Managing the device configuration compliance. Dell EMC OpenManage Enterprise
Add to My manuals134 Pages
advertisement
10
Managing the device configuration compliance
By selecting OpenManage Enterprise > Configuration > Configuration Compliance , you can create configuration baselines by using the built-in or user-created compliance templates. You can create a configuration compliance template from an existing deploy template, reference device, or by importing from a file. To use this feature, you must have the Enterprise level license of OpenManage Enterprise and iDRAC for servers. For Chassis Management Controller, no license is required. User's only with certain privileges are permitted to use this feature. See
Role-based OpenManage Enterprise user privileges
. Also see Manage the device compliance baseline by using the
OpenManage Enterprise dashboard .
NOTE: After a configuration baseline is created by using a template, the summary of compliance level of each baseline is listed in a table. Each device has its own status, the highest severity status is considered as the status of the baseline.
For more information about Rollup Health status, see the MANAGING THE ROLLUP HEALTH STATUS BY USING IDRAC
ON THE DELL EMC 14TH GENERATION AND LATER POWEREDGE SERVERS white paper on the support site.
NOTE: You can create configuration baseline of only the lead MX7000 chassis.
On the Compliance page, you can:
•
Create configuration compliance baseline. See Create a configuration compliance baseline .
• Check compliance of devices or device groups against configuration compliance baseline.
•
Manage compliance templates. See Manage compliance baseline templates .
Use configuration compliance baseline data to set alert policies that alert you if a baseline policy is deviated. The alert is generated based on a compliance baseline that can be viewed on the dashboard page of OpenManage Enterprise. For more information about setting the alert policies, see
The Overall Compliance Summary report displays the following fields:
• COMPLIANCE : The Rollup compliance level of devices attached to a configuration compliance baseline. The status of the device with least compliance (say, critical) is indicated as the status of the whole baseline.
• NAME : Name of the configuration compliance baseline.
• TEMPLATE : The name of the compliance template used by the baseline.
To view the configuration compliance report of a baseline, select the corresponding check box, and then click View Report in the right pane.
.
OpenManage Enterprise provides a built-in report to view the list of monitored devices and their compliance to the configuration compliance baseline. Select OpenManage Enterprise > Monitor > Reports > Devices per Template Compliance Baseline , and then click Run
.
Related tasks
Create a configuration compliance baseline
Edit a configuration compliance baseline
Remove a configuration compliance baseline
Manage compliance baseline templates
Topics:
•
Manage compliance baseline templates
•
Create a configuration compliance baseline
•
Edit a configuration compliance baseline
•
Remediate noncompliant devices
•
Remove a configuration compliance baseline
70 Managing the device configuration compliance
Manage compliance baseline templates
Use compliance template to create compliance baselines and then periodically check the configuration compliance status of devices that are associated with the baseline. See
Managing the device configuration compliance . You can create baseline templates by using
deployment template, reference device, importing from a file. See
Manage compliance baseline templates
.
By selecting Configuration > Configuration Compliance > Template Management , you can view the list of compliance templates.
On this page:
• You can create compliance template by:
•
Using a deployment template. See Create a compliance baseline template from deployment template
.
• Using a reference device. See
Create a compliance baseline template from reference device .
•
Importing from a template file. See Create a compliance baseline by importing from a file
.
• Edit a compliance template. See
Edit a baseline compliance template
.
• Clone a compliance template. See
Clone a compliance baseline template
.
• Export report about a compliance template. On the Compliance Templates page, select the corresponding check box, and then click
Export
. See Export all or selected data .
• Delete a compliance template. On the Compliance Templates page, select the corresponding check box, and then click Delete .
Related information
Managing the device configuration compliance
Edit a configuration compliance baseline
Remove a configuration compliance baseline
Create a compliance baseline template from deployment template
Edit a baseline compliance template
Create a compliance baseline template from deployment template
1. Click Configuration > Configuration Compliance > Template Management > Create > From Deploy Template .
2. In the Clone Deployment Template dialog box, from the Template drop-down menu, select a template that must be used as the baseline for the new template.
3. Enter a name and description for the baseline compliance template.
4. Click Finish .
A compliance template is created and listed in the list of configuration compliance baselines.
Related tasks
Manage compliance baseline templates
Clone a compliance baseline template
Create a compliance baseline template from reference device
To use the configuration properties of a device as a template for creating configuration baseline, the device must be already onboarded.
.
