Network Compliance (CVP)

CloudVision continuously computes image and configuration compliances. If a device is either configuration, image, or extension non-compliant, CVP automatically generates a non-compliant event on the Compliance dashboard and flags the device as non-compliant on the Inventory screen.
Note: The event layout displays the running and designed configuration, related information about the device compliance, and the device bug/security advisory exposure.
A device configuration compliance is triggered in the following circumstances:
  • A configlet is assigned to either a device or Container
  • Configlet content changes affect all devices to which the configlet has been mapped
  • A device restarts streaming after you make the changes mentioned above
  • A device is edited
Figure 1. Device Out of Config Compliance Event
Compliance statuses of image and switch configuration are computed when the following entities are edited:
  • Running or designed configurations
  • Extensions or EOS versions
Note: The compliance status of device and parent container icons update automatically.
An image configuration compliance is triggered in the following circumstances:
  • An image bundle is either applied or removed from either device or container
  • An image bundle content is edited
  • EOS version is edited
  • EOS image version changes due to an image upgrade or downgrade
Figure 2. Device Out of Image Compliance Event

An extension configuration compliance is triggered when extensions are edited.

Figure 3. Device Out of Extension Compliance Event

The Compliance Overview dashboard from the Devices tab presents the number of devices and their compliance status in the following categories:

  • Bug Exposure
  • Security Advisories
  • Configuration Compliance
  • Image Compliance

Sections in this chapter include: