BMC Discovery 11.2
To stay informed of changes to this list, click the this page.icon on the top of
Node changes in Technology Knowledge Update TKU 2019-Dec-1
TKU December 2019 enhances the model for Cloud Regions and Cloud Services to be segregated by account. If you discover more than one AWS Account, more than one Azure Subscription or more than one GCP Project, all the data from Cloud Region through to individual nodes within services will be clearly separated, where before it was intermingled.
As a result, the keys of all CloudRegion and CloudService nodes, and many contained nodes will change, even if you only discover a single account. If you synchronize to a CMDB, the identities of the corresponding CIs will also change.
The existing nodes are not deleted automatically with the application of the TKU. To remove the old nodes from the BMC Discovery model, you can delete the patterns that were deactivated by the new patterns in the TKU. However, the old CIs in the CMDB will not be deleted automatically. The simplest way to remove them is to perform a resynchronization.
Enhanced support for AWS role-switching in Technology Knowledge Update TKU 2019-Dec-1
In the December TKU we have enhanced the support of AWS role-switching in discovery. Previously, it was only possible to specify a single role for an AWS credential. Now, you can specify a list of roles. This allows you to reduce the number of AWS credentials and associated Scheduled Scans that need to be maintained.
However, the new configuration to support role-switching cannot be added automatically to existing AWS credentials, and consequently, any existing scheduled AWS scans using those will fail. The workaround is straightforward. Simply click Edit on the scheduled scan, and then click Apply. In all likelihood you will edit all of your scheduled AWS scans to take advantage of the role-switching functionality. Using the Edit/Apply workaround enables you to continue scanning AWS without interruption.
The following table displays the version history of BMC Discovery 11.2:
|May 03, 2019||11.2 patch 6||This release resolves important defects and security vulnerabilities. It also introduces a feature for restricting the paths on which you can run commands.|
|July 11, 2018||11.2 patch 5||This release resolves important defects.|
|June 22, 2018||11.2 patch 4||This release resolves important defects and security vulnerabilities.|
|11.2 patch 3||This patch was not made generally available.|
|December 15, 2017||11.2 patch 2||This release resolves important defects.|
|September 25, 2017||11.2 patch 1||This release resolves important defects.|
|September 15, 2017||11.2||For complete information about this release, see the features listed in the following section of this page.|
You can only upgrade to version 11.2 from version 10.1 and later.
BMC Discovery 11.2 changes the way that
vm_type attribute. They are now modeled using a Virtual Machine node which makes it easier to find and relate VMs to their containers and Hosts.
Logical databases are now stored in dedicated Database nodes rather than the DatabaseDetail nodes previously used. Dedicated Database nodes simplify the separation of databases from other database details. DatabaseDetail nodes are still used for other information about databases, for example schemas and tablespaces.
CentOS 6 replaces Red Hat Enterprise Linux 6 in BMC Discovery 11.2
The upgrade to BMC Discovery 11.2 replaces Red Hat Enterprise Linux 6 with CentOS 6. CentOS is an enterprise-class Linux platform which is derived from, and aims to be functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL).
As CentOS is derived from, and aims to be functionally compatible with its upstream source, Red Hat Enterprise Linux, BMC performs the same testing against the Red Hat 6 STIGs.
When applying OS upgrades to BMC Discovery 11.2, ensure that you download and apply the Latest CentOS 6 operating system upgrade.
These Release Notes detail the following information:
- 11.2 Enhancements
- Known and corrected issues
- Important information for users of BMC Atrium CMDB
- Technical bulletins
- Supported versions of BMC Discovery
- Product announcements
- Limitations and restrictions of this version
Additional permissions required on XML and CSV APIs
or updating group permissions to include the api/access permission
Updated SSH server
The SSH server installed on BMC Discovery appliances 10.2 and later has been modified. This modification removes some weak ciphers and HMAC algorithms (and non-FIPS approved) from the list of allowed connections. Therefore, some older versions of ssh clients might be unable to connect. The following client versions (or later) have been tested and are known to work:
- PuTTY (0.64)
- WinSCP (5.7.2)
- mRemoteNG (1.72 using ssh2)
- MobaXterm (6.5)
- KiTTY (0.63.2.2)
- Bitvise SSH Client (6.22)
BMC Atrium Discovery OS and application software have been tested and found to be free from susceptibility to date/time issues which may occur as the result of the additional day in a leap year.
Information for anyone who is starting to use BMC Discovery to discover their cloud services.
Intended for anyone who is starting to evaluate, use, or deploy BMC Discovery.
Information about installing the product and migrating product data.
Upgrade process, migration, and configuration.
Provides information for security teams with the information required to verify the security of BMC Discovery and enable network administrators to run BMC Discovery in their environment.
Provides information on the products that BMC Discovery can discover and the level of information it can obtain. Configipedia also contains information on monthly TKU updates.
