Share via

Scanning manually or with a third-party software

  • Article

This article describes how to scan devices and deploy Movere bots manually, or using third-party software.

Although we recommend using the Movere Console to deliver Movere Bots to target devices you want to scan, Movere does support manual placement (direct copy), or third-party distribution (copy to multiple target devices using management tools, or a custom script) of bots.

You can place bots for both inventory scanning, and actual resource consumption scanning.

Before you begin

  1. Ensure that Windows devices and Linux distros are supported.
  2. Verify internet access. Devices that upload data payloads directly to the Movere cloud need internet access, and must be able to connect to Movere URLs.
  3. Check the permissions needed for scanning Windows and Linux devices.
  4. Check the Movere files you need to allow on target Windows and Linux devices.
  5. Check the ports used for scanning Windows and Linux devices.

Run a Windows scan

  1. In the Movere console > Getting Started, select First scan.

  2. To run an inventory scan, select Windows Devices.

  3. To run an actual resource consumption scan, select Windows ARC. You can only run a resource consumption scan together with an inventory scan.

  4. If you're running a resource consumption scan, in ARC, specify how often consumption data is collected, and for how long.

  5. Select Next.

  6. Optionally, you can choose to collect SQL consumption data.

  7. In Uploading Scans, select whether you want to automatically upload scans to the Movere portal, and whether you want to upload scans directly from scanned devices. Learn more about data upload options.

  8. In Manage Credentials, select Add.

  9. In Account type, select Windows.

    • You must add at least one account to begin a scan. You can add one or more accounts.
    • Add Windows credentials in the format domain\username.
    • The account isn't validated during this step.
    • Credentials aren't stored in plain text, and aren't uploaded to the cloud.
    • If you're scanning SQL data, ensure you have the SQL Server scanning permissions.
    • Learn more about scanning permissions.

  10. Close the Movere Console.

  11. If you enabled actual resource consumption scanning, verify as follows:

    • Review the following value in the Bot2 and Bot4 configuration files in the Bot2 and Bot4 folders, under the Movere Console folder.

      <add key="ArcEnabled" value="true" />

    • Confirm the frequency and duration values in both the Arc2 and Arc4 configuration files:

      • Scan frequency: <add key="FrequencyInMinutes" value="5" />
      • Scan duration (shown as the date ARC scanning will end): <add key="EndDateUtc" value="2020-06-25 07:22:51" />

    • Confirm the FQDN and IP address of the Movere Console device in the ServiceHostUrl field in the Arc2 and Arc4 configuration files:

      • <add key="ServiceHostUrl" value="MOVERE_DESKTOP.MICROSOFT.COM,10.0.0.001" />

  12. Open the Movere.Service.exe.config file using a text editor.

  13. Set the MaximumDevices value to a number higher than the total number of devices (servers and workstations) that you intend to scan.

    • Default value is 1000: <add key="MaximumDevices" value="1000" />
    • The MaximumDevices value places a limit on the number of token2 files that the Movere Console distributes.
    • The Console stops distributing token2 after the number of token2 files distributed reaches the MaximumDevices value. If this occurs, stop the current scan and increase the MaximumDevices value, then start a new scan.

  14. Save the Movere.Service.exe.config file.

  15. Create a folder (for example, Local) for the binaries that will be delivered to the target Windows devices.

  16. Copy the following files into the Local folder:

    • The Arc2 folder, containing the Movere.Arc2.exe and Movere.Arc2.exe.config files.
    • The Arc4 folder, containing the Movere.Arc4.exe and Movere.Arc4.exe.config files.
    • The Bot2 folder, containing the Movere.Bot2.local.exe and Movere.Bot2.local.exe.config files.
    • The Bot4 folder, containing the Movere.Bot4.local.exe and Movere.Bot4.local.exe.config files.
    • The FrameworkVerifier.exe file (located in the Console folder).
    • The Token.txt file located in the Console folder.

  17. After you create the folder, start the Movere.Service on the Console device using the following command:

    Movere.service.exe -upload -startlistener

  18. After the Movere.Service is installed and started, copy or distribute the local package created above to target Windows devices.

  19. Start the FrameworkVerifier.exe file on the target devices using the following command:

    • FrameworkVerifier.exe [consolehost.domain.com]:443
    • In the above example consolehost.domain.com can be the FQDN, short name, or IP address of the Movere Console device. We recommend using the FQDN or IP address to ensure successful communication with the Console.

  20. The FrameworkVerifier starts the appropriate Bot (Bot2 or Bot4) depending on the version of the .NET Framework running on each Windows target device.

  21. After the bot starts, it contacts the Movere Console device.

    • The device listens on port 443 internally.
    • The bot contacts the Console devices using the passphrase specified in the bots config file. If the PassPhrase matches, a Token2.txt file appears within the Local folder deployed to the target devices, and the scan begins.
    • The encrypted payload is uploaded either directly to the cloud from the target, or via the Movere Console.

Run a Linux scan

  1. In the Movere console > Getting Started, select First scan.

  2. To run an inventory scan, select Linux Devices.

  3. To run an actual resource consumption scan, select Linux ARC. You can only run a resource consumption scan together with an inventory scan.

  4. Select Next.

  5. If you're running a resource consumption scan, in ARC, specify how often consumption data is collected, and for how long.