1. Click Configuration > Configuration Compliance > Template Management > Create > From Reference Device .
2. In the Create Compliance Template dialog box, enter a name and description for the baseline compliance template.
3. Select the options to create the template by cloning properties of either a server or chassis.
4. Click Next .
5. In the Reference Device section, select the device that must be used as the master for creating the template. See
Select target devices and device groups .
a) If you select 'server' as the master, also select the server configuration properties that must be cloned.
Managing the device configuration compliance 71
6. Click Finish .
A template creation job is created and run. The newly created compliance baseline template is listed on the Compliance Templates page.
Create a compliance baseline by importing from a file
1. Click Configuration > Configuration Compliance > Template Management > Create > Import from File .
2. In the Import Compliance Template dialog box, enter a name for the baseline compliance template.
3. Select either the server or chassis template type, and then click Select a file to browse through to the file and select.
4. Click Finish .
The configuration compliance baseline is created and listed.
Clone a compliance baseline template
1. Click Configuration > Configuration Compliance > Template Management .
2. Select the compliance template to be cloned, and then click Clone .
3. In the Clone Template dialog box, enter the name of new template.
4. Click Finish .
The new template is created and listed under Compliance Templates .
Related information
Create a compliance baseline template from deployment template
Edit a baseline compliance template
Edit a baseline compliance template
When you want to edit the configuration baseline properties, you can edit the properties of the template linked to it.
CAUTION: If a template used for a baseline is already associated with another baseline, editing the template properties changes the baseline compliance levels of devices already associated. Read through the Error and Event message displayed and act accordingly. For more information about error and event messages, see the Error and Event Message
Reference Guide available on the support site.
1. On the Compliance Templates page, select the corresponding check box, and then click Edit .
2. On the Template Details page, the configuration properties of the template is listed.
3. Expand the property you want to edit, and then enter or select data in the fields.
a) To enable the property, select the check box, if not already enabled.
4. Click Finish .
The template is edited and the updated information is saved.
Related tasks
Manage compliance baseline templates
Clone a compliance baseline template
Create a configuration compliance baseline
OpenManage Enterprise can assign 10 baselines to a single device and check the compliance level of maximum 500 devices at a time. To view the list of baselines, click OpenManage Enterprise > Configuration > Configuration Compliance .
You can create a configuration compliance baseline by:
• Using an existing deployment template. See
Managing the device configuration compliance
.
•
• Using a template imported from a file. See
Create a compliance baseline by importing from a file .
72 Managing the device configuration compliance
When you select a template for creating a baseline, the attributes associated with the templates are also selected. However, you can edit the baseline properties. See
Edit a configuration compliance baseline .
CAUTION: If a template used for a baseline is already associated with another baseline, editing the template properties changes the baseline compliance levels of devices already associated. Read through the Error and Event message displayed and act accordingly. For more information about error and event messages, see the Error and Event Message
Reference Guide available on the support site.
NOTE: Before creating configuration compliance baseline, ensure that you have created the appropriate compliance template.
1. Select Configuration > Configuration Compliance > Create Baseline .
2. In the Create Compliance Baseline dialog box:
• In the Baseline Information section: a) From the Template drop-down menu, select a compliance template. For more information about templates, see
Managing the device configuration compliance
.
b) Enter a compliance baseline name and description.
c) Click Next .
• In the Target section:
NOTE: Only compatible devices are listed. If you select a group, the devices that are not compatible with the baseline template, or the devices that do not support the configuration compliance baseline feature, are exclusively identified to help you select effectively.
3. Click Finish .
A compliance baseline is created and listed. A compliance comparison is initiated when the baseline is created or updated. The overall compliance level of the baseline is indicated in the COMPLIANCE column. For information about the fields in the list, see
Managing the device configuration compliance
.
Related information
Managing the device configuration compliance
Remove a configuration compliance baseline
Edit a configuration compliance baseline
You can edit the devices, name, and other properties associated with a configuration baseline. For field descriptions displayed in the list,
see Managing the device configuration compliance
.
CAUTION: If a template used for a baseline is already associated with another baseline, editing the template properties changes the baseline compliance levels of devices already associated. See
Edit a baseline compliance template . Read
through the Error and Event message displayed and act accordingly. For more information about error and event messages, see the Error and Event Message Reference Guide available on the support site.
1. Select Configuration > Configuration Compliance .
2. From the list of configuration compliance baselines, select the corresponding check box, and then click Edit .
3. In the Edit Compliance Baseline dialog box, update the information. See
Create a configuration compliance baseline
.
Related tasks
Manage compliance baseline templates
Related information
Managing the device configuration compliance
Remove a configuration compliance baseline
Managing the device configuration compliance 73
Remediate noncompliant devices
You can remediate the devices which are not conforming to the associated baseline by changing the attribute values to match with the associated baseline attributes. To view the drifted attributes, from the device compliance report, click View Report . The Compliance
Report table lists the attribute names with the expected and current values of the attributes.