Details of possible problems and how to solve them.
Introduction to the standard pages and methods of navigating the BMC Discovery UI.
Information required to manage and maintain BMC Discovery.
Information for developers describing the TPL and node lifecycle.
Integrations with other products.
This section provide answers to frequently asked questions about BMC Discovery.
Running BMC Discovery has a minimal impact on your environment. The discovery techniques used are non-intrusive, lightweight, and agent-free.
BMC Discovery is IP-based and can discover any host system with an IP connection including servers, workstations, network nodes, printers, wireless access points, and so on. In actuality, though, we aim BMC Discoveryat datacenter discovery, and it is optimized to that purpose. For this reason, we do not explicitly support more client-side items, such as wireless access points, workstations and so on. Any support for those that does exist is a side effect of our support for server-side discovery, and we are unlikely to invest in improving it.
BMC Discovery uses a range of discovery techniques where appropriate. These include:
- Network scanning (looking for services on well-known TCP and UDP ports on IP-reachable machines).
- Remote command execution (looking at specific processes running on each node, querying package managers, and querying established inter-process communications mechanisms).
- SNMP (MIBs provide a rich source of management information).
Obviously, the BMC Discovery appliance must be able to reach the network in order to discover hosts. However, various methods of providing secure access are possible without disabling firewalls and access control policies, including using VPN tunnels and using Windows proxy for BMC Discovery appliances. Some IDS systems might identify certain activities (such as port scans) as suspicious.
The discovery process will identify endpoints on such computers if they are visible from other hosts. You will need to complete details of programs running on them manually, though it might also be possible to categorize some of the components of the applications running on the unsupported platform either by which port it, or its counterpart, is listening on.
To provide a clear picture of your total IT infrastructure, BMC Discovery will actually reduce risk in your network by allowing you to weed out rogue elements that do not meet corporate policy, are out of date, or provide potential security holes.
The BMC Discovery discovery process uses standard techniques that do not de-stabilize elements of the infrastructure.
Since there are always risks with deploying new technology, BMC's implementation plan involves analyzing areas of potential risk and achieving the right balance of risk and reward. BMC's test plan is also aimed at minimizing risk, ideally including testing in the customer's test environment.
The BMC Discovery ethos is agent-free management. BMC does not believe the logistical challenges associated with having an agent on every node is justifiable, so no BMC Discovery-specific software needs to be installed on other computers. The BMC Discovery user interface is entirely web-based.
Agent-based discovery relies upon a level of control of asset deployment that does not exist in most businesses. It also implies a significant cost overhead to maintain agents on each platform, including approving, testing and deploying the agents. Finally, agents might not be available for the range of target platforms that your organization uses. We use standard techniques that have individually been authorized and deployed.
Yes, BMC Discovery integrates with the following products:
- Rest APIs: The REST API is intended to be used by a script or program that wants to interact with and control a BMC Discovery appliance from a remote machine.
- Export APIs (CSV and XML): The BMC Discovery Export APIs enable users to interrogate the datastore using a script or program, and receive data back as a stream of text, an empty string, or a return code.
- CyberArk Enterprise Password Vault: CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans.
- BMC CMDB: BMC Discovery can synchronize discovered data to BMC CMDB using CMDB synchronization.
- BMC Remedy Single Sign-On: BMC Remedy Single Sign-On (BMC Remedy SSO) is an authentication system that supports various authentication protocols such as LDAP and provides single sign-on for users of BMC products.
If you forget your user interface (UI) password to log in to BMC Discovery, you can reset the password at the command line.
tw_passwd utility enables you to change the password of a specified user interface user. To use the utility, enter the following command at command prompt:
where username is the name of the UI user to change.
Changing passwords for command line users
tw_passwd utility is for changing UI users' passwords. To change the passwords for command line users, as the root user, use the Linux command
passwd. This is described in Changing the root and user passwords
If you have any other questions about BMC Discovery, contact Customer Support.
BMC Atrium CMDB
BMC Discovery can synchronize discovered data to BMC Atrium CMDB using CMDB synchronization.
BMC Atrium Orchestrator
BMC Atrium Orchestrator integrates, automates, and orchestrates processes across multiple applications and tools. When integrated with BMC Discovery, BMC Atrium Orchestrator triggers a rescan of the virtual machine that was moved, and the source and destination hosts.
BMC Remedy Single Sign-On
BMC Remedy Single Sign-On (BMC Remedy SSO) is an authentication system that supports various authentication protocols such as LDAP and provides single sign-on for users of BMC products. BMC Discovery provides an integration with BMC Remedy Single Sign-On makes use of same LDAP server as BMC Remedy Single Sing-On.
The REST API is intended to be used by a script or program that wants to interact with and control a BMC Discovery appliance from a remote machine.
CyberArk Enterprise Password Vault
CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans.