• Loading...
This documentation relates to the latest released version of BMC Atrium Discovery (other versions).

Installing Windows proxies

Skip to end of metadata
Go to start of metadata
Space Search

Searching ADDM 8.3

Table of Contents
Proxy changes in 8.3 SP2
In BMC Atrium Discovery 8.3 SP2, installation and management of proxies has been improved with the introduction of a new Windows proxy manager tool. It is also possible to install multiple proxies of each type on a single host. For information on the changes, see Windows proxy manager.

Windows proxies are downloaded as install files from the appliance and installed onto the local Windows host. You must be logged in as an administrator to install Windows proxies. If the software is not installed as this user then you need to grant permissions to write to C:\Program Files\BMC Software\ADDM Proxy_Type where Proxy_Type is one of the following:

  • Active Directory
  • Credential

The user that runs the Windows proxy must have necessary permissions to read from and write to the etc, log, and record directories.

As a user on the appliance, you must have been granted the admin/software/slave/download permission to download the Windows proxy installers.

Windows proxy version and operating system compatibility

The following table provides information on compatibility between Windows proxy types and versions, and the operating systems that the Windows proxy runs on for BMC Atrium Discovery version 8.3.

Windows Proxy Type Earliest Windows Proxy Version Supported Windows Proxy Available for Supported Operating System
Credential Windows proxy 7.3
See getServices note below this table. 		Windows 2003 SP2 (x86 and x86_64)
Windows 2008 - Service Pack 2 (x86 and x86_64)
Windows 2008 R2
Active Directory Windows proxy 7.3
See getServices note below this table. 		Windows 2003 SP2 (x86 and x86_64)
Windows 2008 - Service Pack 2 (x86 and x86_64)
Windows 2008 R2

getServices
The getServices discovery method was introduced with BMC Atrium Discovery version 8.1. Windows proxies before version 8.1 do not support this method although are supported in all other respects.
getFileSystems
The getFileSystems discovery method was introduced with BMC Atrium Discovery version 8.2. Windows proxies before version 8.2 do not support this method although are supported in all other respects.

Workgroup Windows proxy deprecated

The Workgroup Windows proxy has not been supplied since before BMC Atrium Discovery version 8.2. All of its functionality has been moved into the Active Directory Windows proxy.

Windows Proxy type Earliest Windows Proxy Version Supported Windows Proxy Available for Supported Operating System
Workgroup Windows proxy
Not available with version
8.3. 		7.3
See getServices note above this table.		 Windows Server 2008 (x86 - 32bit)
Windows XP - Service Pack 2 (x86 - 32bit)
Windows 2003 - Service Pack 2 (x86 - 32bit)
Refers to 8.1 version.

Minimum host specification

The following are the minimum recommended specifications for the Windows proxy host:

Component Specification
Operating System As stated in tables above
CPU 2GHz Intel Pentium® 4 CPU 512k Cache (or equivalent from other manufacturer)
Memory 2GB
Hard disk 60GB

To avoid any impact during resource-intensive periods of discovery, it is strongly recommended not to install the Windows proxy on any host supporting other business services. This is true even if the minimum Windows proxy specification is exceeded, since the Windows proxy will attempt to use what resources are available, in order to optimize scan throughput.

Windows discovery communications

You should also consider the ports that will need to be opened in any firewall between the appliance and the proxy or proxies, and the proxies and target hosts.

Windows discovery metadata

Discovery metadata covers Windows as well as UNIX. This provides information about why sessions failed to be established and why scripts failed to run, including information about what credential or Windows proxy was used.

Windows proxy upgrade and installation

Previous versions of the Windows proxy have used an omniORB configuration file (C:\omniOrb.cfg). Version 7.2 and later Windows proxies do not use this file in the same way. If you have a C:\omniOrb.cfg file on your system before installing the Windows proxy, you should rename it to C:\omniOrb.cfg.old before installing a new Windows proxy. If you do not, you may experience connectivity problems with the new Windows proxy.

Installing or upgrading Windows proxies where anti-virus software is installed

Before installing Windows discovery proxies you should either disable the anti-virus software or configure it to exclude remquery from triggering a virus alert. You can enable the anti-virus software once the Windows proxy has been installed.

