Change automation
This section provides an overview and process flow to enable creating and approving change requests in an IT service management system for remediation operations.
Overview
BMC Helix Automation Console supports creating and approving change requests in BMC Remedy IT Service Management and ServiceNow ITSM systems for the following endpoint manager: TrueSight Server Automation
TrueSight Automation Console supports creating and approving change requests in BMC Remedy IT Service Management and ServiceNow ITSM systems for the following endpoint managers: TrueSight Server Automation and TrueSight Network Automation
When operational changes such as installing patches or remediating vulnerabilities are implemented, administrators need to keep a track of these changes in a change management system. Organizations may use an approval process, where a change is not implemented unless it is approved. To automate the process of creating a change request, approving it, and then ensuring that the change is implemented, change automation is enabled.
You can create a change request for a vulnerability, patch and compliance remediation operation. This is done by integrating with TrueSight Orchestration – ITSM Automation runbook. This runbook supports creating change requests in both BMC Remedy IT Service Management and ServiceNow ITSM systems.
When you create an operation in Automation Console, you can create a change request, with approval settings as configured in the ITSM system of your choice. The change request ID appears against the operation on the Operations page. After a change is approved, based on the schedule, the operation runs and remediates the missing patches or vulnerabilities.
For a patch remediation operation, a configuration item (CI) is not associated with the change request. For a vulnerability operation, a CI gets associated with the change request.
Change automation ensures continuous compliance to the change process without introducing labor intensive activities. The integration reduces the risk of unauthorized and unplanned changes through enforced change tracking.
Change automation process flow
The following figure shows the end-to-end process flow for a vulnerability operation with a change approval configured.
Change automation considerations
As administrators, when you implement change automation, consider the following:
- A single change request is created for a single operation.
- The description that you added in TrueSight Automation Console while creating an Operation with change integration is also added to Description field in BMC Remedy IT Service Management.
- Change request creation is only available if you have selected Execute Now or defined a schedule for the operation.
If you select the Maintenance Schedule as I will do it later, you do not see the option to create a change request. When a change is created, the change request ID is updated in the job description in the TrueSight Server Automation job created for the operation.
When a change is created, the change request ID is updated in the job description in the TrueSight Server Automation or TrueSight Network Automation job created for the operation.
- If you update the schedule for an operation in the task associated with the change request, the updated schedule is reflected for the operation. After approval, the operation runs according to the new schedule. Note that you must update the Schedule Start Date or the Schedule End Date for the task and not the change request.
- If the operation schedule expires before the change request is approved, the operation and the job are cancelled, and the status is shown as Cancelled due to schedule timeout.
- If the change request is cancelled or not approved, the operation and the job are cancelled.
If using change templates in BMC Remedy ITSM, ensure that the Scheduled for Approval stage is enabled in the template.
(For TrueSight Network Automation endpoint manager) On the TrueSight Network Automation application, configure a new job approval type as follows:
- Log in to the TrueSight Network Automation as a network administrator.
- Navigate to Network > Network Admin > Job Approval Types.
- Click Add.
- On the Details tab, enter the following name for the approval type: TSAC_NONE
- On the Approvers tab, select None from the Approvals list.
- Save the changes.
For more information, see Job approval types.
Important
(For TrueSight Network Automation endpoint manager) If you have already configured change approval flow in TrueSight Network Automation, you must disable it to ensure that the change approval flow configured in TrueSight Automation Console works. Both the flows should not coexist as they use different workflows in TrueSight Orchestration and refer different forms in IT Service Management.
Consult the following table to understand the correlation between the change request status and the operation status and the impact on the vulnerabilities and assets state.
Change request status | Operation status | Vulnerabilities and assets state |
---|---|---|
Not applicable yet | Awaiting attention | Awaiting attention |
New | Awaiting approval | Awaiting approval |
Ready to Execute | Awaiting execution Success (After the operation completes successfully) | Awaiting execution Closed (After the operation completes successfully) |
Ready to execute | Cancelled due to schedule timeout | Awaiting attention |
Cancelled | Cancelled due to approval rejection | Awaiting attention |
Where to go from here
To install and configure the ITSM runbook, and to set up a change request creation, see Enabling change automation.
Comments
Log in or register to comment.