Policies

Policies are rules that define standards for an organization. These standards can be applied to the managed environments (views) to continuously monitor their compliance with those standards. When you apply a policy to a view, Configuration Manager checks whether the CIs in the view satisfy the policy or not. You can apply several policies to a view simultaneously.

You can also bring in policy data from external applications by federation. This data can then be consumed by Configuration Manager in the same way as policies that you create directly within Configuration Manager. The CI types that can be federated are Node, RunningSoftware and IpAddress.

The policy status level of a view is based on the sum of all the policies applied to the view. The view's policy status level is the percentage of CIs in the view that satisfy the relevant policies.

One type of configuration policy you can apply is the baseline policy, which extends the Configuration Analysis functionality by saving a configuration model to serve as the baseline definition of a policy. Instead of comparing an individual CI to a baseline, you can compare all the CIs of that type in the view to the baseline by applying the policy to the view. In this way, you can ensure that CIs of the same type comply with the defined baseline, and that new CIs added to your system are also constructed in accordance with the baseline. For details on baselining, see Baselining.

Another type of configuration policy is the topology policy, which is based on the Topology Query Language (TQL) used in UCMDB. A topology policy defines the desired topological configuration (the set of CIs and relationships between CIs).

An additional type of policy is the similarity policy, in which you select CIs and attributes that enforce similarity between either all CIs of a certain type in a view, or groups of CIs in a view (where each group is connected to a defined CIT).

An example of a use-case for defining a policy is the ability to ensure that any business-critical application is highly available and that the supporting servers do not physically reside in the same place in order to improve its resiliency in case of disaster.

For details on defining and managing policies, see Policies.

Out-of-the-Box Policies

Note You will not be able to access this content unless you purchase an advanced license. To obtain the appropriate license, contact your Micro Focus sales representative or Micro Focus Software business partner.

Configuration Manager comes with a group of out-of-the-box policies, based on TQL queries created in UCMDB. There are three types of these policies:

  • Data quality policies – These policies ensure that no data is missing in UCMDB.

    • Every server must have a location – This policy is activated only if there is at least one Windows or UNIX machine connected to a Location CI.
    • Every server must have an owner – This policy is activated only if there is at least one Windows or UNIX machine connected to a person with an Ownership relation type.
    • Every MSSQL or Oracle database server must have a version.

  • Unutilized Resources policies - These policies ensure that no redundant processors or memory are installed on Windows 7, 2003, or 2008 machines. For example, a policy might check that Windows 32-bit systems with PAE disabled do not have more than 4 GB of memory installed.
  • Cluster resiliency policies – These policies ensure that all clusters are resilient. For example, a policy might check for geo-redundancy (that there is no geographical single point of failure on the servers).

    Policies are provided for different types of cluster resiliency scenarios:

    • Geographical single point of failure – In a virtual environment, the policies ensure that the clusters' virtual machine hosts (for example, ESX servers) are located in at least two different locations. In a non-virtual environment, the policies ensure that all of the clusters' nodes are located in at least two different locations. To benefit from these policies, the location of the servers should be modeled in UCMDB and you must activate the Apertura VISTA integration, which discovers power distribution units.
    • Power distribution unit single point of failure – In a virtual environment, the policies ensure that the clusters' virtual machine hosts (for example, ESX servers) are connected to at least two different power distribution units. In a non-virtual environment, the policies ensure that the clusters’ nodes are connected to at least two different power distribution units.
    • Virtual machine host single point of failure – In a virtual environment, the policies ensures that the clusters’ virtual machines are hosted on more than one server (for example, in more than one ESX server).
    • Network single point of failure – In a virtual environment, the policies ensure that the virtual machines are connected to more than one virtual switch.
    • Application server similarity – The policies ensure that all the application servers in the clusters are identical.
    • Cluster node similarity – The policies ensure that all the nodes in the clusters (virtual or non-virtual machines) are identical.

    These policies are located in UCMDB in the following location: Modeling Studio > Resources tab (select Queries as the resource type > Configuration Manager > Configuration Manager - Do not modify folder.

    Note To discover data for these policies, you must perform Universal Discovery (UD), including running all of the following activities:

    • Software - Basic

    • Software - JavaEE

    • Software - Cluster

    In addition, you must run discovery to obtain data for the virtualization infrastructure, the network infrastructure, and the Layer2 topology.

    For details about these activities and about performing discovery, see Universal CMDB Discovery and Integrations Content Guide - Discovery Activities.