Change automation

This section provides an overview and process flow to enable creating and approving change requests in an IT service management system for remediation operations. 


BMC Helix Automation Console supports creating and approving change requests in BMC Remedy IT Service Management and ServiceNow ITSM systems for the following endpoint manager: TrueSight Server Automation

TrueSight Automation Console supports creating and approving change requests in BMC Remedy IT Service Management and ServiceNow ITSM systems for the following endpoint managers:  TrueSight Server Automation and TrueSight Network Automation

When operational changes such as installing patches or remediating vulnerabilities are implemented, administrators need to keep a track of these changes in a change management system. Organizations may use an approval process, where a change is not implemented unless it is approved. To automate the process of creating a change request, approving it, and then ensuring that the change is implemented, change automation is enabled.

You can create a change request for a vulnerability, patch and compliance remediation operation. This is done by integrating with TrueSight Orchestration – ITSM Automation runbook. This runbook supports creating change requests in both BMC Remedy IT Service Management and ServiceNow ITSM systems.

When you create an operation in Automation Console, you can create a change request, with approval settings as configured in the ITSM system of your choice. The change request ID appears against the operation on the Operations page. After a change is approved, based on the schedule, the operation runs and remediates the missing patches or vulnerabilities. 

For a patch remediation operation, a configuration item (CI) is not associated with the change request. For a vulnerability operation, a CI gets associated with the change request. 

Change automation ensures continuous compliance to the change process without introducing labor intensive activities. The integration reduces the risk of unauthorized and unplanned changes through enforced change tracking.

Change automation process flow

The following figure shows the end-to-end process flow for a vulnerability operation with a change approval configured. Change integration_tsac

Change automation considerations

As administrators, when you implement change automation, consider the following: 

  • A single change request is created for a single operation.
  • The description that you added in TrueSight Automation Console while creating an Operation with change integration is also added to Description field in BMC Remedy IT Service Management.
  • Change request creation is only available if you have selected Execute Now or defined a schedule for the operation.
    If you select the Maintenance Schedule as I will do it later, you do not see the option to create a change request.  
  • When a change is created, the change request ID is updated in the job description in the TrueSight Server Automation job created for the operation. 

    When a change is created, the change request ID is updated in the job description in the TrueSight Server Automation or TrueSight Network Automation job created for the operation. 

  • If you update the schedule for an operation in the task associated with the change request, the updated schedule is reflected for the operation. After approval, the operation runs according to the new schedule. Note that you must update the Schedule Start Date or the Schedule End Date for the task and not the change request. 
  • If the operation schedule expires before the change request is approved, the operation and the job are cancelled, and the status is shown as Cancelled due to schedule timeout.
  • If the change request is cancelled or not approved, the operation and the job are cancelled. 
  • If using change templates in BMC Remedy ITSM, ensure that the Scheduled for Approval stage is enabled in the template.

  • (For TrueSight Network Automation endpoint manager) On the TrueSight Network Automation application, configure a new job approval type as follows:

    1. Log in to the TrueSight Network Automation as a network administrator.
    2. Navigate to Network > Network Admin > Job Approval Types.
    3. Click Add.
      1. On the Details tab, enter the following name for the approval type: TSAC_NONE
      2. On the Approvers tab, select None from the Approvals list.
    4. Save the changes.

    For more information, see  Job approval types. Open link

  • Important

    (For TrueSight Network Automation endpoint manager) If you have already configured change approval flow in TrueSight Network Automation, you must disable it to ensure that the change approval flow configured in TrueSight Automation Console works. Both the flows should not coexist as they use different workflows in TrueSight Orchestration and refer different forms in IT Service Management.

Consult the following table to understand the correlation between the change request status and the operation status and the impact on the vulnerabilities and assets state. 

Change request statusOperation statusVulnerabilities and assets state
Not applicable yetAwaiting attentionAwaiting attention
NewAwaiting approvalAwaiting approval
Ready to Execute

Awaiting execution

Success (After the operation completes successfully)

Awaiting execution

Closed (After the operation completes successfully)

Ready to executeCancelled due to schedule timeoutAwaiting attention
CancelledCancelled due to approval rejectionAwaiting attention

Where to go from here

To install and configure the ITSM runbook, and to set up a change request creation, see Enabling change automation.   

Was this page helpful? Yes No Submitting... Thank you