SSL Certificate Discovery Reaches 1.0

Traversys are proud to announce that we have updated our SSL Certificate extension for BCM Discovery to include an automatic installer, with dashboards and reports.

Our SSL Certificate Extension can provide insight into:

  • Signing status (self-signed or Certificate Authority)
  • Certificate Lifecycle
  • Serial Numbers
  • Encryption Level

Certificate capture works independently of the Discovery scan, meaning certificates can also be captured for servers that are not part of targeted scanning.

Supports versions 10.2 – 11.3 if BMC Discovery.

Talk to us today about enabling this for your Discovery solution.

Why do I now have to do Application Modelling… again?

Featured Image: CC BY 2.0

This article was first published by Wes Fitzpatrick on LinkedIn (5th Sept 2014). It has been edited and updated.

This is a variation on a question I was asked often as a consultant during workshops for new customers using BMC Discovery.

For the last few years Discovery has had CAM (Collaborate Application Modelling) and more recently they have introduced ‘Start Anywhere Application Modelling’ (no acronym, but why not SAAM?). Of the former my unfiltered opinion is that it’s shite, plain and simple. I’ve attempted to use it on occasion but have always had trouble getting it to present exactly what I was expecting. Of the latter, it looks very nice and shows promise, unfortunately I haven’t had much time to play with it. However, regarding SAAM, what looked like a new approach to modelling using the open standard JSON, quickly got locked up and it appears that you can only really create Application Models for the specific appliance you are working on – another missed opportunity if you ask me!

Perhaps I’m just old-hat and set in my ways, I know my opinion on CAM is not alone, but I have come across other less experienced users who are happy with it. But nothing can currently beat the flexibility and versatility of using TPL and building patterns. Of course, this comes with the cost of training and/or hiring someone who can program using TPL.

So what is ‘TPL’?

TPL is a mixture of programming and a markup language – for someone with no exposure to programming at all this can be a steep learning curve that simply can’t be covered in just 1 or 2 days of training labs. Many people I’ve spoken to have come away from a Discovery training course feeling that they just didn’t get enough of the application mapping part of the course, and consequently have had to outsource application modelling anyway.

BMC brought out CAM to address this problem, but as I’ve indicated above, it was a steaming turd for most users. They’ve now attempted to remedy this with SAAM – as I’ve said, it’s a much better step in the right direction, but now we’ve lost the ability to replicate and share! Other companies are out there – our friends at Tekwurx have uControl – which offers a simple to use UI, and Traversys can offer you a comprehensive in depth introduction to TPL, either with some one-on-one remote sessions or with downloadable course material you can learn at our own pace.

But why doesn’t Discovery do this automatically?

Well, the answer BMC – and I myself – might give you, is that Business Applications typically represent the ‘custom’ or ‘service’ part of the business. Discovery will automatically get you the components such as databases, web servers and other middleware, but what it can’t tell you is what underlying service these components support. Only you (or the business) know which database is depended upon by which app server, which in turn supports which service. Furthermore, although communication is automatically discovered e.g. from database to web server, only you or the business knows what communications are relevant and critical. In such, to model a monitoring application, you don’t necessarily need to include every agent installed.

An analogy might be buying an expensive piece of software for your home PC like Adobe Photoshop. Now you have the tool and all the plugins which will allow you to tweak your photos and images to perfection – but what Photoshop can’t provide is the actual expertise and the changes you want to make. That task is down to you to do yourself – or to hire an expert to tweak your photos.

BMC Discovery is still a ‘best in class’ tool which gives you a complete picture of your estate along with the ability extend and tweak beyond it’s core functionality. Few other discovery tools on the market are as open, allowing you to see exactly how something was inferred and giving you complete control over your data. However, like expensive imaging software, unless you know what you’re trying to accomplish and how to use it, you need to become an expert, purchase additional software, or hire an expert to get the most out of it.

If managed correctly, the extra cost of 3rd party software, training or professional services should pay for itself in the savings seen to the business through identifying critical dependencies, security risks, server consolidation opportunities, licensing audits and storage management.

Talk to us today about getting some training on TPL.

Disco Enhancements Browser Extension version 1.3 Released

This release contains a rework of the back-end code to make the extension work with version 11.2 as well as maintaining a fluid experience in both version 10.2 and 11.0/1. It’s actually an improvement in the code, I’ve managed to tidy it up and remove some messy workarounds but not all of them. So the extension does throw up some console errors, but from a user perspective it’s unnoticeable.

It’s a continual game of catch-up with BMC as they tweak their interface for BMC Discovery even on minor releases. Version 11.2 is no exception – the banner has changed, and some CSS form elements ID’s have changed.

To accommodate the CSS changes, the Generic Search Query box has been moved to the top of the page content and expanded. My own experience with copying and pasting queries caused me to find the smaller box more limiting – and of course it makes support across 3 versions of Discovery easier.

The extension has been tested on Firefox in unsigned mode and works without any tweaking. However attempting to upload it for signing to AMO did alert me to errors in the manifest (Chrome Web Store seemed to accept it with the Mozilla required ‘ applications’ key). I guess I’ll have to create a duplicate repository with a separate manifest after all.

There is the thorny security issue around using insertAdjacentHTML(), see this:

if (xhttp.readyState == 4 && xhttp.status == 200) {
  pageDiv.insertAdjacentHTML('afterbegin', xhttp.responseText);

I confess this is hacky workaround to get it to pass some html from a text file to the page. Mozilla security will reject this. I’m not yet smart enough to know how to implement a workaround…. more late night studying ahead for release 1.4 I suspect.

A premium version will be on it’s way. This will add the possibility to view and run the last query under the Generic Search Query box, amongst other functionalities. The core version will remain free and all the code will be published under the MIT license on GitHub.

Get the free extension for Chrome.

Developing a Business Case for BMC Discovery (ADDM)

As a contractor and solution architect, my involvement in most BMC Discovery deployments has usually come long after the business case has been determined, agreed and approved. By the time I’m on the scene, there should already be a PM, a statement of work with agreed deliverables, and a project plan – it’s then in my hands to deliver on what was promised. If the sales team and the executive have not been cutthroat about prices and scope, then this gives me plenty of time and budget to not only deliver on objectives, but also provide some value add.

Unfortunately, this is not always the case – cost and time factors will affect executive decisions, and pressure to make a sale will also cause vendors to over-promise. I’ve witnessed this at almost all stages in the project lifecycle – from presales to run, and with the exception of projects I’ve been brought in specifically to ‘rescue’, it’s not pleasant to be sitting at the end of the process having to explain to the customer why they’re not getting what they expected.

With this in mind, I want to share, from my experience, what factors need to be considered when putting together a Use Case for BMC Discovery. I have always considered BMC Discovery is a best-in-class tool with a lot to offer in terms of both revenue opportunities and savings. I hope this will help you to see the same, and avoid false expectations, unexpected costs and unworkable timescales.

Conducting the Cost/Benefits Analysis

…it’s not enough to simply list a number of benefits – they need to be applicable in some way to your organisation; many stated benefits may not be suited to your company… climate control and parking sensors are nice benefits for a car, but there’s little benefit to be had installing them on a motorbike.

First and foremost, it’s important to get your objectives clear, and linked to measurable financial benefits. This sounds a bit obvious, but you’d be surprised how much of this is lost when it filters down to those in your company whom this solution is foisted upon. In order to determine these benefits you need to consider whether your main goal of using BMC Discovery is to realise revenue opportunities (such as billing in a managed service), make efficiency savings (such as data centre migration), avoid risk and penalty (such as software audits), or a combination of all three.

It’s quite likely that you have been sold on all three benefits with a couple of dozen additional benefits thrown in. However it’s not enough to simply list a number of benefits – they need to be applicable in some way to your organisation; many stated benefits may not be suited to your company. For example, your company may be similar in many ways to others benefiting from Discovery, like a car is similar in many ways to a motorbike – both have a engines, pedals, speedometer, seating and similar purposes. Add-ons like climate control and parking sensors are nice benefits for a car, but there’s little benefit to be had installing them on a motorbike.

There are several factors to consider that should not be ignored in assessing the costs and benefits for your business case, not least these:

  • Licensing
  • Hosting
  • Security
  • Acceptance
  • Resourcing (Project and Operations)
  • Support
  • Data Quality

Up to, and as of version 11.x, BMC Discovery is licensed primarily on server count, with additional option of purchasing storage discovery and extended data pack (including End-of-Life and hardware reference data). When considering licensing, the obvious question is going to be a ballpark figure of how many servers are in your estate; but in determining viability of the Business Case, you also need to ask the following questions:

  • If part of managed service, how are you billing your customers? Can the costs be recuperated from server count alone? If you bill based on service, server count cannot be guaranteed to meet your revenue objectives and you would be better to focus on cost reduction.
  • How is your company structured? Is it one entity with centralised management, or a federation of accounts or companies, with separate financial structures and billing methods?
  • Will the licensing, project, support and or hosting cost be covered in a central budget, or distributed along lines of business?
  • Do you require data segregation for regulatory compliance, customer or cyber-security policies? This is critical to determining hosting and resourcing costs – ignoring this question could lead to major adjustments to the business case further down the road.
  • Is your infrastructure hosted in one or two places (physical, logical) or is it sparse and unconnected? Similar to the question above, this needs to be considered in estimating hosting requirements. It could mean the difference between 2 and 20 appliances!
  • What is your target infrastructure beyond servers? What percentage of discovery have you agreed on? What attributes are critical? In my experience 85% is realistic, 95% is optimistic, 100% is fantasy – just like anti-virus software, you’re only as good as your last scan and your environment is constantly evolving, not to mention there are always exceptions that can’t be discovered due to various reasons.
  • Is your infrastructure managed in-house, offshore, or it is outsourced? If outsourced, will existing contracts cover the obligations of a successful deployment? If you use offshoring, the cost may be cheaper, but be prepared to extend your timelines anything up to 6 times for effort involved. If outsourcing, make sure the contract covers all prerequisites of deployment or be prepared to sacrifice some success criteria.
  • Does your team, or department have the prerequisite skills for Discovery and data quality analysis? This is going to affect your resourcing costs, particularly if you find 3 months into the project that you have to hire relevant subject matter experts (SME) because the team you assembled doesn’t know what they are doing. If you are using an offshore model double your due diligence efforts!

Finally, after assessing all the questions above and risks that they represent, it’s worth considering if there are any other projects that may benefit, or be impacted by, the deployment of BMC Discovery. There may even be some projects that will impact Discovery itself.

  • Are there projects involving the existing CMDB that will impact the sync timescales?
  • Are there tools or projects that can be replaced by functionality from Discovery?
  • Are there tools or policies that will have an effect on the timescales or functionality of Discovery?

Arguably, some of these questions can be addressed by vendor Proof of Concept and workshops before the project plan is developed, but in many cases I’ve seen spend commitments and project plans made before many of these questions are answered (or answered insufficiently), well before a qualified SME is hired and by then it’s too late.

There are other considerations that I hope to go into in future posts, but addressing these questions at the outset will give you a good firm foundation to base your Business Case on, and avoid even more expensive adjustments later where the reality on the ground hits.