ViPR SRM 3.6 – Track Configuration Changes using ViPR SRM

Compliance change tracking features

Learn how to monitor and view configuration changes in your storage network.

The ViPR SRMSolutionPack for Storage Compliance tracks and reports on configuration changes in your storage infrastructure. It also reruns the enabled compliance rules related to the change.

A background process that runs on a configurable schedule collects and logs configuration changes. The installed default schedule is hourly, meaning that administrators know within an hour about a configuration change. The compliance change tracking feature is always enabled.

The compliance change tracking feature provides the following benefits:

When a configuration change is related to an enabled compliance policy rule, that rule is run against the objects involved in the change. Administrators receive quick feedback when a change causes a breach or resolves an existing breach.
When configuration changes cause breaches, the breaches are noted on the change tracking report. In addition, administrators can easily navigate directly from the row in the change tracking report to more detailed breach reports to obtain more details about the breaches.
Similarly, if the change was made to try to resolve a known breach, administrators receive almost immediate validation about whether the breach was resolved.

For a list of the specific configuration changes that this feature captures, see the section "Which configuration changes are captured by compliance?" in Using Compliance in ViPR SRM.

View change tracking report

The Track Configuration Changes report in ViPR SRM shows details about configuration changes in your storage infrastructure.

For each change, the report identifies the date and time of the change, a very detailed description of the change, the affected devices and storage components, and whether the change caused a breach of a compliance rule.

Procedure

Log in to the Console and navigate to Operations > Compliance > Storage Compliance > Track Configuration Changes.
The Track Configuration Changes report opens.
To sort the report in ascending order by device, click the up arrow in the Device column header.
The sorted report makes it easier to find a specific device name. It also groups together all of the changes on a particular device.
To sort the report in descending order by the # of Breaches column, click the down arrow in that column. If the down arrow does not appear darkened, click it again.
The sorted report makes it easier to discover whether any breaches occurred because of configuration changes. It also quickly shows which changes caused the breaches.

Example change tracking messages

ViPR SRM tracks and reports on configurations changes related to storage components.

The table shows extracts from a Track Configuration Changes report. The example descriptions illustrate the types of configuration changes that are tracked and the level of detail included in the change tracking report.

Extracts from a change tracking report
Description	Device	Component
The disk device with disk wwn 60A98000424550697624436C566B6C57 on host sl200078 has been removed.	sl200078	/dev/dsk/emcpower9c
The status of switch port 2015000533AA8F40 on switch ibm-xiv changed from offline to online	ibm-xiv
The Virtual Machine FrontEnd got vMotioned from ESX server lglbw014.lss.emc.com to lglbw013.lss.emc.com.	FrontEnd
The status of switch port 20130005337A0BE0 on switch xiv1 changed from offline to online	xiv1
The switch port connectivity for port 2015000533AA8F40 on switch ibm-xiv changed from 10000000C93911DB to 10000000C94A913E.	ibm-xiv
The disk device /dev/dsk/emcpower18c with disk wwn 600601606D203700D9600C28F5EBE311 has been added on host sl200078.	sl200078	/dev/dsk/emcpower18c
The disk device fc.20000090fa343b86:10000090fa343b86-fc.50000973000ed400:50000973000ed55d-naa.60000970000195700949533036324532 with disk wwn 60000970000195700949533036324532 has been added on host lglbw014.lss.emc.com.	lglbw014.lss.emc.com	fc.20000090fa343b86:10000090fa343b86fc.50000973000ed400:50000973000ed55d-naa.60000970000195700949533036324532
The member 1000000012121234 has been added to the zone test72 in the fabric 2001000DEC3E9981	2001000DEC3E9981
A new zone test55 has been added to the fabric 2001000DEC3E9981	2001000DEC3E9981

Get more information about breaches

You can go directly from a row in the Storage Compliance Track Configuration Changes report to related device-specific breach reports in ViPR SRM.

The device-specific reports contain troubleshooting information to help you resolve the breaches. They also show the compliance policies and rules that were violated by the configuration change.

Procedure

Log in to the Console and navigate to Operations > Compliance > Storage Compliance > Track Configuration Changes.
To sort the report so that rows containing breaches appear first, click the down arrow in the header of the # of Breaches column.
To get more information about the breaches that are associated with a configuration change, click anywhere in a row that indicates breaches.
Another page opens with several reports about the affected device.
- The View Breaches report shows details about all breaches on the device, including the severity of the breach and the compliance policies and rules that were breached.
- The Breach Details report shows the breach message and a short recommendation for fixing it.
For example, the following report shows breach details for a fabric device with several zoning best practice violations.

Results

The device-specific reports provide valuable troubleshooting details that can help you fix breaches that occurred because of a configuration change.

Configure change tracking

The compliance change tracking feature is configured with default settings out of the box, and no action is required on your part. However, you might want to change the default settings.

Procedure

To disable individual events that are tracked for changes:
1. Open the following XML file.
```
/APG/Backends/Compliance-Backend/generic-compliance/conf/compliance-change-events-config.xml 
```
  By default, all change tracking events in this file are enabled.
2. Use the XML commenting structure to comment out the lines that you want to disable.
3. Save the file.
4. Restart the Compliance-Backend.
To increase the interval for running the change tracking process:
1. Open the following file.
```
/APG/Backends/Compliance-Backend/generic-compliance/conf/config-scheduler.properties
```
2. Locate the following section:
```
##ChangeGenerator Scheduler:
```
3. Change the scheduler value to your desired interval for running the change tracking process. The default scheduling cycle is every one hour from the time the Compliance-Backend is started. You can increase that interval.
4. Save the file.
  The new schedule is implemented.

ViPR SRM 3.6 – Track Configuration Changes using ViPR SRM

Table of Contents

Procedure

Procedure

Results

Procedure