8.9.00 enhancements

BMC Network Automation 8.9.00 provides the following enhancements:

Tip

For information about issues corrected in this release, see Known and corrected issues.

Standalone BMC Network Automation updates

The following table describes the standalone BMC Network Automation system updates included in this release:

Update	Description
Remediation enhancements
Remediation of rule violations by means other than SmartMerge or full configuration push	You can associate a rule with a corrective action that performs span actions other than pushing a compliant configuration. You can choose to push a template, run a Deploy OS Image action, or run a custom action. A rule with no corrective actions cannot be enforced. You can run a new span action, called Remediate, to execute the defined corrective actions in violated rules. This span action expands into sub-actions to support a mix of various span action types that need to be run. The Deploy to Active and Deploy to Stored span actions also execute corrective actions of the same type. Only actively violated rules are corrected when you choose the Remediate With All Assigned option. You can make adhoc changes to non-violated rules by choosing specific rule sets or rules. For detailed information about the Remediate span action and the software upgrade considerations, see Remediating compliance violations.
Support for remediating multiple rule sets and rules	In the following span actions, now you can choose to remediate with any number and a mix of rule sets and rules: Deploy to Active Deploy to Stored Remediate Scan Syntax
Support for CVE ID association	You can optionally associate a rule with one or more MITRE Common Vulnerabilities and Exposures (CVE) IDs to indicate that the rule is detecting a security vulnerability. You can filter for rules that match a CVE ID. For more information, see Adding or editing a rule .
Network Security Operations (SecOps) enhancements
Integration with BMC Threat Director version 2.2	You can now use Threat Director and BMC Network Automation to track, analyze, and remediate network vulnerabilities. Using Threat Director you can: Import scan files that survey a computing environment, including its network infrastructure. Map network devices detected in scans to devices managed in BMC Network Automation. Map vulnerabilities in network infrastructure to rules for which corrective actions and grammars have been defined in BMC Network Automation. Remediate network vulnerabilities using corrective actions associated with networking rules. View the results of network remediation operations within BMC Network Automation itself or within the portal. For more information about the integration, see the BMC BladeLogic Portal documentation.
Support for filtering security vulnerabilities by device types	You can filter security vulnerabilities by device type. This filtering helps you plan your remediation tasks for that device type. You can either choose the device type from a list or you can specify the name of the device type. When filtering by name, you can use asterisk (*) as the wildcard character. You can use the name filter to find those security vulnerabilities that have associated device types not supported by BMC Network Automation. For more information, see Viewing the security vulnerabilities listing and details.
Device and device adapter enhancements
Support for new custom actions for NSX devices	BMC Network Automation supports the following new actions to support NSX network containers: Switch Port Provisioning custom action group: NSX Delete Logical Switch NSX Deploy Logical Switch NSX Discover Port Group VMware NSX Management custom action group: NSX Add Interface to Edge Device (Distributed Router/Service Gateway) NSX Delete Edge Device (Distributed Router/Service Gateway) NSX Delete Interface from Edge Device (Distributed Router/Service Gateway) NSX Deploy Edge as Distributed Router NSX Deploy Edge as Service Gateway For more information, see Configuring VMware NSX in the BMC Cloud Lifecycle Management documentation.
Support for the Check Point Gaia device adapter	BMC Network Automation supports a new device adapter, Check Point Gaia to manage the Check Point GAiA devices running with OS R77.30 and R80. This device adapter supports the following configuration trails and span actions: Running: Supports the Snapshot and Deploy to Active span actions. Check Point Asm: Supports the Snapshot span action. Check Point Objects: Supports the Snapshot span action. Check Point Rules: Supports the Snapshot span action. Check Point TGZ File: Supports the Snapshot and Deploy to Stored span actions. Note: If you encounter any "interaction failure" while performing TGZ file (a TAR file archive compressed with Gnu Zip) management through Snapshot or Deploy to Store actions on a Check Point GAiA device, increase the device inactivity timeout by using the following command: `set inactivity-timeout <timeinMinutes>`. The inactivity timeout value might vary depending on the network latency.
Support for the Deploy OS Image action for MRV OptiSwitch	The MRV device adapter supports the Deploy OS Image action for the MRV OptiSwitch 904 devices.
Support for JunOS 14.2R5.8	The Juniper device type now supports devices running with JunOS 14.2R5.8.
Support for Cisco Nexus 9000 Series switches	BMC Network Automation supports Cisco Nexus 9000 Series switches running with NX-OS 7.x.
Simplified merge for devices using tunneled mode	When deploying changes to a device using tunneled mode, the system no longer manages the block `exit` commands. That is, the system no longer removes them from the supplied script or template, nor adds `exit` commands that it considers as missing. The script or template is thus sent to the device more precisely as a user entered it. Also, the baseline device types have been enhanced to detect when a config mode has been exited in error while tunneling out a script. In such a case, the system re-enters the config mode automatically. Thus, users are prevented from running arbitrary CLI commands via a template for the device types that support a config mode.
File transfer enhancements
Support for proxy file server	You can now configure a device agent to use a proxy file server, which is separated from the device agent. With this enhancement, you do not need to configure FTP, SCP, and TFTP on the device agent. The inbound connections are now relegated to the proxy file server instead of the device agent, thus making the device agent more secure. You can configure FTP, SCP, and TFTP on the proxy file server and provide these details to the device agent. After you configure a device agent to use the proxy file server, all the configuration and images are transferred through the proxy file server. For more information, see Proxy file server and Adding or editing device agents.
Platform support
New database support	BMC Network Automation supports PostgreSQL version 9.5.3. For the complete database support information, see Database support .
New browser support	BMC Network Automation supports Microsoft Edge. For the complete browser support information, see Web-based client system requirements .
Third-party software support
This version of BMC Network Automation is bundled with the following third-party software: Java Runtime Environment (JRE) version 1.8.0 update 92 Apache Tomcat web server version 8.0.36 For the list of third-party versions supported by other versions of BMC Network Automation, see Application server system requirements.
Reporting enhancements
Enhanced System Diagnostics report	The System Diagnostics report shows the following counts: Number of non-empty and empty auto-groups Number of activated rules, and the rules that are activated and belong to enabled rule sets
Miscellaneous enhancements
Support for previewing any type of script prior to deployment	In the Deploy to Active, Deploy to Stored, Remediate, and Scan Syntax span actions, you can preview the scripts that are to be deployed. To support the preview feature, following changes have been made: The old Scripts option is replaced by the new Preview option. The Scripts option was limited to only incremental merge scripts. The Preview option shows all sorts of scripts (as follows), based on the selected configuration in the span action: Fully-resolved templates Incremental or complete configurations (such as when a historical configuration by date is selected) Complete compliant configurations Incremental compliant merge scripts For more information about the Preview option, see Creating a generic job.
Importing and exporting global substitution parameters from the CLI (import and export utility)	With this version, you can import and export global substitution parameters by using the import and export utility .
Enhanced logging for the `capture` tags	When BMC Network Automation is starting up or being upgraded, you might see warnings related to `capture` tags in the log files in the following conditions: When buffer contains capture groups, but properties do not use them When properties specify capture groups, but buffer does not have them defined For more information, see Property capture warnings.

