It is my pleasure to announce that Server Configuration Monitor (SCM) 2020.2.1 is now generally available in your customer portal and you can download and upgrade your production servers, while retaining your complete configuration and history. Although we typically don't package new features into a service release, these features were too exciting to hold back from you.
Version 2020.2.1 is compatible with Orion Platform 2020.2.1
New compliance engine
Many of you wanted SCM to check servers, applications and databases against compliance benchmarks (like STIG, CIS, etc), similar to the compliance feature in NCM. To do this, we've built a new policy and rules engine to measure compliance for these entities by leveraging the data collection capabilities in SCM.
Using the new dashboard capabilities in Orion, we've added new compliance dashboards summarized at different levels (overall, policy and node) with drill down to rule details view to see why rules are failing and how to fix them.
Compliance is calculated by the number of applicable rules that passed the checks included in that policy. For example, a Windows Server policy might have 200 rules, but when assigned to a node, only 150 rules are applicable. When the rules are evaluated on that node, if 100 of the rules pass, then the compliance percentage for the policy on that node is 66% (100 passing rules out of 150 applicable rules). The status of the other 50 rules could be failed or unknown. Policy rules are evaluated once a day.
- Overall Compliance: Summary of all policies across all assigned nodes
- Policy Compliance: Summary of one policy for all assigned nodes
- Policy Node Compliance: Summary of one policy for one assigned node
Rules consist of a rule description, the instructions on how to fix a failing rule, and one or more checks that determine if a rule passes or fails. Once applied to an entity, rules can have 5 states:
- Passed - rule was evaluated and passed
- Failed - rule was evaluated and failed
- Unknown - rule was not evaluated because of a problem (data collection, bad data, etc.)
- Not Applicable - the rule did not apply to the node
- Disabled - user disabled the rule at the policy level
Note that rule states do not roll up or impact Orion's entity status, so failed rules will not turn a node red.
The list of out-of-the-box policies is short (Windows, SQL and IIS) but will cover the basics in your environment. New policies will be published on thwack. If you need a policy, post a request in Server Configuration Monitor (SCM) Feature Requests.
Alerts and Reports
SCM included 2 Alerts and 3 Reports for compliance policies.
- Overall policy compliance percentage (70%)
- Rule evaluation fails
- Overall Compliance Summary
- Policy Compliance Summary
- Policy Rule Status (including error info)
Perfstack will show summaries at both the policy and node level, allowing you to see the history of compliance in your environment. Data available for both Node and Policy entities, includes all rules (not just applicable), and the data explorer links you to the rule, node or policy.
And as always, check out the release notes for a list of all the changes and fixes in this release.
If you don't see the features you've been waiting for, check out the What We're Working on for SCM post for a list of features our dedicated team of configuration nerds and code jockeys are already researching. If you don't see everything you've been wishing for, add it to the Server Configuration Monitor (SCM) Feature Requests.