Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Compliance results - Viewing and using

A Compliance operation runs a Compliance Job created in BMC Server Automation. A Compliance job determines whether  BMC Server Automation  components satisfy rules established for a component template. When the operation identifies targets that are not in compliance, you can remediate those targets by automatically creating and executing a job that corrects the deficiencies.

Results of a Compliance operation provide:

  • A pie chart showing the percentage of servers that are:
    • Compliant—Percentage of servers  that were analyzed  and have a configuration that matches the configuration specified in the operation.
    • Non-compliant—Percentage of servers that were analyzed and have a configuration that does not match the configuration specified in the operation.
    • Compliant with exceptions—Percentage of servers  that were analyzed  and have a configuration that matches the configuration specified in the operation because exceptions were established for targets or compliance rules.

    • Indeterminate—Percentage of servers where conditions cannot be classified as compliant or non-compliant. This includes situations where an asset being tested in a compliance rule is undefined on the target server.
       

      Example

      If a condition states that a symbolic link must start with the letter A, the condition is

      • Compliant if the symbolic link being evaluated actually does start with A.
      • Non-compliant if the symbolic links starts with a character other than A.
      • Indeterminate if the symbolic link does not exist.
  • Statistics about the operation's start and end time, duration, status, and number of component templates used in the compliance evaluation. Note that a job is considered a success if it completes successfully, even if its actions fail on some or all targets.

  • A series of tabs providing information and functionality relating to: 
     

Target results

The Target Results tab shows the compliance status of all targets included in a Compliance operation. 

Using the Target Results tab, you can run a remediation operation to correct the configuration of target servers. The remediation operation automatically creates a Deploy operation to deploy missing assets. If multiple Deploy operations are necessary, the remediation operation automatically creates a Batch operation to concatenate Deploy operations. In order to perform remediation, the component template must have remediation enabled. 

An icon next to each target in the Targets list shows if the target is compliant, non-compliant, or compliant with exceptions. Compliant with exceptions means a target is compliant because one or more exceptions are defined for the target. Indeterminate means conditions on the target cannot be classified as compliant or non-compliant. Similarly, icons in the Rules list at right show the compliance status of for each rule. For a rule to be marked as compliant, all targets must comply with the rule.

ComplianceTargetResultsTab.gif

To search for rules or targets

In the Search Targets box, enter a text string of any length. The Targets list shows all targets with names that include that text string. If you leave the box blank, the page shows all targets. Search for rules that apply to a selected target in a similar way, using the Search Rules box.

To set an exception for a rule

In the Targets list, find a target. In that row, click ActionsIcon.gif and then select Set Exception. The Set Exception for Target dialog box opens.

SetTargetException.gif

  1. Provide the following information for the exception to the rule:

    Option

    Description

    Name

    Identifying name for the compliance rule exception.

    Description

    Optional descriptive text.

    Date Expires

    Time and date when the exception expires. If the exception does not expire, select No Expiry.

    Reference Number

    Identifier that may be needed to synchronize this exception with some external system.

    Comments

    Additional optional information about the compliance rule exception.

  2. Click the Rules tab. It lists the rules to which the target is subject.
    ComplianceTargetExceptionRules.gif

  3. Select the check box for rules that do not apply. Clearing a check box indicates the rule is still applicable.
  4. Click Set.

To show all exceptions for a target

In the Targets list, find a target. Then, in the same row, click ActionsIcon.gif and select Show Exceptions. The portal lists all exceptions currently applicable to this target.

To remove exceptions for a target

In the Targets list, find a target. Then, in the same row, click ActionsIcon.gif and select Show Exceptions. The portal lists all exceptions currently applicable to this target. Find the exception you want to eliminate and click Remove DeleteIcon.gif.

To remediate targets

To begin remediation, choose one of the following actions:

  • To remediate all targets, select the Actions icon ActionsIcon.gif at the top of the Targets list and then select Remediate All Targets.  
    The New Remediation dialog box opens.
  • To remediate all rules for one target, select a target in the Targets list. Then select the Actions icon ActionsIcon.gif at the top of the list at right, and select Remediate All Rules for Target
    The New Remediation dialog box opens. Note that some rules do not support remediation.
  • To remediate one target for one rule, select a target in the Targets list. Then, select the Actions icon ActionsIcon.gif on the row of a rule in the rules list and select Remediate Selected Rule For Target
    The New Remediation dialog box opens. Note that some rules do not support remediation.

Use the New Remediation dialog box, as described below.

ComplianceRemediation.gif

  1. For Depot Group, use the folder icon to navigate to a depot group that can store the BLPackage created for this remediation operation.
  2. For Job Group, use the folder icon to navigate to a job group that can store the job created for this remediation operation.
  3. To specify Deploy job settings for the remediation operation, perform the following steps:
    1. Click the Deploy Template tab, which shows a list of Deploy jobs that can be used as templates for the remediation operation.
      The list of possible Deploy templates can be defined for a portal security group or the entire site.

      ComplianceRemediationDeployTemplates.gif
    2. Select a Deploy job in the list of templates.

    3. Optionally, inspect the settings of the template by clicking Details. The portal lists settings for the selected job, such as its logging level and reboot settings. To return to the list of template jobs, click Templates.

      Note

      Many options are available for controlling the behavior of a Deploy Job (that is, a deploy template) used for remediation purposes. See here for a complete list. For instructions on using BMC Server Automation to implement those options, see Setting deploy options for remediation jobs.

  4. Click Create to save the remediation operation so it can be run later (using the Remediation Options tab), or click Execute to save the remediation operation and run it immediately.
    You can also click the Rule Summary and Target Summary tabs to see what rules are included in the remediation operation and the targets where the operation runs.

To filter rules or targets

Take any of the following steps:

  • Click one of the wedges representing a compliance status in the pie chart and rule results are automatically filtered for that status. For example, if you click Compliant in the pie chart, the Targets list shows only targets are compliant.
  • Select a compliance status in the list at the top of the Targets list. The Targets list shows only targets matching that status. 
  • Select a compliance status in the list at the top of the Rules list. The Rules list shows only rules matching that status for the selected target.

To obtain information about a rule

In the Targets list, select a target. Then, in the Rules list, hover your cursor over a rule that applies to the selected target. A pop-up message describes the rule.

 

Back to top

Rule results

The Rule Results tab shows the compliance status of all rules included in a Compliance operation. Select one or more of those rules, and the Targets list at right shows the compliance status of that rule for each of the operation's targets.

Using the Rule Results tab, you can run a remediation operation to correct the configuration of target servers. The remediation operation automatically creates a Deploy operation to deploy missing assets. If multiple Deploy operations are necessary, the remediation operation automatically creates a Batch operation to concatenate Deploy operations. In order to perform remediation, the component template must have remediation enabled. 

An icon next to each rule in the Rules list shows if all targets are compliant with the rule, non-compliant, or compliant with exceptions. Compliant with exceptions means a target is compliant because one or more exceptions are defined for its targets. Indeterminate means conditions on the target cannot be classified as compliant or non-compliant. Similarly, icons in the Targets list at right show the compliance status of each target.

RuleResults.gif

To search for rules or targets

In the Search Rules box, enter a text string of any length. The Rules list shows all rules with names that include the text string. If you leave the box blank, the page shows all rules. Search for non-compliant targets in a similar way using the Search Targets box.

To set an exception for a rule

In the Rules list, find the rule that requires an exception. In that row, click ActionsIcon.gif and then select Set Exception. The Set Exception for Rule dialog box opens.

SetException.gif

  1. Provide the following information for the exception to the rule:

    Option

    Description

    Name

    Identifying name for the compliance rule exception.

    Description

    Optional descriptive text.

    Date Expires

    Time and date when the exception expires. If the exception does not expire, select No Expiry.

    Reference Number

    Identifier that may be needed to synchronize this exception with some external system.

    Comments

    Additional optional information about the compliance rule exception.

  2. Click the Targets tab. It lists the targets for the operation.
    RuleExceptionTargets.gif


  3. Using the check boxes at left, select the targets where the exception is required.
  4. Click Set.

To show exceptions for a target

In the list of targets at right, find a row for a target, click ActionsIcon.gif, and then select Show Exceptions. The portal lists all exceptions currently applicable to this target.

To remove exceptions for a target

In the list of targets at right, find a row for a target, click ActionsIcon.gif, and then select Show Exceptions. The portal lists all exceptions currently applicable to this target. Find the exception you want to eliminate and click Remove DeleteIcon.gif.

To remediate rules

To begin remediation, choose one of the following actions:

  • To remediate all rules, select the Actions icon ActionsIcon.gif at the top of the Rules list and then select Remediate All Rules.
    The New Remediation dialog box opens.
  • To remediate all targets for one rule, select a rule in the Rules list. Then select the Actions icon ActionsIcon.gif at the top of the list at right and select Remediate All Targets For Rule.
    The New Remediation dialog box opens. Note that some rules do not support remediation.
  • To remediate one target for one rule, select a rule in the Rules list. Then, select the Actions icon ActionsIcon.gif on the row of a target at right and select Remediate Selected Target For Rule
    The New Remediation dialog box opens. Note that some rules do not support remediation.

Use the New Remediation dialog box, as described below.

ComplianceRemediation.gif

  1. For Depot Group, use the folder icon to navigate to a depot group that can store the BLPackage created for this remediation operation.
  2. For Job Group, use the folder icon to navigate to a job group that can store the job created for this remediation operation.
  3. To specify Deploy job settings for the remediation operation, perform the following steps:
    1. Click the Deploy Template tab, which shows a list of Deploy jobs that can be used as templates for the remediation operation.
      The list of possible Deploy templates can be defined for a portal security group or the entire site.

      ComplianceRemediationDeployTemplates.gif
    2. Select a Deploy job in the list of templates.

    3. Optionally, inspect the settings of the template by clicking Details. The portal lists settings for the selected job, such as its logging level and reboot settings. To return to the list of template jobs, click Templates.

      Note

      Many options are available for controlling the behavior of a Deploy Job (that is, a deploy template) used for remediation purposes. See here for a complete list. For instructions on using BMC Server Automation to implement those options, see Setting deploy options for remediation jobs.

  4. Click Create to save the remediation operation so it can be run later (using the Remediation Options tab), or click Execute to save the remediation operation and run it immediately.
    You can also click the Rule Summary and Target Summary tabs to see what rules are included in the remediation operation and the targets where the operation runs.

To filter rules or targets

Take any of the following steps:

  • Click one of the wedges representing a compliance status in the pie chart at top and rule results are automatically filtered for that status. For example, if you click Compliant in the pie chart, the Rules list shows only rules for which targets are compliant.
  • Select a compliance status in the list at the top of the Rules list. The Rules list shows only rules matching that status. 
  • Select a compliance status in the list at the top of the Targets list. The Targets list shows only targets matching that status.

To obtain information about a rule

In the Rules list, hover your cursor over a rule. A pop-up message describes the rule.

Back to top

Log messages

The Run Log tab lists all messages generated during a run of an operation.

ComplianceRunLog.gif

To filter messages

At the top of the list, select a message type, such as Error or Warning. The Run Log list shows only messages of that type.

To search for messages

In the Search Messages box, enter a text string of any length. The list shows all log messages with names that include that text string. If you leave the box blank, the page shows all messages. 

To refresh the list of messages

Select the Actions icon ActionsIcon.gif at the top of the Run Log list and then select Refresh.

Back to top

Exceptions

The Exceptions tab shows all exceptions that have been defined for an operation. When you select an exception, you see the targets affected by the exception and the rules that are made inapplicable because of the exception.

ComplianceExceptionsTab.gif

To search for exceptions

In the Search Exceptions box, enter a text string of any length. The Exceptions list shows all exceptions with names that include the text string. If you leave the box blank, the page shows all exceptions. Search for targets subject to an exception in a similar way, using the Search Targets box.

To delete an exception

In the Exception List, select an exception. Then click Delete Exception DeleteIcon.gif. A message asks you to confirm your choice. 

To delete a target subject to an exception

In the Exception List, select an exception. Then, in the Targets list at right, find the target that should no longer be excepted and click Delete Target DeleteIcon.gif. A message asks you to confirm your choice. 

 

Back to top

Remediation operations

The Remediation Operations tab lets you execute and manage remediation operations. A remediation operation is an automatically generated Deploy operation that can deploy some type of content to target servers to correct a compliance failure. You can create remediation operations using the Rule Results or Target Results tab.

ComplianceRemediationTab.gif

Executing a remediation operation

In the operations list, find the row for the remediation operation you want to run and click Execute ExecuteIcon.gif

Deleting a remediation operation

In the operations list, move your cursor over the remediation operation you want to delete and click Delete. A dialog box asks you to confirm the deletion.

Displaying detailed information about the most recent run

In the operations list, find the operation for which you want information and click View Results. A results page for the remediation operation shows the results of a Deploy operation that was automatically created to deploy the missing content. For more information on viewing these results, see Deploy-results-Viewing-and-using.

Displaying a history of all remediation operation runs

In the operations list, click the name of a remediation operation to open the Run Results page, which shows the history of all runs of the remediation operation, along with a chart graphing success for each run. A remediation operation is a Deploy operation or a Batch operation consisting of Deploy operations, so the data is based on Deploy job results.

Click here for detailed information.

RemediationOperationRuns.gif

Operation run graphs

In the operations runs graph:

  • Blue vertical bars indicate how many targets were available for evaluation for each run. Numbers on the right vertical axis show the number of targets.
  • The green line provides the percentage of targets where the operation executed successfully. For example, if you run an operation on five targets and it succeeds on four, the passed target rate is 80%.

Operation run data

In the operations runs list, the data at bottom provides:

  • Start time
  • End time
  • Duration
  • Status—Click to see detailed results for that run of the Deploy operation
  • Percentage of targets where the Deploy operation succeeded
  • Number of targets where the Deploy operation was attempted
  • Number of targets where the Deploy operation succeeded

Executing a remediation operation from operation history

To execute a remediation operation while viewing operational history, click Execute ExecuteIcon.gif at top right of the operation runs page.

Back to top

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*