The release notes cover the following topics:
- Product Description
- What's New in this Release
- Third-party Software Upgrades
- Platform Support
- Resolved Issues
- Known Issues
VMware Smart Assurance Network Configuration Manager (NCM) is:
- An automated compliance, change and configuration management solution that delivers industry-recognized best practices.
- A collaborative network infrastructure design that controls change processes, provides network device and service configuration transparency, and ensures compliance with corporate and regulatory requirements — to enable you to ensure the security, availability, and operational efficiency of your network.
- An automated support for all facets of the network infrastructure lifecycle, seamlessly integrating critical design, change, and compliance management requirements.
What's New in this Release
Smart Assurance Network Configuration Manager 10.1.6 introduces the following enhancements:
Support for SELinux enforcing mode:
NCM is enhanced to install and run on machines with SELinux configured in enforcing mode. As part of this enhancement, STIGs V-71989, and V-71991 are addressed.
- Support for FIPS enabled mode:
NCM is enhanced to install and run on machines with FIPS mode enabled. As part of this enhancement, STIGs V-72067, V-72989, V-72993, and V-73071 are addressed.
Note: When NCM is installed on a FIPS-enabled machine, SNMPv3 discovery does not support MD5 Authentication protocol. And, DES Privacy protocol as these two protocols are not FIPS compliant.
- Notification for the devices for Update OS Image:
The Update OS Image dialog window has been enhanced to provide a notification for devices that are not added to the Selected Devices while updating the OS Image. This feature improves the overall user experience.
Enhanced Compliance Test Preview:
The Compliance Test Preview window now allows user to choose the device configuration unit from a list of available configuration units.
For example, in the case of the Cisco IOS devices, users can choose from running, startup, etc..
- Versioning for NCM libraries:
The name of NCM libraries is suffixed with the NCM version, that is - 10.1.6.0.
- Maven BOM(Bill of Materials) XML file creation:
The Maven BOM XML file is created which has information about all third-party libraries including group ID, artifact ID, and version.
For Security vulnerabilities addressed in NCM, see Network Configuration Manager Security Update for Multiple Vulnerabilities, and security enhancements section in NCM Security Configuration Guide.
Third-party software component upgrades:
Following third-party software components are upgraded in Smart Assurance Network Configuration Manager 10.1.6:
- Log4j is upgraded to 2.14.1.
- Zebedee is upgraded to 2.5.3.
- Bzip2 is upgraded to 1.0.8.
- Zlib is upgraded to 1.2.11.
- Plexus-utils is upgraded to 3.2.1.
- Micronaut is upgraded to 1.3.7.
- Restlet is upgraded to 2.4.0.
- Tomcat is upgraded to 9.0.50.
- Quartz is upgraded to 2.3.2.
- Slf4j-api is upgraded to 1.7.32 (except in NCMSmartsAdapter).
- Gsoap is upgraded to 2.8.114.
- Openssl is upgraded to 1.1.1g FIPS.
- OpenJDK is upgraded to OpenJDK 11.0.12
- Java is upgraded to OpenJDK 1.8.0_302 for local RA
For Open Source License(OSL) file open_source_licenses.txt, navigate to <VOYENCE_HOME>/osl directory.
The VMware Smart Assurance Network Configure Manager Support Matrix available from the VMware Support website provides the latest platform and interoperability information. For detailed information about platform support and interoperability, refer support matrix for your release.
Note: In NCM 10.1.6 release, some of the document(s) do not require modification. The older version document(s) are released as it is.
- SMARTA-1298 / SR 21222035205
Auto-refreshing of Job/task status is not working in Schedule Manager in NCM 10.1.4.
- SMARTA-1174 / SR 21193145202
NCM has stopped running/generating the Audit Trails on new configuration revisions.
- SMARTA-1318 / SR 21225809706 , SMARTA-1321 / SR 21230245806 and SMARTA-1408 / SR 21246533108
The commmgrd crashes whenever there is push/pull job in NCM 10.1.4.
