Use the Create and configure compliance policies page to change compliance policies.
Before you begin
The
Create and configure compliance policies task
is used to configure
compliance policies on
systems that are
monitored for missing updates.
Each compliance check is listed
on a separate line.The target system or system group is checked
against its associated compliance policy automatically
when the system or
update inventory changes.
About this task
Note: This topic describes how to access this task in
the IBM® Flex System Manager Web user interface. If you
are using the IBM FSM Explorer, use the finder
at the top of the user interface (shown here) to locate this task:
To
modify compliance policies,
complete the following steps:
Procedure
- From the Update Manager summary
page, click Create and configure compliance policies. The Compliance Policy page is displayed.
- Select a system or system group.
- Optional: Click Browse to
see a list of systems.
- Click Add to add a system or system
group.
- Click Remove to remove a system or system
group.
- Click Show Compliance Policies.
- Select one of the following policies to create
or, if it already exists, configure it:
- Policy to ensure that the latest released updates are always applied
- Policy to ensure that specific version levels of updates are maintained
Important: If a policy already exists and you select
and configure the other policy, the existing policy and its compliance
checks are removed when you save the new policy.
If the chosen policy already exists, the table displays
all associated compliance checks. If the chosen policy does not already
exist, the table is empty.
- Choose a task to perform on the selected compliance policy:
- Create a new compliance check. Complete
the following steps:
- In the displayed table, click Add.... The Add... page is displayed.
- In the Show: list, select the type of updates to
display in the table.
Note: If you are adding a compliance check to the "Policy
to ensure that the latest released updates are always applied" policy,
you can choose from among only dynamic update groups. If you are adding
a compliance check to the "Policy
to ensure that specific version levels of updates are maintained" policy,
you can choose from among only individual updates or static update
groups.
- Choose the updates or update groups to include in the compliance policy.
- Click OK to add the updates
or update groups to the compliance policy.
- Remove a compliance check. Select a compliance check, then select .
- Click Save to save the changes to
the compliance policy. This will activate the selected compliance policy and any compliance
checks that you set up for it, and will remove any previously existing compliance policies and compliance
checks.
Example
If you
create a static update group where some of the updates supersede others,
the compliance policy verifies
that the latest superseding update is installed. The recommendation
that comes from this type of compliance policy will be to
install the latest update in the supersede chain.
As an example,
consider an update group with these attributes:
- It is a static update group.
- Group members are updates named UpdateA, UpdateB, and UpdateC.
- UpdateA supersedes UpdateB.
- UpdateB supersedes UpdateC.
When a
compliance policy is
created with this group, the
compliance policy verifies that
the latest supersede update (UpdateA in this case) is installed, and,
if it is not, the recommended action is to install the latest update
in the supersede chain (UpdateA in this case). Even if both UpdateB
and UpdateC are installed, the
compliance policy indicates
'out of compliance' unless UpdateA is installed. If UpdateB and UpdateC
are not found on the
system, but UpdateA
is present on the
system,
the
compliance policy indicates
that the
system is
in compliance.
