ViPR SRM 3.7 – Configure the Native Compliance Policies

Table of Contents

About compliance policies

Learn how to enable and configure the native compliance policies that are delivered with ViPR SRM. See a list of suggested scopes and rule settings for each native policy. Obtain the syntax for customizing scope definitions.

ViPR SRM includes a collection of pre-built compliance policies and rules. To implement the native policies, you must first enable and configure them.

A compliance policy consists of a scope, a set of rules, and a schedule. These items must be configured for a policy before the policy can actively monitor conditions in your environment.

Policy Scope

The scope defines the groups of objects that the policy should monitor. For example, a scope could specify any of the following: all arrays; all arrays whose vendor is EMC; or all arrays whose name begins with a common string, eu_.

To configure the scope for a policy, you can select one or more predefined scopes, or you can use the Create Scope button to create a new scope tailored to your compliance requirements. For any scope, use the Show Members button to see a list of discovered objects that are members of the selected scope.



Compliance Policy Scope tab

Policy Rules

Rules define the compliance conditions in a policy. A policy can contain multiple rules. The compliance breach reports identify the policy and the rule that are violated.

Each native policy comes with a set of predefined rules. You can also create new rules. The following figure shows the predefined rules for the Array Configuration policy.



Compliance Policy Rules tab

Each rule is independent of the others. If a rule is in the enabled state, the compliance runs include that rule. To omit a rule from a compliance run, disable the rule.

To edit a rule, click the checkbox in the appropriate row, and click Edit. The following figure shows the edit page for the Supported Array Microcode Version rule in the Array Configuration policy.

Some of the native rules include user configurable criteria that you must set before the rule is meaningful. For example, in the previous figure, the user needs to supply the supported microcode that the rule should monitor.

Rule criteria can use the following operators:

Policy Schedule

The schedule sets the timing of automatic policy runs. The following figure shows the Schedule tab for a policy.



Compliance Policy Schedule tab

Back to Top

Enable and edit native policies

To implement a native compliance policy, you need to configure and enable it. You also need to enable at least one rule in the policy. You perform all of the compliance policy management tasks from the ViPR SRM Administration portal.

Procedure

  1. From the ViPR SRM User Interface Console, click Administration in the banner.
  2. In the Administration portal, navigate to Modules > Storage Compliance, and then click Policy & Rules Management.
    The list of native policies appears.

  3. To enable the native compliance policies, click one or more checkboxes in the first column, and then click Enable.
  4. To configure a policy:
    1. Select the policy in the first column, and then click Edit.
      The Edit Policy dialog opens.
    2. Click the Scope tab and configure the policy's scope.
      For guidelines about which default scopes to select for each native policy, see the policy-specific sections in this article.
    3. Click the Rules tab.
    4. To enable a policy's rules, click one or more checkboxes in the first column, and then click Enable.
    5. Configure each enabled rule:
      • Click the checkbox in the first column, and then click Edit.
      • Configure items in the Criteria For Selected Rule field. For guidelines, see the policy-specific sections in this article. Only some rules have configurable options.
      • Review the Recommendations field and modify for your environment. Optionally change other fields.
    6. Click the Schedule tab and configure the policy's automatic run schedule.
    7. Click Save to save all tab settings.
      The list of all policies reappears.
  5. To run a policy immediately, click the policy row, and then select Run Now from the context menu that appears.
    An enabled policy runs according to its configured schedule, or you can run the policy on-demand as described in this step.
  6. To see the results of a policy run, click User Interface in the banner of the Administration portal, and navigate to Operations > Compliance > Storage Compliance > Breach Report.
Back to Top

Syntax for scope criteria

Customized compliance scopes can define precise groups of objects to include or exclude when a policy runs. Scope criteria can be simple value statements or complex combinations using wildcards.

To create a custom scope, edit an existing compliance policy or create a new one. The Scope tab contains a Create Scope button.

The same set of scopes are available to all policies. After you create a new scope, you can assign that scope to any compliance policy.

