Windows proxy deployment
For detailed discovery of the Windows part of the target environment, BMC Discovery uses a Windows proxy, a discovery proxy that can be installed on any suitable Windows computer in the target environment. There are two Windows proxy types available, which you can select depending on whether credential, workgroup, or active directory security is used. The preferred approach is to use the active directory proxy installed as a service that is set to run as the discovery user. In this manner, a Windows administrator can set the user name and password, and it never has to be known or entered by a BMC Discovery administrator. In the case of the credential Windows proxy, user names and passwords for discovery are entered directly into the appliance UI.
The Windows proxy can be a physical or virtual server, and it can use an existing infrastructure server.
The following table provides information about the compatibility between Windows proxy types and versions, and the operating systems that the Windows proxy runs on for BMC Discovery.
Windows Proxy Type | Earliest Compatible Windows Proxy Version | Windows Proxy Available for Supported Operating System |
|---|---|---|
Credential Windows proxy | 11.0 — no actions required. | Windows Server 2022 |
Active Directory Windows proxy | 11.0 — no actions required. 21.05 — for PowerShell support. See Windows proxies and PowerShell discovery. | Windows Server 2022 |
Note
The Workgroup Windows proxy is no longer supported. Running the Active Directory Windows proxy under a Workgroup account provides exactly the same functionality as the old Workgroup Windows proxy.
Network ports used for discovery communications
Minimum host specification
The following are the minimum recommended specifications for the Windows proxy host:
Component | Specification |
|---|---|
Operating System | As stated in tables above |
CPU | 2GHz Intel Pentium® 4 CPU 512k Cache (or equivalent from other manufacturer) |
Memory | 2GB |
Hard disk | 60GB |
To avoid any impact during resource-intensive periods of discovery, we recommend not to install the Windows proxy on any host supporting other business services. This is true even if the minimum Windows proxy specification is exceeded, since the Windows proxy will attempt to use what resources are available, in order to optimize scan throughput.
Windows discovery communications
You should also consider the ports that will need to be opened in any firewall between the appliance and the proxy or proxies, and the proxies and target hosts.
Windows discovery metadata
Discovery metadata covers Windows as well as UNIX. This provides information about why sessions failed to be established and why scripts failed to run, including information about what credential or Windows proxy was used.
Windows proxies and PowerShell discovery
For PowerShell discovery, the BMC Discovery version 21.05 Windows AD proxy does not issue discovery commands and return processed results. It acts as a proxy, simply forwarding the PowerShell commands to be run on the target host, and returning the raw results to the BMC Discovery appliance or BMC Discovery Outpost that initiated the scan. Where discovery is using an earlier AD proxies, and a pattern uses a PowerShell script, the proxy attempts to run the PowerShell script using the PowerShell executable on the target.
When you use discovery in Record/Playback mode for PowerShell discovery, this is done in the 21.05 Windows AD proxy.
Comments
Log in or register to comment.