Configuration Compliance and Remediation use cases

The goals of the Configuration Compliance and Remediation use cases are:

• Policy-based remediation of compliance violations
• Automated, closed-loop changes
• Integration with change management processes
• Service-based view for policy assignment and prioritization

Configuration Compliance and Remediation in BMC Server Automation

BMC Server Automation accomplishes the goals of Configuration Compliance and Remediation by combining the activities described in Change Tracking and Compliance Reporting in BMC Server Automation with those described for BMC Server Automation in Operator Initiated Change, as illustrated in the following diagram. The steps that follow the diagram define the abbreviations used in the diagram.

This use case has the following steps:

1. When viewing the Compliance job results, the BMC Server Automation (BSA) operator can choose to remediate noncompliance (all or partial).
2. The operator creates and schedules a remediation job, triggering approval through BMC Remedy Change Management.
3. After approval is received, BMC Server Automation executes the remediation job.
4. The operator can view the results of the remediation job.
5. A targeted BMC Atrium Discovery (ADDM) scan can be triggered to update the CMDB in near real-time, or BMC Server Automation can update the CMDB in batch, as described in step 6 of Operator Initiated Change.
6. BMC Server Automation executes the Compliance job at the next scheduled time.

Configuration Compliance and Remediation in BMC Network Automation

BMC Network Automation also supports an automated closed-loop Configuration Compliance and Remediation flow, as shown in the following diagram. The steps that follow the diagram define the abbreviations used in the diagram.

This use case has the following steps:

1. BMC Network Automation (BNA) backs up a device, checks its configuration for compliance, finds that the device is newly out of compliance, and logs a compliancy-violation-found event. The device backup can be initiated in the following ways:
   • By an operator on an ad hoc basis
   • By a time-based policy that runs regularly to back up the device
   • By an event-based policy that backs up the device when BMC Network Automation receives a syslog event from the device indicating that its configuration has changed
2. The logging of the compliancy violation triggers an event-based policy that creates a job that merges a new configuration with the device. This new configuration corrects the compliancy violation.
3. BMC Network Automation invokes a BMC Atrium Orchestrator workflow to gain change management approval of the job.
4. BMC Atrium Orchestrator creates a change request in BMC Remedy Change Management.
5. After the change request is approved, BMC Atrium Orchestrator informs BMC Network Automation that the job can proceed.
6. After merging the new configuration with the device, BMC Network Automation automatically backs up the device again and checks its configuration for compliance.
7. BMC Network Automation finds that the device is now in compliance, and logs a compliancy-violation-cleared event.
8. BMC Atrium Orchestrator updates the change request with the job completion information.

BMC Atrium Orchestrator can trigger a targeted BMC Atrium Discovery (ADDM) scan of the relevant network devices to update the CMDB.