Create Policies in SA

of 6

Please download to get full document.

View again

All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
PDF
6 pages
0 downs
11 views
Share
Description
1. Create Policies,Run Compliance Audits,and Remediate with HPServer Automation An excellentfeature of HPServerAutomationprovidestools thatnotonly increase the efficiency…
Transcript
  • 1. Create Policies,Run Compliance Audits,and Remediate with HPServer Automation An excellentfeature of HPServerAutomationprovidestools thatnotonly increase the efficiency of IT staff but also improvesbothcomplianceandsystemsecuritywhile requiringminimal userinteraction. ServerAutomationachievesthisusingacombinationof Audits,AuditPolicies,PatchesandPatch Policies,SystemConfiguration specifications,software packages,andevenOSBuildPlans. ThisallowsIT administratorstoautomate significantworkloadsusingServerAutomationandeliminateincessant problemssuchasforgettingtoperforma specificstep,confirmingasystem’sconfigurationiscomplete, or justtryingto track down a piece of software toinstall.HPServerAutomation(SA) alleviatesthese problemsandsimplifiesprocessesdowntoonlyafew clicksof the mouse to achieve whatcouldtake hoursor daysto performmanually.Thus,ineffortstodemonstratesome of SA’s mostattractive featuresthe followingprovides aquicklookintothe ServerAutomation’suser interface andhow to create policies,performaudits,andevenremediate non-compliantsystemsquickly. Creating Policies ServerAutomationincludesSoftware Policies,PatchPolicies,andAuditPoliciescontainingasmany settingsone desires.However,abestpractice isto grouppoliciesbysome common factor.For instance, creatinga patch policytodeploythe MicrosoftWindowsMaliciousSoftware RemovalTool alongwith anotherpatch that installsanupdate fora RAIDcontrollerjustisnot a goodidea.Therefore,the followingillustrateshowtocreate a Patch PolicyinSA to install aMicrosoftWindowsUpdate. The SA userinterface providesahierarchical view of everythingincludingthe SA Librarycontaining patches,patchpolicies,OSbuildplans,orevenmanagedorunmanagedservers,andthismakes navigatingSA’slibrarymucheasier. Asshownabove,the patchlibraryforWindowsServer2008 x64 containsa vast collectionof patches.However,mostif notall uponinitial installationof HPSA shows
  • 2. each patchgrayedout. Thismeansthe patch is notreadyand available todeploy.Therefore,one must at leastright-clickaspecificpatchandchoose ImportContent> From Vendor(orFromFile if available). ThiscausesSA to begindownloadingthe patchfromthe vendorautomatically,andwhenitfinishesthe patch changesfromgrayedout to normal.Justkeepinmindthiscan be done forone, many or every patch inthe library butthat can take a verylongtime dependingonthe Internetconnectionspeed. Thus,a bestpractice isto onlydownloadthe onesneededbecauseit’smucheasiertodownloadothers and add themtoan existingpatchpolicylater. Othernoteworthyaspectof patchpoliciesisthe patchAvailabilityandOS.These settingsdetermine if a patch isAvailable toeverymanagedserverinSA or Limitedtopreventdeploymentwithspecifically designatingwhatservertoapplythe patch(es) tomanuallyduringtesting.Aftertestingthe ITstaff can revisiteachpatchand setAvailabilityto“Available”,andstill use the OSdropdowntoindicate itisonly allowedtoinstall onWindowsServer2008 R2 x64 forinstance.Thiswouldpreventthe patchfrom deployingontoasystemithasnot beentestedonyet. AnothernoteworthytipistorememberSA providesnowayto deploythispatchto a serverfromthe patcheslist.Therefore,the nextstepisto create a PatchPolicy.
  • 3. Creatinga Patch Policyissimple because all itrequiresisthe name of the policy(tryto be as descriptive as possible butkeepitshort),the PolicyItems(we’lladdthe KB890830 update justimportedfromthe vendor) andthe servers orDevice Groups(see HPSA documentationforfurtherdetails) Choose the PolicyItemsonthe left,chose the dropdownforwhattoShow (selectPatchesNotAddedto Policy – see below) andinthe top-rightsearchbox clickthe dropdownandspecifyAvailabilityandtype an “L” forLimitedinthisexample todisplayonlythosepatchesjustdownloadedandnotcompleted testing. Thischangesthe viewto looksimilartothe screenshotbelow.
  • 4. Selectthe appropriate patch,right-clickitandchoose AddPatch to Policy(notice itdisappearsbecause of the optiontodisplayonlythose PatchesnotAddedtoPolicyspecifiedearlier).Save andclose the Patch Policywhere youcanviewitinthe Patch Policylist. Change to the Device viewandselectAll ManagedServers Selectthe serversyouwanttoScan for Compliance asshownbelow (be sure toselectthe Compliance viewoptioninthe top-leftcornerof thispane. From the SA main menuwithatleast(1) device selected,choose Scan> PatchCompliance asshown below,andthenthe Scanningprogresswindow will appear.
  • 5. Afterthe scan completesitwill show astatusscreensimilartothe screenshotbelow IFyouhave not alreadyclosedthe PatchCompliance ScanStatuswindow.If so,youcan still view the compliance status fromthe mainDevicesscreen. At thispointyoucan clickthe Remediate button,andthatopensa new window toguide youthrough the remediationprocess.
  • 6. Clickto Start Joband the Remediationwill completeonitsown.Justrememberyoucansetupschedules inSA to completelyautomatethisentireprocessonaregularbasisand have itreturn the resultstoany or as many recipientsasnecessaryviae-mail. You may alsoleave the progresswindow openduringRemediationanditdisplaysdetailedstatusof each stepof the remediationjob, oryoucan openthe Jobsand Sessionspartof SA andlookat the results there,butnot inas much detail asshownhere below. This concludes the tutorial on Server Automation policy compliance, scanning, and remediation.
  • Related Search
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks