Mechanism to Re-synchronize Discovery Engine after Compliance Remediation (17-Nov-2009)
Effective compliance management requires that all resources used to measure compliance are synchronized following a remediation in order to maintain data integrity. The solution is to include automated synchronization of the discovery engine with the provisioning server as an integrated part of the remediation process.
Mechanism to Re-synchronize Discovery Engine after Compliance Remediation
Disclosed is a method for automating a process of synchronizing all resources in the compliance management life cycle as part of a remediation process.
Typical provisioning tools have a capability to leverage information collected from a discovery engine to determine noncompliance. However, after performing remediation against a non-compliant target, a dependency on manually refreshing the discovery engine data in order to ensure the two systems are synchronized both with the real environment and with each other remained.
Relying on manual re-synchronization includes problems of requiring an administrator to manually take the time to initialize a new discovery on the discovery engine after each remediation. From the discovery engine, there was no means to determine when a change has been made through the provisioning server which would render current discovery information inaccurate. Therefore when a new discovery was not initialized after a remediation was performed, environment changes would go undetected. From the provisioning server, there was no way to determine whether the data provided by the discovery engine was accurate with respect to the current environment. Synchronization with obsolete data resources would cause inaccurate compliance results, which in turn would result in an infinite loop of redundant remediation attempts against an already compliant system.
Integrating synchronization effectively closes the compliance-remediation loop by ensuring all resources remain synchronized and current by providing a capability to determine which discovery engine (if any) requires re-synchronization following a remediation, by providing the mechanism needed to initiate discovery on the discovery engine, and by providing tools needed to add implementation for re-synchronization with additional discovery engines.
Incorporating the synchronization as part of the remediation process presents challenges in determining which discovery engines (if any) require re-synchronization following a remediation. The provisioning server must first capture discovery information during the creation of a compliance recommendation. This information is then stored to be queried at remediation run-time and used to initiate synchronization with an appropriate discovery engine. By capturing discovery information in this way, the solution is extendible to discovery engines that may be leveraged by the provisioning server.
Remediation of a noncompliant issue must therefore include actions of remediation against the noncompliant issue, updating the provisioning server database to reflect remediation, and determine which discovery engine requires re-synchronization and initialize data refresh on that engine.
For example, in IBM® Tivoli® Provisioning Manager 7.1 (...
Find More Documents Like This
Download this Disclosure
Click here if you want to sign-in now.
