Best Practices - SPECTRUM Policy Manager Searches (Legacy KB ID CNC TS29575 )

Document ID : KB000051792
Last Modified Date : 14/02/2018
Show Technical Document Details

This technical solution covers some best practices around defining SPECTRUM Policy Manager Searches.


External Attributes:


Using external attributes can be expensive on overall performance as the SPECTRUM must access the device via SNMP to access the attribute. The use of external attributes should be limited wherever possible. In addition, if external attributes are used in a Policy Manager search, then the policy-reenforcement-interval should not be set to less than 24 hours in the $SPECROOT/PolicyMgmt/policy-enforcement-config.xml file. The policy-reenforcement-interval essentially causes SPECTRUM to poll external attributes used in the Policy search criteria to check to see if they have changed.


 


Calculated Attributes:


If there are no external attributes listed in any search criteria, SPECTRUM will not perform Policy re-enforcement unless one of the following calculated attributes are used:    


CollectionModelNameString (0x12adb)


LocationModelNameString (0x129e9)


OrganizationModelNameString (0x129e8)


TopologyModelNameString (0x129e7)


Therefore, the only calculated attributes that should be used as policy search criteria are those listed above.


 


Nested Searches:


Nested searches, also known as Composite searches and embedded searches, are advantageous as they allow the user to reuse previously defined searches without defining the search parameters again. There are no disadvantages to using nested searches, beyond those associated with any search.


In the following example, a search named "ifType Search" is defined and then reused in a search named "Router Ports Search":


    <policy-search-crite.ria name="ifType Search">


      <or>


        <attr-match match-type="equal-to" id="0x1134c" value="131" />


        <attr-match match-type="equal-to" id="0x1134c" value="32" />


        <attr-match match-type="equal-to" id="0x1134c" value="46" />


        <attr-match match-type="equal-to" id="0x1134c" value="22" />


        <attr-match match-type="equal-to" id="0x1134c" value="18" />


      </or>


    </policy-search-criteria>


~


~


~


    <policy-search-criteria name="Router Ports Search">


      <and>


        <attr-match match-type="equal-to" id="0x10001" value="0x220011" />


        <attr-match match-type="contains" id="0x23000e" value="Cisco" />


        <policy-search-criteria-name name="ifType Search" />


      </and>


     </policy-search-criteria>


 


Landscape Searches:


To make a search more efficient, specific landscapes can be defined for a given search. This is not required; however, if a specific search criterion is relevant to a specific landscape or landscapes, then defining this will reduce the amount of data to be searched.


In the following example, the search criterion is specifying that the search should be limited to the landscape with the handle of 0x400000:


<policy-search-criteria name="text name">


<attr-match match-type="equal-to" id="0x12345" value="XXX" />


<lscpe-match match-type="equal-to" lscpe-id="0x400000" />


</policy-search-criteria>


 


Note: The data type of LSCPE_HANDLE, which is used with the lscpe-match, can only be used with the following match types:  equal-to, not-equal-to, less-than, less-than-or-equal-to, greater-than, greater-than-or-equal-to.


 


 


Default Rules:


It is recommended that every policy contains a default rule. This allows one search to find specific models and set attributes accordingly. The remaining devices will fall into the default rule and can be set according to a default set of attribute definitions.


In the following example a default rule is used:


policies.xml


<policy-definitions>       


    <policy name="Port Policy">


       <policy-rule-name name="Router Ports Rule"/>


       <policy-rule-name name="Switch Ports Rule"/>


       <default-policy-rule-name name="Default Port Rule"/>


   </policy>


</policy-definitions>


 


policy-rules.xml


<policy-rule-definitions>


    <policy-rule name="Router Ports Rule" >


        <port-policy-search-criteria-name name="Router Ports Search" />


        <policy-settings-name name="Router Ports Settings" />


    </policy-rule>


    <policy-rule name="Switch Ports Rule" >


        <port-policy-search-criteria-name name="Switch Ports Search" />


        <policy-settings-name name="Switch Ports Settings" />


    </policy-rule>


    <policy-rule name="Default Port Rule" >


        <policy-settings-name name="Default Port Settings" />


    </policy-rule>


</policy-rule-definitions>


 


policy-search-criteria.xml


    <policy-search-criteria name="Router Ports Search">


      <or>


        <attr-match match-type="equal-to" id="0x12a79" value="1" />


      </or>


     </policy-search-criteria>


    <policy-search-criteria name="Switch Ports Search">


      <or>


        <attr-match match-type="equal-to" id="0x12a79" value="2" />


      </or>


     </policy-search-criteria>


 


policy-settings.xml


    <policy-settings name="Router Ports Settings">


        <set-attr-value id="0x1280a" value="TRUE" />


        <set-attr-value id="0x11dd8" value="TRUE" />


        <set-attr-value id="0x11fc2" value="1" />


        <set-attr-value id="0x12957" value="FALSE" />


        <set-attr-value id="0x12a54" value="TRUE" />


    </policy-settings>


    <policy-settings name="Switch Ports Settings">


        <set-attr-value id="0x1280a" value="FALSE" />


        <set-attr-value id="0x11dd8" value="TRUE" />


        <set-attr-value id="0x11fc2" value="0" />


  &nb.sp;     <set-attr-value id="0x12957" value="FALSE" />


        <set-attr-value id="0x12a54" value="TRUE" />


    </policy-settings>


    <policy-settings name="Default Port Settings">


        <set-attr-value id="0x1280a" value="FALSE" />


        <set-attr-value id="0x11dd8" value="FALSE" />


        <set-attr-value id="0x11fc2" value="0" />


        <set-attr-value id="0x12957" value="FALSE" />


        <set-attr-value id="0x12a54" value="FALSE" />


    </policy-settings>

.

Related Issues/Questions:
Best Practices - SPECTRUM Policy Manager Searches

Problem Environment:
SPECTRUM 9.0.0
SPECTRUM 8.1.0
Policy Manager
Ticket 17546728-02


(Legacy KB ID CNC TS29575 )