Discovering IBM Cloud
IBM Cloud is the most open and secure public cloud for business
Discovering IBM Cloud
You access and configure all of your services, using the IBM Cloud Console. This section describes the settings and procedures required to discover services running in IBM Cloud.
Services and regulatory domains discovered
BMC Discovery enables you to discover your cloud services running in IBM Cloud.
The following set of IBM Cloud services can be discovered with the latest product content update:
Classic Infrastructure - is not supported because IBM marked it as obsolete
VPC Infrastructure - both Generation 1 and 2 are supported
Create IBM Cloud Api key
To perform discovery on IBM Cloud, you must provide an API key (credential) with which BMC Discovery can access the IBM cloud. You can create the access key using the IBM Cloud API keys console.
- Create a new API key
Manage → Access (IAM) → API Keys
You can download the API Key as a json file and then import it when you create a cloud credential in BMC Discovery.
If you lose the API key, you cannot retrieve it from the IAM console, you must create a new access key and use the new key in the BMC Discovery cloud credential. You should keep a note of the API key until you have successfully tested the cloud credential.
Create a cloud credential in BMC Discovery
Create the cloud credential in the same way as any other credential. The cloud credential uses the Access key as the equivalent of a username and password combination.
- From the BMC Discovery Device Credentials page, click Add and select 'Cloud Provider' from the drop-down list.
The Add Credential page is displayed.
- Click the 'plus icon' next to 'Credential Types' to see the available Cloud Providers. Select IBM Cloud from the drop-down list.
- Add the API Key::
- Optionally specify a proxy to use to access. To use a proxy you must specify the following:
- Username (only for authenticating proxies)
- Password (only for authenticating proxies)
- Click Apply to save the credential.
Test the credential
Once you have created the credential, you should test it to ensure that it works.
From the credentials page, click Devices.
- Filter the list to show cloud credentials.
- Click Actions for the IBM Cloud credential you added, and then click Test.
- The default region is US South (Dallas).
- Click Test.
The screen below shows a successful test.
If the credential test was unsuccessful, click on the 'Failure' status to see the details. Ensure that you copied the secret access key correctly.
The BMC Discovery appliance must be able to access IBM using https (port 443 and 80).
Run a cloud scan
To perform cloud discovery, from the Discovery Status page, use the Add New run control.
- Click Add New run.
The Add a Cloud Run dialog is displayed. Enter a Label for the cloud discovery run.
- To add a scheduled cloud run, select Scheduled and fill in the scheduling information as with normal scheduled discovery runs.
- Select Cloud.
- Select the provider from the drop-down list. Select IBM Cloud
- Select the appropriate cloud credential. If none are available, you must add one.
- Select the region to scan, for example, for IBM, US South(Dallas). You can also select all regions by clicking the All button.
- Click OK.
Once you have scanned, you can examine the results.
Scan the hosts running the VMs in the cloud
Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud Overview dashboard to find these.
Scanning the hosts assumes that the appliance or proxy has network access to hosts running in the cloud, for example, using a VPN.
Public IP addresses do not respond to ICMP pings. You must disable "Ping before scanning", otherwise all scans are dropped reporting no response.
You can discover all supported databases in IBM Cloud. At the time of release of BMC Discovery 11.3, the following are supported:
The following information is required to discover databases in IBM Cloud:
- Endpoint – you can identify the database endpoint using the RDS Dashboard in the IBM Cloud Console.
- Incoming connections – you must permit incoming connections with a rule for an IP address or set of IP addresses. For example, to permit access to a MySQL database, from a single IP address, you would add a rule with the following parameters:
- Type - MySQL
- Protocol - TCP
- Port Range - 3306
- Source - 188.8.131.52/32
Then the database can be discovered as any MySQL database in your estate.
BMC Discovery database credential
To discover a Database an appropriate Database credentials must be created.
Information about Database credentials is available here in the Database credentials paragraph.
IBM Cloud discovery patterns
The GCP discovery patterns are available on the Manage > Knowledge page. They are located in the Pattern modules list, under Cloud > IBM