BMC Helix Discovery features and components
BMC Helix Discovery automatically discovers the hardware and software in your data center, determines configuration and relationship data, and maps applications to the IT infrastructure.
BMC Helix Discovery is divided into two major parts, the cloud native service provided by BMC, and the BMC Discovery Outpost, application software that runs on a dedicated Windows server in your data center or on a public cloud.
The BMC Discovery Outpost is not available in the version of BMC Helix Discovery available to BMC Helix AIOps users.
BMC Helix Discovery
BMC Helix Discovery is a true SaaS offering with:
- A single version
- BMC controlled product releases, updates to the supporting system and infrastructure, and monthly Technology Knowledge Updates (TKUs)
BMC Helix Discovery removes the requirement for customers to:
- Size, provision, and maintain hardware
- Configure clusters
- Apply TKUs
- Back up and maintain the datastore
BMC Helix Discovery service
The BMC Helix Discovery service is the cloud native element of BMC Helix Discovery in which infrastructure, upgrades, resilience, and availability are all managed by BMC. The BMC Helix Discovery service registers with the selected Outpost, and the Outpost in turn registers with the BMC Helix Discovery service. The process is not automated, which ensures that registration between the two is always a positive action.
The BMC Helix Discovery service does not initiate communication with the Outpost. It responds to Outpost requests for tasks, such as discovery requests, and responds to the registered Outpost with associated actions. When an Outpost requests a task, the service only sends a task that it can do, such as a scan of IP addresses that the Outpost is permitted to scan, and if an IP address has already been scanned, then the request is sent to the Outpost that has already successfully scanned it.
The BMC Helix Discovery service intelligently infers information about hosts and programs from the Directly Discovered Data (DDD) that is returned using the patterns. Each pattern represents knowledge about a particular software or hardware and the BMC Helix Discovery service uses this knowledge to create more detailed, "inferred" data. Inferred data is the representation of the scanned IT environment and is stored in the datastore. Data written to the datastore is instantly indexed, which enables you to search for the required information by using simple keywords in the service UI. The provenance of each item of inferred data is also stored, which means that when examining an inferred entity in the UI, you can also examine the information that was used to create it.
Patterns can be updated either through monthly Technology Knowledge Updates (TKUs) that are applied by BMC when the updates are released, or by writing new custom patterns using The Pattern Language (TPL).
BMC Discovery Outpost
The BMC Discovery Outpost is not available in the version of BMC Helix Discovery available to BMC Helix AIOps users.
Information about your organization's hardware and software is obtained by BMC Discovery Outpost. The Outpost is an application software that runs on a dedicated Windows server in your data center or on a public cloud. The BMC Helix Discovery service sends a request to an Outpost to scan the IP address required, and the Outpost accesses the target by using the credentials that are held in a secure, encrypted vault. The targets are accessed by using a variety of methods, such as SSH, Telnet, WMI, and SNMP. Once logged into a discovery target, the Outpost executes commands to access the target details, and their results are encrypted and sent to the BMC Helix Discovery service. When the BMC Helix Discovery service receives the data, it stores it in the datastore as Directly Discovered Data (DDD).
The BMC Discovery Outpost performs ssh discovery using an API rather than an ssh client. Consequently, alternative ssh clients are not supported on the BMC Discovery Outpost.
The BMC Discovery Outpost is FIPS compliant.
Multiple Outposts can be deployed to handle segmented networks, and these can all communicate with a single BMC Helix Discovery service. Similarly, the Outpost can be registered with multiple services and receive work from those services. The BMC Discovery Outpost can also communicate with the BMC Helix Discovery service through HTTP(S) proxies; that is, web proxies that adhere to the HTTP protocol specification. We test using the , but any web proxies that adhere to the HTTP protocol specification should be suitable.
The Outpost is self-updating. When a new version is available, you are notified, and you can choose to have the Outpost update installed automatically, when it is idle.
BMC Helix Discovery updates
BMC Helix Discovery users have two instances by default, a Development instance, and a Production instance. We push updates to Development instances each week, on a Wednesday, and the same update to Production instances the following week.
The updates made to the Development and Production instances of BMC Helix Discovery are shown in Recent updates, including the release number, the dates that the release was pushed to Development and Production, and any defects resolved or new features introduced in the release.
The Knowledge Update (TKU) version is updated on the first Wednesday of each month, at the same time as the regular weekly update. Consequently, for one week, the TKU version in the Development instance is ahead of that in the Production instance. The current TKU version for Development and Production instances is also shown in Recent updates.
You can see more information on TKU content and schedules in BMC Helix Discovery content reference.
Security of communication and data in BMC Helix Discovery
- You must register the Outpost with the BMC Helix Discovery service, and the BMC Helix Discovery service with the Outpost. The registration process ensures that:
- The BMC Helix Discovery service listens only for Outposts that you have registered it with.
Your Outposts only ask for jobs from the BMC Helix Discovery service that you have registered them with.
- Communication between the Outpost and the BMC Helix Discovery service is always encrypted, and always sent over HTTPS .
