1. BMC ADDM Scoping

2. Introduction to ADDM How Discovery Works Application Modelling Project Overview Pre-requisite walk-through Questions Agenda 3. Introduction to ADDM 4. Agentless discovery Quicker and easier deployment Immediate results Platform agnostic web-based UI Accurate view of infrastructure Servers and network devices Running and installed software Automatic dependency and impact mapping Provides data for Configuration Management Low impact Runs standard sysadmin commands on endpoint Uses standard protocols and ports WMI, SSH, SNMP ADDM Atrium Discovery and Dependency Mapping 5. Visibility of Your Infrastructure and Dependencies ADDM captures and provides automatically discovered Configuration data and presents it in many forms. 6. Asset and Configuration Management Primary data provider to CMDB Automatic inventory of Configuration Items and relationships Change Management Updates CMDB automatically on changes to discovered CIs Application Management Identify the application stack, environments, communication, dependencies and single points of failure ADDM as part of ITSM 7. Hosts, software, databases, network devices, virtualisation, clustering, file systems etc Dashboards Automatic host and software dependencies Automatic and manual grouping Customisable Summary of Discovery 8. How Discovery Works 9. How Discovery Works ADDM Appliance Ships as self contained VM image. Hosted on customer virtual platform ESX/ESXi 4.1 and later Disk allocation only no requirement for OS install Customer supports the platform (RHEL) BMC supports the appliance Security hardened with internal firewall IP Ranges entered into appliance Appliance runs discovery across the network Your IT Estate User 10. How Discovery Works Ports required for scan without credentials (sweep scan): TCP: 4, 22, 80, 135, 139, 514 TCP/UDP: 161 (SNMP) TCP: 23 (telnet) (optional) TCP: 513 (rlogin) (optional) ICMP Type 8 Echo Request (ping) optional ADDM performs an initial sweep to determine what endpoints respond (if ip range/subnet entered) and will use the port configuration to determine what type of device is discovered. Your IT Estate ADDM Appliance ADDM Administrator requires the following ports to access the appliance: TCP: 22 SSH TCP: 80 HTTP (optional) TCP: 443 HTTPS (optional) Appliance runs discovery across the network User 11. How Discovery Works Unix, Other Devices If ADDM determines there is a valid device on the endpoint it will attempt to log in with with supplied credentials and run standard commands to retrieve CI data: Hardware OS Software Communications Default ports required for successful (full) Host discovery: Unix 22 SSH 23 Telnet 413 rlogin SNMP 161 VMWare 443 HTTPS 902 vSphere API Ports can be customised. Your IT Estate ADDM Appliance 12. How Discovery Works - Windows ADDM Appliance Default ports required for successful (full) Host discovery: Appliance: ICMP Type 8 ping 135 DCOM Service Control 1024-1030 Restricted DCOM, used after initial negotiation Used by Proxy: 135 DCOM Service Control 139 Netbios (NT4 RemQuery) 445 SMB (RemQuery) 1024-65535 Unrestricted DCOM (WMI), used after initial negotiation Your IT Estate A Windows proxy is needed for discovery of Windows servers. The service (Active Directory/Credential) is hosted on a standard Windows server. Windows 2003 SP2 2012 R2 Customer supports server Windows Proxy Appliance and Proxy communicate on ports 4321-4323 Multiple proxies can be configured for one or more appliances. 13. Scanning Appliance How Discovery Works - Consolidation Your IT Estate Where there is a requirement for other appliances (and proxies) it is possible to consolidate data to another appliance. Windows Proxy Consolidator Appliance Scanning Appliance Consolidation uses port 25032 14. How Discovery Works - Clustering In order to improve performance on larger estates, clustering can be enabled to share the discovery workload. Coordinator and Members act as one appliance (individual UIs changes are replicated across set) A cluster can still act as a consolidator/scanner A cluster can still connect to proxies Members need to be on the same subnet to gain the performance advantgate Your IT Estate CoordinatorUser Member Member Ports required: 25030 Cluster Manager 25031 Datastore communication 25032 Reasoning communication 15. How Discovery Works Firewall Summary Your IT Estate Windows Proxy Consolidator Appliance User User Ports: 22 ssh 80 http 443 https Cluster Ports: 25030 Cluster Manager 25031 Datastore communication 25032 Reasoning communication Proxy Ports: 4321 Active Directory 4322 Workgroup 4323 Credential Scanning Appliance Consolidation Ports: 25032 Appliance Discovery Ports: 22 ssh 23 telnet 513 rlogin ICMP Ping 135 DCOM Service Controller 1024-1030 - rcmd/PSTools Credential-less scanning: 4,22,80,135,139,161,513,514 Windows Discovery Ports: 135 DCOM Service Controller 139 netbios for NT4 type domains 445 MSFT Dir Services SMB 1024-65535 WMI (Cluster) 16. How Discovery Works Summary Your IT Estate Windows Proxy Consolidator Appliance User Scanning Appliance 1. Input target IP ranges/subnets/address into ADDM for scanning. 