Atrium Discovery Prerequisites
We’ll Cover Requirements for the Following: FIREWALL Atrium Discovery credentials discovery  process User Interface Window...
Atrium Discovery: How It Is shipped <ul><li>Atrium Discovery runs as an appliance on its own dedicated Red Hat Enterprise ...
<ul><li>VMware support matrix </li></ul><ul><ul><li>R – Recommended Platform </li></ul></ul><ul><ul><li>S – Supported by B...
VA Resources <ul><li>Resources required for the VA </li></ul><ul><ul><li>The lower bound is a minimum, the upper bound has...
VA Disks <ul><li>Atrium Discovery makes intensive use of disk resource </li></ul><ul><li>Deploy using the highest IO disk ...
Accessing the UI <ul><li>Main user and administration functions </li></ul><ul><ul><li>Web based user interface: HTTP or HT...
Unix Discovery: Credentials <ul><li>Require a regular user account on the target  servers </li></ul><ul><li>Can be usernam...
Unix Discovery: Discovery Scripts <ul><li>Discovery runs commands on the hosts to recover the data needed by Atrium Discov...
Unix Discovery: Discovery Commands <ul><li>Some commands require privilege escalation </li></ul><ul><ul><li>Typically “sud...
Unix Discovery: Escalated Commands <ul><li>Linux:  lsof, hwinfo, netstat, dmidecode, ethtool, mii-tool </li></ul><ul><ul><...
Windows Discovery: Slaves <ul><li>Windows discovery requires Windows slaves </li></ul><ul><ul><li>Vista/Server 2008 discov...
Windows Discovery: Remote Access <ul><li>In AD environments, use a Domain wide account with: </li></ul><ul><ul><li>Local a...
Windows Discovery: Discovery Commands <ul><li>Windows 2000 and older, require extra tools on the target for communications...
SNMP Discovery <ul><li>Requires: </li></ul><ul><ul><li>SNMP agents on all target devices </li></ul></ul><ul><ul><li>SNMP c...
Firewall Requirements Optional Consolidation Appliance Windows Slave Scanning Appliance
Alternative to Extensively Modifying Firewalls TCP port 25032 FIREWALL Consolidation Appliance Secured Network  Segment Sc...
Access to the User Interface <ul><li>Option 1 </li></ul><ul><ul><li>Suitable for most environments </li></ul></ul><ul><ul>...
Option 1: Directly Access Atrium Discovery Atrium Discovery Appliance Your IT estate User’s  Workstation User’s  Workstati...
Option 2: Use a Consolidator Scanning appliance sends scan data to the consolidation appliance TCP port 25032 FIREWALL Con...
Atrium Discovery Scanning <ul><li>Plan a progressive roll out of scanning across the estate to allow verification of and c...
The People Aspect <ul><li>People are sometimes your biggest challenge </li></ul><ul><li>Involve them early </li></ul><ul><...
Further Resources <ul><li>Online Documentation: </li></ul><ul><ul><li>http://www.tideway.com/confluence/display/81/Documen...
Upcoming SlideShare
Loading in …5
×

Addmi 03-addm prerequisites

1,282 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Addmi 03-addm prerequisites

  1. 1. Atrium Discovery Prerequisites
  2. 2. We’ll Cover Requirements for the Following: FIREWALL Atrium Discovery credentials discovery process User Interface Windows slave people
  3. 3. Atrium Discovery: How It Is shipped <ul><li>Atrium Discovery runs as an appliance on its own dedicated Red Hat Enterprise 5 Linux install </li></ul><ul><li>The appliance is a virtual machine called a ‘Virtual Appliance (VA)’ </li></ul>
  4. 4. <ul><li>VMware support matrix </li></ul><ul><ul><li>R – Recommended Platform </li></ul></ul><ul><ul><li>S – Supported by BMC </li></ul></ul><ul><ul><li>V – Supported by BMC only if VMware supported </li></ul></ul><ul><ul><li>T – Will require conversion on deployment </li></ul></ul><ul><ul><li>C – Community Support via Forum </li></ul></ul><ul><ul><li>x – Not supported </li></ul></ul>Virtual Appliance Community Edition Small Production (< 500 OSI) Large Production (> 500 OSI) VMware vSphere 4 or later C R S T R S T VMware ESXi v4 or later C R V T R V T VMware VI (ESX) 3.0.2 or later C S T S T VMware ESXi 3.5 or later C V T V T VMware Server 2.0 or later C V x VMware Player 2.x or later C x x VMware Workstation 5.x or later C x x
