 2023.4.0 release, UiPath® Apps cannot connect to a standalone Orchestrator. You can only connect Apps to an Orchestrator part of the same Automation Suite installation.
If you use earlier versions of Automation Suite and want to upgrade to 2023.4 version, keep in mind that Apps having processes connected to a standalone Orchestrator will no longer work. For such scenarios, make sure to migrate all your Orchestrator workloads from the standalone Orchestrator to the Automation Suite Orchestrator.
We are fully retiring the old admin experience and are moving forward with the improved admin experience that we introduced last year.
- We have moved the Settings card to the last position in the organization and tenant Admin pages to ensure the card is always in a consistent location so you can find it easily.
- We have removed the tenant picker from the Admin pages since it was redundant. You can select the tenant from the navigation menu on the left, as before.
- The UI now preserves the context when you are switching between tenants. With this improvement, you can stay in the context of the current service when switching to a different tenant, provided the service is available there. If the service is not enabled for the selected tenant, a message is displayed indicating that it is not available.
- We have updated the left-hand navigation menu to include the version number. You can find it located in the left-hand corner of Admin pages.
Automation Suite 2023.4 introduces fundamental changes to the way you upgrade to new versions.
We have upgraded major infrastructure components, such as Kubernetes to provide various security enhancements and security patches to our infrastructure layer. As such, Automation Suite 2023.4 bundles Kubernetes 1.24, whereas Automation Suite 2022.10 ships with Kubernetes 1.22. Previous Automation Suite versions remain on Kubernetes 1.21.
Kubernetes only supports sequential upgrades, which means that while upgrades from Automation Suite 2022.10 to 2023.4 are not affected by the infrastructure changes, moving from Automation Suite 2021.10 or 2022.4 to 2023.4 directly is not possible. In this case, an intermediate upgrade to Automation Suite 2022.10 is needed before moving to 2023.4.
block_classic_executions flag to true in the cluster_config.json file. The flag blocks Classic folder executions. Not using the flag in this scenario causes the upgrade operation to fail.
For a configuration example, see Advanced installation experience.
For an upgrade matrix, see Automation Suite upgrade paths.
For upgrade instructions, see Upgrading Automation Suite.
We have added more prerequisite checks to optimize the overall experience of installing and configuring Automation Suite and to catch missing requirements earlier. Here are some highlights:
- The Automation Suite installer checks if swap memory is enabled;
- While adding a node and backup enablement, Automation Suite checks the NFS server connectivity;
- Before adding a node, Automation Suite checks the TLS certificate and ensures it is signed by RKE2 server;
- Automation Suite checks the DNS validation and resolution from Kubernetes pods and retries the verification multiple times during installation.
For more on the prerequisite script, see Validating the prerequisites.
We have made improvements to sync error messages after a failed sync operation to better reflect what is truly causing the issue during the installation and upgrade process. This was possible by introducing a feature that collects the error message directly from Argo CD and exposes it to the user.
as.tar.gz, as-infra-only.tar.gz, and as-installer.zip, which are here to replace the old sf.tar.gz, sf-infra-only.tar.gz, and sf-installer.zip. No worries, though. The files are the same as before; they were just renamed to better reflect the Automation Suite identity.
And they bring about all the Automation Suite 2023.4 goodies, so go ahead and download them from the Automation Suite installation guide.
We continue to provide security updates and patches to address Common Vulnerabilities and Exposures (CVEs).
We're excited to announce a new feature that provides you with more control over who can access your organization's data. From now on, you will have the ability to define your own access policies based on your specific needs. This added level of control helps ensure that sensitive data is only accessible to authorized users.
With this enhancement, users' access to organization data will be determined based on their user state in the external directory. This means that you become able to specify who has access to the data and deny access to everyone else.
To give you more flexibility and control over your SAML authentication process, we have added support for multiple signing certificates. Whether you need to rotate your signing certificates frequently or just want to have more control over your SAML directory integration, we got you covered.
When configuring the SAML directory integration, you can either import your settings using the metadata document (recommended) or manually enter the signing certificates.
- If the SAML integration at the host level was configured to use an external user mapping strategy with either the username or the external provider key, users that belonged to more than one organization were unable to log in.
- The SAML SSO Configuration page displayed an incorrect Assertion Customer Service URL. As a workaround, you had to manually configure the Assertion Customer Service URL in the IDP without the partition ID. The Assertion Customer Service URL is now correctly displayed, and the manual workaround is no longer necessary. Upon upgrading to 2023.4+ you will need to change the Assertion Customer Service URL to include the partition ID.
