Consolidation

Consolidation refers to the centralization of discovery data from scheduled or snapshot scans on multiple scanning appliances to one or more consolidation appliances. You might want to use consolidation in the following scenarios:

  • Firewalled environments: When an environment is divided by firewalls so that a single appliance is unable to reach all parts, a scanning appliance can be situated on each section of the network blocked by a firewall. The scanning appliances can all feed back data to a central consolidation appliance.
  • Restricted (policy) networks: Certain lines of business might enforce policies on the control of IT infrastructure in their environments. Where such policies limit or prohibit access, scanning appliances can be deployed which all feed back data to a central consolidation appliance.
  • Restricted (time) scanning windows: Where a discovery window is short, a single appliance may be unable to complete a scan of a large range of IP addresses during the permitted time. Sharing the IP addresses between multiple scanning appliances means each smaller scan can be completed in less time, and the results can be consolidated and viewed on the consolidation appliance.

In each of these situations, multiple scanning appliances can be deployed, and their data consolidated into a central consolidation appliance. The consolidation appliance is then used for reporting and provides a coherent view of the entire scanned network. A consolidation appliance must be set as one which accepts connections or feeds from scanning appliances. Scanning appliances must in turn register with a consolidation appliance.

Consolidation Appliance: The main purpose of the consolidation appliance is to report on data consolidated from a number of other scanning appliances. It can also perform normal discovery, although this is not recommended.
Scanning Appliance: The scanning appliance also operates as a normal standalone appliance. The only difference is that it constantly sends discovery data to the consolidation appliance. After setting up, this process is transparent to the user. A scanning appliance must request and be approved on a consolidation appliance before it can send any consolidation data to that appliance. This is described in Approving or rejecting a scanning appliance request.

On the consolidation appliance user interface, the Discovery Currently Processing Runs tab shows any local scans and any consolidation runs in progress. The Discovery Currently Processing Runs is described in The Discovery Status page. The tab is shown below:
This screen illustrates the discovery status page for a consolidating appliance.

What is consolidated?

The consolidated data is the BMC Atrium Discovery Directly Discovered Data (DDD) Nodes including the data collected by the patterns. The data inferred by the scanning appliances, for example, SoftwareInstance nodes, is not consolidated, but the consolidation appliance will infer it again (based on its pattern configuration).

TKU release, patterns, CSV imports and consolidation

The TKU release package and custom patterns that are loaded on the scanning and consolidation appliances must be the same in order to infer the same data, for example, SoftwareInstance nodes. This is not enforced in any way by the system.
The data imported via CSV in a scanning appliance will not be consolidated. It has to be imported in the consolidation appliance too.

Restrictions

BMC Atrium Discovery version 9.0 introduced major changes in the data model. As a result of these model changes, you cannot consolidate BMC Atrium Discovery version 9.0 appliances with any previous version. If you try to do so, warning messages are shown on the version 9.0 appliance UI. If, while using an earlier version, you attempt to register with a version 9.0 appliance, the attempt fails with an authentication error shown in the earlier version's UI.

For pre-version 9.0 consolidating systems, the consolidator version should be at least the same version as the scanning appliances. This is not enforced by the system.

Integration points and consolidation

A consolidation appliance is capable of performing discovery although this is not recommended. The one situation in which a consolidation appliance does perform discovery is where an integration point request fails on the scanning appliance. In this case, the consolidation appliance will attempt to perform the integration point request on the discovery target.

Configuring consolidation

Configuring consolidation is a two step procedure. Initially the appliance which is to be the consolidation appliance must be set as a consolidation appliance, and then one or more scanning appliances register with the appliance. To configure consolidation you need the permissions detailed in Consolidation Permissions.

Firewalls and consolidation

Consolidated appliances use port 25032 to communicate. The scanning appliance must be able to connect to port 25032 on the consolidation appliance. You must configure any firewalls between scanning appliances and consolidation appliances to allow this traffic.

