Migration Guide: Visualizer in Thingshub 6

As part of thingsHub’s upgrade to thingsHub 6, thingsHub’s visualizer is upgrading to Grafana 10. On-prem customers should ensure that key migrations are completed as a part of this upgrade to ensure better alert management and improved database organization, and prevent data loss in future upgrades:

• Manual migration:

  • Transitioning from Legacy Alerts to Unified Alerting

  • Migration of deprecated Angular Plugins if they are used in any dashboard.

For the migration guide for deprecated angular plugins, please consult the breaking changes documentation: Breaking Changes in thingsHub 6.0 | Breaking-Changes-from-Visualizer-Upgrade-to-Grafana-10.4

Grafana configuration changes

thingsHub has also made changes to grafana’s configurations to enhance security, reduce complexity, and improve performance in a multi-tenant, containerized environment. Key changes include:

1. Disable Installing New Plugins and external plugin management: Disabling plugin installations ensures consistency across deployments and enhances security by preventing unauthorized changes to the environment.

2. Disable Snapshot Feature: Snapshots can introduce security risks by allowing external sharing of dashboards. Disabling this prevents accidental data exposure.

3. External User Management: Integrating Grafana’s user management with ThingsHub ensures centralized user control across all services, reducing operators' complexity.

4. Enable Brute Force Login Protection: Enabling brute force login protection helps secure Grafana against unauthorized access attempts.

5. Disable Login Form: Since user management is delegated to ThingsHub, the login form is disabled, streamlining authentication and improving security by reducing attack vectors.

6. Set Log Format to JSON: Structured JSON logging makes logs easier to analyze and monitor and can enable the integration of these logs with other services like Elasticsearch, which enhances observability.

7. Inclusion of new Security Headers: Headers X-XSS-Protection (which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks) and Strict-Transport-Security (HSTS) are now enabled, which enhance the security of the Grafana installation in thingsHub.

8. Prevent sending usage stats to Grafana: By default, Grafana sends anonymized usage statistics from the Grafana instance to stats.grafana.org. This is now disabled.