Managing system parameters

System-wide parameters are centrally administered in the Edit System Parameters page. You can open the Edit System Parameters page by navigating to Admin > System Admin > System Parameters.

If a parameter is not checked, the feature is disabled. When you change a setting and click Save, the changes take effect immediately.

The system parameters are listed by their subsection.

• • Security section (local mode user authentication)
  • Security section (external mode user authentication)
  • Site section
  • Network section
  • Device section
  •  Job section
  • Purging section 
  • Export and import section
  • Auto-grouping section
  • External integrations section
  • Related topic

Security section (local mode user authentication)

The local mode user authentication portion of the Security section has the following parameters:

• Disable inactive accounts after: (Optional) Select to specify when to disable user accounts after so many days of inactivity. A user account is disabled in the system only when the user tries to log on after the defined inactivity period. Default is 90 days. Range is 5 to 90 days.
• Require Users to Change Passwords After: (Optional) Select to specify the maximum age of user passwords; once a password is old by the specified number of days, the user needs to change it on the next logon. Default is 90 days. Range is 14 to 90 days.
• Prohibit Users from Reusing Last: (Optional) Select to specify how many entries are in each user's password history, containing the N most recent passwords. When user changes his password, he will not be allowed to reuse any that appears in his history. Default is 10. Range is from 1 to 10 passwords.
• Minimum Password Length: Specify the minimum number of characters in a password; longer passwords are usually more secure. Range is from 6 to 255 characters.
• Cannot Share User Name String:(Optional) Select to force passwords to be more secure by not allowing passwords and user names to share the same character strings. Change to this parameter is enforced at the next password change, not on existing passwords.
• Must Contain a Lower-Case Letter: (Optional) Select to force passwords to be more secure by ensuring that the password includes at least one lower case letter.
• Must Contain an Upper-Case Letter: (Optional) Select to force passwords to be more secure by ensuring that the password includes at least one upper case letter.
• Must Contain a Number: (Optional) Select to force passwords to be more secure by ensuring that the password includes at least one decimal digit.
• Must Contain a Special Character: (Optional) Select to force passwords to be more secure by ensuring that the password includes at least one special character.
• Timeout User Session After: (Optional) Select to specify when to automatically terminate a user session after the specified minutes of inactivity. Default is 30 minutes. Range is 10 to 720 minutes. Change to this parameter affects new logons only, not any user already logged on.
• Enable Static Group Access Control Lists: (Optional) Select to allow fine-grained access control to groups and devices within groups. This access must be set up on the Network tab. See Managing-static-groups.
• Enable Rule Set Access Control Lists: (Optional) Select to restrict rule sets for view/edit/delete rights by user roles.
• Enable Template Access Control Lists: (Optional) Select to restrict templates for view/edit/delete rights by user roles.
• Disable Auto Device Security Profile: (Optional) Select to disable the Auto Device Security Profile.

_{Back to top}

Security section (external mode user authentication)

The external user authentication (Microsoft Active Directory, OpenLDAP, RADIUS, or TACACS+) portion of the Security section has the following parameters:

• Disable inactive accounts after: (Optional) Select to specify when to disable a local user account after so many days of inactivity. A user account is disabled in the system only when the user tries to log on after the defined inactivity period. Default is 90 days. Range is 5 to 90 days.
• Automatically Add New Users As: (Optional) Select to specify a default role for new users. If a user authenticates to an Active Directory, OpenLDAP, RADIUS or TACACS+ and the user account does not exist in the BMC Network Automation system, you can elect to automatically create the account in the BMC Network Automation system for the selected role. If this feature is disabled, you cannot log on. Default is disabled.
• Timeout user session after: (Optional) Select to specify when to automatically terminate a user session after so many minutes of inactivity. Default is 30 minutes. Range is 10 to 120 minutes. Change to the timeout user session parameter affects new logons only, not any user already logged in. If the session timeout is not checked, BMC Network Automation terminates the user session after 12 hours of inactivity.
• Enable Static Group Access Control Lists: (Optional) Select to allow fine-grained access control to groups and devices within groups. This access must be set up on the Network tab. See Managing-static-groups.
• Enable Rule Set Access Control Lists: (Optional) Select to restrict rule sets for view/edit/delete rights by user roles.
• Enable Template Access Control Lists: (Optional) Select to restrict templates for view/edit/delete rights by user roles.
• Disable Auto Device Security Profile: (Optional) Select to disable the Auto Device Security Profile.

