Customizing and running Scale Jobs for large numbers of servers
A group of out-of-the-box jobs stored in the Jobs folder, in a folder named Compliance Content Scale Jobs, can help you simplify the process of compliance analysis when you have many target servers.
Compliance Content Scale Jobs are divided (in a series of sub-folders under the Compliance Content Scale Job folder) by type of policy (CIS, DISA, HIPAA, PCI, or SOX) and platform (that is, the version of the operating system on the target server).
Large-scale compliance analysis for UNIX or Linux target servers involves several jobs, as described in Choosing-between-a-regular-Compliance-Job-and-a-Batch-Job. Each of the sub-folders contains the following jobs:
| Job | Description | 
|---|---|
| Scale Job | A Batch Job that runs an NSH Script Job and a Compliance Job (described in the next two rows). | 
| NSH Script Job | Runs an NSH Script that prepares required caches asynchronously for all targets included in the Compliance Job. The associated NSH script is stored in the depot. | 
| Compliance Job | Runs compliance analysis based on the relevant Compliance Content component template after the caches have been prepared. | 
For Windows target servers, large-scale compliance analysis requires just the Compliance Job.
To perform large-scale compliance analysis, choose the appropriate procedure, depending on the type of operating system at the target servers:
- To execute large-scale compliance analysis on Linux or UNIX
- To execute large-scale compliance analysis on Windows
To execute large-scale compliance analysis on Linux or UNIX
- Under the Jobs folder, navigate to the relevant sub-folder under the Compliance Content Scale Job folder (for the appropriate policy and Linux/UNIX platform).
- In this folder, right click the Scale Job, and select Open.
- On the Batch Job Options panel, under Server/Server Groups, ensure that Use the following servers for all jobs is selected, and specify the target servers where you want to analyze compliance. 
 Target servers must match the operating system of the component template (also indicated within job names).
- Continue with scheduling the Batch Job as described in Creating-and-modifying-Batch-Jobs.
 The job is stored in the Jobs folder, in the subfolder that you specified for the job.
- If you want to change any of the following parameters of the NSH Script Job, which is executed by the Scale Job, you can change them in the appropriate script file in Depot/scale scripts Group through the NSH Script Editor. Your changes affect all jobs that call this script. - Parameters in NSH Script Jobs for SOX and PCI - Parameter - Description - CACHE_HRS - The frequency (in hours) of cache refresh. The default is 24 hours. - FORCEFIND - To force an immediate cache refresh whenever the Compliance Job runs (overriding the CACHE_HRS parameter), change from the default value of n (no) to y (yes). - SCAN_FOLDER - Directory paths to be included in searches (excluding all others). Separate multiple directories with commas. This parameter takes precedence over the USER_DIRs parameter. - USER_DIRs - Directory paths to be excluded from searches. Separate multiple directories with commas. - MAX_DISK_PERCENTAGE - Maximum disk percentage allowed during cache preparation before the process is stopped and an error is issued. By default, the value for this parameter is 80. - OS - The operating system of the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.OS??). - STAGE_DIR - The path to the staging directory on the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.STAGING_DIR??). - TARGET_RSCD_DIR - The path to the RSCD Agent installation directory on the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.RSCD_DIR??). - Parameters in NSH Script Jobs for CIS, DISA, HIPAA, PCIv2 and PCIv3 - Parameter - Description - CACHE_HRS_VALUE - The frequency (in hours) of cache refresh. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.CACHE_HRS??). - FIND_FILES_TIMEOUT_VALUE - The timeout (in minutes) of find files. The default is 0 (no timeout). - EXCLUDED_DIR_VALUE - Directory paths to be excluded from searches. Separate multiple directories with commas. By default, the value for this parameter is derived from a property in the target's Server property class (this is, ??TARGET.EXCLUDED_DIR??). - FORCEFIND_VALUE - To force an immediate cache refresh whenever the Compliance Job runs (overriding the CACHE_HRS_VALUE parameter) - MAX_DISK_PERCENTAGE_VALUE - Maximum disk percentage allowed during cache preparation before the process is stopped and an error is issued. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.MAX_DISK_PERCENTAGE??). - RSCD_DIRECTORY_VALUE - The RSCD directory to be excluded from the global search for non-compliant files. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.RSCD_DIR??). - SCAN_DIRECTORY_VALUE - The directory to use as the starting directory for the global search for non-compliant files. The default value for this parameter is the root directory (denoted by a single slash character, /). - EXCLUDE_HOME_DIR_USER_LIST_VALUE - Unix system user accounts where home should not be scanned. Default values are: - ??TARGET.CIS Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??
- ??TARGET.DISA Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??
- ??TARGET.PCI Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??
 
To execute large-scale compliance analysis on Windows
- Under the Jobs folder, navigate to the relevant sub-folder under the Compliance Content Scale Job folder (for the appropriate policy and Windows platform).
- In this folder, right click the Compliance Job (the only item in the folder), and select Open.
- Continue modifying and scheduling the job as described in Modifying-Compliance-Jobs. 
 To avoid the need to run a Component Discovery Job before running the Compliance Job, note the following special guidelines:- On the General tab, select the Run auto-discovery option.
- On the Components tab, specify the target servers on which to run the Compliance Job.
 
