21.08 enhancements


Review the TrueSight Network Automation 21.08 enhancements for features that will benefit your organization and to understand changes that might impact your users.

Related topics

Downloading-the-installation-files

Deprecated-and-dropped-features

Known-and-corrected-issues

Release-notes-and-notices

Performance improvements

Performance of the following components is improved during listing:

  • Combo groups
  • Device import tasks
  • Devices
  • Events
  • Groups
  • Jobs
  • OS images (sorting is also improved for this component)
  • Policies
  • Predefined jobs
  • Realms 
  • Roles
  • Rules
  • Security vulnerabilities
  • Users


Security enhancements

This release provides the following security enhancements.

Support for an enhanced algorithm to store logon passwords

When local authentication is used, Network Automation stores logon passwords in the database using the PBKDF2WithHmacSHA256 algorithm.

Due to the algorithm change, when existing Network Automation users log on to the GUI after upgrade to 21.08, they are prompted to change their password.

Change in the GET call response for the Action services

In REST API version 4.0, the runtimeProperties parameter no longer gets populated in the Action services GET call response. Therefore, if your automation or integration is dependent on this parameter, you might want to use the runtimePropertiesMasked parameter instead. Due to change in the Action services, the GET calls for the following services are affected:

  • Jobs
  • Rules
  • Predefined Jobs
  • Policies

Change in the BcanInstalledConfiguration.xml file

As a security improvement measure, the BcanInstalledConfiguration.xml file no longer stores any password.

Import Network Automation site certificates into Multi-Server Administration

Before you add any TrueSight Network Automation application server as a site into Multi-Server Administration, you need to first import the application server's certificate into Multi-Server Administration. For more information, see Importing-TrueSight-Network-Automation-site-certificates-into-Multi-Server-Administration.


Local authentication for REST API and SSH Proxy CLI when using SAML authentication for GUI

When using SAML authentication for GUI, Network Automation now supports local authentication for REST API and SSH Proxy CLI. Local authentication is enabled by default if the setting for the OAuth server is disabled. To use local authentication, you need to create users.

For more information, see Authentication.


Enhancement in the execution mechanism of an external script action

If you set the <spanSelection> tag to true for an external script action and run the action on more than one device, it runs concurrently on those devices. The number of devices on which it runs concurrently depends on the value of the maxConcurrentDeviceActions parameter in the global.properties file. In versions earlier than 21.08, the action runs serially in the order of the device names. 

For more information, see Developing-an-external-script-action-adapter.


Run the Populate End of Life Date external script action on a specific network span

In versions earlier to 21.08, the Populate End of Life Date external script action runs on all Cisco devices in your network. Starting with version 21.08, you can specify the network span on which you want to run this action. However, you cannot choose the entire network as a span. 

For any policies, jobs, or predefined jobs that were using this action before upgrade, you need to select the network span manually after you upgrade to version 21.08. For more information about this action, see Populating-End-of-Life-data-for-Cisco-devices.


Populate End of Life (EOL) data via an HTTP or HTTPS proxy server

You can populate EOL data via an HTTP or HTTPS proxy server when the application server does not have internet connectivity. To populate data, you need to run the predefined job, Populate Cisco Device Board Models and their End of Life Date on the application server via the proxy server. For more information, see Populating EOL data when application server does not have internet connectivity.


Availability of the Discrepancy and Compliance Violation Details dashboard

The Discrepancy and Compliance Violation Details dashboard, which was available upto Network Automation version 8.9, is available again now along with the dashboard that was introduced in version 20.02.

You can enable this dashboard by using the Display Discrepancy and Compliance Violation Details Dashboard system parameter. For more information about this parameter, see Managing-system-parameters.

DCVDetails_Dashboard.png


New device substitution parameters

Network Automation supports the following device substitution parameters:

  • nic: Resolves to the agent Network Interface Card (NIC) Address for a device's primary interface.
  • aux_nic: Resolves to the agent NIC Address for a device's auxiliary interface.

You can use these parameters in multiple components such as devices, agents, and external script actions. For more information, see About-substitution-parameters.


Log an event for a snapshot action status change

Use the new system parameter, Enable Event Logging for the Successful Snapshot Action After a Failure to log an event when a snapshot action succeeds after failing as part of a previous job run. The Events page shows an Info type of event when the snapshot action succeeds.

For more information about this parameter, see Device section


Search for a realm across sites

In Network Automation – Multi-Server Administration, you can now search for a realm across sites by the realm name. For more information, see Searching for a realm across sites.


Support for additional databases

Network Automation supports the following databases:

  • Microsoft SQL Server 2019
  • PostgreSQL 13.2
  • PostgreSQL 12.6

For the complete list of supported databases, see Database support.


Support for additional operating systems

Network Automation and Multi-Server Administration support the following operating systems:

  • Oracle Enterprise Linux 8.3
  • Oracle Enterprise Linux 7.9
  • Red Hat Enterprise Linux 8.3
  • Red Hat Enterprise Linux 7.9
  • Ubuntu Linux 20.04 LTS

For the complete list of supported operating systems, see OS support.


Support for Entuity Network Analytics versions

Network Automation supports the following versions of Entuity Network Analytics:

  • 19.0
  • 18.0 Patch 06

For the complete list of supported versions, see Entuity-Network-Analytics.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*