Managing the device configuration compliance. Dell EMC OpenManage Enterprise

10

Managing the device configuration compliance

By selecting OpenManage Enterprise > Configuration > Configuration Compliance , you can create configuration baselines by using the built-in or user-created compliance templates. You can create a configuration compliance template from an existing deploy template, reference device, or by importing from a file. To use this feature, you must have the Enterprise level license of OpenManage Enterprise and iDRAC for servers. For Chassis Management Controller, no license is required. User's only with certain privileges are permitted to use this feature. See

Role-based OpenManage Enterprise user privileges

. Also see Manage the device compliance baseline by using the

OpenManage Enterprise dashboard .

NOTE: After a configuration baseline is created by using a template, the summary of compliance level of each baseline is listed in a table. Each device has its own status, the highest severity status is considered as the status of the baseline.

For more information about Rollup Health status, see the MANAGING THE ROLLUP HEALTH STATUS BY USING IDRAC

ON THE DELL EMC 14TH GENERATION AND LATER POWEREDGE SERVERS white paper on the support site.

NOTE: You can create configuration baseline of only the lead MX7000 chassis.

On the Compliance page, you can:

•

Create configuration compliance baseline. See Create a configuration compliance baseline .

• Check compliance of devices or device groups against configuration compliance baseline.

•

Manage compliance templates. See Manage compliance baseline templates .

Use configuration compliance baseline data to set alert policies that alert you if a baseline policy is deviated. The alert is generated based on a compliance baseline that can be viewed on the dashboard page of OpenManage Enterprise. For more information about setting the alert policies, see

Monitoring device alerts .

The Overall Compliance Summary report displays the following fields:

• COMPLIANCE : The Rollup compliance level of devices attached to a configuration compliance baseline. The status of the device with least compliance (say, critical) is indicated as the status of the whole baseline.

• NAME : Name of the configuration compliance baseline.

• TEMPLATE : The name of the compliance template used by the baseline.

To view the configuration compliance report of a baseline, select the corresponding check box, and then click View Report in the right pane.

Use the query builder feature to generate device level compliance to the selected baseline. See Select a query criteria

.

OpenManage Enterprise provides a built-in report to view the list of monitored devices and their compliance to the configuration compliance baseline. Select OpenManage Enterprise > Monitor > Reports > Devices per Template Compliance Baseline , and then click Run

. See Run reports

.

Related tasks

Create a configuration compliance baseline

Edit a configuration compliance baseline

Remove a configuration compliance baseline

Manage compliance baseline templates

Select a query criteria

Topics:

•


•


•


•

Remediate noncompliant devices

•


70 Managing the device configuration compliance

Manage compliance baseline templates

Use compliance template to create compliance baselines and then periodically check the configuration compliance status of devices that are associated with the baseline. See

Managing the device configuration compliance . You can create baseline templates by using

deployment template, reference device, importing from a file. See


.

By selecting Configuration > Configuration Compliance > Template Management , you can view the list of compliance templates.

On this page:

• You can create compliance template by:

•

Using a deployment template. See Create a compliance baseline template from deployment template

.

• Using a reference device. See

Create a compliance baseline template from reference device .

•

Importing from a template file. See Create a compliance baseline by importing from a file

.

• Edit a compliance template. See

Edit a baseline compliance template

.

• Clone a compliance template. See

Clone a compliance baseline template

.

• Export report about a compliance template. On the Compliance Templates page, select the corresponding check box, and then click

Export

. See Export all or selected data .

• Delete a compliance template. On the Compliance Templates page, select the corresponding check box, and then click Delete .

Related information

Managing the device configuration compliance



Create a compliance baseline template from deployment template


Create a compliance baseline template from deployment template

1. Click Configuration > Configuration Compliance > Template Management > Create > From Deploy Template .

2. In the Clone Deployment Template dialog box, from the Template drop-down menu, select a template that must be used as the baseline for the new template.

3. Enter a name and description for the baseline compliance template.

4. Click Finish .

A compliance template is created and listed in the list of configuration compliance baselines.

Related tasks



Create a compliance baseline template from reference device

To use the configuration properties of a device as a template for creating configuration baseline, the device must be already onboarded.

See Onboarding devices

.

1. Click Configuration > Configuration Compliance > Template Management > Create > From Reference Device .

2. In the Create Compliance Template dialog box, enter a name and description for the baseline compliance template.

3. Select the options to create the template by cloning properties of either a server or chassis.

4. Click Next .

5. In the Reference Device section, select the device that must be used as the master for creating the template. See

Select target devices and device groups .

a) If you select 'server' as the master, also select the server configuration properties that must be cloned.

Managing the device configuration compliance 71

6. Click Finish .

A template creation job is created and run. The newly created compliance baseline template is listed on the Compliance Templates page.

Create a compliance baseline by importing from a file

1. Click Configuration > Configuration Compliance > Template Management > Create > Import from File .

2. In the Import Compliance Template dialog box, enter a name for the baseline compliance template.

3. Select either the server or chassis template type, and then click Select a file to browse through to the file and select.

4. Click Finish .

The configuration compliance baseline is created and listed.

Clone a compliance baseline template

1. Click Configuration > Configuration Compliance > Template Management .

2. Select the compliance template to be cloned, and then click Clone .

3. In the Clone Template dialog box, enter the name of new template.

4. Click Finish .

The new template is created and listed under Compliance Templates .