- SMARTA-956 / SR 20154869109
By intercepting NCM client application requests it's possible to bypass the authentication process, and access the application as any user.
- SMARTA-1169 / SR 21190138401
In NCM v9.6, multiple authentication failures are observed when TACACS+ is set to 2FA/RSA.
- SMARTA-1350 / SR 21236960707
NCM LDAP user login issue occurred due to cipher mismatch.
- SMARTA-1352 / SR 21233391506
The ssh.log file under $VOYENCE_HOME/logs does not rotate.
- SMARTA-1216 / SR 21203774403
Cross-Site Scripting security issue with Sysadmin console in localPath parameter.
- SMARTA-1316 / SR 21208699503
NCM is not able to remove devices from database, despite transformer logs report removal completed.
Vulnerability reported in the Java version used by 9.6 Report Advisor.
NCM 9.6 to 10.1.4 install guide needs update in Upgrade/Migration to new host section.
- SMARTA-1405 / SR 21246050108
NCM 184.108.40.206 Pull after device discovery on 3-4 devices (only SSH creds) causes DS restart.
Increase the length of the interface_name to 256 in cm_interface table.
- SMARTA-1310 / SR 21224058805
NCM fails to start after direct upgrade from v9.6 to v10.1.4.
- SMARTA-286 / SR 19320944805
NCM installer stops firewalld and iptables but does not restart them on completion.
NCM 10.1.0 application launch is breaking on Google Chrome.
Chrome has deprecated the NPAPI support which causes Java plugins to be disabled.
If you have problems accessing Java applications using Chrome, Oracle recommends using Firefox, Internet Explorer, or Safari instead.
Users that need to run Web Start application may launch that application through a web browser such as Internet Explorer, Mozilla Firefox, Apple Safari, or Pale Moon.
The link, https://<ipaddress>:8880/voyence/powerup.jnlp, provides a .jnlp file download you can use to enable the launch of the NCM application.
After upgrading from 10.1.3 to 10.1.4 on RHEL8, vcmaster service status command displays failed message for ncm-as service.
Workaround: There is no functionality impact and workaround is to restart the vcmaster service
User is not able to launch NCM MSA on the Firefox version 58 or later.
Use the older version of Firefox (version older than 58), or use Internet Explorer to launch the NCM MSA.
NCM MSA login screen should have a standard login screen with VMware logo.
MSA login page display Grails as the logo, instead of VMWare Network Configuration manager.
Device Server health check log has some warnings.
When UI is launched with the new UI Linux client, Schedule Manager sorting is not happening properly and device properties are not seen.
Workaround: You can use filters to check the details of required job.
- VSAC-985 / VSAC-989
vcmasterservice status is not shown correctly, there is no functionality impact.
Workaround: You can check the status of
vcmasterservice by executing the following command:
You can also restart
vcmasterservice, to see the correct status next time.
When either of commmgrd or autodiscd crashes, stacktrace and core is not generated.
Workaround: To generate core and stacktrace, modify the /etc/rc.d/init.d/voyence file as shown below:
- Comment out this line :
su -p -s /bin/bash $VOYENCE_USER -c "$VOYENCE_HOME/bin/voyenced -r start" >/dev/null
- And add this line :
su -p -s /bin/bash root -c "$VOYENCE_HOME/bin/voyenced -r start" >/dev/null
- Restart vcmaster service using
, service vcmaster restart.
- Comment out this line :
Excessive logging in /var/log/messages & $VOYENCE_HOME/cm/Syslog is observed after restoring backup from previous versions of NCM
Workaround: Follow the below given procedure after restoring the database backup:
- Login to Database Server.
- Execute the below queries:
ALTER TABLE voyence.cm_interface ADD COLUMN speed varchar(64); ALTER TABLE voyence.cm_interface ADD COLUMN mode varchar(16);
- Restart vcmaster service.