Message redistribution, security and tunnels.

The Nimsoft Hub is the communication central for a group of Nimsoft Robots.

You are advised to carefully read this document "Upgrading the Nimsoft Robot" before installing/upgrading.

Note that Hub version 4.73 and higher requires GLIBC-2.3.4 or higher when installing the Hub on 64 bits hosts.

It is essentially a service process controlled by the Nimsoft Robot, and it's purpose and mission is to bind other Nimsoft Robots into a logical group with the Hub as the central connection point. Therefore, it is quite common to set up a Hub with regards to physical constraints (such as a department floor or building, a lab. etc.) or by service functions (such as Development Robots). A Hub also has the functionality to connect other Hub's into a hierarchy of Hub's.

The Hub is responsible for the following NimBUS services:
  • Message distribution
    All messages generated on the Robots are routed through the Hub, and the Hub decides how to handle the messages; some are forwarded to other hubs and others are dispatched to local subscribers, both users and probes.
  • Name service
    Translate Nimsoft addresses on the form /domain/hub/robot/probe into the IP address and port registered by the service on startup so that applications can connect to the service, using TCP/IP.
  • Authorization
    Handle login on the Nimsoft Domain.
  • Authentication
    Authenticate requests and user access rights to probes and Infrastructure (Hub, Robot and Spooler).
  • Tunnel
    Tunnel NimBUS requests from one site to another site, much like a VPN for NimBUS.
    Tunnels use SSL certificates.
Revision history
Date Description State Version

Released with DX UIM 23.4 CU1.

What's New:

  • Upgraded OpenSSL from v3.0.11 to v3.0.13
SHA-256 Checksum: 6089b74cfe4030efc8fb53289cd6dac35c3c4bc325a65127d483b85fd5ccb55e
GA 23.4.1

Released with DX UIM 20.4 CU10

SHA-256 Checksum: 0a26677f951a010d58dffe63ff3d8ee51383f647078a229b5a9669f252c9068c

Released with DX UIM 23.4

SHA-256 Checksum: c42f7c4ca5ce10fd3b8dc728075bdc094529812bc980a99940830156f499819d

Released with DX UIM 20.4 CU9.

SHA-256 Checksum: 4d8ae949f533d02693cc8fd762710b400cefbc637e441118a7119c2b68f3a796

Released with DX UIM 20.4 CU8.

SHA-256 Checksum: bb4e105120e37c89625fe392c79e8ddb7f1d93a520a16e47a4b2f2e951b9a207
  • Released with DX UIM 20.4 CU7.
SHA-256 Checksum: 8b1ac6a16ee5236d43e52d27c7b71cc126f0add18f14f2012718825562e41a95

(Released with DX UIM 20.4 CU6)

Fixed Defects:

  • Potential memory/handle leak using Hub v9.33. (Support Case: 33094507)
SHA-256 Checksum: b1ffb91f1647f3a12c68b7197b05c8dcfc2eede247fdfd718f979cf841c1f3c4

(Released with DX UIM 20.4 CU4)

What's New:

  • OpenSSL upgraded to v1.1.1q for BCI-Nimbus components.

Fixed Defects:

  • Libraries to enable Security-Enhanced - SELinux Enforcing mode is missing in the Hub folder.
    Support Case: 33093582
SHA-256 Checksum: 091091ad886ebcd7f44c2427ed73665431759d9370f4800c90e95b64f5ea79f7

What's New:

  • OpenSSL lib upgrade from version 1.1.1k to 1.1.1l
  • OpenLDAP lib upgrade from version 2.4.48 to 2.6.1

Fixed Defects:

  • UIM 20.33-Nimbus account password reset issue. (Support Case: 32795970)
  • Hub Ldap over SSL not working after upgrade to 20.4. (Support Case: 32986207)
SHA-256 Checksum: fd735a03012f949aa60d052eb7475ee4961d611cab785d44746cf353455a9ae8

(Released as part of DX UIM 20.4.0.)

  • Resolved an issue where users started observing duplicate entries for many robots in the robot.sds file of the hub (after they upgraded from 9.20 to 20.3). Because of this problem, they were noticing a large number of robot inactive alarms coming from certain robots that were not inactive. (Support Cases: 32454722, 32491190, 32498918, 32516879, 32516736, 32519350, 32536779, 32576041, 32581832, 32578868, 32548485, 32604924, 32608299, 32602034, 32687594, and 32682095)
  • Resolved an issue where the nimldr silent/express installation was not working. The silent/express was always going into interactive mode. (Support Case: 32788303)
  • Resolved an issue where users were observing junk characters in the hub and nas log files. (Support Case: 32720590 and 32727163)
SHA-256 Checksum: 1cb68d20bcb110463142d93953fc0e302796107abcf2b525b5099dc0361bf294

(Released as part of UIM 20.3.3.)

