OXware Hypervisor
hypervisor, esxi, proxmox, oxware, server-management
Start new thread
Ada Gรผrsoy

OXware big update v2.5.3-12!

byโ€ข

๐Ÿš€ Oxware v2.5 Release Notes: Enterprise Security, Cloud Integration, IaC, and Modern Workloads!

Hello everyone,

We are thrilled to share the massive evolution of the Oxware platform, spanning from version v2.5.3 to v2.5.12. Built entirely with a strict zero-dependency philosophy (stdlib-only) to ensure bare-metal performance and minimize security vectors, Oxware has grown into a powerhouse enterprise infrastructure engine tracking 114 production-ready capabilities.

Below is the complete breakdown of the versions, their features, and technical details for the forum:

๐Ÿงฉ v2.5.12 (June 2026): IaC + Clients Release

An automation-focused release designed to bring full Infrastructure-as-Code workflows and seamless desktop management to the ecosystem.

  • Multi-Step Automation Workflow Engine: Advanced conditional routing utilizing on_success and on_fail hooks. Connect actions such as vm_action, snapshot, webhook, delay, and notify inside atomic automation pipelines.

  • Policy-as-Code (OPA/Rego): Integrated Open Policy Agent (OPA) evaluation via Rego syntax for real-time compliance enforcement alongside a built-in static fallback framework.

  • CloudEvents v1.0 Compliance: Standardized event enveloping supporting sink forwarding architecture and over 30 unique system-native event types.

  • Desktop Client Support: Native Electron configuration scaffolding, long-lived API token provisioning, and built-in client download delivery endpoints.

  • Workload Mobility: Cross-cloud export support allowing operators to packaging local VMs directly into AWS AMI, Azure VHD, or GCP Raw formats.

  • Technical Footprint: 5 modules, 21 admin-only endpoints, pure stdlib implementation, tracking 114 capabilities.

๐Ÿš€ v2.5.11 (June 2026): Modern Workloads Release

Breaking the barriers of traditional virtualization by introducing hyper-fast, low-resource microVM and container/WASM runtime runbooks.

  • Firecracker microVM Integration: KVM-backed microVM support capable of blazing fast 125ms boot times coupled with automatic machine-config generation.

  • Kata Containers Support: Automatic container runtime detection, native RuntimeClass YAML generation, and internal container lifecycle listing.

  • WASM Runtime Engine: Multi-engine discovery (wasmtime, wasmedge, and wasmer), centralized module registry, and securely sandboxed WASM execution layers.

  • Edge Deployment Mode: Ultra-low resource profiling, lightweight service trims, and centralized heartbeating optimized for remote or constrained nodes.

  • Technical Footprint: 4 modules, 14 routes, standard library only, tracking 109 capabilities.

โ˜ธ๏ธ v2.5.10 (June 2026): Cloud / Kubernetes Release

Bridging the gap between physical hypervisors and Cloud-Native ecosystems through GitOps and native Kubernetes custom resources.

  • Pulumi IaC Pipeline: Dynamic TypeScript and Python infrastructure code generation, automated state export mechanisms, and provider schema generation.

  • Kubernetes CSI Driver: Native csi.oxware.io storage manifests allowing dynamic Persistent Volume (PV) provisioning on top of Oxware storage backends.

  • Kubernetes Operator & KubeVirt: Introduction of the OxwareVM Custom Resource Definition (oxware.io/v1alpha1) with reconciliation loops, tight RBAC mappings, and bi-directional VMI โ†” VM import/export configurations.

  • GitOps Sync Pipelines: In-sync integration with ArgoCD or Flux using pure Git pulling, automatic differential applications (apply diff), and proactive infrastructure configuration drift detection.

  • Technical Footprint: 5 modules, 19 admin-only endpoints, zero external dependencies, tracking 105 capabilities.

๐Ÿ” v2.5.9 (June 2026): Network Advanced 2 Release

Embodying the Zero-Trust network security model through precise application-layer perimeter defenses.

  • Granular Microsegmentation: Per-VM Layer-7 (L7) application firewalling powered by nftables enforcement with a zero-trust default-deny policy.

  • BFD (Bidirectional Forwarding Detection): Sub-second network fault path identification through FRR/vtysh with standard ICMP fallback behaviors.

  • Service Chaining Traffic Steering: Linear traffic routing through security appliances (IDS โ†’ WAF โ†’ VM) achieved via low-level iptables MARK tracking and custom policy routing.

  • Service Mesh Integration: Instant discovery of Istio/Linkerd meshes, internal service registries, Envoy sidecar proxy configuration generation, and mTLS verification tracking.

  • Technical Footprint: 4 modules, 16 admin-only endpoints, standard library only, tracking 100 capabilities.

๐Ÿ“Š v2.5.8 (June 2026): Observability Release

AI/ML-infused forecasting, structural network maps, and deep tracing modules without adding weight to your hosts.

  • Distributed Tracing Engine: OpenTelemetry-compatible span generations with native OTLP telemetry exporting capabilities.

  • Embedded Grafana Panels: Native kiosk-mode iframe embedding allowing direct virtualization of analytical boards inside the Oxware interface.

  • Topology & Flow Visualization: Structural infrastructure graph generations pulling from LLDP/ARP data matched with real-time conntrack flow matrices.

  • AI/ML Forecasting Resource Engine: A custom-built, standard library linear-regression script predicting resource/capacity demands and generating resource pressure heatmaps.

  • Proactive Placement Engine: Automated drift detection mechanics paired with capacity planning and predictive "what-if" VM placement testing.

  • Technical Footprint: 5 modules, 18 admin-only endpoints, zero external dependencies, tracking 96 capabilities.

๐Ÿ’พ v2.5.7 (June 2026): Backup Advanced Release

Enterprise disaster recovery and state-retention mechanisms prioritizing zero idle loads and strict verification.

  • Application-Consistent Snapshots: QEMU guest-agent fsfreeze calls combined with database-safe quiescing actions and pre/post execution hooks.

  • 3-2-1 Backup Automation: Full configuration pathways to maintain 3 copies of data across 2 media types with 1 offsite location (supporting S3, native rsync, and MinIO).

  • Automated Backup Verification: Programmatic snapshot health validation using ephemeral VMs executing automated mount-test and boot-test scripts.

  • Cross-Site Replication Engine: Synchronous or asynchronous replication paths using rsync or qemu-img accompanied by RPO tracking and single-click DR promotion.

  • Technical Footprint: 4 modules, 18 admin-only endpoints, zero idle CPU/RAM load, tracking 90 capabilities.

๐Ÿข v2.5.6 (June 2026): Multi-Tenancy Release

Turning data centers into structured Public/Private clouds through robust financial isolation layers and self-service capabilities.

  • Hard Tenant Isolation: Multi-dimensional quota enforcement capping per-tenant vCPUs, RAM, storage, total VM instances, and allocated IP addresses.

  • Self-Service End-User Portal: Secure dashboard granting scoped VM lifecycles to end-users strictly verified via object ownership controls.

  • On-Demand Chargeback & Showback Billing Engine: Resource usage processing (โ‚ฌ/USD/TRY currencies) for vCPU-hour, RAM-hour, disk-month, IP-month, and snapshot-month. Computed strictly on-request with zero background overhead.

  • Service Catalog Templates: 6 built-in quick-deploy templates (Ubuntu 24.04, Debian 12, Windows Server 2022, WordPress, GitLab CE, and Docker Host).

  • Guaranteed Resource Pools: Hardware reservations allowing administrators to enforce baseline minimum vCPU and RAM allocation guarantees.

  • Token-Bucket API Rate Limiting: Perimeter security limiting per tenant to a default of 100 requests per minute (rpm) with a 200 request burst allowance.

  • Technical Footprint: All administrative points protected via @require_role("admin"), tracking 86 capabilities.

๐Ÿ›ก๏ธ v2.5.5 (June 2026): Security & Compliance Release

Hardened isolation schemes meeting global compliance standards alongside direct hypervisor data loss prevention.

  • Confidential Computing: Support for AMD SEV and Intel TDX environments ensuring hardware-encrypted CPU memory states.

  • Live Disk Encryption: Zero-overhead storage privacy utilizing LUKS2 and AES-XTS-256 block-level encryption.

  • Automated Compliance Auditor: Scanners checking nodes natively against CIS Benchmarks, NIST 800-53, PCI-DSS, HIPAA, and ISO 27001 structures.

  • Hypervisor-Level DLP (Data Loss Prevention): Deep inspection of network/disk frames via optimized Regex searching for sensitive patterns (PII, Credit Cards, AWS Access Keys, PEM certificates, JWT, and national ID formats).

  • Forensics Toolsets: Instant execution of runtime memory dumps using virsh dump and per-VM tap network interface packet captures (pcap).

  • Identity Management & SSO: Multi-Factor Authentication (MFA) enforcement mapped by role, paired with native SAML 2.0 and OpenID Connect (OIDC) identity providers (Okta, Azure AD, Google Workspace).

  • Technical Footprint: All endpoints locked to admins, tracking 81 enterprise capabilities.

๐Ÿ” v2.5.4 (June 2026): Security & Hardware Release

Low-level hardware access and cryptographic audit validation for mission-critical deployments.

  • Cryptographic Hardware Support: Virtual TPM 2.0 implementation supporting Windows 11 BitLocker alongside mandatory UEFI Secure Boot verification.

  • HashiCorp Vault Integration: Seamless separation of application secrets and storage keys offloaded to secure Vault backends.

  • Tamper-Evident Audit Logs: Cryptographically signed, hash-chained internal audit logs making unauthorized logging alterations instantly visible.

  • Hardware Passthrough & Performance: Automated HugePages configuration for intensive database engines, SR-IOV Virtual Function (VF) configuration, and NVIDIA vGPU (GRID/MIG) discovery/passthrough.

  • Continuous Data Protection (CDP): Sub-second RPO configuration states backed by dynamic dependency graph-based disaster recovery boot ordering and Geo-DNS automatic failover hooks (Cloudflare / AWS Route53).

  • Technical Footprint: Rigid RBAC structure via @require_role("admin", "administrator"), tracking 74 capabilities across 10 distinct categories.

๐Ÿข v2.5.3 (May 2026): Enterprise Release

The architectural baseline establishing deep cluster management, high availability, and operational user interfaces.

  • Cluster Optimization Engine: Distributed Resource Scheduler (DRS) auto-balancing, affinity/anti-affinity orchestration, Enhanced vMotion Compatibility (EVC), maintenance-mode live migrations, and NUMA-node hypervisor thread scheduling.

  • Storage and Network Efficiency: Linked disk cloning systems, native NIOC network bandwidth Quality-of-Service (QoS) rule mapping, and application-consistent snapshotting.

  • User Experience & Management: Interactive VNC live thumbnail matrix, globally accessible command palette, step-by-step infrastructure onboarding wizard, SIEM export engines, and a fully mobile-responsive administration interface built on GitHub Pages styling.

๐Ÿ’ก Architectural Note: Every feature detailed above is built strictly on top of standard native tools (Go/Python standard libraries, Linux native utilities like KVM, nftables, and QEMU). No bulky external node packages, no bloated frameworksโ€”just raw, high-performance systems engineering.

Feel free to ask any technical questions or leave your feedback below. We'd love to hear your thoughts on these architectural updates!

5 views

Add a comment

Replies

Be the first to comment