NCM 2020.2.6 Release Notes
Release date: July 15, 2021
These release notes describe the new features, improvements, and fixed issues in Network Configuration Manager 2020.2.6. They also provide information about upgrades and describe workarounds for known issues.
New features and improvements in NCM
Important: Orion Platform 2020.2.6 includes updated password policies that impact individual Orion accounts. After you upgrade to NCM 2020.2.6, all passwords for individual Orion accounts will expire in 30 days. To learn more, see the Orion Platform 2020.2.6 Release Notes.
NCM 2020.2.6 offers the following security improvements.
NCM 2020.2.6 is an Orion Platform product, and runs on Orion Platform 2020.2.6. See Orion Platform 2020.2.6 Release Notes.
FIPS-compliant encryption algorithms
If 'Any' is specified as the Encryption Algorithm on a device's Properties page and the device is configured to be FIPS-compliant, NCM uses only FIPS-compliant algorithms for SSH communications with that device.
Node limitations checked when a user manually executes an NCM job
In previous versions of NCM, when a job was executed (either by a schedule or manually), NCM checked the limitations of the job owner to determine which nodes the job ran on.
After an upgrade to NCM 2020.2.6:
If a job is executed by a schedule, the behavior is the same: NCM checks the limitations of the job owner to determine which nodes the job runs on.
If a job is executed manually, NCM checks the limitations of the user who manually executed the job to determine which nodes the job runs on.
For example, an Administrator creates a job, selects Node 1 and Node 2, and schedules the job. When the job runs as scheduled, it runs on both Node 1 and Node 2. Another user has a limitation that excludes Node 1. If that user executes the job manually, the job runs only on Node 2.
Users cannot view job logs for restricted nodes
If limitations prevent a user from accessing a node, the user will no longer be able to view NCM job logs for jobs that ran on the node.
For example, a job runs on 10 Cisco nodes and 10 Palo Alto nodes. A user has a limitation that excludes all Palo Alto nodes. When the job runs after an upgrade to NCM 2020.2.6, that user will be able to view the job logs on the 10 Cisco nodes but not on any of the Palo Alto nodes.
After an upgrade to NCM 2020.2.6, users can view job logs as described below:
Existing job logs (that is, logs for jobs executed before the upgrade) can be viewed only by users with Orion Administrator rights. Therefore, immediately after the upgrade, users without Orion Administrator rights will not be able to view any job logs.
Logs for jobs executed after the upgrade can be viewed only if the user can access the node on which the job ran. As described previously, users cannot view job logs for jobs that ran on a restricted node.
If a node is deleted, NCM can no longer determine whether a user had limitations that would have restricted access to that node. Therefore, only users with Orion Administrator rights can view logs for jobs that ran on a deleted node.
When a node is deleted, logs associated with that node are not automatically deleted. You can manually delete job logs, or schedule the Default Database and Archive Maintenance job to automatically purge older job logs.
Requirements to view, create, and manage jobs
If NCM Configuration Management Approval is not enabled, users with the NCM role of WebUploader or higher can now view, create, and manage NCM jobs. In earlier versions, the NCM role of Engineer or higher was required.
If NCM Configuration Management Approval is enabled, requirements to view, create, and manage jobs have not changed. See Create and manage NCM jobs for details.
Node limitations affect which nodes a job runs against and which job logs users can view, as described in the previous sections.
Requirements to view job logs for NCM Approval Requests
Users with the NCM role of WebUploader can access the Manage My NCM Approval Requests page, and they can view the jobs that were created when they scheduled the execution of a config change template. However, for WebUploaders, the History column does not display a link to view the job log. The NCM role of Engineer or higher is required to view job logs if NCM Configuration Management Approval is enabled.
Requirements to manually update policy compliance report information
The NCM role of WebUploader or higher is required to update the information about policy violations displayed in policy compliance reports. On the Compliance Policy Reports page, the Update All or Update Selected button is disabled for users with the WebDownloader or WebViewer roles.
Change to the SolarWinds SWIS API
The SWIS property
Cirrus.NCM_NCMJobs has been removed. To retrieve secured job logs, invoke
GetJobLog from the same entity.
New customer installation
For information about installing Network Configuration Manager, see the SolarWinds Orion Installer.
How to upgrade
Use the SolarWinds Orion Installer to upgrade your entire Orion deployment (all Orion Platform products and any scalability engines).
If you are upgrading from NCM 8.0 or later, you can upgrade your entire Orion deployment from the My Orion Deployment page. Downloading the Orion Installer is no longer necessary.
Fixed issues in NCM 2020.2.6
NCM 2020.2.6 fixes the following issues.
|00556336, 00747181, 00753638, 00810156||
Maintenance jobs complete successfully and no longer log
NCM 2020.2.6 supports the key exchange algorithm diffie-hellman-group14-sha256. If a device is configured to use this algorithm, NCM connection attempts no longer fail with the message
A memory leak in login validations and manual config transfers is fixed.
In previous versions, a connection attempt would hang if NCM could not connect with the assigned connection profile and the Advanced Setting "Use auto-detect when assigned connection profile cannot be used" was selected. This issue is resolved.
After an upgrade, the Configuration Wizard no longer fails when the script
One or more downloads no longer fail if a config download job targets multiple devices that use TFTP (Trivial File Transfer Protocol) for downloads.
When configs are downloaded from a Palo Alto device with OS version 7 or later, NCM displays policy information in the Policies view of the Node Details page.
When very large config files are stored in the NCM database, config searches no longer fail with an
For fixed issues in the Orion Platform, see the Orion Platform 2020.2.6 Release Notes.
|Some functionality in Orion Platform products cannot be accessed through Internet Explorer 11|
Issue: If you use IE 11 to access NCM or other Orion Platform products, some pages are not accessible or do not function correctly. These pages include (but are not limited to):
Resolution/Work-around: If a page does not function correctly in IE 11, use a different browser to access the page.
|After upgrading, attempting to open an NCM page returns an error|
Issue: In some environments, after an upgrade to NCM 2020.2.5 or later, NCM pages cannot be accessed. When you attempt to open a page that includes NCM data, such as the Node Details page, the message
Resolution/Work-around: If you encounter this issue, complete the following steps to resolve it:
|Permissions required to modify policy reports|
Issue: When you configure NCM security settings, you can select the following option:
Only NCM admin can modify compliance policy reports
If you select this option, the NCM Administrator role is required to manage policy reports through the user interface. However, if you use the SolarWinds API to manage policy reports, both the NCM Administrator role and Orion administrator rights are required.
|Resolution/Work-around: Grant Orion administration rights to the account that will manage policy reports using API calls.|
|NCM does not show current information about overlapping ACL rules after an upgrade|
|Issue: After you upgrade from NCM 7.9 or earlier, NCM does not display current information about shadowed or redundant access control list (ACL) rules. Older information is displayed.|
|Resolution/Work-around: Download the configuration files from your Cisco ASA and Nexus devices. After you download the config files, NCM displays current information about shadowed and redundant ACL rules.|
This version of Network Configuration Manager deprecates the following platforms and features.
Deprecated platforms and features are still supported in the current release. However, they will be unsupported or removed in a future release. Avoid using deprecated features.
|Syslog and Traps||If you are using the legacy Syslog and Traps function (for example, for real-time change detection in NCM), note that it will be removed and replaced by Orion Log Viewer in a future release likely to occur in 2022.|
© 2021 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.