CVP uses nginx to terminate all the HTTPS connections for which the nginx needs to be configured with a certificate.  This certificate could either be self-signed or signed by the CA. Figure 1 shows the generation and installation of self-signed certificates.

It is possible to have MSS-G configuration pushed automatically to CloudVision from an external system. This document covers the use of Forescout eyeSegment for policy definition and eyeSight for segment assignment.

802.1X information shows which endpoints have authenticated, are undergoing authentication, or have failed to authenticate to the network. This information is available to view in two locations from CloudVision: the 802.1X page in the Devices application, and the Dashboards application.

AAA Providers OAUTH and SAML Support AAA Providers allow users to create and log in to CloudVision with a provider of

An AQL notebook is an interactive tool for working with Advanced Query Language (AQL). It provides an accessible interface for incrementally developing complex queries and visualizing data. An AQL Notebook consists of a series of cells that can be executed individually, making it easy to experiment, test and iterate on AQL code.

Whenever CVP code is upgraded (either by the user on-prem, or automatically, on CVAAS), built-in studios are also upgraded. In some cases, the workspace containing that update may not be auto-submitted. There are typically one of two reasons behind this. Either the studio upgrade impact's device's running config (and we want the user to review the changes), or the new studio isn't building because of some error in the workspace.

The syslog export feature allows users to export audit logs to external server endpoints and monitor the status of these exports using CloudVision.

This is an optional feature that can be enabled to automatically upgrade the EOS image of any device through ZTP. It ensures that all ZTP-enabled devices in your network have a minimum EOS image version.

BFD (Bidirectional Forwarding Detection) session telemetry allows for the collection of per session statistics as

This document describes the BGP Maintenance Mode (MM) and MLAG ISSU Actions for Change Control to support hitless

When a device enters maintenance mode, this event will be triggered. The event will stay active while the device stays in maintenance mode.

New releases of CloudVision may introduce new built-in studios or enhancements to existing built-in studios.  Occasionally, these updates may feature improvements and other changes to the configuration template used by the studio and are included as part of the CloudVision release. 

A new event advises when the CloudVision SSL certificate is expiring. The event will alert users 90 days in advance of certificate expiration.

The Preload feature is used to streamline any change control operations that include an image upgrade. When a change control contains an image upgrade, the Preload feature can be used to create another change control operation that will download the required EOS image versions for each device.

Script action is a very effective feature to enable customers to add their own custom actions to Change controls.

The ChangeControl APIs offer a way to programmatically interact with the ChangeControl service on CVP.

Action bundles can be created within the Template editor. Based on the selected Action Bundle, the rule container will expose extra fields for the user to provide inputs.  If the bundle has a Task action, or an action with a DeviceID argument set to Provide via template, the rule will ask the user to define the Device Filter. 

The CloudVision Health dashboard is a built-in dashboard packaged with CloudVision. It provides panels displaying metrics for the cluster. 

When a CVP cluster is deployed in a different location from the devices under management, it is possible that it

Documentation for the new major features is available in the CloudVision User Guide for release 2017.1.0. This TOI

 This document covers the identity provider  (IdP) onboarding in CloudVision as-a-Service (CloudVision). CloudVision as a Service supports two types of identity providers: OAuth & SAML. Each has its unique configuration input and requires different configuration items to configure the provider for use within CloudVision.

Since Device Config diffing is a very important aspect of managing our hardware, we should make sure that this diffing is as convenient as possible. With that we have introduced a few improvements to our diffing component. These improvements range from UX convenience features to performance enhancers.

Please do not update packages after minimal installation, the installer ships with all required updated RPMs.

This document describes a procedure and tooling to reallocate the RAM and CPUs in the DCA CV 100 in order to maximize the

Every switch managed by CVP uses TerminAttr to stream updates to CVP and every one of these TerminAttr connections needs to be authenticated. Authentication is provided via shared key or certificates. 

This document describes the TerminAttr certificate authentication feature introduced in the CVP 2019.1.0

Users can now preview dashboards from the main dashboards screen. This allows users to see a windowed version of the selected dashboard that can be interacted with.

The AQL panel is a dashboard element that allows you to create custom data displays using the CloudVision Advanced Query Language (AQL). This gives you complete control over what data the panel displays and how it displays it, because you define the inputs and write the AQL query that feeds data to the panel.

This feature adds the ability to onboard third-party devices and management systems (herein referred to as “data sources”) via the sensor (formerly known as “collector”) infrastructure. The ability to onboard data sources using a default sensor is available by default on-premises. 

When there are a large number of configlets assigned to devices, it becomes important to have a fast and easy way to view configlets assigned to a device. To facilitate this, we have introduced multiple enhancements to the Device Configuration page that makes it easier for a user to navigate the configuration of their devices.

The device memory usage prediction event monitors the historical device memory usage via the MemAvailable metric and from this data generates a predicted future value which can be subject to a threshold above which to alert the user on. 

The disk usage prediction event monitors the historical device disk usage on a given disk partition and from this data

This feature adds additional functionality to OAuth and SAML providers in the the Settings > Access Control > Providers page. This new functionality is gated behind the “Email Domains for Providers” beta toggle. Enabling the toggle will allow users to specify a list of allowed email domains for provider login.

The figure below shows a conceptual overview of the Arista CVW solution. . As shown in the figure, CVW

For these events user rules need to be configured for each event. The user needs to define what the threshold is for the HTTP response time or jitter. After the rules are configured the events will trigger if values above these thresholds are seen. 

The Event Notification system is the mechanism that sends alerts when certain events occur the behavior of which is specified by the user.

This TOI captures new categories of events that have been added in CVP release 20202.1.0. Network

This document presents several procedures to reduce the time taken to upgrade CVP between major releases. This can


Flow Analytics (Beta). NOTE: This is a beta feature in the 2019.1.0 and 2020.1.0 release and is not enabled by

Two events are now available in CloudVision to track hardware table usage, a threshold event on the current percentage usage of a hardware table and a prediction event where the historical trend of hardware table usage is used to predict when the table will be full. 

CVP will generate events when a provisioned device goes out of config or image compliance.  When a device is assigned

Input errors from a failed build are now highlighted in Studios. Previously, after a workspace build failed, the Workspace Build Summary will show a list of reasons for the failure.

This integration uses TrustSec data from Cisco ISE to create MSS-G configuration to distribute to switches via CloudVision.

MAC/IP Address Search (Beta Feature) NOTE: This is a beta feature and is not enabled by default. In order to enable

CloudVision supports Single Sign-On (SSO) that allows a user to log in once with a single credential from a third-party identity provider. This opt-in feature is introduced to support mapping roles from the identity provider to roles defined in CloudVision in SSO login.

MSS-G or Group-Based Segmentation Security is a security feature that allows users to classify network endpoints into segments and define forwarding policies between segments. A given segment contains a set of hosts that should have identical security properties within the network. 

This feature adds additional functionality to the Settings > Access Control > Providers page behind the “Expanded Custom Provider Creation” beta toggle. Enabling the toggle will allow users to create and name multiple custom OAuth and SAML providers. 

This TOI covers the new Omnibox feature released in 2020.3.0. The Omnibox allows users to search across

Starting from CVP 2022.1.0 it is possible to generate a CSR from the Certificates UI on the Settings and Tools page with an optional SAN IP field. Once an external CA provides the certificate from the CSR, it then can be uploaded back to CVP.

The Packaging feature is used to export custom change control actions from one CloudVision cluster and install them in another. Package IDs and version numbers can be used to update existing packages with version control.