BPA Release Notes v5.1

• Introduction
• What’s New
  • Core Platform
  • BPA Components
  • Compliance and Remediation
  • Recertification for NDFC v12.2.2
  • Support for vManage Controller v20.15 and RBAC Support
  • vManage Session Management
  • GCT Classic Application Migration to Next Gen Application
  • OS Upgrade Feature List
  • Decommissioning SASE, Perimeter-Security, and TMF Use Cases
• Resolved Issues
• Known Issues

Introduction

Business Process Automation (BPA) is a cross-domain, multi-tier automation and orchestration solution that manages the lifecycle of network assets across various network architectures such as transport, data center, campus, Software-Defined Wide Area Network (SD-WAN), and security. Its benefits include reduced time to deliver new services, minimized capital and operational costs, improved availability, capacity and operational reliability through consistent and automated network configuration, and scalability.

BPA provides the following features:

• An automation solution for managing the lifecycle of Cisco and third-party devices, with use cases such as device onboarding, template management, software conformance, upgrades, and configuration compliance
• A workflow engine for end-to-end service integration and automation of business and operational processes
• Process Templates for automating procedures, Market Variances for maintaining location data, and Form Designers for creating UI forms
• An Adapter framework for building East-West integration to Operations Support Systems and Business Support Systems

BPA is integrated with the Cisco and Non-Cisco controllers listed below; however, integrations can be extended to other Cisco or third-party controllers due to BPA’s modular architecture.

• Cisco controllers
  • Network Services Orchestrator (NSO)
  • Cisco Catalyst Center (formerly Cisco Digital Network Architecture Center)
  • Data Center Network Manager (DCNM)
  • Cisco Catalyst SD-WAN Manager (formerly Cisco vManage)
  • Direct-to-Device
  • Cisco Nexus Dashboard Fabric Controller (NDFC)
  • Cisco Crosswork Network Controller (CNC)
  • Cisco Secure Firewall Management Center (FMC)
• Non-Cisco controllers
  • Ansible

Note: BPA requires the use of a subscription key to ensure that BPA deployments are eligible for necessary support and maintenance services. To acquire a subscription key, contact a Cisco representative or send an email to bpa-subscriptions@cisco.com.

What’s New

This section highlights key features, enhancements, and modifications introduced in the Cisco BPA v5.1 release.

Note: BPA v5.1 has been validated with the latest version of Google Chrome (v139.0.7258.140) and Mozilla Firefox (v142).

Core Platform

Updates to the Core Platform include:

• The ability to export or import custom roles or permissions
• Support for agent subscriptions (all agents now have codes and can be subscribed)
• High Availability enabled for Open Policy Agent containers
• Support for control switching between the classic and portal User Interface (UI)
• Support for runtime form changes to easily navigate form hierarchy
• Support for vNSO 6.5
• The addition of Decision Model and Notation UI and UX to the Workflow application
• The ability to enable or disable tracing, and view traces of REST calls, MongoDB, and Postgres database queries (excluding policy resolver and NSO)

BPA Components

Compliance and Remediation

Updates to Configuration Compliance and Remediation include:

• A comprehensive reporting dashboard to generate, view, and download compliance reports
• Offline compliance audits, allowing users to upload a device’s configuration without onboarding it to the Asset Manager
• Configurable patterns in block config to mask sensitive device configuration data
• The ability to export policy and asset compliance summary grid data as .CSV files
• The ability to view and compare a generated remediation configuration against a device’s running configuration
• Block enhancements to support raising violations if configuration exists

Recertification for NDFC v12.2.2

As a part of recertification, the following applications have been tested with the NDFC controller v12.2.2:

• Core applications (e.g., Asset Manager, Golden Configuration Template (GCT), and Process Template)
• Device Activation
• OS Upgrade

Support for vManage Controller v20.15 and RBAC Support

Updates to vManage Controller v20.15 and Role-Based Access Control (RBAC) include:

• Support for vManager controller v20.15
• RBAC uses scopes to grant non-administrative users access to templates
• RBAC provides device access through asset groups
• The access policy in BPA grants non-administrative users access to devices and templates

vManage Session Management

Session management is now supported across all vManage controller versions. For each request, an existing valid session is used to execute incoming API calls instead of creating a new session each time. If the session has expired, a new one is automatically created.

Note: The default idle timeout is 30 minutes, and the token expires after 24 hours.

GCT Classic Application Migration to Next Gen Application

The classic GCT application has been migrated to the Next Gen GCT UI. The new UI and UX are aligned with other applications, such as Asset Manager, and all classic GCT features remain available. Highlights include:

• Improved UI and API performance
• Introduction of the assign variable concept when creating the template, enabling deployment jobs to prepopulate variables with values
• A dedicated Deployment Job page

OS Upgrade Feature List

Updates to OS Upgrade include:

• Certification on NDFC controller v12.2.2
• Support for Erasable Programmable Logic Device (EPLD) upgrades for Nexus switches managed by NDFC controllers, allowing users to define conformance policies for EPLD packages, run conformance checks, and view results similar to Software Maintenance Upgrade
• The ability to cancel software upgrades for the entire job, a specific batch, or one or more devices within a batch
• Support for advisories, bugs and End-of-Life details for the Internetwork Operating System eXtended Routing software type
• The following framework enhancements to improve usability and overall user experience:
• The ability to delete software images (enabled or disabled within the workflow) before distribution and after activation for vManage-controller-managed devices
• An auto-refresh capability for the Software Conformance dashboard page, providing real-time updates during active conformance policies
• Support for both absolute and relative image names in Software Image Metadata, offering flexibility for images stored in different paths on the File Transfer Protocol server
• Software conformance policies accept asset groups a user is entitled to (instead of controller IDs), enabling greater granularity

Decommissioning SASE, Perimeter-Security, and TMF Use Cases

The following use cases are being decommissioned for BPA v5.1 and are no longer supported:

• Secure Access Service Edge (SASE): All SASE-related controllers, including Umbrella, Duo, and ThousandEyes, and their respective use cases
• Perimeter-security: All perimeter-security use cases that support both Cisco and non-Cisco controllers
• Translation Model Framework (TMF): TMF Connector serivces and all TMF 641 service order management artifacts

Resolved Issues

There are no resolved issues to report as part of this release.

Known Issues

There are no known issues to report as part of this release.