BMC Network Automation 8.7.00 provides the following enhancements:
For information about issues corrected in this release, see.
The following table describes the standalone BMC Network Automation enhancements included in this release:
|Network Security Operations (SecOps) enhancements|
|Generation of compliance rules to detect security vulnerabilities|
Now you can import vendor-supplied security vulnerability reports into the system, and use them to generate compliance rules that detect vulnerable device operating systems. A canned database of Cisco CVRF-based reports is shipped with BMC Network Automation.
Compliance rules are enhanced as follows:
|Product rebranding||The installer screens and BMC Network Automation UI have been rebranded to adhere to changed logo and color scheme of BMC.|
|Upgraded cryptographic libraries||BMC Network Automation now uses upgraded cryptographic libraries, which require 2048-bit or greater key size, and SHA2 algorithm, for enhanced security.|
|Support for a stronger encryption algorithm and increased key size for certificates|
BMC Network Automation now supports a stronger encryption algorithm, SHA256WithRSA, for certificate generation. By default, the size of the certificate key is set to 4096 bits.
Note: If your existing third-party certificate does not work after upgrade to version 8.7.00 due to these updates, you need to generate and then import the certificate again. See Generating and importing an SSL certificate into the application server and Generating and importing an SSL certificate into a remote device agent for details.
|Support for more secure algorithms for the BMC Network Automation SSH proxy server|
BMC Network Automation now uses more secure algorithms for the generation of the public/private key pair used by the SSH proxy server. For more information, see Using an SSH terminal to start a session.
|Device and device adapter enhancements|
|Support for injection templates|
As part of making BMC Network Automation compliant with the Software-Defined Networking (SDN) architecture, device adapters now allow templates to include device command elements,
|PUT support for the HTTP-oriented device types||For the HTTP-oriented device types, BMC Network Automation supports the |
|Support for additional span actions by Palo Alto firewall|
The Palo Alto firewall version 5.0 supports the Deploy to Stored span action by using the SCP file transfer mode.
In addition, the Palo Alto firewall supports the following custom actions:
Note: In earlier versions of BMC Network Automation, running-config.xml was used as the startup configuration file. However, in this release, device_state_cfg.tgz is used as the startup configuration file.
|Support for the Cisco 5508 Wireless LAN Controller device|
The Cisco Wireless LAN Controller device adapter now supports the Cisco 5508 Wireless LAN Controller device running with RTOS 220.127.116.11 or RTOS 18.104.22.168.
|Support for the Cisco Sourcefire Sensor device adapter||BMC Network Automation now supports the Cisco Sourcefire Sensor firewall device running with OS 5.3. This device adapter supports the Reboot and Snapshot actions for the Running and Access Control Configuration trails.|
|Support for Cisco switches running IOS XE|
The Cisco IOS Switch/Router device adapter now supports switches that run IOS XE (such as Cisco model 3850).
View the Notes section in the device adapter details to see various limitations to this support.
|Support for the Cisco Email Security Appliance device adapter|
BMC Network Automation now supports the Cisco C300v Email Security Appliance (IronPort email security gateway) device running with OS 8.5.6 or later. This device adapter supports the following features:
|Support for adding the vShield Edge device by using the port group name||You can now add the vShield Edge device by using the port group name in a user-defined security context. In earlier releases, you could only add this device by using the context ID of the port group.|
|Support for adding the VMware vShield App firewall by using the data center name||You can now add the vShield App device by using the data center name in a user-defined security context. In earlier releases, you could only add this device by using the context ID of the data center.|
|Internal change tracking||BMC Network Automation now keeps track of changes to its internal device settings through the About the BNA Device Attributes configuration.. Each device now has a current configuration, containing the edit-page settings of the device, and a history of old settings, similar to that for the Running and Startup configurations. Compliance rules and configuration-profiled dynamic fields can be written against this trail, and the trail can be selected for various reports (such as Compliance Summary and Configuration Search). The Refresh Device Status action includes a new option for generating an initial version of this configuration for existing devices. For more information about this configuration, see|
|Renamed device adapters|
As a result, before you upgrade, ensure that you do not have your own custom device adapters with the following names, Cisco Wireless LAN Controller and Cisco Nexus. Otherwise, the upgrade will fail.
