I am running SCCD 7.5 and BigFix (Tivoli Endpoint Manager) for asset discovery bringing data over using Integration Composer.
I need some guidance with regard to the following scenario. I am brand new to workflows and would really appreciate knowledge/experience on the matter. I am trying to achieve the following scenario through workflows, but I am not sure whether I should create a custom workflow in Workflow Designer, or create a Release using the PMCHGMAIN1 workflow that's automatically used with that record.
Step 1. Technician creates a baseline within Big Fix for two devices in the Lab environment.
Step 1.5. Promote the newly discovered devices to Authorized Assets in SCCD.
Step 2. Technician creates a deployment ticket in SCCD to load a security update for the operating system to only one of the base-lined devices.
Step 3. The work flow within SCCD should route the deployment ticket and alert the SCCD Deployment Managers group for approval.
Step 4. Technician pushes the software update with Big Fix to the two base-lined devices. The installation of the security update will change a value to the registry key on the target devices thereby deviating from the established baseline.
Step 5. Technician creates a deployment ticket to update an application to a newer version for only one of the based lined-lined devices.
Step 6. The work flow within SCCD should route the deployment ticket and alert the SCCD Deployment Managers group for approval.
Step 7. Technician pushes the new version with Big Fix to the two base-lined devices. The installation of the new version will change a value to the registry key on the target devices thereby deviating from the established baseline.
Step 8. The work flow within SCCD should alert the SCCD Auditors group of the change to the device that was not listed on the deployment ticket as the change was unexpected.
Any guidance/knowledge is appreciated. Thank you,
Pinned topic Need Guidance for Software Deployment Workflow
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-01-18T22:04:28Z at 2013-01-18T22:04:28Z by scottsd
scottsd 2000003CK1121 Posts
Re: Need Guidance for Software Deployment Workflow2013-01-18T22:04:28ZThis is the accepted answer. This is the accepted answer.A Change management approval workflow is the way to go here to collect the approvals before allowing the Technician to push the update using BigFix. The out of the box PMCHGMAIN1 workflow will route approval records to whoever is on the Change ticket at L1, L2, or L3 approvers depending on your risk. Based on the Jobplan attached to the Change, you can prepopulate the L1, and L2, and L3 related approvers, or you can develop a simpler workflow that always goes to your SCCD Deployment Managers.
The value proposition of using a Release only really comes into play if you're managing multiple related Change requests or large scale deployment projects.
Detecting that a device was not listed on the deployment ticket and sending to auditors for remediation is a challenging usecase though. The in-house audit and reconciliation process within SCCD relies on discovered CI data versus authorized CI data to detect these unauthorized changes, based on your usecase, I'm not sure that the change you made to the system (a registry change) would be tracked in the authorized CI space, so might not be detected by the configuration management process.