Page tree

Skip to end of metadata
Go to start of metadata

BMC Network Automation 8.7.00 provides the following enhancements:

Tip

For information about issues corrected in this release, see Known and corrected issues.


Related topics

Standalone BMC Network Automation enhancements

The following table describes the standalone BMC Network Automation enhancements included in this release:

Enhancement
Description
Network Security Operations (SecOps) enhancements
Generation of compliance rules to detect security vulnerabilities

Now you can import vendor-supplied security vulnerability reports into the system, and use them to generate compliance rules that detect vulnerable device operating systems. A canned database of Cisco CVRF-based reports is shipped with BMC Network Automation.

For details, see Managing security vulnerabilities and Managing security vulnerability importers.

Compliance rules

Compliance rules are enhanced as follows:

  • A rule can now be applied to one or more selected models, or to all models.
  • A rule can now be applied to one device type, or to all device types.
  • The OS Image Name domain supports additional subjects of Lines and Patterns.
  • A new type of subject, Parsed Line, facilitates numerical value comparison.
  • A new type of subject, Ordered Version String, facilitates more accurate comparison of operating system and other version strings that contain numeric and alphabetic parts separated by a variety of delimiters.
UI enhancements
Product rebrandingThe installer screens and BMC Network Automation UI have been rebranded to adhere to changed logo and color scheme of BMC.
Security enhancements
Upgraded cryptographic librariesBMC Network Automation now uses upgraded cryptographic libraries, which require 2048-bit or greater key size, and SHA2 algorithm, for enhanced security.
Support for a stronger encryption algorithm and increased key size for certificates

BMC Network Automation now supports a stronger encryption algorithm, SHA256WithRSA, for certificate generation. By default, the size of the certificate key is set to 4096 bits.

Note: If your existing third-party certificate does not work after upgrade to version 8.7.00 due to these updates, you need to generate and then import the certificate again. See Generating and importing an SSL certificate into the application server and Generating and importing an SSL certificate into a remote device agent for details.

Support for more secure algorithms for the BMC Network Automation SSH proxy server

BMC Network Automation now uses more secure algorithms for the generation of the public/private key pair used by the SSH proxy server. For more information, see Using an SSH terminal to start a session.

 

Device and device adapter enhancements
Support for injection templates

As part of making BMC Network Automation compliant with the Software-Defined Networking (SDN) architecture, device adapters now allow templates to include device command elements, such as interaction, httpinteraction, condition, or loop. You can inject these elements into the Deploy to Active action by using these templates (also called injection templates). This feature enables templates to trigger REST-based commands, such as post, put, and delete to modify the target SDN device configuration. For more information, see Changing device configurations.

PUT support for the HTTP-oriented device typesFor the HTTP-oriented device types, BMC Network Automation supports the put command type in the <httpInteraction> element. For a sample HTTP interaction sequence with the PUT request, see HTTP-oriented device types.
Support for additional span actions by Palo Alto firewall
The Palo Alto firewall version 5.0 supports the Deploy to Stored span action by using the SCP file transfer mode.
In addition, the Palo Alto firewall supports the following custom actions:
  • Get System Serial Number
  • Ping
  • Show Text
  • Traceroute

Note
: In earlier versions of BMC Network Automation, running-config.xml was used as the startup configuration file. However, in this release, device_state_cfg.tgz is used as the startup configuration file.
Support for the Cisco 5508 Wireless LAN Controller device

The Cisco Wireless LAN Controller device adapter now supports the Cisco 5508 Wireless LAN Controller device running with RTOS 4.0.179.11 or RTOS 8.1.10.18.

Support for the Cisco Sourcefire Sensor device adapterBMC Network Automation now supports the Cisco Sourcefire Sensor firewall device running with OS 5.3. This device adapter supports the Reboot and Snapshot actions for the Running and Access Control Configuration trails.
Support for Cisco switches running IOS XE

The Cisco IOS Switch/Router device adapter now supports switches that run IOS XE (such as Cisco model 3850).

View the Notes section in the device adapter details to see various limitations to this support.

Support for the Cisco Email Security Appliance device adapter

BMC Network Automation now supports the Cisco C300v Email Security Appliance (IronPort email security gateway) device running with OS 8.5.6 or later. This device adapter supports the following features:

  • Span action: Snapshot Running, Reboot
  • Access modes: Telnet, SSH2
  • File transfer mode: Tunneled
Support for adding the vShield Edge device by using the port group nameYou can now add the vShield Edge device by using the port group name in a user-defined security context. In earlier releases, you could only add this device by using the context ID of the port group.
Support for adding the VMware vShield App firewall by using the data center nameYou can now add the vShield App device by using the data center name in a user-defined security context. In earlier releases, you could only add this device by using the context ID of the data center.
Internal change trackingBMC Network Automation now keeps track of changes to its internal device settings through the new BNA Device Attributes configuration. Each device now has a current configuration, containing the edit-page settings of the device, and a history of old settings, similar to that for the Running and Startup configurations. Compliance rules and configuration-profiled dynamic fields can be written against this trail, and the trail can be selected for various reports (such as Compliance Summary and Configuration Search). The Refresh Device Status action includes a new option for generating an initial version of this configuration for existing devices. For more information about this configuration, see About the BNA Device Attributes configuration.
Renamed device adapters
  • The Cisco 4400/2100 Wireless LAN Controller device adapter is renamed to Cisco Wireless LAN Controller.
  • The Cisco Nexus Switch device adapter has been renamed to Cisco Nexus because this device adapter supports Cisco Virtual Security Gateway (VSG) along with Cisco Nexus switches.

As a result, before you upgrade, ensure that you do not have your own custom device adapters with the following names, Cisco Wireless LAN Controller and Cisco Nexus. Otherwise, the upgrade will fail.

Database and platform support
New platform support

With this release, BMC Network Automation supports Red Hat Enterprise Linux 7 (64-bit).
For complete platform support information, see OS support.

Discontinued platform supportWith this version, BMC Network Automation discontinues support for Microsoft Windows Server 2003.
New database support
  • BMC Network Automation now supports Oracle 12c Real Application Clusters (RAC).
  • BMC Network Automation now supports PostgreSQL 9.3.5.

For complete database support information, see Database support.

Discontinued database support

Starting with version 8.7.00, BMC Network Automation discontinues support for the following databases:

  • Oracle Database 10g
  • PostgreSQL 8.x
New browser support

BMC Network Automation now supports the following versions of the Chrome web browser on Windows:

  • 43.0.2357
  • 42.0.2311

For complete browser support information, see Web-based client system requirements.

Support for encrypted connections

The BMC Network Automation application server now supports encrypted connections to the Microsoft SQL Server Database Engine. For information about supported versions of SQL Server, see Database support.

Upgrade enhancements
Changes in the external integration during upgrade

Starting with version 8.7.00, you cannot enable integration with the following products during upgrade (if not enabled already during fresh installation). However, you can enable the integration after upgrade by editing system parameters.

  • Universal Description, Discovery, and Integration (UDDI) database
  • BMC Atrium Orchestrator
  • BMC Atrium CMDB
Reporting enhancements
New Transcript Comparison report

You can now compare device interaction transcripts side-by-side by using the Transcript Comparison report. For more information, see Viewing a Transcript Comparison report.

Changes in the Compliance Summary report

You can now export the Compliance Summary report in CSV format, and then use this report in third-party applications (such as spreadsheets).

You can now select the Show Device Host Name/IP Address/URL option to include the host name, IP address or URL of each device in the report.

These new options are also available in the Send Email action when attaching a Compliance Summary report.

Purging enhancements
Purging criteria updates
  • To give you more control over purging of device data per realm, all the device-related purge criteria are moved from the System Parameters page to the realm add/edit pages. You can no longer set the purge criteria globally, like you could in earlier releases.
  • Two new purging options, Purge Historical Configurations By Configuration Trails and Purge Historical Configurations By Device Types are also available when you add or edit a realm.

For more information, see Adding or editing a realm.

Increased purge limitYou can now store events, jobs, and policies in the database for a maximum of 366 days before purging them. Purge limit has been increased for the following parameters:
  • Purge Events After
  • Purge Completed Jobs After
  • Purge Dormant Policies After
Additional enhancements
New group name filter for rule sets and rulesYou can now use the Group Filter option to filter groups by name while choosing the assigned and excluded spans for rule sets and the excluded spans for rules. The rule sets or rules will be assigned to all the groups matching the filter criterion, irrespective of the realms those groups belong to. For more information, see Adding a rule set and Adding or editing a rule.
Support for the single server template push extensionThe single server template push extension provides an easy way to deploy a template from a source server to a number of devices, which might be present on a given server. You can pass the runtime parameters required for the template through a CSV file. For more information, see Using the single server template push extension.
Changes in the multi-server template push extension scriptThe multi-server template push extension script has been renamed to multi-server-template-push.bat (Windows) and multi-server-template-push.sh (Linux). This script is now located in the bcan-template-push-extension\bin directory.
Component length extensions

