Once OC Configurator is started, you will see different tabs for the configuration.
General settings tab
Initial settings
| OCID | Enter in this field your unique OCID give by Octopus. |
|---|---|
| OC Reporter Workspace ID | Enter in this field the general workspace ID created in OC Reporter. Without the workspace ID, OC Scanners will not know to which workspace they need to send the scanned data. |
| Enable auto updater | Switch this field to ON to let OC Scanners be able to auto-update themselves when new versions and features of OC Scanner are available. If this field is set to OFF, you will need to replace OC Scanners manually on the deployed machines. We highly recommend switching this option to ON. Once you switch the field to ON, it appears another field Pre-release update. This field allows you to get early bird updates before we officially release the next version. The features in the pre-release updates are well tested. If the Enable auto updater is set to OFF, you will see a button Download. Click this button to download the OC Scanner application into the same folder as OC Configurator. This is useful for copying the OC Scanners with their depending scan files to the scanner machines. |
Other settings
Advanced configurations can be done in the Other settings section.
| Ping timeout [ms] | The default value is 200ms. We recommend keeping the default value except there is a reason to change it. |
|---|---|
| Number of threads | This option is in the beta state. It allows OC Scanners to use more than one thread for the scans. We recommend keeping the value 1, to avoid unexpected results. |
| API Url | is field is used primarily for the agent-based scan approach. Enter in this field the URL of OC Configurator API, e.g. https://[oc-configurator-api-server-address]/Service.svc. The agent-based OC Scanners will then know to which OC Configurator API server they need to send the inventoried data. |
| Instance-ID in Ref-IDs | The instance ID is a unique identifier of each OC Scanner. OC Scanners create for each scanned object (server, AD user, installed software, etc.) a reference identifier (Ref-ID), this reference ID is taken e.g. from the SID for AD users and is not always unique. To avoid that two objects get the same reference ID, we can add to each object additionally the instance ID of OC Scanner, which will make the reference ID with certainty unique. We highly recommend switching this option to ON. |
| Add console users to RDS | The configuration is used to mark users who can log in to the machine over the hypervisor console. If this option is set to ON, all users will be counted for the RDS licenses, which are able to log in over the hypervisor console to the target machine. In most cases, this option is set to OFF. |
| Use FIPS | FIPS configuration is used to decide which encryption algorithms should be used to decrypt the scan files. By default, non-FIPS algorithms are used. That means if an OC Scanner runs in the environment where FIPS is enabled through policy, OC Scanner will not be able to decrypt the scan file and scanning will fail. Switch this option to ON if you have FIPS machines in your environment to scan. |
| Add additional user attributes to scan |
In this field, you can enter per line an AD or local user attribute, which you want to scan additionally by OC Scanner. The scanned additional attributes will be shown for the users comma-separated in OC Reporter in the user field “Other attributes”. |
| Add additional server attributes to scan |
In this field, you can enter per line an AD or local server attribute, which you want to scan additionally by OC Scanner. The scanned additional attributes will be shown for the servers comma-separated in OC Reporter in the server field “Other attributes”. |
| User attributes to ignore | OC Scanner is scanning license relevant and also not license relevant information, like e-mail address, of users from different sources. In this field, you instruct OC Scanner not to send specific attributes to OC Reporter. This could be for instance the email address, phone number, or other attributes of users. |
| Server attributes to ignore | OC Scanner is scanning license relevant and also not license relevant information of servers from different sources. In this field, you instruct OC Scanner not to send specific attributes to OC Reporter. |
| Add HKEY paths to scan | In this field, you can enter per line a full HKEY path of which you want to scan the value. If multiple HKEY paths entered, then they will be shown comma-separated in OC Reporter in the server field “HKEY”. |
| Add additional software vendors |
By default, OC Scanner is only collecting Microsoft relevant software. You can add in this field per line other vendor names (Regex possible), which should be included in the software scan scope. The expression “.*” (asterisk) would include all vendors. |
Upload tab
In the Upload section, you define if and where the collected scan data send by OC Scanners to the OC Configurator API should be sent further. If you set Send scanned data to OFF, no inventoried data will be sent. The data will be stored in the Reports folder of OC Configurator or OC Scanner.
Sending Scanned Data To OC Reporter In The Octopus Cloud
Once you switch the Send scanned data to ON, you will see two options to send the scanned data. Usually to Octopus Cloud is selected, when OC Reporter is hosted in the Octopus Cloud, and you want to analyze the inventoried data in OC Reporter.
Sending Scanned Data To An On-Premises OC Reporter
When the Send scanned data option is set to ON, and you chose other as the option, you can define if you want to send the scanned data over HTTPS or over FTP. In the over HTTPS option, you enter in OC Reporter URL the URL of OC Reporter on-premises instance, e.g. https://[oc-reporter-server-address]. If you choose over FTP, you can configure the FTP connection. The over FTP option is deprecated and not recommended to use anymore, except there is a complex scenario that requires an FTP server to send the inventoried data, and the over HTTPS option is not possible.
Note: If OC Configurator and the on-premises OC Reporter are installed on the same server (what is usually the case) the Send scanned data option can be set to OFF because the OC Reporter will import the inventoried data directly from the Reports folder of the OC Configurator.
Storing Of Generated Inventory CSV Files
OC Scanner generates after finishing the scan process CSV inventory files in its own Reports folder. Don’t keep generated CSV files option allows you to control if you want OC Scanners to keep CSV inventory files in their own Reports folder on the machines where OC Scanners are deployed. If the option is set to ON OC Scanner will not save any CSV files in its Reports folder. It is recommended to set this option to ON for agent-based and agentless multiple scanner approaches.
Default Credentials tab
In this section, you can add credentials, which are going to be used multiple times in scan files. The main scenario of creating reusable credentials is for local workgroups or machines that share the same credentials.
Global Scheduler
In Scheduler tab, you can define a Windows scheduled task to make sure OC Scanner runs at specific intervals. In this way, you can get the latest inventoried data from the environment you are scanning. Please be aware that this is the global scheduler, which applies to all OC Scanners. If you have multiple OC Scanners in use, the recommended approach is to use the Scheduler tab of the scan file of the OC Scanners.
You can enter the following details:
|
Username and Password fields |
In these fields, enter the username and password of a local or domain admin of the machine on which you will install the OC Scanner. Note: You can also setup the Scheduler on the scan file level. You can leave the Username and Password fields empty if in the Servers tab you have only added one scan scope and the credentials added for that scan scope has enough rights to create a Scheduled Task for OC Scanner on the deployed machine. |
|---|---|
| Frequency | In this field, you can define how often OC Scanner should run in your environment. We recommend setting the frequency to Daily as this allows you to have up-to-date licensing data on a daily basis. |
| Start time | In this field, you can set a time when the OC Scanner should run automatically. |
Note: This section is mainly used by the agentless single scanner approach. For the multiple scanners approach the configuration of the scheduled task is usually set directly in the scan file, which also has a Scheduler tab.