Skip navigation
1 2 Previous Next

TrueSight Network Automation

28 posts
Share:|

Software Defined Networking is a paradigm that separates control plane (brain or software) from the data plane (hardware) to simplify network management, by introducing:

  1. Centralized management (by decoupling control and data plane)
  2. Network programmability with APIs where network services and configurations are programmable (“software defined”) through access to the management plane via APIs
  3. Encourages use of virtualization in the data plane

 

SDN is a system that centralizes network resource management, so that administrators can manage traffic based on the need.

 

In the market, dominant players for SDN are Cisco (ACI) and VMware (NSX).

 

However, SDN comes with it’s own limitation. SDN, in itself, is not capable of configuration management, compliance and change management. In fact, security is a big challenge in SDN.

 

 

If you admire SDN solutions and want to implement it in your network, you need to address SDN's limitations first. You can use network automation solutions such as TrueSight Network Automation to manage SDN to overcome following challenges:

  1. Vulnerability Management: With SDN, new network security vulnerabilities arise, and it is very important to remediate these vulnerabilities, TrueSight Network Automation can help you to import vulnerabilities and to remediate vulnerabilities in one go.
  2. Compliance: Nowadays, compliancy is one of the mandate in most of the organizations, you will not get any exception for SDN devices either. You can use TrueSight Network Automation compliance engine to apply standards for regulatory and security rules such as SOX, PCI-DSS, HIPAA, NIST, DISA, and CIS.
  3. Configuration Management: It is important to maintain a golden copy of configuration for disaster recovery. You can implement a policy-based approach to configure SDN devices with templates based on best practices to simplify administration and ongoing maintenance.
  4. Change tracking mechanism: When network configuration changes are implemented, network engineers are required to document these changes in change management system. To automate the change tracking and documentation process, you can use TrueSight Network Automation to automatically create network change request in change management tool such as Remedy. After the change request is approved, the change is scheduled for execution in TrueSight Network Automation.

 

Not only this, automation tools give you a consistent way to seamlessly manage different networking technologies in your network and make the network audit ready.

 

TrueSight Network Automation already supports management of following SDN devices out of the box:

  1. VMWare NSX
  2. Cisco ACI

 

Also, you can develop your own device adapter if you would like to manage other SDN devices. You should be able to manage SDN devices in the same way as you used to manage your traditional devices without any overhead.

 

To summarize, SDN technology is prevailing in market and has it's own advantages, but you need an automation tools to complement the SDN technology and to manage network service delivery for multi-vendor infrastructure. You can consider leveraging TrueSight Network Automation for managing SDN devices without bothering about complexity which SDN devices bring with itself.

 

In case of any query or suggestion, feel free to comment in the section below.

Share:|

Network administrators need to manage thousands of devices across the globe and it is very hard to track end of life data for wide variety of devices such as switches, routers, firewalls and load balancers. When devices reach their end of life, the vendor stops supporting and no longer publishes patches for the devices. Continued use could lead to new and non-fixable vulnerabilities. Hence, it is critical for network admins to identify EOL’d devices and take necessary action as soon as possible.

TrueSight Network Automation can help you to identify such devices. TrueSight Network Automation can read the EOL bulletins released by Cisco and can alert network admins about EOLs of various devices in the device inventory report. You can import these EOL bulletins in advance of the EOL dates too.

 

All you have to do is run a canned predefined job called “Populate Cisco Device Board Models and their End of Life Date” and pass Cisco client credentials as runtime parameter.

Upon successful execution of the preceding steps, the End of Life column on the Devices page is populated with the EOL dates for the Cisco devices. If a device has multiple boards, the EOL date shown is the earliest EOL date amongst all device board models.

Once the EOL dates are populated you can use either Device Inventory report or Configuration Search report to view the reports as shown in Figure 1 below.

 

Figure 1

 

Another way of performing this operation would be via canned policy “Populate Cisco Device Board Models and their End of Life Date” and EOL data can be fetched and populated recursively as shown in Figure 2 below.

