BMC Discovery is an agentless discovery and dependency mapping tool that automatically discovers configuration and relationship data across an IT infrastructure. It provides visibility into hardware, software, applications and their dependencies. BMC Discovery works by running scans from a virtual appliance using supplied credentials to retrieve configuration information. It analyzes the data to map relationships and can integrate with a CMDB. Security features include encrypted credential storage and secure communications. Prerequisites for deployment include virtual appliances, a Windows proxy server, and credentials for systems being discovered.

1. Scoping for BMC Discovery
(ADDM)
WES FITZPATRICK 2017-08-19

2. Agenda
What is BMC Discovery?
Why BMC Discovery?
How does Discovery work?
Service/Application Modelling
Security Considerations
Prerequisite Walkthrough
Requirements Gathering

3. What is BMC Discovery?

4. BMC Discovery
◦ Formerly known as Tideway
◦ Bought by BMC (2009), renamed ADDM (Atrium
Discovery and Dependency Mapping)
◦ Renamed to BMC Discovery (2016)
Clean and Transparent
◦ Agentless
◦ Minimum effort for end-client resource
◦ Immediate results
◦ Platform agnostic – web-based UI
◦ Full visibility to ‘how and why’ things were
inferred
Fully Automated
◦ Servers (physical, virtual), desktops, clusters,
databases, software, network devices, storage…
◦ Dependencies and relationships
◦ Software and hardware lifecycle reporting
◦ Atrium CMDB integration
Dashboards and Reporting
◦ Search for anything in the data store
◦ Powerful analytics
◦ Dependency visualizations
◦ Custom reporting
◦ “Deep Dive” navigation
What is BMC Discovery?

5. Visibility of Your Infrastructure
Discovery captures and provides automatically
discovered configuration and relationship data, providing
many different views.

6. Why BMC Discovery?

7. Largest Reference Library
◦ 40,000+ SW & OS versions
◦ 3000 network devices, 1000 relationship types
◦ 20 Storage brands
◦ 100 Middleware types
Enabler for Application/Service Mapping
◦ Simplified ‘Start Anywhere’ tool
◦ More complex/deep application/service modelling
Ease of Integration
◦ REST API
◦ CSV, XML, PDF Export
◦ CMDB Integration
◦ Email
Reporting
◦ Single click ‘provenance’ reporting
◦ End of Life/Support reports and dashboards
◦ 200+ customizable out of the box reports
Visibility
◦ Visibility of overall utilisation of infrastructure
◦ Instant view of virtualization
◦ Software audits
◦ Cloud readiness
Risk Reduction
◦ Assess impact of change/migration
◦ Identify Single Points of Failure
Why BMC Discovery?

8. Return on Investment
◦ 5-Year ROI of 470%
◦ $128K Business benefits over 5 years per 100
servers
◦ 8 month payback period
◦ 7,000 Pounds of hardware cleared off data
centre floor
Increased Visibility
◦ 80% Reduced effort to map applications
◦ 60% Reduction in audit prep time from 90 to 30
days
Plan Transitions
◦ 66% Reduced time to plan and approve changes
More Effective ITSM
◦ 80% Reduction in incidents caused by change
◦ 28% Reduction in volume of events
More Info:
http://media.cms.bmc.com/documents/BMC-
Discovery-Updated-May-2017.pdf
IDC Report

9. How Does Discovery Work?

10. How Discovery Works
User
Discovery Appliance
Discovery scan is run
on ip range...
IP ranges and credentials entered into
appliance...
• Ships as self contained virtual image
• Hosted on customer virtual platform
• ESX/ESXi 4.1 and later
• Disk allocation only – no requirement for OS install
• BMC supports the appliance and platform (RHEL)

11. User
Discovery Appliance
Discovery scan is run
on ip range...
How Discovery Works
Administrator accesses the appliance via UI
(HTTP/HTTPS) and CLI (SSH) via local login or
AD/LDAP
Ports used for initial sweep scan:
• TCP: 4, 22, 80, 135, 139, 514
• TCP/UDP: 161 (SNMP)
• TCP: 23 (telnet) (optional)
• TCP: 513 (rlogin) (optional)
• ICMP Type 8 Echo Request (ping)
Discovery performs an initial sweep to determine
what endpoints respond (if ip range/subnet entered)
and will use the port configuration to determine
what type of device is discovered.

