This documentation supports the 11.2 version of BMC Discovery.

To view an earlier version of the product, select the version from the Product version menu.


DISCO

BMC Discovery 11.2

All versions
The goal of BMC Discovery is to automate asset discovery and identify systems in the network and obtain relevant information from them as quickly as possible and with the lowest impact, using a variety of different tools and techniques to communicate.

Release notes and notices
updated 04 Dec
This set of Release Notes describes version 11.2 of BMC Discovery.

Tip

To stay informed of changes to this list, click the  icon on the top of this page.

Node changes in Technology Knowledge Update TKU 2019-Dec-1

TKU December 2019 enhances the model for Cloud Regions and Cloud Services to be segregated by account. If you discover more than one AWS Account, more than one Azure Subscription or more than one GCP Project, all the data from Cloud Region through to individual nodes within services will be clearly separated, where before it was intermingled.

As a result, the keys of all CloudRegion and CloudService nodes, and many contained nodes will change, even if you only discover a single account. If you synchronize to a CMDB, the identities of the corresponding CIs will also change.

The existing nodes are not deleted automatically with the application of the TKU. To remove the old nodes from the BMC Discovery model, you can delete the patterns that were deactivated by the new patterns in the TKU. However, the old CIs in the CMDB will not be deleted automatically. The simplest way to remove them is to perform a resynchronization.


Enhanced support for AWS role-switching in Technology Knowledge Update TKU 2019-Dec-1

In the December TKU we have enhanced the support of AWS role-switching in discovery. Previously, it was only possible to specify a single role for an AWS credential. Now, you can specify a list of roles. This allows you to reduce the number of AWS credentials and associated Scheduled Scans that need to be maintained.

However, the new configuration to support role-switching cannot be added automatically to existing AWS credentials, and consequently, any existing scheduled AWS scans using those will fail. The workaround is straightforward. Simply click Edit on the scheduled scan, and then click Apply. In all likelihood you will edit all of your scheduled AWS scans to take advantage of the role-switching functionality. Using the Edit/Apply workaround enables you to continue scanning AWS without interruption.

Version history

The following table displays the version history of BMC Discovery 11.2:

DateTitleSummary
May 03, 201911.2 patch 6This release resolves important defects and security vulnerabilities. It also introduces a feature for restricting the paths on which you can run commands.
July 11, 201811.2 patch 5This release resolves important defects.
June 22, 201811.2 patch 4This release resolves important defects and security vulnerabilities.

11.2 patch 3This patch was not made generally available.
December 15, 201711.2 patch 2This release resolves important defects.
September 25, 201711.2 patch 1This release resolves important defects.
September 15, 201711.2For complete information about this release, see the features listed in the following section of this page.

You can only upgrade to version 11.2 from version 10.1 and later.

Model changes

BMC Discovery 11.2 changes the way that virtual machines are modeled. In previous releases VMs were modeled using a SoftwareInstance (SI) node with a vm_type attribute. They are now modeled using a Virtual Machine node which makes it easier to find and relate VMs to their containers and Hosts.

Logical databases are now stored in dedicated Database nodes rather than the DatabaseDetail nodes previously used. Dedicated Database nodes simplify the separation of databases from other database details. DatabaseDetail nodes are still used for other information about databases, for example schemas and tablespaces.

For more information, see 11.2 Enhancements and for full details of the changes, see Model changes.

CentOS 6 replaces Red Hat Enterprise Linux 6 in BMC Discovery 11.2

The upgrade to BMC Discovery 11.2 replaces Red Hat Enterprise Linux 6 with CentOS 6. CentOS is an enterprise-class Linux platform which is derived from, and aims to be functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL).

As CentOS is derived from, and aims to be functionally compatible with its upstream source, Red Hat Enterprise Linux, BMC performs the same testing against the Red Hat 6 STIGs.

When applying OS upgrades to BMC Discovery 11.2, ensure that you download and apply the Latest CentOS 6 operating system upgrade.