 

Figure 2

 

In addition, you can calculate service true-ups for products that Cisco has reached EOS during your current service period. Generate a Device Inventory report filtered by Entire Network and the PID. Calculate the difference between the contract Contract End Date and the EOS date for your service credits.

 

You can populate EOL data even when application server does not have internet connectivity using FetchCiscoEolData script.

For details refer detailed documentation at:

https://docs.bmc.com/docs/display/public/tsna89/Populating+End+of+Life+data+for+Cisco+devices

https://docs.bmc.com/docs/display/public/tsna89/Identifying+end-of-sale+and+end-of-life+hardware

 

So, let us start using this functionality and identify EOL’d devices within minutes.

Please do write your comments and suggestions and let us know your views.

Share:|

I am thrilled to announce the release of TrueSight Network Automation (formerly called as BMC Network Automation) 8.9 Service Pack 3 a.k.a 8.9.03.

Here are some of the highlights of the release:

 

Report Backgrounding

With this release, all reports (except License Usage) will be generated in the background, where you don’t need to tie up your browser session by waiting for a report to display. Instead, you make selections and send the report generation into the background. The system then stores the result in the database and you can view the report any number of times.

 

Network Security Operations (SecOps) enhancements

Support for importing vulnerabilities from NVD repository:

Now, you can import vendor-supplied security vulnerability reports for Cisco and Juniper device types from the National Vulnerability Database (NVD) repository into the system, and use them to generate compliance rules that detect vulnerable device operating systems. A canned database of NVD-based Cisco and Juniper reports is shipped with the system.

Support for Cisco CVRF XML files formatted per version 1.2:

The canned importer named "Import Cisco Advisory From CVRF XML File" includes an updated stylesheet that now supports parsing Cisco CVRF XML files in version 1.1 or 1.2 formats.

 

Improved Telnet/SSH Session popup window

The UI-based popup window that interacts with the device command line interface in a Telnet/SSH Session job has been replaced, resulting in improved performance and VT100 support. The replacement is seamless; the window looks the same as it did in previous releases and provides the same functionality.

 

MultiNICs support for Remote agent

With this release, you can use a single agent to manage multiple networks, where each network is reachable via a different network interface card (NIC) at the device agent. When the agent communicates with devices belonging to a given network, all traffic (both device action traffic and syslog traffic) pass through the NIC for that network.

 

RESTful APIs

We have expanded our RESTful APIs to now cover Users, Device Security Profiles and Security Vulnerabilities. As we are expanding our RESTful APIs, we suggest users to migrate from SOAP API to  RESTful APIs.

 

And these are just the highlights!  Check out the page below for the comprehensive list of what is in 8.9.03:

 

8.9.03: Service Pack 3 - TrueSight Network Automation 8.9

Got a question or feedback? Talk to us in the comments section below

Share:|

We are excited to introduce you to our new YouTube channel “BladeLogic Automation” for "How-to" videos, intended to help with a specific task or feature of products in the BladeLogic Automation suite (BSA, BDSSA, BDA and BNA).

 

 

Highlights:

 

Focused contents:  The contents of this channel will only focus on providing technical videos for the Server Automation, Decision Support for Server Automation,Database Automation and Network Automation products.   This content is developed by the BMC Support technical teams.

 

Featured Playlists: The channel will focus on technical contents, such as how-to, troubleshooting guides and functional demonstrations. Similar features/functions and categories will have their own Playlists to reduce the time to search the contents.

 

Snippet of our Playlists:

Click  to receive notifications when the new technical content is posted on the channel and to get the most out of the products – BSA, BDSSA, BNA and BDA.

Refer to our "Playlists" to play all the videos organized by topic or a product.

Here are the current Playlists:

 

We welcome feedback from the community.

Share:|

Data warehouses are meant to keep huge data, often collected over a number of years. This often demands allocation of the right amount of space at the beginning when you set up your data warehouse. But often wrong estimation or forecasting of the space might result in your data warehouse failing over a period as data gets accumulated in it, thus, failing your application. This article presents guidelines about sizing BMC Decision Support – Network Automation data warehouse correctly so that it does not run out of space over period.

 

This article would mainly help BMC Decision Support - Network Automation administrators during new deployments.

The most fundamental factor that determines the space requirements is how many years do you want to retain the data for in the data warehouse. Once you decide the time period, next step is get the number of network devices managed by BMC Network Automation. Once these two factors are determined, you can use the following guidelines to determine the space required by the data warehouse.

 

Assuming BMC Network Automation is managing 25000 devices, then here are space requirements for it:

 

ETL runs   ->

Every 24 hours till 1 year:

Every 6 hours till 1 year:

Every 1 hours till 1 year:

DWH Size

10 GB

34 GB

190 GB

Master DB Size

2 GB

3 GB

3 GB

Work DB Size

3 GB

2 GB

2 GB

 

DWH: Data warehouse Database       DB: Database         ETL: Extract – Transform - Load

 

Size of Work and Master databases does not grow with the increase in the number of devices managed. So, the space requirement does not change.

Note: Size of DWH changes as per ETL frequency because with each ETL, DWH stores snapshot of compliance and drift status for the entire network and other information.

For example, If you are managing 100,00 devices through BMC Network Automation and you want to store the data for 5 years with ETL running every 24 hours, then the space requirements would be as follows:

 

DWH Size – [ 10 GB  * (100,00/250,000) ]  * 5   = 20 GB
Work DB Size – 3 GB
Master DB Size – 2 GB

 

So, the space required would be 25 GB (20 + 3 + 2). Hope you find this article to be useful while you are planning your new deployment for BMC Decision Support – Network Automation and would avoid your data warehouse from running out of space as time passes. Its always better to be proactive then reactive.

Suma Bhat

8.9.02 is now available !

Posted by Suma Bhat Oct 23, 2017
Share:|

I am excited to announce the release of BNA 8.9 Service Pack 2 a.k.a 8.9.02.  We have been listening to you and working tirelessly to give you the best network automation product in the market that enables you to be some of the most efficient and productive network engineering and operations folks out there !

 

Here are some of the highlights of the release:

 

Network SecOps & RESTful APIs

  • BNA’s vulnerability management capabilities now tie into Response Service. If you have not heard of Threat Director (on-prem solution) / Response Service(SaaS solution), our  solutions for vulnerability management across your datacenter, talk to your account manager about a presentation and a demo.
  • RESTful APIs: We have expanded our RESTful APIs to now cover RuleSet, Rule and Predefined Job services. As we expand our RESTful APIs, I’d like to remind our user community that the SOAP APIs will be supported but will not be enhanced going forward.

 

EOL management

  • Manage EOL of devices with our new capability that can automatically augments EOL information to devices, starting with Cisco devices. Don't be caught with security vulnerabilities in devices that have EOLed anymore !

 

Performance & Scale

  • Folks that are managing 10s of 1000s of devices or even 100s of thousands of devices, we’ve listened to how long some of the reports can take and and have addressed it with our report thread pooling enhancement. There is improvement across all reports, as compared to the previous release, but the ones I wanted to mention a few in particular:
    1. Device Inventory report - 90% faster
    2. Compliance Summary report - 81% faster
    3. Transcript Search report - 78% faster
    4. Configuration Comparison report - 68% faster
    5. ACL Search report - 48% faster
    6. Transcript comparison report - 36% faster
  • With several refactorings and optimizations on the backend, you can now manage up to 50,000 devices with a single instance of BNA . We will be updating the sizing recommendations shortly.

 

Device Adapter Development Guide

 

Enhanced Customer Experience, Security a Supportability

  • Device Inventory report can now be emailed through a job/policy
  • Simply recreate jobs with failures, to run them again ONLY on failed devices
  • Job filter has new groupings to make filtering easier 
  • OS Image filename filtering via white-listing or black-listing of filename patterns to disallow malicious file uploads
  • Runtime guards against incorrect database transaction isolation level settings

And these are just the highlights !  Check out the page below for the comprehensive list of what is in 8.9.02:

8.9.02: Service Pack 2 - BMC Network Automation 8.9

 

BMC Decision Support - Network Automation 8.9.02 is generally available as well.  Starting this release, BO configuration will not be part of the installer for BDS-NA.

We have included a  separate utility to deploy the BO content i.e. Import BIAR, Connection, User Creation in CMC and the JDBC driver configuration for all the supported database servers. Find details here: 8.9.02: Service Pack 2 - BMC Network Automation 8.9

 

Thanks!

Suma Bhat

8.9.01 is here !

Posted by Suma Bhat Apr 19, 2017
Share:|

BNA 8.9.01 now available !

 

I am very pleased to announce that BNA 8.9 Service Pack 1 is now available with the following new capabilities which we think you are going to find very useful !

 

Here are some highlights of the release:

1. RESTful APIs

We are introducing RESTful APIs with Swagger UI which is a user-friendly interface to experiment with the REST API calls with no need to write any programs to do so. See more here: https://docs.bmc.com/docs/NetworkAutomation/89/developing/using-the-rest-api

We will support SOAP APIs but no new enhancements will be added*.

 

2. Network SecOps and Rule engine enhancements

  1. Rule filter enhanced to allow filtering for:
    • rules which cannot be corrected,
    • rules which are correctable via:
      • correctable via Deploy to Active action
      • correctable via Deploy to Stored action
      • correctable via Remediate Action
  2. Rules can now check for specific configuration in conjunction with OS version, for a sharper vulnerability detection.
  3. Compliance summary report now can optionally show Base Score associated with vulnerability rules. Also the vulnerability rules now link to the associated vulnerability improving user experience to access Remediation recommendation from the vendor or other vulnerability information.

 

 

3. Expanded import/export capabilities

In addition to the existing compoenets, you can now export and import the following as well:

  • Combo groups,
  • Keywords, Conditions, Policies,
  • Dynamic Fields
  • Roles

This will enable environment specific customizations are your content-sync needs between dev/test/production environments or between multiple BNA instances for example.

*This is available as part of the existing ImportExportService WS API (SOAP).

 

 

4. Reporting enhancements

1. You can now choose to hide header in addition to footer during CSV export of the following:

    • Custom action captured results
    • Events list
    • Jobs
    • Predefined jobs
    • Policies
    • Send Email span action

2. Custom trail configurations can now be compared by launching the Configuration Comparison report through external URL

 

 

5. Performance improvements

With this latest release the engine has been tuned to fetch data more often from memory than from the database, so you should see improved performance of the following:

  • auto-groups
  • Dashboard
  • Event list page
  • Job list page
  • Rules list page
  • Job Details report

 

6. Platform enhancements

1. Support of OS management for Alcatel OmniSwitch 6860E-24

2. Microsoft Server 2016 is now supported

3. Microsoft SQL Server 2016 and PostgreSQL 9.5.6 is is now supported as well.

 

 

These are just some of the highlights of the release.

Check out the page below for the comprehensive list of what is in 8.9.01

8.9.01: Service Pack 1 - BMC Network Automation 8.9

 

Thanks !

Share:|

Need a dashboard that gathers information about the network devices and assesses how healthy they are ? Use the out-of-box health dashboard provided by BMC Decision Support – Network Automation.

Additionally, out-of-box reports provide detailed and summarised information about the security vulnerabilities affecting the devices in your environment. Read through the attached document to know how to import the required LCMBIAR file (also attached) and the reports' details.

 

Note: These reports are available only for version 8.9 of BMC Decision Support -  Network Automation.

Suma Bhat

BNA 8.9 is here !

Posted by Suma Bhat Sep 28, 2016
Share:|

BMC Network Automation 8.9 is now Generally Available !

 

We continue to round out Network SecOps feature set and BNA 8.9 is now integrated with BMC Threat Director 2.2.

We have expanded the capabilities of the rule engine to be able to remediate security vulnerabilities in particular, (rules in general)  which is a unique differentiator for BNA.

 

Take a quick look at the release highlights below.

 

Network SecOps & Rule Engine enhancements

  • Integration with BMC Threat Director version 2.2
  • Remediation of rule violations by means other than SmartMerge or full configuration push
  • Remediate with multiple rule sets and rules
  • Support for CVE ID association with rules

 

Extending SDN support for CLM

Note that these will be integrated into CLM in a forthcoming CLM release, but available through APIs in BNA 8.9

  • Support for Virtual Extensible LAN (VXLAN)
  • Pods and Containers with NSX

 

Customer Experience and Supportability

  • Use proxy file server for configs and OS image file transfers
  • Import/Export of Global Substitution Parameters
  • API updates to SpanActionService, JobService, RuleService, PodService, ImportExportService
  • Expanded device support for: Check Point GAiA, MRV OptiSwitch, Cisco Nexus 9000 Series switches and Juniper device type.

 

And that is just some of the highlights of the release. Check out the page below for the comprehensive list of what is in 8.9.

https://docs.bmc.com/docs/display/public/bna89/8.9.00+enhancements

 

Let us know what you think.

 

Thank you !

Suma Bhat

BNA 8.8 is here !

Posted by Suma Bhat Jun 16, 2016
Share:|

On behalf of the BNA team, I am very excited to announce the general availability of BNA 8.8!

Take a quick look at the release highlights:

 

Network SecOps

  1. WS API for vulnerability import
  2. Rule engine updates to support EOL checks

 

SDN support

SDN support in 8.8 has standalone support for the Cisco ACI and VMWare. This enables the compliance use cases for these systems.

  1. Support for Cisco ACI:
    • Device adapter for APIC controller
  2. Support for VMware NSX:
    • Device adapters for:
      • NSX Services Gateway
      • NSX Logical Router
      • NSX Distributed Firewall
      • NSX Manager

The device adapters also support deploy actions for the above which form the basis for supporting these in the Cloud Lifecycle Management (CLM) context in a future release.

 

Customer Experience and Supportability

We have addressed several outstanding requests made on “Ideas” page by customers and support

 

  1. Compliance Summary Report by rule
  2. Include span selections in exported/imported compliance content
  3. Restrict user access through WS API
  4. Option to “Include debug trace” in jobs, on a per job basis
  5. Enhanced System Diagnostics report - event and job counts
  6. CSV Export capability has been added for Discrepancy Summary Report

 

These are just the highlights; find a comprehensive list of enhancements here: 8.8.00 enhancements - BMC Network Automation 8.8

Let us know what you think.

 

Thank you !

Share:|

We often hear from our customers that videos are a really helpful way to learn how to get the most out of our products. Well, we have been doing something about that feedback. The BMC Network Automation team, (including folks in Support, the field, and R&D) has been busy making more "how to" videos to help you harness the power of our automation tools. In fact, we have added 6 new BMC Network Automation videos in the past few months! Here they are:

You can also check them out in the How to Videos – BMC Network Automation playlist on the BMC Communities YouTube channel. Please look them over and let us know if you find these videos helpful by Liking or Disliking the video or leaving a comment.

If you would like to see the videos in context with the related technical documentation, you can access the listing of topics containing videos here.

Share:|

I recently recorded a short video tutorial on how to use injection templates in BNA.  See attachment for the video file.

Share:|

I recently recorded a short video tutorial on how to create a REST based device adapter in BNA.  See attachment for the video file.

 

 

Share:|

I recently recorded a short video tutorial on how to configure syslogging in BNA, including tools to use when troubleshooting syslog problems.  See attachment for the video file.

Share:|

On March 2, 2016, Cisco announced a critical security vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches. This vulnerability allows remote users access the target system with root privileges using default credentials.

Cisco Nexus 3000 Series Default Account and Credentials Lets Remote Users Access the Target System with Root Privileges …

 

Below is the associated Cisco security advisory, which also revealed the affected versions for Cisco 3000 and 3500 series of devices.

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability

 

BMC Network Automation customers can easily defect this vulnerability. Thanks to the rule engine enhancements made in version 8.7.

To detect if any of your Cisco devices are vulnerable to this security vulnerability, follow these steps:

 

1. Import the attached rules to your BMC Network Automation 8.7 instance.

 

2. Go to the Rules page and edit the rules to select the 3000/3500 models you have in your environment so that rules do not get applied to all the Nexus switches.

 

Filter Blog

By date:
By tag: