Smarts NCM: What is Compliance Attributed Test in NCM. How is the generated Results set evaluated.
search cancel

Smarts NCM: What is Compliance Attributed Test in NCM. How is the generated Results set evaluated.

book

Article ID: 330936

calendar_today

Updated On:

Products

VMware Smart Assurance

Environment

VMware Smart Assurance - NCM

Resolution

What is the Compliance Attributed Test in NCM and How do you evaluate the generated Result set .



The Compliance Attributed Test is based on the concept of running a Query to generate a Result Set, and then using various sets of rules to validate that the Result Set is compliant.
 

An Attributed Compliance Test is comprised of one or more Queries. There is one distinguished Query, called the Primary Query, which generates a (Primary) Result View that is to be tested. The testing is done by applying sets of Rules against the Primary Result View to see if the contents of the Primary Result View are valid.

 

There are (currently) three types of rules that are used to evaluate the content of the Results Set:

 

Must Contain Rules: these rules are a template of rows that must appear in the result set. The template is arranged in a spreadsheet-like display, and includes selected columns from the Query s Result Set. The non-null columns of each row in the Must Contain Rules specify a row that must appear in the Primary Result Set.

 

Must Not Contain Rules: similar to Must Contain Rules, the non-null columns of each row in the Must Not Contain Rules specify a row that must not appear in the Primary Result Set.

 

Match Each Row Rules: define a boolean expression, consisting of a set of boolean tests that must be matched by every row in the result set.

 

Additional Queries (other than the Primary Query) may optionally be added to the Attributed Compliance Test in order to generate variable values. Variable references can then be inserted into the rules or Primary Query, allowing values from the results of other Queries to be checked against the Primary Result Set.
 

Must Contain rules should be used to specify a list of things that need to be configured on the Device. For example, it might be a list of access-lists that need to be present on each Device. You can specify that the rules must be matched in order with the result set

 

Must Not Contain rules should be used to specify items that should not be configured on the Device. For example, you may want to check that no access-list has a  permit any  rule.

 

Match Each Row rules should be used to check that the configuration of several different items matches preset criteria; for example that all the Ospf areas are configured with the same set of parameters, or that all OspfRouterSettings have a consistent set of options enabled