Technical bulletin - Announcing Patch 20.02.01
Patch 1 is now available for TrueSight Network Automation version 20.02. This patch includes enhancements and fixes known issues.
Enhancements
This release includes the following enhancements.
Support for adding custom actions using GUI
In earlier releases, you could create custom actions using XML. Now, you can add custom actions using the GUI too. You can easily add, edit, or delete elements and attributes in the custom actions by using the GUI controls. You can also edit existing custom actions that have been created using XML. For more information, see Adding-or-editing-device-adapters.
Support for SAML 2.0 and OAuth 2.0 for SSO
Starting from this version, Network Automation resumes support for Single Sign-On (SSO). SSO is implemented using Security Assertion Markup Language (SAML) 2.0 for GUI and OAuth 2.0 for SSH Proxy CLI and REST API. Network Automation supports SSO with Okta as the Identity Provider (IdP).
To enable SSO, you need to choose SAML 2.0 as the authentication mechanism on the Authentication Source panel while installing Network Automation. Additionally, for SSH Proxy CLI and REST API, you need to configure the Enable OAuth Integration parameter on the System parameters page. For more information, see Enabling SSO mechanism.
Device and device adapter enhancements
Support for additional configurations
This release support the following additional configurations:
Configuration | Description |
|---|---|
Certificate(s) | Creates a backup of the certificates installed on a device |
IOS XE SD-WAN Running | Creates a backup of the SD-WAN running configuration of a device |
For all the configurations available in Network Automation, see About-configurations-and-trails.
Support for additional span actions for Arista device type
The Arista device type now supports the following additional span actions:
- Deploy to Active
- Deploy to Stored
For all the span actions supported by Arista, see the attached report.
Support for new device type adapters
In this version, Network Automation supports the following new device type adapters. For additional information about the device type adapters, see the attached report.
Device type adapter name | Devices and OS | Supported trails and span actions | File Transfer mode | Access mode |
|---|---|---|---|---|
Cisco ISE | Cisco devices running Cisco Identity Service Engine (ISE) version 2.6 |
|
| SSH2 |
Fortinet FortiAnalyzer/FortiManager | FortiAnalyzer and FortiManager devices running FortiOS version 6.4 |
|
| SSH2 |
Cisco IOS XE SD-WAN Router | Cisco devices running IOS XE SD-WAN 16.9.1 or higher |
|
|
|
Cisco Viptela SD-WAN | Cisco devices running Viptela OS version 16.2 or higher |
| Tunneled | SSH2 |
Support for pushing additional content types
You can now push the following additional content types from a single application server to multiple application servers by using Multi-Server Administration:
- Dynamic fields
- Rules
- Rulesets
For more information, see Pushing content to sites.
Updates to Web Services
The following table describes the updates to the Network Automation Web Services.
Update | Description |
|---|---|
Introducing REST API version 4.0 | Version 4.0 supports create, retrieve, update, and delete operations on the following new components in addition to the existing components:
See Endpoints-in-the-REST-API-v4-0 for the complete list of components supported by version 4.0. |
Updates to the /about endpoint | Starting from this version, the /about endpoint needs to be authenticated; therefore, this endpoint requires a token to be passed. |
Change in the Multi-Server Administration site validation mechanism
In previous releases, you entered the application server URL when adding a site. Multi-Server Administration validated the URL and checked for the compatibility between the application server and Multi-Server Administration versions. If the two versions were not the same, you were not allowed to add that site.
Starting from this version, when you add the application server, Multi-Server Administration validates the URL, but does not check for the compatibility. If the admin user (msaadmin) has added multiple application servers as sites and none of them have the same version as the Multi-Server Administration version, the site user cannot log on to Multi-Server Administration. At least one of the application servers must have the same version as Multi-Server Administration and must be accessible for the site user to be able to log on. For the application servers that do not have the same version as Multi-Server Administration, status is displayed as Incompatible, and you cannot perform any operations on them.
For more information, see Working-with-sites.
View mode for system parameters
Starting with this version, the System Parameters page opens in view mode. For more information, see Managing-system-parameters.
Combined security vulnerability importers
In this release, the Import Advisories From NVD XML File and Import Cisco Advisories From NVD XML File, Published After 08/15/17 security vulnerability importers have been combined into one importer, Import Advisories From NVD XML File. Cisco security advisories are imported irrespective of the publishing date. For more information, see About-security-vulnerability-importers.
Downloading the patch
This patch includes the full installer of Network Automation. To download the installation files, see Downloading the installation files for TrueSight Network Automation.
Applying the patch
You can install this patch as a new product installation. For instructions, see Installing.
If you have the following versions of Network Automation, you can upgrade to this patch. For instructions, see Upgrading.
- 20.02
- 8.9.x
- 8.8.00