What's new in this release

New features and enhancements are available in IBM® Cloud Pak for Network Automation 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, and 2.6.5.

Controlling access to objects with OBAC

IBM Cloud Pak for Network Automation now supports object-based access control (OBAC). That is, you can now control what users can do with particular groups of objects. This feature supplements the existing access control methods, which are role-based access control (RBAC) and multitenancy.

By using OBAC, you can control access efficiently to objects such as assembly instances, assembly descriptors, deployment locations, infrastructure keys, and secret groups. You control access to object groups by using user groups. That is, you control what objects a user can access and what permissions the user has for those objects by using user groups. For example, you can create an object group of network package and deployment location objects. You can assign user groups with different permissions to that object group as follows:

  • A user group that has permissions that specify that the users can update the network packages, but only view the deployment locations that are associated with that object group.
  • Another user group that allows the users to update both the network packages and deployment locations that are associated with the object group.
The following screen capture shows the screen that you use to create and update object groups:
Administer object groups for network automation page

For more information, see Managing object groups and Object groups API.

Automatic installation of logging stack

IBM Cloud Pak for Network Automation now includes a built-in logging stack for the aggregation of application log data. The open source tools, OpenSearch and Fluentd, are installed and enabled automatically when you install the Cloud Pak.

OpenSearch and Fluentd are used together to provide a scalable and efficient log management and search infrastructure. Fluentd is used to gather application log data, which is then stored and indexed in OpenSearch.

You can customize the OpenSearch settings that are used for the Cloud Pak installation, such as the index name, the number of index shards, and the number of index replicas. For more information, see Settings for application logging.

Viewing communication between resource drivers and underlying systems

New UI pages and APIs are added to allow you to view the messages that are exchanged between resource drivers and the underlying systems that complete intent tasks.

You might find this information useful for many reasons. For example, it might be helpful when you deploy a new underlying system, or troubleshoot issues with intent tasks that fail or take too long.

For more information, see Viewing communication with underlying systems.

Installing an active-active configuration on AWS for high availability

You can now install IBM Cloud Pak for Network Automation in an active-active configuration on self-managed clusters on Amazon Web Services (AWS) to ensure that the Cloud Pak is highly available. You can install on three or more clusters in this configuration. Each cluster can process workloads concurrently. Load-balancing services spread the workload across the clusters.

For more information, see Installing an active-active configuration for HA on AWS.

Accessing the Cloud Pak via a customised hostname or IP address

Instead of using the default OpenShift hostnames, which are long and cumbersome, to access Cloud Pak services, you can now customize these service hostnames. You can use the customized hostnames to access services on the default cluster domain, or via a customized domain that has its own IP address. By using this arrangement, you can isolate the network traffic that the IBM Cloud Pak generates from traffic that other applications generate. For more information, see Accessing the IBM Cloud Pak via a customized hostname or IP address.