Using Orchestration actions to enable triage and remediation of events
Download TrueSight Orchestration
TrueSight Orchestration is licensed separately and not bundled with TrueSight Operations Management. You must download and install it separately. For more information, see Downloading the installation files for TrueSight Orchestration.
TrueSight Orchestration enables you to automate known remediation scenarios. So, when an event occurs on the TrueSight console, you can easily initiate an Orchestration action from that event. If the Orchestration action is successfully initiated, the remediation steps are run.
Incoming events displayed on the Monitoring > Events page can be of many types. Some events are important and actionable, others are informational, and still others contribute noise. Some of the important and actionable events are recurring events with known remediation steps. Such events can be remediated quickly and easily by running Orchestration actions to reduce time, errors, and delays associated with manual methods. You can also run Orchestration actions to perform triage activities only. By default, TrueSight Presentation Server uses predefined context-based event selection to display out-of-the-box Orchestration actions for relevant events only.
Note that Orchestration actions can be run for PATROL events and alarm events only. To be able to access the Orchestration actions, Presentation Server must be integrated with TrueSight Orchestration and a set of prerequisites must be met on both Presentation Server and TrueSight Orchestration.
If you want to remediate events for use cases other than the ones covered by the out-of-the-box Orchestration actions, you need to configure custom Orchestration actions.
Note
On the TrueSight console, Orchestration action names are displayed in English only.
End-to-end process overview
The following image depicts the end-to-end process involved when you initiate an Orchestration action.
The process starts when an IT operator on the TrueSight console launches an Orchestration action for a particular event. Event data is sent to TrueSight Orchestration. Based on the use case, a triage action is triggered, which verifies the validity of the event. Note that based on the use case triage may not always be required.
Next, an incident is created. By default, BMC Service Resolution is configured to perform incident management. However, you can manually configure TrueSight Orchestration to perform incident management. To configure TrueSight Orchestration for incident management, you need to change some settings on TrueSight Orchestration, in the BMC-SA-Event_Orchestration_Configuration module configuration, under the Specifics > BMC_TrueSight configuration group. For more information, see Configuring modules in the Event Orchestration runbook.
Then, a change request is created and the workflow waits for the change to be approved. By default, change management is already enabled through TrueSight Orchestration. Note that both change and incident management may not be required based on the use case for which you want to initiate an Orchestration action.
If the remediation action is defined, the remediation action is run, which performs the corrective action on the target server where the problem has occurred. After the remediation is complete, the validation actions are run to ensure that remediation is successful. If a change request was created earlier, it is updated with the latest status and the incident is resolved. Furthermore, TrueSight Infrastructure Management detects that the condition has returned to normal and subsequently closes the event.
Each step of this orchestration process is configurable, such as whether to perform a triage only action, or a combination of triage and remediation or only remediation, and so on. TrueSight Presentation Server provides you with out-of-the box Orchestration actions to perform triage and remediation for service down use case and only triage for the host down use case. If you want to run Orchestration actions for any other use case, you need to perform a set of configurations on TrueSight Orchestration. For more information, see Configuring Orchestration actions for custom use cases.
At each stage of the process, related events are associated with the event from which the Orchestration action was run and are displayed under the Remote Action Result tab.
Requirements for Presentation Server
To be able to initiate Orchestration actions from events, ensure that the following requirements are already met:
# | Requirement |
---|---|
1 | On Administration > Components, add a TrueSight Orchestration component and a TrueSight Infrastructure Management component. For more information, see Adding and editing components. Notes:
|
2 | On the Administration > Components page, ensure that the TrueSight Orchestration component status is Connected. |
3 | Ensure that you have the permission to view and initiate Orchestration actions from events. This permission is governed by the Allow Orchestrator Actions permission on the Roles page. |
4 | If you plan to use BMC Service Resolution for incident management, ensure that Presentation Server 11.3.04 is integrated with BMC Service Resolution. |
Requirements for TrueSight Orchestration
To be able to initiate Orchestration actions from events, ensure that the following requirements are already met:
# | Requirement |
---|---|
1 | Ensure that TrueSight Orchestration Platform version 8.2 or later is already installed. For more information, see Installing the TrueSight Orchestration Platform. |
2 | Ensure that the 20.19.02.003 (Patch 3) version of the Event Orchestration runbook is already installed on the TrueSight Orchestration Platform. You can choose to configure content either during the installation or after the installation manually.
|
3 | Ensure that TrueSight Orchestration is already integrated with BMC Remedy IT Service Management for performing the change management process. For more information about enabling incident and change integration, see Working with BMC Remedy IT Service Management. |
Out-of-the-box Orchestration policies
The following table lists the supported out-of-the-box Orchestration policies. You can use these policies to initiate Orchestration actions for different types of use cases.
