Page tree
Skip to end of metadata
Go to start of metadata
Consolidation refers to the centralization of discovery data from scheduled or snapshot scans on multiple scanning appliances to one or more consolidation appliances. You might want to use consolidation in the following scenarios:

  • Firewalled environments: When an environment is divided by firewalls so that a single appliance is unable to reach all parts, a scanning appliance can be situated on each section of the network blocked by a firewall. The scanning appliances can all feed back data to a central consolidation appliance.
  • Restricted (policy) networks: Certain lines of business might enforce policies on the control of IT infrastructure in their environments. Where such policies limit or prohibit access, scanning appliances can be deployed which all feed back data to a central consolidation appliance.
  • Restricted (time) scanning windows: Where a discovery window is short, a single appliance may be unable to complete a scan of a large range of IP addresses during the permitted time. Sharing the IP addresses between multiple scanning appliances means each smaller scan can be completed in less time, and the results can be consolidated and viewed on the consolidation appliance.

In each of these situations, multiple scanning appliances can be deployed, and their data consolidated into a central consolidation appliance. The consolidation appliance is then used for reporting and provides a coherent view of the entire scanned network. A consolidation appliance must be set as one which accepts connections or feeds from scanning appliances. Scanning appliances must in turn register with a consolidation appliance.

IP address ranges

Although consolidation can be used to scan a firewalled environment, it is essential that the IP address ranges scanned by each scanner belong to the same IP address space. That is, if two scanning appliances scan the same address, they must both reach the same device. If the IP address spaces are not consistent across all the scanners, information on the consolidation appliance can be missing or incomplete.

This restriction only applies to the addresses scanned by the scanning appliances – if discovery targets possess other IP addresses, there is no need for them to belong to a consistent IP address space.

Consolidation Appliance: The main purpose of the consolidation appliance is to report on data consolidated from a number of other scanning appliances. It can also perform normal discovery, although this is usually not recommended.
Scanning Appliance: The scanning appliance also operates as a normal standalone appliance. The only difference is that it constantly sends discovery data to the consolidation appliance. After setting up, this process is transparent to the user. A scanning appliance must request and be approved on a consolidation appliance before it can send any consolidation data to that appliance. This is described in Approving or rejecting a scanning appliance request.

On the consolidation appliance user interface, the Discovery Currently Processing Runs tab shows any local scans and any consolidation runs in progress. The Discovery Currently Processing Runs is described in The Discovery Status page. The tab is shown below:
This screen illustrates the discovery status page for a consolidating appliance.

What is consolidated?

The consolidated data is Discovery Directly Discovered Data (DDD) nodes including data collected by the patterns. The data inferred by the scanning appliances, for example, Software Instance nodes, is not consolidated, but the consolidation appliance will infer it again (based on its pattern configuration).

TKU release, patterns, CSV imports and consolidation

The TKU release package and custom patterns that are loaded on the scanning and consolidation appliances must be the same in order to infer the same data, for example, Software Instance nodes. This is not enforced in any way by the system. Any data imported via CSV in a scanning appliance will not be consolidated. It has to be imported in the consolidation appliance too.

Restrictions

Normal version restrictions

The consolidation appliance minor release must be the same or greater than the scanning appliance.

Special Pre-9.0 consolidation restrictions

BMC Atrium Discovery version 9.0 introduced major changes in the data model. As a result of these model changes, you cannot consolidate BMC Atrium Discovery version 9.0 or later appliances with any previous version. If you try to do so, warning messages are shown on the version 9.0 appliance UI. If, while using an earlier version, you attempt to register with a version 9.0 or later appliance, the attempt fails with an authentication error shown in the earlier version's UI.

In the case of a pre-9.0 consolidation appliance that is upgraded to version 9.0, any pre-9.0 scanning appliances fail on their first attempt to push data to the upgraded consolidation appliance. The error message given states that the scanner needs to be updated. In later releases, this message is also triggered when you test the scanner-consolidation appliance connection, or when the scanner periodically checks that the consolidator is still accessible.

Consolidating from 9.0 scanners to a 10.0.0.x consolidator

If you are consolidating data from 9.0 scanners to a 10.0.0.x consolidator, you must specify a scan level on the scanners while using the tw_scan_control or tw_injectip command line utility. Otherwise, consolidation may fail.

Discovery, integration points and consolidation

A consolidation appliance is capable of performing discovery, but in most circumstances it is best to separate concerns and dedicate an appliance to consolidation. An exception to that is if the majority of the environment can be scanned by a single appliance, but there is a small firewalled zone that requires a separate scanner. In that case, the most convenient configuration is to have an appliance that directly scans most of the environment, and also acts as a consolidation appliance for the scanner in the firewalled zone.

Another form of discovery that is often performed by consolidation appliances is the use of integration points to query centralized databases, for example to obtain host ownership information. Such databases may only be accessible to the consolidation appliance, so if a pattern requests data from an integration point and the data was not obtained by the scanning appliance, the consolidation appliance will perform the integration point request.

Missing information when patterns run commands on other hosts

When a host is discovered and patterns are triggered which run commands on a second host, the DDD on both hosts is updated. When the original host is consolidated, the DDD on the second host is not available to the patterns that trigger on the consolidator. When the second host is consolidated, the DDD created on it when discovering the first host is not included. Consequently the consolidator will always report that the information from the second host is unavailable. The error "Request for information not part of the consolidated data" will be reported in the consolidated DiscoveryAccess. This can lead to missing nodes (licensing Detail, SoftwareComponents, and so on) and relationships on the consolidator. To work around this behavior, scan the original host from the consolidator.

