Prerequisites for PCI FIM

Before you perform the procedures in these topics, ensure that your TrueSight Server Automation environment meets the prerequisites described in the following sections:

Product requirements

  • You must have TrueSight Server Automation installed, configured, and operational.
  • You must have an RSCD agent installed and functional on the same system with the Application Server. The usual process name is rscd on UNIX, or rscd.exe on Microsoft Windows
  • You must have NSH installed on the same system with the Application Server. To check, ensure that you can run the nsh command on UNIX, or nsh.exe on Windows. You might need to add the TrueSight Server Automation bin directory to your path (usually .../NSH/bin).
  • These topics assume that you are familiar with the TrueSight Server Automation Console (the console). You must have logged into the console at least one time using an Authorization Profile (usually called defaultProfile), and established credentials.
  • To receive FIM reports, you must have the BMC reporting system installed, configured, and operational. The ETL process must be functioning correctly and should be scheduled to run daily. To check, log onto the Console and make sure that you have reasonable and current information in the Executive Dashboard report.
  • Ensure that at least one role with appropriate permissions is defined and visible in the TrueSight Server Automation console. The following section recommends role responsibilities.
  • Ensure that all servers that you plan to include in the FIM process are present in the Console and visible to the role you plan to use to execute the change tracking jobs. To check for server visibility, start the console, expand the Servers folder, and examine the contents of the All Servers smartgroup. Verify that at least a few of the servers that are in scope for PCI FIM are visible to your role.

To add servers, deploy the RSCD agents to them using your organization's process, and then use the Add Server action from the console to add those servers to the TrueSight Server Automation environment.

  • To obtain the PCI FIM component templates, you must have access to the BMC Communities website (http://communities.bmc.com/). BMC recommends that all interested users obtain their own Communities login access and explore the knowledge available on that site.

Role responsibility

Suggested roles for performing the procedures in these topics are:

  • Server Administrator (usually BLAdmins, UNIXAdmins, WindowsAdmins, and so on) — This role executes Change Tracking activities and manages which servers are in scope for PCI FIM using server properties.
  • Policy Manager (PolicyAdmins, PCIAdmins) — This role owns and manages the FIM templates and the policies that the Server Administrator role executes. This role might execute the Change Tracking activities.
  • Security Auditor (SecAdmins, Security Admins) — This role reviews the results of Change Tracking activities.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*