Configuring BMC Network Automation for Continuous Compliance for Network Automation

This topic contains information on configuring BMC Network Automation to support the Continuous Compliance for Network Automation solution.

To configure BMC Network Automation to support Continuous Compliance for Network Automation

1. Log in with administrator rights to BMC Network Automation console.

   Important

   Under Admin > Users, ensure that the built-in user account named ao_adapter exists. This account is created automatically during installation, in case the user selects the default BMC Atrium Orchestration user account creation while enabling BMC Atrium Orchestration Integration, or the user can create a new ao_adapter user.

   This account is required by BMC Atrium Orchestrator to use the BMC Network Automation web services. Do not delete this account.

2. Open the Edit System Parameters page by navigating to Admin > System Parameters.

3. In the External Integrations section, make the following selections and click Save.

   System parameter	Description
   Enable Web Services Registry Integration	(Optional) Select this option if you are using the web services registry. When this option is selected, Web Service Endpoint URL and other related fields become available. If you are not using the web services registry, do not select this option. Note: See the External integrations section in the BMC Network Automation documentation for more information on enabling the integration of the web services registry.
   Enable BMC Atrium Orchestrator Integration	Select this option to enable integration with BMC Atrium Orchestrator.
   Web Service Endpoint URL	(Displayed only if you have not selected the Enable Web Services Registry Integration option) Enter the endpoint URL of your Atrium Orchestrator web service in the following format: protocol://BAOHostName:port/baocdp/orca?wsdl. For example, the Web Service Endpoint URL value is http://vw-bao-io.bmc.com:8080/baocdp/orca?wsdl.
   User name	Enter the user name for accessing the BMC Atrium Orchestrator system. User must have privileges to run the associated BMC Network Automation workflows.
   Password/ Confirm Password	Enter the password associated with the user name for accessing the BMC Atrium Orchestrator system.
   Grid Name	Enter the name of the BMC Atrium Orchestrator grid on which the BMC Network Automation workflows are running.
   Enable Continue Compliance for Network Automation	Select this option to enable integration with the Remedy ITSM continuous compliance workflows.
   Remedy Username for Jobs created by Policies	Enter the user name assigned to the Requested By field in the Remedy change ticket for Jobs that were created by a non-user (for example, the system or a policy). This user name is used by auto-remediate policies that require Remedy approval when the BMC Atrium Orchestrator creates a change ticket.
   Enable CMDB Integrations	Select this option to enable integration with the BMC Atrium CMDB.
   Web Service Endpoint URL	(Displayed only if you have not selected the Enable Web Services Registry Integration option) Enter the endpoint URL of your Atrium CMDB web service in the following format: protocol://cmdbhost:port/cmdbws/server/cmdbws.
   User name	Enter the user name for accessing the BMC Atrium Core CMDB services.
   Password/ Confirm Password	Enter the password associated with the user name for accessing the BMC Atrium Core CMDB services.

4. Open the Add Device Import Task page by navigating to Admin > Device Import > Add.

5. In the Add Device Import Task page, set the following fields, and click Save:

   Field	Description
   Name	Enter a name to identify the device import task (for example, Atrium CMDB).
   Annotation	Enter a description of the import task.
   Enabled	Select this option.
   Auto Purge	Ensure that this option is not selected.
   Initial Snapshot	Ensure that this option is not selected.
   Format	Select BMC Atrium CMDB 2.1 and above, which is also compatible with CMDB 7.5 and 7.6.
   Business Service Relationship Role	Select Source.
   Repeat	Set up this task as a one-time event, or on a recurring schedule.
   Import Time	The appearance of this field varies depending upon the value you select in the Repeat field. Set the time (and days if appropriate) for the import task.
   Dynamic Menu Fields	Select Accept Unknown Values (default) or Reject Unknown Values.
   Scope	Select Only Existing Devices from the Import Source. This option overlays CMDB attributes only on devices that exist in the device inventory. CMDB devices not found in the BMC Network Automation device inventory are ignored.

