You can download the BMC Discovery Proxy Manager (Proxy Manager) files and the Windows proxies from the appliance, and install them on your local Windows host. In BMC Discovery 10.1 and later, configuring secure communication with proxies is implemented using new key and certificate management capabilities in the Proxy Manager and with automatic registration of the proxy on the appliance. Upgraded proxies continue to use the legacy keys. However, BMC recommends that you switch to using unique keys as soon as all connected appliances have also been upgraded. For more information, see Secure deployment.
The BMC Discovery appliance opens connections to the Windows proxies. You choose the ports for the proxies during installation. However, you can modify the ports by using the Proxy Manager. You must modify the proxy host firewall, and any other firewalls between the proxy host and the appliance to permit communication on the necessary ports.
You can install only a single instance of the Windows proxy manager on a host, which can manage and run multiple instances of the Windows proxy. Installing a newer Windows proxy version will always upgrade all configured instances.
The following topics are covered in this section:
Make sure that you meet the minimum recommended specifications for the Windows proxy host.
Consider the ports that must be open in any firewall between the appliance and the proxy or proxies, and the proxies and target hosts.
The following permissions are required to install Windows proxies:
C:\Program Files\BMC Software\ADDM Proxy.
The proxy installer, which you can access from the appliance user interface (UI), installs the following components:
You can install the Proxy Manager and proxies by using the BMC Discovery UI. Alternatively, you can perform the installation by using the command line for a silent installation option.
Installing or upgrading Windows proxies where anti-virus software is installed
Before installing the proxies, either disable the anti-virus software or configure it to exclude
RemQuery from triggering a virus alert. You can enable the anti-virus software after you complete installing the proxies.
C:\Program Files\BMC Software\ADDM Proxy).
BMC Software\ADDM Proxy).
Enter the credentials for the user account that will run the Windows proxy. You must prefix the user name with
localhost (for example, localhost\Administrator). If you do not enter the credentials at this point you can do so later.. The Windows proxy will run as the Local System user if credentials are not entered.
Credential Windows proxy User
You should not run the Credential Windows proxy as the Local System user, but as a valid local user account, which should be in the local Administrators group.
To run the BMC Discovery Proxy Manager immediately after installation, check Run Proxy Manager.
Automatically generated certificate
The Create Windows proxy page is populated with the certificate of the proxy. This certificate is used for securing communications between the appliance and the proxy. You can verify that the proxy communication has not been intercepted by comparing the certificate fingerprint shown in the appliance UI with the one shown in the Proxy Manager's Key And Certificate Management dialog.
Service startup failure
Sometimes Windows might refuse the installer permission to start the Windows proxy service, resulting in a dialog box along the lines of service installed but could not be started. This is remedied by manually supplying the credentials directly to the service using the Windows Services control panel. See Specifying the account used to run the Windows proxy.
Registering a Windows Proxy from the appliance UI
If the proxy is not able to register with the appliance automatically (due to connectivity issues or to strict security policies), you can instead register the proxy using the appliance UI. When registered this way, the connection from the appliance must be approved in the Known Appliances dialog of the Proxy Manager.
The Inno Setup options are described on their website.
Using a command prompt, change directory to the directory into which you downloaded the installer file. Enter:
Run the installer using the Inno Setup options and the additional Windows proxy manager installer options. Enter:
Additional Windows proxy manager and proxy installer options are described in the following table:
Create an AD proxy during the install. The default is
Create a Credential proxy during the install. The default is
The username with which to run an AD proxy. The default is "".
The corresponding password. The default is "".
The username to run a credential proxy. The default is "".
The corresponding password. The default is "".
Run a BMC Discovery Proxy silent installation. For installing AD proxy, the /ADUSER and /ADPASSWORD are mandatory. For installing just a Credentials proxy, Active Directory credentials are not required, as the installer uses system account credentials.
These commands are entered as a space separated list.
For silent installation of the Active Directory proxies, you must provide valid domain credentials. The installation process verifies this, and it fails if default username and password was provided.
The following sections describes the post installation settings and modifications that might be required for Windows proxies.
By default, the Windows firewall blocks the ports that the Windows proxies use. To enable an appliance to communicate with a Windows proxy, you must amend the firewall rules to permit communication on the ports that each Windows proxy type installed is using. The Proxy Manager displays the port that each proxy is using.
To modify the host firewall, select Windows Firewall from the Windows Control Panel. You can add a Windows proxy as an exception (as a program or a port) on the exceptions tab.
The Active Directory Windows proxies obtains permissions on the discovery target from the user account that they run as, whereas the Credential proxies gain their permissions on the discovery target from the credentials entered in Discovery > Credentials > Devices > Hosts. The recommended procedure to configure or edit the account used to run the Windows proxy is from the Windows proxy manager. For more information about specifying user accounts, see creating a Windows proxy.
The alternative method to configure the account used to run the Windows proxy is as follows:
If you need to downgrade a Windows proxy, you must stop the Windows proxy, uninstall it, and then install the new Windows proxy according to the instructions for that Windows proxy version.