This documentation supports the 21.3 (12.3) version of BMC Discovery.

Windows Hosts

Related topics

BEST FAQ on discovery of Windows hosts

Managing-the-discovery-platform-scripts

Troubleshooting-Windows-proxies

Troubleshooting-Windows-scan-failures

Troubleshooting-WMI-issues

To discover Windows hosts, BMC Discovery uses one or more Windows proxies or BMC Discovery Outposts. After the BMC Discovery appliance decides that a discovery target is running a Microsoft Windows operating system, it uses a proxy or BMC Discovery Outpost to interrogate the target. Often, the proxy or BMC Discovery Outpost is also responsible for providing authentication and authorization of discovery activities.

BMC Discovery Outpost

Information about your organization's hardware and software is obtained by the BMC Discovery Outpost. The BMC Discovery Outpost is application software that runs on a dedicated Windows server in your data center or on a public cloud, and  connects securely to your appliances over HTTPS by using a single, web-friendly port (443). The BMC Discovery appliance sends a request to an BMC Discovery Outpost to scan the IP address required, and the BMC Discovery Outpost accesses the target by using the credentials that are held in its own secure, encrypted vault. The targets are accessed by using a variety of methods, such as SSH, Telnet, WMI, and SNMP. Once logged into a discovery target, the BMC Discovery Outpost executes commands to access the target details, and their results are encrypted and sent to the BMC Discovery appliance. When the BMC Discovery appliance receives the data, it stores it in the datastore as Directly Discovered Data (DDD). 

The BMC Discovery Outpost performs ssh discovery using an API rather than an ssh client. Consequently, alternative ssh clients are not supported on the BMC Discovery Outpost. BMC Discovery Outpost is FIPS compliant.

Multiple BMC Discovery Outposts can be deployed to handle segmented networks, and these can all communicate with a single BMC Discovery appliance. Similarly, the BMC Discovery Outpost can be registered with multiple appliances and receive work from those appliances.

The BMC Discovery Outpost is included as part of monthly TKU releases and is self-updating. The BMC Discovery Outpost periodically checks that it is up to date, and if not, downloads and when the BMC Discovery Outpost is idle, runs the installer. Automatic updated can be disabled, though we recommend against doing so. If you disable automatic updates, you are notified when a new version is available and you should apply the update at the first opportunity. 

Windows Proxies

There are two types of proxy:

  • Active Directory proxy—Runs as an Active Directory user, and uses those user credentials to connect to Windows hosts within the Active Directory domain. Credentials are not stored in the BMC Discovery credential vault.
  • Credential proxy—Runs as a local administrator user. Credentials are stored in the BMC Discovery credential vault and are provided to the proxy as required.

A single Windows host may run both types of proxy. To handle complex Active Directory environments, it is possible to run multiple Active Directory proxies as different users. The Active Directory proxy can also be used in a legacy Windows Workgroup environment to connect to workgroup members using the proxy's workgroup credentials.

The BMC Discovery Proxy Manager (Proxy Manager) is used to manage the running proxies and their configuration and to establish secure connections with approved BMC Discovery appliances. Installation of the Proxy Manager and Windows proxies is described in Adding Windows proxies.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*