8.9.02: Service Pack 2

BMC Network Automation 8.9.02 provides the following enhancements:

Standalone BMC Network Automation updates
BMC Network Automation web services updates
BMC Cloud Lifecycle Management-related updates
Changes to the supported products and solution versions
Downloading, installing, and upgrading to the service pack

Tip

For information about issues corrected in this release, see Known-and-corrected-issues.

Standalone BMC Network Automation updates

The following table describes the standalone BMC Network Automation system updates included in this release:

Update	Description
Device and device adapter enhancements
Populating End of Life (EOL) data for Cisco devices	Device vendors regularly publish EOL bulletins for an equipment they support. The bulletins indicate that you need to replace or upgrade that equipment within a reasonable time. BMC Network Automation can help remind you to do this by flagging such devices and populating EOL dates for these devices. For more information, see Populating-End-of-Life-data-for-Cisco-devices.
Updates in the device adapters for better readability of configuration files	The device adapters for Cisco ACI, Cisco ACI- Tenant, VMware NSX, vShield App, and vShield Edge have been updated to properly indent the XML content that is stored in their configuration files. The indentation is achieved by including the new attribute, delegateClassName in the textProcessor tag. For information about this attribute, see Device-type-header-XML-element-reference. Note: This indentation introduces some discrepancies when comparing configuration files generated after version 8.9.02 against those generated before. If you want to avoid discrepancies, revert to the text processor included in earlier versions. However, BMC recommends to mark the 8.9.02 configuration as the trusted configuration.
Security enhancements
Changes in the communication between an SSH client and BMC Network Automation SSH proxy server	For enhanced security, support for the following weak algorithms has been removed from the SSH proxy server: Key-exchange algorithms: diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1 Host-key algorithm: ssh-dss Message authentication code algorithms: hmac-sha1-96, hmac-sha256-96, hmac-sha512-96 For the supported algorithms in version 8.9.02, see SSH proxy.
Enhanced password encryption	For password encryption, now 128-bit salts are used instead of 64-bit salts.
diffie-hellman-group1-sha1 (key exchange algorithm) available only in non-FIPS mode	In version 8.9.02, diffie-hellman-group1-sha1 is available only when the FIPS mode is set to false because this algorithm is weak and vulnerable to the LOGJAM security vulnerability. For information about supported algorithms in version 8.9.02, see Agent and device communication over SSH.
Control over the type of files to be uploaded in BMC Network Automation	With this release, you can control the type of files you want to be uploaded in BMC Network Automation, as follows: OS image files: You can specify whether to restrict OS image files to those that meet file naming criteria. For more information, see the OS Image Filename Filtering parameter in the Export and import section. When you load an OS image file in the OS image library or deploy an OS image, and this parameter is enabled, the file must meet the criteria mentioned in the parameter. Stylesheet files: The file must be named with the .xsl extension. For more information, see Adding-or-editing-security-vulnerability-importers. Security vulnerability files: When importing, a single file must be named with the .xml extension and a zipped file must be named with the .zip extension. Only contained files named with the .xml extension are processed. For more information, see Importing-security-vulnerabilities. Device adapter files: The file must be named with the .xml extension. For more information, see Importing-device-adapters. Rule import task file: The file must be named with the .xml extension. For more information, see Adding-a-rule-import-task.
Job enhancements
Copy failed jobs	Now, you can create copy of a failed job with only those actions that failed to execute on devices. For more information, see Viewing-the-jobs-listing.
Performance enhancements
Thread pooling in reports	In version 8.9.02 of BMC Network Automation, the content for the following reports is generated using multiple threads running in parallel, rather than a single thread, to improve their performance: Priority reports: Compliance Summary Discrepancy Summary¹ Status reports: Configuration Comparison Device Inventory Transcript Comparison Activity reports: Change Summary¹ Job Summary Search reports: ACL Search Configuration Search Transcript Search ¹For the Discrepancy Summary and Change Summary reports, only the report version which includes per-device details along with the overall summary while exporting or emailing, uses multiple threads. For more information, see Thread pooling in reports.
Alternate home page for the BMC Network Automation GUI	If you typically have many devices (thousands) in a discrepancy state, and the display of your dashboard on the BMC Network Automation GUI takes a noticeable amount of time to display, you can alter the webappAlternateHomePage global property to set it to true. The true value causes the event list page to be the home page. For more information, see Alternate home page for the BMC Network Automation GUI.
Population of memory cache during system startup	Memory cache of the associations between combo group keys and their constituent device keys is now populated during system startup in the background, instead of on demand, as and when the associations are first needed during running of the system. In versions earlier than 8.9.02, on demand population of this cache might cause a noticeable delay in loading certain pages, for instance, the first time when you try to view the details page for a device.
Installation enhancements
Database isolation level check (for SQL Server only)	The installation program now verifies that the READ COMMITTED SNAPSHOT isolation level of the BMC Network Automation database is set properly. For more information, see Configuring databases for Windows or Configuring databases for Linux.
GNU C Library version check	The installation program now verifies whether the required version of GNU C Library is installed. For more information, see Installing-the-application-server-on-Linux.
Platform support
New operating system support	With this version, BMC Network Automation supports Ubuntu Linux version 16.04. For the complete operating system support information, see OS support.
New database support	Starting from version 8.9.02, BMC Network Automation supports PostgreSQL version 9.6.4. For the complete database support information, see Database support.
Third-party software support
This version of BMC Network Automation is bundled with the following third-party software: Java Runtime Environment (JRE) version 1.8.0 update 131 Apache Tomcat web server version 8.0.47
GUI enhancements
Enhanced Job Filter page	On the Job Filter page, in the Actions section, now you can select either all actions or select specific actions by which you want to filter jobs. Actions are also categorized further for easy selection, as follows: Standard Actions Custom Actions External Script Actions
Miscellaneous enhancements
Send the Device Inventory report as an attachment and include report URL	In addition to existing reports, you can send the Device Inventory report as an attachment to your email. For example, you can send a weekly notification that includes the Device Inventory report as an attachment. Also, now you can include a link to the Device Inventory report URL in the email. For more information, see Creating-a-notification-job.
Discontinued support for French	Starting from version 8.9.02, BMC Network Automation is not localized to French.

