Introduction to cloud discovery
Using BMC Discovery, you can discover your cloud services in much the same way as you would discover your on-premises infrastructure. You add a suitable credential, perform a discovery run, which may be snapshot or scheduled, and view the results. In a consolidating system the results are consolidated, and if your system uses CMDB synchronization, they are synchronized accordingly.
A significant difference is that cloud discovery uses the cloud vendor's API to extract data on your cloud services, rather than the direct access used in scanning your on-premises infrastructure. For example, an AWS scan will return information about EC2 Instances as VirtualMachine nodes but it will not be able to collect information about what is running on those EC2 Instances, as that information isn't reported by the AWS API. To obtain details of what these machines are doing a Host scan also needs to done. BMC Discovery ties all of the data together to provide a broad, coherent view.
BMC Discovery supports multi-cloud applications and services; that is, if your applications or services span clouds from more than one provider, they are discovered and linked correctly.
The cloud scan is different from other scan types as it simply retrieves information from the cloud provider API.
Currently, BMC Discovery supports a number of cloud providers and discovering them is described in the following topics:
- Discovering Amazon Web Services
- Discovering Google Cloud Platform
- Discovering Microsoft Azure
- Discovering OpenStack
- Discovering Cloud Tags
The following diagram illustrates the cloud discovery process:
Performing cloud discovery
BMC Discovery combines data from the cloud API with host level discovery data to provide rich dependency mapping of your cloud services.
A "cloud scan" is similar to a normal scan, but instead of scanning a list of IPs, it connects to the API of the cloud provider and collects information directly.
To discover your cloud services, you must:
- Create a credential in the vendor's cloud configuration tool. For example,
- AWS - the Amazon Identity and Access Management (IAM) console
- Azure - Microsoft Azure portal
- OpenStack - the OpenStack dashboard.
- Add the cloud credential to BMC Discovery. The parameters required depend on the cloud vendor that the credential is to be used to discover.
- Perform a cloud discovery run, snapshot or scheduled. The parameters required for the run depend on the cloud provider, but they are usually:
Provider – the cloud provider.
Credential – the cloud credential to use.
Region – the region to scan.
Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud dashboard to find the hosts.
Scanning the hosts assumes that the appliance or proxy has network access to hosts running in the cloud, for example, using a VPN.
Examine the results.
Before you proceed with the cloud scan, ensure that a cloud credential is configured on your appliance. Create a cloud provider user account and access key. For more general information on credentials, see configuring credentials.
Cloud Overview dashboard
BMC Discovery also provides a Cloud Overview dashboard which gives an overview of the cloud providers, cloud regions, cloud services, administrative collections, and deployments discovered. It also displays a number of charts including public cloud usage, a breakdown of VM types (size) for each provider. It provides a report of unscanned cloud hosts which is useful for scanning the hosts running the VMs discovered in the cloud scan.
An example Cloud Overview dashboard is shown below:
The reporting section of the cloud dashboard shows the cloud-related reports that are available:
Unscanned Cloud Hosts
Show Virtual Machines where the associated Host has not been scanned
- Summary of user defined cloud tags
Lists the discovered cloud tags and how many nodes that have them. Useful starting point for other, tag specific reports.
- Cloud elements with a particular user defined tag
Shows cloud hosted elements that are tagged with a particular user defined tag. Can return multiple node kinds, click through to see the node and the value of the chosen tag.
- Cloud elements missing a particular user defined tag
Shows cloud hosted elements that are missing a particular user defined tag. Can return multiple node kinds, click through to to see the nodes and the tags that are set.
- Cloud elements without any user defined tags
Shows cloud hosted elements that do not have any user defined tags. Can return multiple node kinds.