BMC Network Automation web services updates

The following table describes the BMC Network Automation web services updates included in this release:

Update	Description
Span action service updates	The SpanActionService class includes the following new methods: doRemediateByAllAssigned(): Remediates assigned rule sets. doRemediateByEnforceables(): Remediates selected rule sets and rules. doMergeCompliantAllAssignedExtended2(): Runs a Deploy to Active action that remediates assigned rule sets, with additional input arguments to control behavior of remediation. The previous versions of this method, doMergeCompliantAllAssigned() and doMergeCompliantAllAssignedExtended(), are now deprecated. doMergeCompliantByRuleExtended2(): Runs a Deploy to Active action that remediates a single rule, with additional input arguments to control behavior of remediation. The previous versions of this method, doMergeCompliantByRule() and doMergeCompliantByRuleExtended(), are now deprecated. doMergeCompliantByRuleSetExtended2(): Runs a Deploy to Active action that remediates a single rule set, with additional input arguments to control behavior of the remediation. The previous versions of this method, doMergeCompliantByRuleSet() and doMergeCompliantByRuleSetExtended(), are now deprecated.
Job service updates	The JobService class includes the following new methods: retrieveRemediateByEnforceablesJobInfo(): Retrieves information about a job created as a result of a call to SpanActionService.doRemediateByEnforceables(). retrieveRemediateByEnforceablesResults(): Retrieves detailed execution status of a job created as a result of a call to SpanActionService.doRemediateByEnforceables(). getDeviceResultWithSubaction(): Retrieves a single device result for a job where the device ran within a sub-action under a remediating parent action. The JobService class includes the following modified method: getActionResultSummaries() now includes action and sub-action numbers, which facilitate calls to retrieve the full device result (with transcript) through getDeviceResult() or getDeviceResultWithSubaction ().
Rule service updates	The RuleService class includes a new method, getAbbreviatedCorrectableRules() to retrieve brief information for rules that can be corrected via a remediation action.
Pod service updates	The PodService class includes a new method, addExtendedVlanPool() to add an extended VLAN pool with the given information to the specified pod. For an extended pool (a pool supporting VXLAN), the VLAN pool range is from 0 to 2²⁴, as compared to the standard VLAN pool, which has a pool range from 0 to 4096.
Import and export service updates	The ImportExportService class includes a new method, exportSubstitutionParameters() to export global substitution parameters to an XML format. The importComponents() method now supports the import of global substitution parameters into the BMC Network Automation database from an XML format.

^{_{Back to top}}

BMC Cloud Lifecycle Management-related updates

The following table describes the BMC Network Automation updates included in this release to support BMC Cloud Lifecycle Management :

Update	Description
Support for Virtual Extensible LAN (VXLAN)	BMC Cloud Lifecycle Management supports VXLAN to improve scalability problems. For a pool supporting VXLAN (extended pool), the VLAN pool range is from 0 to 2 ²⁴, as compared to the standard VLAN pool, which has a pool range from 0 to 4096. For more information, see Creating a pod from a pod blueprint. A new tag, `defaultExtendedFlag` has been added to the vlanPoolBlueprint schema to support extended pools.
Support for NSX devices	Now you can create VMware NSX Bronze containers as well containers with distributed firewalls. For more information about configuring VMware NSX, see Configuring VMware NSX (SDN) platform in the BMC Cloud Lifecycle Management documentation.
Updates in the pod and container blueprint schemas	BMC Network Automation includes the following updates in the pod and container blueprint schemas: Renamed `defaultShareableFlag` tag: The `defaultShareableFlag` tag in the node blueprints within the pod blueprint has been renamed to `defaultAllowDeviceInUseByOtherPod` . For more information, see Pod blueprint XML reference . New tags: BMC Network Automation includes the following new tags: `defaultAllowDeviceInUseByOtherNode:` The node blueprints within a pod blueprint contain a new tag, `defaultAllowDeviceInUseByOtherNode`. When this tag is set to true, devices already in use by other nodes within the pod are included in the list of devices to select for the node in question. `guestDeviceCategory`: The virtual guest blueprint schema in the container blueprint contains a new optional tag, `guestDeviceCategory`, for specifying the category to assign to the newly created guest device. If not specified, the guest device is assigned the same category value as that of the host device. Updates in the node blueprint schema: The list presented when selecting a device to use in a given pod node now includes devices with a category value of Other , in addition to the devices whose category matches that specified in the node blueprint. For more information, see the nodeBlueprint schemas in Pod blueprint XML reference .
Support for sharing access layer devices among pods	BMC Network Automation allows sharing of access layer devices among pods to allow for the Software Defined Networking (SDN)-style containers that might need to do sharing.

Back to top

Changes to the supported products and solution versions

This section describes the versions of products and solutions supported by BMC Network Automation version 8.9.00.

BMC Network Automation integrates with BMC Threat Director version 2.2. For more information, see the BMC BladeLogic Portal documentation.

BMC Network Automation integrates with the following products to provide the BMC Continuous Compliance for Network Automation solution. For more information about this integration, see BMC Continuous Compliance for Network Automation solution .

Product	Version
BMC Remedy AR System Server (Includes BMC Remedy Mid Tier)	9.0
BMC Remedy ITSM Suite (Includes BMC Change Management and BMC Service Desk: Incident Management)	9.0
BMC Atrium CMDB Enterprise Manager (Includes BMC Atrium CMDB Web Services)	9.0
BMC Atrium Orchestrator Platform (using BMC Atrium Single Sign-On 9.0.0)	7.8.00
BMC Atrium Orchestrator Content	20.16.01
BMC Decision Support - Network Automation	8.9.00

BMC Network Automation integrates with the following BMC and non-BMC products to provide the BMC Cloud Lifecycle Management solution. For more information about this integration, see BMC Cloud Lifecycle Management .

Product	Version
BMC Cloud Lifecycle Management	4.6.03
BMC Atrium Orchestrator Platform	7.6.03
BMC Atrium Orchestrator Content	20.14.02
Alcatel-Lucent VitalQIP	7.3
Infoblox	6.8.13