Consolidation appliances communicate using port 25032, and the port is open whether or not an appliance is configured as a consolidation appliance. Therefore you cannot, for example, telnet to the appliance IP address and port 25032 to determine whether it is a consolidation appliance.

To set an appliance as a consolidation appliance

  1. From the Discovery section of the Administration tab, select Discovery Consolidation.
    The Consolidation page is displayed.
    You cannot use consolidation if the appliance is named Discovery_Appliance. A warning is displayed including a link to where you can change the appliance name.
  2. In the Consolidation page, click Set as Consolidation Appliance.
    The appliance is now configured as a consolidation appliance.

To set an appliance as a scanning appliance

  1. From the Discovery section of the Administration tab, select Discovery Consolidation.
  2. In the Consolidation page, click Set as Scanning Appliance.
    This dialog enables you to specify a Consolidation target. Enter or edit the following information in the dialog:

    Field Name

    Details

    Name

    The name of the scanning appliance. Names must be unique in the consolidation network and you cannot consolidate a scanning appliance with the default name, Discovery_Appliance. The name is taken from the Administration => Appliance Configuration => Identification page. See Initial configuration. A change link is provided which displays the Identification page. In the identification page you can change the name of the appliance. You can only consolidate appliances which have unique names.

    Consolidation Appliance

    The IP address or the hostname of the target consolidation appliance.

    You can supply credentials for the consolidation appliance in this dialog. If you supply valid credentials here, the scanning appliance is approved automatically.

    Username

    The user name for a user on the consolidation appliance. This user must have appropriate permissions to approve the connection of the scanning appliance to the consolidation appliance.

    Password

    The password for the user on the consolidation appliance.


    If you supplied valid credentials for automatic approval on the consolidation appliance, then the scanning appliance is now configured and working as a scanning appliance.
    This screen illustrates a successful working scanning appliance.

Approving or rejecting a scanning appliance request

After a request (without automatic approval) has been made from a scanning appliance, it requires approval on the consolidation appliance.

To approve or reject a pending scanning appliance request:

  1. From the Administration tab on the consolidation appliance, select Discovery Consolidation from the Discovery section.
    In the following example, the "Tideway05" appliance has requested to become a scanning appliance.
    This screen illustrates the Tideway05 appliance has requested to become a scanning appliance.
    • To accept the appliance connection, click Approve.
    • To reject the request, click Reject. When you do this, the connection is deleted from the consolidation appliance and when no connections remain the scanning appliance reverts back to a non-consolidated appliance.

When consolidation is running

Once consolidation has been set up, whatever scanning takes place on the scanning appliance is automatically sent to the consolidation appliance as soon as possible after the scan of an endpoint is complete. On the consolidation appliance, runs are displayed that are marked specifically as consolidation runs and can be viewed from the Discovery Status page.

Discovery must be running on the consolidation appliance for consolidation to take place. If Discovery is not running, the consolidation appliance will refuse to accept data from the scanning appliance. The scanning appliance will attempt to resend data later. Also, if Discovery is stopped on the consolidation appliance, it will stop consolidating any data it has already received.

Canceling consolidating discovery runs

You can cancel a consolidating discovery run from the scanning appliance or from the consolidation appliance. Where possible you should always cancel the discovery run on the scanning appliance. This is done by selecting the discovery run on the Discovery Status page of the scanning appliance and clicking Cancel Runs.

Canceling the discovery run at the scanning appliance enables the consolidation appliance to receive data from the scanning appliance. This stops the scan rather than the consolidation so that the two appliances' data remains consistent.

Canceling a consolidation run on the consolidation appliance stops the consolidation though the scan continues on the scanning appliance. This leads to inconsistencies between the data on the two appliances. Where possible you should always stop the scan on the scanning appliance and allow the consolidation to run to completion.

If you must cancel a consolidation run from the consolidation appliance, you can do so by selecting the discovery run on the Discovery Status page of the consolidation appliance and clicking Cancel Runs.

Was this page helpful? Yes No Submitting... Thank you

Comments