More use cases can be automated. The user interface of BMC TrueSight Server Automation could benefit from enhancements, as it currently lacks refinement. However, the stability of the platform is commendable. While there are occasional fluctuations, overall, it maintains a high level of stability. In terms of automation capabilities, it performs satisfactorily. Additionally, it handles gateway activities smoothly, demonstrating its capability.
Solution Architech at a computer software company with 201-500 employees
Real User
Top 20
2023-07-27T03:15:56Z
Jul 27, 2023
There should be some agentless operations as well because sometimes it becomes very difficult for everybody to have an agent installed. So, some operations should be possible to perform without agents. Maybe that will be considered in the future. The tool is doing almost everything right now, including compliance and permission management. Currently, we are doing vulnerability assessment scanning by integrating with external tools. However, it would be better if the tool itself had its own vulnerability management functionality, where it can independently scan endpoints. If it had this built-in functionality, it would provide an end-to-end security solution.
We encountered some reporting issues. Also, we needed to gather information from the backend before the product execution. The output's format is not good.
TrueSight falls short when we are trying to gather large amounts of data from multiple servers. We need to do these tasks manually because there is no option to populate the data and export it to Excel, which is required. For example, let's say I'm trying to find out how many patches are missing on the servers and which ones have been installed. It's hard to automatically pull each server's data in an Excel format. For example, let's say we have 10 servers and we execute a script to check if the firewall is up. It's hard to extract the data from it because it generates other garbage. Also, TrueSight lacks the ability to patch containers. This is crucial because many teams are moving to containerization, and we've found vulnerabilities in some of the containers during our assessment. There currently is no easy way to fix these issues with TrueSight. The solution supports Python and Powershell scripting, but it would be helpful if it also ran Ansible playbooks.
System Analyst II at a energy/utilities company with 1,001-5,000 employees
Real User
Top 5
2023-01-24T20:23:00Z
Jan 24, 2023
Resource management on the base servers could be improved. We're using a site that's supposed to cover all of our affiliates. I don't know what is causing the problem but we've had to increase RAM and CPU processing in order to alleviate some of the sluggishness during patching. I find the solution to be rather cumbersome. It's supposed to be able to support 50,000 or 100,000 servers. We only have 5,000 servers and during our patch processes, it gets very sluggish. We wanted to automate our patching, and not be stuck monitoring patches for three-quarters of every month. We have a main site and then multiple repeaters at each of the affiliate locations. Theoretically, patches are supposed to be delivered to the repeaters and your affiliates are supposed to pull the patches from those repeaters. We've noticed that doesn't always work and it pulls transfer patches from the main site rather than going to the repeater. TrueSight brought some standardization across the affiliates, however, it has also increased workloads and has made some things more complex. The requirement to have a local account with no password (password is random in TSSA, but not able to be changed through Windows) has caused some grief with our security team, and many complaints across affiliates. There are several features that appear to be very good but they don't always work as expected.
Learn what your peers think about BMC TrueSight Server Automation. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Security Architect at a outsourcing company with 10,001+ employees
Real User
2019-09-03T06:46:00Z
Sep 3, 2019
We would like to see this solution handle more multitasking. We would like to schedule it for a number of servers, for example, one-hundred servers, and duplicate that task. This solution would benefit from having additional features.
The number of APIs available within the tool needs improvement. At the moment, we have a couple of different scanning tools used within the organization, but only one of those is integrated back into Server Automation. There is another tool that they use in another part of the business where it doesn't have an out-of-the-box adaptor for it. We would have to go and create or develop something bespoke to be able to integrate it with that scanning tool. Whereas, with the other scanning tool, there was an API available. To make it easier, I would like to have more APIs available for different scanning tools within that line of business.
Jobs were supposed to run automatically and, if there was a failure, it was supposed to fix it. But that was not happening. When we added 20 servers to one job, and one server failed, the job was showing as completely failed. The next job was supposed to integrate with some applications. For example, there was a BIG-IP load-balancer. If we wanted to run it as a BMC job, first it was supposed to take out from the load-balancer and then the job was supposed to run. If there were particular services there, like SQL services, they were supposed to be stopped and then the job was supposed to re-start triggering. But that was not happening. The dashboard has many features but we couldn't use it because, somewhere, the communication was lost. When we tried to open it, it would not open. We mostly operated the solution manually. We did not have a lot of resources for this particular project so we were unable to put in a call to BMC to try to get this fixed. When trying to get accounts for BMC BladeLogic we were asked to raise a ticket. But we should first be asked if we've had some minimal training on the BMC BladeLogic. Only then should they go ahead and provide accounts. Without any knowledge of the product, we used the KB articles to start working. As a result, we definitely did not have full knowledge of BMC BladeLogic. We ended up asking simple and silly questions, which is not good. They need to provide a minimum of knowledge with training on YouTube or somewhere else. Currently, there is no video training available on YouTube. And outside of their organization, there are also there no training centers. Another area for improvement is group scheduling if I'm trying to do all the servers. For example, if I want to do all the 2012 Servers - since the patches are the same for all of them - I can't do so. Maybe that feature exists but I'm unaware of it. That kind of filtering would be helpful. I would also like to see scripting integrated with BMC and integration with PowerShell as well. But if we are trying to invoke a simple command to stop services, it would be good to have that. Currently, we need to depend on PowerShell only. If we're trying to do some of the servers, the first thing we need is for the services to be stopped, before going to the patching. We need to write a script for that and add it to the BMC tool and then we can start triggering the jobs. Otherwise, we will be in trouble when a service is running and the server is being patched. Something like radio buttons to stop the services would be good. There is no option to see all the servers we patch and we cannot find what the server status is. Of course, we can what has been completed and what is pending and which servers have failed, but we cannot find server status from the BMC tool. For example, is the RDP up or not. We are using separate scripts for that. We are doing that 150 or 200 servers at a time. If some of the servers fail, we don't know exactly. It shows, out of 200 servers, that ten or 15 servers have a "failed" status. So we need to log in to the servers, if we don't know scripting. That's why we are using the scripting, to know what the RDP status. We check manually or we use the scripting to find the status on them. In addition, we are always getting complaints from the security team. They say, "You guys did patching on these servers, but there are still some packages are missing." If BMC is not integrated with the security tools, we will definitely continue getting complaints like that. BladeLogic needs to be integrated with security tools, like Nexpose and Cisco. Then we can see which servers are patched successfully and there will be no complaints from security.
Infrastructure Tools Architect at a pharma/biotech company with 10,001+ employees
Real User
2019-06-12T13:17:00Z
Jun 12, 2019
I would like to see a better methodology for handling REST calls and integration into the APIs. They add new APIs as they add functions, but they've missed some from older components which they still haven't added in. Some of the APIs are there but the CLI calls are not there. I do a lot of development work. We do a lot of very deep, customized work. So that makes it a little harder. I would also like to see more integration with other vendors, like automation out of Splunk or working with a vendor like Datadog for monitoring. I would like to be able to easily integrate with their tool to be able to initiate automation from monitoring events found with other vendors. I've found that although the tool is very powerful, and you can build all kinds of integrations yourself, there's a lot of upfront configuration to get them working with these vendors for which they've not built integrations. So although it's possible, it's a little more complicated than it should be. They should have these frameworks already built out to make it easier.
BladeLogic Server Automation allows you to quickly and securely provision, configure, patch, and maintain physical, virtual, and cloud servers.
· Threat remediation: Combine with BMC SecOps Response Service to link vulnerabilities to identified patches and create a remediation plan
· Compliance: Integrates role-based access control, pre-configured policies for...
More use cases can be automated. The user interface of BMC TrueSight Server Automation could benefit from enhancements, as it currently lacks refinement. However, the stability of the platform is commendable. While there are occasional fluctuations, overall, it maintains a high level of stability. In terms of automation capabilities, it performs satisfactorily. Additionally, it handles gateway activities smoothly, demonstrating its capability.
BMC TrueSight Server Automation's scripting needs improvement.
There should be some agentless operations as well because sometimes it becomes very difficult for everybody to have an agent installed. So, some operations should be possible to perform without agents. Maybe that will be considered in the future. The tool is doing almost everything right now, including compliance and permission management. Currently, we are doing vulnerability assessment scanning by integrating with external tools. However, it would be better if the tool itself had its own vulnerability management functionality, where it can independently scan endpoints. If it had this built-in functionality, it would provide an end-to-end security solution.
We encountered some reporting issues. Also, we needed to gather information from the backend before the product execution. The output's format is not good.
TrueSight falls short when we are trying to gather large amounts of data from multiple servers. We need to do these tasks manually because there is no option to populate the data and export it to Excel, which is required. For example, let's say I'm trying to find out how many patches are missing on the servers and which ones have been installed. It's hard to automatically pull each server's data in an Excel format. For example, let's say we have 10 servers and we execute a script to check if the firewall is up. It's hard to extract the data from it because it generates other garbage. Also, TrueSight lacks the ability to patch containers. This is crucial because many teams are moving to containerization, and we've found vulnerabilities in some of the containers during our assessment. There currently is no easy way to fix these issues with TrueSight. The solution supports Python and Powershell scripting, but it would be helpful if it also ran Ansible playbooks.
Resource management on the base servers could be improved. We're using a site that's supposed to cover all of our affiliates. I don't know what is causing the problem but we've had to increase RAM and CPU processing in order to alleviate some of the sluggishness during patching. I find the solution to be rather cumbersome. It's supposed to be able to support 50,000 or 100,000 servers. We only have 5,000 servers and during our patch processes, it gets very sluggish. We wanted to automate our patching, and not be stuck monitoring patches for three-quarters of every month. We have a main site and then multiple repeaters at each of the affiliate locations. Theoretically, patches are supposed to be delivered to the repeaters and your affiliates are supposed to pull the patches from those repeaters. We've noticed that doesn't always work and it pulls transfer patches from the main site rather than going to the repeater. TrueSight brought some standardization across the affiliates, however, it has also increased workloads and has made some things more complex. The requirement to have a local account with no password (password is random in TSSA, but not able to be changed through Windows) has caused some grief with our security team, and many complaints across affiliates. There are several features that appear to be very good but they don't always work as expected.
We would like to see this solution handle more multitasking. We would like to schedule it for a number of servers, for example, one-hundred servers, and duplicate that task. This solution would benefit from having additional features.
I would like to see more container integration in the next release of this solution. Networking needs to be improved.
The number of APIs available within the tool needs improvement. At the moment, we have a couple of different scanning tools used within the organization, but only one of those is integrated back into Server Automation. There is another tool that they use in another part of the business where it doesn't have an out-of-the-box adaptor for it. We would have to go and create or develop something bespoke to be able to integrate it with that scanning tool. Whereas, with the other scanning tool, there was an API available. To make it easier, I would like to have more APIs available for different scanning tools within that line of business.
Jobs were supposed to run automatically and, if there was a failure, it was supposed to fix it. But that was not happening. When we added 20 servers to one job, and one server failed, the job was showing as completely failed. The next job was supposed to integrate with some applications. For example, there was a BIG-IP load-balancer. If we wanted to run it as a BMC job, first it was supposed to take out from the load-balancer and then the job was supposed to run. If there were particular services there, like SQL services, they were supposed to be stopped and then the job was supposed to re-start triggering. But that was not happening. The dashboard has many features but we couldn't use it because, somewhere, the communication was lost. When we tried to open it, it would not open. We mostly operated the solution manually. We did not have a lot of resources for this particular project so we were unable to put in a call to BMC to try to get this fixed. When trying to get accounts for BMC BladeLogic we were asked to raise a ticket. But we should first be asked if we've had some minimal training on the BMC BladeLogic. Only then should they go ahead and provide accounts. Without any knowledge of the product, we used the KB articles to start working. As a result, we definitely did not have full knowledge of BMC BladeLogic. We ended up asking simple and silly questions, which is not good. They need to provide a minimum of knowledge with training on YouTube or somewhere else. Currently, there is no video training available on YouTube. And outside of their organization, there are also there no training centers. Another area for improvement is group scheduling if I'm trying to do all the servers. For example, if I want to do all the 2012 Servers - since the patches are the same for all of them - I can't do so. Maybe that feature exists but I'm unaware of it. That kind of filtering would be helpful. I would also like to see scripting integrated with BMC and integration with PowerShell as well. But if we are trying to invoke a simple command to stop services, it would be good to have that. Currently, we need to depend on PowerShell only. If we're trying to do some of the servers, the first thing we need is for the services to be stopped, before going to the patching. We need to write a script for that and add it to the BMC tool and then we can start triggering the jobs. Otherwise, we will be in trouble when a service is running and the server is being patched. Something like radio buttons to stop the services would be good. There is no option to see all the servers we patch and we cannot find what the server status is. Of course, we can what has been completed and what is pending and which servers have failed, but we cannot find server status from the BMC tool. For example, is the RDP up or not. We are using separate scripts for that. We are doing that 150 or 200 servers at a time. If some of the servers fail, we don't know exactly. It shows, out of 200 servers, that ten or 15 servers have a "failed" status. So we need to log in to the servers, if we don't know scripting. That's why we are using the scripting, to know what the RDP status. We check manually or we use the scripting to find the status on them. In addition, we are always getting complaints from the security team. They say, "You guys did patching on these servers, but there are still some packages are missing." If BMC is not integrated with the security tools, we will definitely continue getting complaints like that. BladeLogic needs to be integrated with security tools, like Nexpose and Cisco. Then we can see which servers are patched successfully and there will be no complaints from security.
I would like to see a better methodology for handling REST calls and integration into the APIs. They add new APIs as they add functions, but they've missed some from older components which they still haven't added in. Some of the APIs are there but the CLI calls are not there. I do a lot of development work. We do a lot of very deep, customized work. So that makes it a little harder. I would also like to see more integration with other vendors, like automation out of Splunk or working with a vendor like Datadog for monitoring. I would like to be able to easily integrate with their tool to be able to initiate automation from monitoring events found with other vendors. I've found that although the tool is very powerful, and you can build all kinds of integrations yourself, there's a lot of upfront configuration to get them working with these vendors for which they've not built integrations. So although it's possible, it's a little more complicated than it should be. They should have these frameworks already built out to make it easier.