Feature Description

In vDRA, the CRD table supports filter option to select a specfic column and search the required data in the selected column

Configuration and Restrictions

• The All Visible Columns option displays all the table data if any of the column data matches with the search string.

• If you select any particular column, the filter option of the table displays all the table data of the selected column data that matches with the search string.

For more information, see the Custom Reference Data Configuration chapter in the CPS vDRA Configuration Guide.

Feature Description

In vDRA, by default the local users have access to API, CLI and read-only access for central and Grafana and the external users can access VM, API, CLI, central and Grafana.

From this release, you can create and manage users only with the API and restrict other accesses.

The api-user add and api-user remove CLI commands allow to create and remove API users either with the user-name or gid value.

The following CLI commands help to manage the API dedicated users and to map the external users:

• api-user add/remove group-details gid <GID> auth-type local/external write-enable true/false

• api-user add/remove user-details name <USER_NAME> auth-type local/external write-enable true/false

• external-aaa pam username-mapping <USER-NAME> <ROLE>

Configuration and Restrictions

• In previous releases, the user part of Grafana-admin and Grafana-editor have admin or editor access and the user part of remaining groups have viewer access. From this release, if the user is not a part of any Grafana groups (grafana-admin/editor/viewer), they cannot access the Grafana.

• To convert the read-only and read-write API user roles, remove the access from API user CLI and add a flag with the required write-enable flag.

• Configure the below nacm rule in the configuration mode for CLI restriction.

  config
  nacm rule-list restricting-CLI-access group [ rest-api-ro rest-api-rw ] cmdrule restrict-CLI-acccess command * access-operations create,read,update,delete,exec context cli action deny

• The pem file should be in the /data/keystore path of the orchestrator.

• If the Halo-E is enabled, the API user is still able to access Grafana in viewer mode using the Halo-E login as the user is getting assigned with default viewer role.

For more information, see the CLI Commands topic in the CPS vDRA Operations Guide.

Feature Description

In CPS 23.2.0 and later releases, the policy builder displays the last published and commit repository details using the newly added API from the SVN commands. It displays the following details:

• Last committed repository and published repository in the history page.

• List of repositories sorted based on the last commit order in DRA central.

Limitation

DRA Central GUI retrieves the SVN last publish and SVN commit repositories by using an underlying SVN containers. If SVN container is down then GUI will have issues.

For more information, see SVN Repository Changes topic in Policy Builder Configuration chapter from the CPS vDRA Configuration Guide.

Feature Description

In CPS vDRA, the Grafana monitors the per peer message failures as 3XXX or 5XXX error codes. From CPS vDRA 23.2.0 and later releases, the peer traffic monitor in Grafana includes the following monitoring panels as a part of the peer_message_total KPI enhancement:

• destination_host

• destination_realm

• peer_group

For more information, see the Statistics/KPI Additions or Changes topic in the CPS Release Change Reference.

Feature Description

In vDRA, the Custom Reference Data (CRD) REST API supports the query for selection, creation, deletion, and update of CRD table data with the read-only and read-write access. From this release, the CRD REST API allows the following CRD groups to limit the read or write access to a subset of the CRD Table:

• crd-table-restrict-read-write - read and write access to the configured subset of CRD tables

• crd-table-restrict-read-only - read only access to the configured subset of CRD tables

• crd-table-restrict-write-only - read only access to all the CRD tables and write access to the configured subset of CRD tables

Configuration and Restrictions

Use the CLI commands to:

• manage the CRD table group

• manage the mapping of local and external users to the CRD table group

For more information, see the CLI Commands section in the CPS vDRA Operations Guide.

Feature Description

vDRA supports the following alerts and KPI extensions:

• PREFERRED_PRIMARY_NOT_RUNNING - Use the alert to know if the the primary DB is not running on the server seed.

• NO_PRIMARY_DB - Enhancement to this alert provides information on the DB name and replica set name.

• The mongo_primary_reachable KPI includes the following labels added along with the existing labels:

  • preferredprimary

  • seed

Configuration and Restrictions

• In database configuration, the server seed should be the highest priority member.

• If the low priority member is configured as server seed and when the server-seed is down, it triggers the PREFERRED_PRIMARY_NOT_RUNNING alert.

• If there are two highest priority members configured and the server seed goes down, another highest priority becomes a primary member. This raises the PREFERRED_PRIMARY_NOT_RUNNING alert even if the server seed rolls back. There is no automatic switchover of primary to server seed because of the same priority

• If the seed member is restoring from site 2 to site 1 (inter site primary transition), the alert status may flap for a few seconds before becoming stable.

For more information, see the Notification and Alerts section in the CPS vDRA SNMP and Alarm Guide and Statistics/KPI Additions or Changes topic in the CPS Release Change Reference.

Feature Description

In CPS 23.2.0 and later releases, the vDRA supports both TLS and MTLS encryption by enabling them from the PB GUI.

The following DRA applications support TLS and MTLS encryption.

• Gx interface

• Rx interface

• Gy interface

• Sy interface

Configuration and Restrictions

• The open stack supports either TLS or MTLS for data encryption.

• The connecting peer must be inline with the DRA peers.

  • If the DRA peer is TLS enabled, then the connecting peer should be TLS enabled

  • If the DRA peer is MTLS enabled, then the connecting peer should be MTLS enabled

For more information, see the Policy Builder Configuration chapter in the CPS vDRA Configuration Guide.