Configuring the BMC Discovery Outpost

Once registered with the BMC Helix Discovery service, the BMC Discovery Outpost requires little configuration. However, you may need to change some settings, for example, the log level or the port on which the BMC Discovery Outpost listens for connections. 

To configure the BMC Discovery Outpost

1. Log in to the BMC Discovery Outpost UI and select Manage > Configuration.
   The Outpost Configuration page displays. The following image shows enabled automatic updating, and the BMC Outpost is up-to-date:       
   
   
   The following image shows that an update is available on a BMC Discovery Outpost where automatic updating is disabled. BMC recommends that you leave automatic updates enabled.
   
   
   

2. Make any required changes to the settings on this page and click Apply.

   Field Name	Details
   Name	The name of the BMC Discovery Outpost. This is displayed in any BMC Helix Discovery service or appliance with which the BMC Discovery Outpost is registered.
   Address	The address of the BMC Discovery Outpost. This name or address forms part of the URL of the BMC Discovery OutpostUI. Changing the address changes the URL needed to access the BMC Discovery Outpost.
   Port	The port on which the BMC Discovery Outpost listens for connections. If you change the port, you must restart the BMC Discovery Outpostservice.
   Scope	Enter the scope that this BMC Discovery Outpostwill apply to IP addresses to distinguish between overlapping address spaces. The default scope is Default. See Overlapping IP addresses for more information. You should set the IP Ranges, Excluded IP Ranges, and Scope settings as a group to ensure that the BMC Discovery Outpostonly scans the required IP addresses, and where appropriate applies a scope to the IP addresses.
   IP Ranges	The IP ranges that the BMC Discovery Outpost is permitted to scan. Tip A credential held in a BMC Discovery Outpost cannot be used in another BMC Discovery Outpost. You should ensure that if you restrict the ranges here, the credentials on this BMC Discovery Outpost are valid for the permitted IP ranges. By default this is All IP Addresses. If you deselect the check box, a field is displayed enabling you to enter IP address information in one of the following formats: • IPv4 address (for example 192.168.1.100). Labelled v4. • IPv6 address (for example 2001:500:100:1187:203:baff:fe44:91a0). Labelled v6. • IPv4 range (for example 192.168.1.100-105, 192.168.1.100/24, or 192.168.1.*). Labelled v4. As you enter text, the UI divides it into pills (discrete editable units) when you enter a space or a comma. According to the text entered, the pill is formatted to represent one of the previous formats or presented as invalid.
   Exclude IP Ranges	The IP ranges that the BMC Discovery Outpost is not permitted to scan. By default this is None, that is, no IP addresses are excluded from scanning. If you deselect the check box, a field is displayed enabling you to enter IP address information for IP addresses that are not to be scanned. Enter IP address information in the same way as for the IP address field.
   Logging level	Choose a level at which the BMC Discovery Outpost writes logs. The following log levels are available for selection: Debug — Specifies fine-grained informational events that are most useful to debug the application. Info — Specifies informational messages that highlight the progress of the application at coarse-grained level. Warning — Specifies potentially harmful situations. Error — Specifies error events that might still allow the application to continue running. Critical — Specifies severe error events that might cause the application to abort. If you select Debug, you are asked to confirm your selection as the Debug level logging can impact the performance of the BMC Discovery Outpost.
   Auto Update	The BMC Discovery Outpost can be automatically updated. The default setting is to enable automatic updates, and we recommend that you do not disable automatic updates. If automatic updates are disabled, and an update is available, a notice is displayed in the header of the BMC Discovery Outpost UI, and in the Configuration page. Click either notice to update the BMC Discovery Outpost. The UI banner shows the progress of the update. The update is downloaded from s3.eu-west-2.amazonaws.com.
   Use WMI	Choose whether to enable WMI queries from BMC Discovery Outpost. Select the timeout for WMI queries. The default is 120 seconds.
   Use RemQuery	Choose whether to enable RemQuery from BMC Discovery Outpost. Select the timeout for RemQuery requests. The default is 60 seconds.
   FIPS 140-2	Shows whether FIPS 140-2 is enabled on the BMC Discovery Outpost host. See Running in FIPS compliant mode for information on FIPS and BMC Helix Discovery, and consult the Microsoft documentation for the version of Windows that you are using.

Restricting an Outpost to an organization

As a BMC Helix Discovery administrator, you may want the IT infrastructure to be segmented by organizations. This means that only the members of an organization are able to perform tasks related to their organization. These tasks can be configuring a scan using a specific Outpost, managing credentials of the organization, and so on. To achieve this, you can link an Outpost with one or more organizations and make it a restricted Outpost. The advantage is that only users belonging to an organization can use the linked Outpost for a discovery scan. For more information about how restricted Outposts affect your scans and credentials, see Outposts restricted by organizations.

To restrict an Outpost to an organization

1. Access BMC Discovery Outpost and go to Manage > Registrations.
   The list of instances connected to BMC Discovery Outpost is displayed.
   
2. For the instance that you want to apply the restriction, click the Actions list and select Edit, or click the Edit icon .
   The Edit Connection dialog is displayed.
   

3. For the Restrict By Organization option, select Yes.
   A list of organizations created in the system is displayed, 

   Important

   By default, the option to restrict Outposts to organizations is disabled. If you do not see the Restrict By Organization field, it means that the option is currently disabled in your instance of BMC Helix Discovery. For information about enabling the option, see Configuring discovery settings. 

4. Select the organizations to which the Outpost must be restricted and click OK.
   The Instance Connections section displays the updated Outpost setting, with the list of organizations to which it is restricted.
   
5. If you need to edit the setting, click the edit icon , change the selected organizations, and then click OK to save it. 

To verify the Outpost restrictions

1. Log in to BMC Helix Discovery, and go to Manage > Discovery.
2. Click Add a New Run.
   The Add a New Run dialog is displayed.
   

3. Click the Restrict by Organization list and verify that the organizations you applied in the Outpost are present in the list.

   Important

   As an administrator you may restrict, for example, Outpost-1 to Org1, Org2, Org3, and Org4. However, if User-A is a member of Org2 and Org3, then after User-A logs in, the options available in the Restrict by Organization field will be Org2, Org3, and Unrestricted; the options in the scope via field will be Outpost-1 and Anything suitable.

4. Additionally, go to Manage > Outposts and for the Outpost that you restricted, the applicable organizations are listed.