Skip navigation
1 2 Previous Next

TrueSight Network Automation

26 posts
Share:|

I am thrilled to announce the release of TrueSight Network Automation (formerly called as BMC Network Automation) 8.9 Service Pack 3 a.k.a 8.9.03.

Here are some of the highlights of the release:

 

Report Backgrounding

With this release, all reports (except License Usage) will be generated in the background, where you don’t need to tie up your browser session by waiting for a report to display. Instead, you make selections and send the report generation into the background. The system then stores the result in the database and you can view the report any number of times.

 

Network Security Operations (SecOps) enhancements

Support for importing vulnerabilities from NVD repository:

Now, you can import vendor-supplied security vulnerability reports for Cisco and Juniper device types from the National Vulnerability Database (NVD) repository into the system, and use them to generate compliance rules that detect vulnerable device operating systems. A canned database of NVD-based Cisco and Juniper reports is shipped with the system.

Support for Cisco CVRF XML files formatted per version 1.2:

The canned importer named "Import Cisco Advisory From CVRF XML File" includes an updated stylesheet that now supports parsing Cisco CVRF XML files in version 1.1 or 1.2 formats.

 

Improved Telnet/SSH Session popup window

The UI-based popup window that interacts with the device command line interface in a Telnet/SSH Session job has been replaced, resulting in improved performance and VT100 support. The replacement is seamless; the window looks the same as it did in previous releases and provides the same functionality.

 

MultiNICs support for Remote agent

With this release, you can use a single agent to manage multiple networks, where each network is reachable via a different network interface card (NIC) at the device agent. When the agent communicates with devices belonging to a given network, all traffic (both device action traffic and syslog traffic) pass through the NIC for that network.

 

RESTful APIs

We have expanded our RESTful APIs to now cover Users, Device Security Profiles and Security Vulnerabilities. As we are expanding our RESTful APIs, we suggest users to migrate from SOAP API to  RESTful APIs.

 

And these are just the highlights!  Check out the page below for the comprehensive list of what is in 8.9.03:

 

8.9.03: Service Pack 3 - TrueSight Network Automation 8.9

Got a question or feedback? Talk to us in the comments section below

Share:|

We are excited to introduce you to our new YouTube channel “BladeLogic Automation” for "How-to" videos, intended to help with a specific task or feature of products in the BladeLogic Automation suite (BSA, BDSSA, BDA and BNA).

 

 

Highlights:

 

Focused contents:  The contents of this channel will only focus on providing technical videos for the Server Automation, Decision Support for Server Automation,Database Automation and Network Automation products.   This content is developed by the BMC Support technical teams.

 

Featured Playlists: The channel will focus on technical contents, such as how-to, troubleshooting guides and functional demonstrations. Similar features/functions and categories will have their own Playlists to reduce the time to search the contents.

 

Snippet of our Playlists:

Click  to receive notifications when the new technical content is posted on the channel and to get the most out of the products – BSA, BDSSA, BNA and BDA.

Refer to our "Playlists" to play all the videos organized by topic or a product.

Here are the current Playlists:

 

We welcome feedback from the community.

Share:|

Data warehouses are meant to keep huge data, often collected over a number of years. This often demands allocation of the right amount of space at the beginning when you set up your data warehouse. But often wrong estimation or forecasting of the space might result in your data warehouse failing over a period as data gets accumulated in it, thus, failing your application. This article presents guidelines about sizing BMC Decision Support – Network Automation data warehouse correctly so that it does not run out of space over period.

 

This article would mainly help BMC Decision Support - Network Automation administrators during new deployments.

The most fundamental factor that determines the space requirements is how many years do you want to retain the data for in the data warehouse. Once you decide the time period, next step is get the number of network devices managed by BMC Network Automation. Once these two factors are determined, you can use the following guidelines to determine the space required by the data warehouse.

 

Assuming BMC Network Automation is managing 25000 devices, then here are space requirements for it:

 

ETL runs   ->

Every 24 hours till 1 year:

Every 6 hours till 1 year:

Every 1 hours till 1 year:

DWH Size

10 GB

34 GB

190 GB

Master DB Size

2 GB

3 GB

3 GB

Work DB Size

3 GB

2 GB

2 GB

 

DWH: Data warehouse Database       DB: Database         ETL: Extract – Transform - Load

 

Size of Work and Master databases does not grow with the increase in the number of devices managed. So, the space requirement does not change.

