As you probably know vRealize Operations provides several Compliance Packs basically out-of-the-box (“natively”). A simple click on “ACTIVATE” in the “Repository” tab installs all needed components of the Compliance Pack and allows the corresponding regulatory benchmarks to be executed.
“Regulatory benchmarks provide solutions for industry standard regulatory compliance requirements to enforce and report on the compliance of your vSphere objects. You can install compliance packs for the following regulatory standards.“
In the following picture, you can see the currently available six Compliance Packs.
But what if regarding compliance you have different requirements than what is provided by the available Packs? What are the components and the method to create customized or completely new compliance benchmarks?
In this blog post, I will give you a short overview of what vRealize Operations elements comprise a Compliance Pack and how to put everything together to create your very own custom compliance benchmark.
Components of a Compliance Management Pack
The mandatory parts of a Compliance Pack which are implementing the actual checks are:
- symptom definitions
- alert definitions
- policy (activates the needed metrics, properties, symptom, and alert definitions)
In addition to these components, the available Compliance Packs provide a report template that consists of views as well as recommendations which are part of the alert definitions. The following picture shows the Compliance Pack for CIS as an example.
The Method
The general workflow from the certain requirement, “what to check”, to the Compliance Pack is always the same. The following diagram shows the single steps. As you see, you are not limited to metrics and properties vRealize Operations provide through the various Management Packs, you can add your own custom metrics and symptoms and make them part of your custom benchmark.
In general this is what you need to do:
- Find the appropriate metric or property to check a certain aspect of your custom compliance
- Create a symptom definition containing that metric or property
- Create one or multiple alert definitions (e.g. one per vROps object type) and include all previously created symptom definitions as “ANY” set of definitions
- Create or adjust a vROps policy to enable all needed metrics and properties (if disabled)
As always, you may review the native Compliance Packs to see some examples. In the following picture, you can see the alert definitions for different object types as defined in the Compliance Pack for CIS.
NOTE: It is required to set the “Alert Subtype” to “Compliance” to allow the alert definition to be part of a custom compliance benchmark.
The alert definition consists of all relevant symptom definitions for the certain object type, as shown in the next picture.
Final Step – Custom Compliance
The last and easiest step is to add the alert definitions to the new Custom Compliance and enable the alert definitions in a vROps policy.
Finally vRealize Operations will check the compliance of your environment and present the results in the compliance widget.
Now, let’s go and create your own customized compliance benchmark.
Stay safe.
Thomas – https://twitter.com/ThomasKopton