Is there any way to add custom attributes to existing CIs? I would like to be able to maintain data for certain CIs which is not discoverable in an automated way. For example, I would like to be able to flag specific servers that fall within scope of PCI compliance and include these types of custom attributes within reports/dashboards.

Hi,

Creating custom attributes on CI’s can be achieved through the use of TPL patterns.

If the data is available by running custom / extra commands outside of the standard discovery commands, then a TPL pattern can be used to run this command – capture the result and store against the custom attribute.

If the data is not possible to capture this way – then a pattern can still be used with the Custom Attribute and Value defined within, and then when the pattern is triggered the attribute will be created.

Creating attributes in this way will not automatically cause them to be displayed in the UI. If you just need the values to be available for reports and dashboards generated from reports, then this method will be suitable.

If you need the custom attributes to appear in the UI (for example like the hostname appears on the host page UI) then there are other ways to do this. Please post back and let me know.

Rgds
Nik

We’ve done some work with one of our clients around PCI compliance type work.

In their case they created TPL patterns to test specific conditions and set a custom attribute on the Host node in question. This allowed them to automatically report on these hosts as they were discovered.

As an example the following trigger will fire a pattern for all unix hosts

We could then get a configuration file with a discovery command:

And we can then set a custom attribute on the Host node:

We could then report on these hosts with the query:

For writing TPL there is the documentation on Configipedia here; for examples of patterns and queries look at the Pattern Ideas and Power Tips

ndimmock@mibtree.com - 21 October 2008 09:05 AM

Hi,

Creating custom attributes on CI’s can be achieved through the use of TPL patterns.

If the data is available by running custom / extra commands outside of the standard discovery commands, then a TPL pattern can be used to run this command – capture the result and store against the custom attribute.

If the data is not possible to capture this way – then a pattern can still be used with the Custom Attribute and Value defined within, and then when the pattern is triggered the attribute will be created.

Creating attributes in this way will not automatically cause them to be displayed in the UI. If you just need the values to be available for reports and dashboards generated from reports, then this method will be suitable.

If you need the custom attributes to appear in the UI (for example like the hostname appears on the host page UI) then there are other ways to do this. Please post back and let me know.

Rgds
Nik

Nik, thanks for the response. It is good to know that this is possible. I believe that I would like to have the attribute displayed in the UI. I’m not sure if I understand how the value of the attribute would populated. I am really looking for a user editable field (checkbox, dropdown, or even just a textbox would work) to be able to enter non discoverable data about a specific CIs. Is this possible?

Charles Oldham - 21 October 2008 09:20 AM

We’ve done some work with one of our clients around PCI compliance type work.

In their case they created TPL patterns to test specific conditions and set a custom attribute on the Host node in question. This allowed them to automatically report on these hosts as they were discovered.

As an example the following trigger will fire a pattern for all unix hosts
We could then get a configuration file with a discovery command:
And we can then set a custom attribute on the Host node:

We could then report on these hosts with the query:

SEARCH Host WHERE switch_services
SHOW SUMMARY, switch_services AS 'Switch Services' 

Charles, this is certainly an interesting approach. But writing a pattern to cover all the different aspect of something like PCI compliance seems rather daunting.

wearnest@teleflora.com - 21 October 2008 03:01 PM

Charles, this is certainly an interesting approach. But writing a pattern to cover all the different aspect of something like PCI compliance seems rather daunting.

If it was a single pattern I’d certainly agree!

From what I have seen from the field generally clients have focused on a few key elements of compliance, written patterns to check their compliance in those areas and built resolution processes around that data. They can then repeat these on their next key areas.

If this is a key factor for you then I do recommend that you get in touch with the services side of our organisation as they have some good experience at helping clients with tasks like these.

Hi,
I’m not really answering your quetion with this post but maybe posing another line of thought. How to approach this may depend entirely on the type and amount of data involved and the frequency of the updates.

To give you an idea of areas i’ve recently worked in. 1 requirement was to show in Tideway the Applications being served to each Host under citrix. I accomplished this be receiving a csv file from the Citrix SA showing Apps to Hosts – i then ran a csv import. Result was an attribute on the Host Node listing Citrix Apps.

Another example is that of Host model uheight, power usage, power btu etc. Again i retrieved a csv output from an IMS system with this info and ran a CSV import into Tideway. We can now run reports directly in Tideway showing all this information.

