Network Management

Is it possible to setup a Compliance Policy to check that our HP switches are running the latest software? I see there are several PCI Compliance Policies already in IMC, but none of them reference the device software.

 

Also - do the checks only look at running backups or do they scan the switches themselves?

 

If it's not possible in a Compliance Policy, is there any other feature in IMC that can alert us if/when a software update is released for the HP resources in IMC?

 

Thanks.

There's nothing in IMC that will alert you if HP has released new software. You can use System -> Resource Management -> Live Update to view & download the latest versions of software, but this is a manual process, it's not automated. This will show you the latest available, but it's not going to raise a red flag saying "Update available!!"

HP may have some service where you can sign up for email notification of updates - I know they do for HP Software releases, but I haven't investigated a similar service for HP Networking.

You can use the Software Baseline feature to set a baseline required OS version, and check that against your systems to see if they are running the right version.

Compliance Policies offer three choices for running checks:
* Latest saved running config
* Latest saved startup config
* Display command output.

This last option lets you define a command to run, and IMC will go out to the devices, run the command, and check the output against your compliance policies. This is useful for things like NTP - you can run "show ntp status", and check that the output shows "Clock is synchronised".

I've written a series of posts on using IMC Compliance - it might be helpful: http://lkhill.com/series/imc-compliance/

G'day!

 

Tnx for your perfect http://lkhill.com/series/imc-compliance/

 

I have a question about imc-compliance: is it possible to capture (redirect) output for display command to external file? I need to get results for 'show  lockout-mac'  performed on multiple switches. I could easily do it on PCM+ (check "Capture output to a file") but I can not understand how to do it on IMC.

DSV,

 

If you create a CLI script (Configuration Templates withing Configuration Center) and deploy it to the device it will show you the running results in a window in real time.  You can also continue doing other things, and go back to the "deployment task" page then click on the link for the previously ran task.  Then for each device you will have an icon to see the CLI running results (per device)

 

Below is the running process window, but you can get the same detail per device after the fact as well.

The other method would be to use the "copy command-output '<command to be run>' tftp <tftp ip> <filename>" (if the device is Procurve) this will dump the results of each command to a tftp server.  You could use a parameter for the ${filename} so you can make each one unique, but that method would be pretty cumbersome at scale, and you would end up with a file for each device anyway.

 

There is not a function I'm aware of to dump the results output of compliance policy or configuration script to an external file, but you can view the CLI output of each within the interface.

 

PL