posted

0 Comments

If you have been following this series, I think by now you will agree, vRealize Operations 7.5 is loaded with great new and improved features and content!  So far, I have covered what’s new in Workload Optimization, Capacity Optimization and Troubleshooting in the first three parts.  In this blog entry I am going to introduce the exciting new Compliance updates in 7.5 to finish up the four pillars of Self-Drivng Operations with vRealize Operations.

Custom Compliance Templates

vRealize Operations has been including compliance templates for several releases now.  These provide an easy way for customers to evaluate their SDDC against both VMware recommended best practices for security configuration as well as regulatory compliance such as PCI, HIPAA, DISA and more.

However, many customers would like to be able to tailor these templates to specific concerns or audit items they are accountable for in their own organization.  After all, exceptions are often made depending on the configuration, business requirements, internal policy, other security concerns and other reasons.

Now in 7.5, you can consume the rich set of templates provided by vRealize Operations in a way that makes sense for your needs for reporting and alerting.

Using Custom Compliance templates, administrators can create up to six templates that combine alert definitions from any compliance pack, management pack or even custom alert definitions they have created.

For example, I can create a template for any compliance alerts I’d like to associate with ESXi host systems that have specific security or compliance requirements.

For example, in the above, I’m selecting the ESXi host alert definition from the DISA compliance pack.  I will also add HIPAA and vSphere Security Configuration Guide alerts.

Bingo!  One Custom Compliance template created and already showing relevant alerts!

Out of Compliance?  Just Fix It For Me!

It’s great to know when a host is out of compliance.  But why stop there?  With the alert finding several symptoms, such as misconfigured NTP, network misconfigurations, password problems… that’s a LOT of work to go and manually address.  And, it’s also introducing a lot of risk anytime an admin must do repetitive work with keyboard and mouse.  For example, here’s a list of symptoms for an ESXi host with an active alert for violation of the VMware vSphere Security Configuration Guide.

So, instead of just alerting you to these items, why not go ahead and fix them?  With the 7.5 release, we are also updating the Management Pack for vRealize Orchestrator which will be GA as version 3.0.  If you’re already familiar with this management pack, you know it installs a set of workflows in vRealize Orchestrator that can be added to the Action framework in vRealize Operations.  In 3.0, a set of workflows are included that will allow you to automatically remediate ESXi hosts with alerts for the vSphere Security Configuration Guide compliance template.

You are still in full control and can decide which configuration items get addressed and which are “hands off” for automation.  Once configured and ready, any alerts for ESXi host violations for the vSphere Security Configuration Guide trigger the workflow and the results are emailed to whomever you wish!

You know which configuration items were addressed with the workflow and which will need follow up by an administrator.

Much, Much More

In this four-part series, I’ve only introduced some of the more prominent capabilities in 7.5.  However, there are many smaller (but valuable) enhancements.  For example:

  • Improved user audit logging so you can see which users are accessing, creating, deleting content or running actions.
  • Reporting improvements for scheduling and ability to add customized report covers.
  • Ability to add a timestamp for metrics and properties.
  • Ability to access Views from the Dashboards tab.

Just give in and download a trial of vRealize Operations 7.5 and try it out!  You can also find more demos and videos on vrealize.vmware.com.  Explore and find out for yourself and let me know on Twitter @johnddias about what you like in 7.5!