Discovering Alibaba Cloud Platform


AliCloud, also known as Alibaba Cloud or Aliyun, is the largest cloud computing company in China. Headquartered in Singapore, Alibaba Cloud operates in 20 data center regions and 61 availability zones around the globe. You can access and configure all of your services using the Alibaba Cloud ConsoleThis section describes the settings and procedures required to discover services running in Alibaba.

Services and regulatory domains discovered

BMC Discovery enables you to discover your cloud services running in Alibaba. The following set of Alibaba services can be discovered with the latest product content update:

Before you begin

For the correct scanning of Alibaba Cloud services, we strongly recommend that you follow this process:

  1. Create a RAM user.
  2. Configure BMC Discovery credentials.
  3. (Optional) Configure Roles in RAM Console and BMC Discovery. 

When all required configuration is complete, you can use BMC Discovery to scan your Alibaba Cloud environment.

Creating Alibaba credentials

Before you start performing discovery on Alibaba Cloud, you should provide an access key (credential) with help of which BMC Helix Discovery can access the Alibaba cloud. It is available to create an access key using the Alibaba Resource Access Management (RAM) console.
Then, you can add the cloud discovery credential using the access key created in the RAM console to BMC Helix Discovery. 

Create RAM user and get Access key in RAM console

To create a RAM user and get the Access key for it in the RAM console that is used to make secure queries to the Alibaba Cloud APIs, do the following steps:

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. On the Users page, click Create User.
  3. Add User Account Information.
  4. In the Access Mode section, select Programmatic Access.

    Warning

    Important

    To ensure the security of your Alibaba Cloud account, we recommend that you select only Programmatic Access mode for the BMC Helix Discovery's RAM user.

  5. Click OK to create a RAM User

    Warning

    Important

    Save the AccessKey ID and AccessKey Secret or Download CSV file with Access Key information and then import them during the creation of a cloud credential in BMC Helix Discovery. To see how to create cloud credentials, see: Discovering Amazon Web Services The AccessKey information will not be available again after the dialog box is closed.
    For detailed information about Access Key management, see Create an AccessKey pair for a RAM user.
    If you lose an Access key, you cannot retrieve it from the RAM console. In such a case, you must create a new Access key and use it in the BMC Helix Discovery cloud credential. It would be best to keep a note of the Access key until you have successfully tested the cloud credential.

  6. Grant the discovery user the "ReadOnlyAccess" permission. For detailed information about grant permission, see Grant permissions to a RAM user

Create a cloud credential in BMC Helix Discovery

The cloud credential uses the Access keys/IDs/passwords as the equivalent of a username and password combination. 

Create the cloud credential in the same way as any other credential:

  1. On the BMC Helix Discovery Device Credentials page, click Add and select Alibaba Cloud from the Cloud Provider section in the drop-down list.

    image2021-7-20_13-31-48.png

    The Add Credential page is displayed.

    image2021-7-20_13-32-33.png
     
  2. Add the usual credential information:
    • Label.
    • Description.
  3. Add the information in the additional fields for Alibaba:
    1. Access Key ID
      You can import the CSV files downloaded from the RAM console, reducing the scope for cut and paste errors when creating Alibaba credentials in BMC Helix Discovery. To upload a CSV file containing the Key ID and Secret, click Upload CSV, select the file, and then click Open.
    2. Secret Access Key
    3. Assume Roles. Use the Alibaba Resource Name (ARN) only if you want to apply role-based authentication for a user, application, or service.

      Warning

      Note

      If you do not specify the ARN, you will discover Alibaba resources associated with the Access Key credentials. 

    4. To enable role-switching (multiple roles), enter each role as a new-line separated list. 
  4. Click Apply to save the credential.
  5. Optionally specify a proxy to use to access. To use a proxy, you must specify the following:
    • Hostname
    • Port
    • Username (only for authenticating proxies)
    • Password (only for authenticating proxies)
  6. The "TLS Certificate Check" option can be disabled if your proxy uses self-signed certificates. 

    Error
    Warning

    If you disable the certificate check, your credentials could be intercepted by a man-in-the-middle attack.

  7. Click Apply to save the credential.

Run a cloud scan

Host cleanup on Auto Scaling Group updates

If a host is no longer a member of an Auto Scaling Group, it is destroyed during the current cloud scan. This behavior ensures that when an Auto Scaling Group scales down, any terminated instances are automatically removed.

To perform cloud discovery, from the BMC Helix Discovery Status page (Manage > Discovery), use the Add New run control.

  1. Click Add New run.
    The Add a Cloud Run dialog is displayed.
    image2021-7-20_13-37-17.png
     
  2. Enter a Label for the cloud discovery run.
  3. To add a scheduled cloud run, select Scheduled and fill in the scheduling information as with normally scheduled discovery runs. For more information on the scheduling, se: Performing a discovery run.
  4. Select Cloud.
  5. Select the provider from the drop-down list. Select Alibaba Cloud.
  6. Select the appropriate cloud credential. If none are available, you must add one.
  7. Select the region to scan, click List of regions to scan for a full list, and select regions to scan. You can also select all regions by clicking the All button.
  8. Click OK.

Examine results

Once you have scanned, you can examine the results.

image2021-7-20_13-47-32.png

Another example of the scanned results is represented below: 

image2021-7-20_13-46-56.png

Alibaba discovery patterns

Go to Manage > Knowledge page to see available AWS discovery patterns. They are located in the Pattern modules list, under Cloud > Alibaba Cloud.

Related Topics

For more information, see the following topics:

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Discovery content reference