Note: Size of DWH changes as per ETL frequency because with each ETL, DWH stores snapshot of compliance and drift status for the entire network and other information.

For example, If you are managing 100,00 devices through BMC Network Automation and you want to store the data for 5 years with ETL running every 24 hours, then the space requirements would be as follows:

 

DWH Size – [ 10 GB  * (100,00/250,000) ]  * 5   = 20 GB
Work DB Size – 3 GB
Master DB Size – 2 GB

 

So, the space required would be 25 GB (20 + 3 + 2). Hope you find this article to be useful while you are planning your new deployment for BMC Decision Support – Network Automation and would avoid your data warehouse from running out of space as time passes. Its always better to be proactive then reactive.

Suma Bhat

8.9.02 is now available !

Posted by Suma Bhat Oct 23, 2017
Share:|

I am excited to announce the release of BNA 8.9 Service Pack 2 a.k.a 8.9.02.  We have been listening to you and working tirelessly to give you the best network automation product in the market that enables you to be some of the most efficient and productive network engineering and operations folks out there !

 

Here are some of the highlights of the release:

 

Network SecOps & RESTful APIs

  • BNA’s vulnerability management capabilities now tie into Response Service. If you have not heard of Threat Director (on-prem solution) / Response Service(SaaS solution), our  solutions for vulnerability management across your datacenter, talk to your account manager about a presentation and a demo.
  • RESTful APIs: We have expanded our RESTful APIs to now cover RuleSet, Rule and Predefined Job services. As we expand our RESTful APIs, I’d like to remind our user community that the SOAP APIs will be supported but will not be enhanced going forward.

 

EOL management

  • Manage EOL of devices with our new capability that can automatically augments EOL information to devices, starting with Cisco devices. Don't be caught with security vulnerabilities in devices that have EOLed anymore !

 

Performance & Scale

  • Folks that are managing 10s of 1000s of devices or even 100s of thousands of devices, we’ve listened to how long some of the reports can take and and have addressed it with our report thread pooling enhancement. There is improvement across all reports, as compared to the previous release, but the ones I wanted to mention a few in particular:
    1. Device Inventory report - 90% faster
    2. Compliance Summary report - 81% faster
    3. Transcript Search report - 78% faster
    4. Configuration Comparison report - 68% faster
    5. ACL Search report - 48% faster
    6. Transcript comparison report - 36% faster
  • With several refactorings and optimizations on the backend, you can now manage up to 50,000 devices with a single instance of BNA . We will be updating the sizing recommendations shortly.

 

Device Adapter Development Guide

 

Enhanced Customer Experience, Security a Supportability

  • Device Inventory report can now be emailed through a job/policy
  • Simply recreate jobs with failures, to run them again ONLY on failed devices
  • Job filter has new groupings to make filtering easier 
  • OS Image filename filtering via white-listing or black-listing of filename patterns to disallow malicious file uploads
  • Runtime guards against incorrect database transaction isolation level settings

And these are just the highlights !  Check out the page below for the comprehensive list of what is in 8.9.02:

8.9.02: Service Pack 2 - BMC Network Automation 8.9

 

BMC Decision Support - Network Automation 8.9.02 is generally available as well.  Starting this release, BO configuration will not be part of the installer for BDS-NA.

We have included a  separate utility to deploy the BO content i.e. Import BIAR, Connection, User Creation in CMC and the JDBC driver configuration for all the supported database servers. Find details here: 8.9.02: Service Pack 2 - BMC Network Automation 8.9

 

Thanks!

Suma Bhat

8.9.01 is here !

Posted by Suma Bhat Apr 19, 2017
Share:|

BNA 8.9.01 now available !

 

I am very pleased to announce that BNA 8.9 Service Pack 1 is now available with the following new capabilities which we think you are going to find very useful !

 

Here are some highlights of the release:

1. RESTful APIs

We are introducing RESTful APIs with Swagger UI which is a user-friendly interface to experiment with the REST API calls with no need to write any programs to do so. See more here: https://docs.bmc.com/docs/NetworkAutomation/89/developing/using-the-rest-api

We will support SOAP APIs but no new enhancements will be added*.

 

2. Network SecOps and Rule engine enhancements

  1. Rule filter enhanced to allow filtering for:
    • rules which cannot be corrected,
    • rules which are correctable via:
      • correctable via Deploy to Active action
      • correctable via Deploy to Stored action
      • correctable via Remediate Action
  2. Rules can now check for specific configuration in conjunction with OS version, for a sharper vulnerability detection.
  3. Compliance summary report now can optionally show Base Score associated with vulnerability rules. Also the vulnerability rules now link to the associated vulnerability improving user experience to access Remediation recommendation from the vendor or other vulnerability information.

 

 

3. Expanded import/export capabilities

In addition to the existing compoenets, you can now export and import the following as well:

  • Combo groups,
  • Keywords, Conditions, Policies,
  • Dynamic Fields
  • Roles

This will enable environment specific customizations are your content-sync needs between dev/test/production environments or between multiple BNA instances for example.

*This is available as part of the existing ImportExportService WS API (SOAP).

 

 

4. Reporting enhancements

1. You can now choose to hide header in addition to footer during CSV export of the following:

    • Custom action captured results
    • Events list
    • Jobs
    • Predefined jobs
    • Policies
    • Send Email span action

2. Custom trail configurations can now be compared by launching the Configuration Comparison report through external URL

 

 

5. Performance improvements

With this latest release the engine has been tuned to fetch data more often from memory than from the database, so you should see improved performance of the following:

  • auto-groups
  • Dashboard
  • Event list page
  • Job list page
  • Rules list page
  • Job Details report

 

6. Platform enhancements

1. Support of OS management for Alcatel OmniSwitch 6860E-24

2. Microsoft Server 2016 is now supported

3. Microsoft SQL Server 2016 and PostgreSQL 9.5.6 is is now supported as well.

 

 

These are just some of the highlights of the release.

Check out the page below for the comprehensive list of what is in 8.9.01

8.9.01: Service Pack 1 - BMC Network Automation 8.9

 

Thanks !

Share:|

Need a dashboard that gathers information about the network devices and assesses how healthy they are ? Use the out-of-box health dashboard provided by BMC Decision Support – Network Automation.

Additionally, out-of-box reports provide detailed and summarised information about the security vulnerabilities affecting the devices in your environment. Read through the attached document to know how to import the required LCMBIAR file (also attached) and the reports' details.

 

Note: These reports are available only for version 8.9 of BMC Decision Support -  Network Automation.

Suma Bhat

BNA 8.9 is here !

Posted by Suma Bhat Sep 28, 2016
Share:|

BMC Network Automation 8.9 is now Generally Available !

 

We continue to round out Network SecOps feature set and BNA 8.9 is now integrated with BMC Threat Director 2.2.

We have expanded the capabilities of the rule engine to be able to remediate security vulnerabilities in particular, (rules in general)  which is a unique differentiator for BNA.

 

Take a quick look at the release highlights below.

 

Network SecOps & Rule Engine enhancements

  • Integration with BMC Threat Director version 2.2
  • Remediation of rule violations by means other than SmartMerge or full configuration push
  • Remediate with multiple rule sets and rules
  • Support for CVE ID association with rules

 

Extending SDN support for CLM

Note that these will be integrated into CLM in a forthcoming CLM release, but available through APIs in BNA 8.9

  • Support for Virtual Extensible LAN (VXLAN)
  • Pods and Containers with NSX

 

Customer Experience and Supportability

  • Use proxy file server for configs and OS image file transfers
  • Import/Export of Global Substitution Parameters
  • API updates to SpanActionService, JobService, RuleService, PodService, ImportExportService
  • Expanded device support for: Check Point GAiA, MRV OptiSwitch, Cisco Nexus 9000 Series switches and Juniper device type.

 

And that is just some of the highlights of the release. Check out the page below for the comprehensive list of what is in 8.9.

https://docs.bmc.com/docs/display/public/bna89/8.9.00+enhancements

 

Let us know what you think.

 

Thank you !

Suma Bhat

BNA 8.8 is here !

Posted by Suma Bhat Jun 16, 2016
Share:|

On behalf of the BNA team, I am very excited to announce the general availability of BNA 8.8!

Take a quick look at the release highlights:

 

Network SecOps

  1. WS API for vulnerability import
  2. Rule engine updates to support EOL checks

 

SDN support

SDN support in 8.8 has standalone support for the Cisco ACI and VMWare. This enables the compliance use cases for these systems.

  1. Support for Cisco ACI:
    • Device adapter for APIC controller
  2. Support for VMware NSX:
    • Device adapters for:
      • NSX Services Gateway
      • NSX Logical Router
      • NSX Distributed Firewall
      • NSX Manager

The device adapters also support deploy actions for the above which form the basis for supporting these in the Cloud Lifecycle Management (CLM) context in a future release.