- The registration process establishes the second level of encryption of the messages between the Outpost and the service, which means that we do not just rely on the security of HTTPS communications. The Outpost can communicate with the service by using web proxies, and even if a decrypting web proxy is used to transport the messages, the content cannot be read.
- Messages are encrypted by using tokens exchanged at registration that are used for AES encryption, ensuring that only that Outpost and that service can read the messages.
- The encrypted messages are sent over HTTPS.
- Communication between the Outpost and the BMC Helix Discovery service is always from the Outpost on your premises to the BMC Helix Discovery service in the cloud. Communication is never initiated by the BMC Helix Discovery service in the cloud.
Credentials to access and discover your infrastructure never leave your premises.
Allowed IP addressesBMC Helix Discovery enables you to specify the IP addresses from which you are permitted to access your BMC Helix Discovery instance. To do this you will need to contact BMC Customer Support, and they will make the required configuration changes for you.
Credentials are held in the secure credential vault in the BMC Discovery Outpost. As you use BMC Helix Discovery, your credentials never leave your premises. You configure and manage your credentials through the BMC Discovery Outpost UI. In the BMC Helix Discovery service UI, the Manage > Credentials page also displays information on credentials. These credentials are called shadow credentials. Shadow credentials do not contain the actual credentials. They display only the UI labels of the credentials.
Shadow credentials enable the service to display information on the available credentials, the Outpost the credential is stored on, and usage, such as the credential used to discover a target, without ever taking the actual credentials outside your premises.
When you click a shadow credential, and you have permission to configure credentials, you are redirected to the UI of the Outpost that holds the corresponding real credential. You are logged into the Outpost as the user with which you were logged into the BMC Helix Discovery service UI. The credentials on the Outpost are held in the secure vault which is protected by a key. This key, in turn, is protected by a generated key that is stored on the service.
When you start a Discovery run, the service requests that the Outpost scans each of the endpoints in the run, and the Outpost selects the appropriate credential. The credential is accessed from the vault, by the Outpost, by using the generated key from the service.
CMDB synchronization provides a means of keeping data in the BMC Helix CMDB continuously synchronized with information discovered by BMC Helix Discovery. BMC Remedyforce connections and BMC Helix CMDB connections using the CMDB REST API are supported. The BMC Helix Discovery data model is different from the Common Data Model (CDM) used in the CMDB, so the synchronization mechanism transforms the required information from one data model to the other.
Start anywhere application modeling
Start anywhere application modeling is a new approach to application modeling, which enables you to choose any entry point, or points into an application, and begin modeling from there. For robust applications, logical entry points differ depending on the view of the user. For example, an application owner might choose where the data is stored as the best entry point, and a user of the application might choose the server to which they connect to access the application. The start anywhere approach also prevents parts of applications from being missed if they are not currently connected to an entry point, such as a URL, which may lead to a load balanced service or web server. You might also choose multiple entry points to model the application.
You should start application modeling from anywhere that is interesting in the context of the application you are modeling. The best way of doing this is the search box in the top right of the UI. Enter the name or other detail of something you know to be in the application, and explore the data from there. When you see what you are looking for, start modeling.
The models produced with start anywhere application modeling are simple to create and work on the basis of data that has already been discovered from you network, data that is held in the BMC Helix Discovery datastore. This does not mean that the models are static, rather, they update automatically to reflect the current data. So, if you scan the application and a new component of the application is discovered, it is automatically linked in to the existing components, and reflected when you view the model again. If the new component is of a type that you have excluded from the model, it is still in the datastore, but not included in the application model.
Discovering cloud services
BMC Helix Discovery provides cloud scanning capabilities creating a dynamic, holistic view of data center infrastructure, cloud services, and their relationships. This gives visibility into how multi-cloud environments enable the digital business.
BMC Helix Discovery can discover multi-cloud environments thanks to BMC’s partnership with both Microsoft Azure and Amazon Web Services (AWS). BMC Helix Discovery takes an agnostic approach to representing the multi-cloud assets and relationships. It can map assets and their dependencies to represent data center, public cloud, and private cloud environments. BMC performs this deep discovery in a cloud-friendly manner, leveraging APIs and agentless protocols. This allows for a holistic view of the entire IT environment, including hybrid application deployments.
Data accuracy you can verify and trust. For an automated discovery tool to be trusted and accepted by the user community, it must provide transparency into how the data was obtained. BMC Helix Discovery’s Provenance feature shows the actual command that was executed, the output of the command, and the timestamp when it happened. There’s no searching through log files – all this information is available right in the UI.
Provenance provides indisputable evidence why this data can be trusted and thus speeds adoption of the data into IT processes.
Exhaustive pattern library
The BMC Helix Discovery library includes over 650 patterns for industry leading software such as Oracle, SAP, IBM, HP, VMware, Hadoop, Citrix and more. New patterns are added monthly. With BMC Helix Discovery, it’s easy to fine-tune and extend the discovery process to meet the needs of your organization. Discover additional attributes, custom software, uncommon SNMP devices and more. Simply modify a discovery pattern or use one of the supplied pattern templates. All patterns are text-based and extending a pattern is as easy as modifying a script or batch file.