Discovering Oracle Cloud Infrastructure

Overview

The next-generation cloud is designed to run any application, faster and more securely, for less.

 

Related topics

Cloud providers

Supported OCI Cloud Regions

Create a credential

Required permissions

To be able to start an OCI cloud scan, comply with the following requirements:

  • Make sure to be able to list tenancy compartments.
  • The OCI user for Discovery must have at least Read permissions for the tenancy and the compartments it contains.   

Create API key

In the OCI console go to Profile > My Profile > API keys :

  • Create a new API key, save a private PEM file.
  • View key's configuration file.

image2022-6-30_14-45-14.png

Create a cloud credential in BMC Helix Discovery

  1. From the BMC Helix Discovery Device Credentials page, click Add and select Cloud Provider from the drop-down list.
    The Add Credential page is displayed.
  2. Click the plus sign (+) next to Credential Types to expand the list of available cloud providers.
  3. Select Oracle Cloud Infrastructure.
  4. From the key configuration file fill in User ID, Tenancy ID, API Key fingerprint
  5. Upload private PEM file
  6. If you have endorsed tenancies configured for your user, you may add them line-by-line into the "Endorsed Tenancies" field, one tenancy per line.
  7. OCI support 'https' proxy only. It means that proxy server must be configured with support of 'https_port'

oci_creds.png

Test the credential

Once you have created the credential, you should test it to ensure that it works:

  1. From the credentials page, click Devices.
  2. Filter the list to show cloud credentials.
  3. Click Actions for the OCI cloud credential you added, and then click Test.
  4. The default region is US East (Ashburn)
  5. Click Test.
    The screen below shows a successful test.

image2022-6-30_14-56-24.png

Run a cloud scan

To perform cloud discovery, from the BMC Helix Discovery Status page, use the Add New run control. After that, perform the following steps:

run_a_scan.png

  1. Enter a Label for the cloud discovery run.
  2. To add a scheduled cloud run, select Scheduled and fill in the scheduling information as with normally scheduled discovery runs.
  3. Select Cloud.
  4. Select Oracle Cloud Infrastructure from the provider's drop-down list. 
  5. Select the appropriate cloud credential. If none are available, add a new one.
  6. Select the region to scan, for example, US East. Regions are grouped by different OCI realms. One credential can access regions only in one realm.
  7. Enable or disable the automatic discovery of OCI Kubernetes clusters in the Automatically scan Kubernetes clusters option. For more information, seeOracle Cloud Infrastructure Kubernetes.
  8. Select whether to enable the use of the OCI Bastion Sessions for the scan.
  9. Click OK

Examine results

Model visualization is represented below:

image2022-6-30_16-10-46.png

The example of the visualization is represented below: 

image2022-6-30_16-12-18.png

Discovering OCI hosts by using OCI Bastion service

Run an implicit cloud scan by using OCI Bastion service. This scan discovers VMs and related hosts. To initiate an implicit scan, enable the OCI Bastion Sessions feature when you configure a cloud discovery run. For more information, seeDiscovering hosts in OCI by using OCI bastion.

You can also discover hosts running in OCI by running a regular IP scan that discovers only hosts. For more information, seePerforming a discovery run.

Database discovery

You can discover all supported databases in IBM Cloud. At the time of the release of BMC Helix Discovery 11.3, the following are supported:

  • MySQL
  • Oracle

The following information is required to discover databases in OCI Cloud:

  • Endpoint – you can identify the database endpoint using the RDS Dashboard in the OCI Cloud Console. 
  • Incoming connections – you must permit incoming connections with a rule for an IP address or set of IP addresses. For example, to permit access to a MySQL database, from a single IP address, you would add a rule with the following parameters:
    • Type - MySQL
    • Protocol - TCP
    • Port Range - 3306
    • Source - 77.168.1.100/32

Then the database can be discovered as any MySQL database in your estate.

BMC Helix Discovery Database credential

To discover a Database appropriate Database credentials must be created.

Information about Database credentials is available here in the Database credentials paragraph.

Oracle Cloud Infrastructure discovery patterns

The OCI discovery patterns are available on the Manage > Knowledge page. They are located in the Pattern modules list, under Cloud > OCI

OCI tags discovery

Patterns extract oci tags from the following resource attributes:

  • defined_tags - model 'CreatedBy' and 'CreatedOn' tags
  • freeform_tags - model all user-defined tags

For detailed information, see Discovering Cloud Tags.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*