Configuring consolidation

Configuring consolidation is a two step procedure. Initially the appliance which is to be the consolidation appliance must be set as a consolidation appliance, and then one or more scanning appliances register with the appliance. To configure consolidation you need the permissions detailed in Consolidation Permissions.

Firewalls and consolidation

Consolidated appliances use port 25032 to communicate. The scanning appliance must be able to connect to port 25032 on the consolidation appliance. You must configure any firewalls between scanning appliances and consolidation appliances to allow this traffic.

Consolidation appliances communicate using port 25032, and the port is open whether or not an appliance is configured as a consolidation appliance. Therefore you cannot, for example, telnet to the appliance IP address and port 25032 to determine whether it is a consolidation appliance.

To set an appliance as a consolidation appliance

  1. From the Discovery section of the Administration tab, select Discovery Consolidation.
    The Consolidation page is displayed.
    You cannot use consolidation if the appliance is named Discovery_Appliance. A warning is displayed including a link to where you can change the appliance name.
  2. In the Consolidation page, click Set as Consolidation Appliance.
    The appliance is now configured as a consolidation appliance.

To set an appliance as a scanning appliance

  1. From the Discovery section of the Administration tab, select Discovery Consolidation.
  2. In the Consolidation page, click Set as Scanning Appliance.
    This dialog enables you to specify a Consolidation target. Enter or edit the following information in the dialog:

    Field Name

    Details

    Name

    The name of the scanning appliance. Names must be unique in the consolidation network and you cannot consolidate a scanning appliance with the default name, Discovery_Appliance. The name is taken from the Administration => Appliance Configuration => Identification page. See Initial configuration. A change link is provided which displays the Identification page. In the identification page you can change the name of the appliance. You can only consolidate appliances which have unique names.

    Consolidation Appliance

    The address of the consolidation appliance. This may be specified as one of the following:

      • Hostname or FQDN
      • IPv4 or IPv6 address

    You can supply credentials for the consolidation appliance in this dialog. If you supply valid credentials here, the scanning appliance is approved automatically.

    Username

    The user name for a user on the consolidation appliance. This user must have appropriate permissions to approve the connection of the scanning appliance to the consolidation appliance.

    Password

    The password for the user on the consolidation appliance.

If the target consolidation appliance is an earlier version that the scanning appliance, you are warned that the Consolidation appliance version is too old.

This screen shows the Consolidation appliance version is too old.










If you supplied valid credentials for automatic approval on the consolidation appliance, then the scanning appliance is now configured and working as a scanning appliance.

This screen illustrates a successful working scanning appliance.


To add an additional consolidator

A scanning appliance can send consolidation data to more than one consolidator. To do so:

  1. Click the Add new Consolidation Appliance button.
    The Add New Consolidation Appliance dialog is displayed. This is described above.
  2. Enter the details of the consolidation appliance and, if required, the username and password for automatic approval.
  3. Click submit to apply the changes.

Approving or rejecting a scanning appliance request

After a request (without automatic approval) has been made from a scanning appliance, it requires approval on the consolidation appliance.

To approve or reject a pending scanning appliance request:

  1. From the Administration tab on the consolidation appliance, select Discovery Consolidation from the Discovery section.
    In the following example, the "Tideway05" appliance has requested to become a scanning appliance.
    This screen illustrates the Tideway05 appliance has requested to become a scanning appliance.



    • To accept the appliance connection, click Approve.
    • To reject the request, click Reject. When you do this, the connection is deleted from the consolidation appliance and when no connections remain the scanning appliance reverts back to a non-consolidated appliance.

When consolidation is running

Once consolidation has been set up, whatever scanning takes place on the scanning appliance is automatically sent to the consolidation appliance as soon as possible after the scan of an endpoint is complete. On the consolidation appliance, runs are displayed that are marked specifically as consolidation runs and can be viewed from the Discovery Status page.

Discovery must be running on the consolidation appliance for consolidation to take place. If Discovery is not running, the consolidation appliance will refuse to accept data from the scanning appliance. The scanning appliance will attempt to resend data later. Also, if Discovery is stopped on the consolidation appliance, it will stop consolidating any data it has already received.

Canceling consolidating discovery runs

You can cancel a consolidating discovery run from the scanning appliance or from the consolidation appliance. Where possible you should always cancel the discovery run on the scanning appliance. This is done by selecting the discovery run on the Discovery Status page of the scanning appliance and clicking Cancel Runs.

Canceling the discovery run at the scanning appliance enables the consolidation appliance to receive data from the scanning appliance. This stops the scan rather than the consolidation so that the two appliances' data remains consistent.

Canceling a Consolidation Run on the consolidation appliance stops the consolidation though the scan continues on the scanning appliance. This leads to inconsistencies between the data on the two appliances. Where possible you should always stop the scan on the scanning appliance and allow the consolidation to run to completion.

If you must cancel a consolidation run from the consolidation appliance, you can do so by selecting the discovery run on the Discovery Status page of the consolidation appliance and clicking Cancel Runs.

  • No labels