The character length allowed for the following values has been increased:

  • In a rule set name and a rule name, you can now enter up to 255 characters.
  • The character length allowed for the runtime parameter value to be used in custom actions, predefined jobs, and external script actions has been increased to 2000 characters.
  • The character length allowed for a Text type dynamic field, applicable for a Device type, has been increased to 2000 characters.
  • When you direct custom action results to various locations, now you can store up to 2000 characters in the captured results. For more information, see Viewing custom action results.
Support for the Tab key in the SSH proxy featureTo help you avoid typing complete device names, the SSH proxy feature now supports device name auto-complete functionality via the Tab key.
Dynamic fieldsA query in a configuration-profiled dynamic field can now be applied to one device type, or to all device types.

Back to top

BMC Network Automation Developers API enhancements

The following table describes the BMC Network Automation Developers API enhancements included in this release:

Enhancement
Description
Web service enhancement for injection templates

The following method is added to the SpanActionService web service to support injection templates:

doMergeByAdhocInjectionTemplateExtended()

Web service enhancement for the OS Image actions

The following methods are added to the SpanActionService web service to request execution of a Deploy OS Image action:

  • doDeployOsImageByImageActiveOnDate()
  • doDeployOsImageFromFile()
  • doDeployOsImageFromOsImageLibrary()
  • doDeployOsImageFromRemoteFileServer()
  • getLoadableOsImages()
Web service enhancement for the purge criteria

The following methods in the realm web service have been enhanced to give you more control over purging of device data per realm:

  • addRealm()
  • getRealms()
  • modifyRealm()

Back to top

BMC Cloud Lifecycle Management-related enhancements

The following table describes the BMC Network Automation enhancements to support BMC Cloud Lifecycle Management:

Enhancement
Description
Pod management: Support for adding an address pool with a different pool mask and resizing a VLAN

While editing a pod, now you can perform the following tasks:

  • Add an address pool with a pool mask that is different from the existing address pools in the chained pool.
  • Resize a VLAN so that you can modify the start and end values for the pool without disrupting any existing VLANs in use. Also, you can modify the excluded VLANs list from the VLAN pool so that you can exclude or reinclude the VLANs in the VLAN pool. For the related use case, see Splitting VLAN pools and modifying the excluded VLANs from the VLAN pool.

Container management: Changes in the guestAuthenticationBlueprint Schema

While using the guestAuthenticationBlueprint schema, you can now choose to encrypt guestLoginPassword and guestPrivilegedPassword by using the encryptFlag and value elements. For more information, see guestAuthenticationBlueprint Schema.

Note: If you have exported any container blueprint in versions earlier than 8.7.00 and importing it in version 8.700, add the encryptFlag and value elements to the guestAuthenticationBlueprint Schema before importing.

Back to top

Changes to the supported products and solution versions

This section describes the versions of products and solutions supported by BMC Network Automation version 8.7.00.

BMC Network Automation integrates with the following products to provide the BMC Continuous Compliance for Network Automation solution:

Product

Version

BMC Remedy AR System Server
(Includes BMC Remedy Mid Tier)

8.1.02

BMC Remedy ITSM Suite
(Includes BMC Change Management and BMC Service Desk: Incident Management)

8.1.02

BMC Atrium CMDB Enterprise Manager
(Includes BMC Atrium CMDB Web Services)

8.1.02

BMC Atrium Orchestrator Platform
(using BMC Atrium Single Sign-On 9.0.0)

7.8

BMC Atrium Orchestrator Content

20.15.01

BMC Decision Support - Network Automation8.7.00

BMC Network Automation integrates with the following BMC and non-BMC products to provide the BMC Cloud Lifecycle Management solution:

Product

Version

BMC Cloud Lifecycle Management4.5

BMC Atrium Orchestrator Platform

7.8

BMC Atrium Orchestrator Content

20.15.01

Alcatel-Lucent VitalQIP7.3
Infoblox6.3.7

To view the products and solutions supported by BMC Network Automation service packs and patches, see BMC Continuous Compliance for Network Automation solution and BMC Cloud Lifecycle Management.

Back to top