Configuring the BMC Discovery connector

BMC Discovery connector establishes connection with BMC Discovery to find all the assets in a network. BMC discovery obtains information about the assets even if they are not enrolled in the endpoint manager, TrueSight Server Automation. As an administrator, when you integrate BMC Helix Automation Console or TrueSight Automation Console with BMC Discovery, you can identify which assets in your environment are not included in vulnerability scans. These are blind spots, and they represent potential security risks. The blind spot assets appear on the Discovered Assets page. This helps to ensure that the discovered assets are scanned for missing patches, compliances, and vulnerabilities.

Important

Discovery integration is supported with TrueSight Server Automation endpoint only.

Important

  • When you edit the connector configuration, ensure that the server belongs to the Load Balancer setup or the Disaster Recovery setup in the same environment as the existing connector host. If you specify a new server outside of the Load Balancer setup or the Disaster Recovery setup, the existing data is duplicated leading to confusion and mismanagement.
  • When you configure the BMC Discovery connector on BMC Helix Automation Console or on TrueSight Automation Console, ensure that the Discovery Cloud Connector and the On-Prem Discovery connector are not configured together. If you do, then the data is duplicated leading to confusion and mismanagement.

Before you begin

Before running the connector, ensure that the connector is installed and run on Windows or Linux operating systems that match the following criteria:

  • AdoptOpenJDK Runtime Environment 17 is installed on the connector host

  • Port requirements:

    Port

    Protocol

    From

    To

    Notes

    open and usable port on connector VM

    HTTPS

    Connector

    HAC SaaS and Internet

    Outbound

    443 OR <Customer configured port>

    HTTPS

    Connector

    Discovery Server 

    Outbound

    open and usable port on connector VM

    HTTPS

    Discovery Server 

    Connector

    Inbound

Configuring the BMC Discovery connector

To configure the connector, do these steps: 

  1. Login to BMC Helix Automation Console.
  2. Go to the briefcase menu on the top right, and click Connectors > Add a Connector.
  3. Depending on your requirement, select one of the following connectors:
    • From the on-premises connectors, select the BMC Helix Discovery Connector, and click Continue
    • From the cloud based connectors, select Discovery Cloud Connector.
  4. On the Add a connector page, provide the following details:

    1. Enter the connector name. Example: BMC Helix Discovery Connector.
    2. Enter the endpoint URL, in an FQDN format, with the port number where BMC Discovery is available. Example: https://<DISCOVERY_FQDN>:443
    3. Select one of the authentication type: 
      • Token Based: Provide the token.
      • User Credential Based: Enter a username and password required to log on to BMC Discovery. 
        If using a user credential based approach, a service account is created for this integration.
        After entering the password, click Save.
    4. Select one of the Business Service Configuration options: 
      • Create Business Services for all Business Application Instances. Select to import all business services from Discovery.
      • Create Business Service based on Subgroup name where manual Group name is: Provide a group name created in Discovery endpoint. For example, if you want business service based on the manual group named ProdLinux::AIX from the discovery endpoint, then specify ProdLinux. This will list only AIX business service in Automation Console. You can provide multiple comma-separated group names. For example, ProdLinux, ProdWindows
        Note: Make sure that the user belongs to the API access group.
        For information about creating groups in BMC Helix Discovery, see Creating manual groups Open link . For more information about Business Services, Business Applications, see  Start anywhere application modeling Open link
    5. In the Collection Mode area, specify the data collection interval. 
      By default, the time interval is 60 minutes. Minimum acceptable is 5 minutes and maximum is 10080 minutes.
    6. In the Share with area, add a list of security groups that can access the Discovered Assets page. Example: ITManagers, PatchingUser
    7. In the Exclude IPs/Hosts/Range area, add a list of hosts/IPs/range (only IPv4) for which resources are not be fetched from Discovery. (The list should be comma-separated and may consist of hosts/IPs/IPv4 range combinations. For example, 192.168.1.100,abc.xyz.com,192.168.10.100-192.168.10.200).
      Limitation:- If you provide similar IPv4 ranges, the last range is considered.
      Example:- 10.12.11.100-10.12.11.200,10.12.11.150-10.12.11.200

      In this case, the last range 10.12.11.150-10.12.11.200 will be considered for exclusion.

  5. Click Continue and download the connector zip file on a local host for an on-premises connector. As a cloud connector starts working after configuring, you need not download the zip file.
  6. On the server where the connector file is downloaded and extracted, go to the connector location, and run the following command to install and start the connector: 
    • Windows: run.bat
    • Linux: run.sh

    The connector starts running successfully. You can view the connector status on the Connectors page. 
    To verify the on-prem Discovery connector logs, open the On-Prem Discover connector folder and view logs > connector.log.

Enabling debug mode

BMC recommends that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.

Do this:

  1. Press CTRL+C twice to stop the connector, if its already running
  2. Go to <ConnectorLocation>/config, open the collector.properties file, set  the following parameter to debug, save the file

    ######## ADVANCED CONFIGURATION #########
    config.log_level=debug
  3. Restart the connector.

Where to go next?

Now that you have successfully configured the connector and added a service account, based on the data refresh cycle configured in the service account, the assets appear in Automation Console, under Assets > Discovered Assets page. To view discovered assets, see, Working with assets.

Was this page helpful? Yes No Submitting... Thank you

Comments