New: Meridian 2022

OpenNMS performs cybersecurity risk assessments that encompass our company, our services, and our products. We've shared the risk assessment template with the open-source community on Discourse and GitHub. In addition, OpenNMS now conducts security penetration testing on each significant Meridian release.

Penetration testing is only one component of our security program. We are now enhancing our processes to align with the ISO 27001 security framework. Some of this work includes ensuring that the appropriate people, processes, and technologies are in place to assess cybersecurity risks unique to OpenNMS and our products/projects, and implementing measures to protect, remediate, or recover from those risk events.

For years, The OpenNMS Group has worked with the Common Vulnerabilities and Exposures (CVE) system to address identified issues promptly. We are in the process of becoming part of the CVE Numbering Authorities (CNA) program to augment our CVE reporting capabilities.

Meridian 2022 fixes a few minor security issues identified during penetration testing. In addition, running Meridian no longer requires super-user ("root") privileges. We also simplified the Minion communication process helping to reduce potential security risks and simplifying associated firewall rules.

Updates to the NetFlow component allow users to add business metadata to flow records. This update also reduces Elasticsearch storage requirements when persisting traffic flows that contain metadata.

Meridian 2022 can now classify network conversations at speeds up to 30x faster than in previous releases, improving the speed at which organizations can gain insights into which applications make up the traffic on their networks.

Reduce the required permissions now that Meridian runs as the OpenNMS user by default. Running as a non-root user significantly improves the overall security of the platform's environment, as it limits the access that malicious code can gain to system services.

We simplified the Minion communication process so that Minions now communicate with the core entirely via the message broker, not through the core OpenNMS REST API. Pushing configurations to Minion over this channel requires one less open port to deploy Minions. This reduces the amount of data passed across the wire, lowers potential security risk, and simplifies firewall rules.

Pinpoint a node's exact location with the GeoIP provisioning adapter, which queries longitude/latitude values using MaxMind's GeoIP2 databases. This automatically identifies the geographic location of your nodes when you don't know the precise location of a geocoding adapter. You can also add predefined locations for given subnets to support private IP addresses that the GeoIP2 database cannot otherwise resolve.

We have expanded Meridian's rich set of available REST APIs that enable users to integrate Meridian with their internal systems and customize it to fit their business needs and goals. Many APIs are fully documented in compliance with OpenAPI/Swagger.

Improved documentation design and search functionality make it easier to navigate Meridian's extensive feature set. Advanced typeahead search was added for quick access to relevant topics and features.

OpenNMS now automatically monitors its own performance, enabling historical visibility of key metrics from day one.

Check out last year's Meridian 2021 release, featuring application perspective monitoring, improved BGP monitoring, and better encryption for polling and monitoring.