Closed Loop Compliance SA Server module
Before you can use the Closed Loop Server Compliance module to track the remediation of compliance violations (see Closed-loop-compliance-and-audit-for-servers), you must ensure that the module is properly integrated to work with the TrueSight Server Automation and BMC Remedy ITSM systems.
- Tips for configuring the Closed Loop Server Compliance module
- Adapters configuration group for Closed Loop Compliance SA Servers
- Change Management configuration group for Closed Loop Compliance SA Servers
- Configuration Management configuration group for Closed Loop Compliance SA Servers
- Incident Management configuration group for Closed Loop Compliance SA Servers
- Runbook Defaults configuration group for Closed Loop Compliance SA Servers
Tips for configuring the Closed Loop Server Compliance module
- If the Compliance Job takes more than 5 minutes to complete, the workflow process times out. To increase the time-out period, you can add the <time-out> parameter to the BL_Connection_Details configuration item in the Runbook Defaults configuration group. SeeRunbook Defaults configuration group for Closed Loop Compliance SA Servers
- When setting up the Remediation_Job_Delimiter configuration item in the Runbook Defaults configuration group, ensure that you are not using any special characters (such as hyphens or vertical bars) that are used in the host name string. The workflows us this delimiter to extract the Change ID from the job name, so the delimiter forms a crucial differentiation factor to determine where the host name ends and where the Change ID starts in the remediation job name.
- TrueSight Orchestration leverages the TrueSight Server Automation CopyJob feature in the BMC Continuous Compliance for Servers run books where two or more non-compliant servers are verified simultaneously through a TrueSight Server Automation job. For that, TrueSight Orchestration creates a copy of the verify job and runs it. In earlier versions, TrueSight Server Automation did not support simultaneous running of verification jobs.
To configure this module, you must specify the TrueSight Server Automation version and destination directory of the verify job in the Closed Loop Server Compliance - Runbook Default configuration.
Adapters configuration group for Closed Loop Compliance SA Servers
The following table lists the Adapters configuration items.
Configuration item | Description |
|---|---|
File Adapter | Enter the name of the File adapter. This adapter is used to read the exported Compliance Job results. |
SMTP Adapter | Enter the name of the SMTP adapter |
Change Management configuration group for Closed Loop Compliance SA Servers
Update the Enable configuration item with the status as true or false. Specify true if you want to create a change in ITSM. Default value is false.
Configuration Management configuration group for Closed Loop Compliance SA Servers
The following table lists the Configuration Management configuration items.
Configuration item | Description |
|---|---|
BL_Atrium_ Integration_ Enabled | Specifies how the configuration items are retrieved through TrueSight Server Automation Integration for Atrium. A value of true retrieves the configuration items using the CDMachineID. A value of false retrieves the configuration items using the CI name. |
BL_ComputerSystem_ Mappings | Specifies the mappings between the configuration item name and the display name. |
BL_ComputerSystem_Mappings_v8_0 | Specifies the mappings between the configuration item name and the display name for BMC Atrium CMDB version 8.0. |
BL_Server_Class_ Name | Name of the server class used to retrieve the relevant Configuration Item information. For example, BMC_ComputerSystem. |
Enable | Indicates if BMC Atrium CMDB access is enabled in the current BMC Remedy ITSM environment. Set this value to true only if CI information is present with BMC Remedy AR System and/or the BMC Atrium CMDB for servers being managed by TrueSight Server Automation. Default value: false |
Incident Management configuration group for Closed Loop Compliance SA Servers
Update the Enable configuration item with the status as true or false. Specify true if you want to create an incident in ITSM. Default value is false.
Runbook Defaults configuration group for Closed Loop Compliance SA Servers
The values in the Runbook Default configuration items must match the values of the component template, Compliance job, and remediation packages in your TrueSight Server Automation system. The following table lists these configuration items.