 

Customer Experience and Supportability

We have addressed several outstanding requests made on “Ideas” page by customers and support

 

  1. Compliance Summary Report by rule
  2. Include span selections in exported/imported compliance content
  3. Restrict user access through WS API
  4. Option to “Include debug trace” in jobs, on a per job basis
  5. Enhanced System Diagnostics report - event and job counts
  6. CSV Export capability has been added for Discrepancy Summary Report

 

These are just the highlights; find a comprehensive list of enhancements here: 8.8.00 enhancements - BMC Network Automation 8.8

Let us know what you think.

 

Thank you !

Share:|

We often hear from our customers that videos are a really helpful way to learn how to get the most out of our products. Well, we have been doing something about that feedback. The BMC Network Automation team, (including folks in Support, the field, and R&D) has been busy making more "how to" videos to help you harness the power of our automation tools. In fact, we have added 6 new BMC Network Automation videos in the past few months! Here they are:

You can also check them out in the How to Videos – BMC Network Automation playlist on the BMC Communities YouTube channel. Please look them over and let us know if you find these videos helpful by Liking or Disliking the video or leaving a comment.

If you would like to see the videos in context with the related technical documentation, you can access the listing of topics containing videos here.

Share:|

I recently recorded a short video tutorial on how to use injection templates in BNA.  See attachment for the video file.

Share:|

I recently recorded a short video tutorial on how to create a REST based device adapter in BNA.  See attachment for the video file.

 

 

Share:|

I recently recorded a short video tutorial on how to configure syslogging in BNA, including tools to use when troubleshooting syslog problems.  See attachment for the video file.

Share:|

On March 2, 2016, Cisco announced a critical security vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches. This vulnerability allows remote users access the target system with root privileges using default credentials.

Cisco Nexus 3000 Series Default Account and Credentials Lets Remote Users Access the Target System with Root Privileges …

 

Below is the associated Cisco security advisory, which also revealed the affected versions for Cisco 3000 and 3500 series of devices.

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability

 

BMC Network Automation customers can easily defect this vulnerability. Thanks to the rule engine enhancements made in version 8.7.

To detect if any of your Cisco devices are vulnerable to this security vulnerability, follow these steps:

 

1. Import the attached rules to your BMC Network Automation 8.7 instance.

 

2. Go to the Rules page and edit the rules to select the 3000/3500 models you have in your environment so that rules do not get applied to all the Nexus switches.

 

Share:|

Juniper announced critical security vulnerabilities(Risk Level: Critical, CVSS Score: 9.8) on Dec 18 , where its firewalls running certain versions of ScreenOS decrypt encrypted VPN.

http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/

 

Below is the associated Juniper security bulletin, which also revealed that there was backdoor authentication access in some of the affected OSes.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713

 

The below blog post shows how the password to the backdoor authentication is now in the public domain.

https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor

 

For BNA customers however,  the above would be very easy to detect, thanks to the rule engine enhancements we made for Network SecOps in 8.7.


Import the attached rules to your BNA 8,7 instance to detect if any of your Juniper devices are vulnerable to the above security vulnerabilities.

Share:|

A heads up to those BNA customers who use our Pod and Network Container Management (PCM) functionality to integrate with the BMC Cloud Lifecycle Management (CLM) product.  I recently revised our documentation on how to create custom content for PCM.  The revised version is a little more realistic and corrects a few errors that were present.  In conjunction I have updated the sample XML files referenced by the documentation.  The new documentation and new sample files will be included in the upcoming 8.8.00 release of BNA.  However I am posting the content here as well.  The content is accompanied by Webex recordings I made in which I step through the documented instructions for creating the sample content.

 

The zip attachment for this blog post includes the following:

 

Instructions.htm - An HTML version of a Word doc that contains the instructions for creating the sample custom content.

Spreadsheet.xlsx - A copy of the planning spreadsheet used in those instructions.

recordings/ - A subdirectory containing Webex recordings that step through the instructions, one recording per section.

sample/ - A subdirectory containing the XML blueprints and templates generated by following the instructions

 

Note that the document assumes you are already somewhat familiar with what pods and containers are in BNA, and the purpose they server in the CLM integration.

 

Feel free to leave feedback on whether you find this documentation helpful, along with any suggestions for improving it.

 

Thanks,

Steve McWilliams

BNA Software Architect

Filter Blog

By date:
By tag: