5.8
Table Of Contents
- VMware vRealize Configuration ManagerAdministration Guide
- Contents
- About This Book
- Getting Started with VCM
- Installing and Getting Started with VCM Tools
- Configuring VMware Cloud Infrastructure
- Virtual Environments Configuration
- Configure Virtual Environments Collections
- Configure Managing Agent Machines for Virtual Environment Management
- Obtain the SSL Certificate Thumbprint
- Configure vCenter Server Data Collections
- Configure vCenter Server Virtual Machine Collections
- Configure vCloud Director Collections
- Configure vCloud Director vApp Virtual Machines Collections
- Configure vShield Manager Collections
- Configure ESX Service Console OS Collections
- Configure the vSphere Client VCM Plug-In
- Running Compliance for the VMware Cloud Infrastructure
- Create and Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Rule Groups
- Create and Test Virtual Environment Compliance Rules
- Create and Test Virtual Environment Compliance Filters
- Preview Virtual Environment Compliance Rule Groups
- Create Virtual Environment Compliance Templates
- Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Exceptions
- Resolve Noncompliant Virtual Environments Template Results
- Configure Alerts and Schedule Virtual Environment Compliance Runs
- Configuring vCenter Operations Manager Integration
- Auditing Security Changes in Your Environment
- Configuring Windows Machines
- Configure Windows Machines
- Windows Collection Results
- Getting Started with Windows Custom Information
- Prerequisites to Collect Windows Custom Information
- Using PowerShell Scripts for WCI Collections
- Windows Custom Information Change Management
- Collecting Windows Custom Information
- Create Your Own WCI PowerShell Collection Script
- Verify that Your Custom PowerShell Script is Valid
- Install PowerShell
- Collect Windows Custom Information Data
- Run the Script-Based Collection Filter
- View Windows Custom Information Job Status Details
- Windows Custom Information Collection Results
- Run Windows Custom Information Reports
- Troubleshooting Custom PowerShell Scripts
- Configuring Linux, UNIX, and Mac OS X Machines
- Linux, UNIX, and Mac OS X Machine Management
- Linux, UNIX, or Mac OS X Installation Credentials
- Configure Collections from Linux, UNIX, and Mac OS X Machines
- Configure Installation Delegate Machines to Install Linux, UNIX, and Mac OS X...
- Configure the HTTPS Bypass Setting for Linux Agent Installations
- Enable Linux, UNIX, and Mac OS X Agent Installation
- Add and License Linux, UNIX, and Mac OS X Machines for Agent Installation
- Install the VCM Agent on Linux, UNIX, and Mac OS X Operating Systems
- Collect Linux, UNIX, and Mac OS X Data
- Linux, UNIX, and Mac OS X Collection Results
- Configure Scheduled Linux, UNIX, and Mac OS X Collections
- Using Linux and UNIX Custom Information Types
- File Types that VCM can Parse
- Parsers for Supported File Types
- Identification Expressions
- Parser Directives
- Parser Directives for Linux, UNIX, and Mac OS X
- Creating Custom Information Types for Linux and UNIX
- Custom Information Types for Linux, UNIX, and Mac OS X
- Add, Edit, or Clone Custom Information Types for Linux and UNIX
- UNIX Custom Information Data View in the Console
- Path Panel in the VCM Collection Filter
- Patching Managed Machines
- Patch Assessment and Deployment
- Prerequisite Tasks and Requirements
- Manually Patching Managed Machines
- Getting Started with VCM Manual Patching
- Configuring An Automated Patch Deployment Environment
- Deploying Patches with Automated Patch Assessment and Deployment
- Configure VCM for Automatic Event-Driven Patch Assessment and Deployment
- Generate a Patch Assessment Template
- Run a Patch Assessment on Managed Machines
- Add Exceptions for Patching Managed Machines
- Configure the VCM Administration Settings
- Generate a Patch Deployment Mapping
- Configure VCM for Automatic Scheduled Patch Assessment and Deployment
- How the Linux and UNIX Patch Staging Works
- How the Linux and UNIX Patching Job Chain Works
- How the Deploy Action Works
- Patch Deployment Wizards
- Running Patching Reports
- Running and Enforcing Compliance
- Configuring Active Directory Environments
- Configuring Remote Machines
- Tracking Unmanaged Hardware and Software Asset Data
- Managing Changes with Service Desk Integration
- Index
You can create your own compliance templates or modify templates that you downloaded from the
Center for Policy and Compliance.
Prerequisites
n Collect data from your virtual and physical machines for the data types against which your compliance
templates and filter sets run. See "Collect Linux, UNIX, and Mac OS X Data" on page 134 and "Collect
Windows Data" on page 95.
n Download existing compliance templates that are applicable to your environment from the VMware
Center for Policy and Compliance. See "Download and Import Compliance Content" on page 202.
Procedure
1. "Create Machine Group Compliance Rule Groups" on page 203
Rule groups contain compliance rules and filters. You must create rule groups that you then assign to
compliance templates.
2. "Create and Test Static Machine Group Compliance Rules" on page 204
You create rules that define the ideal values that virtual or physical machines should have to be
considered compliant.
3. "Create and Test Machine Group Compliance Filters" on page 205
You can create filters that limit the virtual or physical machines on which the templates run to only the
machines that meet the filter criteria.
4. "Preview Machine Group Compliance Rule Groups" on page 206
You use the rules preview action, with the filters turned off and then turned on, to determine if a rule
group is returning the expected results.
5. "Create Machine Group Compliance Templates" on page 207
You can create compliance templates that include one or more rule groups that assess your selected
virtual or physical machine group to determine which machines are compliant and noncompliant.
6. "Run Machine Group Compliance Templates" on page 208
You run templates against your collected data to determine which virtual or physical machines are
compliant or noncompliant.
7. "Resolve Noncompliant Compliance Template Results" on page 209
The results for the compliance templates indicate whether the virtual or physical machine are
compliant or noncompliant. If the machine is noncompliant, you can enforce noncompliant results
manually or using VCM, or you can add an exception for expected noncompliant results.
8. "Configure Alerts and Schedule Machine Group Compliance Runs" on page 212
(Optional) To optimize how VCM monitors the compliance of physical and virtual machines in your
environment, configure alerts and schedule regular compliance template runs on your collected
machine group data.
Create Machine Group Compliance Rule Groups
Rule groups contain compliance rules and filters. You must create rule groups that you then assign to
compliance templates.
Templates can include one or more rule groups. Rule groups comprise rules and filters.
Running and Enforcing Compliance
VMware, Inc.
203