BMC Discovery 21.3
Learn what’s new or changed for BMC Discovery 21.3 (12.3), including new features, urgent issues, documentation updates, and fixes or patches.
To stay informed of changes to this list, click theicon on the top of this page.
|March 21, 2022||Patch 3 (18.104.22.168) for version 21.3 (12.3)||Issues that were corrected by this patch and issues that remain open.|
|December 20, 2021||Patch 2 (22.214.171.124) for version 21.3 (12.3)||Issues that were corrected by this patch and issues that remain open.|
|November 10, 2021||Patch 1 (126.96.36.199) for version 21.3 (12.3)||Issues that were corrected by this patch and issues that remain open.|
|September 21, 2021||21.3 (12.3)|
This release of BMC Discovery provides the following enhancements:
For additional information about this release, refer to the following topics:
You can upgrade to version 21.3 (12.3) from versions 12.0 (20.02) or later. We expect upgrades from 11.3 to also work, but they have not undergone the same level of detailed validation. For information about supported upgrade versions, see Upgrading.
Plan an installation based on recommended sizing and system requirements, performance tuning and benchmarks, and licensing entitlement.
Install the product and learn how to migrate the product data.
Perform pre-upgrade tasks, upgrade BMC Discovery, Windows proxies, and BMC Discovery Outpost, and perform post-upgrade configuration.
An easy approach to application and service modeling. Choose an entry point into an application or service, and begin modeling from there.
Know about BMC Discovery Outpost, the application software that runs as a lightweight Windows service on a dedicated Windows server in your data center or on a public cloud for the discovery of all types of devices.
As a network administrator, learn about security audits, firewall ports, and more to ensure a secure installation of BMC Discovery.
As a user or administrator, explore how you can integrate BMC Discovery with other products.
As a user or administrator, understand the standard pages and methods of navigating the BMC Discovery UI.
As an administrator, manage users and groups, clusters, licenses, and more in BMC Discovery.
As a developer, access information describing the TPL and node lifecycle.
Resolve common issues or errors, review logs, or contact Support.
As a user, explore the products that BMC Discovery can discover and know about the monthly TKU updates.
The following table lists topics that contain videos that supplement text-based documentation.
|Topic||Duration (in minutes)||Description|
|Integrating BMC Discovery (12.3 and later) with One Identity Safeguard for Privileged Passwords||07:54|
|How to use REST APIs in BMC Discovery (12.0 and later)||06:30|
This video demonstrates how you can use REST APIs for discovery tasks, such as submitting discovery runs, managing credentials, or uploading TKUs. You can also use the swagger UI to test the REST APIs.
|How to start, stop, restart, and reboot BMC Discovery services (12.1 and later)||06:08|
This video demonstrates how to start, stop, restart, reboot, and view the status of BMC Discovery services from the UI and from the command line, The video also shows how to start, stop, and restart the proxy and Outpost services.
|How to set up extended database discovery (12.1 and later)||03:48|
This video explains how you can set up extended database discovery.
|How to perform database verification (12.1 and later)||06:32|
|Reporting query: Best practices webinar (12.0 and later)||53:24|
This video gives you an in-depth understanding of the best practices you must follow for reporting queries.
|How to import and export root node keys (12.0 and later)||05:24|
|How to automate the export of root node keys (12.0 and later)||02:17|
|How to troubleshoot missing attributes for a Linux host (12.0 and later)||06:26|
|How to discover unsupported devices (12.1 and later)||4:58|
This video explains how to find if a device is fully supported and how to use SNMP Recognition Rules to discover an unsupported device.
|How to use the discovery access page to troubleshoot scan failures (12.0 and later)||2:04|
This video explains how you can use the Discovery Access page information to troubleshoot the scan failure issues of endpoints.
|How to upload Knowledge TKU, EDP, and Storage TKU (12.0 and later)||6:54|
This video explains how to upload Knowledge TKU, EDP, and Storage TKU. It also covers TKU types, finding what has changed in a TKU, and verifying the success of TKU uploads.
|Webinar: Discovery Patterns—TPL for Beginners (12.0 and later)||1:05:03|
This webinar video explains TPL details for beginners.
|How to add or modify BMC discovered data and synchronize it to CMDB (12.0 and later)||5:38|
This video explains how you can add or modify the discovered attributes data and synchronize it to CMDB.
|How to use BMC Discovery Outpost (12.0 and later)||6:23|
This video explains the usage of the BMC Discovery Outpost.
|How to troubleshoot Windows WMI discovery failures (12.0 and later)||12:00|
This video explains how you can troubleshoot Windows WMI discovery failures.
|Discovery Administration: Best Practices webinar (12.0 and later)||39:26|
This webinar video explains some of the best practices to follow for BMC Discovery administration.
|How to upgrade the Discovery Operating System (12.1 and later)||6:22|
This video explains the process for upgrading the BMC Discovery operating system.
|How to perform a password reset (12.1 and later)||5:00|
This video explains how you can reset the password for a discovery appliance local user. It also shows how to reset the password or reactivate a locked or disabled account from the command line.
|How to resolve disk space problems in BMC Discovery (12.0 and later)||23:48|
This video explains how you can resolve disk space problems in BMC Discovery.
|How to set up email alerts to monitor disk space on a Discovery appliance (12.1 and later)||3:51|
This video explains how you can set up email alerts to monitor disk space on a BMC Discovery appliance.
|How to collect record data from a Discovery appliance (12.0 and later)||5:00|
This video explains how you can collect record data from a BMC Discovery appliance.
How to integrate BMC Discovery with Thycotic Secret Server
This video explains how you can integrate BMC Discovery with the credential broker, Thycotic Secret Server.
|How to integrate BMC Discovery with Centrify Identity Platform (12.0 and later)||3:06|
This video explains how you can integrate BMC Discovery with the credential broker, Centrify Identity Platform.
|How to integrate BMC Discovery with CyberArk Vault by using REST API (12.0 and later)||3:57|
This video explains how you can integrate BMC Discovery with the credential broker CyberArk Vault by using REST API.
|How to upgrade or migrate BMC Discovery 11.x to BMC Discovery 12.x||01:59|
This video explains how to directly upgrade from BMC Discovery 11.x (CentOS 7) to BMC Discovery 12.x (CentOS 7), assuming that the prerequisites are already fulfilled.
|Version 21.3 (12.3) video|
|Integrating with HashiCorp Vault||04:19|
This video helps you understand how to integrate HashiCorp Vault with BMC Discovery 21.3.
|Version 21.05 (12.2) video|
|Discovering Windows hosts with PowerShell||03:39|
This video explains how to discover Windows hosts by using PowerShell.
|Version 20.08 (12.1) videos|
|Tour of BMC Discovery 20.08 UI||06:44|
This video explores the BMC Discovery 20.08 user interface and provides an overview of the powerful features you can use to discover and manage your IT infrastructure.
|Introduction to Start Anywhere Application Modeling||02:42|
This video introduces start anywhere application modeling (SAAM) in BMC Discovery. SAAM enables you to choose any entry point, or points, into an application, and begin modeling from there.
|Removing nodes and creating rules in visualizations||03:26|
This video shows you how to remove nodes from visualizations and to create rules to automatically prevent certain node types from displaying in visualizations and application models.
|Managing related, removed, and suppressed nodes in visualizations||02:15|
This video helps you to understand how to manage related, removed, and suppressed nodes in visualizations.
|Resynchronizing a CMDB connection||05:17|
This video explains the options available for resynchronizing a CMDB connection and how to resume an interrupted sync.
|How to manage credentials in BMC Discovery 20.08||07:33|
This video explains how you can add, edit, test, and manage credentials. You can also explore the functioning of credential vaults and learn how to close, open, export, and import the vault.
|Scanning your IT infrastructure in BMC Discovery 20.08 and BMC Helix Discovery||07:19|
|Integrating BMC Remedy Single Sign-On with BMC Discovery 20.08||04:38|
This video displays how to integrate BMC Remedy Single Sign-On with BMC Discovery 20.08. With BMC Remedy SSO, you do not need to enter credentials multiple times. Instead, you can provide credentials only once for authentication.
|Version 11.2 videos|
|Launch presentation for BMC Discovery 11.2||12:15|
This video gives an overview of discovering cloud services through BMC Discovery 11.2.
|Discovering cloud services in BMC Discovery 11.2||05:07|
This video explains how to discover cloud services and perform cloud discovery in BMC Discovery 11.2.
|Query generation in BMC Discovery||05:25|
This video helps you to understand how query generation in BMC Discovery takes place. This feature of query generation is applicable to both versions of 11.1 and 11.0 of BMC Discovery.
This section provides answers to frequently asked questions about BMC Discovery.
Running BMC Discovery has a minimal impact on your environment. The discovery techniques used are non-intrusive, lightweight, and agent-free.
BMC Discovery is IP-based and can discover any host system with an IP connection including servers, workstations, network nodes, printers, wireless access points, and so on. In actuality, though, we aim BMC Discovery at datacenter discovery, and it is optimized to that purpose. For this reason, we do not explicitly support more client-side items, such as wireless access points, workstations, and so on. Any support for those that do exist is a side effect of our support for server-side discovery, and we are unlikely to invest in improving it.
BMC Discovery uses a range of discovery techniques where appropriate. These include:
- Network scanning (looking for services on well-known TCP and UDP ports on IP-reachable machines).
- Remote command execution (looking at specific processes running on each node, querying package managers, and querying established inter-process communications mechanisms).
- SNMP (MIBs provide a rich source of management information).
Obviously, the BMC Discovery appliance must be able to reach the network in order to discover hosts. However, various methods of providing secure access are possible without disabling firewalls and access control policies, including using VPN tunnels and using Windows proxy for BMC Discovery appliances. Some IDS systems might identify certain activities (such as port scans) as suspicious.
The discovery process will identify endpoints on such computers if they are visible from other hosts. You will need to complete details of programs running on them manually, though it might also be possible to categorize some of the components of the applications running on the unsupported platform either by which port it, or its counterpart is listening on.
To provide a clear picture of your total IT infrastructure, BMC Discovery will actually reduce risk in your network by allowing you to weed out rogue elements that do not meet corporate policy, are out of date, or provide potential security holes.
The BMC Discovery discovery process uses standard techniques that do not destabilize elements of the infrastructure.
Since there are always risks with deploying new technology, BMC's implementation plan involves analyzing areas of potential risk and achieving the right balance of risk and reward. BMC's test plan is also aimed at minimizing risk, ideally including testing in the customer's test environment.
The BMC Discovery ethos is agent-free management. BMC does not believe the logistical challenges associated with having an agent on every node is justifiable, so no BMC Discovery-specific software needs to be installed on other computers. The BMC Discovery user interface is entirely web-based.
Agent-based discovery relies upon a level of control of asset deployment that does not exist in most businesses. It also implies a significant cost overhead to maintain agents on each platform, including approving, testing, and deploying the agents. Finally, agents might not be available for the range of target platforms that your organization uses. We use standard techniques that have individually been authorized and deployed.
Yes, BMC Discovery integrates with the following products:
- Rest APIs: The REST API is intended to be used by a script or program that wants to interact with and control a BMC Discovery appliance from a remote machine.
- Export APIs (CSV and XML): The BMC DiscoveryExporting discovered data using the CSV and XML APIs enable users to interrogate the datastore using a script or program, and receive data back as a stream of text, an empty string, or a return code.
- Credential brokers: Credential brokers are third-party applications, which enable you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with credential brokers to obtain credentials that are required to perform scans. The following credential brokers are supported:
- BMC Helix CMDB: BMC Discovery can synchronize discovered data to BMC Helix CMDB using CMDB synchronization.
- ServiceNow CMDB: BMC Discovery can also synchronize discovered data to ServiceNow CMDB using CMDB synchronization.
- BMC Helix Single Sign-On: BMC Helix Single Sign-On (BMC Helix SSO) is an authentication system that supports various authentication protocols such as LDAP and provides a single sign-on for users of BMC products.
If you forget your user interface (UI) password to log in to BMC Discovery, you can reset the password at the command line.
tw_passwd utility enables you to change the password of a specified user interface user. To use the utility, enter the following command at command prompt:
where username is the name of the UI user to change.
tw_passwd utility is for changing UI users' passwords. To change the passwords for command line users, as the root user, use the Linux command
passwd. This is described in Changing the root and user passwords
See the following video (05:00) which explains how to reset the password for a local user, and how to reset the password or reactivate a locked or disabled account from the command line.
The BMC Documentation portal gives you the ability to generate PDF and Microsoft Word documents of single pages and to create PDF exports of multiple pages in a space.
Creating PDF and Word exports
You can create a PDF of a page or a set of pages. (Non-English page exports are not supported.) You can also create a Word document of the current page.
To export to PDF or Word
- From the Tools menu in the upper-right, select a format:
- Export to Word to export the current page to Word format.
- Export to PDF to export the current page or a set of pages to PDF.
- If exporting to PDF, select what you want to export:
- Only this page to export the current page.
- This page and its children to export a set of pages.
For example, selecting This page and its children from the home page exports the entire space to PDF.
Depending on the number of topics included in the export, it might take several minutes to create the PDF. Once the export is complete, you can download the PDF.
BMC Discovery Outpost FAQs
This section provides answers to frequently asked questions about BMC Discovery Outpost.
BMC Discovery Outpost planning and architecture
It is not mandatory to use the BMC Discovery Outpost after upgrading from BMC Discovery version 11.x to 20.x (12.x). We recommend that you complete the upgrade and confirm that BMC Discovery is working as expected. You can then evaluate if using the BMC Discovery Outpost makes discovery more efficient in your environment.
The proxy functionality is embedded in the BMC Discovery Outpost. You need not always replace the proxy with the BMC Discovery Outpost. Windows proxies will continue to be available even after you upgrade your version of BMC Discovery. In some cases, it may be appropriate to replace a proxy with the BMC Discovery Outpost.
The BMC Discovery Outpost includes all the front-end functionality of a scanning appliance, so in some cases, it can be used to replace a scanner. However, the BMC Discovery Outpost does not perform back-end functions, such as reasoning. BMC Discovery Outpost must be connected to an appliance (scanner or consolidator) for performing these functions.
The most common use of the BMC Discovery Outpost is within an isolated network segment. The BMC Discovery Outpost has only a single connection to its connected appliance through port 443, so only one port needs to be opened on the firewall. Also, you can configure a BMC Discovery Outpost to use a web proxy.
The BMC Discovery Outpost does not perform consolidation so you cannot replace a consolidator with the BMC Discovery Outpost. However, BMC Discovery Outposts can connect to and provide data to a consolidator.
No, the BMC Discovery Outpost creates its own Windows proxies as needed.
This depends on your IT environment. In general, you need one BMC Discovery Outpost per isolated network segment. No specific performance tests have been done in this regard.
The system can balance the load across multiple BMC Discovery Outposts in a limited or static way. The system initially balances the load, and eventually remembers which endpoints went to which Outpost and tries to send that work to the same Outpost. Because the system does not adjust the balancing, the load will not be processed if an Outpost goes down. Also, a new Outpost will not receive any existing endpoints as work, but only new ones.
To work around this, re-register the Outposts, which resets the balancing. Alternatively, use Outpost or IP range restrictions to control where the workload goes.
The number of hosts and devices that you can scan depends on many variables, including the size of the scanned hosts or devices. Also, a single BMC Discovery Outpost may be sufficient for a small Discovery cluster, but not a large one.
BMC Discovery Outpost usage and configuration
Yes, you can scan from the appliance, but the scan will fail if the appropriate credentials are not present on the appliance.
Yes, you can use the BMC Discovery Outpost to scan cloud resources provided the appropriate credentials are configured, and the resources to be scanned are available or visible from the Outpost.
If you specify an Outpost to be used for a particular scan range, BMC Discovery uses only that Outpost. If a scan is directed to a specific Outpost, and that Outpost has IP address restrictions, then the scan of those restricted IPs will fail.
If you specify only IP address restrictions, BMC Discovery directs the scan to an Outpost that does not have those restrictions.
If you are using scopes, specify a particular Outpost. Otherwise, use IP address restrictions where necessary and allow the system to select the Outpost.
Communication is always from the BMC Discovery Outpost to the BMC Discovery appliance or instance. Communication is never initiated by the BMC Discovery appliance or instance.
Communication between the BMC Discovery Outpost and the BMC Discovery appliance or instance is always sent over HTTPS, so port 443 must be open on the appliance or instance. All TCP connections are bi-directional because packets flow in both directions.
For a Discovery cluster, the communication must be enabled for each cluster member. If there is a requirement for direct access to the Outpost UI, port 443 must be open on the Outpost.For more information, see System communications and network ports.
The BMC Discovery Outpost uses the same ports as a BMC Discovery appliance or instance to scan targets. The BMC Discovery Outpost initiates the connection. All TCP connections are bi-directional because packets flow in both directions.
Like a scanner, the BMC Discovery Outpost, by default, checks port 135 to determine if a target is a Windows server. For more information, see Network ports used for discovery communications.
There would be duplicates only if there has been an identity change.
The BMC Discovery Outpost is the same for BMC Helix Discovery (SaaS version) and BMC Discovery (on-premises version). There is no difference in the UI or the features.
The ENABLED setting indicates that a scan is allowed to run on the appliance while the DISABLED setting indicates that a scan is not allowed to run on the appliance.
BMC Discovery Outpost administration
If the Auto Update feature is enabled on the BMC Discovery Outpost, the BMC Discovery Outpost is automatically upgraded when you apply the monthly TKU. For more information, see Upgrading the BMC Discovery Outpost.
BMC Discovery does not provide the facility for backing up the BMC Discovery Outpost. You could backup by using the normal methods that are used for backing up a Windows server, such as a VMWare snapshot. It is strongly recommended to separately export your credential vault on a regular basis.
You can simply restore the Windows server backup that you had taken earlier. It is also possible to import a backup of the credential vault if that is all that you require.
Currently, BMC Discovery does not support high availability for the BMC Discovery Outpost, but it will be considered for a future release.
Currently, an Outpost API is not available, but it will be considered for a future release.
BMC Discovery Outpost performance
Scans will run longer and may eventually show timeouts. Also, check Windows to see if the BMC Discovery Outpost is paging. Note that the BMC Discovery Outpost is currently limited to 500 concurrent BMC Discovery requests.
The data transfer usage between the BMC Discovery Outpost and its targets will be the same as the usage between a scanning appliance or instance and its targets. The requests passed from the appliance or instance to the Outpost should be relatively small. The results sent from the Outpost to the appliance or instance will vary in size depending on the nature of the discovery.
If you have any other questions about BMC Discovery, contact Customer Support.