Configuring discovery settings
You can configure Discovery settings by using the Discovery Settings page.
To configure Discovery settings
- From the main menu, click the Administration icon. The Administration page opens.
- In the Discovery section, click Discovery Configuration.
- Any settings that are not set by default are highlighted by a red change bar. The page is grouped into the following sections according to the type of settings:
- Make any required changes to the settings on this page and click Apply.
- To cancel any of your changes, click Reset To Defaults.
This section contains settings related to the ports that discovery uses.
TCP ports to use for initial scan
Enter the TCP ports that will be scanned on a first scan. Use this setting to prevent scanning of any ports that you want to avoid.
UDP ports to use for initial scan
Enter the UDP ports that will be scanned on a first scan. Use this setting to prevent scanning of any ports that you want to avoid. The default is port 161.
The default is port 22. Enter any custom ports to scan in a comma-separated list in the Change To column.
Only the default port 513 is supported so must be empty or 513.
Only the default port 135 is supported so must be empty or 135.
The default is port 23. Enter any custom ports to scan in a comma-separated list in the Change To column.
The default is port 21. Enter any custom ports to scan in a comma-separated list in the Change To column.
The default is port 161. Enter any custom ports to scan in a comma-separated list in the Change To column.
The default is port 80. Enter any custom ports to scan in a comma-separated list in the Change To column.
The default is port 443. Enter any custom ports to scan in a comma-separated list in the Change To column.
VMware Authentication Daemon ports
Only the default port 902 is supported so must be empty or 902.
Mainframe Host Server ports
The default is port 3940. Enter any custom ports to scan in a comma-separated list in the Change To column.
WBEM HTTP ports
The default is port 5988. Enter any custom ports to scan in a comma-separated list in the Change To column.
WBEM HTTPS ports
The default is port 5989. Enter any custom ports to scan in a comma-separated list in the Change To column.
Valid Port States
When nmap runs port scans, it returns a result of open, closed, or filtered. Using the check boxes, you can choose which states are valid to investigate further.
Check port 135 before using Windows access methods
On Windows computers, port 135 is usually open. Selecting Yes for this option means that nmap checks whether port 135 is open before a Windows proxy is used to discover an IP device. The default is open.
This section contains settings related to the methods that discovery uses to identify devices.
Use last login method
Discovery uses the discovery method recorded as having been used successfully for an IP address.
Use SNMP SysDescr to identify OS
Discovery attempts to query the host's SNMP service for the SysDescr value to determine the OS.
Always try "public" SNMP community when using SNMP to identify OS
Discovery attempts to use the public SNMP community to query the host's SNMP service if no credential is available for that host. In this case, only device classification is possible.
Use Host Server to identify mainframes
Discovery attempts to connect to the host server port to determine whether the discovery target is a mainframe computer.
Use Telnet banner to identify OS
Discovery makes a Telnet connection to a host and uses the Telnet "welcome" banner to determine host and OS information.
Use HTTP(S) HEAD request to identify OS
Discovery attempts to connect to port 80 or 443 of the host and perform an HTTP or HTTPS HEAD request to determine the host and OS.
Use FTP banner to identify OS
Discovery starts an FTP session with the host and use the FTP "welcome" banner to determine host and OS information.
Use vSphere API to identify OS
Discovery makes a TCP connection to examine the header and ensure that the VMware authentication daemon is really on port 902 (or the specified port). When confirmed, Discovery makes a webservices request. This type of request requires an open VMware authentication daemon and HTTPS port, and a valid vSphere credential.
Use IP Fingerprinting to identify OS
This option controls whether discovery will use IP fingerprinting to determine the OS, if previous methods have been unsuccessful.
Use open ports to identify OS
This option controls whether open ports are used to identify the OS.
This section contains settings related to the way in which discovery uses sessions to log in and run commands.
Session line delay
A delay of 10 ms is introduced between each line sent by Discovery. This avoids problems where remote shells are unable to cope with rapid command sequences. Select one of the following from the list: 1, 2, 5, 10 (the default), 15, 20, 25, 50, 100 milliseconds.
Session login timeout
The length of time for the discovery script to wait for a login prompt. If the timeout is exceeded, the attempt is abandoned.
Maximum search window size
The amount of data to examine when detecting the shell command prompt. The default value is 512 bytes.
Warning: Changing the default value may cause significant degradation of appliance performance. Do not change this value unless directed by Customer Support.
Certain systems require an authorization step after login. At the command line, you are prompted to enter session details. The required response is usually a user name and some other information.
Where an Authorised Prompt has been entered, you must enter the expected response (that you would enter at the command line) in the Authorised Response field.
This section contains settings related to any scanning that discovery undertakes.
Ping hosts before scanning
Use TCP ACK ping before scanning
Ping addresses with TCP ACK packets to determine which hosts are actually up. Use this option when scanning networks that do not permit ping packets. You can specify multiple ports in a comma-separated list.
Use TCP SYN ping before scanning
Exclude ranges from ping
Enter a list of IP addresses or IP address ranges that you do not want to ping. For example, you might want to scan IP addresses that are behind a firewall that blocks ICMP packets. If BMC Discovery pings an IP address and receives no response, it makes no further attempt to scan that IP address. Excluding a range from pinging enables you to scan IP addresses behind such firewalls.
Number of retries to be attempted on each host. The system will retry only for machines on which the OS cannot be determined.
Timeout (in minutes) that applies when BMC Discovery uses nmap to determine open ports or performs OS fingerprinting. Scan timeout is not used to limit the time to scan devices. See also the credential timeout for the sessions.
