Version: 2.5

CubeCOS - Release Note

Abstract

CubeCOS 2.5 is a focused update of Bigstack’s cloud operating system with dedicated support for IEC 62443-3-3 compliance. This release introduces key security features, improved operational visibility, and enhanced platform components—while continuing to deliver a hardened, enterprise-ready infrastructure layer.

✨ New Features

🔐 Security

Disk Encryption

Added encryption mode for adding new disks.
Each drive now defaults to one OSD for improved security granularity.

Security Scanning Integration

Integrated mandatory vulnerability scanning in the build pipeline.
Ensures runtime packages are sourced from trusted upstream repositories and are free of known high-severity vulnerabilities.

File System Integrity Protection

CubeCOS automatically detects file system modifications and restores original files when unauthorized changes are identified.

USB Device Control

USB storage devices are now blocked by default to prevent unauthorized or malicious content from being introduced via USB media.
Admins can toggle USB access via CLI setting cubesys.probeusb. If the tuning is true, USB storage devices are accessible to CubeCOS. In the other hand, if the tuning is false, those devices are blocked from CubeCOS.

🛠️ Operation & Management

Admins can now configure alert messages displayed during user login.

📦 Platform Components

Based on CentOS Stream 9
Kernel version: 5.14.0-435
OpenStack Nova version: 25.3.0 (Yoga)
OVN version: 23.03
Ceph version: 17.2.6 (Quincy)
Rancher version: v2.7.9
NVIDIA GPU driver: 535.104

⚙️ Changed Features

Updated the remove_disk CLI command to include index menu options for safe and force removal.

🛠 Fixes

Enhanced the list_osd command to display additional storage information.

🔧 OpenStack Services Overview

Web Frontend

Horizon (Dashboard)

Keystone (Identity)
Glance (Image)
Barbican (Key Store)

Compute

Nova (Virtual Machine)
Ironic (Bare-metal)

Accelerator

Cyborg (GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK and so on)

Networking

Neutron (SDN/NFV, VPN as a Service)
Octavia (Load Balance as a Service)
Designate (DNS as a Service)

Storage

Cinder (Block Storage)
Manila (File Storage)
Swift (Object Storage)

Orchestration

Heat (Orchestration)
Senlin (Auto-scaling)

Monitoring

Monasca (Telemetry)

High Availability

Masakari (Instance HA)

Resource Optimaztion

Watcher (Infrastructure Optimization)

Cube Infrascope

ELK
- ~~Elasticsearch (v7.10)~~ -> Opensearch (v2.10)
- ~~Kibana (v7.10)~~ -> Opensearch-dashboards (v2.10)
- Logstash (v8.9.0)
- Filebeat (v8.10.2)
- Auditbeat (v8.10.2)
TIGK
- Telegraf (v1.17)
- Influxdb (v1.8.10)
- ~~Grafana (v7.5.9)~~ -> Grafana-enterprise (v10.1.5)
- Kapacitor (v1.5.7)
Data Pipeline
- Zookeeper (v2.13)
- Monasca (v2.5.0)
- Kafka (v2.7)

Identity

Keycloak (v17.0.1)

🔄 Compatibility

The following Cube related products are currently supported by Cube 2.5.0.

CubeCMP 1.7
- Prerequisites: CubeCOS version 2.4 or later with AppFramework deployed
CubeVDI Driver and integration
- Prerequisites: CubeCOS version 2.4 or later and CubeVDI essentials

Contact Bigstack: https://www.bigstack.co/contact-us/ for details of Cube products.

⚙️ Installation and Configuration

To deploy CubeCOS, refer to the following documentation:

To get started with CubeCOS, see Quick Start in Bigstack documentation.

🔰 Getting Started Guide

⚠️ Known Issues

After enabling OTP login, the Keycloak page fails to display any content.

Abstract​

✨ New Features​

🔐 Security​

Disk Encryption​

Security Scanning Integration​

File System Integrity Protection​

USB Device Control​

🛠️ Operation & Management​

Login Greeting Message​

📦 Platform Components​

⚙️ Changed Features​

🛠 Fixes​

🔧 OpenStack Services Overview​

Web Frontend​

Share Services​

Compute​

Accelerator​

Networking​

Storage​

Orchestration​

Monitoring​

High Availability​

Resource Optimaztion​

Cube Infrascope​

Identity​

🔄 Compatibility​

⚙️ Installation and Configuration​

⚠️ Known Issues​