Compliance and risk management are often looked at as the most onerous tasks in the oversight of any large system. Having spent the better part of 25 years in a mix of operations and management roles myself, I’m not going to lie when I tell you I tend to share this view. However, with an ever-increasing share of business assets and intellectual property tied to the fate of the data center, both of these domains are unavoidable and only becoming more of a challenge to keep up with.
It hasn’t helped that so many of the processes we use for tracking information and maintaining adherence to our corporate policies has been haphazard at best, and an abject failure at worst. I’ve seen spreadsheets used to track critical addresses and passwords, policy documents which haven’t been reviewed or updated in years, and thousands of systems deployed with no way to audit adherence to policies which may or may not have been followed in the first place. As companies have become more invested in the health of the network, and more savvy to a host of risks from insider threats to nation-state hackers, compliance and risk management is as much a part of what we do today as deploying and monitoring the systems themselves has always been.
Our tools have been lacking, however, and have mostly relied on a manual audit of critical servers, virtual machines (VMs), applications, and network devices. This is a process that used to take days or longer on small networks, and has become all but impossible on modern data centers of the scale and scope of tens of thousands or more machines. But what if we could automate our compliance with risk management policies? What if we could tell the system what we need, what rules it must adhere to? What if the system could police itself, and report to us anything anomalous?
Ensure Your Compliance Posture Is Steps Ahead
VMware vRealize Operations provides capabilities to continuously measure vSphere compliance based on regulatory or internal IT standards, as well as the ability to automate drift remediation. In other words, it polices itself and, if it notices something out of standard, fixes the problem automatically. And by fixing the problem before it rises to the level of an audit finding, your compliance posture is already several steps ahead of where it would’ve been, and you haven’t had to do anything. This is how our data centers should be running. Manual intervention should be the anomalous event, not the standard.
Examples of features in vRealize Operations that support the overall goals of compliance include vSphere configuration and compliance, vSphere regulatory compliance, and automated configuration management. Working in concert, these features help data center operators provide guidance to the system that match the organization’s business requirements, and let the data center largely drive itself. Dashboards with correlations of metrics and performance, as well as adherence to policy, provide a holistic view into the health of the system, allowing for the easy ability to audit when necessary.
Adhere to Regulatory Domains and Standards with OOTB Compliance Dashboards
vSphere configuration and compliance enables security configuration for vSphere, with out-of-the-box (OOTB) cluster, host, and VM compliance dashboards. No longer will you have to wonder if your vSphere hosts are maintaining the intended security posture or drifting in a way that opens up the system to risk. With the number of hosts needed to support today’s containerized and virtualized workloads, a lack of visibility into these systems can quickly spiral into something more serious. After-the-fact remediation can be difficult at best, and at worst be covered up by bad actors who have spent time in your hosts prior to discovery.
vSphere regulatory compliance can measure compliance stature against a number of regulatory domains and standards, including: DISA, FISMA, ISO, CIS, PCI, and HIPAA. You also have the flexibility to create custom compliance standards, freeing you from waiting for someone else to provide what you need.
Minimize the Risk for Errors with Automation
Automated configuration management allows you to automate drift remediation with OOTB workflows and vRealize Orchestrator integration. You know that certain hosts, VMs, and workloads should be configured in a certain manner, and adhere to a certain set of standards. Why take a chance on someone deploying new systems that don’t match your operational intent? Fix deployments before and during deployment so that you never have to worry about having anything out of compliance. And if something happens, the system can notify you or simply fix the problem proactively.
While compliance and risk management will likely never be the thing that most IT practitioners look forward to, they are necessary. By automating the bulk of the work, you take the tedium out of the process and minimize your risk for errors. Use the artificial intelligence designed into the system to free yourself from the mundane, so you can focus your skills and talent on the bigger challenges, and drive more business IQ into the data center with vRealize Operations. More information on exactly how to configure the new vRealize Operations 7.5 Custom Compliance Templates can be found in – What’s New in vRealize Operations 7.5? A Technical Overview, Part 4.
Want to try vRealize Operations for yourself? Download a free evaluation or checkout the vRealize Operations Hands-On Lab!