Network Compliance (CVP)
CloudVision continuously computes image and configuration compliances. If a device is either
configuration, image, or extension non-compliant, CVP automatically generates a
non-compliant event on the Compliance dashboard and flags the
device as non-compliant on the Inventory screen.
Note: The event
layout displays the running and designed configuration, related information about
the device compliance, and the device bug/security advisory exposure.
A device configuration compliance is triggered in the following circumstances:
- A configlet is assigned to either a device or Container
- Configlet content changes affect all devices to which the configlet has been mapped
- A device restarts streaming after you make the changes mentioned above
- A device is edited
/Device%20Out%20of%20Config%20Compliance%20Event.png)
Compliance statuses of image and switch configuration are computed when the following
entities are edited:
- Running or designed configurations
- Extensions or EOS versions
Note: The compliance status of device and parent container icons update
automatically.
An image configuration compliance is triggered in the following circumstances:
- An image bundle is either applied or removed from either device or container
- An image bundle content is edited
- EOS version is edited
- EOS image version changes due to an image upgrade or downgrade
/Device%20Out%20of%20Image%20Compliance%20Event.png)
An extension configuration compliance is triggered when extensions are edited.
/Device%20Out%20of%20Extension%20Compliance%20Event.png)
The Compliance Overview dashboard from the Devices tab presents the number of devices and their compliance status in the following categories:
- Bug Exposure
- Security Advisories
- Configuration Compliance
- Image Compliance
Sections in this chapter include: