Skip to main content

Beta Release Version v2.1.4

· 8 min read

We're excited to announce Version v2.1.4 of the Hypervisor Control Panel! This release introduces Managed Databases with read replicas and automated backup policies, Forge live snapshots for instances, alongside security groups, Docker container management, WireGuard VPN gateways, and numerous improvements across the platform.

  • [Feature] Managed Databases - Deploy fully managed MySQL, MariaDB, and PostgreSQL databases on VPC networks with automated provisioning, health monitoring, metrics dashboards, and hourly billing.
  • [Feature] Read Replicas - Create read replicas from any primary database with engine-native replication, automated lag monitoring, resync, and one-click promotion.
  • [Feature] Database Backup Policies - Automated, policy-driven backup management with configurable schedules, retention, S3 storage, and engine-specific tools (xtrabackup, pg_basebackup).
  • [Feature] Point-in-Time Recovery (PITR) - Restore databases to any point within the WAL/binlog retention window using PostgreSQL WAL archiving or MySQL binary logs.
  • [Feature] Database Parameter Groups - Custom database configuration overrides (my.cnf / postgresql.conf) applied as reusable parameter groups.
  • [Feature] Database Metrics - Real-time CPU, memory, disk, connections, and queries-per-second dashboards via Telegraf and VictoriaMetrics.
  • [Feature] Forge (Live Snapshots) - Create live VM snapshots with full memory and disk state capture. Commit changes permanently or discard to revert instantly -- ideal for testing upgrades, configuration changes, or software updates.
  • [Feature] Security Groups - Define inbound and outbound traffic rules using protocols, ports, and CIDR ranges. Attach security groups to instances for centralized network access control that replaces the per-instance firewall system.
  • [Feature] IP Sets - Create reusable collections of IP addresses and CIDR ranges that can be referenced in security group rules. Supports both IPv4 and IPv6 with bulk import.
  • [Feature] Firewall Migration - Existing per-instance firewall rules are automatically migrated into security groups during upgrade. CIDR-based rules are consolidated into IP sets for cleaner management.
  • [Feature] Docker Manager - Manage Docker containers directly from the instance management page. Pull images, create and start containers, view logs, and manage container lifecycle without SSH access.
  • [Feature] VPN Gateway - Deploy WireGuard-based VPN gateways on VPC networks for encrypted remote access (road-warrior) and site-to-site tunnels. Fully managed with automatic key generation, configuration push via QEMU Guest Agent, and hourly billing.
  • [Feature] VPC Peering - Connect two VPC networks through their VPN gateways with a single click. Keys, tunnel IPs, endpoints, and routes are configured automatically on both sides. Supports cross-location peering over public IPs.
  • [Feature] Road-Warrior Peered VPC Access - Road-warrior VPN clients automatically receive routes to all peered VPCs in their downloaded configuration, enabling access to resources across interconnected VPCs.
  • [Feature] VPN Gateway Billing - Hourly billing for VPN gateways with configurable per-GB bandwidth charges, bandwidth accounting direction, and overage handling (charge or revoke access).
  • [Feature] VPN Gateway Plans - Admin-configurable resource plans for VPN gateway instances with plan groups assignable to hypervisor groups.
  • [Feature] Push-Based Security Group Sync - Security group rule changes are pushed to hypervisors immediately rather than relying on periodic sync, with fingerprint-based change detection to skip unnecessary updates.
  • [Feature] Anti-Spoofing Protection - Security groups include nwfilter-based anti-spoofing rules that prevent instances from using unauthorized MAC or IP addresses.
  • [Feature] Docker Image Catalog - Searchable Docker Hub catalog integrated into the Docker management interface for quick image discovery and pull.
  • [Feature] HA Events Log - High Availability event logging with filterable history of failover events, evacuations, and fence operations.
  • [Improvement] Replication Resync Reliability - Resync operations no longer restart the primary database when replication is already configured, preventing cascading failures across replicas.
  • [Improvement] Health Check Protection - Databases undergoing resync are protected from being falsely marked as errored by health checks.
  • [Improvement] Forge Task Logging - Full command execution details (command, exit code, stdout, stderr) visible in task logs for all Forge operations.
  • [Improvement] Security Group UI - Dedicated security groups tab on instance management replaces the old firewall tab. Admin and user panels with full CRUD, rule management, and instance attachment via Select2 dropdowns.
  • [Improvement] FilterPanel Component - Reusable filter panel component used across HA events, security groups, and IP sets for consistent search and filtering.
  • [Improvement] IP Audit Log Redesign - Improved IP audit log interface with better filtering and display.

