This documentation relates to the latest released version of BMC Discovery.
See the information on this topic for versions 11.2 or 11.1.

You can download the BMC Discovery Proxy Manager (Proxy Manager) files and the Windows proxies from the appliance, and install them on your local Windows host. In BMC Discovery 10.1 and later, configuring secure communication with proxies is implemented using new key and certificate management capabilities in the Proxy Manager and with automatic registration of the proxy on the appliance. Upgraded proxies continue to use the legacy keys. However, BMC recommends that you switch to using unique keys as soon as all connected appliances have also been upgraded. For more information, see Secure deployment.

The BMC Discovery appliance opens connections to the Windows proxies. You choose the ports for the proxies during installation. However, you can modify the ports by using the Proxy Manager. You must modify the proxy host firewall, and any other firewalls between the proxy host and the appliance to permit communication on the necessary ports.

You can install only a single instance of the Windows proxy manager on a host, which can manage and run multiple instances of the Windows proxy. Installing a newer Windows proxy version will always upgrade all configured instances.

The following topics are covered in this section:

Before you begin

  • Make sure that you have the necessary permissions to download and install the Windows proxies and Window proxy manager.
  • Understand the Windows proxy version and Operating System (OS) compatibility to scan and retrieve IPv6 data.
  • Make sure that you meet the minimum recommended specifications for the Windows proxy host.

  • Consider the ports that must be open in any firewall between the appliance and the proxy or proxies, and the proxies and target hosts.

Permissions required

The following permissions are required to install Windows proxies:

  • You must be logged in as an administrator. Otherwise, you need to grant permissions to write to C:\Program Files\BMC Software\ADDM Proxy.
  • The user that runs the Windows proxy must have necessary permissions to read from and write to the etc, log, and record directories.
  • As a user on the appliance, you must have the following permissions to download the Windows proxy installers: admin/software/slave/download.

Downloading the Windows proxy installer

The proxy installer, which you can access from the appliance user interface (UI), installs the following components:

  • BMC Discovery Proxy Manager
  • Active Directory proxy
  • Credential Windows proxy

To download the Windows proxy installer

  1. From the Manage > Discovery Tools page, click the Download installer for Windows Proxy version 11.2 link.
  2. Click Save File to save the installation file to your file system.

Installing the Proxy Manager and proxies

You can install the Proxy Manager and proxies by using the BMC Discovery UI. Alternatively, you can perform the installation by using the command line for a silent installation option.

Installing or upgrading Windows proxies where anti-virus software is installed

Before installing the proxies, either disable the anti-virus software or configure it to exclude RemQuery from triggering a virus alert. You can enable the anti-virus software after you complete installing the proxies.

To install using the BMC Discovery UI

  1. Run the installer by double-clicking on the downloaded installer file.
    A welcome screen is displayed.
  2. Click Next.
    The Select Destination Location screen appears.
  3. To select a different location for the installation, click Browse. Otherwise, click Next to accept the default installation directory (C:\Program Files\BMC Software\ADDM Proxy).
    The Select Start Menu Folder screen appears.
  4. To select a different location for the application shortcut, click Browse. Otherwise, click Next to accept the default folder (BMC Software\ADDM Proxy).
    If you choose Don't create a Start Menu Folder here, ensure that you clear all the start menu option check boxes in the next step.
  5. On the Select Additional Tasks screen, select the options that will be available in the Start menu, and then click Next.
  6. To install an Active Directory Proxy, select the Create an Active Directory Proxy check box and perform the following steps:
    1. Enter the credentials for the user account that will run the Windows proxy.
      If you do not enter the credentials at this point, you can do so later. The Windows proxy will run as the Local System user if credentials are not entered. However, an Active Directory Proxy running as a Local System user will not have the necessary domain credentials to perform any discovery. For more information about specifying the credentials, see installing from the command line.
    2. Click Next.
      The Credential Proxy screen appears.
  7. To install a Credential Proxy, check Create a Credential Proxy and perform the following steps:
    1. Enter the credentials for the user account that will run the Windows proxy. You must prefix the user name with localhost (for example, localhost\Administrator). If you do not enter the credentials at this point you can do so later.. The Windows proxy will run as the Local System user if credentials are not entered.

      Credential Windows proxy User

      You should not run the Credential Windows proxy as the Local System user, but as a valid local user account, which should be in the local Administrators group.

