That capability, delivered through a new module in Solidcores S3 Change Control software, integrates with BMC Remedy Action Request System to block any changes not authorized through an existing Remedy change ticket.
"People find there is a gap between what the policy says should happen and what actually happens in the infrastructure," said Rahul Roy-Chowdhury, director of product marketing at Solidcore, in Palo Alto, Calif. "Remedy encapsulates change policies, so if you want to enforce those policies, we have a capability that says no changes unless they are authorized by a Remedy ticket," he said.
The new Change Enforcement Module for S3 addresses a lack of process maturity that exists in most data centers today, according to Ronni Colville, research vice president at Gartner. "This is what brings compliance full circle. It is not about things a system administrator can or cant do, but about things that have gone through a formal change request process. Thats cool. Solidcore is unique in stopping changes based on whats approved or not approved," she said.
The module enforces three categories of policies: changes based on an authorized source, namely, approved Remedy tickets; changes that can be made only during a maintenance window; and specific programs authorized to make changes.
It also provides real-time views into what changes are being made and then reconciles real changes with the Remedy ticketing system. That helps to ensure that approved changes have actually been made and to document changes made to address emergencies outside of the ticketing system.
The module, which includes an agent running on end points such as servers, tracks detailed information about changes. That information includes who made a change, what server and file was changed, when the change occurred and what the change was. That data is stored in a central change database and is available for troubleshooting server outages and exception reporting.
"With reconciliation in place, you can then enforce the process, so that you only allow approved tickets to go through, only from the approved source and only in the approved time window," Roy-Chowdhury said.
For customers that want to approach enforcement gradually, the tool allows them to start by gaining visibility into changes being made, "then do the analytics on how people do the process, [and] then they can turn on the enforcement," he explained.
Solidcore addresses a subset of the configuration management market along with competitors such as Tripwire, BladeLogic and Active Reasoning, who provide audit and change discovery on different parts of a system, Colville said.
The new module is available Nov. 27 and is priced at $1,000 per server.