Managed Databases

The headline addition in v2.1.4 is a full Database-as-a-Service platform supporting MySQL, MariaDB, and PostgreSQL.

How it works:

  • Select an engine and version, choose a VPC and subnet, pick a plan, and deploy -- the system provisions a dedicated VM, installs the database engine, configures networking, and starts health monitoring automatically.
  • Each database runs on its own isolated VM within your VPC with optional public IP allocation.
  • Real-time metrics (CPU, memory, disk, connections, QPS) are collected via Telegraf and displayed on the database manage page.
  • Hourly billing with bandwidth tracking integrates into the existing Cloud Service billing system.

Read Replicas enable horizontal read scaling:

  • Deploy replicas from any active primary with engine-native replication (MySQL binlog, PostgreSQL streaming).
  • Automated health checks monitor replication status and lag every 2 minutes.
  • Resync any replica from its primary, or promote a replica to standalone primary.

For setup instructions, see our Managed Databases documentation.

Database Backup Policies

Automated backup management with point-in-time recovery for managed databases.

  • Scheduled backups -- Configure hourly, daily, or weekly backup schedules with retention policies.
  • Engine-specific tools -- Uses xtrabackup/mariabackup for MySQL/MariaDB and pg_basebackup for PostgreSQL.
  • Incremental backups -- Reduces storage and time by backing up only changes since the last full backup.
  • PITR -- Restore to any point within the WAL/binlog retention window.
  • S3 storage -- All backups stored in S3-compatible storage with configurable credentials per policy.
  • Email alerts -- Notifications for backup failures, policy pauses, PITR gaps, and source changes.

For setup instructions, see our Database Backup Policies documentation.

Forge (Live Snapshots)

Forge provides a "try before you keep" workflow for risky instance operations.

  • Enable Forge -- Takes a live snapshot of the running VM including memory state and selected disk overlays.
  • Make changes -- All disk writes go to overlay files while the original disks remain untouched.
  • Commit -- Merge overlay changes back into the base disks, making them permanent.
  • Discard -- Revert instantly to the pre-snapshot state with full memory restore.

Use Forge before OS upgrades, kernel updates, configuration changes, or software installations to ensure you can always roll back.

For more details, see our Forge documentation.

Security Groups

Security Groups provide centralized network access control that replaces the previous per-instance firewall system.

How it works:

  • Create security groups with inbound and outbound rules specifying protocol, port range, and source/destination
  • Rules can reference CIDR ranges, other security groups (for group-based policies), or IP sets (reusable address lists)
  • Attach one or more security groups to any instance -- rules are applied immediately
  • Changes propagate to hypervisors in real-time via push-based sync

IP Sets allow you to define named collections of IP addresses and CIDRs that can be shared across multiple security group rules. When an IP set is updated, all rules referencing it are updated automatically.

Migration: Existing per-instance firewall rules are automatically migrated to security groups. Rules sharing the same CIDR patterns are consolidated into IP sets for cleaner management.

For setup instructions, see our Security Groups documentation.

Docker Manager

Manage Docker containers directly from the instance management page without SSH access. The Docker tab provides:

  • Container lifecycle -- Create, start, stop, restart, and remove containers
  • Image management -- Pull images from Docker Hub with an integrated searchable catalog
  • Log viewer -- View container output logs in real-time
  • Port mapping -- Configure port bindings during container creation

Docker management requires the Docker engine to be installed on the instance and the QEMU Guest Agent to be running.

For more details, see our Docker Manager documentation.

VPN Gateway and VPC Peering

WireGuard-based VPN gateways provide encrypted connectivity for VPC networks with two connection types:

  • Road-Warrior -- Remote users connect their devices to VPC resources using any standard WireGuard client. Download a ready-to-use configuration file from the panel.
  • Site-to-Site -- Persistent tunnels between a VPC and external networks such as on-premises data centers.

VPC Peering takes this further by connecting two VPC networks with a single click. The system automatically exchanges keys, allocates tunnel addresses, configures endpoints, and pushes WireGuard configurations to both gateways. Instances reachable through one gateway become accessible from the peered VPC.

For setup instructions, see our VPN Gateway and VPC Peering documentation.