Consolidation refers to the centralization of discovery data from scheduled or snapshot scans on multiple scanning appliances to one or more consolidation appliances. You might want to use consolidation in the following scenarios:
- Firewalled environments—When an environment is divided by firewalls so that a single appliance is unable to reach all parts of the network, a scanner can be situated on each section of the network blocked by a firewall. The scanners can all feed back data to a central consolidator.
- Restricted (time) scanning windows—Where a discovery window is short, a single appliance might be unable to complete a scan of a large range of IP addresses during the permitted time. Sharing the IP addresses between multiple scanners means each smaller scan can be completed in less time, and the results can be consolidated and viewed on the consolidator. You may consider using a cluster in this situation.
- Restricted (policy) networks—Certain lines of business might enforce policies on the control or visibility of IT infrastructure in their environments. Where such policies limit or prohibit access, scanners can be deployed which all feed back data to a central consolidator.
In each of these situations, multiple scanners can be deployed, and their data consolidated into a central consolidator. The consolidator is then used for reporting and provides a coherent view of the entire scanned network, while each scanner provides a view of the network segment, or ranges it scans. A consolidator must be set as one which accepts connections or feeds from scanners. Scanners must in turn register with a consolidator. Consolidators can also scan, that is, any consolidation appliance can also be used to perform discovery in its own right.
The BMC Discovery Outpost can be used to replace a scanning appliance. The only scenario detailed above where a BMC Discovery Outpost is not an appropriate replacement is in "Restricted (policy) networks", where a line of business requires visibility of their, and only their, discovered services and infrastructure. The BMC Discovery Outpost does not provide this, as it acts as a collector and forwarder of data to the appliance. Advantages of using a BMC Discovery Outpost for this are in communication, that the BMC Discovery Outpost requires a single HTTPS, web-friendly port (443), and in reduced ownership/management overhead as the BMC Discovery Outpost is self-updating.
Where a scanning appliance is in a scope, that scope information is sent to the consolidator. Scanners and consolidators do not have to be in the same scope.
Consolidator—The main purpose of the consolidator is to report on data consolidated from a number of other scanners. A consolidator can also be used to perform discovery in its own right.
Scanner—The scanner appliance also operates as a normal appliance. The only difference is that it constantly sends discovery data to the consolidator. After setting up, this process is transparent to the user. A scanner must request and be approved on a consolidator appliance before it can send any data to the consolidator. This is described in Approving or rejecting a scanner request. A scanner can send consolidation data to more than one consolidator.
On the consolidator UI, the Currently Processing Runs tab shows any local scans and any consolidation runs in progress. The Currently Processing Runs is described in The Discovery Status page.
In general, consolidation works across supported versions of BMC Discovery and we do not insist that scanning appliances and consolidating appliances are the same versions. The consolidator's service pack release must be the same or greater than the scanner. This is checked when you test the scanner-consolidator connection and when the scanner periodically checks that the consolidator is still accessible. If you try to consolidate to a consolidating appliance with an earlier version than your scanner, warning messages are shown in the UI.
In some situations, a consolidator might not get all the expected data from the scanner if the consolidator is running a version with major discovery changes. For example: A 21.3 (12.3) consolidator does not receive some components from an IIS Webserver SI from an earlier scanner. The PowerShell discovery changes in 12.3 changed the DDD sufficiently that the earlier DDD could not be accepted.
- A 20.02 (12.0) consolidator can accept data from an 11.x, and 20.02 (12.0) scanner
- A 20.08 (12.1) consolidator can accept data from an 11.x, 20.02 (12.0), and 20.08 (12.1) scanner
- A 21.05 (12.2) consolidator can accept data from an 11.x, 20.02 (12.0), 20.08 (12.1), and 21.05 (12.2) scanner
- A 21.3 (12.3) consolidator can accept data from an 11.x, 20.02 (12.0), 20.08 (12.1), 21.05 (12.2) and 21.3 (12.3) scanner
- A 22.1 consolidator can accept data from an 11.x, 20.02 (12.0), 20.08 (12.1), 21.05 (12.2), 21.3 (12.3), and a 22.1 scanner
- A 22.2 consolidator can accept data from an 11.x, 20.02 (12.0), 20.08 (12.1), 21.05 (12.2), 21.3 (12.3), 22.1, and a 22.2 scanner
- A 23.1 consolidator can accept data from an 11.x, 20.02 (12.0), 20.08 (12.1), 21.05 (12.2), 21.3 (12.3), 22.1, 22.2, and a 23.1 scanner
What is consolidated?
The consolidated data is the BMC Discovery Directly Discovered Data (DDD) nodes including the data collected by the patterns. The data inferred by the scanners, for example, Software Instance nodes, is not consolidated, but the consolidator will infer it again (based on its pattern configuration).
The TKU release package and custom patterns that are loaded on the scanning and consolidators must be the same in order to infer the same data, for example, Software Instance nodes. This is not enforced in any way by the system.
The data imported via CSV in a scanner will not be consolidated. It has to be imported into all other appliances too.
Consolidation when patterns run commands on other hosts
When a host is discovered and patterns are triggered that run commands on a second host, the DDD on both hosts is updated. The scanner sends the results of requests on the second host with the consolidation data from the original host. This allows commands run against another host to be successfully consolidated.
Configuring consolidation is a two-step procedure. Initially, the appliance which is to be the consolidator must be set as a consolidator, and then one or more scanners register with the appliance. To configure consolidation you need the permissions detailed in Consolidation Permissions.
Consolidation and clusters
Standalone scanners can consolidate to any member of a cluster. When using a cluster as a scanner, you can configure consolidation using any member UI, but only the coordinator of the cluster sends information to the consolidator. The scanning cluster can consolidate to any member of the target cluster.
