Installation guide
Table Of Contents
- VMware vCenter Configuration Manager Administration Guide
- Contents
- About This Book
- Getting Started with VCM
- Installing and Getting Started with VCM Tools
- Configuring VMware Cloud Infrastructure
- Virtual Environments Configuration
- Configure Virtual Environments Collections
- Configure Managing Agent Machines for Virtual Environment Management
- Obtain the SSL Certificate Thumbprint
- Configure vCenter Server Data Collections
- Configure vCenter Server Virtual Machine Collections
- Configure vCloud Director Collections
- Configure vCloud Director vApp Virtual Machines Collections
- Configure vShield Manager Collections
- Configure ESX Service Console OS Collections
- Configure the vSphere Client VCM Plug-In
- Running Compliance for the VMware Cloud Infrastructure
- Create and Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Rule Groups
- Create and Test Virtual Environment Compliance Rules
- Create and Test Virtual Environment Compliance Filters
- Preview Virtual Environment Compliance Rule Groups
- Create Virtual Environment Compliance Templates
- Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Exceptions
- Resolve Noncompliant Virtual Environments Template Results
- Configure Alerts and Schedule Virtual Environment Compliance Runs
- Configuring vCenter Operations Manager Integration
- Auditing Security Changes in Your Environment
- Configuring Windows Machines
- Configure Windows Machines
- Windows Collection Results
- Getting Started with Windows Custom Information
- Prerequisites to Collect Windows Custom Information
- Using PowerShell Scripts for WCI Collections
- Windows Custom Information Change Management
- Collecting Windows Custom Information
- Create Your Own WCI PowerShell Collection Script
- Verify that Your Custom PowerShell Script is Valid
- Install PowerShell
- Collect Windows Custom Information Data
- Run the Script-Based Collection Filter
- View Windows Custom Information Job Status Details
- Windows Custom Information Collection Results
- Run Windows Custom Information Reports
- Troubleshooting Custom PowerShell Scripts
- Configuring Linux, UNIX, and Mac OS X Machines
- Linux, UNIX, and Mac OS X Machine Management
- Linux, UNIX, or Mac OS X Installation Credentials
- Configure Collections from Linux, UNIX, and Mac OS X Machines
- Configure Installation Delegate Machines to Install Linux, UNIX, and Mac OS X...
- Configure the HTTPS Bypass Setting for Linux Agent Installations
- Enable Linux, UNIX, and Mac OS X Agent Installation
- Add and License Linux, UNIX, and Mac OS X Machines for Agent Installation
- Install the VCM Agent on Linux, UNIX, and Mac OS X Operating Systems
- Collect Linux, UNIX, and Mac OS X Data
- Linux, UNIX, and Mac OS X Collection Results
- Configure Scheduled Linux, UNIX, and Mac OS X Collections
- Patching Managed Machines
- Patch Assessment and Deployment
- Prerequisite Tasks and Requirements
- Manually Patching Managed Machines
- Getting Started with VCM Manual Patching
- Configuring An Automated Patch Deployment Environment
- Deploying Patches with Automated Patch Assessment and Deployment
- Configure VCM for Automatic Event-Driven Patch Assessment and Deployment
- Generate a Patch Assessment Template
- Run a Patch Assessment on Managed Machines
- Add Exceptions for Patching Managed Machines
- Configure the VCM Administration Settings
- Generate a Patch Deployment Mapping
- Configure VCM for Automatic Scheduled Patch Assessment and Deployment
- How the Linux and UNIX Patch Staging Works
- How the Linux and UNIX Patching Job Chain Works
- How the Deploy Action Works
- Patch Deployment Wizards
- Running Patching Reports
- Running and Enforcing Compliance
- Provisioning Physical or Virtual Machine Operating Systems
- Provisioning Software on Managed Machines
- Using Package Studio to Create Software Packages and Publish to Repositories
- Software Repository for Windows
- Package Manager for Windows
- Software Provisioning Component Relationships
- Install the Software Provisioning Components
- Using Package Studio to Create Software Packages and Publish to Repositories
- Using VCM Software Provisioning for Windows
- Related Software Provisioning Actions
- Configuring Active Directory Environments
- Configuring Remote Machines
- Tracking Unmanaged Hardware and Software Asset Data
- Managing Changes with Service Desk Integration
- Index
Running and Enforcing Compliance
10
Running and Enforcing Compliance
Compliance compares your virtual or physical machines running Linux, UNIX, Mac OS X, or Windows
operating systems against configuration standards that you download, or that you create, to determine if
the machines meet the standards. The results of the compliance run notify you which machines meet
configuration settings meet the standards and which ones do not meet the standards. In some cases, you
can enforce certain settings on the machines that are not in compliance, initiating the changes from VCM.
Preset rules and templates are available that enable you to begin monitoring system compliance to
regulatory (Sarbanes-Oxley, HIPAA, GLBA and FISMA) industry and Microsoft standards. You can create
and manage rules and rule groups based on Active Directory (AD) objects and configuration data, or on
machine data.
IMPORTANT Compliance does not query individual systems; it only queries the database. If a machine has
not been included in a Collection, or the necessary information has not been included in a Collection, or
the last Collection is outdated, the Compliance Monitor will measure incorrect or out-of-date data.
Therefore, for accurate Compliance monitoring, you must first collect the necessary data.
Running Machine Group Compliance
Compliance templates evaluate the data collected from virtual or physical machines in machine groups to
determine if the machines meet the rules in the templates. If the property values on a machine do not
meet the rule criteria, and if no exception is defined, then the machine is flagged as noncompliant. When a
machine is noncompliant, the template results provide the details of the settings or configurations that do
not match the rules. You can use this information to resolve the problem.
Compliance templates include the following components:
n
Rule Groups: A rule group comprises rules and filters.
n
Rules: The rules define the optimal configuration standards.
n
Filters: The filters limit the machines on which the template runs to only the machines that meet the
filter criteria. If filters are not defined, the rules are run against all machines in the machine group based
on the data types against which the rules run.
n
Exceptions: The exceptions are optional permanent or temporary exceptions to the template results.
The defined exception indicates that a specific result is compliant or noncompliant, even though it does
not match the requirements of the rules.
After you configure your compliance templates, you can optimize how VCM monitors the compliance of
machines in your environment using alerts and scheduling regular compliance template runs on your
collected machine group data.
VMware, Inc.
181