Configuration Compliance and Remediation use cases

The goals of the Configuration Compliance and Remediation use cases are:

• Policy-based remediation of compliance violations
• Automated, closed-loop changes
• Integration with change management processes
• Service-based view for policy assignment and prioritization

Configuration Compliance and Remediation in TrueSight Server Automation

TrueSight Server Automation accomplishes the goals of Configuration Compliance and Remediation by combining the activities described in Change Tracking and Compliance Reporting in TrueSight Server Automation with those described for TrueSight Server Automation in Operator Initiated Change, as illustrated in the following diagram. The steps that follow the diagram define the abbreviations used in the diagram.

This use case has the following steps:

1. When viewing the Compliance job results, the TrueSight Server Automation operator can choose to remediate noncompliance (all or partial).
2. The operator creates and schedules a remediation job, triggering approval through BMC Remedy Change Management.
3. After approval is received, TrueSight Server Automation executes the remediation job.
4. The operator can view the results of the remediation job.
5. A targeted BMC Atrium Discovery (ADDM) scan can be triggered to update the CMDB in near real-time, or TrueSight Server Automation can update the CMDB in batch, as described in step 6 of Operator Initiated Change.
6. TrueSight Server Automation executes the Compliance job at the next scheduled time.

Configuration Compliance and Remediation in TrueSight Network Automation

TrueSight Network Automation also supports an automated closed-loop Configuration Compliance and Remediation flow, as shown in the following diagram. The steps that follow the diagram define the abbreviations used in the diagram.

This use case has the following steps:

1. TrueSight Network Automation backs up a device, checks its configuration for compliance, finds that the device is newly out of compliance, and logs a compliancy-violation-found event. The device backup can be initiated in the following ways:
   • By an operator on an ad hoc basis
   • By a time-based policy that runs regularly to back up the device
   • By an event-based policy that backs up the device when TrueSight Network Automation receives a syslog event from the device indicating that its configuration has changed
2. The logging of the compliancy violation triggers an event-based policy that creates a job that merges a new configuration with the device. This new configuration corrects the compliancy violation.
3. TrueSight Network Automation invokes a TrueSight Orchestration workflow to gain change management approval of the job.
4. TrueSight Orchestration creates a change request in BMC Remedy Change Management.
5. After the change request is approved, TrueSight Orchestration informs TrueSight Network Automation that the job can proceed.
6. After merging the new configuration with the device, TrueSight Network Automation automatically backs up the device again and checks its configuration for compliance.
7. TrueSight Network Automation finds that the device is now in compliance, and logs a compliancy-violation-cleared event.
8. TrueSight Orchestration updates the change request with the job completion information.

TrueSight Orchestration can trigger a targeted BMC Atrium Discovery (ADDM) scan of the relevant network devices to update the CMDB.