This section provides an overview and process flow to enable creating and approving change requests in BMC Remedy IT Service Management for remediation operations.
In this release, BMC Helix Automation Console (SaaS) and TrueSight Automation Console (on-premises) support creating and approving change requests in a change management system, called BMC Remedy IT Service Management.
When operational changes such as installing patches are implemented, administrators need to keep a track of these changes in a change management system. Organizations may use an approval process, where a change is not implemented unless it is approved. To automate the process of creating a change request, approving it, and then ensuring that the change is implemented, change automation is enabled.
In BMC Helix Automation Console (SaaS), you can create a change request for a vulnerability or a patch remediation operation. In TrueSight Automation Console, you must upgrade to 20.02.01: Patch 1 for TrueSight Automation Console 20.02 to avail the functionality to create change requests for patch remediation operations.
This is done by integrating with TrueSight Orchestration – ITSM Automation runbook.
When you create an operation in Automation Console, you can create a change request, with approval settings as configured in BMC Remedy IT Service Management. The change request ID appears against the operation on the Operations page. After a change is approved, based on the schedule, the operation runs and remediates the vulnerabilities.
Change automation ensures continuous compliance to the change process without introducing labor intensive activities. The integration reduces the risk of unauthorized and unplanned changes through enforced change tracking.
Change automation process flow
The following figure shows the end-to-end process flow for a vulnerability operation with a change approval configured.
Change automation considerations
As administrators, when you implement change automation, consider the following:
- A single change request is created for a single operation.
- Change request creation is only available if you have selected Execute Now or defined a schedule for the operation.
If you select the Maintenance Schedule as I will do it later, you do not see the option to create a change request.
- When a change is created, the change request ID is updated in the job description in the TrueSight Server Automation job created for the operation.
- If you update the schedule for an operation in the change request, the updated schedule is reflected for the operation. After approval, the operation runs according to the new schedule.
- If the operation schedule expires before the change request is approved, the operation and the job is cancelled, and the status is shown as Cancelled due to schedule timeout.
- If the change request is cancelled or not approved, the operation and the job are cancelled.
Consult the following table to understand the correlation between the change request status and the operation status and the impact on the vulnerabilities and assets state.
|Change request status||Operation status||Vulnerabilities and assets state|
|Not applicable yet||Awaiting attention||Awaiting attention|
|New||Awaiting approval||Awaiting approval|
|Ready to Execute|
Success (After the operation completes successfully)
Closed (After the operation completes successfully)
|Ready to execute||Cancelled due to schedule timeout||Awaiting attention|
|Cancelled||Cancelled due to approval rejection||Awaiting attention|
Where to go from here
To install and configure the ITSM runbook, and to set up a change request creation, see Enabling change automation.