Compliance
Role
The run_compliance_checks role is required to use this feature.
The Compliance feature helps you verify and repair switch configurations to comply with standards across your network. It allows you to run specify policies comprised of so-called checks, each of which enforces some particular piece of configuration be present or absent on a switch.
Setting up
Role
The manage_compliance_policies and
manage_switches roles are required to use this feature.
To use the Compliance feature, you must first define one or more compliance policies, and assign one or more policies to one or more switches. The easiest way to get started is by using the 'default' compliance policies, which you may instantiate with the button shown here.
Assigning Policies to Switches
Once you have defined your policies, you can assign them to switches. A switch can have any number of policies that it needs to comply with. Navigate to the switch overview, or any group page, click the "edit" button (or create a new switch) and select the policies under the "Compliance" section.
Running Compliance Checks
The Compliance page shows all eligible switches with their assigned policies. Switches must be online in order to run compliance checks, and a functional and running On-Site Appliance is required to be able to interact with the switches.
Selecting Switches and running checks
Use the checkboxes to select which switches you want to run compliance checks on, or select all eligible switches at once with the checkbox at the top of the list. Click the "Run" button to start the compliance checks on the selected switches. ZEM will read the configuration of each switch and compare it against the assigned policies.
After running the compliance checks, the results will be displayed for each switch.
Applying Fixes
For many checks, ZEM has the ability to automatically apply fixes to the switch configuration to bring it into compliance with the policy. Select one or more checks with fixes available, and click the "Apply Fixes" button.
