BMC Network Automation 8.8.00 provides the following enhancements:
For information about issues corrected in this release, see Known and corrected issues.
Standalone BMC Network Automation updates
The following table describes the standalone BMC Network Automation system updates included in this release:
|Network Security Operations (SecOps) enhancements|
|Compliance rule enhancements|
While creating a compliance rule, now you can add the activation date and deactivation date for the rule, as follows:
These dates help you run automatic compliance checks on devices. You can specify the time at which the system should automatically find violations in newly activated compliance rules and clear violations in newly deactivated compliance rules in the Perform Daily Rule Activation/Deactivation At system parameter.
For more information about these fields, see Adding or editing a rule.
For a sample rule grammar that utilizes these fields to generate compliance violations when a device reaches End of Life (EOL), see Device End of Life.
|Inclusion of spans when exporting and importing rules|
The rule XMLs generated through the rule export task now contain the excluded network spans and groups for the rules. After importing the rules by using these exported XMLs, you do not need to reassign the excluded network spans and groups.
|Importing and exporting rules and rule sets from CLI (import and export utility)||With this version, you can import and export rules and rule sets by using the import and export utility.|
|Support to handle brute force attacks|
With version 8.8.00, if a user provides an incorrect password while logging in to BMC Network Automation, the user gets locked after a particular number of failed login attempts. Either the user gets unlocked automatically after a specific time period or a user with the Unlock Users right can unlock the user. For more details, see Locking or unlocking users.
|Support to handle|
Cross-Site Scripting (XSS) attacks
To handle XSS attacks, BMC Network Automation now includes an optional filter that restricts certain characters and patterns from being included in the HTTP request from a user. If the filter detects these characters or patterns in the request, BMC Network Automation denies the response to the request and generates an error message. You can configure this filter to restrict various characters and patterns by setting a few properties in the global.properties file. For more information, see Handling the XSS attacks.
Note: When you upgrade to version 8.8.00, certain characters and patterns are restricted by default.
|Enhanced login system rights||Now, you can control the login access to the BMC Network Automation application server through GUI and Web Services in addition to SSH Proxy by using the Login system rights. For more information, see Access the application server.|
|Device and device adapter enhancements|
|Support for VMware vSphere version 6.0 and new external script actions|
BMC Network Automation now supports vSphere version 6.0. Deploying Virtual Security Gateway (VSG) on vSphere 6.0 devices does not require Policy Agent Image Name and VSG User Name parameters. Therefore, the following new external script actions are available to support deployment of VSG and VSG Secondary devices:
Note: In this version, BMC Network Automation does not support the configuration of VLAN on the port group of a dvSwitch for which the multipleLAG version of the Multiple Link Aggregation Control Protocol (LACP) is enabled. As a workaround, you can change the LACP version to singleLAG using the changeLacpApiVersionToSingleLag attribute in the
This command first reconfigures the underlying dvSwitch to disable the multipleLAG version and then configures VLAN on the port group.
|Support for the VMware NSX Manager device|
BMC Network Automation provides a new device adapter, VMware NSX Manager to manage NSX Manager. This adapter is HTTP based and uses REST API calls to manage NSX Manager. It supports trails for the running configuration. This configuration is stored in ASCII format, which is obtained by running HTTP GET calls to capture configuration of various objects, such as components, edges, NTP settings, network settings, syslog settings, FTP settings, certificates, NSX Edge devices, distributed firewall, switch, virtual-wires, scope, controller, segment, and multicast.
You can make partial configuration changes in NSX Manager by using the Deploy to Active action with Injection Templates. For information about Injection Templates, see Using injection templates to change device configuration.
|Support for the VMware NSX Distributed Firewall device|
BMC Network Automation provides a new device adapter, VMware NSX Distributed Firewall to manage NSX Distributed Firewall. This adapter is HTTP based and uses REST API calls to manage NSX Distributed Firewall. It supports trails for the running configuration. This configuration is stored in ASCII format, which is obtained by running HTTP GET calls to capture configuration of distributed firewall.
You can make partial configuration changes in NSX Distributed Firewall by using the Deploy to Active action with Injection Templates. For information about Injection Templates, see Using injection templates to change device configuration.
|Support for the VMware NSX Logical Router and NSX Service Gateway devices|
BMC Network Automation provides support for a new device adapter, VMware NSX Edge to manage NSX Logical Router and NSX Service Gateway. This adapter is HTTP based and uses REST API calls to manage these devices.
It supports trails for the running configuration. This configuration is stored in ASCII format, which is obtained by running HTTP GET calls to capture configuration of these devices. You can deploy partial configuration changes by using the Deploy to Active action with Injection Templates. For information about Injection Templates, see Using injection templates to change device configuration.
|Support for the Cisco Application Centric Infrastructure (ACI) device|
With this release, BMC Network Automation supports the Cisco ACI device adapter to manage the Cisco ACI Application Policy Infrastructure Controller (APIC). This adapter is HTTP based and uses REST API calls to manage APIC.
It supports trails for the running configuration. This configuration is stored in binary format, which is obtained by creating an export policy using the import/export feature of Cisco ACI. The configuration also contains the decoded ASCII contents, which is obtained by capturing the output from the HTTP GET calls to capture the configuration of the following objects:
Using this device adapter, you can take a snapshot of a configuration file that is in the tar.gz format, and you can deploy that file to the APIC using full merge. You can deploy partial configuration changes to APIC by using Injection Templates. For information about Injection Templates, see Using injection templates to change device configuration.
|Support for the MRV OptiSwitch 904 device|
BMC Network Automation now supports the MRV OptiSwitch 904 device running with Master-OS version 4_3_2B. This device adapter supports the following features:
|Enhancements in the existing device adapters|
The existing device adapters have been enhanced as follows:
|New operating system support|
BMC Network Automation supports the following operating systems:
For complete operting system support information, see OS support.
|Discontinued operating system support|
BMC Network Automation discontinues support for the following operating systems:
|New database support|
BMC Network Automation supports Microsoft SQL Server 2008 R2 SP3.
For the complete database support information, see Database support.
|Discontinued database support|
BMC Network Automation discontinues support for the following databases:
|Discontinued browser support|
BMC Network Automation discontinues support for the following browsers:
For complete browser support information, see Web-based client system requirements.
|Encryption for Oracle Database 12c||BMC Network Automation version 8.8.00 supports encryption for Oracle Database 12c.|
|File transfer enhancements|
|Enhanced file transfer|
During a snapshot operation if the configuration file for a device (such as Cisco ACI) is generated and transferred with a naming convention that does not match the one which BMC Network Automation expects in the transfer directory, you can include a new property,
|New Trivial File Transfer Protocol (TFTP) parameters|
This release supports the following new TFTP parameters in the global.imported.properties file:
|Support for generating the Compliance Summary report by rule|
You can generate the Compliance Summary report by rules in addition to the selected rule sets. The Compliance Summary report wizard includes a new option, Selected Rules to select the rules to be included in the report.
This new option is also available in the Send Email action when attaching a Compliance Summary report.
Support for exporting the Discrepancy Summary report in CSV format
You can now export the Discrepancy Summary report in CSV format, and then use this report in third-party applications (such as spreadsheets).
This new export format is also available in the Send Email action when attaching a Discrepancy Summary report.
|Event and job count available in the System Diagnostics report||The System Diagnostics report now shows the total number of jobs and events in the system under the Component Counts section.|
|Debug trace option at job level|
You can now enable logging of low-level debug statements in the job transcripts at the job level by using the Include Debug Trace in Communication Transcripts option while creating a job. Earlier, you could enable logging only at the global level for all device command/response interactions by using the Include Debug Trace in Communication Transcripts system parameter. With this enhancement, you can control debugging at granular level. For more information about this option, see Creating a generic job.
The Job Details report shows whether logging was enabled prior to execution of the job. For more information, see To view the job details report.
Note: For the predefined jobs, policies, the template push extension scripts, and the auto script (bcan-dsn utility), the Include Debug Trace in Communication Transcripts option is not available at job level. Logging depends on the value of the Include Debug Trace in Communication Transcripts system parameter.
BMC Network Automation web services updates
The following table describes the BMC Network Automation web services updates included in this release:
Support for debug trace at job level
To enable logging of low-level debug statements in the job transcripts at job level, the jobParamsDTO in the SpanActionService and EndPointService web services now includes the
|Support for importing security vulnerabilities|
A new class, SecurityVulnerabilityService, has been added, which contains the following web services that help you to import security vulnerabilities into the system:
|Enhancements in the ImportExportService class|
The ImportExportService class has been enhanced as follows:
BMC Cloud Lifecycle Management-related updates
The following table describes the BMC Network Automation updates included in this release to support BMC Cloud Lifecycle Management:
|Container provisioning: Order of acquired resources during container provisioning|
Starting with this version, during container provisioning, the network resources are acquired in the order in which they are defined in the container blueprint. The Order column in the container details page shows the order in which resources are acquired during provisioning.
For the containers provisioned in version 8.8.00, this column shows the true order in which resources were acquired during provisioning. For upgraded containers, this column shows the numbers that are randomly assigned to the acquired resources.
To view the container details page, navigate to Network > Virtual Data Center > Containers, and click the View icon for the container for which you want to view the details.
|New BMC Atrium Orchestrator Service Actions (SA) IPAM supporting processes|
To improve performance during service offering instance (SOI) provisioning, this release provides the following new IPAM supporting processes:
|Juniper SRX firewall: Change in behavior when pushing ACL updates|
Starting with version 8.8.00, BMC Network Automation does not support the add, remove, and replace firewall rule operations if the device is using tunneled transfer mode. The tunneled transfer mode pushes the ACL updates in an unsafe way because it first deletes the old ACL and then builds up the new ACL. The process might lead to data packets being processed incorrectly.
If you are using the tunneled transfer mode in a Juniper SRX firewall device, set the device to use the file transfer mode.
Changes to the supported products and solution versions
This section describes the versions of products and solutions supported by BMC Network Automation version 8.8.00.
BMC Network Automation integrates with the following products to provide the BMC Continuous Compliance for Network Automation solution:
BMC Remedy AR System Server
BMC Remedy ITSM Suite
BMC Atrium CMDB Enterprise Manager
BMC Atrium Orchestrator Platform
BMC Atrium Orchestrator Content
|BMC Decision Support - Network Automation||8.8.00|
BMC Network Automation integrates with the following BMC and non-BMC products to provide the BMC Cloud Lifecycle Management solution:
|BMC Cloud Lifecycle Management||4.6|
BMC Atrium Orchestrator Platform
BMC Atrium Orchestrator Content
To view the products and solutions supported by BMC Network Automation, see BMC Continuous Compliance for Network Automation solution and BMC Cloud Lifecycle Management.