ArcMC to manage all ArcSight products and components

Idea ID 2705148

ArcMC to manage all ArcSight products and components

Add process automation orchestration supporting ArcSight component and product infrastructure management through ArcSight-provided workflows.

Minimally will manage and/or monitor: Connectors, Thub and Kafka, Logger, ESM, Investigate, Certificates, Licensing, ...

10 Comments
Community Manager Community Manager
Community Manager
Status changed to: Waiting for Votes
 
Fleet Admiral
Fleet Admiral

Being able to both manage AND deploy all ArcSight products from ArcMC would be great. ESM management could be things like monitoring, package management (like rules etc), config backups, deployment of distributed correlation nodes to existing cluster and such.

Captain
Captain

ArcMC should also manage and monitor load balancer.

Lieutenant
Lieutenant

ESM and LoadBalancer monitoring would be helpful

Micro Focus Contributor
Micro Focus Contributor
Status changed to: Accepted

Our intent is to make ArcMC a true management center for managing the infrastructure of the entire ArcSight family.  This will include infrastructure management (cluster nodes, certificates, licensing, rules, …).

We are planning on implementing an orchestration engine which runs workflows to help with overall management tasks.  Combined with exposing the ArcMC REST API, this should greatly speed up delivery of new management features, while also providing flexibility to customize OOTB workflows for customers that may need/want additional steps performed in the process.

If there are specific management features you would like to see that do not exist today, please enumerate them here and we will consider them.

Captain
Captain

From your comment I read that the focus is on rapid deployment. However, it is equally if not even more important to efficiently operate the whole thing. We need to be able to spot any misbehavior/outages/errors quickly.

Fleet Admiral
Fleet Admiral

@dalesio I think one of the most important is when planning the new REST API itself, all types of "resources" needs to be available through the API.

Resources can be anything from like users and activelists to fieldset and network configuration, license status etc.

One main issue is for larger organizations using centralized user management, even with a external authentication the users still need to create a local copy of the users as well, which currently cannot be automated.

Another important note would be that the REST API should be as similar as possible over all products, so creating a user on ESM should be the same as creating a user on ArcMC over the API, this would be hugely beneficial for everyone!

Micro Focus Contributor
Micro Focus Contributor

Hi,

I agree with both of you regarding managing and alerting exception behaviors and ensuring the REST API is complete and consistent across the portfolio.  

Please enumerate your suggestions on the types of features/functions you would like ArcMC to provide.  For monitoring, we are strongly considering employing SiteScope to monitor the infrastructure and provide alerts and exceptions that need to be communicated to administrators.    

In conjunction with the orchestration engine, we believe this will be a powerful solution enabling both manual and automated responses that field teams and customers would be able to augment or modify where required.

Cadet 3rd Class Cadet 3rd Class
Cadet 3rd Class

Adding the capability to manage the Loadbalancer Connectors would be great. 

Lieutenant Lieutenant
Lieutenant

I agree with multiple replies here.
Struggles with our current deployment include:

  • Managing ESM separately
  • Managing load balancers separately
  • Having to manually created users via ArcMC and then sink them down to our many Loggers.
    • Using AD security groups would be wonderful. 
    • Not exposed via API either.
  • Having to manage users with ESM separately.
    • Again, AD security groups. 
    • Not exposed via API.
  • Manually pulling down Logger, ESM, ArcMC updates from the entitlement portal and deploy them. 
    • Once pushed to ArcMC, Logger, Connector, and ArcMC updates are relatively easy (though they sometime require manual steps).
    • ESM is a whole different beast. Lots of manual steps, some of which, in theory, can be automated, but not the whole process. 
  • Exposure of more functionality through the REST API. Mainly for automation purposes.
    • Consistency of API is also key here, so that developed code can be partially reused. 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.