Create a compliance baseline template from deployment template


Edit a baseline compliance template

When you want to edit the configuration baseline properties, you can edit the properties of the template linked to it.

CAUTION: If a template used for a baseline is already associated with another baseline, editing the template properties changes the baseline compliance levels of devices already associated. Read through the Error and Event message displayed and act accordingly. For more information about error and event messages, see the Error and Event Message

Reference Guide available on the support site.

1. On the Compliance Templates page, select the corresponding check box, and then click Edit .

2. On the Template Details page, the configuration properties of the template is listed.

3. Expand the property you want to edit, and then enter or select data in the fields.

a) To enable the property, select the check box, if not already enabled.

4. Click Finish .

The template is edited and the updated information is saved.

Related tasks



Create a configuration compliance baseline

OpenManage Enterprise can assign 10 baselines to a single device and check the compliance level of maximum 500 devices at a time. To view the list of baselines, click OpenManage Enterprise > Configuration > Configuration Compliance .

You can create a configuration compliance baseline by:

• Using an existing deployment template. See


.

•

Using a template captured from a support device. See Create a compliance baseline template from reference device .

• Using a template imported from a file. See

Create a compliance baseline by importing from a file .


When you select a template for creating a baseline, the attributes associated with the templates are also selected. However, you can edit the baseline properties. See

Edit a configuration compliance baseline .

CAUTION: If a template used for a baseline is already associated with another baseline, editing the template properties changes the baseline compliance levels of devices already associated. Read through the Error and Event message displayed and act accordingly. For more information about error and event messages, see the Error and Event Message

Reference Guide available on the support site.

NOTE: Before creating configuration compliance baseline, ensure that you have created the appropriate compliance template.

1. Select Configuration > Configuration Compliance > Create Baseline .

2. In the Create Compliance Baseline dialog box:

• In the Baseline Information section: a) From the Template drop-down menu, select a compliance template. For more information about templates, see


.

b) Enter a compliance baseline name and description.

c) Click Next .

• In the Target section:

a) Select devices or device groups. Only compatible devices are displayed. See Select target devices and device groups .

NOTE: Only compatible devices are listed. If you select a group, the devices that are not compatible with the baseline template, or the devices that do not support the configuration compliance baseline feature, are exclusively identified to help you select effectively.

3. Click Finish .

A compliance baseline is created and listed. A compliance comparison is initiated when the baseline is created or updated. The overall compliance level of the baseline is indicated in the COMPLIANCE column. For information about the fields in the list, see


.




Edit a configuration compliance baseline

You can edit the devices, name, and other properties associated with a configuration baseline. For field descriptions displayed in the list,

see Managing the device configuration compliance

.

CAUTION: If a template used for a baseline is already associated with another baseline, editing the template properties changes the baseline compliance levels of devices already associated. See

Edit a baseline compliance template . Read

through the Error and Event message displayed and act accordingly. For more information about error and event messages, see the Error and Event Message Reference Guide available on the support site.

1. Select Configuration > Configuration Compliance .

2. From the list of configuration compliance baselines, select the corresponding check box, and then click Edit .

3. In the Edit Compliance Baseline dialog box, update the information. See


.

Related tasks






Managing the device configuration compliance 73

Remediate noncompliant devices

You can remediate the devices which are not conforming to the associated baseline by changing the attribute values to match with the associated baseline attributes. To view the drifted attributes, from the device compliance report, click View Report . The Compliance

Report table lists the attribute names with the expected and current values of the attributes.

To remediate one or more noncompliant devices:

1. Select Configuration > Configuration Compliance .

2. From the list of configuration compliance baselines, select the corresponding check box, and then click View Report .

3. From the list of noncompliant devices, select one or more devices, and then click Make Compliant .

4. Schedule the configuration changes to run immediately or later, and then click Finish .

To apply the configuration changes after the next server reboot, you can select the Stage configuration changes to device(s) on next reboot option.

A new configuration inventory task is run, and the compliance status of the baseline is updated on the Compliance page.

Remove a configuration compliance baseline

You can remove the configuration compliance level of devices associated with a configuration baseline. For field descriptions displayed in the list, see

Managing the device configuration compliance .

CAUTION: When you delete a compliance baseline, or delete device(s) from a compliance baseline:

• The compliance data of the baseline and/or device(s) is deleted from the OpenManage Enterprise data.

• If a device is removed, its configuration inventory is no longer retrieved, and the already retrieved information is also deleted, unless the inventory is associated with an Inventory job.

A template used as a compliance baseline cannot be deleted if associated with a device. Appropriate messages are displayed in such cases.

Read through the error and event message displayed and act accordingly. For more information about error and event messages, see the

Error and Event Message Reference Guide available on the support site.

1. Click Configuration > Configuration Compliance .

2. From the list of configuration compliance baselines, select the corresponding check box, and then click Delete .

3. When prompted whether or not you want to delete, click YES .

The compliance baseline is deleted and the Overall Compliance Summary table of baselines is updated.

Related tasks








Managing the device configuration compliance. Dell EMC OpenManage Enterprise

Managing the device configuration compliance

Related manuals

Table of contents

Managing the device configuration compliance. Dell EMC OpenManage Enterprise