Release Notes

These Release Notes detail the following information:


Additional permissions required on XML and CSV APIs

The permission required to access the CSV and XML API has changed since BMC Discovery 11.0. If upgrading from BMC Discovery 11.0, you must grant the new API access permission (api-access group), or updating group permissions to include the api/access permission for users who require access to the CSV and XML web APIs. Existing integrations will fail if you do not add the permission.

Updated SSH server

The SSH server installed on BMC Discovery appliances 10.2 and later has been modified. This modification removes some weak ciphers and HMAC algorithms (and non-FIPS approved) from the list of allowed connections. Therefore, some older versions of ssh clients might be unable to connect. The following client versions (or later) have been tested and are known to work:

  • PuTTY (0.64)
  • WinSCP (5.7.2)
  • mRemoteNG (1.72 using ssh2)
  • MobaXterm (6.5)
  • KiTTY (0.63.2.2)
  • Bitvise SSH Client (6.22)

BMC Atrium Discovery OS and application software have been tested and found to be free from susceptibility to date/time issues which may occur as the result of the additional day in a leap year.


Discovering cloud services

 

Information for anyone who is starting to use BMC Discovery to discover their cloud services.

Getting started

 

Intended for anyone who is starting to evaluate, use, or deploy BMC Discovery.


Installing

 

Information about installing the product and migrating product data.

Upgrading

 

Upgrade process, migration, and configuration.

Security

 

Provides information for security teams with the information required to verify the security of BMC Discovery and enable network administrators to run BMC Discovery in their environment.

Configipedia

 

Provides information on the products that BMC Discovery can discover and the level of information it can obtain. Configipedia also contains information on monthly TKU updates.

Troubleshooting

 

Details of possible problems and how to solve them.

Using

 

Introduction to the standard pages and methods of navigating the BMC Discovery UI.

Administering

 

Information required to manage and maintain BMC Discovery.

Developing

 

Information for developers describing the TPL and node lifecycle.

Integrating

 

Integrations with other products.
PDFs and videos
Unable to render {include} The included page could not be found.
Frequently asked questions

 


This section provide answers to frequently asked questions about BMC Discovery.


 What is the performance impact of running BMC Discovery?

Running BMC Discovery has a minimal impact on your environment. The discovery techniques used are non-intrusive, lightweight, and agent-free.

 What can BMC Discovery discover in the network?

BMC Discovery is IP-based and can discover any host system with an IP connection including servers, workstations, network nodes, printers, wireless access points, and so on. In actuality, though, we aim BMC Discoveryat datacenter discovery, and it is optimized to that purpose. For this reason, we do not explicitly support more client-side items, such as wireless access points, workstations and so on. Any support for those that does exist is a side effect of our support for server-side discovery, and we are unlikely to invest in improving it.

 What discovery techniques do you use?

BMC Discovery uses a range of discovery techniques where appropriate. These include:

  • Network scanning (looking for services on well-known TCP and UDP ports on IP-reachable machines).
  • Remote command execution (looking at specific processes running on each node, querying package managers, and querying established inter-process communications mechanisms).
  • SNMP (MIBs provide a rich source of management information).
 Will any network security need to be disabled for the discovery process?

Obviously, the BMC Discovery appliance must be able to reach the network in order to discover hosts. However, various methods of providing secure access are possible without disabling firewalls and access control policies, including using VPN tunnels and using Windows proxy for BMC Discovery appliances. Some IDS systems might identify certain activities (such as port scans) as suspicious.

 What is the impact of my applications running on platforms that are not supported by BMC Discovery?

The discovery process will identify endpoints on such computers if they are visible from other hosts. You will need to complete details of programs running on them manually, though it might also be possible to categorize some of the components of the applications running on the unsupported platform either by which port it, or its counterpart, is listening on.

 Can the product introduce any risk into my network or application infrastructure?