  • (9.32 HF2) Resolved an issue where users were able to see the cleartext passwords in the hub.log file when they were logging in using the Admin Console. (Support Case: 32475607)
  • Fixed an issue where the primary hub was restarting after every few minutes. The logs from controller and hub were not showing any relevant information about the issue. (Support Case: 32498752)
  • Fixed an issue where users were getting errors when they were trying to create tunnels on a hub. (Support Case: 32488645)
  • Fixed an issue where the enhanced security.cfg configurations were not propagating to one of the hubs in the environment. (Support Case: 32509796)
  • Fixed an issue where the AD/LDAP login through IM was failing. The hub was able to connect to the AD/LDAP server and fetch the group/user list, but the login was still failing. (Support Case: 32424406)
MD5 Checksum: 3ceac3a1cf086c07066e55b3f9622ad8
SHA-1 Checksum: 7db65ba26adaf58bf89f95a1ca045e39f9ca9334

(Included in UIM 20.3)

What's New:

  • (7.97 HF9) Fixed a tunnel problem with robot 7.97 HF8. (Support Case: 20325857)
  • (7.97 HF9) Fixed an issue where snmpgtw was interferring with hub. (Support Case: 20274225)
  • (9.20 HF11) Fixed an issue with LDAP Authentication being failed due to password hardness (characters set). (Support Case: 20302003)
  • (9.20 HF11) Fixed an issue with LDAP+SSL authentication while upgrading to UIM 20.1. (Support Case: 31829437)
  • (9.20 HF16) Fixed an issue where renaming a robot causes hub to send "robot inactive" alarms. (Support Case: 31888942)
MD5 Checksum: 7395f3817a3b9ada1225bd4ac648387e
SHA-1 Checksum: 40e9489eeacebb79eec9b68788951591ca819dcd

(Included in UIM 20.1)

For the hub 9.30 Release Notes, see

MD5 Checksum: c422d55f2484f96372bc6d53f54f2c9f
SHA-1 Checksum: 17515c5fb6c9af6a4a5eef1a6a1e107d89740159
  • (9.20 HF1) Fixed an issue in which a tunnel server was not able to establish connection in high latency cases. A new config parameter epoll_wait_timeout has been introduced through which the user can set a different timeout. If the parameter is not specifically configured in hub cfg then default value will be considered which is 15 secs. For Hub to Hub tunnel communication, this parameter needs to be configured in tunnel server hub (applicable for both Secure and Non-secure hubs ) under Tunnel/server section of hub cfg. Valid values for this parameter is between 100 and 15000 (100ms to 15 secs).

For the hub 9.20 Release Notes, see

MD5 Checksum: f473e3ecac14e7bba068ae8bed2caa90
SHA-1 Checksum: 72b11c8d619d259f5c61642e3ab65cf517512b21
  • Updated to support the Microsoft Visual C++ Redistributable for Visual Studio 2017 package version 1.01 (vs2017_vcredist_x86 1.01 and vs2017_vcredist_x64 1.01). This support helps ensure that the minimum version of the VS 2017 package is equal to or greater than 1.01. With this dependency on the version 1.01, the computer is no longer getting restarted automatically when installing the VS 2017 package. That is, with v1.01, no auto-restart of the computer happens.
  • Better handling of the spooler plug-in. For example, when hub 7.96 (compiled with vs2017_vcredist_x86 1.0 and vs2017_vcredist_x64 1.0) tries to load plugin_metric (compiled with Microsoft Visual C++ Redistributable for Visual Studio 2008), the hub stops responding. This happens because of the compiler incompatibility. Now, with this release of the probe, which is dependent on vs2017_vcredist_x86 1.01 and vs2017_vcredist_x64 1.01, hub no longer loads the plugin (plugin_metric) if it is not compatible.
  • Note: If you are upgrading to hub 7.97, ensure that you first upgrade robot to 7.97 and then upgrade hub to 7.97.

    MD5 Checksum: 5c2e7e6e70b0f359cdffd2f407a38578
    SHA-1 Checksum: 84f16f64d59a1f9c0834ca1eaa087632afb03a77

    Included in CA UIM 9.0.2

    What's New:

    • Added the ability to monitor, at specific intervals, if robots deployed on a hub are powered on. You need to manually add specific parameters to the hub configuration to enable this. For more information, see Additional parameters in hub 7.96.
    • Provided support for Red Hat Directory Server 10 (RHDS 10) as the LDAP Server. (Support Case 00528637)
    • Provided support for communicating with TLS v1.2-enabled OpenLDAP server.
    • Updated this probe as part of removing dependency on the end-of-life (EOL) Microsoft Visual C++ Redistributables in CA UIM 9.0.2. CA UIM 9.0.2 now uses Microsoft Visual C++ Redistributable for Visual Studio 2017.
    • Updated this probe as part of removing known security vulnerabilities in CA UIM 9.0.2 by using upgraded OpenSSL components.
    • (7.93HF12) Fixed the issue where USM was ignoring the severity of hub alarms. The alarms were showing up under hub in USM; however, the severity icon was not changing for these alarms to reflect the correct severity. With this fix, USM no longer ignores the severity of hub alarms; it now displays the correct severity icon for them. (Support Case 01115256)
    • Removed support for the following platforms:
      • RHEL 5 (32-bit and 64-bit)
      • Windows 2008
      • CentOS 5 (32-bit and 64-bit)
      • Debian 5 and 6
    • Removed support for the following 32-bit platforms:
      • Solaris 10 and 11

      • RHEL 6

      • CentOS 6 and 7

      • SUSE 11

      • OpenSUSE 12 and 13

    • Changed the default check_spooler_sessions setting in hub.cfg to 1 = ON.
    • Changed the default protocol_mode setting in the tunnel section of hub.cfg to 3 = ON.
    • Changed the default value of the max_heartbeat setting in the tunnel section of hub.cfg to 1800 ms.
    • Changed the default value of the postroute_interval setting in hub.cfg to 120.
    • Changed the default value of the postroute_reply_timeout setting in hub.cfg to 180.
    • Changed the default value of the postroute_passive_timeout setting in hub.cfg to 300.
    • Changed the default value of the hub_request_timeout setting in hub.cfg to 120.
    • Changed the default value of the setting tunnel_hang_timeout = 300 in hub.cfg.
    • Changed the default value of the setting tunnel_hang_retries = 3 in hub.cfg.
    • Updated this probe as part of adding support for TLS v1.2 in CA UIM. This support establishes secure communication with the UIM database: Microsoft SQL Server and Oracle in CA UIM. For more information about how to enable TLS v1.2 support in CA UIM, see TLS v1.2 Support for Microsoft SQL Server and TLS v1.2 Support for Oracle.

    Fixed Defects:

    • The default queue bulk size no longer changes to 1 when other changes are made to the queue. (Support Case 797687)
    • (7.93HF1) When the LDAP server is down and you restart the hub, the hub starts responding quickly; it no longer remains unresponsive. (Support Case 831283)
    • Fixed an issue in which qos_processor was intermittently failing to delete the queue properly, (Support Case: 00815516)
    • Corrected a

    What's New:

    • (7.92HF4) Added support for multiple LDAP Servers.
    • (7.92) Added support for SuSE 11 or later.
    • (7.92HF1) By default, changes to security.cfg are propagated from any hub.
    • (7.92HF6) To improve the throughput performance of tunnel communication between hubs in a high latency network, data compression can now be configured.

    Fixed Defects:

    • (7.92HF1) A problem which caused the primary hub to crash with a segmentation fault is now fixed. (Support Case 00652137)
    • (7.92HF4) Fixed an issue where robot install fails on Windows but appears succeed when the PATH is not set in the section of robot.cfg. Robot install now fails when the PATH is not set. (Support Case 00732914)
    • (7.92HF4) Fixed the issue of being unable to save probe config changes after secure_callbacks_from_primary_hub_only is enabled (hub 7.80 HF23) (Support Case 00291708)
    • (7.92HF5) If you create a new Solaris zone, a robot installed in the global zone is not automatically deployed to the new zone. To install a robot in a new, non-global zone, install the robot into the non-global zone using the same steps that you use to install the robot in the global zone. (Support Case 746015)
    • (7.92HF5) Fixed a problem where false application down alarms were triggered during AIX startup because the robot started before the monitored application. (Support Case 707038)
    • (7.92HF8) Duplicate hosts names shared by multiple tenants are now correctly reported to all interested tenants.
    • (7.92HF8) When secure_callbacks_from_primary_hub_only is enabled, requests to add the probe to the security file are not forwarded to a primary hub in a different domain.
    • (7.92HF8) Fixed an issue where creating a queue with an empty Subject field caused the hub configuration UI in Admin Console to report an error and fail to open. (Support Case 00648129)
    • (7.92HF6) Fixed an issue where user_tags were overwritten by the hub spooler. Now, the hub spooler only sets the user_tags if they are empty.
    • (7.92HF7) An issue was fixed that caused robots to failover to the secondary hub sooner than expected, appearing to ignore the configured failover interval.
    • (7.92HF8) An issue was fixed that caused robots with plugins to not completely release memory on Windows. (Support Case 00791437, DE307126)
    • (7.92HF10) Duplicate host names across tenants no longer cause data leaks when the same metric is collected against a target with the same name.
    • (7.92HF10) Improved performance between the hub spooler and controller. (Support Case 00687052, 00676791)
    • (7.92HF10) Corrected an issue where hubs intermittently show as yellow until selected in the GUI.
    • (7.92HF10) The nexec configuration no longer fails when LDAP is enabled. (Support Case 00245766, 00799227)
    • (7.92HF10) Alerts now clear for stopped probes once a probe starts running. (Support Case 00723878)
    • (7.92HF10) Hubs no longer overwrite the primary_hub status if the field is not supported by a hub version.
    • (7.92HF10) Added a variable to hub.cfg that provides a mechanism to periodically close spooler sessions that are in a half-closed state. The check_spooler_sessions variable is set to 0=off by default. When set to 1=on, the spooler sessions are closed.
    • Corrected a tunnel stability issue in which hubs would turn red and become unresponsive in Infrastructure Manager and Admin Console. (Support Case 00824936)
    md5sum: fad6a341abc15a4201a007d55da6962b
    sha1sum: c5a8c003300148775a025ef7a2e
    03.04.2017 What's New:
    • To improve tunnel stability, set protocol_mode=1 in the <tunnel> section of hub.cfg for all tunneled hubs.
    • Two new hub parameters specify the amount of time a queue waits for an acknowledgement before re-sending data to a subscriber.
      • postroute_reply_timeout specifies a global timeout setting that applies to all hub queues. Specify this value in the <hub> section of hub.cfg.
      • reply_timeout specifies the reply timeout setting on a per queue basis. This value overrides the global postroute_reply_timeout for the specific queue. Specify this setting in the <queue> section of hub.cfg
      The default reply timeout for a queue is 60 seconds. Setting the timeout value to zero (0) specifies no timeout (infinite wait). The settings apply to attach-get queues and post queues. If the value specified for an attach queue is not equal to the value set for the corresponding get queue, the value for the get queue is used. If the subscriber is a probe, the probe timeout value overrides the attach queue value.
    • A new property, robot_missed_update_count, specifies how many consecutive missed updates from the robot must occur before the hub begins issuing robot is inactive alarms. Specify the property in hub.cfg. Default, 2.
    • Updated Novell C LDAP libraries to version, which is a mid-2015 release. The version varies by platform. For Linux x64 the version is 098ZW.
    • If no min_bulk_size is specified by the subscriber, the min_bulk_size set on the attach queue is now used.
    • Support for Solaris as a primary hub is discontinued. Secondary hubs on Solaris are supported.

    Fixed Defects:
    • Tunnel stability is improved. Hubs no longer appear to randomly switch between available and unavailable. Probe configuration UIs in Infrastructure Manager and Admin Console can be accessed across a tunnel. (Support Case 466247)
    • A problem with file descriptors for SSL, which could cause a hub to crash is now fixed.
    • Hub keep-alive heartbeat support is added for temporary queues.
    • Hub queue parameters min_bulk_size and min_bulk_wait are not working.
    • Support for LDAP anonymous simple binds is removed. LDAP anonymous simple binds are now explicitly denied. Valid credentials are required to query LDAP. (US228760)
    • Added logic to prevent nametoip requests to an unresponsive hub.
    • Simplified the timeout logic for forwarded namtoip requests to the hub. (7.80HF9)
    • NAS subscription does not reset as expected when a problem is detected.
    • Allow UTF-8 characters in database login user name.
    • Hub crashes on restart if hub.cfg contains a static hub entry with the same name.
    • Invalid robot is inactive messages.
    • Hub and robot can crash when the logging level is set to 5 and a callback reply contains nested PDSs.
    • Logging is improved by moving some hub messages from log level 3 to log level 5. (Support Case 169553)
    • Queues and tunnels reestablish connections more reliably after a network outage.
    • Hub main thread blocks for seconds to minutes.
    • Hub does not attempt to reconnect to an unresponsive LDAP server when it comes back online.
    • Hub spooler experiences a catastrophic queue error when attempting to read a corrupt PDS file, and good PDS files are discarded. (Support Case 379065)
    • Volume of SSL Layer Error 5 messages is now reduced in the hub log file.
    • Extended_source is missing from QoS and Alarms from SNMPCollector v3.2 .
    md5sum: 095f7cd5660f55fb3e7773435348e36f
    sha1sum: 9d42f6a78cc0c109c08ceb784d08d65c950a3195
    02.03.2017 Updated with defect fixes - no new functionality.

    md5sum: cae6de12ab7c8baa620544d5b829cd73
    sha1sum: 16e740702a565982e58a36d2f46fa9056820e070

    • Windows IA64 platform support is dropped for robots. Prior to robot-7.80, support for Windows Itanium (IA64) was enabled as part of the release binaries packaged for the robot. The 7.80 version of the robot no longer comes packaged with the Windows IA64 binaries. All robot functions will continue although the platform is not officially supported.

    • TLS Cipher Support and OpenSSL 1.0.1m. OpenSSL 1.0.1m and TLS 1.1 or 1.2 cipher suites are now made available with hub-7.80 and robot-7.80. To maintain backward compatibility with tunnels you must specify a cipher suite that will have TLS first and then SSLv3 last, as this will allow tunnel communication with hub 7.71 and earlier.

    • Updated migration path for user tag from robot to hub. To facilitate upgrading from version of the hub prior to 7.80, hub-7.80 will automatically copy user tags from the robot.cfg to the hub.cfg file on restart, if and only if, no user tags exist in hub.cfg and if the new hub option os_user_retrieve_from_robot is set to true (default is true).

    • Proper user tag selection for robot state change. In hub-7.80, for the special case of alarms that the hub sends about its robots, the default behavior for user tags has changed to revert back to hub-7.63, where the user tags are set to that of the robot which represents the alarm. This is only a change for the special case of the hub’s robot alarms, not for other alarms and messages. Note, these changes do not affect robot alarms that come directly from the robot itself. This ONLY concerns robot alarms that are generated by the hub in cases such that the robot or the robot’s probes come up or down. A new configuration option, called os_user_robot_alarms_use_hub_tags, is added to optionally revert back to the hub-7.70 behavior if desired.

    md5sum: 04d3d104aaff1a997f67a1da07f2e835
    sha1sum: 5b2682a5ac1ebd119a05654972ab04050cac5360
    06.04.2015 Hub 7.71 fixes an issue seen with hub 7.70 in assigning ports for tunnel client connections. Prior to 7.70, the tunnel client connections would consistently use the 48xxx port range (based on the controller’s default first_probe_port setting of 48000). An issue in hub 7.70 caused the tunnel client connections to use a system-assigned port number, which would not be reliably fall in the 48xxx range. This caused issues with firewalls where the tunnel ports were explicitly allowed and expected to be in the specific range.

    With hub 7.71, the default port range for tunnel client connections will again fall in the 48xxx range. The specific ports for tunnel connections can be overridden (as previously) by setting tunnel/ignore_first_probe_probe = 1 and tunnel/first_tunnel_port = in the hub.cfg.

    md5sum: d13c474211a50f3dd12734f7ef8a0f63
    sha1sum: 828b125763f5075ea997d04a0767970ed500b58b
    31.03.2015 New features:
    • When a robot fails over to a secondary hub, the robot retains its origin. The origin is attached to each QoS message generated by a probe and routed through its robot. By default, the origin is the robot’s designated parent hub. With hub v7.63 and earlier, the robot's default origin upon failover changed to the name of the failover hub. As of hub v7.70, the origin remains the name of the robot’s designated parent (specified by the hub attribute in robot.cfg). Icon
    Note: UIM administrators can override the default value by defining the origin in the robot configuration. In multi-tenant environments, for example, an admin can specify the origin in order to group data and control user access to the data. If the origin attribute exists in robot.cfg, the robot’s spooler attaches it to the message, and the hub’s spooler does not alter it. This behavior has not changed.
    • A hub can be configured to send an alarm to report dropped messages. All messages generated by probes have a subject that is used to route the message on the message bus. If the hub does not have an attach or post queue configured for a particular subject, any message with that subject is dropped by the spooler. Hub 7.70 has the ability to send an alarm to provide a summary of how often this occurs. This behavior is disabled by default. To enable it, specify in hub.cfg: subjects_no_destination_alarm_interval=< seconds >
    • Username and password limitations are consistently enforced. Username must be 1 to 254 characters long and cannot contain control characters, right or left arrows (< or >), or forward slashes (/); password must be 5 to 254 characters long.
    • Removed the ability to provide SID to command line probe utility. In past releases, the -S option of the pu command (which lets you execute probe commands from a command prompt) could be used to explicitly set a session identification (SID). This capability has been removed to prevent security from being bypassed through SID injection.
    • Improved behavior of SSL mode. If a controller is managed by a hub that has SSL mode=0, the controller no longer creates the robot.pem file upon startup. Any UIM components installed on that system will not accept SSL connections.
    • Improved DNS lookup during tunnel setup. DNS lookup, which maps the hostname to an IP address, will retry on DNS failures, making tunnels more tolerant of temporary or intermittent failures.
    • Robot user tags are propagated in bus-generated messages and alarms. These values are specified in robot.cfg by configuring the controller probe in Admin Console or Infrastructure Manager.
    • Robot can automatically pull probes with ADE. Upon startup, controller looks forrequest.cfg, a text file you can create to enable automatic deployment of the probes to the robot. Previously, these requests could only be facilitated by distsrv, which still handles them by default. With the release of automated_deployment_engine v8.1, the ADE probe also has the ability to handle these requests. To direct request.cfg files to ADE, use the Raw Config utility to add the deploy_addr parameter (which specifies the UIM address of the ADE probe) to robot.cfg: deploy_addr=/<domain>/<hub>/<robot>/automated_deployment_engine

