Configuring Windows discovery
BMC Discovery is a Linux-based appliance. Because the methods that are used to access Microsoft Windows hosts are available only from Windows systems, Windows discovery requires a Windows proxy host.
The Windows proxy scans Windows hosts on behalf of the discovery service on the BMC Discovery appliance.
Proxy changes in 8.3 SP2 and later versions
In BMC Discovery 8.3 SP2 and later versions, installation and management of proxies has been improved with the introduction of a new Windows proxy manager tool. It is also possible to install multiple proxies of each type on a single host. For information about the changes, see Managing proxies.
You can download the Windows proxies and Windows proxy manager as installation files from the appliance and install them on the local Windows host. For more information, see Installing BMC Discovery Proxy Manager.
Windows discovery is handled in one of the following ways:
- Credential Windows proxy—A BMC Discovery service that runs on a customer-provided Windows host. To perform discovery, it uses credentials supplied by the BMC Discovery appliance from the credentials vault.
- Active Directory Windows proxy—A BMC Discovery service that runs on a customer-provided Windows host. To perform discovery, it logs in as an Active Directory user.
- When you install the proxy, you must configure it as a user on the Active Directory domain with the ability to log in and run discovery commands on the hosts to discover. The Active Directory proxies do not use the credentials that the BMC Discovery appliance supplies from the credentials vault.
- When you install the Active Directory Windows proxy (as the Windows domain administrator), the appliance uses it to discover the Windows hosts in that domain. The proxy can discover only Windows hosts on the domain it is a member of, or other domains trusted by that domain. To discover domains that are not trusted, you must configure another Windows proxy with the appropriate domain permissions.
As of BMC Discovery 8.2, the Workgroup Windows proxy is no longer supplied with the appliance. All of its functionality has been moved into the Active Directory Windows proxy.
Windows proxy manager
The Managing proxies enables you to install and manage proxies on the Windows host on which the manager is installed. The Windows proxy manager is installed when you install a proxy. You can perform the following tasks using the Windows proxy manager:
- Create (install a new proxy service)
- Edit the port that the proxy uses and the user account that the proxy runs as
- Delete (uninstall a proxy service)
- Start a selected proxy
- Stop a selected proxy
- Restart a selected proxy
Windows proxy pool
To balance the load of the proxies, distribute discovery requests, and offer scalability and better performance solutions for Windows discovery, proxies are grouped into proxy pools based on the following criteria:
- Type of proxies—A proxy pool must contain either Credential proxies or Active Directory proxies. A proxy pool must not contain proxies of both types.
- Version of proxies—A proxy pool must contain either version 9.0 proxies or proxies of earlier versions. A proxy pool must not contain proxies of both version 9.0 and earlier versions.
Based on the proxy version and the version of the OS the proxy runs on, the proxy capability is one of the following:
- Fully IPv6 capable—Can scan IPv6 addresses and retrieve IPv6 data (where BMC Discovery version 9.0 or later proxies are running on Windows 2008 or later).
- Cannot scan IPv6 addresses—Can retrieve IPv6 data but the Windows version does not support scanning IPv6 addresses (where BMC Discovery version 9.0 or later proxies are running on versions of Windows older than Windows 2008).
- Not IPv6 capable—Cannot scan IPv6 addresses and cannot retrieve IPv6 data (BMC Discovery proxies from versions older than 9.0).
The proxies in a pool must have identical access to Windows hosts, because only one proxy per pool is tested for access. The appliance UI displays the pools in the order (from top to bottom) in which you have added them to the appliance. You can change their order. For discovery tasks, the proxies in a Windows proxy pool are selected depending on their loading. If a proxy is overloaded, or unavailable, the discovery task is assigned to the next available proxy in the pool.
Operating System compatibility for IPv6 discovery
To discover IPv6 hosts, the OS and proxy compatibility requirements are as follows:
- The version of the proxy must be of BMC Discovery 9.0 or later
- The proxy must run on an OS that is Windows 2008 or later
- The OS of the target hosts must be Windows 2008, Windows Vista, or a later version
The supported discovery methods are WMI and RemQuery.
Steps to configure Windows discovery
Before you can use a Windows proxy to discover your Windows IT infrastructure, you must perform the following tasks in the given order:
- Add Windows proxies to the appliance using the Windows proxy manager.
For more information, see Managing proxies.
- Add Windows proxy pools.
For more information, see adding proxy pools.
- Add Windows proxies to the proxy pools.
For more information, see adding proxies to pools.
- Edit the firewall rules to permit communication between the appliance and the Windows proxies.
For more information, see editing the firewall.
- Verify that the Windows proxy service has started.
For more information, see testing Windows credentials and communication.
Potential user lock out
By default, AD accounts permit a limited number of login attempts; for example, 3 attempts in 15 minutes.
Access Denied errors from WMI, DCOM, and local commands such as
systeminfo are counted as unsuccessful login attempts. Where target hosts are incorrectly configured, this limit can be exceeded and the account locked out.
To avoid this issue, configure the Discovery account to accept unlimited login attempts.