Compliance Tab
Ensuring compliance of F5 BIG-IP device configurations with organizational standards is crucial. AppViewX offers a comprehensive solution that encompasses compliance enforcement, reporting, and closed-loop remediation to achieve this objective. In general, you have the flexibility to utilize pre-built golden configurations provided by AppViewX or define your own compliance policies. By conducting compliance checks, you can easily identify non-compliant configurations and initiate automated remediation with a single click.
AppViewX offers a policy inventory that centralizes the management of all compliance policies. Within this inventory, you will find a collection of pre-built policies as well as custom policies created by users. You have the flexibility to select and run any of these policies against your F5 devices. The rules within each policy represent the specific parameters and their expected values configured for compliance. They help ensure that your F5 devices adhere to the desired configurations and standards defined by the policies.
Pre-built Compliance Policy
The pre-built compliance policy ensures that the basic system configurations of F5 are inherently compliant. For example, Banner, Device group auto sync , DNS Server, NTP Server, Gateway IP, Timezone, remote syslog servers, etc. Since this is a default policy, all device commands and remediation commands are handled in the background. You will only see the parameter and its expected default value, which can be modified as needed. For more details on the Automation Workflow, see Golden Config Compliance.
Custom Compliance Policy
You also have the ability to define custom compliance policies. These policies can encompass various aspects such as ensuring standard profile configurations, monitoring configurations, password policies, and more for LTM. When it comes to custom policies, it is necessary to formulate the validation command, condition, and remediation command for each rule. This information proves valuable when conducting the compliance check and ensuring adherence to the defined policies.
Device Validation Against Policy
After defining policies successfully, you can view the compliance status of devices, indicating the number of rules that are compliant versus non-compliant. Non-compliance signifies that a rule is not configured on the device as per the expected value. You have the option to switch to other custom policies and check their respective compliance status. This report offers an overall view of the compliance status of your ADC infrastructure in accordance with your organization's standards.
Use Case
If you want to receive a comprehensive report that includes detailed information about each compliance parameter, along with remediation recommendations, you can opt for the report presents the information in a tabular format, covering all the relevant details.
Solution: AppViewX offers a closed-loop remediation mechanism to ensure device compliance. By reviewing the report, you can identify values that require remediation. With a single click, the device configuration can be modified to meet compliance standards. Additionally, you have the option to incorporate ServiceNow approvals to review and approve changes, as well as set specific change windows as needed.