How to use Compliance with site-specific values
About
This example demonstrates how to perform Compliance on the DNS Client Settings using site-specific values for each site.
The example shown here is for Windows target servers. It can be adapted to other platforms by making necessary adjustments. Various product-specific concepts around Component Instances and PSI Values remain the same.
Introduction
When using Compliance, we often need to have the same Component defined on all servers with different site-specific values that are used for both Compliance and Remediation. This can be accomplished using PSI (Property Set Instance) values to create component instances based on a server property that defines each site or location. The PSI values defined per site can be used for both Compliance checking and for Remediation deployment in the case of non-compliance.
Component instances that use PSI values are typically used for multiple components on each target server. This use case typically will result in having a single component instance per server.
Assumptions
Knowledge of creating basic Component Template, Packages used for Remediation, and Discovery/Compliance Job Creation is assumed/required. This document includes only the key items that are required for the multiple component instance for site-specific values when used with Compliance and Remediation.
Steps
The following steps are the key items required to make the site-specific multiple components functional.
BLPackage
Adding Local Properties to the BLPackage first will make them available as local parameters when we attach the remediation package in the Component Template.
Add the Required Local Properties
Define Local Properties in EXTERNAL CMD Item
Component Template
First, ensure that both the "Deploy" and "Compliance" options have been selected.
Note we are using the "Network Configuration" Extended Object in the included "Parts" in this example
Add the Required Local Properties
Define PSI with values for each Site
Add the first "Site Specific" PSI with values
Example of multiple PSI site-specific definitions
Add Local Property used for Discovery
Examine Compliance rules
Add Local Properties to Compliance Rule
Define PSI Mapping in Auto-Remediation
Discovery
Multiple Components will be created based on matching the PSI values defined in the CT Discovery rules.
Example of Component names for multiple instances;
- DNS Settings (Windows) [USA Houston] (server1.bmc.com)
- DNS Settings (Windows) [USA Houston] (server2.bmc.com)
- DNS Settings (Windows) [USA Phoenix] (server3.bmc.com)
Format of Component name when multiple instances are used;
CT Name | Instance Name | Server Name |
|---|---|---|
DNS Settings (Windows) | [USA Houston] | (server1.bmc.com) |
DNS Settings (Windows) | [USA Houston] | (server2.bmc.com) |
DNS Settings (Windows) | [USA Phoenix] | (server3.bmc.com) |
Compliance
Compliance jobs should run normally and use the Site Specific values specified in the Compliance rule that are defined in the particular PSI used for each Component instance.
Remediation
The trick to getting Remediation to use the PSI values is to make the Component instances the target of the Remediation Deploy job.
Reference - Network Connections Extended Object
The EO used in this example is defined below:
