Configure the Native Compliance Policies

Table of Contents

About compliance policies

ViPR SRM includes a collection of pre-built compliance policies and rules. To implement the native policies, you must first enable and configure them.

A compliance policy consists of a scope, a set of rules, and a schedule. These items must be configured for a policy before the policy can actively monitor conditions in your environment.

Scope

The scope defines the groups of objects that the policy should monitor. For example, a scope could specify any of the following: all arrays; all arrays whose vendor is EMC; or all arrays whose name begins with a common string, eu_.

To configure the scope for a policy, you can select one or more predefined scopes, or you can use the Create Scope button to create a new scope tailored to your compliance requirements. For any scope, use the Show Members button to see a list of discovered objects that are members of the selected scope.



Compliance Policy Scope tab

Rules

The rules define the compliance conditions. A policy can include multiple rules. The compliance breach reports identify the policy and the rule that are violated.

Some of the native rules include user configurable criteria that you need to set. For example, in the following figure, the user needs to supply the supported microcode that the rule should monitor.



Compliance Policy Rules tab

Rule criteria can use the following operators:

Schedule

The schedule sets the timing of each policy run. The following figure shows the Schedule tab for a policy.



Compliance Policy Schedule tab

Back to Top

Edit and enable native policies

To implement a native compliance policy, you need to configure and enable it. You also need to enable at least one rule in the policy. You perform all of the compliance policy management tasks from the ViPR SRM Administration portal.

Procedure

  1. From the ViPR SRM User Interface Console, click Administration in the banner.
  2. In the Administration portal, navigate to Modules > Storage Compliance, and then click Policy & Rules Management.
    The Policy & Rules Management window opens.

  3. To implement one of the native compliance policies, right-click on the policy row and select Edit.
  4. Click the Scope tab and configure the policy's scope.
    For guidelines specific to each native policy, see the subsequent sections in this article.
  5. Click the Rules tab and configure the policy's rules. For each rule that you want to implement:
    1. Double-click the row in the Status column and select Enable.
    2. Click the rule row and look in the Criteria For Selected Rule tab. Configure the options that appear, as described in subsequent sections in this article.
    3. Review the text in the Recommendations tab and modify as appropriate for your environment.
  6. Click the Schedule tab and configure the policy's automatic run schedule.
  7. Click Save to save all tab settings.
    This action returns you to the Policy & Rules Management page.
  8. Right-click on the policy row and select Enable.
  9. Optionally, to run the policy immediately, right-click on the policy row, and then select Run Now.

Results

An enabled policy runs according to its configured schedule, or you can run the policy on-demand as described in the last step in the previous procedure. To see the results of a policy run, click User Interface in the banner of the Administration portal, and navigate to Operations > Compliance > Storage Compliance > Breach Report. Various storage compliance breach reports are available under this node.

Back to Top

Syntax for customized compliance scopes

Customized compliance scopes can define precise groups of objects to include or exclude when a policy runs. Scope criteria can be simple value statements or complex combinations using wildcards.

To create a custom scope, edit an existing compliance policy or create a new one. The Scope tab contains a Create Scope button.

The same set of scopes are available to all policies. After you create a new scope, you can assign that scope to any compliance policy.

Basic Construct

The basic construct for specifying scope criteria is:

property_name = 'value'

or

property_name = 'pattern'

where:

property_name
Is a property field in the database.
value
Is the value to match.
pattern
Is a string that uses wildcards to describe a set of values to match.

Complex construct

You can form complex scope criteria by combining basic constructs using the AND (&), OR (|), and NOT (!) operators. For example:

devtype='Array'&vendor='EMC%'&sstype='Block'

device='mqqb080'|device='mqqb081'

!device=='mhmbd014_LDAP'

A complex scope can include parentheses if needed to indicate operational precedence. For example:

devtype='Array'&(vendor='EMC%'|vendor='Dell%')

Wildcards and patterns

Wildcards are placeholders for characters in a value. The wildcards that are supported are SQL wildcards and work the same as they do in a SQL SELECT statement. The following table shows the wildcards that are supported and examples.

Research database property_name

To create a scope, you need to know the property_name used in the database for the property you want to match against. You can research this information on the report pages in the ViPR SRM User Interface.

To find the correct property_name string for a property, first locate a column in a ViPR SRM report that uses the property you are interested in. Note the column name, and then click EDIT MODE on that report page. On the Report Details: Table tab, expand the blue bar for the column of interest. If the column definition is a property, the database property_name appears. If the column definition is an attribute, look for the property_name on the Filter & Expansion tab.

Back to Top

Set appropriate policy schedules

To determine the automatic run schedule for a compliance policy, consider the data collection interval.

There is no benefit to running a compliance policy more often than the underlying data is collected. Therefore, when you set an automatic schedule for a policy, first research the configuration of the collectors that provide the data that the policy is monitoring. Data collector configuration is a ViPR SRM administrative task.

For example, if collectors update the database every 5 minutes, you could schedule a corresponding compliance policy to run every 5 minutes. However, if the database is updated only every 15 minutes, it would be a waste of resources to run policies more often.

Back to Top

Array Configuration policy

The Array Configuration compliance policy enforces best practices for hardware, software, and path configuration on a storage array. You must edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top

EMC Support Matrix policy

The EMC Support Matrix compliance policy enforces best practices for interoperability based on the EMC Support Matrix. You must edit the policy to implement it.

Scope tab

Select scopes depending on the rules that you enable. Typical scopes for this policy are:

Rules tab

Enable each rule that you want to implement. The rules in this policy do not have any user configurable criteria.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top

High Availability Physical Connectivity policy

The High Availability Physical Connectivity policy enforces best practices to ensure high availability, optimal path traversal, and avoidance of I/O congestion. You must edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top

High Availability Software Configuration policy

The High Availability Software Configuration compliance policy enforces software settings that support high availability pathing configuration.

Scope tab

Select the following scope groups:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top

Host Configuration policy

The Host Configuration compliance policy enforces best practices for hardware, software, and pathing configuration on a host. You must edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top

Path Management policy

The Path Management compliance policy validates configurations to ensure connectivity and redundancy. You must edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. None of the rules in this policy contain user-configurable criteria.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top

VPLEX Configuration policy

The VPLEX Configuration compliance policy enforces best practices for VPLEX configuration. You must edit the policy to implement it.

Scope tab

Select the following scope:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top

ViPR Configuration policy

The ViPR Configuration compliance policy enforces best practices for configurations in ViPR. You must edit the policy to implement it.

Scope tab

Select the following scope:

Rules tab

Enable the rule. This policy does not have any user configurable criteria.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top

Zoning Best Practices policy

The Zoning Best Practices policy enforces configurable best practices for zoning. You must edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Save and enable the policy

To save all settings for this policy, click Save.

To enable the policy to run, on the Policy & Rules Management page, right-click the policy row and select Enable.

Back to Top