To provide a clear picture of your total IT infrastructure, BMC Discovery will actually reduce risk in your network by allowing you to weed out rogue elements that do not meet corporate policy, are out of date, or provide potential security holes. 
The BMC Discovery discovery process uses standard techniques that do not de-stabilize elements of the infrastructure. 
Since there are always risks with deploying new technology, BMC's implementation plan involves analyzing areas of potential risk and achieving the right balance of risk and reward. BMC's test plan is also aimed at minimizing risk, ideally including testing in the customer's test environment.

 Do I need to install any software on other computers?

The BMC Discovery ethos is agent-free management. BMC does not believe the logistical challenges associated with having an agent on every node is justifiable, so no BMC Discovery-specific software needs to be installed on other computers. The BMC Discovery user interface is entirely web-based.

 Why is agent-free discovery so important?

Agent-based discovery relies upon a level of control of asset deployment that does not exist in most businesses. It also implies a significant cost overhead to maintain agents on each platform, including approving, testing and deploying the agents. Finally, agents might not be available for the range of target platforms that your organization uses. We use standard techniques that have individually been authorized and deployed.

 Does BMC Discovery integrate with other products?

Yes, BMC Discovery integrates with the following products:

  • Rest APIs: The REST API is intended to be used by a script or program that wants to interact with and control a BMC Discovery appliance from a remote machine.
  • Export APIs (CSV and XML): The BMC Discovery Export APIs enable users to interrogate the datastore using a script or program, and receive data back as a stream of text, an empty string, or a return code. 
  • CyberArk Enterprise Password Vault: CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans.
  • BMC CMDB: BMC Discovery can synchronize discovered data to BMC CMDB using CMDB synchronization.
  • BMC Remedy Single Sign-On: BMC Remedy Single Sign-On (BMC Remedy SSO) is an authentication system that supports various authentication protocols such as LDAP and provides single sign-on for users of BMC products.

 How do I reset the BMC Discovery user password?

If you forget your user interface (UI) password to log in to BMC Discovery, you can reset the password at the command line.

The tw_passwd utility enables you to change the password of a specified user interface user. To use the utility, enter the following command at command prompt:

tw_passwd username

where username is the name of the UI user to change.

For example:

[tideway@DE-32 ~]$ tw_passwd fred
New password:
Retype password:
Password set for user 'fred'.
[tideway@DE-32 ~]$

Changing passwords for command line users

The tw_passwd utility is for changing UI users' passwords. To change the passwords for command line users, as the root user, use the Linux command passwd. This is described in Changing the root and user passwords


If you have any other questions about BMC Discovery, contact Customer Support.
Related products and documentation

BMC Discovery integrates with the following products:

BMC Atrium CMDB

BMC Discovery can synchronize discovered data to BMC Atrium CMDB using CMDB synchronization

BMC PATROL

BMC PATROL is a systems, applications, and event management tool. It provides an environment to modify the BMC Discovery firewall.

BMC Atrium Orchestrator 

BMC Atrium Orchestrator integrates, automates, and orchestrates processes across multiple applications and tools. When integrated with BMC Discovery, BMC Atrium Orchestrator triggers a rescan of the virtual machine that was moved, and the source and destination hosts.

BMC Remedy Single Sign-On

BMC Remedy Single Sign-On (BMC Remedy SSO) is an authentication system that supports various authentication protocols such as LDAP and provides single sign-on for users of BMC products. BMC Discovery provides an integration with BMC Remedy Single Sign-On makes use of same LDAP server as BMC Remedy Single Sing-On.

REST API

The REST API is intended to be used by a script or program that wants to interact with and control a BMC Discovery appliance from a remote machine.

CyberArk Enterprise Password Vault

CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans.


 
Was this page helpful? Yes No Submitting... Thank you
Last modified by Vinay Bellare on Dec 04, 2019
nopdf bmc-home-page-index

Comments

© Copyright 2004 - 2020 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2020 BMC Software, Inc.