Discovering Alibaba Cloud Platform
AliCloud, also known as Alibaba Cloud or Aliyun, is the largest cloud computing company in China. Headquartered in Singapore, Alibaba Cloud operates in 20 data center regions and 61 availability zones around the globe. You can access and configure all of your services using the Alibaba Cloud Console.
Discovering Alibaba Cloud Services
This section describes the settings and procedures required to discover services running in Alibaba. It contains the following topics:
Services and regulatory domains discovered
BMC Helix Discovery enables you to discover your cloud services running in Alibaba. The following set of Alibaba services can be discovered with the latest product content update:
- Alibaba Elastic Compute Service
- Alibaba ApsaraDB for MongoDB
- Alibaba Relational Database Service
- Alibaba ApsaraDB for Redis
- Alibaba Server Load Balancing
- Alibaba Virtual Private Cloud
More detailed information on the discovery of Alibaba services is provided in the following Configipedia pages:
Before you begin
For correct scanning of Alibaba Cloud services, we strongly recommend that you follow this process:
- Create a RAM user.
- Configure BMC Helix Discovery credentials.
- (Optional) Configure Roles in RAM Console and BMC Helix Discovery.
When all required configuration is complete, you can use BMC Helix Discovery to scan your Alibaba Cloud environment.
Creating Alibaba credentials
Before you start performing discovery on Alibaba Cloud, you should provide an access key (credential) with help of which BMC Helix Discovery can access the Alibaba cloud. It is available to create an access key using the Alibaba Resource Access Management (RAM) console.
Then, you can add the cloud discovery credential using the access key created in the RAM console to BMC Helix Discovery.
Create RAM user and get Access key in RAM console
To create a RAM user and get the Access key for it in the RAM console that is used to make secure queries to the Alibaba Cloud APIs, do the following steps:
On the Users page, click Create User.
Add User Account Information.
In the Access Mode section, select Programmatic Access.
Click OK to create a RAM User
Grant the discovery user the "ReadOnlyAccess" permission. For detailed information about grant permission, see Grant permissions to a RAM user
Create a cloud credential in BMC Helix Discovery
The cloud credential uses the Access keys/IDs/passwords as the equivalent of a username and password combination.
Create the cloud credential in the same way as any other credential:
- On the BMC Helix Discovery Device Credentials page, click Add and select Alibaba Cloud from the Cloud Provider section in the drop-down list.
The Add Credential page is displayed. - Add the usual credential information:
- Label.
- Description.
- Add the information in the additional fields for Alibaba:
- Access Key ID
You can import the CSV files downloaded from the RAM console, reducing the scope for cut and paste errors when creating Alibaba credentials in BMC Helix Discovery. To upload a CSV file containing the Key ID and Secret, click Upload CSV, select the file, and then click Open. - Secret Access Key
Assume Roles. Use the Alibaba Resource Name (ARN) only if you want to apply role-based authentication for a user, application, or service.
To enable role-switching (multiple roles), enter each role as a new-line separated list.
- Access Key ID
- Click Apply to save the credential.
- Optionally specify a proxy to use to access. To use a proxy, you must specify the following:
- Hostname
- Port
- Username (only for authenticating proxies)
- Password (only for authenticating proxies)
The "TLS Certificate Check" option can be disabled if your proxy uses self-signed certificates.
Warning
If you disable the certificate check, your credentials could be intercepted by a man-in-the-middle attack.
- Click Apply to save the credential.
Run a cloud scan
To perform cloud discovery, from the BMC Helix Discovery Status page (Manage > Discovery), use the Add New run control.
- Click Add New run.
The Add a Cloud Run dialog is displayed. - Enter a Label for the cloud discovery run.
- To add a scheduled cloud run, select Scheduled and fill in the scheduling information as with normally scheduled discovery runs. For more information on the scheduling, se: Performing a discovery run.
- Select Cloud.
- Select the provider from the drop-down list. Select Alibaba Cloud.
- Select the appropriate cloud credential. If none are available, you must add one.
- Select the region to scan, click List of regions to scan for a full list, and select regions to scan. You can also select all regions by clicking the All button.
- Click OK.
Examine results
Once you have scanned, you can examine the results.
Another example of the scanned results is represented below:
Alibaba discovery patterns
Go to Manage > Knowledge page to see available AWS discovery patterns. They are located in the Pattern modules list, under Cloud > Alibaba Cloud.
Related Topics
For more information see the following topics:
Comments
Log in or register to comment.