This article completes the BMC Discovery Outpost FAQs available at the official Discovery documentation.

(On prem) What are the most pertinent benefits of Outposts compared to scanners/proxies ?

Replacing a group of scanners/proxies by a group of outposts reduces the maintenance efforts. For example, scanners will require individual TKU (Technology Knowledge Update) and OSU (OS Upgrade) upgrades, not outposts. Proxies will require to be upgraded manually too. Whereas by default outposts will automatically be updated. 

Using a group of outposts should also consume less hardware than a group of scanners/proxies.

It is simpler to deploy/monitor/maintain/manage N outposts behind a firewall compared to deploy 1 scanner and N proxies.

Finally, a group of outposts requires less open ports compared to a group of scanners/proxies.

(On prem) What are the most pertinent differences between Outposts and proxies ?

Proxies can only scan windows IP. Outposts can scan everything.

Proxies can't have their own credentials. Outposts can.

Proxies are not password protected. Outposts are.

Proxies can't have their own credential broker settings. Outposts can.

Proxy upgrades are manual. Outposts upgrades are automated.

Proxies can't manage scopes. Outposts can.

It could be easier to open the Outpost default port (443) compared to the proxy ports (4321, 4323)

Is it mandatory to use Outposts ?

In Saas, yes.

On prem, no. Scans can also be done from the appliance and from proxies 

(On prem) Is this always recommended to replace proxies by outposts?

No. As long as you are satisfied by proxies and you don't need the outpost features, it's reasonable to keep using proxies.  

(On prem) Can a scanner be replaced by an outpost ?

Yes. 

(On prem) How many outposts should be used to replace 1 scanner?

Yet in some situations it can be a 1:1 ratio, but in others It may require more than 1 outpost.

(On prem) Can a consolidator be replaced by an Outpost ?

No.

Can Outposts use an existing Windows Proxy?

No. Outposts have a built-in proxy (and may create their own additional built-in outpost proxy services after adding Active Directory credentials).

How is the outpost load balanced?

The system can balance load across Outposts in a limited/static way. It initially balances the load, but after that, the scans with "anything suitable" keeps re-using the same outposts that used to successfully scan each IP until:

• • the outpost is reinstalled
  • the outpost is removed and registered again
  • the IP is excluded from the outpost that used to scan it
  • the IP is successfully rescanned with a specified outpost (instead of "anything suitable")

In the other cases, even if the scan fails, even if the reused outpost is down, the IP won't be assigned to another outpost.

Can two Outposts be installed on the same Windows Server?

No. A second installation will just override/replace the existing outpost.

Is it recommended to clone Outpost servers?

No. There are procedures to import the credentials and drivers from another outpost.

In case an outpost was cloned, then the cloned outpost should be uninstalled and then reinstalled instead. 

Is it still possible to scan from the appliance when an outpost is configured?

On prem: Yes, with valid credentials on the appliance. But will only be possible to scan Windows endpoints from the appliance if the appliance has a working PowerShell credential.

In SaaS: Only outposts can scan.

How to configure a scan when the appliance and/or outposts are restricted to some subnets?

Use "anything suitable" in the configuration of the Discovery run. Discovery will then select the proper outpost or the appliance itself to scan each endpoint.

How to set a scan using "anything suitable" when outposts should be restricted to scanning specific IPs or subnets?

Connect to the Outpost UI then go to Manage > Configuration > IP Ranges and set the allowed and/or excluded IP ranges to scan.

(On prem) Is it possible to force Discovery to only use outposts to scan?

Yes. In the UI of the appliance, go to Manage > Outposts and Proxies, then disable the option "Discovery is Enabled for all IP addresses on this Appliance"

Do Outposts share their credentials with all the registered appliances?

No.

Can the credentials be exported/imported from an Outpost to another one?

Yes, the outpost credentials (except for the AD credentials) can be exported from 1 outpost then imported to another outpost with this documented procedure, (See the section "To export the credential vault").

Can Outposts be registered with multiple Discovery appliances ?

Yes. Yet, note that by default an outpost will be updated as soon as the first of the appliances it is connected to will be upgraded or updated to a new TKU.

How to upgrade Outposts?

By default an outpost will be updated as soon as the first of the appliances it is connected to will be upgraded or updated to a new  TKU. See Upgrading the BMC Discovery Outpost.

Is it possible to replace the https certificate of an Outpost?

Yes. But it is not yet possible to do it from the outpost UI. More information here, and also in this blog article.

Where are the Outpost logs?

When using the default installation path, the main logs are stored in C:\Program Files\BMC Software\Discovery Outpost\log and the outpost proxy logs are stored in C:\Program Files\BMC Software\Discovery Outpost\runtime\*\log , where * can be multiple sub-folders.

How much swap should be allocated to an outpost?

This documentation page provides different minimum requirements (CPU, RAM, OS) but it does not cover the swap because BMC has no recommendations about that. Discovery administrators often chose to set a swap size 2x bigger than the ram.   

Does BMC provide OVAs or docker images for outposts installations?

No. Windows installers for outposts can be downloaded from Manage > Outposts & Proxies > Outposts in every appliance UI. See the documentation for more information on the system requirements for an outpost installation.

Does Outpost Auto-Update works when the connection is disabled ?

Yes, if auto‑updates are enabled, the Outpost will still be updated automatically, even when the outpost connection is in disabled state.                     

How to find the list of supported compatible browsers for Outpost?

Please refer this documentation 

How to log in to the Discovery Outpost ?

Please refer this documentation

There are two different types of access for a BMC Discovery Outpost:

A] Credential Management Access – used to view and edit discovery credentials. When you manage credentials from the Discovery UI, the system automatically logs you into the Outpost using your authenticated Discovery user account. This access only allows you to work with credentials.

B] Administration Access – used to manage and configure the Outpost itself. To manage the Outpost itself, you must log in using the local Outpost Administrator account, which is created during installation.

Credential‑management access does not grant Outpost admin rights, and Outpost admin access does not grant credential‑management rights.

How to reset / recover the password of Outposts administrator user?

Please refer this documentation

What is the architecture of Outposts?