Monitoring compliance in the virtual environment

TrueSight Server Automation enables IT organizations to manage both physical and virtual environments from one platform, allowing organizations to achieve the same level of operational efficiency for both their physical and virtual environments. This topic describes:

Note

The TrueSight Server Automation administrator must install and configure the virtual environment. For more information, see Setting-up-TrueSight-Server-Automation-for-virtual-environments.

Auditing and compliance capabilities for virtual environments

The server auditing and compliance capabilities in TrueSight Server Automation involve:

  • Detecting discrepancies between specific virtual asset configurations against a baseline configuration through use of an Audit Job.
  • Monitoring and detecting compliance violations between specific virtual asset configurations against specific rules, through use of a Compliance Job.

The following table describes the capabilities in TrueSight Server Automation that are useful in managing, controlling, and enforcing configuration changes to your server and application environments, regardless of whether the environment is virtual or physical.

Task

Description

Base-lining the environment

Use a Snapshot Job to establish a baseline of the virtual environment (for example, a host, virtual machine, LPAR, and so on), so that you can then track audit discrepancies or compliance violations using an Audit or Compliance Job.
The results of the Snapshot Job provide a view of your virtual assets at a point in time, which can then be used as a reference point, against which you can run Audit Jobs, for example.

Auditing the environment

To ensure that there are no unauthorized changes in server configuration, the TrueSight Server Automation operator can run an Audit Job periodically to compare each virtual asset configuration with one or more baseline configurations. Any detected differences in the configurations are treated as audit discrepancies in TrueSight Server Automation and can be rectified by running a remediation job (automatically or manually) to synchronize the virtual assets (servers, virtual systems, and so on).

Ensuring compliance to standards

To prevent unauthorized or unwanted changes in the virtual infrastructure, the TrueSight Server Automation operator can run a Compliance job periodically that compares the configuration of each virtual asset against certain rules and policies (for example, operational or regulatory policies).
For example, you may want to ensure that all Microsoft Windows virtual machines have 2 GB of storage.
The Compliance Job produces a list of consistent and inconsistent servers and guests. Remediation instructions are then generated and packaged, and can be either automatically or manually deployed.

Remediating issues in the environment

You can create a remediation package for a virtual asset that has failed an Audit or Compliance Job. You create a BLPackage that consolidates all remediation actions specified in the audit or compliance rules that the target component has failed.
The remediation package can then be triggered automatically to rectify issues with inconsistent or non-compliant assets.

Running Snapshot, Audit, and Compliance Jobs on virtual infrastructure

You can run Snapshot, Audit, and Compliance Jobs on a variety of virtual infrastructure server nodes (including clusters, hosts, AIX LPARS, VIO Servers, Solaris non-global zones, and so on) to verify that virtual inventory configurations meet corporate standards.

For example, you could run a Snapshot Job on a vCenter server's Inventory node to check to see if any virtual machines have been added to, or removed from, a given data center. To see what virtual environments are supported, see Overview-of-virtualization-support.

Note

Snapshot Jobs and Audit Jobs are not supported at the root level, for Citrix XenServer.

You can then remediate the virtual assets that fail audit or are found to be non-compliant, using a remediation job. For example, suppose you run a Compliance Job and discover that a virtual machine's memory settings are non-compliant. You can run a Deploy Job to deploy a BLPackage with the proper configuration settings that remediates the problem on the virtual machine. For additional information about remediating problem systems, see Creating-a-remediation-package.

Example procedure for virtual environments

You can use the general principles from the following example to perform snapshot and audit operations on nodes in a virtual environment.

  1. Follow the procedures described in Creating-Snapshot-Jobs to define and run the Snapshot Job.
  2. In addition to whatever other Snapshot Job options you choose, make sure to select Select Snapshot Job Type > Snapshot server objects on the Snapshot Job - General panel.
  3. When the Snapshot Job run completes, browse to the Snapshot Results node in the Servers View node. Expand the Snapshot run under this view to browse results of the snapshot parts.
  4. Right-click the results node for the Snapshot Job run, and select Audit. The New Audit Job wizard opens.
  5. Fill out the wizard panels as described in Creating-Audit-Jobs.
  6. In addition to whatever other Audit Job options you choose, make sure to choose the Select server objects option for Select Audit Job Type on the General panel.
  7. When the Audit Job run completes, browse to the Audit Results node in the Servers folder. 
    For information about how to view audit results, see Viewing-audit-results-by-object or Viewing-audit-results-by-server.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*