Basic Construct

The basic construct for specifying scope criteria is:

property_name = 'value'

or

property_name = 'pattern'

where:

property_name
Is a property field in the database.
value
Is the value to match.
pattern
Is a string that uses wildcards to describe a set of values to match.

Complex construct

You can form complex scope criteria by combining basic constructs using the AND (&), OR (|), and NOT (!) operators. For example:

devtype='Array'&vendor='EMC%'&sstype='Block'

device='mqqb080'|device='mqqb081'

!device=='mhmbd014_LDAP'

A complex scope can include parentheses if needed to indicate operational precedence. For example:

devtype='Array'&(vendor='EMC%'|vendor='Dell%')

Wildcards and patterns

Wildcards are placeholders for characters in a value. The wildcards that are supported are SQL wildcards and work the same as they do in a SQL SELECT statement. The following table shows the wildcards that are supported and examples.

Research database property_name

To create a scope, you need to know the property_name used in the database for the property you want to match against. You can research this information on the report pages in the ViPR SRM User Interface.

To find the correct property_name string for a property, first locate a column in a ViPR SRM report that uses the property you are interested in. Note the column name, and then click EDIT MODE on that report page. On the Report Details: Table tab, expand the blue bar for the column of interest. If the column definition is a property, the database property_name appears. If the column definition is an attribute, look for the property_name on the Filter & Expansion tab.

Back to Top

Set appropriate policy schedules

To determine an appropriate automatic run schedule for a compliance policy, consider the data collection interval.

There is no benefit to running a compliance policy more often than the underlying data is collected. Therefore, when you set an automatic schedule for a policy, first research the configuration of the collectors that provide the data that the policy is monitoring. Data collector configuration is a ViPR SRM administrative task.

For example, if collectors update the database every 5 minutes, you could schedule a corresponding compliance policy to run every 5 minutes. However, if the database is updated only every 15 minutes, it would be a waste of resources to run policies more often.

Back to Top

Array Configuration policy

The Array Configuration compliance policy enforces best practices for hardware, software, and path configuration on a storage array. You must enable and edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top

EMC Support Matrix policy

The EMC Support Matrix compliance policy enforces best practices for interoperability based on the EMC Support Matrix. You must enable and edit the policy to implement it.

Scope tab

Select scopes depending on the rules that you enable. Typical scopes for this policy are:

Rules tab

Enable each rule that you want to implement. The rules in this policy do not have any user configurable criteria.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top

High Availability Physical Connectivity policy

The High Availability Physical Connectivity policy enforces best practices to ensure high availability, optimal path traversal, and avoidance of I/O congestion. You must enable and edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top

High Availability Software Configuration policy

The High Availability Software Configuration compliance policy enforces software settings that support high availability pathing configuration. You must enable and edit the policy to implement it.

Scope tab

Select the following scope groups:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top

Host Configuration policy

The Host Configuration compliance policy enforces best practices for hardware, software, and pathing configuration on a host. You must enable and edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top

Path Management policy

The Path Management compliance policy validates configurations to ensure connectivity and redundancy. You must enable and edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. None of the rules in this policy contain user-configurable criteria.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top

VPLEX Configuration policy

The VPLEX Configuration compliance policy enforces best practices for VPLEX configuration. You must enable and edit the policy to implement it.

Scope tab

Select the following scope:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top

ViPR Configuration policy

The ViPR Configuration compliance policy enforces best practices for configurations in ViPR. You must enable and edit the policy to implement it.

Scope tab

Select the following scope:

Rules tab

Enable the rule. This policy does not have any user configurable criteria.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top

Zoning Best Practices policy

The Zoning Best Practices policy enforces configurable best practices for zoning. You must enable and edit the policy to implement it.

Scope tab

Start by selecting native scopes, and create customized scopes later if needed. The following native scopes are appropriate for this policy:

Rules tab

Enable each rule that you want to implement. The following table describes the user configurable criteria for the rules that have them.

Schedule tab

Set an appropriate schedule for automatic runs of this policy.

Back to Top