Disconnected scan configuration
Available from 9.2.5.
Disconnected scans allow for discovering
software and hardware inventory on computers that do not have connection to the BigFix® server. Scripts that are provided in the
disconnected scanner package initiate software and capacity scans, and create a package with scan
results that you later upload to License Metric Tool.
Restriction
- You must obtain the approval from IBM Compliance to use disconnected scans. To request an approval, contact your Sales Representative who will instruct you on how to contact IBM Compliance. Approval of IBM Compliance is not required if you manage disconnected scanners with Red Hat Ansible by using playbooks that are delivered with License Metric Tool. For more information, see: Managing disconnected scans with Ansible.
- Disconnected scans can be used when the BigFix client cannot be installed due to technical, legal, business, or security reasons, or other valid justification. An exception is IBM iSeries. Because the BigFix client is not available on IBM i, disconnected scans are the only method of software and hardware discovery on IBM i systems, and approval from IBM Compliance is not required.
- Disconnected scanner for IBM Virtual Capacity can be deployed only on supported and eligible operating systems.
Disconnected scanner architecture
You can install the disconnected scanner on computers on which the BigFix client cannot be installed. The scanner runs software and capacity scans, and creates a results package. You transfer this package from the scanned computers to a disconnected data source which is a dedicated directory that you create on the computer where the License Metric Tool server is installed. You can transfer the results packages manually, or you can create automation scripts that are based on a technology of your choice. Data from the disconnected data source is uploaded to License Metric Tool during the import.
Apart from the disconnected scanner, you can also install a VM Manager Tool in disconnected mode to collect data from VM managers. Disconnected scanner packs this data together with results of software and capacity scans to a single results package. Thus, VM Manager Tool in disconnected mode must be installed on a computer on which the disconnected scanner is also installed.
Disconnected scanner package
- Scanner
- Configuration files
- Scripts that run the scans and create a package with scan results. The scripts initiate software and capacity scans, gather scan results, and adjust them to the format that is compatible with License Metric Tool. If the scripts are not appropriate for your environment, you can edit and customize them, or create new scripts that better fit your needs.
Scalability
- Run the software scan weekly.
- Distribute the import of results packages over the week so that a subset of packages is imported every day. For example, import 5,000 packages every day from Monday to Friday.
- Set up automatic removal of packages with scan results from the disconnected data source after the results are successfully imported to License Metric Tool. To automatically remove the packages, go to , and set the delete_successfully_imported_scans parameter to true.
- Configure the transaction logs size and increase the Java heap size. For more information, see: Tuning performance in medium and large environments.
- Change the ulimit -n value to 4096.
Scan frequency
For information about default and minimal scan frequency as well as recommended frequency of importing scan results, see: Frequency of scans and uploads of data.
Multiple environments
- Every computer reports in only one of the environments.
- Packages with results of disconnected scans from one environment are not uploaded to License Metric Tool that monitors the other environment.
Limitations
- The disconnected scanner cannot be used to collect software and hardware inventory data from the
following hypervisors:
- KVM
- PowerKVM
- Xen, Citrix XenServer, Citrix Hypervisor
- Optimized mode of scanning remote shared file systems is not supported.
- Information that is provided in the Operating System column might be slightly different for the computers that are scanned by the disconnected scan, and the computers that are scanned by a regular scan.