12. How Discovery Works – Servers and Network
Devices
If Discovery determines there is a valid device on the endpoint it will attempt to
log in with supplied credentials and run standard commands to retrieve CI data:
• Hardware
• OS
• Software
• Communication
Default ports required for successful (full) Host discovery:
• Linux/Unix
• 22 – SSH
• 23 – Telnet
• 413 – rlogin
• SNMP
• 161
• VMWare
• 443 – HTTPS
• 902 –vSphere API
• Ports can be customised
Discovery Appliance

13. Discovery
Windows Proxy
How Discovery Works - Windows
Default ports required for successful (full) Host discovery:
Appliance:
• ICMP Type 8 “ping”
• 135 – DCOM Service Control
• 1024-1030 – Restricted DCOM, used after initial negotiation
Used by Proxy:
• 135 – DCOM Service Control
• 139 – NetBIOS (NT4 RemQuery)
• 445 – SMB (RemQuery)
• 1024-65535 – Unrestricted DCOM (WMI), used after initial negotiation
A Windows proxy is needed for discovery of Windows servers.
The service (Active Directory/Local Admin) is hosted on a standard
Windows server.
• Windows 2008 SP2 – 2012 R2
• Server supplied and supported by end-client
Multiple proxies can be configured
for one or more appliances.
Appliance and Proxy
communicate on ports 4321-4323

14. Discovery
Windows Proxy
How Discovery Works - Consolidation
Where there is a requirement for other appliances
(and proxies) it is possible to consolidate data to
another appliance.
Consolidation uses port 25032
Consolidator
Scanner

15. How Discovery Works - Clustering
In order to improve performance on larger estates, clustering can be enabled
to share the discovery workload.
• Coordinator and Members act as one appliance (individual UIs – changes
are replicated across set)
• A cluster can still act as a consolidator/scanner
• A cluster can still connect to proxies
• Members need to be on the same subnet to gain the performance
advantage
User
Coordinator
Member
Member
Ports:
• 25030 – Cluster Manager
• 25031 – Datastore
communication
• 25032 – Reasoning
communication

16. How Discovery Works – Protocol Summary
Scanner
Consolidator
(Cluster)User Windows Proxy
Appliance Discovery:
• SSH
• ICMP (Ping)
• DCOM
Consolidation:
• CORBA
Clustering:
• CORBA
User Access:
• SSH
• HTTP
• HTTPS
• AD/LDAP
Proxy:
• AD/LDAP
• Local Admin Credential
Windows Discovery:
• DCOM
• NetBIOS (NT4 only)
• SMB
• WMI

17. How Discovery Works – Firewall Summary
Scanner
Consolidator
(Cluster)User Windows Proxy
1. Input target IP
ranges/subnets/address into
ADDM for scanning.
2. ADDM runs credential-less
“sweep scan” across network.
3. Add login credentials to
ADDM for relevant systems.
5. The raw discovery data is
reasoned by ADDM which
may also trigger additional
discovery patterns.
4. ADDM runs full discovery
scan across network.

18. Service/Application
Modelling

19. What is a Business Application?
An enterprise software tool or the technical
architecture of a service
Typically comprised of a number of other
applications, software or databases.
Examples: Exchange, Payroll, Intranet, ITSM
May be split by environment and/or Line of
Business
Usually not provided by OOTB by BMC (TKU
updates)

20. What is a Business Application?
Part of a Service
Switches
Hosts
Software Instances & Database Servers
Processes, Services, Config Files, Runtimes Environments, Websites, etc…
Business Application Instance
Service

21. What is a Business Application?
Database
Server
Application
Server
Web
Server
Business
Application
Instance
Simplified Business Application Instance (BAI) Example

22. Application Models
Part of the Service Model
Represent your custom business applications made up of individual instances of software
◦ e.g. applications, databases, webservers
Helps in business impact analysis by showing direct relationships and dependencies in the
application/hardware stack
Helps in understanding what your business application is made up of
Application Models and Service Models are consumed by ITSM processes such as Incident,
Problem, Change for:
◦ Faster time to recovery
◦ Less incident escalations
◦ Planning changes
◦ Impact Analysis

23. Security Considerations

24. Typical Security Concerns
Credentials
◦ Stored in an encrypted vault
◦ Can use SSH keys and Active Directory proxy
Client Data
◦ Discovery is currently NOT cloud hosted – data is stored within appliance datastore
◦ Access can be controlled via LDAP and limited RBAC
Platform Scripts
◦ Administrator access only
◦ ‘Read Only’ for other users if necessary
Security of Appliance
◦ Penetration tested and hardened
◦ https://docs.bmc.com/docs/display/DISCO111/Appliance+hardening

25. Secure Communications
Secure communications between elements of Discovery uses CORBA over TLS (Transport Layer
Security) with the following details:
◦ Protocol: TLSv1.2
◦ Encryption: AES_256_CBC
◦ Message hashing: SHA1
◦ Key Exchange: DHE_RSA (2048)
It is enabled using certificates in the following locations:
◦ Each Appliance (Scanning or Consolidation)
◦ Each Windows Proxy (Active Directory or Credential)
◦ Certificate Authority public certificate on each Appliance and Proxy
◦ Customer specific certificates can be used

26. Prerequisite Walkthrough

27. Virtual Appliance
◦ Supplied in OVF (Open Virtualisation Format)
◦ Production Use: VMware ESX/ESXi 4.1 or above
◦ Test and Dev: VMware Workstation 8.0 and
above, VMware Player 4.0 and above
◦ 64-bit only
These recommendations differ from what BMC
publishes.
Hosting (Recommendations)
Resource POC Small (<500)
Datacentre
(<5000)
Enterprise
(20000+)
CPUs 2 4 8 8
RAM (GB) 2 8 16 32
Swap (GB) 4 16 32 32
Local Disk (GB) 37 100 100 100
Datastore (GB) 37 200 500 1TB
Backup (GB) N/A 200 500 1TB

28. Windows Proxy
Hosted on a virtual server with one of the following OS types:
◦ Windows 2008 SP2
◦ Windows 2008 R2
◦ Windows 2012
◦ Windows 2012 R2
Minimum host specification
◦ 2GHz Intel Pentium 4 CPU 512k cache (or equivelant)
◦ 4GB Memory
◦ 100GB Disk

29. Credentials
Windows
◦ Local Admin account with WMI rights
◦ Administrative shares should not be disabled (enabled by default)
◦ Netstat
Unix/Linux
◦ SSHD or SSH key
◦ Standard user account with non-root privileges
◦ Sudo or sudoers file for privileged commands
SNMP
◦ Community strings to logon to network devices/printers/etc.

30. Other Considerations for DC Deployment
Limited RBAC can be configured through Group mappings in the UI, but this can break
functionality if you are not careful
BMC Discovery is not a multi-tenanted solution – all data is visible to any administrator with
visibility to the data model.
◦ The appliance does however support multi-tenancy sync.
Overlapping IPs can be handled at a basic server level, but due to the nature of relationship
mapping, ownership can be mismatched.
◦ If your environment is not NAT’d then non-consolidated appliance deployment is recommended (with
direct integration to CMDB)
It is not possible to use Discovery as a typical ‘manual’ CMDB – i.e. you cannot add/edit CI’s and
attributes manually.
◦ The primary method of population is automated discovery, it is then possible to create custom patterns
to add additional custom CI’s and attributes through scanning.

31. Summary of Prerequisite Actions
Hosting for Discovery appliance(s)
Hosting for Windows Proxy(s)
Rollout of credentials – Linux/Unix, Windows, Virtual Containers
Network configuration – appliance, proxies, firewalls, ACLs, IDS, IDS
Obtain change approvals for above actions and for scanning environment
Identify target environments – IP/subnet ranges and exclude ranges
Access for consultant to
◦ The appliance and proxies via HTTP and SSH
◦ Use of tools such as PuTTy, WinSCP, Notepad++, Regex Coach, Chrome or Firefox
Administrators and Users must be able to access Discovery appliances through HTTP(S) and SSH
(administrators)

32. Requirements Gathering

33. Infrastructure
What OSIs and Devices do you want to discover?
◦ OS/Device type
◦ Virtual/Physical
◦ How many (OS breakdown)
◦ How to access
◦ Additional commands needed beyond platform scripts?
Datacenters?
◦ How many
◦ Locations
Any firewall issues?
◦ Network zones, DMZ
General security issues?
◦ Credentials
◦ Access rights management

34. Traversys Limited
team@traversys.io
www.traversys.io