To remediate one or more noncompliant devices:
1. Select Configuration > Configuration Compliance .
2. From the list of configuration compliance baselines, select the corresponding check box, and then click View Report .
3. From the list of noncompliant devices, select one or more devices, and then click Make Compliant .
4. Schedule the configuration changes to run immediately or later, and then click Finish .
To apply the configuration changes after the next server reboot, you can select the Stage configuration changes to device(s) on next reboot option.
A new configuration inventory task is run, and the compliance status of the baseline is updated on the Compliance page.
Remove a configuration compliance baseline
You can remove the configuration compliance level of devices associated with a configuration baseline. For field descriptions displayed in the list, see
Managing the device configuration compliance .
CAUTION: When you delete a compliance baseline, or delete device(s) from a compliance baseline:
• The compliance data of the baseline and/or device(s) is deleted from the OpenManage Enterprise data.
• If a device is removed, its configuration inventory is no longer retrieved, and the already retrieved information is also deleted, unless the inventory is associated with an Inventory job.
A template used as a compliance baseline cannot be deleted if associated with a device. Appropriate messages are displayed in such cases.
Read through the error and event message displayed and act accordingly. For more information about error and event messages, see the
Error and Event Message Reference Guide available on the support site.
1. Click Configuration > Configuration Compliance .
2. From the list of configuration compliance baselines, select the corresponding check box, and then click Delete .
3. When prompted whether or not you want to delete, click YES .
The compliance baseline is deleted and the Overall Compliance Summary table of baselines is updated.
Related tasks
Create a configuration compliance baseline
Manage compliance baseline templates
Edit a configuration compliance baseline
Related information
Managing the device configuration compliance
74 Managing the device configuration compliance
advertisement
Related manuals
advertisement
Table of contents
- 3 Dell EMC OpenManage Enterprise Version 3.2 User's Guide
- 9 About Dell EMC OpenManage Enterprise
- 10 New in this release
- 10 Other information you may need
- 11 Contacting Dell EMC
- 11 OpenManage Enterprise Advanced license
- 12 License-based features in OpenManage Enterprise
- 13 Security features in OpenManage Enterprise
- 13 Role-based OpenManage Enterprise user privileges
- 14 OpenManage Enterprise user role types
- 16 Deploy and manage OpenManage Enterprise
- 16 Installation prerequisites and minimum requirements
- 16 Minimum recommended hardware
- 17 Minimum system requirements for deploying OpenManange Enterprise
- 17 Deploy OpenManage Enterprise on VMware vSphere
- 18 Deploy OpenManage Enterprise on Hyper-V 2012 R2 and earlier host
- 18 Deploy OpenManage Enterprise on Hyper-V 2016 host
- 19 Deploy OpenManage Enterprise on Hyper-V 2019 host
- 20 Deploy OpenManage Enterprise by using Kernel-based Virtual Machine
- 20 Deploy OpenManage Enterprise programmatically
- 22 Get started with OpenManage Enterprise
- 22 Log in to OpenManage Enterprise
- 22 Configure OpenManage Enterprise by using Text User Interface
- 23 Configure OpenManage Enterprise
- 24 Recommended scalability and performance settings for optimal usage of OpenManage Enterprise
- 25 Supported protocols and ports in OpenManage Enterprise
- 26 Use case links for the supported protocols and ports in OpenManage Enterprise
- 28 OpenManage Enterprise Graphical User Interface overview
- 30 OpenManage Enterprise Home portal
- 30 Monitor devices by using the OpenManage Enterprise dashboard
- 31 Manage firmware baseline by using the OpenManage Enterprise dashboard
- 31 Manage device warranty by using the OpenManage Enterprise dashboard
- 32 Manage the device compliance baseline by using the OpenManage Enterprise dashboard
- 32 Organize devices into groups
- 33 Donut chart
- 34 Device health statuses
- 35 Managing devices
- 36 Organize devices into groups
- 37 Create or delete a Static device group
- 37 Create or edit a Query device group
- 38 Select a query criteria
- 38 Adding or editing devices in a Static child group
- 39 Rename child groups of Static or Query Dynamic groups
- 39 Clone a Static or Query group
- 39 Add devices to a new group
- 40 Add devices to existing group
- 40 Delete devices from OpenManage Enterprise
- 40 Exclude devices from OpenManage Enterprise
- 41 Upgrade or downgrade device firmware by using the firmware baseline
