Data Center Automation X

From ITOM Practitioner Info
Jump to: navigation, search

Orchestrated vulnerability risk and IT compliance management for the hybrid enterprise.


Data Center Automation X (DCAX) orchestrates IT processes for vulnerability risk and IT compliance management across multivendor physical and virtual operating systems (OS), databases, middleware, and container platforms for the hybrid enterprise.  

DCAX enables centralized IT departments to improve timeliness of actions, quality of delivery, and efficiency. The solution is available in two editions. 

DCA Express orchestrates centralized deployment and vulnerability risk management for OS platforms providing end-to-end closed-loop workflows and content. DCA Premium orchestrates centralized deployment, vulnerability risk management, and IT compliance management processes across OS, databases, middleware, and container platforms. 

Feature Express 1 Premium 2
Vulnerability risk management
Patch scan and remediation
Vulnerability scoring and risk dashboard
SLO-driven orchestrated patch
IT compliance risk management
Compliance scan and remediation  
Compliance dashboard  
SLO-driven orchestrated compliance  
Provisioning and configuration
Server discovery, configuration, and OS provisioning
Database and middleware discovery, configuration, and deployment
Container platform provisioning  
Automation Platform
Custom data center process automation

1 Server OS only

2 Server OS, databases, and middleware

Vulnerability Risk Management 

DCAX provides a comprehensive solution to manage risks associated with vulnerabilities across server OS, databases, and middleware. It offers vulnerability assessment, risk scoring, and an actionable risk dashboard to prioritize orchestrated patching and to resolve top vulnerabilities according to Service Level Objective (SLO).  

Patch scan and remediation  

  • Assess and remediate vulnerability risks. 
  • Orchestrated workflows perform patching processes—patch bundle scanning and remediation. Scan and remediate immediately or schedule according to SLOs and maintenance windows. 
  • DCAX integrates with vendor platforms:  
    • Vendor metadata download extracts patch inventory, content, signatures, and severity information directly from original vendor sources and Common Vulnerability Exposure (CVE) libraries. Direct download of vendor information ensures instant availability. Vendor platform update integration leverages platform standard interfaces to ensure correct patch scanning and remediation, including handling of installation order, fulfillment of dependencies, and awareness of patch supersedence. 

Vulnerability scoring and risk dashboard 

  • Prioritize top vulnerabilities and provide centralized tracking of key risks. 
  • Risk dashboard shows the risk and vulnerability state classified by resource type, severity, and state. Time series data tracks aging risks. Drilldowns enable inspection of the supporting data and additional details related to state and job history. 

SLO-driven Orchestrated Patching 

  • DCAX provides choice for patch bundles: 
    • Vendor recommended patch bundles enable customers to simplify management of patch bundles by automatically scanning for and applying all vendor recommended patches to their environment. 
    • Static patch bundles enable customers to define controlled collections of tested patches to be applied to their environment. 
  • Auto-remediation policy workflow and notification (integrated process orchestration): 
    • Policy model (shared with compliance) standardizes process orchestration interface for a consistent process. Policy model includes auto-remediation, exception management, and SLO management. 
    • Auto-remediation links desired remediation actions to variance states to automatically initiate workflow based on SLO, preference, and priority. 
    • Exception management enables patch bundles to be used broadly with specific exceptions as required. SLO management helps establish the priority of fixing variances before variances become violations. 

IT Compliance Management  

DCAX provides a complete solution to automate regulatory and internal IT compliance risk across server OS, database, middleware, and container platforms. It includes market-leading benchmark library, easy customization of benchmarks, scanning resources to assess risks, and actionable compliance dashboard to prioritize and orchestrate remediation to resolve compliance risks according to SLO.  

Compliance scan and remediation 

  • Compliance audit across server OS, database, and middleware with market leading benchmarks: 
    • Single platform for closed-loop server OS, databases, and middleware compliance, bringing together all resource types under a single console. DCAX provides shared process workflow enabling standardized process and aggregated views. 
    • Industry standard security best practice benchmarks provide scanning and remediation content based on CIS, DISA, and vendor secure configuration guidance. 
    • Regulatory compliance baselines provide benchmarks representing regulatory requirements from sources such as the PCI Council, NIST, and ISO. Benchmarks provide scanning and remediation capabilities based on library control implementations. 
    • Centralized benchmark configuration scanning and remediation enable Operations teams to aggregate configuration compliance scan results across the enterprise. 

Compliance dashboard 

  • Compliance dashboard and reporting to prioritize top failures: 
    • Compliance dashboard shows integrated compliance state classified by resource type, severity, and state. Time-series data tracks historical resolution of variances. Drilldowns enable inspection of the supporting compliance data and additional details related to state and job history. 
  • Auto-remediation policy workflow and notification (integrated process automation) to remediate within SLOs: 
    • Policy-driven compliance and remediation (policy model shared with vulnerability risk management) allow association of preferences for scheduling, notification, and workflow response to any variance. Policies are configurable and extensible to represent common industry patterns and local practices for remediation of variances. 
    • Exceptions are tracked to identify the approval authority and expiration date, allowing managed flexibility in enforcement of standards. 

Provisioning and Configuration

Server Discovery, Configuration, and OS Provisioning

  • Bare metal OS provisioning using a PXE boot process and sequencing of the build process via OS build plans enable customers to enact a complete OS build starting with pre-install configuration of firmware, including slipstreaming of device drivers, patches, and utility software such as backup and monitoring agents. 
  • For virtual image OS provisioning, the desired OS is installed and brought under management using either VMware vCenter or Microsoft System Center Virtual Machine Manager (SCVMM). Supported OS types include RHEL, SUSE, Oracle Enterprise Linux, Ubuntu, and Microsoft Windows. 
  • Post-install configuration, policy-aware provisioning associate provisioning templates to compliance and patching policies for automated initial enforcement during the provisioning process and ongoing scanning and remediation to ensure continuous compliance. 

Database and Middleware Discovery, Configuration, and Deployment

  • Software platform templates enable scalable, automated provisioning of database (DB) and middleware (MW) instances. 
  • Cluster provisioning deploys standardized clustered DB and MW instances (e.g. Oracle RAC). Supported database types include Oracle, SQL Server, and MySQL; supported middleware types include JBoss, Apache, Tomcat, IIS, and WebSphere. 
  • Post-install Configuration 
    • DB and MW maintenance workflows perform tasks which include database and middleware provisioning (binaries, instances, and database configuration), DB upgrades, DB migration to a new server, DB utilities (start/stop instance), and DB and MW code release. 
    • With policy-aware provisioning, provisioning templates are associated to compliance and patching policies for automated initial enforcement during the provisioning process and ongoing scanning and remediation to ensure continuing compliance. 

Database and middleware discovery, configuration, and deployment functionality enabled by DCA classic product (non-containerized).

Container Platform Provisioning 

  • Docker-based Kubernetes cluster provisioning deploys and configures master and worker nodes. Template-driven deployment enables scalable deployment of standard patterns for basic container infrastructure supporting containerized applications. 

Automation Platform 

Custom data center process automation (extensible automation) 

  • Extensible bulk workflows extend DCAX with customer-specific workflows to orchestrate DCAX functions and/or to integrate actions with external systems and processes.