_{Back to top}

Site section

The Site section has the following parameters:

• Site URL: Specify the URL of the site, up to 255 characters.
• Site Name: (Optional) Specify the site name, up to 40 characters. This name is displayed in the upper right of the web user interface.
   If the Site Name field is left blank, the default is the BMC Network Automation application server host name and IP address separated by a slash ( / ) symbol.
• Site Description: (Optional) Specify a plain-language description of the site, up to 255 characters.
   This parameter initially is blank. You can change it to any meaningful description.

_{Back to top}

Network section

The Network section has the following parameters:

• SMTP Gateway: Specify the host name or IP address of the mail server for routing email notifications. If SMTP is not running on the server, you must change this value to a valid SMTP server for email notifications to work.
• From Email Address: Specify the From address for email messages generated by BMC Network Automation, including job approvals, policy notifications, and emailed reports. The default is postmaster@localhost.
• Reply to Email Address: Specify the Reply To address for email messages generated by BMC Network Automation, including job approvals, policy notifications, and emailed reports. The default is postmaster@localhost.

_{Back to top}

Device section

The Device section has the following parameters:

• Timeout for Establishing Connection: Specify the timeout, in seconds, when trying to connect to a device to perform a configuration operation. Default is 60 seconds. Range is 15 to 1800 seconds.
• Timeout for Re-establishing Connection After a Reboot: Specify the timeout, in seconds, when trying to re-establish a connection following a reboot. Default is 480 seconds. Range is 60 to 3600 seconds.
• Timeout for Script File Transfers: Specify the timeout, in seconds, when waiting for a response to a device Snapshot, Deploy to Stored, or Deploy to Active action. Default is 120 seconds. Range is 5 to 1800 seconds.
• Timeout for Image File Transfers: Specify the timeout, in seconds, to wait for an image file transfer to complete. Default is 420 seconds (that is, 7 minutes). Range is 5 to 172800 seconds. Some recommendations when establishing the system-wide timeout for image file transfers:
  • The larger the image, the longer the timeout should be. If you plan to transfer images as large as 45MB, the timeout should be no less than 900 seconds (that is, 15 minutes).
  • If you have stacked switches, you must allow time for the master to load all its switches; multiply the normal expected timeout by the number of stacked switches.
  • The speed of the network between the server and the device affects how long file transfers can take. You should account for your slowest WAN connection.
• Device Action Login Stagger: Specify the time, in seconds, that BMC Network Automation should pause between device accesses, while starting up a span action on a realm, group, or multiple devices. This reduces the risk of overwhelming a shared external authentication server at the beginning of the span action with too many concurrent device login requests. By staggering the logins, the authentication server is better able to service all the requests and the span action is more likely to succeed. Default value of this parameter is 1. Range is 0 to 60, where 0 disables the stagger.
• Number of Devices Displayed By SSH Proxy When Press Tab: (Optional) Specify the number of entries that must be displayed by the SSH Proxy when the Tab key is used for auto-completion of device names. Default is 10. Range is 10 to 250 entries.
• Perform Daily Rule Activation/Deactivation At: Specify the time at which the system should automatically find violations in newly activated compliance rules and clear violations in newly deactivated compliance rules. Default is 12:00 midnight. 

• Include Debug Trace in Communication Transcripts: Select to enable logging of low-level debug statements in the job transcripts for all device command/response interactions. For security purposes, login passwords are {HIDDEN} in the transcript. When this parameter is enabled, span actions run slower. Therefore, only enable this parameter as directed by BMC technical support. When enabled, additional lines starting with the prefix DEBUG: are added to the transcript output corresponding to the processing details of each <prompt>, <command>, and <response> XML tag from the device adapter being executed. You can override the value of this parameter on a per-job basis. For more information, see Creating-a-generic-job.
  
  

  Warning

  Include Debug Trace in Communication Transcript is a debug tool. BMC recommends that you enable it only when you are actively troubleshooting a device interaction issue. Leaving this setting on over long periods increases the size of the BMC Network Automation database hugely.

