Discovering Windows Hosts

To discover Windows hosts, BMC Atrium Discovery uses one or more Windows proxies. Once the BMC Atrium Discovery appliance decides that a discovery target is running a Windows operating system, it uses a proxy to interrogate the target. Often, the proxy is also responsible for providing authentication and authorization of the discovery activities.

There are two types of proxy:

  • Active Directory Proxy — runs as an Active Directory user, and uses those user credentials to connect to Windows hosts within the Active Directory domain. Credentials are not stored in the BMC Atrium Discovery credential vault.
  • Credential Proxy — runs as a local administrator user. Credentials are stored in the BMC Atrium Discovery credential vault and are provided to the proxy as required.

A single Windows host may run both types of proxy. To handle complex Active Directory environments, it is possible to run multiple Active Directory proxies as different users. The Active Directory proxy can also be used in a legacy Windows Workgroup environment to connect to workgroup members using the proxy's workgroup credentials.

The Proxy manager is used to manage the running proxies and their configuration, and to establish secure connections with approved BMC Atrium Discovery appliances.

Installing and running Windows proxies

Installing or upgrading Windows proxies where anti-virus software is installed

Before installing Windows discovery proxies you should either disable the anti-virus software or configure it to exclude RemQuery from triggering a virus alert. You can enable the anti-virus software once the Windows proxy has been installed.

The Windows Proxy installer is downloaded from the BMC Atrium Discovery appliance user interface. Visit Discovery > Tools and download the installer. Both kinds of proxy, and the proxy manager, are in the same installer.

The installer prompts for the installation directory and whether to create start menu items. It also permits you to choose whether to create Active Directory and Credential proxies. In each case, credentials for a suitable user may be provided. If you do not create the proxies, or you do not enter credentials at this stage, you may do so later using the Proxy Manager. If proxies are created at this stage, the installer gives the option of registering the proxies with the appliance from which the installer was downloaded. Registration in this way opens a web browser displaying the appliance UI, and is therefore only possible if the Windows proxy host has web access to the appliance.

To modify the proxies that are running, or add new ones, run the Proxy Manager from the Start menu, by default under BMC Software > ADDM Proxy > Proxy Manager.

The Active Directory proxy must be given the credentials of an Active Directory user. Ideally the user should be a domain administrator. If that is not possible, the user must have a range of permissions, and discovery capabilities will be limited. The Credential proxy should run as a local Windows user with administrator privileges.

Each proxy listens on a particular port. The default ports are 4321 for the Active Directory proxy and 4323 for the Credential proxy. Whichever ports you choose must be reachable from the BMC Atrium Discovery appliance, so the Windows firewall and any intermediate network firewalls must allow connections from the appliance's IP address.

When scanning a Windows discovery target, the BMC Atrium Discovery appliance chooses a Proxy Pool based on the target's IP address. Often, a pool contains a single proxy, but if the proxy becomes a bottleneck, a pool can contain several proxies.

Connecting a Windows proxy to an appliance

For security, the proxy and the appliance must exchange certificates and each end must confirm the connection.

If it is possible to access the appliance web user interface from the Windows machine running the proxy, you may set up the connection between appliance and proxy from the Proxy Manager user interface:

  1. In the Proxy Manager, choose Edit menu > Known Appliances

  2. Press the green plus icon to add an appliance
  3. Enter the appliance address, and select Contact
  4. The proxy manager exchanges certificates with the appliance and displays the appliance fingerprint. Assuming the fingerprint is correct, select Register
  5. A browser window opens, displaying the Create Proxy page. Confirm the details and select Apply

If there is no web access from the Windows proxy machine to the appliance, the proxy connection must be initiated from the appliance user interface and confirmed in the Proxy Manager:

  1. In the appliance web user interface, visit Discovery > Credentials > Windows Proxies
  2. If need be, add a new Proxy Pool using the Add... button
  3. In the chosen Proxy Pool, select Actions > Add Windows Proxy
  4. Enter a proxy name and address, and select Apply. The user interface shows Approve this appliance in the proxy manager
  5. In the Proxy Manager, choose Edit menu > Known Appliances
  6. The new appliance is shown in orange with a status Pending approval
  7. Double click the entry then choose Approve

 

Was this page helpful? Yes No Submitting... Thank you

Comments