Consolidation uses port 25032 to communicate. The scanner must be able to connect to port 25032 on the consolidator. You must configure any firewalls between scanners and consolidators to allow this traffic. For clusters that act as scanners, you must open port 25032 on all members. For clusters that act as consolidators, you must open port 25032 on the coordinator, but if you change the coordinator you must open port 25032 on the new coordinator.
To set an appliance as a consolidator
- From the main menu, click the Administration Settings icon, and then select Discovery Consolidation.
You cannot use consolidation if the appliance is named Discovery_Appliance. A warning is displayed, including a link to where you can change the appliance name.
- On the Consolidation page, click Set as Consolidation Appliance.
The appliance is now configured as a consolidator.
To set an appliance as a scanner
- From the main menu, click the Administration Settings icon, and then select Discovery Consolidation.
- Click Scanner.
In the Connect with a Consolidation System form, enter the hostname or IP address of the appliance or cluster member to which you want to send consolidation data.
This form enables you to specify a consolidation target. Enter or edit the following information:
Identify this Scanning System as...
Pre-populated with the name of the scanning system. Names must be unique in the consolidation network and you cannot consolidate a scanner with the default name, Discovery_Appliance. The name is taken from the Administration > Appliance Configuration > Identification page. For more information, see Initial configuration. A change link is provided that displays the Identification page. On the identification page, you can change the name of the appliance.
The address of the consolidator. This can be specified as one of the following:
- Hostname or FQDN
IPv4 or IPv6 address
You can supply credentials for the consolidation appliance in the form. If you supply valid credentials here, the scanner is approved automatically.
The user name for a user on the consolidator. This user must have appropriate permissions to approve the connection of the scanner to the consolidator.
The password for the user on the consolidator.
- Click Connect with Consolidator.
If the target consolidator is an earlier version than the scanner, you are warned that the consolidator version is too old.
If you supplied valid credentials for automatic approval on the consolidator, the scanner is now configured.
If you did not supply credentials, the consolidator must approve the request. This is shown on the scanner:
Unlock scanning mode
The scanner UI provides a checkbox labeled Unlock scanning mode. To modify the scanner's role in a consolidating system, for example, leaving the system, or becoming a consolidator, you must unlock the consolidation configuration. To do this, select Unlock scanning mode, and then choose Standalone or Consolidator. The unlocking stage prevents inadvertent removal of the consolidation configuration.
To add an additional consolidator
A scanner can send consolidation data to more than one consolidator.
- Click the Add Another button.
The Connect with a Consolidation System form is displayed. This is described above.
- Enter the details of the consolidator and, if required, the username and password for automatic approval.
- Click Submit to apply the changes.
Approving or rejecting a scanner request
After a request (without automatic approval) has been made from a scanner, it requires approval on the consolidator.
- From the main menu, click the Administration Settings icon on the consolidator, and then select Discovery Consolidation from the Discovery section.
In the following example, the appliance identifying as " scanner" has requested to become a scanner.
- Do one of the following:
- To accept the appliance connection, from the Actions menu, select Approve.
- To reject the request, from the Actions menu, select Reject.
When you select Reject, the connection is deleted from the consolidator, and when no connections remain, the scanner reverts to a non-consolidated machine.
Unlock consolidation mode
The consolidator UI provides a checkbox labeled Unlock consolidation mode. To modify the consolidator's role in a consolidating system, for example, leaving the system, or becoming a scanner, you must unlock the consolidation configuration. To do this, select Unlock consolidation mode, and then choose Standalone or Scanner. The unlocking stage prevents inadvertent removal of the consolidation configuration.
When consolidation is running
After consolidation has been set up, whatever scanning takes place on the scanner is automatically sent to the consolidator as soon as possible after the scan of an endpoint is complete. On the consolidator, runs are displayed that are marked specifically as consolidation runs and can be viewed from the Discovery Status page.
Discovery must be running on the consolidator for consolidation to take place. If Discovery is not running, the consolidator will refuse to accept data from the scanner. The scanner will attempt to resend data later. Also, if Discovery is stopped on the consolidator, it will stop consolidating any data it has already received.
Canceling consolidating discovery runs
You can cancel a consolidating discovery run from the scanner or from the consolidator. Where possible, always cancel the discovery run on the scanner, by selecting the discovery run on the Discovery Status page of the scanner and clicking Cancel Runs.
Canceling the discovery run at the scanner enables the consolidator to finish receiving data from the scanner. This stops the scan rather than the consolidation so that the two appliances' data remains consistent.
Canceling a consolidation run on the consolidator stops the consolidation, although the scan continues on the scanner. This leads to inconsistencies between the data on the two appliances. Where possible, always stop the scan on the scanner and allow the consolidation to run to completion.
If you must cancel a consolidation run from the consolidator, you can do so by selecting the discovery run on the Discovery Status page of the consolidator and clicking Cancel Runs. If there are problems canceling the consolidation run, a status message is displayed.
Replacing a scanning appliance with a BMC Discovery Outpost
When upgrading from BMC Discovery 20.02 (12.0), 20.08, 21.05, 21.3, 22.1, or 22.2 to 23.1, there is no need to change your deployment architecture. Rather, we strongly recommend that you upgrade using your existing architecture and test version 23.1 in a known configuration. After you have tested BMC Discovery 23.1 in a known configuration, you might choose to explore the deployment opportunities offered by the BMC Discovery Outpost.
Existing Windows proxies will continue to operate with upgraded appliances.
The following procedure describes the steps required to replace the scanning appliance in a consolidating system with a BMC Discovery Outpost: