Latest features and enhancements added in this release.
Only significant new updates are listed here. To see the complete list of changes, refer to the NSO Changelog Explorer.
This release includes major enhancements in the following areas:
NSO product documentation has undergone a major restructuring with the goal of improving the overall experience.
NSO can now use a new CDB backend that uses RAM in a more traditional, cache-like manner instead of being a pure in-memory database. This mode better supports use cases with huge amounts of data in CDB, where CDB size exceeds available system memory, or instances where performance gains with in-memory mode are small enough to not justify longer initial startup time.
The additional benefit of this new persistence mode is greatly simplified operation, including an improved compaction process that runs entirely in the background without impacting ongoing requests.
Documentation Updates:
Added a new section CDB Persistence.
Added a new example in examples.ncs/misc/cdb-on-demand
to showcase this functionality.
NSO 6.4 introduces a more secure way for local Inter-Process Communication (IPC) between NSO system components based on Unix domain sockets. The main benefit of the new mechanism is the ability for the main server process to authenticate the clients. The authentication is based on the UID of the other end of the socket connection. In other words, it is now much easier to limit IPC access to specific host OS users.
Documentation Updates:
Added a new section UID-based Authentication for Unix Sockets.
Added a new example in examples.ncs/security/ipc
to showcase this functionality.
The commit no-overwrite
functionality has been extended to include verifying device values that are required to compute the end result (the values from the transaction read-set) have not changed. This means commit no-overwrite
now provides much stronger guarantees about correctness in the face of device changes that were not made through NSO. In many cases, it translates into making provisioning pre-checks unnecessary and simplifying operations (operator no longer needs to issue a check-sync
or sync-from
operation beforehand).
NSO now supports structuring the package templates
directory with subdirectories. The XML templates contained in the subdirectories can be referenced by prepending the subdirectory path and, optionally, by the package name and a colon.
This allows for unique identification of templates, which can now have duplicated names across NSO packages.
Documentation Updates:
Updated the section on Templates.
The Web UI functionality has been extended to include new feature updates in device/SNMP Authgroups, service manager, and compliance reporting. The UI’s look-and-feel has also been enhanced further for a continued streamlined experience.
Documentation Updates:
Added a new section Authgroups in Devices.
Improved and aligned the Services section in accordance with the new Service Manager.
Expanded the Web UI and Compliance Reporting sections to add new details.
The NSO Java API has seen significant changes, such as introduction of SocketAddress-based methods, deprecating a number of older functions, and removal of previously deprecated functionality. For a full list, consult the release CHANGES file (online version).
The NSO installer has been updated to, by default, provision a systemd
system service when performing the initial NSO installation with the --system-install
option.
Documentation Updates:
Added systemd
information to the System Install section.
A new document covering best practices for Kubernetes has been added to the documentation set.