"Sandboxes" for agent actions

When an agent performs an action, the action is performed in a "sandbox" that is created when the action starts and removed when the action completes. The sandbox is in the default VRF, so it does not have access to the management network.

A sandbox is an isolated, tightly controlled environment in which programs can be run. Sandboxes restrict what a program can do, giving it the appropriate permissions and computing resources without allowing it access to the entire computing environment.

This design has the following benefits:

• Agents coexist and are prevented from using an excessive amount of CPU resources.

• Agents can benefit from the high-availability features of ArubaOS-CX. During a switch failover event, the daemon that handles the sandbox can recover its state information and continue operations as before.

• Agents are prevented from accessing sensitive information—such as certificate files—in the switch operating system.