|Database and platform support|
|New platform support|
With this release, BMC Network Automation supports Red Hat Enterprise Linux 7 (64-bit).
|Discontinued platform support||With this version, BMC Network Automation discontinues support for Microsoft Windows Server 2003.|
|New database support|
For complete database support information, see
|Discontinued database support|
Starting with version 8.7.00, BMC Network Automation discontinues support for the following databases:
|New browser support|
BMC Network Automation now supports the following versions of the Chrome web browser on Windows:
For complete browser support information, see Web-based client system requirements.
|Support for encrypted connections|
|Changes in the external integration during upgrade|
Starting with version 8.7.00, you cannot enable integration with the following products during upgrade (if not enabled already during fresh installation). However, you can enable the integration after upgrade by editing system parameters.
|New Transcript Comparison report|
You can now compare device interaction transcripts side-by-side by using the Transcript Comparison report. For more information, see Viewing a Transcript Comparison report.
|Changes in the Compliance Summary report|
You can now export the Compliance Summary report in CSV format, and then use this report in third-party applications (such as spreadsheets).
You can now select the Show Device Host Name/IP Address/URL option to include the host name, IP address or URL of each device in the report.
These new options are also available in the Send Email action when attaching a Compliance Summary report.
|Purging criteria updates|
For more information, see Adding or editing a realm.
|Increased purge limit||You can now store events, jobs, and policies in the database for a maximum of 366 days before purging them. Purge limit has been increased for the following parameters:|
|New group name filter for rule sets and rules||You can now use the Group Filter option to filter groups by name while choosing the assigned and excluded spans for rule sets and the excluded spans for rules. The rule sets or rules will be assigned to all the groups matching the filter criterion, irrespective of the realms those groups belong to. For more information, see Adding a rule set and Adding or editing a rule.|
|Support for the single server template push extension||The single server template push extension provides an easy way to deploy a template from a source server to a number of devices, which might be present on a given server. You can pass the runtime parameters required for the template through a CSV file. For more information, see Using the single server template push extension.|
|Changes in the multi-server template push extension script||The multi-server template push extension script has been renamed to multi-server-template-push.bat (Windows) and multi-server-template-push.sh (Linux). This script is now located in the bcan-template-push-extension\bin directory.|
|Component length extensions|
The character length allowed for the following values has been increased:
|Support for the Tab key in the SSH proxy feature||To help you avoid typing complete device names, the SSH proxy feature now supports device name auto-complete functionality via the Tab key.|
|Dynamic fields||A query in a configuration-profiled dynamic field can now be applied to one device type, or to all device types.|
The following table describes the BMC Network Automation Developers API enhancements included in this release:
|Web service enhancement for injection templates|
The following method is added to the SpanActionService web service to support injection templates:
Web service enhancement for the OS Image actions
The following methods are added to the SpanActionService web service to request execution of a Deploy OS Image action:
|Web service enhancement for the purge criteria|
The following methods in the realm web service have been enhanced to give you more control over purging of device data per realm:
The following table describes the BMC Network Automation enhancements to support BMC Cloud Lifecycle Management:
|Pod management: Support for adding an address pool with a different pool mask and resizing a VLAN|
While editing a pod, now you can perform the following tasks:
|Container management: Changes in the guestAuthenticationBlueprint Schema|
While using the guestAuthenticationBlueprint schema, you can now choose to encrypt
This section describes the versions of products and solutions supported by BMC Network Automation version 8.7.00.
BMC Network Automation integrates with the following products to provide the BMC Continuous Compliance for Network Automation solution:
BMC Remedy AR System Server
BMC Remedy ITSM Suite
BMC Atrium CMDB Enterprise Manager
BMC Atrium Orchestrator Platform
BMC Atrium Orchestrator Content
|BMC Decision Support - Network Automation||8.7.00|
BMC Network Automation integrates with the following BMC and non-BMC products to provide the BMC Cloud Lifecycle Management solution:
|BMC Cloud Lifecycle Management||4.5|
BMC Atrium Orchestrator Platform
BMC Atrium Orchestrator Content
To view the products and solutions supported by BMC Network Automation service packs and patches, see BMC Continuous Compliance for Network Automation solution and BMC Cloud Lifecycle Management.