Cisco Services Platform Collector 2.7.4 Release Notes March 27, 2018 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 9
Contents Table of Contents 1. INTRODUCTION TO CSPC... 3 CSPC SUPPORTED BROWSERS... 3 2. WHAT IS NEW... 4 3. VIRTUAL PLATFORM REQUIREMENTS... 5 4. RESOLVED DEFECTS... 6 5. KNOWN ISSUES... 7 6. AVAILABLE RESOURCES... 8 SOFTWARE DOWNLOAD... 8 7. LEGAL INFORMATION... 9 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 9
1. Introduction to CSPC This document provides information about what s new in the Common Services Platform Collector (CSPC) 2.7.4. The new features and functionality benefit existing customers as well as new users who are just starting to install a new CSPC. The CSPC software provides an extensive collection mechanism to collect various aspects of customer network information. CSPC connects to the discovered devices providing delivery of network information to network administrators and network engineers. Data collected by CSPC is used by several Cisco Advanced and Technical Service offers to provide detailed reports and analytics for both the hardware and software, such as inventory reports, product alerts, configuration best practices, network audits and so on. We recommend you update your collector version to take advantage of security updates that address the Meltdown and Spectre vulnerabilities, and to get new features such as security login customization and password retrieve/reset simplification. Refer to the CSPC Upgrade Guide for instructions. CSPC Supported Browsers Firefox version 27 to 49 Internet Explorer (IE) version 9 to 11 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 9
2. What is New Use of Google Tink crypto library for encryption and for rotation of the data encryption key to provide greater safety for customer data. In the next release, further extensions will be done to allow customers to deposit the keys in Cloud based Key Management Services (AWS and Google Cloud). One Time Password (OTP) scheme is implemented to enable easy and quicker way to rest admin password. This was one of the major concern expressed by many self-service customers and partners. Without this feature, the only option if customer forgets the admin password is to reinstall the CSPC. CSPC users can now opt-out from some of the stringent security login features such as Captcha, frequent mandatory password changes and frequent logouts in case of short inactivity. This is expected to improve the customer experience as it was one of the most talked topics on the support communities. Supports CLI data collection and several icurl command collection using HTTP from NX9K Application Centric Infrastructure (ACI). View Access Verification Results report is enhanced to show the IP address details of each device in order to enable further troubleshooting in case of access verification issues. Show primary entitled CSP registration ID in the home page of CSPC along with collector name to help customers, partners and support engineers to uniquely identify the collector quickly. Addressed ~40 STIG compliancy related findings. Ability to collect show tech command from XML editor in CSPC and ability to view the collected command output in its entirety. Multi-level authorization has been put in place for Remote Management Console for accessing terminals and collector report data. This will help to tighten the access to collector reports and terminals on RMC 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 9
3. Virtual Platform Requirements This section provides information about the virtual platform requirements, but does not provide directions on how to install the different virtual platforms. These are the minimum system requirements for the CSPC image that runs on a ESXi 6.x or higher virtual platform: CSPC configuration - OVA Ultra Small Small Medium Large Upto 5,000 devices Up to 10,000 devices Up to 20,000 devices Up to 40,000 devices Physical Core count 1 2 4 6 Core to vcore ratio 2 2 2 2 vcore count 2 4 8 12 RAM 2 GB 4 GB 8 GB 16 GB HDD(GB) 40 250 500 1000 NW Inventory Size 2 (NW element) NW Audit (NOS) Size 2 (NW element) <=5k <=10k <=20k <=40k Yes,100 Yes,250 Yes, <=1000 <=2000 NOS (NP and audit) Yes Yes Yes Yes SNTC Yes Yes Yes Yes NOS+SNTC Yes Yes Yes Yes NCCM 3 No No Yes Yes NOS+NCCM 3 No No No Yes NOS+SNTC+NCCM 3 NO No No Yes Refer to CSPC Installation Guide and CSPC Upgrade Guide to install and upgrade 2.7.4 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 9
4. Resolved Defects Below are customer impacting facing defects addressed in 2.7.4 release: Bug ID CSCve06613 CSCve98438 CSCvg41666 CSCvg44802 CSCvg54690 CSCvg70613 CSCvh07543 CSCvh12895 CSCvh44113 CSCvh49631 CSCvh50640 CSCvh51393 CSCvh60290 CSCvh78442 CSCvh79086 CSCvh93443 CSCvi31931 CSCvi34865 Description Smart sleep functionality during CSPC installation CSPC deleting all devices in a group even if filter applied Dataset filter in collection data viewer not working properly Registration Portal: CSPC NOS cert generated with lower case customerid CSPC duplicate detection should be VRF-aware Job run status export option not working SNTC: CSPC collector versions not reflecting updates Audit issue - Prompt collection does not run when the audit is scheduled CSPC GUI: Software upgrades are becoming stuck with status Apply-In-Progress High security vulnerability found on CSPC kernel CVE CVE-2017-5715, CVE CVE-2017-5753, CVE CVE-2017-5754 Audit collection haunged and never stops. CSPC 2.7.1 detects device to be the duplicate of an unmanaged IP address CSPC - TEG is not registered after upgrades, which is causing uploads to fail CSPC is not parsing syslogs properly when multiple source files are present. CSPC CLI upgrade getting stuck with message Apply-in-progress CSPC Diagnostic Bridge Integration - Extra Character Present in Collected CLI Configs LCM not using DNS for hostname resolution Incorrect specification char encoding format 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 9
5. Known Issues Below are the know issues and work around in CSPC 2.7.4 Bug ID CSCve29354 CSCvg80140 CSCvh70848 CSCvh98877 CSCvi09216 CSCvi11152 CSCvi29940 CSCvi38680 CSCvi39471 CSCvi50779 Description Software Updates is throwing Internal server error when the screen is accessed through remote tunnel CSPC Remote Tunnel - Software Updates tab shows HTTP status 404 not found Syslog uploads are not happening on start of every year January 1 st LCM upgrade from 2.7.3 to 2.7.3.1: Patch download failed - LCM message should be more accurate In LCM Show Download Start time shows invalid date 2.7.3 base does not use proxy while downloading EVAL certificate Non existing Collection Profile still running and status shows as fail 2.7.3 CSPC LCM is not utilizing configured proxy Adminshell stop/start failed on reboot causing SP install not to start on one box Workaround: Restart the adminshel CSPC not picking exact credentials 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 9
6. Available Resources Additional information regarding installing and configuring the collector are covered in below documents: CSPC Upgrade Guide CSPC Installation Guide CSPC User Guide Software Download CSPC Image Download Center 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 9
7. Legal Information THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB s public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies are considered un-controlled copies and the original on-line version should be referred to for latest version. Printed in USA 3/27/2018 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 9