The policies with "via TSSA" in the name run Orchestration actions that are performed using the TrueSight Server Automation NSH commands instead of the TrueSight Orchestration adapters. This ensures that even if the credentials of the target server are unknown, the services are restarted with the TrueSight Server Automation agents.
For more information about each of the use cases, see Orchestration actions.
These policies are editable and can be customized as per your needs.
Note
The out-of-the-box Orchestration actions are enabled for Windows and Linux operating systems only.
Also, these actions are supported in English locale settings only.
Orchestration Policy | Orchestration action | Description |
---|---|---|
BMC_TrueSight-ServiceDown-1_policy | Start Service | Initiate this Orchestration action to triage and remediate service down problems. |
BMC_TrueSight-HostDown-1_policy | Check Host Connection | Initiate this Orchestration action to triage host down problems. |
Apache Web Server Service Down | Start Apache Web Server | Initiate this action to triage and start the Apache Web Server service. |
Microsoft Exchange Service Down | Start Microsoft Exchange service | Initiate this action to triage and start the Microsoft Exchange service. |
Microsoft SQL Service Down | Start Microsoft SQL service | Initiate this action to triage and start the Microsoft SQL service. |
Oracle Service Down | Start Oracle service | Initiate this action to triage and start the Oracle database service. |
Disk Space Full | Free up disk space | Initiate this action to triage and clean free up disk space. Note: You need to configure this Orchestration action to delete the specific files that are not required. |
PATROL Agent Service Down | Start PATROL Agent | Initiate this action to triage and start the PATROL Agent service. |
Print Spooler Service Down | Start Print Spooler | Initiate this action to triage and start the Print Spooler service. |
Remedy Service Down | Start BMC Remedy AR System Server service | Initiate this action to triage and start the BMC Remedy AR System server service. |
RSCD Agent Service Down | Start RSCD agent | Initiate this action to triage and start the RSCD Agent service. |
Microsoft Skype Service Down | Start Microsoft Skype service | Initiate this action to triage and start the Microsoft Skype service. |
SNMP Service Down | Start SNMP service | Initiate this action to triage and start the SNMP service. |
TrueSight Server Automation Service Down | Start TrueSight Server Automation service | Initiate this action to triage and start the TrueSight Server Automation service. |
Apache Web Server Service Down via TSSA | Start Apache Web Server via TSSA | Initiate this action to triage and start the Apache Web Server service via TrueSight Server Automation. |
Microsoft Skype Service Down via TSSA | Start Microsoft Skype Service via TSSA | Initiate this action to triage and start the Microsoft Skype service via TrueSight Server Automation. |
Print Spooler Service Down via TSSA | Start Print Spooler via TSSA | Initiate this action to triage and start the Print Spooler service via TrueSight Server Automation. |
SNMP Service Down via TSSA | Start SNMP service via TSSA | Initiate this action to triage and start the SNMP service via TrueSight Server Automation. |
To initiate an Orchestration action from an event
An Orchestration action can be initiated for one event at a time.
- Go to the Monitoring > Events page.
- Click the action menu of the desired event and select Launch Orchestration Actions.
- Select an Orchestration action from the list displayed, and then click Launch.
A status message indicating whether the action initiation was successful is displayed at the top of the page.
Examples of out-of-the-box Orchestration actions
The following examples describe the high-level process involved when you run one of the out-of-the-box Orchestration actions.
High-level process flow for the service down use case
High-level process flow for the host down use case
Configuring custom Orchestration actions
If you want to initiate Orchestration actions for use cases other than the out-of-box use cases, then you need to perform additional configurations.
The following table summarizes the configuration steps required for configuring a custom Orchestration action and enabling it on relevant events.
Step | Product involved | Task |
---|---|---|
0 | Before you begin: Ensure that the requirements for TrueSight Orchestration and requirements for Presentation Server are already met. | |
1 | TrueSight Orchestration | Add a custom use case to enable Orchestration actions (Required to configure a custom Orchestration action for the custom use case.) |
2 | TrueSight Presentation Server | Add an Orchestration policy to configure event selection for custom use cases (Required only if you want to enable the custom Orchestration action on relevant events. Skipping this step will result in the custom Orchestration action getting displayed on all the events irrespective of context.) |
Example scenario for a custom use case
Suppose you see an event on the TrueSight console indicating that more than 75% memory is getting utilized on a particular computer.
You want to perform triage to see the top 10 processes that are consuming the maximum memory on the affected computer. Also, you want the custom Orchestration action to be enabled on Linux events with the memory parameter value greater than 75%. To understand the end-to-end configurations required for enabling this custom Orchestration action, see Example of configurations required for a custom use case.
Comments
Log in or register to comment.