Configuring the BMC Discovery connector

BMC Discovery connector establishes a connection with BMC Discovery to find all the assets and related services (Business Services, Technical Services, and Business Applications) in a network. BMC discovery obtains information about the assets even if they are not enrolled in the endpoint manager, TrueSight Server Automation. As an administrator, when you integrate BMC Helix Automation Console or TrueSight Automation Console with BMC Discovery, you can identify the assets in your environment that are not included in vulnerability scans. These are blind spots, and they represent potential security risks. The blind spot assets appear on the Discovered Assets page. This helps to ensure that the discovered assets are scanned for missing patches, compliances, and vulnerabilities.

Important

When you edit the connector configuration, ensure that the server belongs to the Load Balancer setup or the Disaster Recovery setup in the same environment as the existing connector host. If you specify a new server outside of the Load Balancer setup or the Disaster Recovery setup, the existing data is duplicated leading to confusion and mismanagement.
When you configure the BMC Discovery connector on BMC Helix Automation Console or on TrueSight Automation Console, ensure that the Discovery Cloud Connector and the On-Prem Discovery connector are not configured together. If you do, then the data is duplicated leading to confusion and mismanagement.

Before you begin

Make sure that BMC Discovery connector is configured in your system. For more information, see Configuring the BMC Discovery connector.

Before running the connector, ensure that the connector is installed and run on Windows or Linux operating systems that match the following criteria:

AdoptOpenJDK Runtime Environment 17 is installed on the connector host

Port requirements:

Port	Protocol	From	To	Notes
open and usable port on connector VM	HTTPS	Connector	HAC SaaS and Internet	Outbound
443 OR <Customer configured port>	HTTPS	Connector	Discovery Server	Outbound
open and usable port on connector VM	HTTPS	Discovery Server	Connector	Inbound

To configure the Discovery Cloud connector

To configure the connector, perform the following steps:

In BMC Helix Automation Console, click Configuration and then click Connectors.
On the Manage Connectors page, click Add Connector.
On the Add Connector page, select Discovery Cloud Connector.

On the Add Connector page, provide the following details:

Add Discovery cloud connector.png

Section	Field	Value
Connector Details	Connector Name	The connector name; for example, Discovery Cloud Connector.
Collection Mode		The data collection interval Select On Demand to trigger data collection as required. In the At Scheduled Intervals field, specify the number of days after which data collection must be triggered. The time interval is 60 minutes by default. The minimum acceptable is 5 minutes, and the maximum is 10080 minutes.
Share with		A list of security groups that can access the Discovered Assets page; for example, ITManagers and PatchingUser.
Exclude IPs/Hosts/Range		A list of hosts or IPs or a range (only IPv4) for which resources must not be fetched from BMC Helix Discovery. The list must be comma-separated and can consist of hosts, IPs, or IPv4 range combinations; for example, 192.168.1.100,abc.xyz.com,192.168.10.100-192.168.10.200). Note: If you provide similar IPv4 ranges, only the last range is considered. For example, if you enter 10.12.11.100-10.12.11.200,10.12.11.150-10.12.11.200, only the last range 10.12.11.150-10.12.11.200 is considered for exclusion.

Click Create.

To configure the BMC Helix Discovery connector

Important

The on-premises BMC Helix Discovery Connector is not available for configuration on the Connectors page. To make it available for configuration, please contact BMC Support.

After you contact BMC Support and the on-premises BMC Helix Discovery Connector is available, perform the following steps to configure the connector:

In BMC Helix Automation Console, click Configuration and then click Connectors.
On the Manage Connectors page, click Add Connector.
On the Add Connector page, select BMC Helix Discovery Connector.

On the Add Connector page, provide the following details:

Section	Field	Value
Connector Details	Connector Name	The connector name; for example, BMC Helix Discovery Connector.
Discovery Configuration	Endpoint	The endpoint URL in an FQDN format with the port number where BMC Discovery is available; for example, https://<DISCOVERY_FQDN>:443
	Authentication Type	Token Based: The authentication token. User Credential Based: The username and password required to log on to BMC Discovery. If using a user credential-based approach, a service account is created for this integration.
	User	The username set for your account
	Password	The password set for your account
Collection Mode		The data collection interval Select On Demand to trigger data collection as required. In the At Scheduled Intervals field, specify the number of days after which data collection must be triggered. The time interval is 60 minutes by default. The minimum acceptable value is 5 minutes, and the maximum value is 10080 minutes.
Share with		A list of security groups that can access the Discovered Assets page; for example, ITManagers and PatchingUser.
Exclude IPs/Hosts/Range		A list of hosts or IPs or a range (only IPv4) for which resources must not be fetched from BMC Helix Discovery. The list must be comma-separated and can consist of hosts, IPs, or IPv4 range combinations; for example, 192.168.1.100,abc.xyz.com,192.168.10.100-192.168.10.200). Important: If you provide similar IPv4 ranges, only the last range is considered. For example, if you enter 10.12.11.100-10.12.11.200,10.12.11.150-10.12.11.200, only the last range 10.12.11.150-10.12.11.200 is considered for exclusion.

Click Create.
Click Continue and download the connector zip file on a local host for an on-premises connector.
On the server where the connector file is downloaded and extracted, navigate to the connector location, and run the following command to install and start the connector:
- Windows: run.bat
- Linux: run.sh
The connector starts running successfully. You can view the connector status on the Connectors page.
To verify the on-prem Discovery connector logs, open the On-Prem Discover connector folder and view logs > connector.log.
(Optional) To configure the BMC Discovery connector as a service, perform the following steps:
1. Make sure the discovery-connector.xml file is available in a folder where the connector zip file is unzipped.
2. Run the discovery-connector.exe install command.
3. A new service with the name BMC Discovery Connector is created on the host and can be used as any other available service.

To enable debug mode

Best practice
We recommend that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.

Press CTRL+C twice to stop the connector, if its already running
Go to <ConnectorLocation>/config, open the collector.properties file, set the following parameter to debug, save the file
######## ADVANCED CONFIGURATION #########
config.log_level=debug
Restart the connector.

Where to go next?

Now that you have successfully configured the connector and added a service account, based on the data refresh cycle configured in the service account, the assets appear in Automation Console, under Assets > Discovered Assets page. To view discovered assets, see, Working-with-assets.