Data Sheet

Data Center Automation

Automate your service governance processes from end-to-end with smarter patching, continuous
compliance management, advanced process orchestration, and enterprise-scale provisioning.

Product Highlights list of individual patches) along with any cor- Key Benefits
responding Common Vulnerability Exposure
Service Level Objective (SLO)-Based ■ Automate multi-platform patching, compliance,
(CVE) data from the National Vulnerability and provisioning to achieve high-quality,
Patch Scan and Remediation for
Database (NVD). Remediation SLOs ensure re- repeatable processes; eliminate manual errors
Multi-Vendor Server OS and hand-offs between technology silos
sources remain compliant with patch policies.
Patch Policies. Perform automated infrastruc-
ture patch scan and remediation actions using ■ Detect and remediate vulnerability and
patch policies. Policies contain measurement Static Patching. Patches can be applied using compliance risks proactively across the
vendor specific patching infrastructure and lo- data center; eliminate inconsistent patching,
and remediation Service Level Objectives intermittent compliance, and meet Service
(SLOs) and patch bundles. SLOs define the cal repositories. Create custom patch bundles
Level Objectives
frequency for automated scan and remedia- of various types (e.g., recommended, critical,
■ Standardize provisioning across multi-vendor
tion actions while resource group maintenance etc.) for multi-vendor operating systems, such
server OS and application infrastructure;
windows define when the jobs can be run. as Windows, RHEL, SOLARIS, and more. When eliminate error prone manual tasks
Resource groups are subscribed to policies, adding patches to a patch policy, patch filters
■ Native integrations with other OpenText ITOM
while resource patch bundles contain informa- allow sorting of patches based on patch re-
solutions provide a more holistic view of
tion about the type of patches included (e.g., lease date, CVSS, and more. ­datacenter vulnerabilities
vendor recommended patches or an explicit
■ Integrate with existing third-party toolsets via
REST APIs to achieve quicker time to value
■ Pre and post policy workflows allow for custom
process integration

Figure 1. The risk dashboard shows patch vulnerabilities and CVE data across the datacenter.
Data Sheet
Data Center Automation

Dynamic Patching. DCA queries the vendor contain benchmarks for mixed resource types can be customized to include advanced con-
specific update utilities on the target resource and can be applied to a resource group con- figurations such as RAID and BIOS settings.
to determine which patches should be applied taining multiple resource types. Configure custom scripts to be run at time of
based on vendor recommendations. build to further customize deployments. All
provisioning can be scheduled or run ad hoc.
The risk dashboard uses CVE data imported
from the NVD to identify patching vulnerabili- Provision Bare Metal. Bare metal servers can
ties across IT infrastructure. Resources are be provisioned using a PXE boot process.
evaluated for exposure to all known CVEs and Servers are PXE booted and brought under
results are displayed on the dashboard in vari- management using an agent. The customiz-
ous sections. The dashboard can be custom- able build plan is then deployed to install the
ized to show statistics including weekly impact desired OS.
trends and number of affected resources for
vulnerabilities of particular interest. Other areas Figure 2. Drilldown from dashboard showing Provision Virtual Servers. View an inventory
show key information such as most recent vul- needed patches with CVSS severity. of unmanaged VMware vCenter and Microsoft
nerabilities and affected resources, overall re- SCVMM VMs. OS build plans can be config-
source count by vulnerability status, resource ured to create a VM from a template. When an
type and count by CVE severity (e.g., 55 critical OS build plan is deployed the selected servers
CVEs on RHEL resources), and vulnerabilities are brought under management and then the
by age (e.g., 14 resources have had an ongo- desired OS is installed.
ing critical exposure for a period greater than
one year). Process Orchestration
DCA uses out-of-the-box orchestration work-
Automated, Policy-Based Compliance flows to perform DCA operations on man-
Scan and Remediation for aged multivendor OS. Orchestration flows
Multi-Vendor Server OS Figure 3. Resource management screen shows can be created as extensions to automate any
Ongoing, Policy Based Compliance. Audit patch and compliance statistics for a given resource. processes related to the provisioning, patch-
and Remediation SLOs are defined for each ing, and compliance lifecycle of a resource.
compliance policy. SLOs define the frequency Compliance Dashboard. Obtain compliance Leverage orchestration workflows to integrate
for audit and/or remediation jobs (e.g., daily, reports via dashboards available for resource with 3rd party tools and existing content, for
weekly, or monthly). Maintenance schedules groups, individual resources, and policies. example—create a workflow that updates a
are created for resource groups to establish Observe key details on compliance such as service management ticket when a compli-
the time period in which these jobs will be run compliance status (within or outside of SLOs), ance or provisioning operation is performed
(e.g., Sunday between 12:00am and 6:00am). severity, and failed benchmarks. Overall infra- on a particular resource or resource type.
structure compliance statistics and metrics are
Out-Of-The-Box (OOTB) Compliance Scan available from the central dashboard. Drill into DCA Containerized Deployment Option
and Remediation Content. Leverage pre- the dashboard for more detailed information Built on top of the ITOM Container Deployment
built compliance content for a broad range of including benchmark and resource identifica- Foundation (CDF), containerized DCA presents
popular IT, regulatory, and security compliance tion. DCA’s Collect-Once-Store-Once (COSO) new innovations for orchestrated infrastruc-
benchmarks such as CIS, PCI, DSS, SOX, ISO reporting allows you to report on historical as ture management. The ITOM CDF platform has
27001, FISMA, HIPAA, NERC, DISA, and more. well as transactional compliance data. a simple install process and once installed han-
The OOTB compliance content includes com- dles all provisioning, orchestration, and man-
pliance deployment templates and remedia- Provisioning and Configuration Features agement of the underlying core Kubernetes/
tion content. Along with its OOTB compliance Configurable Build Plans. Out-of-the-box Docker cluster infrastructure. The CDF UI is a
content, DCA allows you to create custom with customizable build plans for multi-vendor single portal used for DCA suite and CDF plat-
compliance benchmarks and policies to meet OS including but not limited to: RHEL, Solaris, form management tasks, making it easier to
any internal compliance needs. Policies can Windows, CentOS, and Ubuntu. Build plans scale and offering in-place upgrades.

2
 Robust Reporting and Integrations
Integration with Operations Bridge Manager.
Out-of-the-box integration with OpenText
Oper ations Bridge Manager (OBM) allows
DCA to send compliance and vulnerability scan
data into OBM to further assess the business
service level impact of vulnerabilities on spe-
cific resources, giving a more holistic view of
the datacenter.

DCA COSO Reporting. Powered by the ITOM

reporting service. Leverage OOTB business
value dashboards or bring your own BI tool to
create reports that best fit your needs. Analyze
both historical as well as operational data to
gain a complete picture of the risk and compli-
ance state of your datacenter.

REST APIs. Call DCA functionality from any

external tool that can consume APIs. Modern
REST APIs allow you to integrate DCA function-
ality into your workflows for a truly customized
experience. Seamlessly integrate patch and
Figure 4. OpenText DCA process framework compliance functionality for secure, compli-
ant deployments.
DCA Suite Management. Monitor job queues Mixed Mode Operation. Containerized DCA
and check the health and status of individual manages mixed mode deployments on agent- Key Features
service pods from the analytics dashboard. less and agent based resources in the data-
■ Static and dynamic patch polices with SLO-
Debug issues by viewing log files and configu- center. Agent based operations are performed based scan and remediation actions and
ration files from the UI. Create and manage suite using existing agent based infrastructure such exception management features
namespaces and perform other suite configu- as Server Automation. DCA can integrate with
■ Comprehensive out-of-the-box compliance
ration tasks including installs and upgrades. an external UCMDB to quickly onboard existing content for the most popular IT, regulatory,
infrastructure resources. Agentless resources and security compliance benchmarks
Scale Horizontally. Easily scale DCA for greater can also be imported directly into DCA using
■ Risk and compliance dashboards for quick
resource capacity by adding new Kubernetes orchestration workflows. assessment of the current state of the
worker nodes. Worker nodes can be added datacenter
from the CDF UI. Once credentials are pro- Server Automation Integration. DCA can be
■ Integration with OpenText Operations Bridge
vided for the new worker node, CDF installs integrated with Server Automation to discover Manager to further assess the business
Kubernetes/ Docker on the node. When CDF existing resources and resource groups under service-level impact of vulnerabilities
completes the provisioning of the new worker SA management. Once resources are discov-
■ DCA COSO Reporting powered by the ITOM
node it is added to the cluster and begins to ered, DCA discovers the OS deployed on the Reporting service provides business value
accept workloads from the master. resources. From there, the full range of DCA dashboards or the ability to bring your own BI tool
capabilities and operations can be performed
■ Containerized deployment option for easier,
Headless Operation. Because DCA is built on on these resources. Quickly identify SA man- in-place upgrades
open APIs, any DCA on CDF feature is available aged resources on DCA dashboards and re-
using RESTful APIs. These APIs enable the full source lists. ■ Policy extension workflows allow for customized,
end-to-end patch, compliance, and provisioning
capacity of DCA to be leveraged from any tech-
processes
nology capable of consuming an API.
■ REST APIs allow DCA functionality to be called
from third-party tools that can consume APIs

www.microfocus.com/opentext 3
 Connect with Us
OpenText CEO Mark Barrenechea’s blog

DCA Express DCA Premium

DCA Suite Features and Capabilities Patch + Compliance
Security Patching
Patch scan, discovery, and remediation X X
Vulnerability scoring and risk dashboard X X
SLO-based patching to prevent breaches X X
IT Compliance
Compliance scan, discovery, and remediation X
Compliance dashboard X
SLO-based compliance management to always meet SLAs X
Provisioning, Configuration Drift, Global Shell X
Other Features
Streamline infrastructure operations through orchestration Patching Infrastructure
Orchestration Orchestration
Real-time & historical reporting (COSO based) X X
Puppet integration—manage patch & compliance centrally X X
Host connectivity via agent X X
Host connectivity—agentless X X

For a complete list of supported devices, sys- Learn more at

tems, and applications please visit: www.microfocus.com/DCA
Data Center Automation Documentation www.microfocus.com/opentext

260-000156-001 | O | 03/23 | © 2023 Open Text