Configuration item | Description |
|---|---|
BL_Connection_Details | An XML structure that holds the TrueSight Server Automation Adapter name. <connection-details> <adapter-name>BladeLogic Adapter</adapter-name> </connection-details> |
BL_Connection_Details_Instance_2 | You can configure more than one TrueSight Server Automation adapter. An XML structure that holds the second instance of the TrueSight Server Automation Adapter name. <connection-details> <adapter-name>BladeLogic Adapter Instance 2</adapter-name> </connection-details> |
BL_Version | You can have multiple versions of the TrueSight Server Automation Console installed and as a result you might have multiple BL_Version configuration items. For example, you might have both versions 8.2 and 8.6 of the console installed on a particular computer. This configuration item specifies the version and location of the TrueSight Server Automation Console that is launched from the Task ticket in BMC Remedy ITSM. Update the following items: Version — Enter the version number for the console. For example, 8.7. Windows — If the console is installed on a Microsoft Windows system, enter the console executable path. For example, C:\Program Files\BMC Software\Bladelogic\8.7\CM\rcp UNIX — If the console is installed on a UNIX system, enter the console executable path. For example, /opt/bmc/BladeLogic/CM/rcp |
BladeLogic_Trap_Mappings | An XML structure that holds the TrueSight Server Automation trap mappings. See the following figure. <bladelogic-trap-mappings> <enterprise>.1.3.6.1.4.1.12788</enterprise> <generic-trap-type>6</generic-trap-type> <specific-trap-type>1001</specific-trap-type> <jc-job-name>.1.3.6.1.4.1.12788.1.1.1</jc-job-name> <jc-start-time>.1.3.6.1.4.1.12788.1.1.2</jc-start-time> <jc-end-time>.1.3.6.1.4.1.12788.1.1.3</jc-end-time> <jc-overall-status>.1.3.6.1.4.1.12788.1.1.4</jc-overall-status> <jc-exit-code>.1.3.6.1.4.1.12788.1.1.5</jc-exit-code> <jc-group-id>.1.3.6.1.4.1.12788.1.1.6</jc-group-id> <jc-run-id>.1.3.6.1.4.1.12788.1.1.7</jc-run-id> <jc-type-id>.1.3.6.1.4.1.12788.1.1.8</jc-type-id> <ar-cons-type>.1.3.6.1.4.1.12788.1.2.1</ar-cons-type> <ar-obj-type>.1.3.6.1.4.1.12788.1.2.2</ar-obj-type> <ar-os-type>.1.3.6.1.4.1.12788.1.2.3</ar-os-type> <cr-cons-type>.1.3.6.1.4.1.12788.1.5.1</cr-cons-type> <cr-template-name>.1.3.6.1.4.1.12788.1.5.2</cr-template-name> <cr-rule-name>.1.3.6.1.4.1.12788.1.5.3</cr-rule-name> <at-user-name>.1.3.6.1.4.1.12788.1.3.1</at-user-name> <at-host-name>.1.3.6.1.4.1.12788.1.3.2</at-host-name> <at-command-string>.1.3.6.1.4.1.12788.1.3.3</at-command-string> <at-time-occurred>.1.3.6.1.4.1.12788.1.3.4</at-time-occurred> <rat-date>.1.3.6.1.4.1.12788.1.4.1</rat-date> <rat-role-name>.1.3.6.1.4.1.12788.1.4.2</rat-role-name> <rat-user-name>.1.3.6.1.4.1.12788.1.4.3</rat-user-name> <rat-object-type>.1.3.6.1.4.1.12788.1.4.4</rat-object-type> <rat-object-name>.1.3.6.1.4.1.12788.1.4.5</rat-object-name> <rat-authorization-action>.1.3.6.1.4.1.12788.1.4.6</rat-authorization-action> <rat-action-status>.1.3.6.1.4.1.12788.1.4.7</rat-action-status> <rat-message>.1.3.6.1.4.1.12788.1.4.8</rat-message> </bladelogic-trap-mappings> |
Default_TimeZone | Used to convert the Scheduled start date (the date found in BMC Remedy ITSM Change) to TrueSight Server Automation specific date and time for the creation of the remediation job. Best practice is to keep TrueSight Orchestration, BMC Remedy AR System and the TrueSight Server Automation Application Server all on the same time zone setting. Time zones are interpreted as text if they have names. For time zones representing a GMT offset value, the following syntax is used: GMTOffsetTimeZone: GMT Sign Hours: Minutes Sign: one of + - Hours: Digit Digit Digit Minutes: Digit Digit Digit: one of 0 1 2 3 4 5 6 7 8 9 Note: Hours must be between 0 and 23, and minutes must be between 00 and 59. The format is locale independent and digits must be taken from the Basic Latin block of the Unicode standard. Default value: GMT-6:00 You must add or subtract one hour every six months to adjust the time for Daylight Savings Time.