  6. Optionally, you can choose to collect SQL consumption data.

  7. Close the Movere Console.

  8. If you enabled actual resource consumption scanning, verify as follows:

    • Movere uses a single configuration file for both inventory and resource consumption scanning for Linux devices.

    • Review the values in the Movere.Arc.Linux.Bot.xml configuration file, located in the in the Movere Console > LinuxBot folder.

    • Resource consumption scanning enabled: <ArcEnabled>true</ArcEnabled>

    • Scan frequency: <FrequencyInMinutes>5</FrequencyInMinutes>

    • Scan duration (shown as the date actual resource consumption scanning will end): <EndDateUtc>2020-06-25 07:22:51</EndDateUtc>

  9. Confirm the IP address of the Movere Console device in the ServiceHostUrl field in the Movere.Arc.Linux.Bot.xml configuration file:

    • For Linux scans, Movere populates the ServiceHostUrl field with the first active IP address of the Console device.
    • The IP address must have a prefix of https:// and suffixed with :443.

  10. Open the Movere.Service.exe.config file using a text editor.

  11. Set the MaximumDevices value to a number higher than the total number of devices (servers and workstations) that you intend to scan.

    • The default value is 1000: <add key="MaximumDevices" value="1000" />
    • The MaximumDevices value places a limit on the number of token2 files that the Movere Console distributes.
    • The Console stops distributing token2 after the number of distributed token2 files reaches the MaximumDevices value. If this occurs, stop the current scan and increase the MaximumDevices value, then start a new scan.

  12. Save the Movere.Service.exe.config file.

  13. Create a folder (for example, Local) that will house the binaries to be delivered to each targeted Linux device via the manual or third-party scan.

    • Copy the following files into the Local folder for CentOS 5.x and RHEL 5.x:
      • For 32-bit Linux systems:
        • Movere.Arc.Linux.Bot.x86
        • Movere.Arc.Linux.Bootstrap.x86
        • Movere.gpg.x86
        • Movere.Arc.Linux.Bot.xml
        • Token.txt
      • For 64-bit Linux systems:
        • Movere.Arc.Linux.Bot.x64
        • Movere.Arc.Linux.Bootstrap.x64
        • Movere.gpg.x64
        • Movere.tsql.x64
        • Movere.Arc.Linux.Bot.xml
        • Token.txt

    Note

    The correct bot binary (Movere.Arc.Linux.Bot.x64/x86) and XML config file must be placed in the same folder location as the corresponding Bootstrap binary. By default, Movere uses the home directory of the user running the Linux scan.

    • Copy the following files in the Local folder for all other supported Linux versions:
      • For 32-bit Linux system:
        • Movere.Arc.Linux.V2.Bot.x86
        • Movere.Arc.Linux.Bot.xml
        • Token.txt
      • For 64-bit Linux Systems:
        • Movere.Arc.Linux.V2.Bot.x64
        • Movere.Arc.Linux.Bot.xml
        • Token.txt

    Note

    The contents of the Token.txt file should be copied into a file named Movere.Arc.Linux.Bot.token for both V1 and V2 bots.

  14. After you create the folder, start the Movere.Service on the Console device using the following command:

    Movere.service.exe -upload -startlistener

  15. After the Movere.Service has been installed and started, copy or distribute the Local package created above to the target Linux devices, and start the Linux binary on the target devices using the appropriate command as a root user or with sudo:

    • For V1 bot in 32-bit Linux systems: ./Movere.Arc.Linux.Bootstrap.x86 -passphrase <pass_phrase> -servicehosturl <ip_or_hostname_of_console> [-debug]
    • For V1 bot in 64-bit Linux systems: ./Movere.Arc.Linux.Bootstrap.x64 -passphrase <pass_phrase> -servicehosturl <ip_or_hostname_of_console> [-debug]
    • For V2 bot in 32-bit Linux systems: nohup ./Movere.Arc.Linux.V2.Bot.x86 -passphrase <pass_phrase> [-debug] > Movere.log 2>/dev/null &
    • For V2 bot in 64-bit Linux systems: nohup ./Movere.Arc.Linux.V2.Bot.x64 -passphrase <pass_phrase> [-debug] > Movere.log 2>/dev/null &
    • The <ip_or_hostname_of_console> can be the Fully-Qualified Domain Name, short name, or IP address of the Movere Console device. We recommend using the IP address to ensure successful communication between the Linux targets and the Console.
    • The PassPhrase is pre-populated by Movere during Console installation and can be found in the Movere.service.exe.config file: <add key="PassPhrase" value="" />

  16. The commands above serve the following purpose:

    • For V1 bot: The Bootstrap starts the Linux bot, and contacts the Movere Console device listening on port 443 internally based on the servicehosturl provided above using the passphrase specified in the command string. If the passphrase matches, a Movere.Arc.Linux.Bot.token2 file appears within the Local folder deployed to the target devices, and the scan begins.
    • For V2 bot: The V2 Linux bot starts itself and contacts the Movere Console device listening on port 443 internally based on the servicehosturl obtained from the XML config file using the passphrase specified in the command string. If the passphrase matches, a Movere.Arc.Linux.Bot.token2 file appears within the Local folder deployed to the target devices, and the scan begins.

  17. The encrypted payload is uploaded either directly to the cloud from the target device, or via the Movere Console.

    Note

    The Linux bot must have access to the Movere Console when scanning manually or via a third-party software. Movere does not currently support scanning Linux without a Console.

Next steps

Learn more about scanning in Movere.