- 41 Select Firmware Source
- 42 Roll back an individual device firmware version
- 43 Refresh the device inventory
- 43 Refresh the device status
- 43 Export the single device inventory
- 43 Devices list
- 44 Performing more actions on chassis and servers
- 44 Hardware information displayed for MX7000 chassis
- 44 Export all or selected data
- 45 Viewing and configuring devices
- 45 Device Overview
- 46 Device hardware information
- 46 Run and download Diagnostic reports
- 47 Extract and download SupportAssist reports
- 47 Managing individual device hardware logs
- 47 Run remote–RACADM and IPMI–commands on individual devices
- 48 Start Management application iDRAC of a device
- 48 Start the Virtual Console
- 49 Manage the device firmware
- 50 Manage firmware Catalogs
- 50 Create a firmware catalog by using Dell.com
- 50 Create a firmware catalog by using local network
- 51 SSL Certificate Information
- 52 Update a firmware catalog
- 52 Edit a firmware catalog
- 52 Delete a firmware catalog
- 52 Create a firmware baseline
- 53 Delete a firmware baseline
- 53 Check the compliance of a device firmware against its baseline
- 54 View the device firmware compliance report
- 54 Update the device firmware version by using the baseline compliance report
- 55 Edit a firmware baseline
- 55 Delete a firmware baseline
- 56 Manage device configuration templates
- 56 Create a template from a reference device
- 57 Create template by importing a template file
- 57 View a template information
- 57 Edit a server template
- 58 Edit a chassis template
- 59 Edit IOA template
- 59 Edit network properties
- 59 Deploy device templates
- 60 Deploy IOA templates
- 60 Clone templates
- 61 Auto deployment of configuration on yet-to-be-discovered servers or chassis
- 61 Create auto deployment targets
- 62 Delete auto deployment targets
- 62 Export auto deployment target details to different formats
- 62 Manage identity pools—Stateless deployment
- 62 Overview of stateless deployment
- 63 Create Identity Pool - Pool Information
- 63 Identity pools
- 63 Create identity pools
- 64 Create Identity Pool - Fibre Channel
- 65 Create Identity Pool - iSCSI
- 66 Create Identity Pool - Fibre channel over Ethernet
- 66 Create Identity Pool - Ethernet
- 67 View definitions of identity pools
- 67 Edit identity pools
- 67 Define networks
- 67 Network types
- 68 Edit or delete a configured network
- 68 Stateless deployment
- 69 Delete identity pools
- 69 Reclaim assigned virtual identities
- 69 Migrate device profile
- 70 Managing the device configuration compliance
- 71 Manage compliance baseline templates
- 71 Create a compliance baseline template from deployment template
- 71 Create a compliance baseline template from reference device
- 72 Create a compliance baseline by importing from a file
- 72 Clone a compliance baseline template
- 72 Edit a baseline compliance template
- 72 Create a configuration compliance baseline
- 73 Edit a configuration compliance baseline
- 74 Remediate noncompliant devices
- 74 Remove a configuration compliance baseline
- 75 Monitoring device alerts
- 75 View the alert logs
- 76 Acknowledge alerts
- 76 Unacknowledge alerts
- 76 Ignore alerts
- 76 Delete alerts
- 77 View archived alerts
- 77 Download archived alerts
- 77 Alert policies
- 78 Create alert policies
- 79 Forward audit logs to remote Syslog servers
- 80 Configure SMTP, SNMP, and Syslog alerts
- 81 Execute remote commands and scripts
- 81 Enable alert policies
- 82 Edit alert policies
- 82 Disable alert policies
- 82 Delete alert policies
- 82 Alert definitions
- 84 Manage audit logs
- 85 Forward audit logs to remote Syslog servers
- 86 Using jobs for device control
- 86 View the jobs list
- 87 View an individual job information
- 87 Create a job to blink device LEDs
- 88 Create a job for managing power devices
- 88 Create a Remote command job for managing devices
- 88 Create a job to change the virtual console plugin type
- 89 Select target devices and device groups
- 90 Discovering devices for monitoring or management
- 91 Create a device discovery job
- 92 Onboarding devices
- 92 Protocol support matrix for discovering devices
- 93 View device discovery job details
- 93 Edit a device discovery job
- 94 Run a device discovery job
- 94 Stop a device discovery job
- 94 Specify multiple devices by importing data from the .csv file
- 94 Globally excluding devices
- 95 Specify discovery mode for creating a server discovery job
- 95 Create customized device discovery job protocol for servers –Additional settings for discovery protocols
- 96 Specify discovery mode for creating a chassis discovery job
- 96 Create customized device discovery job protocol for Chassis –Additional settings for discovery protocols