Closed-loop compliance for servers for ServiceNow


This use case involves automatically creating incidents and change requests if non compliant servers are detected, or if deviations from a master server configuration are detected. The server compliance capabilities in BMC Server Automation involve:

  • Detecting discrepancies between specific servers or component configurations against a baseline server or configuration
  • Monitoring and detecting compliance violations between specific servers or component configurations against specific rules related to operations, security, and governance

Continuous Compliance for Server Automation integrates the remediation of discrepancies and compliance violations in BMC Server Automation to the change management processes facilitated by ServiceNow management system.

This topic includes the following sections:

Tracking the remediation of compliance violations

This use case automates the processes associated with remediating compliance violations detected in the configuration of servers and targets managed by the BMC Server Automation system by:

  • Detecting and obtaining compliance violations with the configuration of target servers
  • Creating incidents and change tickets for those inconsistent servers
  • Creating and executing a remediation package to resolve the compliance violation, after the change ticket is approved
  • Verifying that the violation is resolved. If the violation is not resolved, the incident is escalated

Overview of the tracking remediation of server compliance violations use case

The following table describes the overall process of the use case:

Task

Description 

Step 1: Detect violations

Detecting and obtaining compliance violations with the configuration of target servers.

To prevent unauthorized or unwanted changes in server configurations, the BMC Server Automation operator runs a Compliance job periodically that compares each server configuration against certain rules and policies (for example, operational or regulatory policies). The Compliance job produces a list of consistent and inconsistent servers.

Step 2: Create tickets

Creating incidents and change tickets for each of the inconsistent servers.

The BMC Server Automation operator configured the job to send an SNMP alert to notify BMC Atrium Orchestrator of these compliance violations. BMC Atrium Orchestrator interacts with ServiceNow to open incident and change tickets. Tasks are created for the change tickets.

Step 3: Resolve the compliance violation

After the change tickets are manually approved in ServiceNow, an email is sent to the operator and BMC Atrium Orchestrator creates and executes a remediation job in BMC Server Automation.

Step 4: Verifying that the violation is resolved

The Compliance Job is executed again after closure of the change request, to check if the remediation attempt was successful.
 
BMC Atrium Orchestrator ensures that the discrepancy is resolved and properly tracked in ServiceNow. When the Compliance Job result is consistent, the Incident is closed. If the violation is not resolved, the incident is escalated.

Considerations for the tracking remediation of server compliance violations use case

This workflow has the following restrictions for Multiple Job Support:

  • Allows one Compliance Job with a given name in BMC Server Automation server
    Although the BMC Server Automation server allows you to create jobs with identical names in different folders, BMC Continuous Compliance for Server Automation solution supports only one job with a given name in a BMC Server Automation server.

    Example
     If a given BMC Server Automation server has a Compliance Job with the fully qualified name of /jobFolder/complianceJob, there cannot be another Compliance Job with the same name in any other folder on that BMC Server Automation server.

  • Allows one component template with a given name in a BMC Server Automation server
    Although the BMC Server Automation server allows you to create component templates with identical names in different folders, BMC Continuous Compliance for Server Automation solution supports only one component template with a given name in a BMC Server Automation server.

    Example
     If a given BMC Server Automation server has a component template with the fully qualified name of /templateFolder/aComponentTemplate, there cannot be another component template with the same name in any other folder on the same BMC Server Automation server.

Where to go from here

You can also execute the Documenting-operator-initiated-changes-for-servers-for-ServiceNow use cases.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*