Integrating Arc Sight with Enterprise Ticketing Systems Dhiraj

Integrating Arc. Sight with Enterprise Ticketing Systems Dhiraj Sharan Senior Software Engineer www. hp. com © 2014 HP Confidential 1

Agenda ► Enterprise System Integration • Options Available in the Arc. Sight Manager ► Enterprise Ticketing Integration deep dive: Export to External System • How Export to External System works ► Need for an Enterprise System Connector ► Case Study: Arc. Sight Remedy Connector • Introduction to Remedy Action Request System • Architecture of Arc. Sight Remedy Connector • Mapping the Schema between Remedy and Arc. Sight • Installation and Configuration www. hp. com © 2014 HP Confidential 2

Options Available for Enterprise System Integration with the Arc. Sight Manager 1. Export to External System • Export/import of XML files done by the Manager 2. Archive Tool • Externally launched command line client to export/import XML files from the Manager 3. External Scripts • Launch external scripts from Rule Actions or interactively from Console Tools www. hp. com © 2014 HP Confidential 3

Options Available for Enterprise System Integration with the Arc. Sight Manager 4. SMTP • Send email notifications from Rule Actions 5. SNMP • Send SNMP traps from the Manager 6. Enterprise System Connector • Native integration www. hp. com © 2014 HP Confidential 4

Export to External System www. hp. com © 2014 HP Confidential 5

Export to External System at the User Level ► Export to External System of Event 1. User Driven: right click on Event in Console 2. Automated: from Rule Action ► Export to External System of Case 3. User Drive: right click on Case in Console 4. Automated: via Case Search Group www. hp. com © 2014 HP Confidential 6

1. User Driven Export to External System of Event Right click on Event in Console —> Export —> External Event Tracking System www. hp. com © 2014 HP Confidential 7

2. Automated Export to External System of Event Automated Export to External System from Rule Action www. hp. com © 2014 HP Confidential 8

3. User Driven Export to External System of Case Right click on Case —> Export —> External Event Tracking System www. hp. com © 2014 HP Confidential 9

4. Automated Export to External System of Case Automated Export to External System from Case Search Group server. properties # ------------------------------# External Ticket System Configuration # ------------------------------# This configures in no. of seconds, data should be exported # to external trouble ticket systems. external. export. interval=60 # The Case Search Group that should be used for automatically # exporting events of cases that fall in the search criteria. #external. export. querygroup. uri=/All Cases/Export Cases # Upper limit on number of cases to be exported from the query # group in one export cycle. external. export. querygroup. max=100 www. hp. com © 2014 HP Confidential 10

Tracking Event Exports via Cases ► Purpose: Audit Export to External System ► Case gets created behind the scenes in /All Cases/System Cases if the export was for an Event instead of a Case • Export to External System from Console UI right click on an Event • Export to External System from Rule Action ► So www. hp. com umbrella Case always there for ANY export © 2014 HP Confidential 11

Export to External System: Export as XML File ► Periodic export/import every 60 seconds (default) ► Cases and their events are exported in archive XML format ► Archive file exported to archive/exports directory ―External. Event. Tracking. Data_<timestamp>. xml ► Archive imports checked from archive/imports directory ―External. Event. Tracking. Data_<timestamp>. xml ► DTDs of XML files available in schema/xml/archive directory on Manager www. hp. com © 2014 HP Confidential 12

Agenda Refresher ► Enterprise System Integration • Options Available in the Arc. Sight Manager ► Enterprise Ticketing Integration deep dive: Export to External System • How Export to External System works ► Need for an Enterprise System Connector ► Case Study: Arc. Sight Remedy Connector • Introduction to Remedy Action Request System • Architecture of Arc. Sight Remedy Connector • Mapping the Schema between Remedy and Arc. Sight • Installation and Configuration www. hp. com © 2014 HP Confidential 13

Enterprise System Connector www. hp. com © 2014 HP Confidential 14

Need for a Custom Connector To link archive XML with External Ticketing System Arc. Sight Manager Export to External System Common Arc. Sight Standard for Ticketing Integration www. hp. com Enterprise System Connector External Ticketing System Custom Connector for Specific External Ticketing Systems © 2014 HP Confidential 15

Arc. Sight Remedy Connector www. hp. com © 2014 HP Confidential 16

BMC Remedy Action Request System (ARS) ► ARS is a Application Builder but NOT an Application ► ARS builds Service Applications in a request-centric, forms-driven, Workflow-based architecture ► ARS Integration Method • Remedy ARS API library • Remote API Protocol : Sun RPC ► Use Case for the current Arc. Sight Remedy Connector • Use Remedy as a ticketing interface instead of Arc. Sight Cases www. hp. com © 2014 HP Confidential 17

