Configuration roadmap for continuous compliance for servers
Click here to create a PDF of this topic.
This topic provides a high-level description of the configuration tasks required to implement the BMC Continuous Compliance for Servers solution, part of Compliance Automation. Prior to configuring the solution, ensure that you have completed the installation tasks described in Installation roadmap for continuous compliance for servers.
Step 1: Configure a grid
After the BMC Atrium Orchestrator platform components are installed and running, configure a grid. The grid distributes information across the BMC Atrium Orchestrator components. See Managing grids in the BMC Atrium Orchestrator online documentation.
Step 2: Verify logon account IDs
Verify that you have a BMC Remedy ITSM administrative logon ID. During the BMC Continuous Compliance for Server Automation solution installation, this account is used to export the ITSM templates.
Step 3: Configure BMC Remedy ITSM
In BMC Remedy ITSM, do the following:
|Configure group auto assignments for change tickets|
|Configure group auto assignments for incidents|
|Review and verify the BMC Remedy artifacts|
Prior to configuring BMC Remedy ITSM, you must use the Content Installer to install the BMC Remedy artifacts.
When you run the installer, you select values for the key fields to customize the pre-configured BMC Remedy artifacts required by the solution. For descriptions of the artifacts, see BMC Remedy artifacts. For installations requiring a custom solution, or to complete the ITSM configuration, use the BMC Remedy ITSM Application Administration Console to create and configure a new company, create a template, or modify existing templates.
Warning: When changing template settings, BMC recommends backing up the default templates modifying the template values. Do not change the default user group BMC Server Automation role. Changing the user group role causes the system to fail to perform as expected.
To customize BMC Remedy ITSM templates, complete the following steps:
For details about the BMC Remedy artifacts, see Artifact and configuration reference for Continuous Compliance for Server Automation.
Step 4: Export and enable the required adapters
In BMC Atrium Orchestrator,
Use Grid Manager to complete the configuration of the following required adapters:
- BMC Remedy AR System application adapter
- BMC Remedy Monitor adapter
- BMC Atrium Orchestrator BladeLogic Operations Manager adapter
- BMC Atrium CMDB adapter
- SNMP Monitor adapter
- File adapter
- Web Services adapter
For details on configuring these adapters for the solution, see Configuring adapters for the Continuous Compliance for Server Automation solution.
Step 5: Configure the connection between BMC Server Automation and BMC Atrium Orchestrator
Through the BMC Server Automation Console, you must add the configuration information required to connect to BMC Atrium Orchestrator.
|Configure job approval for job types|
The Approval Configuration option enables you to configure whether or not jobs of a given type require BMC Remedy ITSM approval. By default, the approval for each supported job type is turned off.
All job types with Yes specified for the Approval Required option require that you complete the Approval tab information in the job wizard.
See the video (6:56) at https://youtu.be/DXFPXib5C7U for a demonstration about configuring job approvals for job types in BMC Sever Automation.
|Assign job approval permissions|
Use this procedure to assign permissions to different Continuous Compliance for Server Automation users for integrating job execution with BMC Remedy ITSM.
Assign the appropriate approval type to each user role. When that user logs on, only the job approval type assigned for the user role is listed when running the job wizard.
See the video (6:56) at https://youtu.be/DXFPXib5C7U for a demonstration about assigning job approvals permissions before running a job in BMC Server Automation.
|Set up the connection to BMC Atrium Orchestrator|
Using the BMC Server Automation Console, you must add the configuration information required to connect to BMC Atrium Orchestrator.
The integration between BMC Continuous Compliance for Server Automation and BMC Atrium Orchestrator supports connections to a single grid only. The connection with BMC Atrium Orchestrator is established through the CDP or through a high availability CDP (HACDP). Other types of peers are not supported.
See the video (7:50) at https://youtu.be/_YqFYY2EFIA for a demonstration about providing BMC Atrium Orchestrator connection information in the BMC Server Automation Console.
Enable HTTPS support on BMC Atrium Orchestrator
To secure the communication of data between BMC Continuous Compliance for Server Automation and BMC Atrium Orchestrator, you must enable an HTTPS connection on both products.
Note: The required steps vary, based on the decisions that you made regarding the BMC Atrium Orchestrator version during its installation. If you are using BMC Atrium Orchestrator 7.6, complete the steps below. If you are using BMC Atrium Orchestrator 7.7, the required actions depend on whether HTTPS was left enabled (the default option) during the installation.
Click here for more information, if you are using Atrium Orchestrator 7.7.
You can verify that HTTPS support is enabled by checking the Apache Tomcat server's server.xml file and looking for the following line:
Enable HTTPS support for BMC Atrium Orchestrator on BMC Server Automation
See the video (7:50) at https://youtu.be/_YqFYY2EFIA for a demonstration about enabling HTTP support for BMC Atrium Orchestrator on the BMC Server Automation console.
Step 6: Activate and configure the required modules using Grid Manager
Before you can use the BMC Continuous Compliance for Server Automation solution, ensure that the modules are properly integrated to work with the BMC Remedy ITSM system by activating the modules on the grid.
To activate modules on the grid:
- Using Grid Manager, select Manage > Modules.
- From the Modules in Repository list, select the modules required for the run book (shown in the list below), and then click Activate.
You must configure the modules. For details on how to perform this task, see Updating module configuration for Continuous Compliance for Server Automation.
If you modify the modules, you must export them to the repository to make the updated modules are available on the grid. Using the Import and Unbundle function in BMC Atrium Orchestrator Development Studio, export the modules to the repository. If you import the modules directly from a local disk, they are not available to peers until you export them to the repository. For more information about exporting modules to a repository, see the Administrating topic in the BMC Atrium Orchestrator online documentation.
Step 7: Configure BMC Server Automation templates and jobs for the solution
To use the BMC Continuous Compliance for Server Automation solution you must create the following items in the BMC Server Automation system, according to the use cases you want to implement.
BMC Server Automation provides powerful compliance and audit analysis tools. The following table provides an overview of the compliance and audit analysis capabilities.
Description and more information
Compliance analysis and remediation are performed based on BMC Server Automation components and component templates. Component templates contain the relevant compliance rules that you want your servers to adhere to, and components encapsulate just the right amount of server configuration to render your Compliance Jobs simple yet powerful.
Using Audit Jobs, you can:
Performing an audit requires you to identify a master--that is, a server with a standard configuration that is used as the basis of comparison. The procedure for identifying a master depends on how you define an Audit Job.
|Create new job properties|
For the Closed Loop Server Audit and Closed Loop Server Compliance modules, you must add job properties for Batch and Deploy Job system objects in BMC Server Automation as follows:
|Create an Audit component template|
To create an audit component template
|Create an Audit Job|
The following are the requirements for creating the Audit Jobs used by the Closed Loop Server Audit module:
To create the Audit Job:
|To create the Audit verification job|
For each Audit Job you create, you must also create a corresponding Audit verification job that is used to verify the remediation job results. This Audit Job is used for the Verify Audit Discrepancies after Remediation workflow.
|Create a Compliance component template|
To create a compliance component template, complete the following steps:
|Create a Compliance Job|
For an example procedure to create a Compliance Job, see Example procedure for creating a Compliance Job in the BMC Server Automation online technical documentation.
After the job completes, BMC Server Automation sends an SNMP trap for each inconsistent server-rule combination.
To create the Compliance verification job
|Create a Compliance remediation Job|
A remediation job consists of an instruction set and files required for implementing configuration changes. Configuration changes can consist of additions, deletions, and modifications to any of the server objects.
Only one package can exist for each rule in the Compliance component template. There might be some rules in the template that do not have an associated package.
For more information about deploying the BLPackage, see Creating and modifying Software and BLPackage Deploy Jobs and Creating a Deploy Job in the BMC Server Automation online documentation.
Where to go from here
After you have installed and configured the BMC Continuous Compliance for Server Automation solution, you can execute the Continuous Compliance for Servers use cases.