Introduction to cloud discovery
Using BMC Discovery, you can discover your cloud services in much the same way as you would discover your on-premises infrastructure. You add a suitable credential, perform a discovery run, which may be snapshot or scheduled, and view the results. In a consolidating system the results are consolidated, and if your system uses CMDB synchronization, they are synchronized accordingly.
A significant difference is that cloud discovery uses the cloud vendor's API to extract data on your cloud services, rather than the direct access used in scanning your on-premises infrastructure. For example, an AWS scan will return information about EC2 Instances as VirtualMachine nodes but it will not be able to collect information about what is running on those EC2 Instances, as that information is not reported by the AWS API. To obtain details of what is running on those EC2 instances, you should also perform a "Host scan" of them. BMC Discovery ties all of the data together to provide a broad, coherent view.
BMC Discovery supports multi-cloud applications and services; that is, if your applications or services span clouds from more than one provider, they are discovered and linked correctly.
The cloud scan is different from other scan types as it simply retrieves information from the cloud provider API.
Currently, BMC Discovery supports a number of cloud providers and discovering them is described in the following topics:
- Discovering Alibaba Cloud Platform
- Discovering Amazon Web Services
- Discovering Google Cloud Platform
- Discovering IBM Cloud
- Discovering Microsoft Azure
- Discovering OpenStack
- Discovering Oracle Cloud Infrastructure
- Discovering Cloud Tags
- Discovering Cloud Public IPs for cloud hosts
The following diagram illustrates the cloud discovery process:
Performing cloud discovery
BMC Discovery combines data from the cloud API with host level discovery data to provide rich dependency mapping of your cloud services.
A "cloud scan" is similar to a normal scan, but instead of scanning a list of IPs, it connects to the API of the cloud provider and collects information directly.
To discover your cloud services, you must:
- Create a credential in the vendor's cloud configuration tool. For example,
- AWS - the Amazon Identity and Access Management (IAM) console
- Azure - Microsoft Azure portal
- OpenStack - the OpenStack dashboard.
- Add the cloud credential to BMC Discovery. The parameters required depend on the cloud vendor that the credential is to be used to discover.
- Perform a cloud discovery run, snapshot or scheduled. The parameters required for the run depend on the cloud provider, but they are usually:
Provider – the cloud provider.
Credential – the cloud credential to use.
Region – the region to scan.
Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud dashboard to find the hosts.
Scanning the hosts assumes that the appliance or proxy has network access to hosts running in the cloud, for example, using a VPN.Examine the results.
For more information on adding cloud scan, see Performing a discovery run.
See this video (5:07) for understanding the discovery of cloud services and performing cloud runs by BMC Discovery.
Cloud Credentials
Before you proceed with the cloud scan, ensure that a cloud credential is configured on your appliance. Create a cloud provider user account and access key. For more general information on credentials, see configuring credentials.
Cloud Overview dashboard
BMC Discovery also provides a Cloud Overview dashboard which gives an overview of the cloud providers, cloud regions, cloud services, administrative collections, and deployments discovered. It also displays a number of charts including public cloud usage, a breakdown of VM types (size) for each provider. It provides a report of unscanned cloud hosts which is useful for scanning the hosts running the VMs discovered in the cloud scan. You can access the dashboard from the menu option Available dashboards > Cloud Overview.
An example Cloud Overview dashboard is shown below:
Cloud reports
The reporting section of the cloud dashboard shows the cloud-related reports that are available:
Unscanned Cloud Hosts
Show Virtual Machines where the associated Host has not been scanned- Summary of user defined cloud tags
Lists the discovered cloud tags and how many nodes that have them. Useful starting point for other, tag specific reports.
- Cloud elements with a particular user defined tag
Shows cloud hosted elements that are tagged with a particular user defined tag. Can return multiple node kinds, click through to see the node and the value of the chosen tag.
- Cloud elements missing a particular user defined tag
Shows cloud hosted elements that are missing a particular user defined tag. Can return multiple node kinds, click through to to see the nodes and the tags that are set.
- Cloud elements without any user defined tags
Shows cloud hosted elements that do not have any user defined tags. Can return multiple node kinds.
Comments
Can we get this page updated please as Google Cloud is now supported according to othe cloud referenced pages. Thanks Raye
Hello,
How do Cloud objects discovered via cloud API scans age out when they are no longer seen on API scans?
Thanks Allen Morgan NASDAQ
Hi Allen,
The cloud objects (Cloud Provider, Cloud Region, and Cloud Service) do not automatically age out. They are only removed when you delete them. Naturally, if you delete a Cloud Provider, its regions and services are cascade deleted too. The virtual hosts inside the Cloud Service VMs though are aged out according to the normal rules for a (virtual) host.
The Node Lifecycle section has information on aging. The pages that are likely to be most useful are CloudProvider node, VirtualMachine node, and Host node.
For completeness, the CloudRegion node, CloudRegion node describe those parts of the model, but for your question on deletion don't add a great deal.
I hope this helps.
Thanks, Duncan.
Log in or register to comment.