TOI Author :: Julie Powell

CloudVision provides support for microperimeter segmentation and enforcement as part of Arista’s Multi-Domain Segmentation Service (MSS) for Zero Trust Networking (ZTN).

ZTN works to reduce lateral movement into increasingly smaller areas where workloads are granularly identified and only approved connections are permitted.

CloudVision allows you to generate event notifications so that you can stay up to date on your network's status and performance. Notification configuration involves formatting notifications, configuring notification platforms, assigning notification receivers, and configuring notification rules.

Use the Authentication Studio to configure RADIUS servers for user authentication and 802.1X authentication and accounting. The 802.1X authentication protocol is a port-based network access control that provides an extra layer of security for both wired and wireless networks.  

View PTP counters to identify the types of messages being sent and received by PTP-enabled devices. Use this to troubleshoot issues with your network PTP configuration and connectivity. When announce and sync messages are present but delay request messages are missing, for instance, it may suggest that a host is having trouble locking to the boundary clock.

CloudVision will generate a Disk Utilization on CloudVision Node Breached Threshold event when disk utilization for a CloudVision node has either exceeded the default threshold or breached the user-configured threshold set in event rules.

 The Software Management Studio is used to manage EOS images and extensions and assign them to devices. You’ll use the studio’s Software Repository to upload EOS images, Streaming Agents, and extensions. You’ll then create or edit a workspace in Studios to assign software from the Software Repository to devices.

Use bearer tokens to provide custom applications or third-party applications, like Ansible, login access to CloudVision. Doing so will allow the application to make configuration changes to EOS devices. Bearer token login can be used with identity providers that issue bearer tokens and have an introspection endpoint. Okta and PingIdentity have been tested for use with CloudVision.

You can now enable CloudVision to combine the authentication and authorization requests that it sends to a RADIUS server into a single request. When RADIUS is configured as the AAA provider, CloudVision will send separate authentication and authorization requests by default. This can cause issues with One-Time Password (OTP) users, as issued passwords are only valid for one request. Note: Non-OTP RADIUS systems will be unaffected by the change. To combine authentication and authorization requests, navigate to Settings > Access Control and enable the Combine Login Auth Requests checkbox.

A new role permission, Action Execution, has been introduced to control the execution of custom actions when they are run in isolation, such as via Studio Autofill actions and standalone executions in the Action editor. A custom action is a user-created action that has either been installed via a package or has been created using python script and arguments.

CloudVision allows users to maintain multiple login sessions simultaneously. However, to prevent account sharing, administrators can now limit the number of active login sessions a user can have and terminate a user’s open sessions if that have reached their limit and are unable to log in.

In order to minimize the volume of change control events, CloudVision has introduced a new event, Change Control Events. Change Control Events is generated when 2 or more of the following events are triggered for the same change control:

Use an External Certification Authority (ECA) to ensure secure communication and authentication with CloudVision..By default, Streaming Agent and other applications communicate with CloudVision using mutual-TLS certificates signed by a local certificate authority (CA). You now have the option to integrate CloudVision with Venafi,  an external CA, to sign and verify these certificates.

Provisioning Settings allows you to configure CloudVision's default behavior when pushing configuration and image changes to devices. Each setting relates to an action used in Change Control. Ordinarily you should only need to use the default settings, but you can alter them for more control over CloudVision and EOS interactions for devices in your network. 

CloudVision provides more than 20 overlay options to help you visualize the properties of network devices, interfaces, and links. Use the PTP overlay to visualize the topology of PTP enabled devices and their links. At a glance, you can see which device in a PTP domain is the grandmaster and which devices belong to a PTP domain.

The Software Management Studio is used to manage EOS images and extensions and assign them to devices. You’ll use the studio’s Software Repository to upload EOS images, Streaming Agents, and extensions. You’ll then  assign software from the Software Repository to devices using a new or open workspace.

A new Connectivity Monitor panel allows users to easily view the health of device connections in Dashboards. The Connectivity Monitor panel displays EOS probes, categorizes connections as either Healthy or Unhealthy, and identifies the number of devices involved. By clicking on an Unhealthy connection, you can view the Connectivity Monitor events related to the connection.

Creating a scope, or attribute, for your SAML provider allows you to pass CloudVision roles from the corresponding identity provider to CloudVision. This allows CloudVision user accounts to be automatically created with these roles when a new user logs in with that provider.

Event Rollup allows you to manage the volume of identical events and can be used to flag when an event is recurring. Event Rollup groups together events that are identical except for their timestamps. It does so in two ways: dynamically via the Event List and according to a 24-hour window via the detailed event view. It can be enabled or disabled at will, using the Roll Up toggle.

CloudVision allows users to monitor a device’s environment by displaying graphs for temperature, power supply and fan speed. Power Supply shows the power used at each power socket on the device. Previously users could only view a visualization of output power. A visualization for input power is now available to view.

CloudVision now creates VRF system tags in order to name devices in a VRF. This allows you to identify devices by VRF using the Tag Query Editor, like in Dashboards.

CloudVision now allows you to manage feature licenses for EOS devices in addition to CloudEOS (formerly vEOS) devices. License files, such as those for IPsec, MACsec, and TunnelSec licenses, can be uploaded to CloudVision in order to be viewed, downloaded, or installed onto EOS and CloudEOS devices.

Server ordering allows you to prioritize RADIUS and TACACS+ servers and specify the order that CloudVision should follow when attempting login authentication.

In addition to change control actions, users can now package custom dashboards, export them from one CloudVision cluster, and install them in another. Package IDs and version numbers can be used to update existing packages with version control.

Provisioning Settings allows you to configure a common set of settings to be used when executing provisioning actions.This gives you more control over how Change Control executes actions, such as the ability to tune provisioning timeouts. To configure provisioning settings, go to Settings > Provisioning Settings.

Users will now be able to view a new slave port interface metric in Devices and Dashboards for any device with PTP enabled. The metric communicates which interface is marked as the slave port at a given time, according to the PTP algorithm.

Users will now be able to minimize the number of CloudVision events by grouping related events together. Groups typically include events of the same type or those that are triggered on the same devices or interfaces.

The Packaging feature is used to export custom change control actions from one CloudVision cluster and install them in another. Package IDs and version numbers can be used to update existing packages with version control.