Skip navigation

8.9.02 is now available !

Posted by Suma Bhat Oct 23, 2017
Share This:

I am excited to announce the release of BNA 8.9 Service Pack 2 a.k.a 8.9.02.  We have been listening to you and working tirelessly to give you the best network automation product in the market that enables you to be some of the most efficient and productive network engineering and operations folks out there !

 

Here are some of the highlights of the release:

 

Network SecOps & RESTful APIs

  • BNA’s vulnerability management capabilities now tie into Response Service. If you have not heard of Threat Director (on-prem solution) / Response Service(SaaS solution), our  solutions for vulnerability management across your datacenter, talk to your account manager about a presentation and a demo.
  • RESTful APIs: We have expanded our RESTful APIs to now cover RuleSet, Rule and Predefined Job services. As we expand our RESTful APIs, I’d like to remind our user community that the SOAP APIs will be supported but will not be enhanced going forward.

 

EOL management

  • Manage EOL of devices with our new capability that can automatically augments EOL information to devices, starting with Cisco devices. Don't be caught with security vulnerabilities in devices that have EOLed anymore !

 

Performance & Scale

  • Folks that are managing 10s of 1000s of devices or even 100s of thousands of devices, we’ve listened to how long some of the reports can take and and have addressed it with our report thread pooling enhancement. There is improvement across all reports, as compared to the previous release, but the ones I wanted to mention a few in particular:
    1. Device Inventory report - 90% faster
    2. Compliance Summary report - 81% faster
    3. Transcript Search report - 78% faster
    4. Configuration Comparison report - 68% faster
    5. ACL Search report - 48% faster
    6. Transcript comparison report - 36% faster
  • With several refactorings and optimizations on the backend, you can now manage up to 50,000 devices with a single instance of BNA . We will be updating the sizing recommendations shortly.

 

Device Adapter Development Guide

 

Enhanced Customer Experience, Security a Supportability

  • Device Inventory report can now be emailed through a job/policy
  • Simply recreate jobs with failures, to run them again ONLY on failed devices
  • Job filter has new groupings to make filtering easier 
  • OS Image filename filtering via white-listing or black-listing of filename patterns to disallow malicious file uploads
  • Runtime guards against incorrect database transaction isolation level settings

And these are just the highlights !  Check out the page below for the comprehensive list of what is in 8.9.02:

8.9.02: Service Pack 2 - BMC Network Automation 8.9

 

BMC Decision Support - Network Automation 8.9.02 is generally available as well.  Starting this release, BO configuration will not be part of the installer for BDS-NA.

We have included a  separate utility to deploy the BO content i.e. Import BIAR, Connection, User Creation in CMC and the JDBC driver configuration for all the supported database servers. Find details here: 8.9.02: Service Pack 2 - BMC Network Automation 8.9

 

Thanks!

8.9.01 is here !

Posted by Suma Bhat Apr 19, 2017
Share This:

BNA 8.9.01 now available !

 

I am very pleased to announce that BNA 8.9 Service Pack 1 is now available with the following new capabilities which we think you are going to find very useful !

 

Here are some highlights of the release:

1. RESTful APIs

We are introducing RESTful APIs with Swagger UI which is a user-friendly interface to experiment with the REST API calls with no need to write any programs to do so. See more here: https://docs.bmc.com/docs/NetworkAutomation/89/developing/using-the-rest-api

We will support SOAP APIs but no new enhancements will be added*.

 

2. Network SecOps and Rule engine enhancements

  1. Rule filter enhanced to allow filtering for:
    • rules which cannot be corrected,
    • rules which are correctable via:
      • correctable via Deploy to Active action
      • correctable via Deploy to Stored action
      • correctable via Remediate Action
  2. Rules can now check for specific configuration in conjunction with OS version, for a sharper vulnerability detection.
  3. Compliance summary report now can optionally show Base Score associated with vulnerability rules. Also the vulnerability rules now link to the associated vulnerability improving user experience to access Remediation recommendation from the vendor or other vulnerability information.

 

 

3. Expanded import/export capabilities

In addition to the existing compoenets, you can now export and import the following as well:

  • Combo groups,
  • Keywords, Conditions, Policies,
  • Dynamic Fields
  • Roles

This will enable environment specific customizations are your content-sync needs between dev/test/production environments or between multiple BNA instances for example.

*This is available as part of the existing ImportExportService WS API (SOAP).

 

 

4. Reporting enhancements

1. You can now choose to hide header in addition to footer during CSV export of the following:

    • Custom action captured results
    • Events list
    • Jobs
    • Predefined jobs
    • Policies
    • Send Email span action

2. Custom trail configurations can now be compared by launching the Configuration Comparison report through external URL

 

 

5. Performance improvements

With this latest release the engine has been tuned to fetch data more often from memory than from the database, so you should see improved performance of the following:

  • auto-groups
  • Dashboard
  • Event list page
  • Job list page
  • Rules list page
  • Job Details report

 

6. Platform enhancements

1. Support of OS management for Alcatel OmniSwitch 6860E-24

2. Microsoft Server 2016 is now supported

3. Microsoft SQL Server 2016 and PostgreSQL 9.5.6 is is now supported as well.

 

 

These are just some of the highlights of the release.

Check out the page below for the comprehensive list of what is in 8.9.01

8.9.01: Service Pack 1 - BMC Network Automation 8.9

 

Thanks !

Share This:

Need a dashboard that gathers information about the network devices and assesses how healthy they are ? Use the out-of-box health dashboard provided by BMC Decision Support – Network Automation.

Additionally, out-of-box reports provide detailed and summarised information about the security vulnerabilities affecting the devices in your environment. Read through the attached document to know how to import the required LCMBIAR file (also attached) and the reports' details.

 

Note: These reports are available only for version 8.9 of BMC Decision Support -  Network Automation.

BNA 8.9 is here !

Posted by Suma Bhat Sep 28, 2016
Share This:

BMC Network Automation 8.9 is now Generally Available !

 

We continue to round out Network SecOps feature set and BNA 8.9 is now integrated with BMC Threat Director 2.2.

We have expanded the capabilities of the rule engine to be able to remediate security vulnerabilities in particular, (rules in general)  which is a unique differentiator for BNA.

 

Take a quick look at the release highlights below.

 

Network SecOps & Rule Engine enhancements

  • Integration with BMC Threat Director version 2.2
  • Remediation of rule violations by means other than SmartMerge or full configuration push
  • Remediate with multiple rule sets and rules
  • Support for CVE ID association with rules

 

Extending SDN support for CLM

Note that these will be integrated into CLM in a forthcoming CLM release, but available through APIs in BNA 8.9

  • Support for Virtual Extensible LAN (VXLAN)
  • Pods and Containers with NSX

 

Customer Experience and Supportability

  • Use proxy file server for configs and OS image file transfers
  • Import/Export of Global Substitution Parameters
  • API updates to SpanActionService, JobService, RuleService, PodService, ImportExportService
  • Expanded device support for: Check Point GAiA, MRV OptiSwitch, Cisco Nexus 9000 Series switches and Juniper device type.

 

And that is just some of the highlights of the release. Check out the page below for the comprehensive list of what is in 8.9.

https://docs.bmc.com/docs/display/public/bna89/8.9.00+enhancements

 

Let us know what you think.

 

Thank you !

BNA 8.8 is here !

Posted by Suma Bhat Jun 16, 2016
Share This:

On behalf of the BNA team, I am very excited to announce the general availability of BNA 8.8!

Take a quick look at the release highlights:

 

Network SecOps

  1. WS API for vulnerability import
  2. Rule engine updates to support EOL checks

 

SDN support

SDN support in 8.8 has standalone support for the Cisco ACI and VMWare. This enables the compliance use cases for these systems.

  1. Support for Cisco ACI:
    • Device adapter for APIC controller
  2. Support for VMware NSX:
    • Device adapters for:
      • NSX Services Gateway
      • NSX Logical Router
      • NSX Distributed Firewall
      • NSX Manager

The device adapters also support deploy actions for the above which form the basis for supporting these in the Cloud Lifecycle Management (CLM) context in a future release.

 

Customer Experience and Supportability

We have addressed several outstanding requests made on “Ideas” page by customers and support

 

  1. Compliance Summary Report by rule
  2. Include span selections in exported/imported compliance content
  3. Restrict user access through WS API
  4. Option to “Include debug trace” in jobs, on a per job basis
  5. Enhanced System Diagnostics report - event and job counts
  6. CSV Export capability has been added for Discrepancy Summary Report

 

These are just the highlights; find a comprehensive list of enhancements here: 8.8.00 enhancements - BMC Network Automation 8.8

Let us know what you think.

 

Thank you !

Share This:

Juniper announced critical security vulnerabilities(Risk Level: Critical, CVSS Score: 9.8) on Dec 18 , where its firewalls running certain versions of ScreenOS decrypt encrypted VPN.

http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/

 

Below is the associated Juniper security bulletin, which also revealed that there was backdoor authentication access in some of the affected OSes.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713

 

The below blog post shows how the password to the backdoor authentication is now in the public domain.

https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor

 

For BNA customers however,  the above would be very easy to detect, thanks to the rule engine enhancements we made for Network SecOps in 8.7.


Import the attached rules to your BNA 8,7 instance to detect if any of your Juniper devices are vulnerable to the above security vulnerabilities.

Share This:

Hello,

Attached is a technical white paper from the development team on Working with Injection Templates.

Injection Templates is a new feature that in the recent BNA 8.7.00 release.


Let us know if you liked the content. Looking forward to your feedback!

Share This:

This is a very exciting release with a great new set of features and updates around Network SecOps, Customer Experience, Integrations and Application Security.

 

Release Highlights:

 

Network SecOps

With BNA 8.7, the system is now aware of security vulnerabilities. Import vendor security advisories into BNA, one-click to automatically generate a compliance rule, and run a compliance summary report to see which of your devices are vulnerable - all in real-time.

This runs on an enhanced compliance engine that can now:

  • Ease vulnerability and EOL checks
  • Apply a rule to one or more:
    • Selected models
    • Device types
  • Facilitates numerical value comparison
  • Facilitates more accurate comparison of operating system versions
  • Supports additional subjects of Lines and Patterns for OS Image names

 

Customer Experience

New and Improved GUI:

    • Rebranded and refreshed BNA GUI in 8.7. BNA GUI now sports a new, modern look and feel in keeping with the new BMC color scheme
    • Several user experience improvements including a spinner instead of a dialog box, when a page is loading.

 

Performance Enhancements:

    • Improved performance of smart merge generation of large ACLs
    • Improved performance for Compliance Summary and Configuration Search Reports

 

    Ideas and RFEs:

    • Capability to purge historical configurations by realm and device type
    • Associate rulesets/rules with groups based on group name filter
    • Compare captured results across more than one job
    • Deploy OS image by Web Services
    • Wildcards in SSH proxy
    • Script to import devices and runtime parameters from a csv file as input to a job
    • Export Compliance Summary report to CSV
    • Increased "purge after" max limit to 366 days
    • Increased max length limit for captured results & runtime parameters to 2000 chars
    • Changed default value of Initial Memory on installation screen to 512MB

 

Pod and Container Management enhancements for CLM

  • Add chained pod address pools with different pool masks
  • Splitting of VLAN pool
  • Support for firewall rule dis-contiguous mask (Cisco FWSM)

 

Find the comprehensive list of 8.7.00 enhancements here:

https://docs.bmc.com/docs/display/public/bna87/8.7.00+enhancements

 

Thank You !

Filter Blog

By date:
By tag: