In each of these situations, multiple scanning appliances can be deployed, and their data consolidated into a central consolidation appliance. The consolidation appliance is then used for reporting and provides a coherent view of the entire scanned network. A consolidation appliance must be set as one which accepts connections or feeds from scanning appliances. Scanning appliances must in turn register with a consolidation appliance.
IP address ranges
Although consolidation can be used to scan a firewalled environment, it is essential that the IP address ranges scanned by each scanner belong to the same IP address space. That is, if two scanning appliances scan the same address, they must both reach the same device. If the IP address spaces are not consistent across all the scanners, information on the consolidation appliance can be missing or incomplete.
This restriction only applies to the addresses scanned by the scanning appliances – if discovery targets possess other IP addresses, there is no need for them to belong to a consistent IP address space.
Consolidation Appliance: The main purpose of the consolidation appliance is to report on data consolidated from a number of other scanning appliances. It can also perform normal discovery, although this is usually not recommended.
Scanning Appliance: The scanning appliance also operates as a normal standalone appliance. The only difference is that it constantly sends discovery data to the consolidation appliance. After setting up, this process is transparent to the user. A scanning appliance must request and be approved on a consolidation appliance before it can send any consolidation data to that appliance. This is described in Approving or rejecting a scanning appliance request.
On the consolidation appliance user interface, the Discovery Currently Processing Runs tab shows any local scans and any consolidation runs in progress. The Discovery Currently Processing Runs is described in The Discovery Status page. The tab is shown below:
The consolidated data is Discovery Directly Discovered Data (DDD) nodes including data collected by the patterns. The data inferred by the scanning appliances, for example, Software Instance nodes, is not consolidated, but the consolidation appliance will infer it again (based on its pattern configuration).
TKU release, patterns, CSV imports and consolidation
The TKU release package and custom patterns that are loaded on the scanning and consolidation appliances must be the same in order to infer the same data, for example, Software Instance nodes. This is not enforced in any way by the system. Any data imported via CSV in a scanning appliance will not be consolidated. It has to be imported in the consolidation appliance too.
The consolidation appliance minor release must be the same or greater than the scanning appliance.
BMC Atrium Discovery version 9.0 introduced major changes in the data model. As a result of these model changes, you cannot consolidate BMC Atrium Discovery version 9.0 or later appliances with any previous version. If you try to do so, warning messages are shown on the version 9.0 appliance UI. If, while using an earlier version, you attempt to register with a version 9.0 or later appliance, the attempt fails with an authentication error shown in the earlier version's UI.
In the case of a pre-9.0 consolidation appliance that is upgraded to version 9.0, any pre-9.0 scanning appliances fail on their first attempt to push data to the upgraded consolidation appliance. The error message given states that the scanner needs to be updated. In later releases, this message is also triggered when you test the scanner-consolidation appliance connection, or when the scanner periodically checks that the consolidator is still accessible.
Consolidating from 9.0 scanners to a 10.0.0.x consolidator
If you are consolidating data from 9.0 scanners to a 10.0.0.x consolidator, you must specify a scan level on the scanners while using the
tw_injectip command line utility. Otherwise, consolidation may fail.
Discovery, integration points and consolidation
A consolidation appliance is capable of performing discovery, but in most circumstances it is best to separate concerns and dedicate an appliance to consolidation. An exception to that is if the majority of the environment can be scanned by a single appliance, but there is a small firewalled zone that requires a separate scanner. In that case, the most convenient configuration is to have an appliance that directly scans most of the environment, and also acts as a consolidation appliance for the scanner in the firewalled zone.
Another form of discovery that is often performed by consolidation appliances is the use of integration points to query centralized databases, for example to obtain host ownership information. Such databases may only be accessible to the consolidation appliance, so if a pattern requests data from an integration point and the data was not obtained by the scanning appliance, the consolidation appliance will perform the integration point request.
When a host is discovered and patterns are triggered which run commands on a second host, the DDD on both hosts is updated. When the original host is consolidated, the DDD on the second host is not available to the patterns that trigger on the consolidator. When the second host is consolidated, the DDD created on it when discovering the first host is not included. Consequently the consolidator will always report that the information from the second host is unavailable. The error "Request for information not part of the consolidated data" will be reported in the consolidated DiscoveryAccess. This can lead to missing nodes (licensing Detail, SoftwareComponents, and so on) and relationships on the consolidator. To work around this behavior, scan the original host from the consolidator.
Configuring consolidation is a two step procedure. Initially the appliance which is to be the consolidation appliance must be set as a consolidation appliance, and then one or more scanning appliances register with the appliance. To configure consolidation you need the permissions detailed in Consolidation Permissions.
Firewalls and consolidation
Consolidated appliances use port 25032 to communicate. The scanning appliance must be able to connect to port 25032 on the consolidation appliance. You must configure any firewalls between scanning appliances and consolidation appliances to allow this traffic.
Consolidation appliances communicate using port 25032, and the port is open whether or not an appliance is configured as a consolidation appliance. Therefore you cannot, for example, telnet to the appliance IP address and port 25032 to determine whether it is a consolidation appliance.
In the Consolidation page, click Set as Scanning Appliance.
This dialog enables you to specify a Consolidation target. Enter or edit the following information in the dialog:
The name of the scanning appliance. Names must be unique in the consolidation network and you cannot consolidate a scanning appliance with the default name, Discovery_Appliance. The name is taken from the Administration => Appliance Configuration => Identification page. See Initial configuration. A change link is provided which displays the Identification page. In the identification page you can change the name of the appliance. You can only consolidate appliances which have unique names.
The address of the consolidation appliance. This may be specified as one of the following:
You can supply credentials for the consolidation appliance in this dialog. If you supply valid credentials here, the scanning appliance is approved automatically.
The user name for a user on the consolidation appliance. This user must have appropriate permissions to approve the connection of the scanning appliance to the consolidation appliance.
The password for the user on the consolidation appliance.
If the target consolidation appliance is an earlier version that the scanning appliance, you are warned that the Consolidation appliance version is too old.
If you supplied valid credentials for automatic approval on the consolidation appliance, then the scanning appliance is now configured and working as a scanning appliance.
A scanning appliance can send consolidation data to more than one consolidator. To do so:
After a request (without automatic approval) has been made from a scanning appliance, it requires approval on the consolidation appliance.
To approve or reject a pending scanning appliance request:
Once consolidation has been set up, whatever scanning takes place on the scanning appliance is automatically sent to the consolidation appliance as soon as possible after the scan of an endpoint is complete. On the consolidation appliance, runs are displayed that are marked specifically as consolidation runs and can be viewed from the Discovery Status page.
Discovery must be running on the consolidation appliance for consolidation to take place. If Discovery is not running, the consolidation appliance will refuse to accept data from the scanning appliance. The scanning appliance will attempt to resend data later. Also, if Discovery is stopped on the consolidation appliance, it will stop consolidating any data it has already received.
You can cancel a consolidating discovery run from the scanning appliance or from the consolidation appliance. Where possible you should always cancel the discovery run on the scanning appliance. This is done by selecting the discovery run on the Discovery Status page of the scanning appliance and clicking Cancel Runs.
Canceling the discovery run at the scanning appliance enables the consolidation appliance to receive data from the scanning appliance. This stops the scan rather than the consolidation so that the two appliances' data remains consistent.
Canceling a Consolidation Run on the consolidation appliance stops the consolidation though the scan continues on the scanning appliance. This leads to inconsistencies between the data on the two appliances. Where possible you should always stop the scan on the scanning appliance and allow the consolidation to run to completion.
If you must cancel a consolidation run from the consolidation appliance, you can do so by selecting the discovery run on the Discovery Status page of the consolidation appliance and clicking Cancel Runs.