BMC TrueSight Server Automation Reviews

The primary use case is vulnerability management. We have the IT space scanned by vulnerability detection tools. The output of this then feeds into the TrueSight Server Automation. This allows the customer to essentially get quick visibility of the vulnerabilities across IT along with the potential risk across IT. Then, through server automation, it provides the ability to remediate these vulnerabilities quickly and efficiently.

It improves the security management and security operations within the business. It is just the case of taking the output from our scanning tools and presenting it to the people that need to see it, allowing them to remediate very quickly. It has the ability to link back very nicely to the ITSM side of things as well. Through linking with other orchestration run books, it allows them to raise changes, go through the change control process, and then close the loop once the vulnerability has been fixed.

It is also used for configuration management and compliance. However, the main use case is around vulnerability management with the SecOps teams and build & IT support teams utilizing the tool.

As a strategic partner (supplier), we are essentially responsible for much the OSS tooling within the UK organization. That doesn't just include Server Automation. We use a whole roster of BMC products, IBM tooling, Micro Focus tooling, and some other Telco native management platforms.

We are using version 8.8 and in the process of moving up to version 8.9.

It takes away a lot of manual effort. The reason that the business bought the tool in the first place was to allow them to work in a more efficient way. This tool allows them to manage the IT estate and reach across it, but then using the solution, it allows them to remediate quickly. It's essentially bringing the risk down within IT.

We have a number of different BMC tools that are installed and running, as part of the TrueSight family. We are not just using TrueSight Server Automation. We're using other TrueSight management tools, as well. We find that it links very nicely to the whole ecosystem. Our IT estate is scanned by vulnerability management tools, which then feeds into TrueSight Server Automation and TrueSight Vulnerability Management. This allows teams to essentially do their job in a more efficient manner.

It is bringing in efficiencies in a way that we can monitor compliance across IT. It is all about provisioning, configuration management, compliance, patch activities, reducing risk, and leveraging automation to do things more efficiently.

We use TrueSight Vulnerability Management. This sits above Server Automation, providing the SecOps teams with real time visibility of the vulnerabilities across IT. This allows them to prioritize what they need to do to remediate and fix. The reporting aspects are very good.

The most valuable feature is its ability to remediate quickly and efficiently across a number of IT assets at the same time. It takes away manual efforts from the team to go out and fix those vulnerabilities through patching, conflict updates, etc.

While it's not my team which looks at the dashboards, SecOps users can manage vulnerabilities across the estate from a single pane of glass (from a single console). This allows the SecOps teams to then prioritize what is a more significant vulnerability than others.

The number of APIs available within the tool needs improvement. At the moment, we have a couple of different scanning tools used within the organization, but only one of those is integrated back into Server Automation. There is another tool that they use in another part of the business where it doesn't have an out-of-the-box adaptor for it. We would have to go and create or develop something bespoke to be able to integrate it with that scanning tool. Whereas, with the other scanning tool, there was an API available. To make it easier, I would like to have more APIs available for different scanning tools within that line of business.

It has been stable for us. It is not something which has caused us any issues. We will be doing an upgrade soon. That will be interesting, because that would probably be the first time we've actually done a major version uplift of the tool. It will be interesting to see how that pans out and see if it goes swimmingly, or will we have any issues with it? To date, we haven't had any problems, though.

It's not something that we've come across yet. At the moment, the solution is integrated into probably 70 to 80 percent of the estate. We haven't had a need to scale up, although we probably will have a need in the future. For instance, we're just introducing the solution to services in private cloud. It will be interesting to see how that works. Apart from that, we haven't had a need to scale up. Though, there are plans to scale up going forward.

There is a different supplier to the supplier who I work running the tool day-to-day. It's for configuration management, compliance, and vulnerability management. The ability to patch and remediate through automation.

We have had no issues nor problems with BMC's technical support. With TrueSight Server Automation, we haven't really had any need to speak to the support. The times that we have had to speak to support, we have had a quick turnaround. We have had no issues at this time with TrueSight Server Automation support from BMC.

When you are installing any sort of new tool or application into the enterprise, not all enterprises are the same. We did have a few teething issues when we first stood it up, but that was fine. We got around those teething issues. The platform is there today working. We haven't really had any problems with the application. It has been running happily.

When we had our requirements integrate into a different scanning tool, we found that it isn't plug and play. There is bespoke development that needs to happen to be able to integrate it with those tools. This is something I would like them to improve.

For deployment and maintenance, there is a team of about two or three people who have to do that. We have the solution incorporated as part of the standard build. If a new server gets rolled out into the network, it already has the prerequisites and agents there able to connect back into Server Automation to be managed by Server Automation. We have an efficient process of rolling out to new assets as we go forward.

