Introduction to cloud discovery
Using BMC Helix Discovery, you can discover your cloud services in much the same way as you would discover your on-premises infrastructure. You add a suitable credential, perform a discovery run, which may be snapshot or scheduled, and view the results. In a consolidating system the results are consolidated, and if your system uses CMDB synchronization, they are synchronized accordingly.
A significant difference is that cloud discovery uses the cloud vendor's API to extract data on your cloud services, rather than the direct access used in scanning your on-premises infrastructure. For example, an AWS scan will return information about EC2 Instances as VirtualMachine nodes but it will not be able to collect information about what is running on those EC2 Instances, as that information is not reported by the AWS API. To obtain details of what is running on those EC2 instances, you should also perform a "Host scan" of them. BMC Helix Discovery ties all of the data together to provide a broad, coherent view.
BMC Helix Discovery supports multi-cloud applications and services; that is, if your applications or services span clouds from more than one provider, they are discovered and linked correctly.
The cloud scan is different from other scan types as it simply retrieves information from the cloud provider API.
Additional methods of cloud discovery
If you use AWS, you can discover EC2 hosts using AWS Systems Manager (SSM). This enables you to perform a detailed discovery of EC2 hosts running in AWS, without the requirement for a direct SSH connection. You are also not limited to hosts with a public IP address. For more information, see Discovering EC2 hosts by using AWS Systems Manager.
If you use Google Cloud Platform (GCP) you can perform a detailed discovery of Google Compute Engine hosts by using Identity-Aware Proxy (IAP) and Identity Access Management (IAM). This discovery process does not require a direct SSH connection. You are also not limited to hosts with a public IP address. For more information, see Discovering hosts in GCP by using IAP.
Supported cloud providers
Currently, BMC Helix Discovery supports a number of cloud providers and discovering them is described in the following topics:
- Discovering Alibaba Cloud Platform
- Discovering Amazon Web Services
- Discovering Google Cloud Platform
- Discovering IBM Cloud
- Discovering Microsoft Azure
- Discovering OpenStack
- Discovering Oracle Cloud Infrastructure
- Discovering Cloud Tags
- Discovering Cloud Public IPs for cloud hosts
The following diagram illustrates the cloud discovery process:
Performing cloud discovery
BMC Helix Discovery combines data from the cloud API with host level discovery data to provide rich dependency mapping of your cloud services.
A "cloud scan" is similar to a normal scan, but instead of scanning a list of IPs, it connects to the API of the cloud provider and collects information directly.
To discover your cloud services, you must:
- Create a credential in the vendor's cloud configuration tool. For example,
- AWS - the Amazon Identity and Access Management (IAM) console
- Azure - Microsoft Azure portal
- OpenStack - the OpenStack dashboard.
- Add the cloud credential to BMC Helix Discovery. The parameters required depend on the cloud vendor that the credential is to be used to discover.
- Perform a cloud discovery run, snapshot or scheduled. The parameters required for the run depend on the cloud provider, but they are usually:
Provider – the cloud provider.
Credential – the cloud credential to use.
Region – the region to scan.
Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud dashboard to find the hosts.
Scanning the hosts assumes that the appliance/instance or proxy has network access to hosts running in the cloud, for example, using a VPN.
Examine the results.
For more information on adding cloud scan, see Performing a discovery run.
See this video (5:07) for understanding the discovery of cloud services and performing cloud runs by BMC Helix Discovery.
Before you proceed with the cloud scan, ensure that a cloud credential is configured on your appliance/instance. Create a cloud provider user account and access key. For more general information on credentials, see configuring credentials.
Cloud Overview dashboard
BMC Helix Discovery also provides a Cloud Overview dashboard which gives an overview of the cloud providers, cloud regions, cloud services, administrative collections, and deployments discovered. It also displays a number of charts including public cloud usage, a breakdown of VM types (size) for each provider. It provides a report of unscanned cloud hosts which is useful for scanning the hosts running the VMs discovered in the cloud scan. You can access the dashboard from the menu option Available dashboards > Cloud Overview.
An example Cloud Overview dashboard is shown below:
The reporting section of the cloud dashboard shows the cloud-related reports that are available:
Unscanned Cloud Hosts
Show Virtual Machines where the associated Host has not been scanned
- Summary of user defined cloud tags
Lists the discovered cloud tags and how many nodes that have them. Useful starting point for other, tag specific reports.
- Cloud elements with a particular user defined tag
Shows cloud hosted elements that are tagged with a particular user defined tag. Can return multiple node kinds, click through to see the node and the value of the chosen tag.
- Cloud elements missing a particular user defined tag
Shows cloud hosted elements that are missing a particular user defined tag. Can return multiple node kinds, click through to to see the nodes and the tags that are set.
- Cloud elements without any user defined tags
Shows cloud hosted elements that do not have any user defined tags. Can return multiple node kinds.
Log in or register to comment.