Performing a cloud discovery run
Before you can perform a cloud discovery run, you must:
- Create a credential or access key in the tool you use to access the cloud provider. For Amazon Web Services (AWS), this is the (IAM) console.
- Create a cloud credential in BMC Discovery using the credential or access key you just created.
- Test the credential.
These steps are described in greater detail in Discovering Amazon Web Services. The following procedure describes performing the cloud discovery run once you have configured and tested your credentials.
Run a cloud scan
To perform cloud discovery, from the Discovery Status page, use the Add New Run control:
Click Add New Run.
The Add a New Run dialog is displayed.
Update the fields as described in the following table:
Field name Details Label Enter a label for the discovery run. Where the discovery run is referred to in the UI, it is this label that is shown. Timing Select Snapshot to run an immediate cloud scan, or select Scheduled and fill in the scheduling information to run a scheduled cloud run. Targeting Select the target for the discovery run. In this case, select Cloud. Provider Specify the type of cloud provider. In this case, select Amazon Web Services. The dialog refreshes with fields appropriate to the provider selected. Company (Optional) If you have CMDB synchronization configured with multi-tenancy, select the Company to which to assign the discovery run. Credential Select the credential to use for the discovery run. The list is populated with valid credentials for the selected provider. Regions Click List of regions to scan for a full list and select regions to scan. AWS also provides service and regulatory domain groups to scan, enabling you to select all regions in that service or domain. System Manager Sessions Select whether to enable use of the AWS Systems Manager for the scan. Sessions Per Second Select the number of AWS sessions permitted each second. The default value is three. Active Sessions Select the number of active AWS sessions permitted each second. The default value is five. Session Logging Choose whether to enable session logging for this scan. Session logging captures raw discovery data that can be used to diagnose discovery and data quality issues. The default is not to capture session logs.
You need to capture session logs only when raising a case with Customer Support. This option is not available for Scheduled runs. For information on viewing session logs, see If you encounter a problem.
- Click OK to save the cloud scan settings and close the dialog.
If you have configured a snapshot run, you can see it running immediately in the Currently Processing Runs tab. If you have configured a scheduled run, it is listed in the Scheduled Runs tab.
Once you have scanned, you can examine the results. The screen below shows a discovered VM running in AWS.
Scanning the hosts
Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud Overview dashboard to find these.
Scanning the hosts assumes that the appliance or proxy has network access to hosts running in the cloud, for example, using a VPN.
Public IP addresses do not respond to ICMP pings. You must disable "Ping before scanning", otherwise all scans are dropped reporting no response.