Uploading disconnected scan results directly to the server (disconnected scenario)

Edit online

UNIX Windows 9.2.30 Available from 9.2.30. If computers with disconnected scanners have connectivity to the License Metric Tool server (direct or through a proxy), you can set up regular upload of scan results by providing parameters in the setup_config.ini file.

Before you begin

For this feature to work, both the License Metric Tool server and the disconnected scanner must be in version 9.2.30 or higher.
You must have the Manage Scan Uploads (previously: Manage Uploads) permission to perform this task. It is recommended to create a dedicated user in License Metric Tool that will be used specifically to upload results of disconnected scans.
This method is supported if you have one disconnected data source. If you have more disconnected data sources and you want to use this method, write and e-mail to talk2sam@us.ibm.com.
The License Metric Tool server must use the HTTPS protocol.
The computer from which you want to upload disconnected scan results must meet the following requirements.
- It must have cURL installed. In case of Windows, it is also possible to use PowerShell for the upload.
- It must have connectivity to the License Metric Tool server (direct or through a proxy) through the port that is used for REST API data traffic (9081 by default).

Procedure

On the computer from which you want to upload disconnected scan results, go to the <scanner_install_dir>/config directory, and open the setup_config.ini file.
Provide the address of the License Metric Tool server to which packages with disconnected scan results will be uploaded. Provide it in the following parameter.
- For application update 9.2.41 and earlier: LMT_SERVER_URL
- For application update 9.2.42 and later: DATA_UPLOAD_URL
Provide the parameter in the following format: <IP address or host name>:<port>. For example: 192.0.2.0:9081 or example.hostname.com:9081.
Provide the token of the user that will be used to upload disconnected scan results to the License Metric Tool server. Provide it in the following parameter.
- For application update 9.2.41 and earlier: LMT_SERVER_API_TOKEN
- For application update 9.2.42 and later: DATA_UPLOAD_TOKEN
You can obtain the token in one of the following ways.
- By using REST API. For more information, see: REST API for retrieving authentication token.
- From the user interface. Log in to License Metric Tool, hover over the User icon , and click Profile. Then, click Show token.
When you run the automation/configure.sh or automation/configure.bat script, the token is saved in the obfuscated form.
Provide the preferred upload method: CURL or POWERSHELL. Provide it in the following parameter.
- For application update 9.2.41 and earlier: LMT_SERVER_UPLOAD_METHOD
- For application update 9.2.42 and later: DATA_UPLOAD_METHOD
cURL is the default method. When you select PowerShell, the built-in PowerShell script for uploading scan results is executed with the 'Bypass' execution policy.
When you select cURL, ensure that the following requirements are met.
1. Optional: If you do not have cURL located in the PATH environment variable, provide the full path to cURL in the CURL_PATH parameter. For example:
  - /usr/bin/curl
  - C:\Program Files\curl\curl.exe
2. Optional: If a proxy server is set up between the computer from which you are uploading the disconnected scan results and the License Metric Tool server, provide proxy parameters in the CURL_PARAMETERS parameter.
```
CURL_PARAMETERS="-k -s -x <user>:<pwd>@<protocol>://<server_url>:<server_port>"
```
  Important:
  - The set of required parameters depends on the settings of your proxy server.
  - The value of the parameter must be provided with quotation marks on Linux and without quotation marks on Windows.
  Where:
  
  <user>
  
  Name of the user that is used to connect to the proxy server.
  
  <pwd>
  
  Password of the user that is used to connect to the proxy server.
  
  <protocol>
  
  Protocol that is used to connect to the proxy server, either http or https.
  
  <host>
  
  IP or host name of the proxy server.
  
  <port>
  
  Port of the proxy server.
For the changes to take effect, run the automation/configure.sh or automation/configure.bat script.

Results

Upload of packages is scheduled to run regularly. When the package is successfully uploaded to the disconnected data source, it is removed from the file system of the computer on which the scan was ran.

What to do next

To increase security of uploading disconnected scan results, see: Increasing security of uploading disconnected scan results to the server.