From SNCWiki

Discovery
Getting Started Discovery Agentless Architecture Discovery Made Easy Setting up Discovery Discovery Credentials Discovery Schedules Network Discovery Importing IP Ranges Discovery Classifications Discovery Classification Parameters Discovery Identifiers Discovery Status Discovery Behavior Load Balancing Multiple Domains Access Control Lists (ACL) MID Server Plugin MID Server Requirements for Discovery MID Server Installation MID Server Configuration Probes and Sensors Shazzam Probe Parameters Port Probes Database Catalogs Custom Probe - Text File Discovery FAQ Data Collected by Discovery Discovery Bandwidth Debugging Network Discovery Discovery Resource Utilization Application Dependency Mapping
Related Topics
ECC Queue Useful Related Lists in CI Forms Get the Book

Functionality described here requires the Discovery plugin.

Contents 1 Overview 2 How Discovery Works 3 What Discovery Does with the Information 4 Discovery Architecture 5 Discoverable Windows Operating Systems 6 Discovery vs. Help the Help Desk

Overview

Service-now.com's Discovery application finds computers and other devices connected to an enterprise's network.  Once Discovery finds a computer or device, it will then explore its configuration, provisioning, and current status and update the CMDB accordingly. On computer systems, Discovery will also find what software is running, and any TCP connections between computer systems – thereby finding all the relationships between computer systems (such as an application on one server that uses a database on another server).

Discovery is available as a separate subscription from the rest of the Service-now platform, and can be installed by making a request to Service-now Customer Support using the Request Plugin Activation module from /hi.

To configure and begin using Discovery, see Setting up Discovery.

How Discovery Works

Discovery uses conventional techniques and technology to extract information from computers and other devices. It uses a wide variety of probes (simple commands or queries) to gather information, and matching sensors (small, simple programs, usually in JavaScript that you can modify) to analyze that information and load it into the CMDB. Discovery uses these probes and sensors to explore any given computer or device, starting first with basic probes and then using more specific probes as it learns more.

Discovery finds out about the existence of any device connected to the network by using the Shazzam probe to determine what TCP ports are open, and whether the device responds to SNMP queries. From this information, Discovery infers what kind of device is at that IP address – a Unix server, a Windows computer, network switch, and so on.

For each type of device, Discovery uses different kinds of probes to extract more information about the computer or device, and the software that's running on it:

• Windows computers and servers: remote WMI queries, shell commands
• Unix and Linux servers: shell command (via SSH)
• Printers: SNMP queries
• Network gear (switches, routers, etc.): SNMP queries
• Web servers: HTTP header examination
• Uninterruptible Power Supplies (UPS): SNMP queries

What Discovery Does with the Information

The information that Discovery gathers about devices can be used to update the Configuration Management Database (CMDB) automatically. Discovery employs Identifiers to search the CMDB for Configuration Items (CI) that match devices discovered in the network. These Identifiers can be configured to instruct Discovery to take certain actions when device matches are made or not made. There are three possible result states that Discovery recognizes:

• When a discovered device is found to match an existing CI in the CMDB, then continue Discovery and update the CI.
• When a discovered device is not found to match an existing CI, then continue Discovery and create a new CI in the CMDB.
• Take no action in the CMDB, whether a match is made or not. Discovery stops after the identification process.
  

Discovery Architecture

Service-now is normally hosted in Service-now's data center, and it does not have the ability to access the enterprise's network – but Discovery needs access to do its job. Many enterprises have multiple networks, often separated by slow WAN links or security barriers – and Discovery needs access to all of them.

Discovery uses special server processes (called MID servers), with one or more located on each enterprise network that has computers or devices to be discovered. Each MID server is a lightweight Java process that can run on a Linux, Unix, or Windows server. A dedicated server is not required, as the MID server's resource consumption is quite low (and is controllable). The MID server's job during Discovery is simply to execute probes and return the results back to the Service-now instance for processing; it does not retain any information. In effect, a MID server is a remote extension of the Service-now instance, on an enterprise network.

MID servers communicate with the Service-now instance they are associated with by a simple model: they query the instance for probes to run, and they post the results of probes they've completed back to the instance. The MID server starts all communications, using SOAP on HTTPS – which means that all communications are secure, and all communications are initiated inside the enterprise's firewall. No special firewall rules or VPNs are required.

Discovery is agentless - meaning that it does not require any permanent software to be installed on any computer or device to be discovered. The MID server uses several techniques to probe devices without using agents. For example, the MID server will use SSH to connect to a Unix or Linux computer, and then run a standard command (such as uname or df) to gather information. Similarly, it will use the Simple Network Management Protocol (SNMP) to gather information from a network switch or a printer.

For more details, see Discovery Agentless Architecture.

Discoverable Windows Operating Systems

Discovery can classify and discover Windows servers and workstations that use the following operating systems:

• Windows NT Server
• Windows 2000 Server
• Windows 2003 Server
• Windows 2008 Server
• Windows XP
• Windows Vista
• Windows 7

Discovery vs. Help the Help Desk

Help the Help Desk is a standard Service-now feature available through the self-service application (Self Service > Help the Help Desk). It will gather information (much as Discovery does) about a single Windows computer by running a script on that computer. Discovery does many things that Help the Help Desk can not do. Here's a comparison of the two:

Capability	Discovery	Help the Help Desk
Automatic discovery by schedule
Automatic discovery on user login
Manually initiated discovery
Windows workstations
Windows servers
Linux systems
Unix systems (Solaris, AIX, HP-UX, Mac (OSX))
Network devices (switches, routers, UPS, etc.)
Printers
Automatic discovery of computers and devices
Automatic discovery of relationships between processes running on servers