Downloading a Windows proxy installer

To download a Windows proxy installer:

  1. From the Tools section of the Discovery page, click the appropriate link for the type of Windows proxy to download:
    • Download installer for Active Directory Proxy, version 8.3
    • Download installer for Credential Proxy, version 8.3
  2. Save the installation file to your file system.

Upgrading a Windows proxy

Before upgrading an existing Windows proxy, you must:

  • Ensure that the existing Windows proxy is not running. If you fail to do this you will need to reboot the computer after the upgrade.
  • Accept the default installation directory, or enter a new installation directory. You must not use the same directory as the existing Windows proxy.
  • Enter the username used in the current Windows proxy when prompted for the username that the service should run as.

Installing a Windows proxy

To install a Windows proxy:

  1. Run the installer by double-clicking on the downloaded installer file.
    A welcome screen is displayed.
  2. Click Next.
  3. Click Browse to select an installation directory, and then click Next.
    To accept the default installation directory (C:\Program Files\BMC Software\ADDM Proxy_Type Proxy), click Next.
  4. To create the Windows proxy application's shortcuts, click Browse to select a different folder, or click Next to accept the default folder.
  5. On the Select Additional Tasks screen, choose options that will be available in the Start menu, and then click Next. If you chose Don't create a Start Menu Folder in the preceding step, clear all the check boxes and click Next.
  6. To display the Service Credentials window, click Next.
  7. Enter the credentials for the user account that will run the Windows proxy.
    If you do not enter the credentials at this point you can do so later, see Specifying the Account Used to Run the Windows proxy. The Windows proxy will run as the Local System user if credentials are not entered.
    Credential Windows proxy User
    You should not run the Credential Windows proxy as the Local System user, but as a valid user account, which should be in the Administrators group.
  8. Review the details in the Ready to Install window and, if they are correct, click Install.
    If the details are incorrect, click Back and navigate through the installer to correct the error.
  9. Click Finish to exit the installer.
  10. A dialog box is displayed showing whether the Windows proxy has been successfully installed. On the dialog box is a checkbox marked Register with appliance. Select this checkbox to open the BMC Atrium Discovery UI Create Windows proxy page, prepopulated with details of this Windows proxy when this part of the setup is complete. You may see a dialog box regarding File Download. Accept this to go to the prepopulated Create Windows proxy page.
  11. Click Finish.
    The Windows proxy is now installed and if you have selected the Register with appliance checkbox, the prepopulated Create Windows proxy page is displayed.
    Service startup failure
    Sometimes Windows may refuse the installer permission to start the Windows proxy service, resulting in a dialog box along the lines of service installed but could not be started. This is remedied by manually supplying the credentials directly to the service using the Windows UI. See Specifying the Account Used to Run the Windows proxy.

Modifying the Windows proxy host firewall

The Windows firewall blocks the ports that the Windows proxies use by default. To enable an appliance to communicate with a Windows proxy, you must amend the firewall rules to permit communication on one of the following ports for each Windows proxy type installed on the host:

  • 4321: Active Directory Windows proxy.
  • 4323: Credential Windows proxy.

To do this, select Windows Firewall from the Windows Control Panel. You can add a Windows proxy as an exception (as a program or a port) on the exceptions tab.

Specifying the domain account used to run the Windows proxy

The Active Directory Windows proxies gain their permissions from the user account that they run as. To configure this:

  1. From the Start Menu, select Settings => Control Panel.
    The Control Panel is displayed.
  2. Double-click Administrative Tools and then Services.
  3. The Services list is displayed in the right-hand pane.
  4. Right-click on the Windows proxy entry and select Properties from the popup menu.
  5. Switch to the Log On tab and select This account.
  6. Enter the user name and password of the Domain account that the service is to run as.
    You may see a dialog saying that the user has been granted the Log on as a Service right.
  7. To apply the changes and dismiss the window, click OK.

Starting or stopping the Windows proxy

To do this, from the Control Panel, navigate to Administrative Tools and access the Services list. Select the Windows proxy that you want to start or stop. The services panel is refreshed with information and links enabling you to start, restart, or stop the Windows proxy.

  • To start the Windows proxy (if it is not running) click Start the service.
  • To restart the Windows proxy (if it is running) click Restart the service.
  • To stop the Windows proxy (if it is running) click Stop the service.

Starting the Windows proxy automatically

When the Windows proxy is working satisfactorily, you should set it to start automatically. To do this, from the Control Panel, navigate to Administrative Tools and access the Services list. Select the Windows proxy that you want to start automatically and select Properties from the popup menu.

Select Automatic from the Startup type: drop-down list, and click OK to apply the changes.

Specifying additional startup options

When the Windows proxy is working satisfactorily, you can then specify additional startup options. Many of these can also be specified through the Manage Windows Proxy page. These are noted in the table below.

You can also enter the start up options described in the table below in the registry key appropriate for the Windows proxy type and host architecture. On a 32 bit system this is one of:

  • Active Directory Windows proxy
    HKEY_LOCAL_MACHINE\SOFTWARE\BMC Software\Atrium Discovery\ADPROXY\CommandLine
  • Credential Windows proxy
    HKEY_LOCAL_MACHINE\SOFTWARE\BMC Software\Atrium Discovery\PROXY\CommandLine

On a 64 bit system this is one of:

  • Active Directory Windows proxy
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BMC Software\Atrium Discovery\ADPROXY\CommandLine
  • Credential Windows proxy
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BMC Software\Atrium Discovery\PROXY\CommandLine

Option Description
--auto-purge-all You can configure the Windows proxy to automatically purge its log and record data directories. The default behavior is not to purge.
Specifies that log and record data directories will be purged.
Set via UI.
--auto-purge-logs Specifies that only log directories will be purged.
Set via UI.
--auto-purge-record Specifies that only record data directories will be purged.
Set via UI.
--auto-purge-max-data-age value Specify an age above which data is automatically purged. This is set in days and the default is seven.
Set via UI.
--auto-purge-period value The frequency at which the automatic purge occurs. This is set in hours and the default is 24 (daily).
Set via UI.
--log-soft-limit value A size limit (in MB) for the log directories. If this limit is exceeded the oldest records will be deleted. The default behavior is not to specify a limit (zero).
--record-soft-limit value A size limit (in MB) for the record data directories. If this limit is exceeded the oldest data will be deleted. The default behavior is not to specify a limit (zero).
--enable-config-upload
--disable-config-upload		 Enable or disable uploading configuration, overriding the setting specified in the configuration file.
--config-file-limit value The number of backup configuration files to keep. The default is none. If this is exceeded, the oldest file is deleted.
--conf <config file> Specify a configuration file to use.
--openports
--no-openports		 Enable or disable OpenPorts, overriding the setting specified in the configuration file.
--tcpvcon
--no-tcpvcon		 Enable or disable Tcpvcon, overriding the setting specified in the configuration file.
--dont-resolve-hostnames The getInfo method retrieves patch, device, and host information. If no hostname is found then a reverse DNS lookup is performed to determine the hostname. Specify --dont-resolve-hostnames to prevent this.
--remquery
--no-remquery		 Enable or disable RemQuery, overriding the setting specified in the configuration file.
Set via UI.
--remquery-timeout value Specify a timeout value (in seconds) for RemQuery calls. The default is 60 seconds.
Set via UI.
--wmi
--no-wmi		 Enable or disable WMI, overriding the setting specified in the configuration file.
Set via UI.
--wmi-timeout value Specify a timeout value (in seconds) for WMI queries. The default is 120 seconds.
Set via UI.

Testing Windows credentials and communication

You can test the credentials by using it to discover a Windows machine that you know the user can access. To do this, from a command prompt on the Windows proxy, use the runas command to run a Discovery command such as systeminfo as the Domain user: 

C:\> runas /user:DOMAIN\username "systeminfo /S TARGET"

Replace DOMAIN with the domain name, for example TIDEWAY, username with the user name, for example discovery, and TARGET with the resolvable hostname or IP address.

Windows proxy downgrade

If you need to downgrade a Windows proxy, you must stop the Windows proxy, uninstall it, and then install the new Windows proxy according to the instructions for that Windows proxy version.
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.