  5. 5. VA Resources <ul><li>Resources required for the VA </li></ul><ul><ul><li>The lower bound is a minimum, the upper bound has sufficient headroom to ensure high performance </li></ul></ul><ul><li>Sizing Classes </li></ul>Resource POC Baseline Datacenter Consolidated Enterprise CPUs 2 2 4 4-8 RAM (GB) 2 4 8 16-32 DB Disk (GB) no snapshot 50 100 200 200-660 DB Disk (GB) snapshot 50 200 500 660-1500 Proof of Concept Small test deployments of Atrium Discovery 150 OSIs Baseline A typical baseline as offered by BMC 500 OSIs Datacenter A typical large scale deployment 2000 - 5000 OSIs Consolidated Enterprise Enterprise scale deployments, typically a Consolidation Appliance taking feeds from many Scanning Appliances 20000 - 40000 OSIs
  6. 6. VA Disks <ul><li>Atrium Discovery makes intensive use of disk resource </li></ul><ul><li>Deploy using the highest IO disk speed resource </li></ul><ul><ul><li>Low disk IO impacts performance and scanning rate </li></ul></ul><ul><li>Use the Virtual Appliance capability to have a second disk dedicated to database files </li></ul><ul><ul><li>This allows the system to split the two most intense operations, writing database files and maintain transaction log, across two separate disks to avoid contention </li></ul></ul><ul><li>For more information see: </li></ul><ul><li>http://www.tideway.com/confluence/display/73/Configuring+the+Virtual+Appliance </li></ul>
  7. 7. Accessing the UI <ul><li>Main user and administration functions </li></ul><ul><ul><li>Web based user interface: HTTP or HTTPS </li></ul></ul><ul><li>Some administration functions </li></ul><ul><ul><li>Some duplication of UI </li></ul></ul><ul><ul><li>Accessed via SSH (Unix commands) </li></ul></ul>
  8. 8. Unix Discovery: Credentials <ul><li>Require a regular user account on the target servers </li></ul><ul><li>Can be username/password or an SSH key </li></ul><ul><ul><li>Typical use is to deploy a public key as an authorized key across the Unix estate </li></ul></ul><ul><li>The scanning targets need to be visible on the network </li></ul><ul><ul><li>From the appliance </li></ul></ul>
  9. 9. Unix Discovery: Discovery Scripts <ul><li>Discovery runs commands on the hosts to recover the data needed by Atrium Discovery </li></ul><ul><li>These command should be authorized </li></ul><ul><ul><li>Agreed by the System Administrators/business </li></ul></ul><ul><ul><li>Changes/additions may need to be re-approved </li></ul></ul><ul><li>Discovery assumes the commands are on the $PATH </li></ul><ul><ul><li>Explicit locations or extensions to $PATH can be configured </li></ul></ul>
  10. 10. Unix Discovery: Discovery Commands <ul><li>Some commands require privilege escalation </li></ul><ul><ul><li>Typically “sudo” or “suexec” </li></ul></ul><ul><ul><li>Other mechanisms can be configured </li></ul></ul><ul><li>Some commands may need to be installed </li></ul><ul><ul><li>lsof (process to network connections) </li></ul></ul><ul><ul><li>lputil, hbacmd (HBA card detection) </li></ul></ul>
  11. 11. Unix Discovery: Escalated Commands <ul><li>Linux: lsof, hwinfo, netstat, dmidecode, ethtool, mii-tool </li></ul><ul><ul><li>Read access to /etc/VRTSvcs/conf/config/main.cf for Veritas clustering </li></ul></ul><ul><li>Solaris: ndd, netstat, ifconfig, lsof, ps, pmap, pfiles, /usr/ucb/ps </li></ul><ul><ul><li>Read access to /etc/VRTSvcs/conf/config/main.cf for Veritas clustering </li></ul></ul><ul><li>AIX: lsof </li></ul><ul><li>HPUX: ifconfig, lsof </li></ul>
  12. 12. Windows Discovery: Slaves <ul><li>Windows discovery requires Windows slaves </li></ul><ul><ul><li>Vista/Server 2008 discovery requires AD Slaves </li></ul></ul><ul><li>Windows slaves run as Windows Services </li></ul><ul><li>The scanning targets need to be visible on the network </li></ul><ul><ul><li>To both the appliance and the Windows Slave </li></ul></ul><ul><li>For AD slave, the slave’s server must be in the core Active Directory </li></ul>
  13. 13. Windows Discovery: Remote Access <ul><li>In AD environments, use a Domain wide account with: </li></ul><ul><ul><li>Local admin right to the target Windows hosts </li></ul></ul><ul><ul><li>“ log on as user” right for all hosts in scope </li></ul></ul><ul><li>WMI </li></ul><ul><ul><li>Installed and enabled </li></ul></ul><ul><ul><li>Most data is obtained from this method </li></ul></ul><ul><li>Remcom / Psexec </li></ul><ul><ul><li>Administrative shares must not be disabled </li></ul></ul><ul><ul><li>Run command and File gets use these methods </li></ul></ul>
  14. 14. Windows Discovery: Discovery Commands <ul><li>Windows 2000 and older, require extra tools on the target for communications info: </li></ul><ul><ul><li>OpenPorts: http://www.diamondcs.au/openports </li></ul></ul><ul><ul><li>Tcpvcon : http://www.sysinternals/Utilities/TcpView.html </li></ul></ul>
  15. 15. SNMP Discovery <ul><li>Requires: </li></ul><ul><ul><li>SNMP agents on all target devices </li></ul></ul><ul><ul><li>SNMP community string provided to Atrium Discovery </li></ul></ul><ul><ul><li>V1 or 2c protocols </li></ul></ul><ul><li>Discovery can get enough data from SNMP to recognise devices as Hosts </li></ul><ul><li>In general, not as rich data as normal Unix/Windows discovery </li></ul><ul><li>Required for Netware, OpenVMS, IBM I and z/OS discovery </li></ul>
  16. 16. Firewall Requirements Optional Consolidation Appliance Windows Slave Scanning Appliance
  17. 17. Alternative to Extensively Modifying Firewalls TCP port 25032 FIREWALL Consolidation Appliance Secured Network Segment Scanning Appliance Your main IT estate
  18. 18. Access to the User Interface <ul><li>Option 1 </li></ul><ul><ul><li>Suitable for most environments </li></ul></ul><ul><ul><li>Direct access through any firewalls to the scanning appliance </li></ul></ul><ul><ul><li>Web browser: TCP port 80 </li></ul></ul><ul><ul><li>SSH terminal for advanced use: TCP port 22 </li></ul></ul><ul><li>Option 2 </li></ul><ul><ul><li>Suitable for the highest security environments </li></ul></ul><ul><ul><li>Use consolidation to move scan data to a “safe” appliance with no credentials configured </li></ul></ul>
  19. 19. Option 1: Directly Access Atrium Discovery Atrium Discovery Appliance Your IT estate User’s Workstation User’s Workstation User’s Workstation
  20. 20. Option 2: Use a Consolidator Scanning appliance sends scan data to the consolidation appliance TCP port 25032 FIREWALL Consolidation Appliance Your IT estate User’s Workstation User’s Workstation User’s Workstation Scanning Appliance
  21. 21. Atrium Discovery Scanning <ul><li>Plan a progressive roll out of scanning across the estate to allow verification of and confidence in results </li></ul><ul><li>Compile a list of any particular IP devices which should be excluded from discovery </li></ul><ul><li>Ensure that the infrastructure/business owners approve of your planned scanning schedule </li></ul>
  22. 22. The People Aspect <ul><li>People are sometimes your biggest challenge </li></ul><ul><li>Involve them early </li></ul><ul><li>Follow their change control procedures to roll out scanning </li></ul><ul><li>Remember that they’re responsible for the estate you want to scan </li></ul><ul><li>Give them access to the data in Atrium Discovery </li></ul><ul><ul><li>They’ll find it useful for their own purposes, building acceptance </li></ul></ul><ul><ul><li>Ensure they feel involved, not threatened, by the technology </li></ul></ul><ul><li>Encourage them to take a training course! </li></ul>
  23. 23. Further Resources <ul><li>Online Documentation: </li></ul><ul><ul><li>http://www.tideway.com/confluence/display/81/Documentation </li></ul></ul><ul><li>Configipedia for tips, tricks and articles: </li></ul><ul><ul><li>http://www.tideway.com/confluence/display/Configipedia/ </li></ul></ul><ul><li>Forums for help, ideas and discussion: </li></ul><ul><ul><li>http://www.tideway.com/community/forum/ </li></ul></ul>

×