• Retry Using Auto on Login Failures: (Optional) Select to have BMC Network Automation revert to Auto in an attempt to find a working access mode (for example, Telnet, SSH2) or DSP should a failure occur during device log on.
• Perform Compliance Violations Check after Any Span Actions: (Optional) Select to have BMC Network Automation audit the compliance of configuration changes against a device's assigned and enabled rule sets for each span action. At any time, you can also audit a network span for compliance to assigned rule sets using the Network > Refresh Device Status action.
• Perform Configuration Attribute Profiling after Any Span Actions: (Optional) Select to have BMC Network Automation match the Running configuration file against assigned Configuration Attribute Profiles for each span action to update the device inventory and perform required auto-grouping. At any time, you can also force profiling a network span based on assigned profiles using the Network > Refresh Device Status action.

_{Back to top}

 Job section

The Job section has the following parameters:

• Source of Device Login Username/Password for Jobs: Specify whether BMC Network Automation should use the device's assigned Device Security Profile (DSP) or require the user to enter the device's user name and password when a job (for example, Deploy to Active or Deploy OS Image) is submitted.
• Enable Job Approval for Actions: (Optional) Select to enable job approval for all actions requiring network operations and/or BMC Remedy Change Management approvals. You also must define the job approval types, including BMC Remedy Change Management approval, under Admin > Job Approval Types. Job approvals are not required for these passive actions: Snapshot, Assign Target, Log Event, Send Email, Send Trap. You can set a tag (requiresApproval) in a Custom Action script designating if approval is required.
• Require User to Enter Change ID for Jobs: (Optional) Select to require the user to make an entry in the Change ID field on the job when the job contains one or more of the selected span actions.

_{Back to top}

Purging section

The Purging section has the following parameters:

• Purge Events After: Specify how many days of events are stored before purging events. Default is 90 days. Range is 7 to 366 days.
• Purge Completed Jobs After: Specify how many days before deleting a completed job. Default is 90 days. Range is 7 to 366 days. Note that the job's creation date/time is the base for computing its age.
• Separately Purge User-Initiated Jobs After: (Optional) Select to specify how many days before deleting a completed job that was initiated by a user. Default is not to use a separate age for these jobs. Range is 7 to 366 days.
   When this parameter is enabled, jobs that were originated by a user are purged using this age; jobs originated by a policy or by the BMC Network Automation system are purged using the value in the Purge Completed Jobs After parameter. When this field is disabled (the default setting), all jobs purge using the value in the Purge Completed Jobs After parameter.
• Purge Dormant Policies After: Specify how many days before deleting a dormant policy. Default is 90 days. Range is 30 to 366 days.

_{Back to top}

Export and import section

The Export/Import section has the following parameters:

• Exported Configuration Filename: (Optional) Specify the default export file name for each configuration file.
   Options for specifying the configuration file name:

  The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
  This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
  Example: ${device.name}:{config.timestamp}.cfg generates the filename:
  ATL-cisco1720-01: 07/21/05 15:29:31.cfg

• Zipped Exported Configuration Filename: (Optional) Specify the .zip file name.
   Options for specifying the .zip file name:

  The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
  This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
  

• Maximum Number of Details in Exported Reports: (Optional) When exporting a Summary report that includes Details, this is the maximum number of Detail records to include in the exported report. This parameter is used to control the overall size of the report and memory usage in the BMC Network Automation system. For example, if the user Exports with Details a Change Summary Report with 150 rows in the table, only the first 100 detail records are included in the exported report. Default is 100 detail records. Range is 0 to 9999 detail records.
  
  

  Note

  "0" means there is no limit; all the details are included if the system has the memory resources to handle it. If your system does not have sufficient memory, the export attempt fails with an OutOfMemory server error.

_{Back to top}

Auto-grouping section

The Auto-Grouping section has the following parameters:

• Vendor Auto Grouping, Using Prefix: (Optional) Select to enable auto-grouping by vendor. If this option is enabled, specify the auto-group prefix. For example, using Vendor as the prefix for auto-grouping by vendor results in auto-groups named as follows: Vendor.Cisco, Vendor.Extreme, Vendor.Foundry, and so on.
• Device Type Auto Grouping, Using Prefix: (Optional) Select to enable auto-grouping by device type. If this option is enabled, specify the auto-group prefix.
• Device Category Auto Grouping, Using Prefix: (Optional) Select to enable auto-grouping by device category. If this option is enabled, specify the auto-group prefix.
• Model Auto Grouping, Using Prefix: (Optional) Select to enable auto-grouping by device model. If this option is enabled, specify the auto-group prefix.
• OS Image Name Auto Grouping, Using Prefix: (Optional) Select to enable auto-grouping by OS Image name. If this option is enabled, specify the auto-group prefix.
• OS Major/Minor Release Auto Grouping, Using Prefix: (Optional) Select to enable auto-grouping by OS major or minor release. If this option is enabled, specify the auto-group prefix.

_{Back to top}

Tracking the auto-grouping process state by events

• Component side effects queued for execution
• Device side effects started; caused by system parameters change
• Component side effects completed

_{Back to top}

External integrations section

The External Integrations section has the following parameters:

• Enable Web Services Registry Integration: (Optional): Selecting this option does the following:
  • Registers the BMC Network Automation web services in the Web Service registry. This enables other web service based integrations (such as a customized web services client) to dynamically obtain endpoint information for those services from the registry.

  • BMC Network Automation dynamically obtains endpoint information from the registry for other systems that integrate using web services, such as BMC Atrium CMDB and BMC Atrium Orchestrator.

    Note

    The web services registry is installed as part of the BMC Atrium Core installer version 7.6.

  • Web services base URL: The base URL for registry web services in the format: protocol://hostname:port/uddi/services.
    For example, http://myregistry:8080/uddi/services would be the base URL if http://myregistry:8080/uddi/services/inquiry?wsdl is a WSDL URL.
  • User name: The user name for accessing the web services registry. This user must have permission to add and delete registered web services.
  • Password: The password associated with the above user name for accessing the registry.
  • Confirm Password: Confirm the password for accessing the registry.
  • Optional Service Registration Information: Select this option if you want to add additional details that are associated with BMC Network Automation web services registered in the web services registry.
    • Description: Description of the server
    • Geography: Region or location of the server
    • Organization: Organization or business unit that owns the server
    • QoS: Quality of Service
      These optional details are typically used for disambiguation if a site has deployed multiple BMC Network Automation application servers. For example, Geography can be used to identify which region an application server manages.
       Any client programs written to consume BMC Network Automation web services can use the optional details to route their web service requests to the appropriate application server.
• Enable BMC Atrium Orchestrator Integration: (Optional) Select to enable integration with the BMC Atrium Orchestrator.

  • Web Service Endpoint URL (Required only if you have not enabled the web services registry integration): Specify the endpoint URL of your BMC Atrium Orchestrator web service in the following format: protocol://hostname:port/baocdp/orca?wsdl

    For example, http://myserver:8080/baocdp/orca?wsdl.

  • User name: The user name for accessing the Atrium Orchestrator system. User must have privileges to run the associated BMC Network Automation workflows.
  • Password: The password associated with the above user name for accessing the Atrium Orchestrator system.
  • Confirm Password: Confirm the password for accessing the Atrium Orchestrator system.
  • Grid Name: Name of the BMC Atrium Orchestrator grid on which the BMC Network Automation workflows are running.
  • Enable Continuous Compliance for Network Automation: (Optional) Select to enable integration with the BMC Remedy ITSM continuous compliance workflows.
    • Remedy Username for Jobs created by Policies: User name assigned to the Requested By field in the Remedy change ticket for jobs that were created by a non-user (for example, the system or a policy). Auto-Remediate policies that require Remedy approval uses this Remedy user name when the BMC Atrium Orchestrator creates a change ticket.
• Enable CMDB Integration: Select this option to enable device imports from BMC Atrium CMDB:

  • Web Service Endpoint URL: (Required only if you have not enabled the web services registry integration) Enter the endpoint URL of the BMC Atrium CMDB web service in the form: http://<AtriumWebServicesServer>:<Port>/cmdbws/server/cmdbws or https://<AtriumWebServicesServer>:<Port>/cmdbws/server/cmdbws.

    http://cmdb-server:8080/cmdbws/server/cmdbws
    

  • Username: The user name for accessing BMC Atrium CMDB.
  • Password: The password associated with the above username for accessing the web services registry.
  • Confirm Password: Confirm the password for accessing BMC Atrium CMDB.

_{Back to top}

Related topic

Configuring-system-wide-attributes