BMC Network Automation web services updates

The following table describes the BMC Network Automation web services updates included in this release:

Update	Description
DeviceDTO updates	When adding a new device using SOAP API, DeviceService.addDevice() any current or trusted configurations in the DeviceDTO will no longer be used. Current and trusted configurations are solely managed by the system based on the snapshots of the devices, and so it was an error to allow the DeviceDTO to provide these configurations during the add operation.
REST API version 2.0 introduced	As in the previous version, version 2.0 supports create, retrieve, update, and delete operations on network spans and jobs. Support is added for the following operations on various components: Create, retrieve, update, and delete operations on the predefined jobs, rule sets, and rules Prepare a new draft job from a predefined job Copy a completed job into a new draft job Attach a device inventory report in an email action in a job or predefined job The value mapping and supporting component services are enhanced with new services to support the other oprtations (such as listing security vulnerabilities and Device Inventory report attributes). See the complete API in Endpoints-in-the-REST-API-v2-0.
REST API version 1.0 deprecated	The previous version of the REST API is deprecated. It continues to function, but is not enhanced with any new features.

BMC Cloud Lifecycle Management-related updates

The following table describes the BMC Network Automation updates included in this release to support BMC Cloud Lifecycle Management:

Update	Description
Enhanced firewall rules	In this version, ambiguities are fixed in the sorting logic for the non-overlapping firewall rules, which previously led to incorrect results or exceptions under certain conditions.

Changes to the supported products and solution versions

This section describes the versions of products and solutions supported by BMC Network Automation version 8.9.02.

BMC Network Automation integrates with BMC Threat Director version 2.2. For more information, see the BMC BladeLogic Portal documentation.

BMC Network Automation integrates with the following products to provide the BMC Continuous Compliance for Network Automation solution. For more information about this integration, see BMC-Continuous-Compliance-for-Network-Automation-solution.

Product	Version
BMC Remedy AR System Server (Includes BMC Remedy Mid Tier)	9.0
BMC Remedy ITSM Suite (Includes BMC Change Management and BMC Service Desk: Incident Management)	9.0
BMC Atrium CMDB Enterprise Manager (Includes BMC Atrium CMDB Web Services)	9.0
BMC Atrium Orchestrator Platform (using BMC Atrium Single Sign-On 9.0.0)	7.8.00
BMC Atrium Orchestrator Content	20.16.03
BMC Decision Support - Network Automation	8.9.02

BMC Network Automation integrates with the following BMC and non-BMC products to provide the BMC Cloud Lifecycle Management solution. For more information about this integration, see BMC-Cloud-Lifecycle-Management.

Product	Version
BMC Cloud Lifecycle Management	4.6.04
BMC Atrium Orchestrator Platform	7.6.03
BMC Atrium Orchestrator Content	20.14.02
Alcatel-Lucent VitalQIP	7.3
Infoblox	6.8.13

Downloading, installing, and upgrading to the service pack

For download instructions, see Downloading-the-installation-files. For installation instructions, see Installing.

If you are upgrading the application server, you must also upgrade all remote device agents to the same version as TrueSight Network Automation. For more information about upgrade, see Upgrading.