Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Server Automation10.60

Use > Application Configuration concepts and tasks > Application Configuration concepts > Application Configuration compliance

Application Configuration compliance

Application configuration compliance enables you to determine whether or not the values of an application configuration attached to a server (or a group of servers) match the configuration file values on the target server.

A server is considered compliant if the target configuration file values match the values defined in the application configuration. When a target configuration does not match the values defined in the application configuration, the server is considered non-compliant.

The SA Client displays the following compliance statuses for application configurations:

Compliant: All of the values in the application configurations attached to a server or device group (or several servers and groups) match the configuration values on the target server. Represented by the icon.

For Device Groups, AppConfig compliance is based upon the compliance status of all servers (and servers in any subgroups) that belong to a group. By default, group compliance is determined by a default threshold: if more than five percent of all servers in a group have a status of Non-Compliant, the entire group is considered Non-Compliant. To change this default setting, see the Changing Device Group Compliance Settings section in the Server Automation Use section on the HPE SSO portal.
- Non-compliant: At least one of the values defined in an application configuration does not match the values in a configuration file (or files) on a target server. Represented by the icon.
  
  For Device Groups, non-compliance is based upon the compliance status of all the servers (and servers in any subgroups) that belong to a group. By default, group non-compliance is determined by a default threshold: if more than five percent of all servers in a group have a status of Non-Compliant, the entire group is considered Non-Compliant.To change this default setting, see the Changing Device Group Compliance Settings section in the Server Automation Use section on the HPE SSO portal.
Scan Started: The application configuration compliance information is currently being calculated. Represented by the icon.
Scan Needed: The application configuration compliance information is undefined, perhaps because a compliance scan was never run (for example, on a new installation), or the configuration on the server (or servers in the device group) changed since the last time information was reported to the SA Client. Represented by the icon.
Not Applicable: The application configuration compliance information does not apply and is represented by a dash (—). This is displayed if there are no application configurations attached to the server.

You can view application configuration compliance for individual servers or groups of servers:

Application Configuration compliance for a single server
Application Configuration compliance for multiple servers

Note If you make any changes to an application configuration, such as editing its values in the value set editor, any server or group of servers it is attached to will cause a compliance status of Scan Needed.

Application Configuration compliance for a single server

For a single server, the compliance view displays overall compliance for all application configurations attached to the server. If more than one application configuration is attached to the server, then you can see the aggregate compliance status for all application configurations, plus each individual configuration’s compliance status.

The following figure shows a single server’s application configuration compliance.

If any differences are discovered between the application configuration and the actual configuration file on the target server, the lower pane shows the category that is non-compliant. If the server has several application configurations attached to it, and any one of the configuration files targeted by the application configuration is different from the application configuration, then the server’s status is non-compliant.

For more information on how to run an application configuration compliance scan, see Scanning servers for Application Configuration compliance.

Application Configuration compliance for multiple servers

You can view the application configuration compliance status for multiple servers. From the SA Client navigation pane, select Devices then select Device Groups or Servers. Select a device group or a set of servers, then from the View menu select Compliance. This displays the aggregate compliance status for the selected servers.

An application configuration attached to a group of servers is considered compliant if less than five percent of the servers in the group are out of compliance. If over five percent are out of compliance, the aggregate compliance is considered non-compliant. You can change this percent by selecting the Administration tab in the SA Client, then selecting Compliance Settings.

The details pane for a group of servers in the Compliance view shows whether or not all of the application configurations are compliant, but does not expand to show a breakdown of individual servers and application configurations.

You can view server group application configuration compliance status in the following ways:

Viewing Application Configuration compliance for multiple servers.
Viewing Application Configuration compliance for multiple device groups.
Viewing Application Configuration compliance for a single devicegroup.

Viewing Application Configuration compliance for multiple servers

To view application configuration compliance for multiple servers:

From the SA Client Navigation pane, select Devices > Servers > All Managed Servers.
From the View drop-down list, select Compliance.
To see compliance levels for more than one server, select the check box next to the servers, and a roll up of compliance for the selected servers displays in the bottom details pane, as shown in the following figure.

Viewing Application Configuration compliance for multiple device groups

To view application configuration compliance for multiple device groups:

From the SA Client navigation pane, select Devices > Device Groups.
Select a device group or a folder containing device groups.
From the View drop-down list, select Compliance. This displays the compliance status for all the groups.
To see compliance levels for more than one group, select the check box next to the servers, and a summary of compliance for the selected groups displays in the bottom details pane, as shown in the following figure.

Viewing Application Configuration compliance for a single devicegroup

To view application configuration compliance for one device group:

From the SA Client navigation pane, select Devices > Device Groups.
Navigate to the desired device group and select it.
Right-click and select Open or select Actions > Open. This displays the device group.
From the Views pane, select Compliance. This displays aggregate compliance for each policy type for all members of the group as a whole, as opposed to compliance status for each individual server, as shown in the following figure.

Application Configuration compliance for a device group

Scanning servers for Application Configuration compliance

After an application configuration has been pushed to a server, the configuration file on the server can be changed or altered, either intentionally or by accident. Or the values defined in the application configuration may have changed. When a configuration file’s values on a target server do not match the values defined in the application configuration, the configuration file is considered non-compliant.

You can scan for configuration compliance on a server to determine if any of the configuration files on the server are out of compliance with the values stored in the configuration templates. You can schedule the scan to occur at regular intervals.

To scan a server or multiple servers for configuration compliance:

From the SA Client Navigation pane, select Devices.
Select either Device Groups or All Managed Servers. If you selected Device Groups, select a device group to display the servers that belong to it.
From the content pane, select a server. You can also select multiple servers or device groups and scan them all.
From the Actions menu, select Scan > Configuration Compliance or select Schedule > Configuration Compliance Scan.
- If you selected Scan > Configuration Compliance, SA scans the devices to determine compliance and displays the status in the Scan Configuration Compliance screen.
- If you selected Schedule > Configuration Compliance Scan, SA displays the Schedule Job screen where you can specify when you want the job to complete and other job parameters.

Send Help Center feedback