cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Network Configuration Manager (NCM) 2019.4 is now Generally Available!

It is with great pleasure that we introduce the new release of Network Configuration Manager, 2019.4! This time around we have further enhanced the existing NCM framework to specifically improve vendor support for firmware upgrades, further visibility into Palo Alto Networks firewall policies, and improve web performance. Specifically we are including:

PANORAMA PUSHED POLICIES

In the v8.0 release of Network Configuration Manager we added Network Insight for Palo Alto Networks firewalls and the ability to see the local policies of each firewall. In this release, we are expanding that functionality to cover policies that originate from a Panorama management server. To get this additional functionality you simply need to ensure your Palo Alto firewalls are managed in NCM, and that the configuration has been backed up (ideally at a regular cadence). Once the configs are backed up, NCM will parse and display the policy information much like it would before, but it will now pull in the policies created in Panorama. On the policies list view, we added an additional column to highlight the origin of the policy so there is no confusion about where it originates. If you happen to have many policies you are also able to use the origin field as a way to filter the displayed list. Each Panorama policy can be expanded just like the local ones, so you can navigate and review the details relevant to you.

Policies+List.png

NEW FIRMWARE UPGRADE TEMPLATES AND SETTING

We continue to focus on expanding vendor support for Firmware Upgrades, and in this release are introducing new templates for both Lenovo and EtherWAN devices. They are available 'out of the box' and are visible when you create a new firmware upgrade operation; simply open the one you want to use and go through the steps in the wizard. As with all templates, you can make modifications to these and share them on THWACK.

Firmware+Upgrade+Templates.png

In addition to expanding the available templates, we realize that not all devices operate the same after being upgraded and specifically some devices require multiple restarts before coming completely back online. In recognition of this, we have added a new setting to control how long NCM should wait before attempting to verify if the device is back online. For most templates this will be default to 0ms, but can be changed as your environment and device requires, meaning all your custom templates will be set to 0ms (as it operates today) so that there is no disruption. This setting can be modified by navigating to the "Manage Firmware Upgrade Templates" settings page and from there select the template you wish to modify. Once you open the edit window for the template, you will see the new setting slider under the 'Upgrade Options' section that can be modified to the value that fits that device and your network.

Screen+Shot+2019-10-01+at+2.03.31+PM.png

MORE CONFIG CHANGE TEMPLATES!

In addition to the Firmware Upgrade template updates, there are also new Config Change Templates for Lenovo Campus NOS and EtherWAN devices. These out of box change templates allow for faster and easier execution of changes to devices ranging from passwords to community strings to VLAN information and much more. If you are not familiar with the Config Change Templates, this functionality allows you to build a framework that will automatically build the scripts to change configs. There's more detailed information in the Admin guide.

Config+Change+Templates.png

WEB PERFORMANCE ENHANCEMENTS

When you engage with our products your time is critical and that you reduce the time that it takes to see the information critical to you at that point in time. That is why in this release, we introduced enhancements into NCM to improve how quickly web pages load. Specifically we have set out to ensure NCM loads multiple page resources in parallel and specifically improves how quickly the information above the fold is shown to you, the user. The improvement will vary from large to small depending on your setup and environment, but we expect you will find the experience to be much improved.

The 2019.4 release includes common platform features like support for managed Azure SQL instances, expanded Orion Maps functionality, and platform-wide improvements in web performance.

You can read more about the Orion Platform and all of our Network and System Management modules here: Orion Platform 2019.4 and Its Modules Are Now Generally Available

You can view the Release Notes and System Requirements documentation for this release of NTA here: Orion 2019.4 Product Releases

Post your installation experiences, questions, and comments on the new release here in this forum! Remember to post yourNetwork Configuration Manager Feature Requests , and to up-vote your favorites.

Tags (1)
Comments

I like some of the things shown here.  I'm also a bit surprised Cisco 2960 and 3750 platforms are highlighted.  We forklifted them out of our network years ago, and I don't know you can even buy a 2960S or 3750 anymore.

They were an easy choice for first support because they are so common amongst folks, but I do expect people to be migrating to newer platforms over time.  We've got some work to do!

Can the firmware upgrade module handle the INSTALL vs BUNDLE mode on 3850+ switches now?

Only bundle mode.

I have "frankenstein'd" the Firmware Upgrade templates so that it can handle stacks too

Got a working method for 3850/9300 Bundle Mode stacks and 9200 Install Mode stacks

The "wait time between reboot and checking node is up" feature will be magnificent for this, as stack reboot takes longer

It could include the 2960x which is newer and still very common.

We're still running five-dozen 2960XR's (out of ~800 switches), but they are certainly too low-powered to handle what Cisco claimed they'd handle, such as full ISE implementation for NAC security.  We're retiring them as quickly as we can, replacing them with 93xx or 94xx models.

Upgrading stacked XR's is a painfully slow and highly-impacting process for a 7x24 facility such as ours.  I'd never go with them again, or anything like them.  I'll take the chassis ISSU's that dual supervisors provide anytime the port density and business case justify it.  When there are eight switches in a 2960XR stack, the price difference per port for going to a 4510 with dual PS and dual supervisors is about $1 per port.  It's a no-brainer for the improved uptime and easier management.

Version history
Revision #:
1 of 1
Last update:
‎10-30-2019 05:06 PM
Updated by: