AWS Partner Network (APN) Blog

Enhance Security and Amazon EC2 Visibility with BMC Helix Discovery and AWS Systems Manager

By Scott Kellish, Sr. Partner Solution Architect – AWS
By Andy McCall, Sr. Director – BMC Helix Discovery Product Development


The business adage “You can’t manage what you can’t measure” has been around much longer than today’s complex multi-cloud infrastructures, but it has never been more applicable.

To successfully move to the cloud and then manage your hybrid infrastructure, you must know what you have and how all of the components relate to each other.

This requires comprehensive discovery and dependency mapping capabilities across your entire environment, including the public cloud, with its increased scale and security boundaries.

The scale made possible by Amazon Web Services (AWS) brings with it additional boundaries to traverse—be it operating across account, regional, or security boundaries—which make it difficult to fully see a customer’s hybrid landscape.

The new integration between BMC Helix Discovery and AWS Systems Manager solves this challenge, simplifying the overall discovery process with increased security scanning and comprehensive, dynamic mapping across complex, multi-cloud environments and infrastructure.

BMC Software is an AWS Partner and global leader in innovative solutions that enables businesses to transform into digital enterprises. BMC has AWS Competencies in DevOps and Migration, and is a member of the AWS Public Sector Partner Program.

Drive Enterprise Management Excellence

Discovery systems are nothing new. BMC Helix Discovery has been around in some form for 15 years, originally operating in on-premises environments and eventually expanding to meet today’s cross-platform requirements.

While the devices it discovers have evolved, the fundamental necessity of discovery has not.

It’s always been critical for organizations to know what they have and how the pieces are connected in order to drive efficiency and effectively manage their infrastructure.

BMC Helix Discovery enables IT teams to optimize spend, particularly OpEx, by gaining visibility into user licenses and wrangling shadow IT. It also facilitates stronger security and governance.

If something goes wrong or a user complains, BMC Helix Discovery helps users understand what assets exist and how they depend on each other, so they can more easily detect vulnerabilities and remediate issues. As a result, IT can keep their service level agreements (SLAs) and improve end user experience.

BMC Helix Discovery does these things particularly well—and now, it can easily and securely reach Amazon Elastic Compute Cloud (Amazon EC2) instances from the inside as you maintain AWS best practices for security. This is made possible by BMC Helix Discovery’s new integration with AWS Systems Manager.

A cloud-native, agentless system, BMC Helix Discovery automates asset discovery, identifies systems in the network, and obtains relevant information as quickly as possible and with the lowest impact, using a variety of different tools and techniques to communicate.

BMC Helix Discovery covers the standards, like on-premises databases, custom and enterprise software, network devices, mainframe, storage, physical services, and middleware, as well as newer destinations like virtual machines, converged infrastructure, containers, and cloud services.

With BMC Helix Discovery, you can:

  • Find it: Guarantee data accuracy and reduce costs to collect data center inventory, configuration, and relationship data via an automated discovery process.
  • Manage it: Leverage rich data to improve IT processes and productivity by replacing guesswork with data-driven decisions.
  • Optimize it: Add business context to IT management processes by understanding how the data center infrastructure supports business applications.

Automated Access to Amazon EC2 Instances

Until recently, public cloud instances like Amazon EC2 were challenging to reach. Often, IT teams had to manually find information using Secure System Shell (SSH) to access the instances remotely.

This process demanded cumbersome SSH key management, multiple scans and overlapping IP address space awareness, and approvals from the Security Advisory Board, which often issued credentials or exceptions per instance, for each individual scan.

Enabling SSH access to EC2 instances also introduces security concerns, with the possibility of leaving ports open, access credentials being compromised, and providing entry points for malfeasance. Overall, it‘s a tedious, time- and resource-consuming process with significant exposure risk.

The new integration between BMC Helix Discovery and AWS Systems Manager changes that. It’s the first in the industry to offer an integrated way to more easily and securely identify and dynamically map all resources on EC2 instances.

This approach, depicted in Figure 1, maintains firewall rules and access controls while performing a full discovery of the entire environment, including what software and processes are running on an EC2 instance to enable dependency mapping.


Figure 1 – BMC Helix Discovery infrastructure using AWS Systems Manager.

With the visibility enabled by the AWS Systems Manager integration, BMC Helix Discovery users can:

  • Run detailed, credentialed scans securely through AWS.
  • Minimize or eliminate manual efforts.
  • Create dynamic, real-time maps with interdependencies.
  • Realize significant cost savings by optimizing both time and resources.
  • Achieve service and operations management efficiencies with a holistic view of how the entire infrastructure is working together, including enabling proactive/predictive issue management.

The BMC Helix Discovery library includes over 650 patterns for industry-leading software such as Oracle, SAP, IBM, HP, VMware, Hadoop, Citrix, and more. When you add in the number of supported product variations and versions, the number of patterns is in the tens of thousands.

BMC continually expands the library of patterns BMC Helix Discovery uses to identify infrastructure devices and software products deployed in the customers environment.

Adding to its growing base of over 40 discoverable AWS services, BMC Helix Discovery recently added support for discovering AWS Outposts running in customers’ on-premises environments and the AWS resources running on Outposts.

With the integration between BMC Helix Discovery and AWS System Manager, you can maintain a high security standard for your AWS workloads while achieving the level of detail required to proactively manage your environment.


Moving to the cloud and managing a hybrid infrastructure requires a deep and detailed understanding of what you have and how each component relates to the rest.

As the breadth of services and features offered by the AWS Cloud continues to expand, so do the security and perimeter protection requirements and mechanisms continue to evolve.

The new integration between BMC Helix Discovery and AWS Systems Manager welcomes this evolution. It enables BMC Helix Discovery to more easily identify and dynamically map all resources on Amazon EC2 instances, while respecting customers’ need for increased perimeter protection as they seek to reduce attack vectors such as SSH ingress points.

As a result, IT teams can increase visibility, improve security, and gain the insights they need to manage their infrastructure more efficiently and effectively.

To learn more about the new integration between BMC Helix Discovery and AWS Systems Manager, read the press release, watch the webinar, explore BMC Helix Discovery, or start your free trial.


BMC Software – AWS Partner Spotlight

BMC Software is an AWS Competency Partner that offers a comprehensive set of solutions for the management of dynamic, cloud-based applications and the monitoring and provisioning of AWS infrastructure.

Contact BMC Software | Partner Overview | AWS Marketplace

*Already worked with BMC Software? Rate the Partner

*To review an AWS Partner, you must be a customer that has worked with them directly on a project.