What's New

Latest features and enhancements added in this release.

Only significant new updates are listed here. To see the complete list of changes, refer to the NSO Changelog Explorer.

Release Highlights

This release includes major enhancements in the following areas:

Restructured Documentation

NSO product documentation has undergone a major restructuring with the goal of improving the overall experience.

New CDB On-Demand Mode

NSO can now use a new CDB backend that uses RAM in a more traditional, cache-like manner instead of being a pure in-memory database. This mode better supports use cases with huge amounts of data in CDB, where CDB size exceeds available system memory, or instances where performance gains with in-memory mode are small enough to not justify longer initial startup time.

The additional benefit of this new persistence mode is greatly simplified operation, including an improved compaction process that runs entirely in the background without impacting ongoing requests.

Documentation Updates:

• Added a new section CDB Persistence.

• Added a new example in examples.ncs/scaling-performance/cdb-on-demand to showcase this functionality.

IPC Authentication

NSO 6.4 introduces a more secure way for local Inter-Process Communication (IPC) between NSO system components based on Unix domain sockets. The main benefit of the new mechanism is the ability for the main server process to authenticate the clients. The authentication is based on the UID of the other end of the socket connection. In other words, it is now much easier to limit IPC access to specific host OS users.

Documentation Updates:

• Added a new section UID-based Authentication for Unix Sockets.

• Added a new example in examples.ncs/aaa/ipc to showcase this functionality.

Improved Out-of-band Changes Handling

The commit no-overwrite functionality has been extended to include verifying device values that are required to compute the end result (the values from the transaction read-set) have not changed. This means commit no-overwrite now provides much stronger guarantees about correctness in the face of device changes that were not made through NSO. In many cases, it translates into making provisioning pre-checks unnecessary and simplifying operations (operator no longer needs to issue a check-sync or sync-from operation beforehand).

Package Template Structure

NSO now supports structuring the package templates directory with subdirectories. The XML templates contained in the subdirectories can be referenced by prepending the subdirectory path and, optionally, by the package name and a colon.

This allows for unique identification of templates, which can now have duplicated names across NSO packages.

Documentation Updates:

• Updated the section on Templates.

Web UI Updates

The Web UI functionality has been extended to include new feature updates in device/SNMP Authgroups, service manager, and compliance reporting. The UI’s look-and-feel has also been enhanced further for a continued streamlined experience.

Documentation Updates:

• Added a new section Authgroups in Devices.
• Improved and aligned the Services section in accordance with the new Service Manager.
• Expanded the Web UI and Compliance Reporting sections to add new details.

Java API Improvement and Cleanup

The NSO Java API has seen significant changes, such as introduction of SocketAddress-based methods, deprecating a number of older functions, and removal of previously deprecated functionality. For a full list, consult the release CHANGES file (online version).

NSO Installer systemd Script Creation for System Install

The NSO installer has been updated to, by default, provision a systemd system service when performing the initial NSO installation with the --system-install option.

Documentation Updates:

• Added systemd information to the System Install section.

Kubernetes Best Practices Guidelines

A new document covering best practices for Kubernetes has been added to the documentation set.

Restructured Example Collection Linked from the Documentation

The example collection was restructured, and references to examples are now linked to a copy of the collection stored in the https://github.com/NSO-developer/nso-examples repository.

Rotating Cryptographic Keys

The action /key-rotation/apply-new-keys has been added and, when executed, supports re-encrypting all encrypted values in the system.

Documentation Updates:

• Added a new Cryptographic Keys section.
• Improved and aligned the Encrypted Strings section in accordance with the new key rotation functionality.