ViPR SRM 3.7 – Track Configuration Changes using ViPR SRM

Table of Contents

Compliance change tracking features

Learn how to monitor and view configuration changes in your storage network.

The ViPR SRMSolutionPack for Storage Compliance tracks and reports on configuration changes in your storage infrastructure. It also reruns the enabled compliance rules related to the change.

A background process that runs on a configurable schedule collects and logs configuration changes. The installed default schedule is hourly, meaning that administrators know within an hour about a configuration change. The compliance change tracking feature is always enabled.

The compliance change tracking feature provides the following benefits:

For a list of the specific configuration changes that this feature captures, see Overview: Managing Compliance on the ViPR SRM documentation page here.

Back to Top

View change tracking report

The Track Configuration Changes report in ViPR SRM shows details about configuration changes in your storage infrastructure.

For each change, the report identifies the date and time of the change, a very detailed description of the change, the affected devices and storage components, and whether the change caused a breach of a compliance rule.

Procedure

  1. Log in to the Console and navigate to Operations > Compliance > Storage Compliance > Track Configuration Changes.

    The Track Configuration Changes report opens.


    Shows example report

  2. To sort the report in ascending order by device, click the up arrow in the Device column header.

    The sorted report makes it easier to find a specific device name. It also groups together all of the changes on a particular device.


    Shows location of up arrow in column header

  3. To sort the report in descending order by the # of Breaches column, click the down arrow in that column. If the down arrow does not appear darkened, click it again.
    The sorted report makes it easier to discover whether any breaches occurred because of configuration changes. It also quickly shows which changes caused the breaches.

    Shows location of down arrow in column header

Back to Top

Example change tracking messages

ViPR SRM tracks and reports on configurations changes related to storage components.

The table shows extracts from a Track Configuration Changes report. The example descriptions illustrate the types of configuration changes that are tracked and the level of detail included in the change tracking report.

Back to Top

Get more information about breaches

You can go directly from a row in the Storage Compliance Track Configuration Changes report to related device-specific breach reports in ViPR SRM.

The device-specific reports contain troubleshooting information to help you resolve the breaches. They also show the compliance policies and rules that were violated by the configuration change.

Procedure

  1. Log in to the Console and navigate to Operations > Compliance > Storage Compliance > Track Configuration Changes.
  2. To sort the report so that rows containing breaches appear first, click the down arrow in the header of the # of Breaches column.
  3. To get more information about the breaches that are associated with a configuration change, click anywhere in a row that indicates breaches.
    Another page opens with several reports about the affected device.
    • The View Breaches report shows details about all breaches on the device, including the severity of the breach and the compliance policies and rules that were breached.
    • The Breach Details report shows the breach message and a short recommendation for fixing it.

    For example, the following report shows breach details for a fabric device with several zoning best practice violations.


    Example reports


    Example reports continued

Results

The device-specific reports provide valuable troubleshooting details that can help you fix breaches that occurred because of a configuration change.

Back to Top

Configure change tracking

The compliance change tracking feature is configured with default settings out of the box, and no action is required on your part. However, you might want to change the default settings.

Procedure

  1. To enable and disable individual events that are tracked for changes:
    1. Open the following XML file.
      /APG/Backends/Compliance-Backend/generic-compliance/conf/compliance-change-events-config.xml 
      Most change tracking events in this file are installed as enabled. Several are disabled (commented out), including:
      • Zone addition/removal
      • Zone member addition/removal
      • LUN masking
      • LUN mapping
    2. Use the XML commenting structure to comment out the lines that you want to disable, or, remove the commenting structure to enable events that are currently commented out.
    3. Save the file.
    4. Restart the Compliance-Backend.
  2. To increase the interval for running the change tracking process:
    1. Open the following file.
      /APG/Backends/Compliance-Backend/generic-compliance/conf/config-scheduler.properties
    2. Locate the following section:
      ##ChangeGenerator Scheduler:
    3. Change the scheduler value to your desired interval for running the change tracking process. The default scheduling cycle is every one hour from the time the Compliance-Backend is started. You can increase that interval.
    4. Save the file.
      The new schedule is implemented.
Back to Top