Itential Platform integrates with Cisco Network Services Orchestrator (NSO) through adapter-nso, a dedicated adapter that manages the connection between Platform and NSO, and itential_tools, a package installed on the NSO server that exposes NSO capabilities to Platform workflows.
Together these components allow Platform automations to read and write device configurations through NSO, apply service models, subscribe to NSO events, and perform device lifecycle operations — all programmatically via workflows and the RESTCONF or NETCONF protocols.
The NSO adapter connects to NSO over two interfaces simultaneously:
Each time the adapter establishes a connection to NSO, it reads the service models advertised by NSO. Platform workflows then interact with those service models and devices through workflow tasks such as runAction, restAction, and eventListener.
NSO does not need to be installed on the same server as Platform, but it must be network-accessible from Platform.
The adapter supports two authentication modes, configured via authenticationStrategy.method.
machineLoginAll transactions to NSO are made using a single global service account. This is the default and simpler mode. NSO sees all Platform-initiated operations as coming from one user (typically admin).
Use machineLogin when:
tokenLoginPlatform makes calls on behalf of specific authenticated users. When a workflow performs an operation, NSO receives the request as the individual user (for example, bobjones) rather than the service account. This requires NSO to be configured with external authentication using the ph-auth.py script.
Use tokenLogin when:
See Authentication and access control for configuration steps.
The adapter supports three protocols for interacting with NSO. The appropriate protocol depends on your NSO version and use case.
NSO 5.3 is the last version to support both RESTCONF and the legacy REST API. NSO 5.4 and later support RESTCONF only.
Platform supports NSO deployments using Layered Service Architecture, where an upper NSO node manages service models and one or more lower NSO nodes connect to physical devices.
Configure a separate adapter-nso instance for each NSO node:
Platform’s adapter broker handles routing automatically. When a workflow task references a device or service model by name, Platform queries all configured NSO adapter instances to locate which one manages that resource, then routes the operation to the correct adapter.
Itential does not support multiple NSO instances that share device names or service model names/paths. Each device and each service model path must be managed by exactly one NSO instance.