Use cases
Network change actions can include all of the following:
- Provisioning a golden template on a new device
- Updating configuration attributes across one or more devices
- Enforcing configuration policies on one or more devices
- Executing custom actions on one or more devices
- Performing a non-disruptive configuration rollback
- Deploying a software image to one or more devices
The following groups of use cases apply to the Continuous Compliance for Network Automation solution:
Enforcing continuous compliance to Change Management processes
The use cases that follow deal with the enforcement of continuous compliance to Change Management processes.
Use case 1: Operator initiated changes
When network configuration changes are implemented, network engineers are required to document these changes in BMC Remedy Change Management.
To automate the change tracking and documentation process, a Network Change request is automatically created in BMC Remedy Change Management when a network user submits a Job that requires BMC Remedy approval. After the change request is approved at Remedy, the change is scheduled for execution in BMC Network Automation.
When the Job completes, the BMC Remedy Change ticket is closed. The BMC Remedy Service Desk user can now launch the Job Details report from the BMC Remedy Change Task to verify the change actions. In addition, from the BMC Atrium CMDB CI Relationship Viewer the BMC Remedy user can launch a Change Summary Report to view change history for a network device.
The main benefit of this solution is to enforce continuous compliance to the change process without requiring network engineers to manually create BMC Remedy Change tickets. The solution reduces the risk of unauthorized and unplanned changes through enforced change tracking and automated documentation of all changes.
Both BMC Remedy and BMC Network Automation users can view the Job Details report detailing the actual changes made.
Use case 2: BMC Remedy Service Desk initiated changes
In the IT environment of most large enterprises, general change requests like provisioning a new server are often initiated by the BMC Remedy Service Desk. The network group is required to make a network change to provision the server onto the network.
When the Service Desk user submits a Network Change request through Remedy, it appears in the BMC Network Automation Remedy Inbox where the network engineer can create a job to service the request. The job will contain the actions required to support the change request – for example, provisioning the switch port for the server.
After the job completes, the BMC Remedy Change Task is closed. The BMC Remedy Service Desk user can launch the Job Details report from the Network Task to verify the change actions. From the BMC Atrium CMDB CI Relationship Viewer, BMC Remedy Service Desk user can also view the Change Summary report by CI to show a switch port was configured.
The main benefit of this solution is to enforce continuous compliance and to reduce the risk of unauthorized and unplanned changes through documented and enforced change tracking.
Use case 3: Reconciling network changes made without prior approval to the BMC Remedy Change Management system
Network engineers occasionally make one-off changes without requiring any prior approvals. Reconciling jobs is a capability that ensures all changes on the network that occur without prior approval can be tracked in the Change Management system.
These changes can be made in any of the following ways:
- External to BMC Network Automation but detected after the BMC Network Automation system does a snapshot of the device
- Using the BMC Network Automation SSH Proxy
- Using a BMC Network Automation job that makes changes to network devices (that is, Deploy to Active, Custom Action, etc.)
To reconcile these jobs, a Reconcile wizard similar to the Jobs filter is available. (Network > Actions > Jobs > Reconcile). For more information, see Reconciling jobs in the BMC Network Automation documentation.
BMC Remedy Incident Management integration
The use case that follows applies to the integration of BMC Network Automation with BMC Remedy Incident Management. This integration provides the ability to automatically open network Incidents in BMC Remedy Incident Management when service impacting events (for example, device unreachable), configuration compliance violations, and baseline discrepancies are detected by BMC Network Automation.
Use case 4: Enforcing continuous compliance to network configuration policies
BMC Network Automation performs network compliance audits based on security, operational, and regulatory configuration standards.
When a compliance violation is detected, BMC Network Automation can automatically open a Network Incident in BMC Remedy Incident Management and optionally relate a Network Change request within BMC Remedy Change Management to begin the remediation and tracking process.
The BMC Remedy Service Desk staff can view the Compliance Summary Report from the federated link on the Atrium CMDB CI Relationship Viewer, allowing users to view the details of each violation.
The BMC Remedy Change request is displayed on the BMC Network Automation console for resolution. The network engineer submits a job to remediate the compliance violations using the SmartMerge auto-scripting capability. After the compliance violations has been fixed, the BMC Remedy Change ticket is closed.
The main benefit of this solution is to improve compliance to security, operational, and regulatory standards through automated compliance monitoring, auditing, remediation and reporting.
BMC Atrium CMDB integration
The use cases that follow apply to the integration of BMC Network Automation with BMC Atrium CMDB.
Use case 5: Performing network change and configuration tasks with business service context
BMC Network Automation imports network CI business service relationships from BMC Atrium CMDB through the Web Services API. The business services are stored in the device inventory field called Business Services.
The BMC Network Automation system auto-groups network devices by Business Services so network engineers can perform network change and configuration management tasks with business relevance, such as the following:
- Display the Dashboard by groups to audit change discrepancies and compliance violations by business service. Initiate a single command from the Dashboard to remediate all violations on network devices supporting a specific business service.
- Implement jobs by business service. Enables network engineers to assess business service impact when planning configuration changes.
- Generate and schedule inventory, change history, compliance, regulatory and change discrepancy reports by business service.
- Configure policies by business service. For example, open Remedy Incident when a high severity compliance violation is detected on any devices supporting critical business services.
The following example shows how network engineering can view a Compliance Summary report for all network devices that support the Email business service.
Use case 6: Launching network reports from the BMC Atrium Explorer
BMC Network Automation discovers and stores configuration and change information for network CIs. You can view a variety of BMC Network Automation reports for a network CI from BMC Atrium Explorer. (In BMC Atrium 7.6, BMC Atrium Explorer replaces the interface known as the CI Relationship Viewer in earlier versions.)
While the integration supports orchestrating changes and incidents with one or more BMC Network Automation servers, CMDB Federated links should be used only when a single BMC Network Automation server is deployed.
The following figure shows the menu that BMC Network Automation adds to BMC Atrium Explorer:
The set of network reports includes:
- View Change History: View detailed configuration change history (who/what/where/when) for a network CI for planning, auditing and remediation purposes.
- View Compliancy History: Shows whether a network CI is compliant with or has drifted from configuration policies. Users can enforce any policy deviations using BMC Remedy Change Management.
- View Device Inventory Report: View detailed configuration attributes, change history, and compliance status for a network CI.
- View Device Discrepancy Report: Shows configuration discrepancies on a network CI such as differences between the Running and Startup configuration and differences between the current Running and Trusted Running (that is, the desired state). Users can synchronize the device’s Running and Startup configurations and roll back to any prior configuration by using BMC Remedy
Change Management. - View Detailed Configuration: Examine the network CI configuration archive to compare any configuration to any other configuration.
Use case 7: Launching into the BMC Atrium Explorer from device info popup windows
BMC Network Automation enables an administrator to create external links enabling users to launch external applications. This use case describes the case where an administrator sets up an external link for the BMC Atrium Explorer.
Using this integration, a network engineer can launch into the Atrium Explorer from an external link displayed in device info popup windows that can be accessed from the BMC Network Automation dashboard and device list page.
An engineer staging a change in BMC Network Automation, can do the following:
- Check dependencies of the network devices being changed with business services, clients, and servers that depend on them.
- (From the dashboard): Quickly evaluate the impact that discrepancies and compliance violations can cause.
- (From the device list page): Quickly check these dependencies for reference purposes.
Note
This integration supports sites that have deployed multiple BMC Network Automation application servers that import data from a single BMC Atrium CMDB source.
The steps for performing this integration are described in Configuring BMC Network Automation to launch directly into a CI.
Comments
Log in or register to comment.