Closed Loop Compliance SA Server module

Before you can use the Closed Loop Server Compliance module to track the remediation of compliance violations, you must ensure that the module is properly integrated to work with the BMC Server Automation and ServiceNow systems.

Tips for configuring the Closed Loop Server Compliance module

If the Compliance Job takes more than 5 minutes to complete, the workflow process times out. To increase the time-out period, you can add the <time-out> parameter to the BL_Connection_Details configuration item in the Runbook Defaults configuration group.
When setting up the Remediation_Job_Delimiter configuration item in the Runbook Defaults configuration group, ensure that you are not using any special characters (such as hyphens or vertical bars) that are used in the host name string. The workflows use this delimiter to extract the Change ID from the job name, so the delimiter forms a crucial differentiation factor to determine where the host name ends and where the Change ID starts in the remediation job name.
BMC Atrium Orchestrator leverages the BMC Server Automation CopyJob feature in the BMC Continuous Compliance for Servers run books where two or more non-compliant servers are verified simultaneously through a BMC Server Automation job. For that, BMC Atrium Orchestrator creates a copy of the verify job and runs it. In earlier versions, BMC Server Automation did not support simultaneous running of verification jobs.

To configure this module, you must specify the BMC Server Automation version and destination directory of the verify job in the Closed Loop Server Compliance - Runbook Default configuration.

Note

The format of the verify job name created by BMC Atrium Orchestrator is TargetBoxName-AO-ChangeID-AO-EpocTimenow. The value -AO- in the job-name-format is the delimiter, which is used from the existing module configuration element <Remediation_Job_Delimiter>.

Adapters configuration group for Closed Loop Compliance SA Servers

The following table lists the Adapters configuration items.

Configuration item

Description

File Adapter

Enter the name of the File adapter.

This adapter is used to read the exported Compliance Job results.

SMTP Adapter

Enter the name of the SMTP adapter

Change Management configuration group for Closed Loop Compliance SA Servers

Update the Enable configuration item with the status as true or false. Specify true if you want to create a change in ServiceNow. Default value is false.

Configuration Management configuration group for Closed Loop Compliance SA Servers

The following table lists the Configuration Management configuration items.

Configuration item	Description
BL_Atrium_ Integration_ Enabled	Specifies how the configuration items are retrieved through BMC Server Automation Integration for Atrium. A value of true retrieves the configuration items using the CDMachineID. A value of false retrieves the configuration items using the CI name.
BL_ComputerSystem_ Mappings	Specifies the mappings between the configuration item name and the display name.
BL_ComputerSystem_Mappings_v8_0	Specifies the mappings between the configuration item name and the display name for BMC Atrium CMDB version 8.0.
BL_Server_Class_ Name	Name of the server class used to retrieve the relevant configuration item information. For example, BMC_ComputerSystem.
Enable	Indicates if BMC Atrium CMDB access is enabled in the current BMC Remedy ITSM environment. Set this value to true only if CI information is present with BMC Remedy AR System and /or the BMC Atrium CMDB for servers being managed by BMC Server Automation. Default value: false

Incident Management configuration group for Closed Loop Compliance SA Servers

Update the Enable configuration item with the status as true or false. Specify true if you want to create an incident in ServiceNow. Default value is false.

Runbook Defaults configuration group for Closed Loop Compliance SA Servers

The values in the Runbook Default configuration items must match the values of the component template, Compliance job, and remediation packages in your BMC Server Automation system. The following table lists these configuration items.

Configuration item	Description
BL_Connection_Details	An XML structure that holds the BMC Server Automation Adapter name. `<connection-details> <adapter-name>BladeLogic Adapter</adapter-name> </connection-details>`
BL_Connection_Details_Instance_2	You can configure more than one BMC Server Automation adapter. An XML structure that holds the second instance of the BMC Server Automation Adapter name. `<connection-details> <adapter-name>BladeLogic Adapter Instance 2</adapter-name> </connection-details>`
BL_Version	You can have multiple versions of the BMC Server Automation Console installed and as a result you might have multiple BL_Version configuration items. For example, you might have both versions 8.2 and 8.6 of the console installed on a particular computer. This configuration item specifies the version and location of the BMC Server Automation Console that is launched from the Task ticket in ServiceNow. Update the following items: Version — Enter the version number for the console. For example, 8.6. Windows — If the console is installed on a Microsoft Windows system, enter the console executable path. For example, C:\Program Files\BMC Software\Bladelogic\8.2\CM\rcp UNIX — If the console is installed on a UNIX system, enter the console executable path. For example, /opt/bmc/BladeLogic/CM/rcp
BladeLogic_Trap_Mappings	An XML structure that holds the BMC Server Automation trap mappings. See the following figure. <bladelogic-trap-mappings> <enterprise>.1.3.6.1.4.1.12788</enterprise> <generic-trap-type>6</generic-trap-type> <specific-trap-type>1001</specific-trap-type> <jc-job-name>.1.3.6.1.4.1.12788.1.1.1</jc-job-name> <jc-start-time>.1.3.6.1.4.1.12788.1.1.2</jc-start-time> <jc-end-time>.1.3.6.1.4.1.12788.1.1.3</jc-end-time> <jc-overall-status>.1.3.6.1.4.1.12788.1.1.4</jc-overall-status> <jc-exit-code>.1.3.6.1.4.1.12788.1.1.5</jc-exit-code> <jc-group-id>.1.3.6.1.4.1.12788.1.1.6</jc-group-id> <jc-run-id>.1.3.6.1.4.1.12788.1.1.7</jc-run-id> <jc-type-id>.1.3.6.1.4.1.12788.1.1.8</jc-type-id> <ar-cons-type>.1.3.6.1.4.1.12788.1.2.1</ar-cons-type> <ar-obj-type>.1.3.6.1.4.1.12788.1.2.2</ar-obj-type> <ar-os-type>.1.3.6.1.4.1.12788.1.2.3</ar-os-type> <cr-cons-type>.1.3.6.1.4.1.12788.1.5.1</cr-cons-type> <cr-template-name>.1.3.6.1.4.1.12788.1.5.2</cr-template-name> <cr-rule-name>.1.3.6.1.4.1.12788.1.5.3</cr-rule-name> <at-user-name>.1.3.6.1.4.1.12788.1.3.1</at-user-name> <at-host-name>.1.3.6.1.4.1.12788.1.3.2</at-host-name> <at-command-string>.1.3.6.1.4.1.12788.1.3.3</at-command-string> <at-time-occurred>.1.3.6.1.4.1.12788.1.3.4</at-time-occurred> <rat-date>.1.3.6.1.4.1.12788.1.4.1</rat-date> <rat-role-name>.1.3.6.1.4.1.12788.1.4.2</rat-role-name> <rat-user-name>.1.3.6.1.4.1.12788.1.4.3</rat-user-name> <rat-object-type>.1.3.6.1.4.1.12788.1.4.4</rat-object-type> <rat-object-name>.1.3.6.1.4.1.12788.1.4.5</rat-object-name> <rat-authorization-action>.1.3.6.1.4.1.12788.1.4.6</rat-authorization-action> <rat-action-status>.1.3.6.1.4.1.12788.1.4.7</rat-action-status> <rat-message>.1.3.6.1.4.1.12788.1.4.8</rat-message> </bladelogic-trap-mappings>
Default_TimeZone	Used to convert the Scheduled start date (the date found in BMC Remedy ITSM Change) to BMC Server Automation specific date and time for the creation of the remediation job. Best practice is to keep BMC Atrium Orchestrator, BMC Remedy AR System and the BMC Server Automation Application Server all on the same time zone setting. Time zones are interpreted as text if they have names. For time zones representing a GMT offset value, the following syntax is used: `GMTOffsetTimeZone: GMT Sign Hours: Minutes Sign: one of + - Hours: Digit Digit Digit Minutes: Digit Digit Digit: one of 0 1 2 3 4 5 6 7 8 9` Note: Hours must be between 0 and 23, and minutes must be between 00 and 59. The format is locale independent and digits must be taken from the Basic Latin block of the Unicode standard. Default value: `GMT-6:00` You must add or subtract one hour every six months to adjust the time for Daylight Savings Time.
Destination_Verify_Job_Group	A string value that holds the BMC Server Automation Job folder structure, which contains the copy of the verification job that ensures that the Compliance violations have been remediated. For example: /Closed Loop Folder/CLSC/Verify Job Folder
Export_Path	A string value that holds the directory name that must exist on the BMC Server Automation Adapter peer where the CSV file of Compliance job results is stored. This path does not contain the file name. Change this value based on your environment. For example, C:\temp.
File_Connection_Details	An XML structure that holds the values needed to make a File Adapter request to read exported job results on the peer running the BMC Server Automation adapter. `<ConnectionDetails> <invocation-mechanism>command-line</invocation-mechanism> <adapter-name>FileAdapter</adapter-name> <hostname>172.21.124.89</hostname> <username /> <password /> <timeout>120</timeout> <prompt /> <allow-unknown-hosts>true</allow-unknown-hosts> </ConnectionDetails>` Ensure that the host name element matches the host name of the peer running the BMC Server Automation Adapter.
Jobs	An XML structure that contains a list of Compliance Jobs that BMC Atrium Orchestrator manages. Multiple job elements are allowed, and a job might contain multiple template elements. The element job-group represents the folder name within BMC Server Automation and the element job-name represents the job name. `<jobs> <job> <job-group>/Closed Loop Folder/CLSC</job-group> <job-name>compliance job</job-name> <schedule-offset>5 </schedule-offset> <maintenance-window>60</maintenance-window> <is-pre-approved>false</is-pre-approved> </job> </jobs>`
Log_File_Path	Specifies the path where all logs are saved. Default value: C:\clc.log
Logging_Enabled	Specifies whether logging is enabled. Default value: true
Remediation_Depot_Name	Fully qualified name of the BMC Server Automation depot folder that contains the remediation package.
Remediation_Job_Delimiter	Delimiter used to create the remediation job name. This delimiter can be a character or a group of characters that can be a part of a Server name, IP address, ServiceNow Change request ID, a timestamp, or epoch date.
Remediation_Job_Group	A string value that holds the BMC Server Automation Job folder structure that contains the newly created remediation job to remediate Compliance violations. For example, /Closed Loop Folder/CLSC/Remediation Job Folder
SNMP_Target	Enter the IP address of the BMC Atrium Orchestrator peer running an SNMP Monitor adapter on the grid. Jobs executed on BMC Server Automation that require SNMP Trap notification back to BMC Atrium Orchestrator use this value for the Job Run Notification SNMP properties.
Send_Approval_Email	Enter the IP address of the BMC Atrium Orchestrator peer running an SNMP Monitor adapter on the grid. Jobs executed on BMC Server Automation that require SNMP Trap notification back to BMC Atrium Orchestrator use this value for the Job Run Notification SNMP properties.
To_Email_Address_List	Specify the email addresses of the users to whom you want to send the approval emails automatically. The IMAP adapter must be enabled with the email addresses. The subject of the email is retrieved from the clc.log file, which is created at the path specified for the Log file path under the LOG_File_Path property.
blcli_tunneling	Specifies if the BMC Server Automation adapter is enabled in BLCLI tunneling mode. The default value is `false`. For more information about this setting, see the BMC Atrium Orchestrator online documentation.