I'm responsible for the evolution of the tool within our organization along with providing governance over how we take the solution forward and integrate it. The team of people who maintain TrueSight Server Automation, in terms of keeping the lights, are the SMEs. They are hands-on and do the development activity within the solution today.

Within the business, there is a standard process which has to be followed when making any sort of change or bringing in a new application:

1. The relevant design document has to be created. 
2. An interface spec has to be created. 
3. All that needs to be approved. 
4. It has to be set up in a test bed first. 
5. There needs to be a period of QA testing. 
6. User acceptance needs to happen before it can go live. 

This is a pretty standard process. When you look at the process and governance that needs to happen, six to eight months is about the right time.

The business case is there for ROI. It is definitely providing our customers value.

I don't know why TrueSight Server Automation was chosen. I wasn't involved in our customer's decision-making process. 

Take a look at your scanning tools to see if you have adapters and APIs for TrueSight Server Automation or whether you would need to develop something bespoke. Do your due diligence around that.

Have an idea of the sort of use cases you want to use with the tool. Vulnerability management is just one aspect. Do you want to use the solution for things like server build, server provisioning, and application provisioning?

Who will be using the solution going forward? What services will be wrapped around the tool? Who will need the right level of permissions to do certain things? These are really important to know because Server Automation, whilst it's a very powerful tool, in the wrong hands with the wrong level of access, it could potentially become very problematic. It could be quite dangerous in the wrong hands. It's understanding who needs to have access to it and their level of permission. That needs to be governed and controlled!

• OS provisioning
• Patch management
• IT audit and compliance
• Application deployments
• Data gathering and reporting

Awesome compliance, inventory, provisioning, patch, and deployment.

• Agentless software
• More use cases into compliance management and the remediation process.
  

In some versions, we do have stability, especially 8.5.

Not really.

Technical support is good.

We used shell scripting and other legacy tools.

The initial setup is straightforward, unless you need most of the custom configurations.

Licensing is a bit pricey. Be mindful about the components that you need and buy as appropriate.

We evaluated one stop shop solutions and vendors.

If you do not want the hassle of multiple tools and handling multiple vendors, this is your go to solution.

We are evaluating this product in search of a better automation solution for our system. We are using a private-cloud deployment on AWS.

The most important feature is the schedulings. We want to have them set up to handle as much automation as possible to reduce the resources involved with the project.

The documentation for this solution is good.

We would like to see this solution handle more multitasking. We would like to schedule it for a number of servers, for example, one-hundred servers, and duplicate that task.

This solution would benefit from having additional features.

The stability of this solution seems to be good. So far, the automation we do in the background has run on schedule, and the functionality is really good.

We have tested it on a small scale of fifty to one hundred servers. We have almost twenty-five hundred servers, so we will deploy on a larger scale perhaps six months down the road.

Technical support for this solution is very responsive. The team has opened multiple cases and all of them have been resolved for the first two weeks.

The initial setup for this solution is straightforward.

We are just starting to deploy the product. Right now we're sampling about fifty systems to do automation, such as updating and rebooting systems.

AccuData is our vendor for this solution, as well as for other products. They have been a good vendor.

If it does what we expect, and those features are improved, then I think we will see ROI within the next two years.

We're looking at less than $100,000 USD for this solution.

At the end of the day, we have a budget for these automation tools. If this one fits our budget then we'll go for it. If not, then we might have to find a solution that is more without our range.

This evaluation is a team effort. There are three of us involved in the project, and we're looking forward to seeing how it goes. We have a wishlist with our priorities, and we'll see if it satisfies what we want.

I would rate this solution an eight out of ten.

My primary use case was patching.

Earlier, we had Windows Server Update Services in place. With that, we were only using internal patches. But with BMC, we even configured applications, like IE or things that were Java-related. When we scheduled the jobs, it worked fine. It saved us time and there was no need for resources to monitor them. The jobs worked at the times we scheduled. And, if a job failed we monitored for that.

Also, BMC did not have impact in terms of network-related issues. For example, previously, if we staged patches in the daytime, they would use more network bandwidth. 

In addition, that one BladeLogic was used for almost in 1,000 servers. If we had to do that manually it would be a very big headache.

In terms of improving collaboration between IT operations and security teams, there was a security team and they were using Nexpose scanning to analyze the servers. But it was not up to date. We were informed that the patches were not installed and we worked on pushing the packages to the servers which had not been updated.

Overall, it saved me time.

We didn't use most of the advanced features. We just used it to implement patching where we needed to run scheduling and do automation jobs.

Jobs were supposed to run automatically and, if there was a failure, it was supposed to fix it. But that was not happening. When we added 20 servers to one job, and one server failed, the job was showing as completely failed. The next job was supposed to integrate with some applications. For example, there was a BIG-IP load-balancer. If we wanted to run it as a BMC job, first it was supposed to take out from the load-balancer and then the job was supposed to run. If there were particular services there, like SQL services, they were supposed to be stopped and then the job was supposed to re-start triggering. But that was not happening.

The dashboard has many features but we couldn't use it because, somewhere, the communication was lost. When we tried to open it, it would not open. We mostly operated the solution manually. We did not have a lot of resources for this particular project so we were unable to put in a call to BMC to try to get this fixed.

When trying to get accounts for BMC BladeLogic we were asked to raise a ticket. But we should first be asked if we've had some minimal training on the BMC BladeLogic. Only then should they go ahead and provide accounts. Without any knowledge of the product, we used the KB articles to start working. As a result, we definitely did not have full knowledge of BMC BladeLogic. We ended up asking simple and silly questions, which is not good. They need to provide a minimum of knowledge with training on YouTube or somewhere else. Currently, there is no video training available on YouTube. And outside of their organization, there are also there no training centers.

Another area for improvement is group scheduling if I'm trying to do all the servers. For example, if I want to do all the 2012 Servers - since the patches are the same for all of them - I can't do so. Maybe that feature exists but I'm unaware of it. That kind of filtering would be helpful.

I would also like to see scripting integrated with BMC and integration with PowerShell as well. But if we are trying to invoke a simple command to stop services, it would be good to have that. Currently, we need to depend on PowerShell only. If we're trying to do some of the servers, the first thing we need is for the services to be stopped, before going to the patching. We need to write a script for that and add it to the BMC tool and then we can start triggering the jobs. Otherwise, we will be in trouble when a service is running and the server is being patched. Something like radio buttons to stop the services would be good.

There is no option to see all the servers we patch and we cannot find what the server status is. Of course, we can what has been completed and what is pending and which servers have failed, but we cannot find server status from the BMC tool. For example, is the RDP up or not. We are using separate scripts for that.

We are doing that 150 or 200 servers at a time. If some of the servers fail, we don't know exactly. It shows, out of 200 servers, that ten or 15 servers have a "failed" status. So we need to log in to the servers, if we don't know scripting. That's why we are using the scripting, to know what the RDP status. We check manually or we use the scripting to find the status on them.

In addition, we are always getting complaints from the security team. They say, "You guys did patching on these servers, but there are still some packages are missing." If BMC is not integrated with the security tools, we will definitely continue getting complaints like that. BladeLogic needs to be integrated with security tools, like Nexpose and Cisco. Then we can see which servers are patched successfully and there will be no complaints from security.

I worked with it for almost two-and-a-half years.

BMC was very helpful in those areas where we submitted tickets. Overall their technical support was very good. It helped a lot.

The setup is not too complex compared to SCCM. 

I came to the project without any knowledge of BMC BladeLogic. We started going through the documents from the BMC BladeLogic KB articles and then we started working on the BMC tools. That was it. We didn't have any training on BMC BladeLogic.

We use the product for patching, compliance management, and server automation.

The product's valuable feature is its ability to conduct patching for multiple servers simultaneously.

BMC TrueSight Server Automation's scripting needs improvement.

We have been using BMC TrueSight Server Automation for four years.

The product is stable. I rate its stability an eight out of ten.

I rate the product's scalability a nine out of ten.

The technical support services are good.

Positive

The initial setup process is easy. The deployment time depends on specific project requirements.

The product is expensive. However, they provide all the essential services, including quick support solutions.

BMC TrueSight Server Automation works well with different operating systems and compliance management. Its wide-ranging capabilities for Linux, Windows, and application patching, along with group policy management and reporting,

I rate BMC TrueSight Server Automation an eight out of ten.

We have used this tool for deployment, patching, audit, compliance, and provisioning. Patching and code deployment are the most used functions that we use. 

NSH script is another widely used option.

It makes deployment easier and allows us to put restrictions on the server using role-based authorization. Also, BladeLogic lets users view the filesystem with minimal authorization to the server.

• Deployment
• NSH script

Provisioning needs to be more user-friendly. We were using BladeLogic for provisioning, but due to a lot of issues and complications, we had to stop using provisioning with this tool.

BMC Bladelogic Automation can be used across many OS platforms, providing us flexibility for deployments.

We were able to automate patching, provisioning, and compliance for our servers and network devices.

The setup of this suite is very complicated. It needs to be simplified.

We have used it for two years now.

Deploying it was very complicated.

We have had no issues with stability.

We have had no issues with scalability.

In my experience with their customer service, they are excellent.

From my experience in working with their technical support, they are good.

The initial setup was very complex; Not straightforward at all.

We implemented it with our in-house team.