3 Setting Up the Environment

When initially configuring the Configuration Change Console, you must specify both the hierarchy of people who will use the solution and the grouping of your infrastructure's managed devices that will be monitored by the solution.

People: Defines the members of your organization, including their reporting responsibilities and the teams of the organization that interact with the IT infrastructure. By default, you have only the one default account, administrator.
Infrastructure: Configures the managed devices and their groups. By default, every device with a Configuration Change Console Agent will appear in the interface automatically. Device groups can be created through the interface and are useful for simplifying reporting and configuration.

Once you have defined these elements, you can start defining the policies for monitoring and managing change in the IT infrastructure.

Configure the environment by clicking the Administration tab and then selecting the relevant tasks under People and Devices.

Configuring People and Teams

The individuals in your organization may interact with Configuration Change Console monitoring policies and the IT infrastructure in many ways as described in the sections below.

People

The term people refers to individuals in your organization who can log in and view data within the Configuration Change Console using a configured username and password. The term user refers to the individual user accounts detected by Configuration Change Console Agent on managed devices. Configured people may or may not be associated with one or many detected users, and vice versa.

Teams

People comprise a team that is responsible for a given set of infrastructure components. Each team should have responsibilities that are distinct from other teams. For example, one team may administer production machines while another manages development machines.

Teams should mirror your organization's operations. Some organizations may find it beneficial to create teams based on geographic locations, while others may create teams for functional areas. Team assignments are used in the routing of notifications when escalations are required, and can be used to limit the view of devices and data individuals can access.

Configuring People

Use the People screen to view, update or add user information.

You can display this screen by navigating to Administration --> People --> People.

If you already have defined people in the interface, they will appear in this view. If you are just beginning, this screen will include only the default account.

Login Name is the name used to access the Configuration Change Console interface. This link takes you directly to the Add or Update a Person screen to modify the individual's information.

Primary Email Address is the email address used for notifications. Click this link to add or update an email address for the individual.

User Assignment allows you to map individual people in your organization to detected user accounts on monitored devices.

To add a person, select the Add Person button to access the Add or Update a Person screen.
To update a person, click on the person's link in the Login Name column to access the Add or Update a Person screen.
To update a user assignment, click the number link in the User Assignments column to access the Add Person to User Assignment screen to add or modify user assignments

Add or Update a Person

Use the Add or Update a Person screen to view, update or add user information.

To get to this screen navigate to either Administration --> People --> People --> Login Name link or Administration --> People --> People --> Add Person button.

Account Information -- Name, password, and email address are required. Supports Long Messages is selected by default, signifying support for messages greater than 252 characters. If a person's address will go to a cell phone or a similar device, uncheck this box.
Locale Settings -- Select the country, language and time zone from the pull-down menus.
Organizational Settings -- Select the Manager from the pull-down menu and check the appropriate teams from the available selections. Managers are used when routing escalations for notifications. If you have not yet defined teams, the team settings will not be available.
Product role -- The following product roles are available:
- Regular: A person with access to all features except configuration features. Every person must have at least a Regular product role.
- Administrator: A person with access to all features. View of some devices may be limited through the Team Support Assignment.
- Super Administrator: A person with access to all features.

Click Save to save your changes or Cancel to exit without saving changes.

Note:

Changes to a person's role and team settings will take effect the next time the person logs in.

Person to User Assignment

The Person to User Assignment screen allows you to map individual people in your organization to detected user accounts on monitored devices.

Warning:

It is extremely important that you do not map the Windows domain Administrator account or root account to a user in the User Assignments screen.

To get to this screen, navigate to Administration --> People --> People --> User Assignments link.

The following fields are described below:

Username -- The user account
Device -- The devices where the user account exists
Component -- Component on which the user account exists

Click Modify Assignment to select or de-select users on devices.

Configuring Teams

The Teams screen provides details about any configured teams. Use this screen to add a new team or modify existing team information, including team membership.

To get to this screen, navigate to Administration --> People --> Teams.

To add a team, click the Add Team button. To update a team, click the link under the Team Name column. Either way, the Add or Update a Team screen will be displayed.

Enter a team name and select an administrator. The Team Administrator is specified primarily for company record-keeping, but also serves as the final escalation point for notifications associated with the team.

Once you have created a team, click its associated Members link in the Teams page to display the Edit Membership screen.

Note that all current team members are displayed in bold with a marked checkbox.

To edit Team Membership, follow these steps:

Select or unselect members from the available list
Click Save to save changes or Cancel to exit without changes

Adding Managed Devices and Device Groups

Once you have created People entries, you must identify the servers (managed devices) that will be monitored. The following sections describe this process.

Adding and Updating a Managed Device

New managed devices are automatically added to the server following a successful agent installation. You can verify a successful installation, as well as review the list of all managed devices, from the Devices screen.

To get to this screen, navigate to Administration --> Devices --> Devices.

You can modify the agent status, such as pausing and stopping an agent, from this screen by clicking the link under Agent: Last Known State. For additional information about remotely managing agents, see Chapter 12, "
Administering Servers and Agents".

Note:

Devices can be added manually using the Add a Device button. It is recommended that you do not manually add a device unless specifically directed to do so by technical support for resolving an issue. Installing an agent with a pre-determined agent ID will require additional manual steps to be performed after installation.