2. ADDM runs credential- less sweep scan across network. 3. Add login credentials to ADDM for relevant systems. 4. ADDM runs full discovery scan across network. 5. The raw discovery data is reasoned by ADDM which may also trigger additional discovery patterns. 17. Typical privileged commands needed: lsof lslpp dmidecode hwinfo mii-tool ethtool netstat esxcfg-info Full list of commands for each platform: http://discovery.bmc.com/confluence/display/100/Privileged+commands Not all are required for successful discovery Priveleged Commands 18. BMC Atrium Discovery by its very nature is interacting with the IT infrastructure and will therefore generate some network traffic. From empirical observations of real deployments, a typical peak load of about 3 Megabits per second has been observed. Network load can be affected by: Differences between environments Custom patterns (for example: retrieving the contents of a very large file that is common in the target environment) Consolidation Moving appliance backups. Network Traffic 19. Credentials Stored in an encrypted vault Can use SSH keys and Active Directory proxy Platform Scripts Administrator access only Read Only for other users if necessary Security of Appliance Penetration tested and hardened http://discovery.bmc.com/confluence/display/100/Appliance+hardening Typical Security Concerns 20. Service/Application Modelling 21. Discovery takes place in 2 parts Discovery of core information Installed packages, running processes, server information, OS details, network interfaces Discovery from patterns Triggered when a specific condition is met during the core discovery Discovers and models information about a server such as running aspects of software web servers, databases, application servers, clusters, virtualisation, portioning 800+ TKU (Technology Knowledge Updates) patterns provided by BMC Providing OOTB discovery for more than 50,000 product configurations Updated monthly increasing in number It is possible to create your own custom patterns Discovery from Patterns 22. Part of the Service Model Represent your custom business applications made up of individual instances of software e.g. applications, databases, webservers Helps in business impact analysis by showing direct relationships and dependencies in the application/hardware stack Helps in understanding what your business application is made up of Application Models and Service Models are consumed by ITSM processes such as Incident, Problem, Change for: Faster time to recovery Less incident escalations Planning changes Impact Analysis Application Models 23. Model of the Application Stack 24. Prerequisite Walkthrough 25. Virtual Appliance Supplied in OVF (Open Virtualisation Format) Production Use: VMware ESX/ESXi 4.1 or above Test and Dev: VMware Workstation 8.0 and above, VMware Player 4.0 and above 64-bit only Hosting the Appliance Resource POC Baseline Datacentre Consolidated Enterprise CPUs 2 2 4 4 to 8 DB Disk (GB) - No backup 37 100 200 200 to 660 DB Disk (GB) - With local backup 37 200 400 450 to 1300 RAM (GB) 2 to 4 4 to 8 8 to 16 16 to 32 or more Swap Space (GB) 4 to 8 8 to 16 16 to 32 16 to 32 26. Hosted on a virtual or physical server with one of the following OS types: Windows 2003 SP2 (IPv4 Only) Windows 2008 SP2 Windows 2008 R2 Windows 2012 Windows 2012 R2 Minimum host specification 2GHz Intel Pentium 4 CPU 512k cache (or equivelant) 2GB Memory 60GB Harddisk Windows Proxy 27. Windows Local Admin account with WMI rights Administrative shares must not be disabled (enabled by default) Netstat Unix/Linux SSHD or SSH key Standard user account with non-root privileges Sudo or sudoers file for privileged commands SNMP Community strings to logon to network devices/printers/etc. Credentials 28. Hosting for ADDM appliance(s) Hosting for Windows Proxy(ies) Rollout of credentials Linux/Unix, Windows, Virtual Containers Specific commands for host communication netstat, lsof Network configuration appliance, proxies, firewalls, ACLs, IDS Firewall ports From ADDM scanning appliance to the systems being scanned From Windows proxy to the systems being scanned Obtain change approvals for above actions and for scanning environment Identify target environments IP/subnet ranges and exclude ranges Access for consultant to The appliance and proxies via HTTP and SSH Use of tools such as PuTTy, WinSCP, Notepad++, Regex Coach, Chrome, Firefox or IE9+ Adminstrators and Users must be able to access ADDM appliances through HTTP(S) and SSH (administrators) Summary of Prerequisite Actions for Customer 29. Requirements Gathering 30. What OSIs and Devices do you want to discover? OS/Device type Virtual/Physical How many (OS breakdown) How to access Additional commands needed beyond platform scripts? Datacenters? How many Locations Any firewall issues? Network zones, DMZ General security issues? Credentials Access rights management Infrastructure 31. How many applications to model? Application model questionnaires Business Applications