Remedyforce Discovery
The following topics are provided:
Features and options
The following are the frequently asked questions (FAQs) about discovery features and options in BMC Helix Remedyforce
What is BMC Remedyforce agentless discovery?
Agentless discovery is included in the
BMC Helix Remedyforce
license at no additional cost. You get the ability to natively and intuitively configure and populate the Remedyforce CMDB in few, easy steps.With the agentless discovery, you install agents (or scanners) on at least one device in your network. These devices (based on the configurations that you set) scan your network for devices and send the scanned devices information to the Remedyforce CMDB.
What are the differences between agentless and agent discovery?
Agentless discovery does not require an agent on each device. Both discovery options provide device details. The following table lists the additional capabilities provided by agent discovery:
What are the benefits of discovery?
BMC Remedyforce Agentless Discovery empowers you to scan, identify, and manage devices on your network. With a simple and intuitive interface, setup is quick and easy. Once enabled and configured, your Remedyforce CMDB is populated with a wealth of device information including hardware configurations and software installations. The benefits of direct access to this information include:
- Proactive management by automating discovery to know what is available in your network
- Empower the support team
- Increase first call resolution rates
- Reduce support call times
Do I need to install anything on my network?
Yes, to perform the agentless discovery, at least one scanner must be installed.
If I have an existing discovery tool integrated with BMC Remedyforce, what do I do?
You can continue using your existing discovery tool.
Note: To avoid possible record duplication, ensure that there is no overlap across the multiple discovery tools, discovering the same IP addresses.
What is Remedyforce Client Management?
Remedyforce Client Management is an extension of the agentless discovery capabilities provided with
BMC Helix Remedyforce
starting with the Summer 16 release. Remedyforce Client Management provides a range of advanced capabilities empowering you to more efficiently and proactively manage and support your devices.The capabilities include agent discovery, remote management, hardware and software compliance, software normalization, patch management and deployment management. In addition to these capabilities, the solution delivers “advanced actions” while empowering you to define rules and actions to ultimately become more proactive and reduce the number of support calls. For example, you could define an advanced action to monitor drive space and either automatically create an incident when a device hits a certain threshold or perform an action (for example, disk cleanup) to free up additional drive space.
How does Remedyforce Client Management work?
The BMC Remedyforce Client Management application server, also known as the Master server, is hosted as a unique instance in a server pool and has a single associated database instance that is used to store various data constructs. The Java based BMC Client Management administration console and devices under BMC Client Management connect to the application server through its public DNS name. This configuration allows administration of any child devices that have an active Internet connection.
In addition, an on premise site relay can be optionally implemented as a local parent for up to 2000 site clients to reduce the amount of Internet traffic generated between the site and the hosted application server.
Do I have to pay for the in-built BMC Remedyforce Discovery?
Multiple licenses are available to enable discovery in
BMC Helix Remedyforce
. The agentless discovery is free. For more information, see Supported-discovery-licenses-and-features .How does Remedyforce discovery work with a firewall?
An on premise device behind an unmanaged firewall that can connect to a public Internet IP address and port will create a managed network tunnel used by only the client executable. The client maintained network tunnel allows for bi-directional traffic between the on premise client and the public facing hosted application server.
Is the Remedyforce discovery feature scalable?
BMC Remedyforce Client Management can manage several hundred thousand client workstations. The hosted application server (or the Master Server) can manage up to 5,000 simultaneous client connections. Each client can be either a standalone workstation or a dedicated on premise site relay. Each site relay can manage up to 2,000 client workstations using a parent–child hierarchy.
How does this new integration compare to the existing or older integration?
Consider the following points while deciding an option suitable for you:
- The new integration for the discovery feature replaces Pentaho with web services. As a result, no on premise component is required for the integration.
- Currently, you cannot modify the mappings between discovery and Remedyforce, which is an option with Pentaho.
How does BMC Remedyforce discovery compare to BMC Discovery (ADDM)?
BMC Remedyforce discovery and BMC Discovery provide agentless discovery, however, BMC Remedyforce Client Management provides a number of capabilities, such as software identification, metering, and compliance. BMC Discovery focuses on the datacenter, providing more in-depth discovery for specific datacenter environments. The following table highlights the primary differences:
Can normalization be applied and models created for the imported devices?
Yes. Once devices are saved as configuration items (CIs) or assets in
BMC Helix Remedyforce
and shown in the Remedyforce CMDB tab, you can apply normalization rules and models on these devices. If an import updates an existing device, you must reapply the normalization rules and perform the model synchronization.If an update to existing device is imported, you must reapply normalization rules and models.
If I have upgraded to BMC Remedyforce Summer 16 (20.16.01), will enabling of BMC Remedyforce Discovery change my existing integration with BMC Client Management OnPremise 11.0 (its patches or earlier) (which was earlier known as BMC FootPrints Asset Core)?
No. If you have enabled integration with BMC Client Management OnPremise 11.0 (its patches or earlier), you will not get the option to enable BMC Remedyforce Discovery.
How do I upgrade to the BMC Remedyforce Client Management - Premium or Premium Plus license?
- Request the Remedyforce Discovery Server on the Remedyforce Administration > Configure CMDB 2.0 > Discovery Setup & Configuration page.
- Contact your BMC representative.
Is the data encrypted?
Passwords are encrypted along with the data as it uses HTTPS when transferred.
Do you support Proxy gateways?
No, Proxy gateways are not supported.
For Discovery, firewalls can be configured for the scanner access to be restricted to the OnDemand server or port.
For compliance and patch management (Premium and Premium Plus offerings), more access is needed to download updates from BMC and vendors. These do support proxy gateways.
Can Remedyforce Discovery support two factor authentication?
Two-factor authentication is not applicable in this architecture as the passing of data is automated. Two-factor authentication involves human intervention. If security is a concern, refer to the other FAQs that provide details for a secure approach.
Configuration
The following are the FAQs about configuring Discovery.
How many scanners do I need to install?
You must install at least one scanner at each physical location behind your corporate firewall. The scanner scans 10 devices simultaneously. Each scan of 10 devices takes approximately 20 seconds.
What credentials are required to scan and inventory a device?
There are two primary scanning phases. The first phase is an initial scan to identify a device (for example, device name, IP address, device type). No credentials are required to perform this scan.
The second phase is the inventory scan. This scan fetches more details from the device including hardware configuration and software installed. At least read only credentials are required to perform the inventory scan.
What is discovery performance?
The amount of concurrent threads is configurable for each scanner. The default is 10 at a time. If you are doing a lightweight discovery, it is very fast (approximately 5 seconds per device). If you are performing a full discovery including both Hardware and Software Inventory information, it could take anywhere from 30 seconds to 2 minutes per device.
What is the impact on the network?
The impact to the network is very little because the inventory details packets are small (approximately 300 KB).
Where is the data stored?
The discovery and inventory data is stored in the BMC Amsterdam datacenter, where once aggregated, it is passed to your Remedyforce CMDB.
What is the security connection between the datacenter and Remedyforce org?
Industry standard PKI encryption technology is implemented to transmit data both from your on premise scanner to your BMC Remedyforce Discovery Server, and again from your hosted Discovery Server into your Remedyforce CMDB. This encryption technology is based on SSL/TLS encryption standards as detailed in the following IETF documents:
- RFC 5280 implementation handles the certificate and trust process
- RFC 5246 implementation handles the encryption and cypher negotiation
What ports are used and can I change them?
The hosted application server uses a range of 10 TCP allocated during the server provisioning process. The hosted application server port ranges are static and cannot be altered.
For premium licenses, ports 1610 and 1611 ports are required.
How do I avoid duplicate records?
To avoid record duplication, it is recommended that you enable and configure the CMDB reconciliation feature. Through the CMDB reconciliation feature, you can define rules that ensure uniqueness of records for a particular class. If you do not enable and configure the CMDB reconciliation feature, the Assembly ID field determines the uniqueness of records. The Assembly ID field contains a system-generated value from the discovery source. As a result, there is a risk of duplicate values when you are also importing records from other sources, such as other discovery tools and manual entry, because these sources do not share the same unique values.
To avoid the risk of duplicate records with Remedyforce discovery in case you do not enable and configure the CMDB reconciliation feature, check for the following conditions with your discovered records:
- These records do not already exist in your Remedyforce CMDB.
- These records are not discovered and imported from other discovery sources.
- These records are not manually created.
If any of these conditions exist, then analyze and clean up your data to remove any duplicate records.
Where are all imported devices stored in the CMDB?
All discovered devices are stored in the Computer System class. If you select other classes (Operating System, LAN Endpoint, and Processor), additional records are created in these classes and relationships to the corresponding devices in the Computer System class are also created.
Do I need Pentaho or any other third-party tool to import discovered devices?
No, the Remedyforce Agentless Discovery and Client Management capabilities leverage web services to replace the need to install and configure Pentaho or any other third-party tool.
Note: If you need to modify the field mappings, consider the older integration with BMC Client Management.
What information can I view about the imported devices?
You can view the operating system, hardware configurations, and software inventory of the discovered devices.
What actions are possible on imported devices?
Staff members can run all CMDB actions , operational rules, and other enhanced capabilities that are entitled to you by your license. Also, you must assign correct access permissions and capabilities to the staff members.
Can I update the field mapping of the imported devices available on the Import Configurations tab?
No.
Can I enable and configure discovery on a sandbox?
You can enable and configure discovery on a sandbox. However, you will have to enable and configure discovery again in your production organization.
I have installed a scanner executable on a device, but the device does not appear in the Scanner Details list on the Scan Configurations tab.
It takes some time to show a scanner in the Scanner Details list. Also, the number of scanners allowed depend upon the Remedyforce discovery license that you choose. If a device is not displayed in the Scanner Details list, verify the number of scanners allowed with your license and match it with the number of scanners displayed in the Scanner Details list. For more information, see the Scanner Roll-out tab on the Discovery Setup & Configuration page and Supported-discovery-licenses-and-features .
What if I forget the Discovery Server password?
After your Discovery Server is created successfully, the following links are displayed below the Enable Remedyforce Discovery check box - Change Password and Reset Password. You can use these links to update your Discovery Server password.
What do I do if my scanner installer is not working?
Ensure that you are entering correct Remedyforce Discovery Server credentials.
What credentials shall I use to download scanner installer or uninstaller?
Use your Remedyforce Discovery Server credentials.
When configuring a scanner, what credentials shall I provide for various protocols in the Scan Configurations section?
Enter the administrator credentials to access the devices that you want to discover.
Am I supposed to enter credentials for all the selected protocols?
No, you must enter only those credentials that are necessary for the protocols and devices that you want to scan.
What if I do not enter credentials for all the selected protocols?
If you do not enter credentials for all the selected protocols, only the devices that do not require access credentials are discovered. Devices protected with password are not discovered.