Closed-loop compliance for servers for ServiceNow
This use case involves automatically creating incidents and change requests if non compliant servers are detected, or if deviations from a master server configuration are detected. The server compliance capabilities in BMC Server Automation involve:
- Detecting discrepancies between specific servers or component configurations against a baseline server or configuration
- Monitoring and detecting compliance violations between specific servers or component configurations against specific rules related to operations, security, and governance
Continuous Compliance for Server Automation integrates the remediation of discrepancies and compliance violations in BMC Server Automation to the change management processes facilitated by ServiceNow management system.
This topic includes the following sections:
Tracking the remediation of compliance violations
This use case automates the processes associated with remediating compliance violations detected in the configuration of servers and targets managed by the BMC Server Automation system by:
- Detecting and obtaining compliance violations with the configuration of target servers
- Creating incidents and change tickets for those inconsistent servers
- Creating and executing a remediation package to resolve the compliance violation, after the change ticket is approved
- Verifying that the violation is resolved. If the violation is not resolved, the incident is escalated
Overview of the tracking remediation of server compliance violations use case
The following table describes the overall process of the use case:
Step 1: Detect violations
Detecting and obtaining compliance violations with the configuration of target servers.
To prevent unauthorized or unwanted changes in server configurations, the BMC Server Automation operator runs a Compliance job periodically that compares each server configuration against certain rules and policies (for example, operational or regulatory policies). The Compliance job produces a list of consistent and inconsistent servers.
Step 2: Create tickets
Creating incidents and change tickets for each of the inconsistent servers.
The BMC Server Automation operator configured the job to send an SNMP alert to notify BMC Atrium Orchestrator of these compliance violations. BMC Atrium Orchestrator interacts with ServiceNow to open incident and change tickets. Tasks are created for the change tickets.
Step 3: Resolve the compliance violation
After the change tickets are manually approved in ServiceNow, an email is sent to the operator and BMC Atrium Orchestrator creates and executes a remediation job in BMC Server Automation.
Step 4: Verifying that the violation is resolved
The Compliance Job is executed again after closure of the change request, to check if the remediation attempt was successful.
Considerations for the tracking remediation of server compliance violations use case
This workflow has the following restrictions for Multiple Job Support:
Allows one Compliance Job with a given name in BMC Server Automation server
Although the BMC Server Automation server allows you to create jobs with identical names in different folders, BMC Continuous Compliance for Server Automation solution supports only one job with a given name in a BMC Server Automation server.
If a given BMC Server Automation server has a Compliance Job with the fully qualified name of /jobFolder/complianceJob, there cannot be another Compliance Job with the same name in any other folder on that BMC Server Automation server.
Allows one component template with a given name in a BMC Server Automation server
Although the BMC Server Automation server allows you to create component templates with identical names in different folders, BMC Continuous Compliance for Server Automation solution supports only one component template with a given name in a BMC Server Automation server.
If a given BMC Server Automation server has a component template with the fully qualified name of /templateFolder/aComponentTemplate, there cannot be another component template with the same name in any other folder on the same BMC Server Automation server.
Where to go from here
You can also execute the Documenting operator-initiated changes for servers for ServiceNow use cases.