    md5sum: 9a46bb1874601e95da54756478054c84
    sha1sum: bee085a4d091523c70237daa48cffda02c85cbce
    30.12.2014 • OpenSSL 1.0.0m
    • Improved reliability of LDAP functionality when an SSL connection to the LDAP service is required.
    • Improved stability when long queue names are used.
    • Removal of a potential file descriptor resource leak when used in conjunction with baseline_engine and prediction_engine. • Removal of a potential memory resource leak when circular message flows are configured.
    • Removal of a potential crash condition when the tunnel_get_info callback is invoked.

    md5sum: 29eb33e7db919a0e07ed8b43c8e7864b
    sha1sum: 96d29f17758d13df20533a23aa8535bcdca28fa6

    Whats New in Hub 7.61:

    • Tunnel Stability improvements
    Md5sum: ea598a272ab78e536f9f528972799456
    sha1sum: 0631599e449ef74b1c35bbc4da0752d3e96a6499

    Whats New in Hub 7.60:

    • Improved socket management between two hubs connected via a tunnel
    • Reduction in communication errors caused by long-running callbacks over a tunnel connection.
    • Refined alarming around queue status to reduce false positives.
    • More efficient handling of LDAP directories with large numbers of groups when paired with UMP 7.6.
    • Additional defect fixes and general improvements.
    Md5sum: ef66c53cfb98fd1ef4043403cf5f9250
    sha1sum: a9c192218bfdb52cbbbac4c07cc6dfa4e69db75f

    Package that is included in the NMS 7.50 distribution.

  • Tunnel and queue connect and disconnect alarms have been retroactively reset to Information level to better match their actual meaning and impact.
  • Hub detects when the total resources in use threatens tunnel and/or hub viability and reacts by either resetting the tunnel or restarting the process, without data loss.
  • Origin value for probes local to a hub can be set independently from the origin value for the hub itself.
  • LDAP and user level security have been enhanced.
  • Tunnel stability has been improved.
  • Fixed a defect that caused a core dump on Solaris when hubup response contents were malformed.
  • Fixed a defect that led to a significant number of sockets being temporarily left in the CLOSE_WAIT state when the hub was in communication with a large number of robots.
  • Fixed defects that caused duplicate tunnel connections between the same client and server, and that caused permanent tunnel disconnection due to the exhaustion of session handling threads.
  • MD5 checksum: f3fb6c0d5d4ae70c489fface4af6af11
  • SHA-1 checksum: 7b17bfb486ef7881cf9c8a45c01e1fd130c3f05d
  • 7.50
  • NOTE: Version: Hub 7.50.789-debug. Limited distribution. Diagnostic use only.
  • MD5 checksum: 60730303451d1d70b857eb8ce59d0fe8
  • SHA-256 checksum: baa865098746d729746702c3579888d522f8d70c4dc862c45d63266951da4430
  • 7.50
    07.03.2014 NOTE: Hub 7.12.763. Diagnostic use only.
  • MD 5 checksum: 87f16be19de4d6fdf6d6e8b72f2d735f
  • SHA-1 checksum: 617d3514284cded77127730c8e3538605c4a1b5b
  • 7.12
    24.02.2014 NOTE: Limited distribution diagnostic use only version 7.12.725.
  • MD5 checksum: b83494d6d8cac4e2d4e52dc1f4efca20
  • SHA-1 checksum: 7278a0626f3b96132e5b775e258a8e43007ec01a
  • SHA-256 checksum: 3c062d3b5abec6ddeacd3c3e1bf14a1cf1a7abd4668edefbb484f19e85e8bc2b
  • 7.12
    29.01.2014 Hub 7.11 build 706

  • Use of an improved method for determining the liveness of get-attach queues that carry low volumes of data.
  • More efficient use of TCP sockets when used as a tunnel server, and the removal of a scenario where the number of sockets used could grow unbounded.
  • A fix for a memory leak that could be encountered when used with the SNMPCollector probe.
  • A fix for an issue that could be encountered when used as an LDAP proxy hub.
  • Package Signatures:

  • MD5 checksum: 5665ae8ebd66bdb6f2b7e918a2d5805c
  • SHA-1 checksum: 3e8e18aa57aade8c08583dbfab294ad2f0d9335b
  • SHA-256 checksum: 5a0aa5311c3a96d81cf947ab7050be56bc6d1ca0f8795b0507dc10c8548bd488
  • 7.11
    24.01.2014 Note: Limited beta distribution version 7.11.691.
  • MD5 checksum: fbc8f39d7655b3293c273bb135622d25
  • SHA-1 checksum: ab764055796fbfac5415e3c19b18cdf5c44e4ed2
  • 7.11
  • Hub 7.10.599 Archive package for the Nimsoft Monitor 7.10 release.
  • MD5 checksum: 74b6f1cb4ba1ceb7f90c87e32010911b
  • SHA-1 checksum: 8a55247116afb8da9aa7f9c9602f514c80cbc69b
  • 7.10
  • Hub 7.00 package for the Nimsoft Monitor 7.0 Release
  • MD5 Signature: 7ee747ab7da7eb76c943f580aeba4ad0
  • 7.00
  • MD5 sum: 9b404d61d6b370f9eff4f3b7fae27936
  • 6.00
    08.11.2012 Fixed intermittent issue at debug level 3. 5.82
    30.09.2012 Added enhanced support for alarm_enrichment. 5.81
    05.07.2012 - Improved passive robot management stability and performance
    - Improved logging effectiveness and fixed issue with setting large log levels.
    - Moved to online help system.
    - Added ability to use hostname as tunnel client.
    30.12.2011 Fixed ldap code.
    Fixed Linux 64 memory leak.
    28.10.2011 Fixed audit: editet 1 user and you would get events that all users are edited
    Fixed LDAP where administrator was getting OPERATOR ACL. (using proxy.)
    Fixed errror when ',' exists in DN.
    Fixed HUB restart when sing LDAP.
    fix: postroute_check with unknown error rc: 100.
    fix in cmd_getnearesthub .
    Solaris platform: Fixed situation when a user is created through the Infrastructure Manager it causes NMS to reboot and the user is lost.
    Lost communication with hub - There is an issue in previous versions of the hub if you are using "first probe port" in controller. It means probes and hub tunnels will fight over ports, and, you could get problems that a hub takes a port that a probe has registered. We have fixed this issue by programming the hub to ask controller for a port to use (callback: port_reserve), in order to avoid having port conflict with probes.
    Queue size is no longer reported to be negative
    23.09.2011 Fixed problem with duplicate IP in Network Alias (GUI)
    Default values changed for LDAP proxy settings (GUI)
    Fixed callback LDAP_groups on Solaris platform to return immediately. (Will return no values, as LDAP is not supported on Solaris platforms.)
    Fixed overflow in Queue growth size alerts which could create false alarms.
    Brute force security introduced in HUB version 5.41 is now default off. (Enabling this function will disable all UMP users for a period when one user has attempted 3 logins with incorrect password.)
    Fixed problem with request through tunnel with blank address which could restart the hub.
    Support for IPv6. (Should not be used for HUB on the NM server until UMP has support for IPv6.)
    28.06.2011 Fixed intermittent problem on Linux platforms with threading issue that was introduced in version 5.58. (May cause communication problems.) 5.60
    06.06.2011 SSL certificates generated with this version of HUB or later versions will be compatible with earlier versions of HUB. (Fixing issue with generating SSL certificates in earlier 5.5x versions of HUB.)
    Fixed potential segfault on Linux platforms in thread and session handling.
    Override alarm text with "n/a" when there is a blank error text from the system.
    Fix return code at error situations when testing connectivity with ldap server.
    Fix return code when testing if there is data on the ssl socket if that socket does not exist.
    28.04.2011 Additional fix for GUI (process not terminated). 5.44
    07.04.2011 Note: Generating new SSL certificates for tunnels with this version of the HUB will create certificates that are not compatible with earlier versions of the HUB. (This is fixed in later version; the certificate generation is again compatible in HUB version 5.58.))
    Fix problem with client false certificate expiration alarms on the server side (should only be checked on the client side).
    Fix for connecting to spooler on passive robot when proxy mode is set.
    Fix for tunnel server binding to localhost instead of all interfaces.
    Fixed segfault issue in connection with tunnels hanging which would trigger a HUB restart.
    Fixed segfault issues by shutdown of HUB occuring on some Linux systems.
    Fixed problem with expired SID on the way through a tunnel not getting that status code back to the probe so it can renew the SID.
    Improved SSL shutdown in tunnel sessions.
    Added extra locking to internal security information to avoid crashes due to thread issues.
    01.03.2011 GUI (process not terminated) - a problem that occured when you selected to remove a hub from the Hub tab. GUI process would not terminate when closed. A bug introduced in hub 5.34.
    19.01.2011 Fixed problem where robot with autoremove=yes would not send inactive alarm even if it crashed and failed to remove itself from the internal list