To review or modify device details or to delete a device, click the link in the Device Name column in the Devices window. The Add or Update a Device screen is displayed. Use this screen to add or modify a device, or to delete a managed device. When you save changes, the Devices screen will reflect the changes you have made.

To add or update a device, enter the following fields:

Type. Device type. Currently, only servers are supported.
Operating System. Operating system of the device. Note that no matter which operating system you use, if the agent detects a different OS, it will automatically adjust this setting.
Device Name. Name assigned to the device. If you change this value, the agent will change it back to the real device name next time the appropriate message is received from the agent.
OS Instance Name. The instance name can be a descriptive title for the OS. For example: Win2k Server SP3.
Owning Team. Select the team, if any, that owns this device. This is for reference only and does not affect any configured rules in the system.
Device Groups. Select the device group(s) to which this device belongs.
Asset Tag. Enter an asset tag (if appropriate) and a description for the device. Note that asset tags serve as the integration point with a Change Management server. The asset tag specified here will be compared to the device asset tag in the Change Management server.

Click Save to save changes, or Cancel to exit without changes.

To delete a device, click the Delete button. Upon subsequent restarts of the device, the agent on the deleted device will be stopped by the server. You must uninstall the agent manually from the managed device, as this delete action does not uninstall the agent.

Note:

If the managed device (on which the agent is installed) is restarted, and the old agent has not been uninstalled, the old agent will restart and continue to send unwanted messages to the server.

Adding or Updating Device Groups

IT organizations often classify servers to form logical groupings based upon shared characteristics, such as operating systems, server types, or geographical locations. By grouping managed devices, you can apply device policies to a group of devices, thereby simplifying management and reporting of changes across complex or large IT infrastructures.

Managed devices can belong to one or more device groups. Groups are used to sort change-management data based on user-defined associations. For example, to simplify retrieval of change data for a group of devices, you can group all web servers under a parent group, or group all of the components that comprise a specific distributed application.

Device groups are hierarchical. One device can belong to one or many groups, but each group can have only one parent. For example, you can group all web servers under a parent group called Production Servers. In fact, you can represent your organization with multiple "generations" of parents, as shown in the following example:

Continent --> Country --> Region --> Organization --> Production Servers --> Device

The following are device group attributes:

A device can belong to any number of device groups
A group can have only one direct parent
Multiple parent levels (generations) can be used to represent your organization

The screens for Device Group management and related activities are all accessible from the following navigation path: Administration --> Devices --> Device Groups.

The Device Groups screen displays all defined device groups. Use this screen to add or update device groups. Note that the device counts listed indicate device membership within the listed group only; they do not factor in devices belonging to any member child groups.

To get to this screen, navigate to Administration --> Devices --> Device Groups.

To add a new device group, click Add a Device Group. To modify an existing device group, click on the link in the Group Name column. Either way, the Add or Update a Device Group screen will be displayed, enabling you to create new device groups or edit the membership of an existing device group.

Use this screen to add, modify, or delete a device group.

Note:

If you delete a group, the devices that belonged to that group will be unassigned from the group. If the group selected for deletion has sub-groups, those groups will become sub-groups of the deleted group's parent. If no parent group exists, those groups will become independent, without parent affiliations.

Devices that have already been defined will appear on the screen. Groups that have already been defined will be available from the drop-down list for the parent group.

Enter the following Device Group information:

Group name. Enter a meaningful name for this group.
Parent Group. Select from the drop-down list of existing groups.
Member Devices. Check all that apply to this group. Click a checked box to de-select a device.

Click Save to save changes or Cancel to exit without changes.

Assigning Teams to Managed Devices

By assigning teams to managed devices, you can restrict which devices team members can access when using the Configuration Change Console. This feature limits the devices on which team members can administer policies and view change event data. For example, when viewing data on relevant Event Visualization screens, if the Finance team is assigned the Finance device group, then members of the finance team will only see changes that are detected on devices belonging to the Finance device group. Note that users with Super Administrator privileges can access all devices.

To get to this screen, navigate to Administration --> People --> Team Support Assignments.

To view current team assignments for a device, click the associated link in the Number of Teams column. To add a team assignment, click Add Assignment.

Note:

To Add a Team Support Assignment you must have an available, unassigned team configured.

To add a new team assignment, enter information into the following fields:

Team. Select the team from the pull-down list.
Device. Select an individual device, if shown, or select and expand device groups to select specific devices. Only individual devices are stored even if device groups are selected. The group hierarchy is not maintained. Therefore, if the device group membership changes in the future, those changes will not automatically be reflected on this team support assignment.
Time Window. Optionally, select the Time Window during which the team is allowed to access the device, for documentation purposes. Currently the only available time window is Always.

Click Save to save changes or Cancel to exit without changes.

After assigning teams to devices using Team Support Assignments, you must enable the Team Device Limiting under Administration --> Server Configuration --> Team Device Limiting screen for the limits to be put in place. Any user that has the Super Administrator product role will see all devices, while any user that only has regular or administrator product roles will only see the devices their team is allowed to see under Team Support Assignments.

Validating Team and Device Group Assignments

Once you have defined the people, teams, devices and device groups, you can verify the accuracy of the definitions and assignments.

To identify any unused teams, navigate to Administration --> People --> Validate People Assignments. This displays a screen listing elements within the monitored environment that have been created but remain unused; for example, teams without members.

From this screen you can click on a count link to jump to the appropriate details screen, where further information can be viewed and assignments corrected, if needed.