4 Understanding Policy Configuration

Configuration Change Console responds to infrastructure changes according to component and audit action definitions. The rule sets that you define for a component will depend in part on how you are using the product. You can define rule sets for different uses and enable or disable them as needed. Audit actions define what actions you want to occur when an event takes place for a component. Use components and audit actions to:

Monitor and report on critical infrastructure or application files, processes, databases or internal components. You can use the user interface to generate reports to analyze this information.
Respond to specific events or states on monitored infrastructure objects through the help of system-generated notifications and reports.
Audit changes against a change management solution to identify approved and unapproved changes to the infrastructure.

Rule Set Types

Configuration Change Console provides two rule set types for monitoring different elements of your infrastructure.

Table 4-1 Rule Set Types

Rule Set Type	Use to Monitor:	Configure these Configuration Change Console Objects:
Component Rule Sets	Specific configuration items for an application such as your CRM, ERP, HRIS application. A component rule set includes the specific configuration that needs to be monitored: name and version of a component, operating system on which it runs, and a list of internal and/or external rules where changes may be made by the application.	Component: A granular part of a larger business application such as a database, application server, patch. Rule Sets: The types of data you want to monitor as part of this component; for example: files, processes, database changes, etc. Rules: A set of items to monitor for each rule set. Application: Collection of component instances that together represent a complete business application.
Threshold Rule Sets	Critical thresholds or events on managed devices A Threshold Rule Set enables you to take action when activities and events exceed your specified thresholds.	Threshold Rule Sets monitor specific resources such as CPU usage, system log errors, database errors, and user activity. For details, see Understanding Threshold Rule Sets.

Rule Set Type

Use to Monitor:

Configure these Configuration Change Console Objects:

Component Rule Sets

Specific configuration items for an application such as your CRM, ERP, HRIS application.

A component rule set includes the specific configuration that needs to be monitored: name and version of a component, operating system on which it runs, and a list of internal and/or external rules where changes may be made by the application.

Component: A granular part of a larger business application such as a database, application server, patch.

Rule Sets: The types of data you want to monitor as part of this component; for example: files, processes, database changes, etc.

Rules: A set of items to monitor for each rule set.

Application: Collection of component instances that together represent a complete business application.

Threshold Rule Sets

Critical thresholds or events on managed devices

A Threshold Rule Set enables you to take action when activities and events exceed your specified thresholds.

Threshold Rule Sets monitor specific resources such as CPU usage, system log errors, database errors, and user activity.

For details, see Understanding Threshold Rule Sets.

Data and Events to be Monitored

Before defining policies, you need to identify what you want to monitor. Keep in mind that your goal is to collect data in order to monitor potential deviations from compliance and change management policies. The amount of data collected by the agents affects the size of the Configuration Change Console database and the responsiveness of reports and interactive displays.

In deciding what to monitor, consider the purpose of the policy:

Critical application components: Select critical configuration files, operating system parameters, and tables that define application operations. Multiple policies can be used to monitor the same application when the information collected must be segregated for notification, reporting and auditing purposes.
Control points: Compliance policies typically monitor a few well-defined control points identified through an external compliance exercise.
Infrastructure: Troubleshooting policies may monitor a broader set of components and may be enabled only when there is instability in critical applications or infrastructure.

Note:

To prevent extraneous data from being collected, certain events should never be monitored. For example, if you choose to monitor log files that undergo constant change, you potentially will store an excessive amount of unnecessary data in the Configuration Change Console database.

Monitoring Applications

Use Applications to classify how various defined components fit together to make a business application. Applications allow you to combine elements running on different operating systems to give a view of your changes as they relate to your business applications. For example, a customer order-processing application might include an Oracle database instance, an application server instance, a messaging system, or a firewall. The individual elements in this case are called components. These components could be grouped into an application that represents the customer ordering application.

A component instance can participate in multiple applications. This can prove useful for reporting and management purposes. In the above example, the Oracle instance for the customer order-processing application might also be part of the Finance application.

Tip:

Decide on a naming convention before naming components or applications. Make sure the name provides an indication as to the purpose of the component and application. This will make managing the Configuration Change Console product much easier.