    Avoid brute-force password guessing by blocking a user or ip address for a time (5 minutes default) after multiple consecutive login failures (5 is default).
    Fixed ldap proxy code when going through tunnels.
    Added option to specify what size to alarm on for queue sizes through GUI. It has previously only been editable through raw configure.
    Security fixes.
    Tunnel Access List supports a new field, Source, to control who has access.
    Added user_tag_1 and user_tag_2 to header of alarms sent on behalf of a robot.
    Added audit messages to edit user and delete probe callbacks.
    09.12.2010 Added audit flag. Audit settings will now be propagated to the robots when they connect to the hub.
    Added hubpost_bulk callback to internal spooler to allow robots with high latency to send several messages in one go.
    Added auditing on login, change password and probe security changes
    Fixed problem writing to queue files that grow over 2GB on 32-bit systems.
    Added clone prevention mode that will send alarm and/or prevent controllers with same name and different ip to register.
    Modifed splAddSource to check against local ip list (code duplicated from spooler).
    Added support for extended NIS datamodel.
    Initial version for internationalization of alarm texts.
    29.06.2010 Improved SSL handshake routine for HUB tunnels.
    Fixed potensial tunnel memory leak and intermittent segfault.
    11.06.2010 nimldap lib 1.16 fixes issue when username contains non standard ansi characters with reverse group lookup. Causes unpredictible results for hub (crashes most likely).
    User_info callback now supports key 'acl' for LDAP users
    Fixed a small memory leak in passive Robot's spooler mechanism.
    Added auditing on new/delete on users/ACLs.
    Made Robot maintenance state persistant on cold start.
    26.03.2010 Enhanced support for multiple Network Interface cards (NICs) on the computer. Nimsoft communication is now supported with other NICs than the default Robot interface.
    Added support for passive mode Robot.(Where firewall is prohibiting access in direction from Robot to HUB, only allows access in direction from HUB to Robo)t.
    Added support for encrypted SSL communication.
    Fixed buffer overrun in ldap a library function for very long LDAP names..
    Changing default lookup mechanism to reverse lookup in AD and eDirectory templates.
    Added support in user_info callback to request attributes from LDAP users.
    17.12.2009 Added template for Sun Directory server.
    Added reverse group membership lookup in LDAP library.
    Changed LDAP library behaviour regarding referrals: ignore instead of stop when ldap search returns referrals.
    12.08.2009 Handle leak due to changes in behaviour on VS2008 fixed in nametoip.
    Changed the nametoip command to be asynchronous.
    Remove robot changed to accept name only as paramenter in order to work in a tunneled environment.
    Added support for NimBUS Shutdown.
    11.03.2009 Tunnel validation of SID from external users (LDAP) fixed. 4.74
    19.12.2008 Improved handling of LDAP functionality when the LDAP server is down; implemented alive checking in order to prevent long timeouts.
    Changed remove robot to ignore ip parameter in order to work in tunneled environment.
    20.10.2008 Added support for 64-bit platforms.
    Prepared support for LDAP bridging.
    Note: The LDAP briding functionality requires other components which will be made avilable in NimBUS Server 3.60.
    05.05.2008 Changed robot inactive alarms so they look like they originate from the Robot.
    Fixed additional problem occuring for some language settings. NAT settings was not read from config file by GUI.
    GUI fix: Fixed problem with Run-time error occuring for some language settings.
    Fixed problem with a callback's error code.
    Support for user tags added to the spooler. Fixed problem with initalizing large queue files that had finished more than 2.1 GB of the queue. Will send create a backup of corrupted queue files and send an alarm.
    The bulk size for queues was set to 1 if the test for bulk transfer support failed due to communication error.
    GUI fix: Robots with numbers as name didn't show up in the list.
    Tunnel server could loop and use 100 % CPU under special conditions (connection problems + empty client connection pool + sending heartbeat message)
    Reply on robotup also includes origin information.
    Unregistration of hub and spooler port added.
    05.05.2006 Problem with Communication error over tunnels with few connections fixed. 4.01
    08.03.2006 Miscellaneous tunnel improvements:
    -Connection Pooling.
    -SSL Session Caching.
    -Alive checking for tunnels, connections and server.
    -More tunnel statistics.

    Bulk transfer of messages between Hubs (post and get queues) to increase the transfer rate on slow networks.
    Platform: Please refer to the Platform Support Matrix located in the Download section of
    Software: Version 4.71 and higher reguires Robot 3.00 or newer.
    Hub version 4.73 and higher requires GLIBC-2.3.4 or higher when installing the Hub on 64 bits hosts.
    Hardware: None