Case Study: Arc. Sight Remedy Connector ► Arc. Sight Remedy Connector is a broker between Arc. Sight Manager and Remedy ARS • Remedy ARS server connection ―Uses Remedy ARS API library ―ARS API Protocol: Sun RPC • Arc. Sight Manager connection ―Uses XML file based protocol from Export to External System feature ―Runs as a service on the Arc. Sight Manager machine ► Watches for manager exported files in archive/exports ► Parses Archive XML and prepares data to submit to Remedy form ► Near www. hp. com real-time data transfer (default 60 seconds) © 2014 HP Confidential 18

Architecture: Arc. Sight Remedy Connector Archive XML File Export/Import Arc. Sight Remedy Manager Connector Arc. Sight Manager Server Arc. Sight Remedy Connector Architecture ARS RPC Protocol Remedy Database Remedy ARS Server Remedy User www. hp. com Remedy Administrator © 2014 HP Confidential Remedy Web Server 19

Versions and Platforms ► Arc. Sight Remedy Connector • Current Release: 3. 0. 4 • Platforms: Windows, Solaris, Redhat Linux ► Supported Arc. Sight Manager Versions • Same Connector supports Manager versions 2. 5, 3. 0, 3. 5 • Connector independent of Manager versions as long as Archive XML schema remains same ► Supported Remedy ARS Versions • Connector tested with Remedy ARS versions 5. 1 to 6. 3 • Future Remedy ARS versions maintain backward compatibility with Remedy ARS APIs used by Connector www. hp. com © 2014 HP Confidential 20

Data Flow: Arc. Sight Remedy Connector Action Arc. Sight Console. TM Arc. Sight Manager Manual Remedy or. Ticket Automatic ID and Export Status to Case Remedy and Ticket Event Connector data created exported parses in Remedy the to the XMLXML datafile reported External put as imported Archive back System to by XML the ofthe Cases remedy file Manager for and connector updates Events Arc. Sight XML Archive Arc. Sight Remedy Connector Remedy ARS Server www. hp. com © 2014 HP Confidential 21

Two-way Integration ► Connector brings the Remedy Ticket Number back to Arc. Sight • Stored in Case External ID attribute ► Connector tracks Remedy Ticket Status changes and brings the STATUS back to Arc. Sight • Configure which Case attribute should hold Status ► Sends ticket number and status to the manager via XML file in archive/imports directory ► Other fields not synchronized in the current Connector Use Case ► Connector can be modified to synchronize other fields too since the Archive XML interface supports it www. hp. com © 2014 HP Confidential 22

Defining the Arc. Sight Form in ARS www. hp. com © 2014 HP Confidential 23

Mapping Arc. Sight Schema to Remedy Schema ► Remedy Schema • Every Remedy App is Unique with its own fields • Define Fields as per Arc. Sight Event Attributes desired ► Arc. Sight Schema # ------------------------------# Remedy field mappings for uplink (from arcsight to remedy) # ------------------------------# Set the name of the remedy form the arcsight remedy client # should submit event data to. remedy. event. form=Arc. Sight Ticket # Set the number of fields in the form remedy. event. form. fields=3 # Set the remedy field names to arcsight attribute names mapping remedy. event. form. field[0]. name=Ticket. Name arcsight. event. attribute[0]. name=name remedy. event. form. field[1]. name=Incident. Time arcsight. event. attribute[1]. name=end. Time remedy. event. form. field[2]. name=Report. Device arcsight. event. attribute[2]. name=device. Address ―Choose the Arc. Sight Event attributes to send to Remedy ► Mapping Arc. Sight and Remedy Schema ―Configured in config/arcremedyclient. properties in the Connector ► Note • Only the chosen Event fields are transferred to Remedy • Case fields are not transferred in the current Use Case www. hp. com © 2014 HP Confidential 24

Installation/Configuration ► Extract the Arc. Sight. Remedy. Client. 3. 0. 4. zip file ► Running from command line: • bin/arcremedyclient <params> • Demonized version: bin/arcremedyclientsvc <params> ► Parameters • Arc. Sight Manager installation directory path, Remedy Username, Remedy Password, Remedy Servername, Remedy Port www. hp. com © 2014 HP Confidential 25

Installation/Configuration ► Setup to run as a Service • Windows ―bin/arcremedyclientsvc –i • Solaris/Linux ―startup/solaris/run. As. Root –i ―/etc/init. d/arcremedyclient service configuration and startup script ► Set JAVA_HOME to use the Arc. Sight Manager’s JRE ► Schema mapping and other configuration ―config/arcremedyclient. properties ► Troubleshooting ―logs/arcremedy. log www. hp. com © 2014 HP Confidential 26