|
Destination_Verify_Job_Group | A string value that holds the TrueSight Server Automation Job folder structure which contains the copy of the verification job that ensures that the Compliance violations have been remediated. For example: /Closed Loop Folder/CLSC/Verify Job Folder |
Export_Path | A string value that holds the directory name that must exist on the TrueSight Server Automation Adapter peer where the CSV file of Compliance job results is stored. This path does not contain the file name. Change this value based on your environment. For example, C:\temp. |
File_Connection_Details | An XML structure that holds the values needed to make a File Adapter request to read exported job results on the peer running the TrueSight Server Automation adapter. <ConnectionDetails> <invocation-mechanism>command-line</invocation-mechanism> <adapter-name>FileAdapter</adapter-name> <hostname>172.21.124.89</hostname> <username /> <password /> <timeout>120</timeout> <prompt /> <allow-unknown-hosts>true</allow-unknown-hosts> </ConnectionDetails> Ensure that the host name element matches the host name of the peer running the TrueSight Server Automation Adapter. |
Jobs | An XML structure that contains a list of Compliance Jobs that TrueSight Orchestration manages. Multiple job elements are allowed, and a job might contain multiple template elements. The element job-group represents the folder name within TrueSight Server Automation and the element job-name represents the job name. <jobs> <job> <job-group>/Closed Loop Folder/CLSC</job-group> <job-name>compliance job</job-name> <schedule-offset>5 </schedule-offset> <maintenance-window>60</maintenance-window> <is-pre-approved>false</is-pre-approved> </job> </jobs> |
Log_File_Path | Specifies the path where all logs are saved. Default value: C:\clc.log |
Logging_Enabled | Specifies whether logging is enabled. Default value: true |
Remediation_Depot_Name | Fully qualified name of the TrueSight Server Automation depot folder that contains the remediation package. |
Remediation_Job_Delimiter | Delimiter used to create the remediation job name. This delimiter can be a character or a group of characters that can be a part of a Server name, IP address, BMC Remedy ITSM Change request ID, a timestamp, or epoch date. |
Remediation_Job_Group | A string value that holds the TrueSight Server Automation Job folder structure that contains the newly created remediation job to remediate Compliance violations. For example, /Closed Loop Folder/CLSC/Remediation Job Folder |
SNMP_Target | Enter the IP address of the TrueSight Orchestration peer running an SNMP Monitor adapter on the grid. Jobs executed on TrueSight Server Automation that require SNMP Trap notification back to TrueSight Orchestration use this value for the Job Run Notification SNMP properties. |
Send_Approval_Email | Enter the IP address of the TrueSight Orchestration peer running an SNMP Monitor adapter on the grid. Jobs executed on TrueSight Server Automation that require SNMP Trap notification back to TrueSight Orchestration use this value for the Job Run Notification SNMP properties. |
To_Email_Address_List | Specify the email addresses of the users to whom you want to send the approval emails automatically. The IMAP adapter must be enabled with the email addresses. The subject of the email is retrieved from the clc.log file, which is created at the path specified for the Log file path under the LOG_File_Path property. |
blcli_tunneling | Specifies if the TrueSight Server Automation adapter is enabled in BLCLI tunneling mode. The default value is false. For more information about this setting, see Troubleshooting the Continuous Compliance for Servers run book when the BladeLogic adapter is enabled in the BLCLI tunneling mode in the TrueSight Orchestration documentation. |