In a customer project, where we need to use NSH for Portal transactions, I identified enhancements that would benefit this functionality.
Firstly, each NSH connection is acquiring credentials rather than using the cached credentials file that occurs when NSH acquires creds. This severely hampers the performance of an NSH based Portal Snapshot/Preview/Install.
Secondly, there appears to be no way to specify which Role should be used in an NSH proxy connection. If the user is assigned multiple Roles, then the BMA transaction will fail.