6. If you do not store network devices in the Atrium CMDB, the integration with Remedy ITSM is still functional. The integration will track the network device name stored in the BMC Network Automation inventory in the Change and Incident Notes fields. Skip to the next step. 
   If you do have reconciled network CIs in the Atrium CMDB, follow these steps to more tightly track network CIs in the Change and Incident tickets. The Atrium CMDB import overlays device attributes (ReconciliationID, business services) onto an existing device database. For proper reconciliation, the CMDB CI Name must match the Name field in the device inventory.
7. Enable Job Approvals in the BMC Network Automation application:
   1. Open the Edit System Parameters page by navigating to Admin > System Parameters.

   2. In the Job section, make the following selections, and click Save:

      System parameter	Description
      Enable Job Approval For Actions	Select all actions that will require an approval process. For example, if Snapshot actions do not require approval, clear the option. Hold down Shift while clicking an action to select or clear an option.
      Require User to Enter Change ID for Jobs	Disable this option. Remedy will assign Change IDs and Task IDs to jobs after submission.

8. Based on the job approval policies configured in Remedy ITSM, configure Job Approvals to include Remedy approvals. 
   When a Job requires Remedy approval, BMC Network Automation will create a Change ticket in Remedy. The Job will be scheduled when Remedy approval has been granted.
   1. Open the Add Job Approval Type page by navigating to Admin > Job Approval Types > Add.
   2. Select the Appovers tab.
   3. In the Approvals field select Remedy Approval; or if additional BMC Network Automation approvals are required, select Multiple Approvals or Sequence of Approvals, and then select Requires Approved Remedy Ticket.
   4. Select the Details tab, and assign values for the Change Timing and Urgency fields.
      These values are assigned when the Remedy Change ticket is created. To configure Remedy for Automatic Approval of changes, set the Change Timing field to Emergency or No Impact.
   5. Click Save.
9. Configure dynamic fields used to populate required fields in Change tickets created by BMC Network Automation.
   
   BMC Network Automation uses a Remedy template named Network Change to create Change tickets. When submitting change requests, users can override the required fields in the Network Change template. These out-of-the-box fields are defined as Job and Job Approval dynamic fields.
   1. Open the Dynamic Fields page by navigating to Admin > Dynamic Fields.

   2. You can add or edit dynamic fields to assign default values to override the Remedy Network Change template or you can delete a dynamic field to have the default value assigned in the Network Change template take precedence.
      
      See Managing dynamic fields in the BMC Network Automation documentation for more information.

      Note

      Do not edit or add menu values assigned to the dynamic fields in the following table, as they map one-to-one to Remedy Change ticket fields.

      Dynamic field	Corresponding Remedy Network Change template field
      Job: Change Type	Change Type
      Job: Comments	Summary
      Job: Impact	Impact
      Job: Risk Level	Risk Level
      Job Approval: Change Timing	Timing
      Job Approval: Urgency	Urgency

   3. Once you have completed making your changes to the dynamic fields, click Save.

10. Open the Add SNMP Manager Station page by navigating to Admin > SNMP Manager > Add, and configure an SNMP Manager.
    
    The SNMP Manager must be configured with the IP address of the BMC Atrium Orchestrator server. The SNMP Trap is sent to the BMC Atrium Orchestrator. The trap community for the SNMP Manager can be configured as version 2c or 3. See Adding or editing an SNMP manager station in the BMC Network Automation documentation for details.

    Note

    By default, BMC Atrium Orchestrator listens on port 162 for SNMP events. The port number you specify here should match the one in the SNMP monitor adapter. To avoid conflicts, ensure no other applications or SNMP listeners are using the port you specify.

11. Configure one or more policies with a Send Trap action to trigger BMC Atrium Orchestrator to create a Remedy Incident ticket:

    1. Open the Policies page by navigating to Policies > Policies.

    2. In the Policies page, find the row for the Send Compliance Violation Notification policy and click the Copy icon in the Actions column for that row.

    3. In the Copy Policy page, select the Actions tab.

    4. Open the Send Trap dialog box by selecting Add Action > Notifications > Send Trap.

    5. In the Annotation field, enter an annotation.

    6. In the Trap Type field, select Compliance Violation Discovered.

    7. In the SNMP Manager field, select one or more SNMP managers.

    8. Click OK.

    9. In the Copy Policy page, click Save.

You can create a Remedy Incident ticket under the following conditions:

• BMC Network Automation detects that a device’s configuration is not compliant with assigned rules.
• BMC Network Automation detects that a device’s current configuration has a discrepancy (for example, Running vs. Startup, Running vs. Trusted Running, Startup vs. Trusted Startup).
• BMC Network Automation detects that a device event that warrants the opening of an Incident (for example, repetitive snapshot attempts have failed).

For details on configuring policy notifications, see Managing policies and Suppressing multiple policy executions in the BMC Network Automation documentation. Pay attention to the Suppressing multiple policy executions instructions to avoid creating multiple Remedy Incidents if a single audit detects multiple configuration compliance violations.

To configure BMC Network Automation to launch directly into a CI

A BMC Network Automation administrator can create one or more external links that enable you to run external applications from the device info popup windows. See Managing external links in the BMC Network Automation documentation. This topic describes how to configure an external link to launch into the BMC Atrium Explorer. The URL that you configure to point to the BMC Atrium Explorer will differ depending on the BMC Atrium CMDB version you have installed at your site.

1. Log on to BMC Network Automation as an administrator.
2. Open the Add External Link page by navigating to Admin > Network Admin > External Links > Add.

3. In the Add External Link page, enter the following information:

   Field	Value
   Name	A unique name for the link.
   URL	With BMC Atrium 7.6.01 installation or later, you can launch the CI directly from BMC Network Automation by appending the string BMCRECON to the CI ID (Field ID F431400000). Enter a URL with the following syntax: http://arSystemServerName:port/arsys/apps/arSystemServerName/AtriumCMDBConsole/Atrium:Explorer? F490001100=NameSpace& F400109900=ClassName& F431400000=BMCRECON${device.external_id}& F431400001=DataSetID& F431400003=FilterName Example: http://aui-demo2:8080/arsys/apps/aui-demo2/AtriumCMDBConsole/Atrium:Explorer? F490001100=BMC.CORE& F400109900=BMC_COMPUTERSYSTEM& F431400000=BMCRECON${device.external_id}& F431400001=BMC.ASSET& F431400003=
   Enabled	When this option is selected, the link is enabled for users (selected by default).
   Validate Substitution Parameters	When this option is selected, the link is validated when you create it (selected by default).
   Description	Enter the names of user-assigned dynamic fields, or select them as described in the next step.

4. (Optional) If you want to add user-assigned dynamic fields by selecting from a list, perform the following steps:
   1. In the Add External Link page, click Substitution Parameters.
      
      A dialog box appears listing substitution parameters.
   2. Select one of the following options:
      • Global: Lists global parameters that are defined on the Global Substitution Parameters page (Admin > System Admin > Global Substitution Parameters). This is the default selection.
      • Agent: Lists substitution parameters specific to an agent.
      • Device: Lists substitution parameters specific to a network device.
   3. Select the parameter that you want to add.
   4. Position the cursor at the insertion point in the Description field, and paste the parameter by pressing Ctrl+v or choosing the web browser’s paste command (Edit > Paste).
   5. Repeat the above steps for each substitution parameter you want to add.
      For more information, see About substitution parameters in the BMC Network Automation documentation.
5. Click Save.
   
   If Validate Substitution Parameters was selected, the server validates the URL and saves the link. If the link is invalid, an error message is displayed. If the link is valid and Enable was selected, the link becomes available to users in the Device Info popup.