The Compliance Checker is a Security Content Automation Protocol (SCAP) based engine that provides compliance audit functionality for a target Vblock System. The Compliance Checker, which you can access using the Plug-in for vCenter, provides a set of criteria that determines Vblock System compliance with a specific content pack.
The Compliance Checker uses the following content packs to assess Vblock System compliance:
Note: If your Vblock System contains optional components, they are not included in compliance scans by default. Refer to the Plug-in for vCenter online help for more information on including optional components in compliance scans.
You should update compliance content to the most recent version so that the Compliance Checker is up to date when you run compliance scans on your Vblock System. Compliance content includes rules for Release Certification Matrices (RCM), security hardening, and VCE Technical Alerts compliance.
Download the RPM Package Manager (RPM) file that contains the updated compliance content you plan to install.
To access RPM files, log in to the VCE Support site, VCE Download Center and then navigate to the ‘VCE™ Software and VCE™ Software Documentation for VCE™ Converged Infrastructure Systems‘.
[root@vio001 conf]# cd /tmp [root@vio001 tmp]# rpm -Uvh vce-compliance-content-2.6.0.0-2015.03.00.x86_64.rpm Preparing. ########################################### [100%] 1:vce-compliance-content ########################################### [100%] Compliance API version is 2.6.2.0 [root@vio001 tmp]# rpm -Uvh vce-compliance-content-techalert-2.6.0-2015.04.00.x86_64.rpm Preparing. ########################################### [100%] 1:vce-compliance-content-########################################### [100%]
[root@vio001 tmp]# cd /opt/vce/compliance/content
[root@vio001 content]# sh install_content.sh Enter CAS password for admin user:VCE Vision(TM) Compliance Checker The VCE Vision™ Compliance Checker has been successfully installed
Documentation --> ** Installing content from /opt/vce/compliance/content/rcm. Importing RCM Content for VCE Vblock(TM) System 540. Import Successful ** Setting the version for RCM Content for VCE Vision(TM) Compliance Checker. ** Installing content from /opt/vce/compliance/content/techalert. Importing VCE Technical Alert Content for VCE Vblock(TM) System 540. Import Successful ** Setting the version for Technical Alerts for VCE Vision(TM) Compliance Checker. ################################################## CONTENT INSTALL RESULTS Successfully imported content: ------------------------------ RCM Content for VCE Vblock(TM) System 540 VCE Technical Alert Content for VCE Vblock(TM) System 540 ##################################################
VCE provides you with a set of pre-defined policies and profiles. To customize the Compliance Checker to reflect your environment, use the Profile Tailoring feature.
Profile Tailoring allows you to take an existing compliance policy and tailor it to your environment. The new policies are saved, evaluated, and reported on as if they were the original policies.
A policy is a compliance policy that contains information about what to check in the environment. You can add a new policy, save a policy, or delete it. You cannot edit or delete any policy that VCE provides. However, a policy can have one or more profiles.
A profile is a grouping of rules to audit and the desired target values according to VCE standards.
You define a new profile to specify the rules that reflect your environment. Any profile you create can be edited, saved, and deleted. You can copy a VCE-created profile (they can be identified by the VCE logo in the Source column) to make a change for that profile to fit your environment. Any profile that is created by VCE cannot be edited or deleted. You can select a profile and run a scan from the Profiles area on the compliance policies page.
The same procedure is also applicable to the Security and Technical Alerts compliance policy as well.