Would a csv import be a possible solution for you? Do you have any information on this?

Rgds
Nik

ndimmock@mibtree.com - 21 October 2008 04:04 PM

Hi,
I’m not really answering your quetion with this post but maybe posing another line of thought. How to approach this may depend entirely on the type and amount of data involved and the frequency of the updates.

To give you an idea of areas i’ve recently worked in. 1 requirement was to show in Tideway the Applications being served to each Host under citrix. I accomplished this be receiving a csv file from the Citrix SA showing Apps to Hosts – i then ran a csv import. Result was an attribute on the Host Node listing Citrix Apps.

Another example is that of Host model uheight, power usage, power btu etc. Again i retrieved a csv output from an IMS system with this info and ran a CSV import into Tideway. We can now run reports directly in Tideway showing all this information.

Would a csv import be a possible solution for you? Do you have any information on this?

Rgds
Nik

This sounds like a workable solution, but not my preferred choice. I am really looking for a CMDB solution that can provide visibility into the relationships of various CIs and be able to provide reports of that information back to decision makers. For example:

1. CIO asks for a budget of all hardware going out of warranty next year.
2. Auditor asks for a list of all servers that store/process/transmit credit card data.
3. VP of IT asks for a list of processor and memory capacity for all webservers “actively” hosting a particular website based on the current load balancer configuration.
4. And so on…

These are just some basic examples of the need for a CMDB. I don’t like the idea of having to maintain data in various spreadsheets or CSV files and doing imports into a UI, because that really isn’t much better than just having a bunch of spreadsheets of data. Doing imports of bulk data is great for initial population of the data, but not a good way for maintaining the data. I would much rather have the capability of ticking a checkbox for an attribute that says “PCI Compliance” on a CI within the interface after all of the discoverable data has been collected/imported.

Those questions are exactly the sorts of things that Foundation is good at answering for you.

There is extensive functionality for getting data automatically from your environment (via TPL), and then there are other means of getting the data that cannot be detected on the infrastructure you’re scanning.

Maybe it would help if you gave us an example of an attribute that you’d like to collect? The best way of doing it varies from case to case.

Simon Woodward - 21 October 2008 05:00 PM

Those questions are exactly the sorts of things that Foundation is good at answering for you.

There is extensive functionality for getting data automatically from your environment (via TPL), and then there are other means of getting the data that cannot be detected on the infrastructure you’re scanning.

Maybe it would help if you gave us an example of an attribute that you’d like to collect? The best way of doing it varies from case to case.

Sure, the PCI example seems pretty straight forward. I would like to simply add an attribute onto server type CIs that state whether the server falls within the scope of PCI or not. It can be as simple as a Yes/No value.

As Simon said, these sorts of things are the “bread and butter” of what Tideway can do and most of what you have asked as example questions are more than possible to do.

Going through the examples you provided:
List of servers that store/process/transmit credit card data. -> I presume that you will know this from instance name, type of DB, config file etc – and therefore straight forward for TIdeway to capture and report.

Memory and Processor info for servers hosting particular website. -> I presume that this ties in with you question about reading the IIS Metabase file? Tideway can read the httpd.conf or IIS metabase file, capture the website names listed in these and create a CI item for each one – relating these back to the host. Therefore again straightforward to get this information.

Using Tideway in the field at various sites across different sectors, i’ve rarely found a requirement that couldn’t be met. I strongly, strongly encourage you to talk to Tideway Services or a Tideway partner, who will be able to take you through all of the scenarios that you describe.

Rgds
Nik

The Foundation Taxonomy (data model) can be easily extended by the addition of new Nodes (CIs), attributes, and relationships. This is in addition to the ability to create new attributes on an existing Node ‘on the fly’ in a pattern.

Framing this capability a little: Foundation is not intended to be a general purpose CMDB, however with/without a CMDB in the environment it often makes sense to extend the Taxonomy to include non-discoverable Nodes/Attributes. This allows seamless exploitation in conjunction with the existing Nodes, for reporting purposes. Taxonomy extension is regarded as an advanced customization and is usually performed by a trained/certified resource.

I have attached a ZIP file with some instruction about how to extend the Taxonomy, and an example, in the event that you want to give it a try.

On the subject of the ‘on-the-fly’ attributes, these do not appear in the Taxonomy browser, but can be listed through a generic query. An example for the ‘Host’ node would be: