Ticketing policy violations and documenting automatic remediation

BMC Network Automation performs network compliance audits based on security, operational, and regulatory configuration standards. When a compliance violation is detected, BMC Network Automation automatically opens a network incident in BMC Remedy Incident Management and relates a network change request within BMC Remedy Change Management to begin the remediation and tracking process.

The BMC Remedy Service Desk user can view the Compliancy Summary Report from the federated link on the BMC Atrium CMDB CI Relationship Viewer, allowing users to view the details of each violation. The BMC Remedy change request is displayed at BMC Network Automation for resolution.

The network engineer submits a job to remedied the compliance violation(s) using the Smartening auto-scripting capability. After the compliance violation has been fixed, the BMC Remedy change task is closed.

Key benefits

The main benefit of this solution capability is to improve compliance to security, operational and regulatory standards through automated compliance monitoring, auditing, remediation and reporting. 

To enforce compliance to network configuration policies

The following table provides a high-level view of the tasks required to implement the use case, with links to the BMC Software documents containing the task details.

Step

Product involved

Description and references

Event 1: Compliance violation detected

BMC Network Automation

In BMC Network Automation, policies are a set of conditions that when met cause the system to perform a set of actions. When a policy executes, the system creates a job containing the policy actions.

When a BMC Network Automation policy detects a configuration change that is non-compliant with audited rules on a device, the policy notifies BMC Atrium Orchestrator, using an SNMP trap, to open a BMC Remedy incident.

For more information, see Mapping BMC Network Automation SNMP traps to BMC Remedy Incident and Change fields.

For more information about using policies in BMC Network Automation, see Managing policies in the BMC Network Automation on-line technical documentation.

Event 2: Change ticket automatically created

BMC Remedy Change Management

In the BMC Remedy incident, the network CI is related to the incident. To begin the remediation process, a change ticket is created and associated with the Incident. The Notes in the BMC Remedy incident and change tickets identifies the non-compliant rule.

A network task is automatically created for the change request, and the task is related to the CI with the compliance violation.

For details on using the Change Management System, see Working with change requests in the BMC Remedy Change Management on-line technical documentation.

Step 1: Complete the change ticket

BMC Remedy Change Management

When the BMC Remedy user progresses the change ticket through approvals, the change ticket is displayed in the BMC Network Automation BMC Remedy inbox.

For more information, see Managing the Remedy Inbox in the BMC Network Automation on-line technical documentation.

Step 2: Remediate the compliance violation

BMC Network Automation

The network engineer clicks on the change request, which opens a Job window. The change ID and task ID are automatically assigned to the job for change tracking. The network engineer adds a Deploy to Active span action to remediate the compliance violation.

Step 3: View the Compliance Summary report

BMC Network Automation

The network engineer clicks the Report icon to view the Compliance Summary report. The report indicates which rules are in violation.

Step 4: View the violation details

BMC Network Automation

The user clicks on the Failed link to view the violation details in the Difference Details Report page.

Step 5: Preview the SmartMerge remediation script

BMC Network Automation

Based on the violation, the user previews the SmartMerge remediation script before submitting the job for execution.

Step 6: Submit the job

BMC Network Automation

The user submits the job. When the job completes, the BMC Remedy change task is updated with the completion status.

Step 7: Launch Job Details Report

BMC Remedy Change Management

The BMC Remedy user can also verify the remediation by selecting the Launch button on the task window.

The BMC Remedy user selects the Job Details Report to get a summary of all devices changed.

Step 8: View the Job Summary Report

BMC Remedy Change Management

The BMC Remedy user selects the job ID, change ID or task ID to view the Job Summary Report and verifies that the compliance violation has been resolved.

Step 9: Launch the Compliance Summary Report

BMC CMDB CI Relationship Viewer

At any time, the BMC Remedy user can launch the Compliance Summary Report from the BMC Atrium CMDB CI Relationship Viewer to view current compliance status.


Was this page helpful? Yes No Submitting... Thank you

Comments