- Requests to get storage bucket files that have
the extension
.svg,.js,.css,.ttf,.woff,.woff2, or.mapfailed if the extension was at the end of the request. - When downgrading Ceph, the OSD size was reset to 100GB. The issue caused Automation Suite upgrades to fail when the amount of data exceeded 100GB.
- The node removal operation in an Automation Suite installation with external storage was affected by an incorrect dependency on Ceph. We have fixed the issue.
-
Erratum - added April 19, 2024: In certain situations, Prometheus pods can fail to start due to an out-of-memory (OOM) error. To fix the issue, see the Troubleshooting section.
-
Erattum - added April 19, 2024: Alert configurations (email and webhook receivers) get lost on reboot of machine or re-sync of
alertmanager-configsecret. For details, refer to -
Erattum - added April 19, 2024: In certain situations, Ceph metrics and alerts are missing from the monitoring dashboards. To fix the issue, see the Troubleshooting section.
-
Erattum - added April 19, 2024: False positive CephMgrIsAbsent alerts are displayed even though there are no storage issues.
-
Erratum - added February 28, 2024: Stored procedures do not support collation differences between the SQL server and SQL database. To avoid any potential problems, you must ensure that the collation settings of both SQL server and SQL database are identical.
-
Erratum - added January 2024: The replica cleanup script incorrectly reclaims storage on the nodes. For more details, see the Storage reclamation patch troubleshooting article.
-
Erratum - added November 6, 2023
In versions 2023.4.0 through 2023.4.2, if you have an Active Directory (AD) integrated environment, you will see sporadic failures from the product leading to the IIS application pool restarting. This issue has been fixed in version 2023.4.3, but it still affects the aforementioned versions. As such, if you use AD, we highly recommend that you directly install or upgrade to 2023.4.3. Otherwise, you will encounter functionality issues.
-
Erratum - added May 8, 2023: When performing a multi-node interactive installation of Automation Suite 2023.4.0, the message asking you to run the next command on secondary nodes contains an empty token. To continue the installation, you must generate a new token by running
kubectl create token, and only then execute the command on the secondary nodes.Note:We fixed the issue in Automation Suite 2023.4.1.
Erratum - added November 10, 2023: The correct command to generate a new token iskubectl create token default. -
Some links in the Cluster Administration Portal are not working. They are supposed to help you access documentation on monitoring and alerting in Automation Suite. Until we fix the issue, go ahead and visit the Monitoring and alerting docs.
We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.
To find out what has changed on each Automation Suite product, visit the following links.
If the product is greyed out, this new Automation Suite version does not bring any changes to it.
This Automation Suite release bundles the following internal components:
|
Component |
Version |
|---|---|
|
RKE2 |
1.24.8+rke2r1 |
|
ArgoCD |
2.5.10 |
|
logging-operator | 3.17.10 |
| logging-operator-logging | 3.17.10 |
| gatekeeper | 3.11.0 |
|
rook-ceph |
1.9.4 |
| prometheus-pushgateway | 1.16.1 |
|
cert-manager |
1.9.1 |
|
rancher-istio | 100.4.0-up1.14.1 |
| rancher-logging | 100.1.3-up3.17.7 |
| rancher-logging-crd | 100.1.3-up3.17.7 |
| rancher-monitoring-crd | 100.0.0-up16.6.0 |
| rancher-gatekeeper-crd | 100.2.0-up3.8.1 |
| rancher-gatekeeper | 100.2.0-up3.8.1 |
| rancher-monitoring | 100.0.0-up16.6.0 |
|
longhorn |
1.3.1 |
|
longhorn-crd |
1.1.100 |
|
reloader |
0.0.129 |
|
csi-driver-smb |
1.8.0 |
|
velero | 2.31.3 |
|
redis-operator |
6.2.18-41 |
|
redis-cluster |
6.2.18-65 |
- Changes to license-related tenant limitations
- What's new
- Disaster Recovery – Active/Passive deployments
- Support for external Docker registry
- Automation Suite on FIPS 140-2-enabled machines
- Real-time data export to Splunk
- Remote control service
- MongoDB removal
- Rancher Server removal
- RabbitMQ removal
- New .NET requirements
- Apps and Orchestrator compatibility
- Improvements
- Old admin experience retirement
- Usability improvements
- Upgrade improvements
- Improved prerequisite checks
- Error message improvements
- Rebranded installation packages
- Security enhancements
- Organization access policy
- Multiple Signing Certificates for SAML
- Bug fixes
- Known issues
- Deprecation timeline
- Bundling details
- Product versions
- Internal third-party component versions