Minimum time before end of window to avoid starting new scheduled discovery operations
A discovery run can take some time to complete. If it is started too close to the end of a Discovery window, it does not finish before the end of the window. To prevent this issue, you can specify a period in which discovery runs are not started. The default is 30 minutes, meaning that no discovery runs are started within 30 minutes of the end of a discovery window. Select the period from the following values in the list: 5, 10, 15, 20, 25, 30, 35, 40, and 45 minutes.
Allow scans even if no window defined
Enables you to permit scanning outside permitted discovery windows. The default is no.
Enable running of arbitrary commands
This option controls whether arbitrary commands can be run. Disabling this option prevents many patterns from retrieving information needed to build SIs and BAIs. The default is Yes.
Discover Desktop Hosts
Use this option to permit or prevent discovery of desktop hosts. The default is No; that is, do not discover desktop hosts. When this option is set to No, if a Windows or Mac OS host is determined to be the desktop, the host is skipped. An SMB query is used to determine whether the endpoint is a Windows desktop. See Dark space scanning for more information. When a host is skipped, the device_type attribute on the Device Info node is set to Desktop, no inferred host is created, and the corresponding DiscoveryAccess result is shown as "Skipped (Desktop host discovery has been disabled)."
Discover neighbor information when scanning network devices
Causes discovery to retrieve MAC and port information from neighboring scanned network devices. The default is Yes. Select No only if you do not want to collect any edge connectivity information.
|Restore Scan Status||If enabled, scanning is enabled and you have a vault with either no passphrase or a saved passphrase the system will restart scanning when services are restarted. In all other cases restarting services will result in scanning being disabled.|
This section describes settings related to SQL integrations.
Timeout to establish a connection
The timeout for establishing a connection to the database. Select the timeout period in seconds from the following values in the list: 5, 10, 30 (the default), 60, 90, 120, and 180.
Maximum connections held open
Specifies the number of connections to databases that can be held open after they would otherwise be closed. Higher values can reduce connection delays but will consume extra resources. The default is Unlimited. Select the number of connections from the following values in the list: 0, 10, 20, 30, 40, 50, and Unlimited.
Maximum time to hold an unused connection open
Specifies the maximum time to hold an unused database connection open. Higher values can reduce connection delays but will consume extra resources. The default is 2 minutes. Select the timeout period in minutes from the following values in the list: 2, 4, 6, 8, and 10.
This section contains settings related to mainframe discovery.
Timeout to establish a connection
The timeout for establishing a connection to the database. Select the timeout period in seconds from the following values in the list: 30, 60, 90, 120 (the default), 180, and 300.
This section contains settings related to implicit scans.
Maximum concurrent requests against vCenter
The maximum number of concurrent requests that will be made against individual vCenter servers. Select the maximum number from the following values in the list: 1, 3, 5,7, 10, 15, 20 (the default), 25, and 30.
This section contains other discovery settings.
Record and playback modes are intended for diagnostic support and testing. Select one of the following discovery modes from the list:
Maximum concurrent discovery requests per engine
Specifies the maximum number of concurrent discovery requests permitted per processing engine. The maximum value and available range of settings is calculated for optimum performance depending on the appliance. Values shown in the list depend on the number of processing engines. The base values in the list are 30 (default), 60, 90, 120, and 150.
Trade discovery performance with interactivity
Scanning IP addresses, consolidation, and manual pattern execution can place a heavy load on the system. During such times, the UI can become unresponsive. You can choose to delay these tasks to provide additional resources for the UI. Doing so provides better interactivity with the system, but at a cost in raw discovery performance. You can choose from the following options:
Minimum Windows Proxy version
The minimum version of the Windows proxy that the appliance uses for Windows discovery. You can enter a new minimum Windows proxy version in this field. Ensure that you do not include any white space in the version number. The version number of a Windows proxy corresponds to the version number of BMC Discovery that the Windows proxy was released with (for example, 9.0).
Enable Automatic Grouping
Automatic grouping is the automatic grouping of hosts into logical groups called Automatic Groups. This is primarily intended to help in baselining. By default it is enabled. Select this option to enable Automatic Grouping. Disabling Automatic Grouping might improve scanning performance.
Scanner File polling interval
Scanner files are used to simulate discovery of inaccessible hosts. Discovery periodically polls for new scanner files. Select the polling interval from the following values in the list: Every minute, Every hour, and Every day.
If you change this option, you must restart the tideway service.
Scanning and data processing levels
The Discovery Engine and the Reasoning Engine (collectively the discovery process) cooperate to:
- Scan selected ranges
- Process data
- Create a detailed data model
The data model defines all discovered objects and the relationships between them and is defined in the system taxonomy.
The processing that the discovery process uses to create this complex, detailed, and interrelated data model is considerable. You can control the level of processing used, and consequently the accuracy, complexity, and detail in the data model, giving performance benefits at the cost of model accuracy. You might find that by reducing the level of processing used, you speed the rollout of BMC Discovery throughout your organization.
The following levels are available:
- Sweep Scan—Performs a sweep scan, trying to determine what is at each endpoint in the scan range. Sweep scan attempts to log in to a device to determine the device type.
- Full Discovery—Retrieves all the default information for hosts, and complete full inference.
Order of operations
Where selected, these groups of operations are carried out in the following order:
- Ping hosts before scanning
- Use TCP ACK "ping" before scanning
- Use TCP SYN "ping" before scanning
- TCP ports to use for initial scan
- UDP ports to use for initial scan
- Use IP Fingerprinting to Identify OS
TCP and UDP ports to use for initial scan
The initial port scan is an important part of discovery. If you remove a port from the initial port scan, that port is effectively removed from discovery. For example, if you remove port 22, you will effectively disable SSH access.
The Use Last Login settings override any settings made in ports for use for initial scan. For example, if you disable port 23 using this feature, but a host has previously been discovered using Telnet, this host is still discovered using Telnet, because it is listed as the last login for the host.