    2. Click Next.
  8. Review the details on the Ready to Install screen. If the details are incorrect, click Back and navigate through the installer to correct the error. If they are correct, click Install to install the selected components.
  9. The Completing the BMC Discovery Proxy Setup wizard is displayed.
    1. (If you have already installed the Active Directory proxies) To register the proxies with the appliance, check Register Active Directory Proxy with ADDM Appliance.
    2. (If you have already installed the Credential proxies) To register the proxies with the appliance, check Register Credential Proxy with ADDM Appliance.
    3. To run the BMC Discovery Proxy Manager immediately after installation, check Run Proxy Manager.

      Automatically generated certificate

      The Create Windows proxy page is populated with the certificate of the proxy. This certificate is used for securing communications between the appliance and the proxy. You can verify that the proxy communication has not been intercepted by comparing the certificate fingerprint shown in the appliance UI with the one shown in the Proxy Manager's Key And Certificate Management dialog.

  10. Click Finish.
    The BMC Discovery Proxy Manager is launched.

Service startup failure

Sometimes Windows might refuse the installer permission to start the Windows proxy service, resulting in a dialog box along the lines of service installed but could not be started. This is remedied by manually supplying the credentials directly to the service using the Windows Services control panel. See Specifying the account used to run the Windows proxy.

Registering a Windows Proxy from the appliance UI

If the proxy is not able to register with the appliance automatically (due to connectivity issues or to strict security policies), you can instead register the proxy using the appliance UI. When registered this way, the connection from the appliance must be approved in the Known Appliances dialog of the Proxy Manager.

To install from the command line

The Inno Setup options are described on their website.

  1. Using a command prompt, change directory to the directory into which you downloaded the installer file. Enter:

     C:\>cd "Documents and Settings\username\My Documents\Download\"
  2. Run the installer using the Inno Setup options and the additional Windows proxy manager installer options. Enter:

    addmproxy_installer_10.1_xxxxxx.exe /SILENT /ADUSER="username" /ADPASSWORD="password"

Additional Proxy Manager options

Additional Windows proxy manager and proxy installer options are described in the following table:

Option

Description

/ADCREATE=Y|N

Create an AD proxy during the install. The default is Y, that is, create an AD proxy.

/CREDCREATE=Y|N

Create a Credential proxy during the install. The default is N, that is, do not create a Credential proxy.

/ADUSER="username"

The username with which to run an AD proxy. The default is "".

/ADPASSWORD="password"

The corresponding password. The default is "".

/CREDUSER="username"

The username to run a credential proxy. The default is "".

/CREDPASSWORD="password"

The corresponding password. The default is "".

/SILENT

Run a BMC Discovery Proxy silent installation. For installing AD proxy, the /ADUSER and /ADPASSWORD are mandatory. For installing just a Credentials proxy, Active Directory credentials are not required, as the installer uses system account credentials.

These commands are entered as a space separated list.


For silent installation of the Active Directory proxies, you must provide valid domain credentials. The installation process verifies this, and it fails if default username and password was provided.

Post installation settings

The following sections describes the post installation settings and modifications that might be required for Windows proxies.

To modify the Windows proxy host firewall

By default, the Windows firewall blocks the ports that the Windows proxies use. To enable an appliance to communicate with a Windows proxy, you must amend the firewall rules to permit communication on the ports that each Windows proxy type installed is using. The Proxy Manager displays the port that each proxy is using.

To modify the host firewall, select Windows Firewall from the Windows Control Panel. You can add a Windows proxy as an exception (as a program or a port) on the exceptions tab.

To specify the account used to run the Windows proxy

The Active Directory Windows proxies obtains permissions on the discovery target from the user account that they run as, whereas the Credential proxies gain their permissions on the discovery target from the credentials entered in Discovery > Credentials > Devices > Hosts. The recommended procedure to configure or edit the account used to run the Windows proxy is from the Windows proxy manager. For more information about specifying user accounts, see creating a Windows proxy.

The alternative method to configure the account used to run the Windows proxy is as follows:

  1. Choose Start > Settings > Control Panel.
  2. Double-click Administrative Tools and then Services.
  3. Right-click the Windows proxy entry in the Services list and choose Properties.
  4. Switch to the Log On tab and select This account.
  5. Depending on the proxy type to be configured, perform the following:
    • For a Credential Proxy, enter the user name and password for a valid local user account, which should be in the local Administrators group.
    • For an Active Directory proxy, enter the user name and password of the Domain account that the service is to run as.
      You may see a dialog saying that the user has been granted the Log on as a Service right.
  6. To apply the changes, click OK.

 

Windows proxy downgrade

If you need to downgrade a Windows proxy, you must stop the Windows proxy, uninstall it, and then install the new Windows proxy according to the instructions for that Windows proxy version.

Was this page helpful? Yes No Submitting... Thank you
  • No labels
© Copyright 2004 - 2019 BMC Software, Inc.
Legal notices