Getting Started with Agentless Discovery
From SNCWiki
| Line 11: | Line 11: | ||
To configure and begin using Discovery, see [[Setting up Discovery|'''Setting up Discovery''']]. | To configure and begin using Discovery, see [[Setting up Discovery|'''Setting up Discovery''']]. | ||
| - | <br> | + | <br> |
= How Discovery Works = | = How Discovery Works = | ||
| - | Discovery uses conventional techniques and technology to extract information from computers and other devices. It uses a wide variety of [[Discovery Probes and Sensors|probes]] (simple commands or queries) to gather information, and matching ''sensors'' (small, simple programs, usually in JavaScript that you can modify) to analyze that information and load it into the CMDB. | + | Discovery uses conventional techniques and technology to extract information from computers and other devices. It uses a wide variety of [[Discovery Probes and Sensors|'''probes''']] (simple commands or queries) to gather information, and matching ''sensors'' (small, simple programs, usually in JavaScript that you can modify) to analyze that information and load it into the CMDB. Discovery uses these probes and sensors to explore any given computer or device, starting first with basic probes and then using more specific probes as it learns more.<br> |
Discovery finds out about the existence of any device connected to the network by using standard "ping" (ICMP protocol) probe to see what IP addresses respond. Once Discovery knows the IP address of a device, it then checks (with more probes) to see what TCP ports are open, and whether the device responds to SNMP queries. From this information, Discovery infers what kind of device is at that IP address – a Unix server, a Windows computer, network switch, and so on.<br> | Discovery finds out about the existence of any device connected to the network by using standard "ping" (ICMP protocol) probe to see what IP addresses respond. Once Discovery knows the IP address of a device, it then checks (with more probes) to see what TCP ports are open, and whether the device responds to SNMP queries. From this information, Discovery infers what kind of device is at that IP address – a Unix server, a Windows computer, network switch, and so on.<br> | ||
| Line 44: | Line 44: | ||
Service-now is normally hosted in Service-now's data center, and it does not have the ability to access the enterprise's network – but Discovery needs access to do its job. Many enterprises have multiple networks, often separated by slow WAN links or security barriers – and Discovery needs access to all of them. | Service-now is normally hosted in Service-now's data center, and it does not have the ability to access the enterprise's network – but Discovery needs access to do its job. Many enterprises have multiple networks, often separated by slow WAN links or security barriers – and Discovery needs access to all of them. | ||
| - | Discovery uses special server processes (called [[MID Server Plugin|MID servers]]), with one or more located on each enterprise network that has computers or devices to be discovered. Each MID server is a lightweight Java process that can run on a Linux, Unix, or Windows server. A dedicated server is not required, as the MID server's resource consumption is quite low (and is controllable). The MID server's job during Discovery is simply to execute probes and return the results back to the Service-now instance for processing; it does not retain any information. In effect, a MID server is a remote extension of the Service-now instance, on an enterprise network. | + | Discovery uses special server processes (called [[MID Server Plugin|'''MID servers''']]), with one or more located on each enterprise network that has computers or devices to be discovered. Each MID server is a lightweight Java process that can run on a Linux, Unix, or Windows server. A dedicated server is not required, as the MID server's resource consumption is quite low (and is controllable). The MID server's job during Discovery is simply to execute probes and return the results back to the Service-now instance for processing; it does not retain any information. In effect, a MID server is a remote extension of the Service-now instance, on an enterprise network. |
MID servers communicate with the Service-now instance they are associated with by a simple model: they query the instance for probes to run, and they post the results of probes they've completed back to the instance. The MID server starts all communications, using SOAP on HTTPS – which means that all communications are secure, and all communications are initiated ''inside'' the enterprise's firewall. No special firewall rules or VPNs are required. | MID servers communicate with the Service-now instance they are associated with by a simple model: they query the instance for probes to run, and they post the results of probes they've completed back to the instance. The MID server starts all communications, using SOAP on HTTPS – which means that all communications are secure, and all communications are initiated ''inside'' the enterprise's firewall. No special firewall rules or VPNs are required. | ||
| Line 50: | Line 50: | ||
Discovery is agentless - meaning that it does not require any permanent software to be installed on any computer or device to be discovered. The MID server uses several techniques to probe devices without using agents. For example, the MID server will use SSH to connect to a Unix or Linux computer, and then run a standard command (such as uname or df) to gather information. Similarly, it will use the Simple Network Management Protocol (SNMP) to gather information from a network switch or a printer. | Discovery is agentless - meaning that it does not require any permanent software to be installed on any computer or device to be discovered. The MID server uses several techniques to probe devices without using agents. For example, the MID server will use SSH to connect to a Unix or Linux computer, and then run a standard command (such as uname or df) to gather information. Similarly, it will use the Simple Network Management Protocol (SNMP) to gather information from a network switch or a printer. | ||
| - | For more details, see [[Discovery Agentless Architecture|Discovery Agentless Architecture]]. | + | For more details, see [[Discovery Agentless Architecture|'''Discovery Agentless Architecture''']]. |
<br> | <br> | ||
| Line 56: | Line 56: | ||
= Discovery vs. Help the Help Desk = | = Discovery vs. Help the Help Desk = | ||
| - | [[Help the Help Desk|Help the Help Desk]] is a standard Service-now feature available through the self-service application ('''Self Service --> Help the Help Desk'''). It will gather information (much as Discovery does) about a single Windows computer by running a script on that computer. Discovery does many things that Help the Help Desk can not do. Here's a comparison of the two: | + | [[Help the Help Desk|'''Help the Help Desk''']] is a standard Service-now feature available through the self-service application ('''Self Service --> Help the Help Desk'''). It will gather information (much as Discovery does) about a single Windows computer by running a script on that computer. Discovery does many things that Help the Help Desk can not do. Here's a comparison of the two: |
<br> | <br> | ||
Revision as of 01:04, 25 February 2010
| Discovery | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
| Related Topics | ||||||||
 Get the Book |
 | Functionality described here requires the Discovery plugin. |
 | Functionality described here requires the Admin role. |
Contents |
Overview
Service-now.com's Discovery application finds computers and other devices connected to an enterprise's network. Once Discovery finds a computer or device, it will then explore its configuration, provisioning, and current status and update the CMDB accordingly. On computer systems, Discovery will also find what software is running, and any TCP connections between computer systems – thereby finding all the relationships between computer systems (such as an application on one server that uses a database on another server).
Discovery has been available as a Service-now product since the Fall 2007 release. This product is available as a separate subscription from the rest of the Service-now platform, and can be installed by contacting Customer Support.
To configure and begin using Discovery, see Setting up Discovery.
How Discovery Works
Discovery uses conventional techniques and technology to extract information from computers and other devices. It uses a wide variety of probes (simple commands or queries) to gather information, and matching sensors (small, simple programs, usually in JavaScript that you can modify) to analyze that information and load it into the CMDB. Discovery uses these probes and sensors to explore any given computer or device, starting first with basic probes and then using more specific probes as it learns more.
Discovery finds out about the existence of any device connected to the network by using standard "ping" (ICMP protocol) probe to see what IP addresses respond. Once Discovery knows the IP address of a device, it then checks (with more probes) to see what TCP ports are open, and whether the device responds to SNMP queries. From this information, Discovery infers what kind of device is at that IP address – a Unix server, a Windows computer, network switch, and so on.
For each type of device, Discovery uses different kinds of probes to extract more information about the computer or device, and the software that's running on it:
- Windows computers and servers: remote WMI queries, shell commands
- Unix and Linux servers: shell command (via SSH)
- Printers: SNMP queries
- Network gear (switches, routers, etc.): SNMP queries
- Web servers: HTTP header examination
- Uninterruptible Power Supplies (UPS): SNMP queries
What Discovery Does with the Information
The information that Discovery gathers about devices can be used to update the Configuration Management Database (CMDB) automatically. Discovery employs Identifiers to search the CMDB for Configuration Items (CI) that match devices discovered in the network. These Identifiers can be configured to instruct Discovery to take certain actions when device matches are made or not made. There are three possible result states that Discovery recognizes:
- When a discovered device is found to match an existing CI in the CMDB, then continue Discovery and update the CI.
- When a discovered device is not found to match an existing CI, then continue Discovery and create a new CI in the CMDB.
- Take no action in the CMDB, whether a match is made or not. Discovery stops after the identification process.
Discovery Architecture
Service-now is normally hosted in Service-now's data center, and it does not have the ability to access the enterprise's network – but Discovery needs access to do its job. Many enterprises have multiple networks, often separated by slow WAN links or security barriers – and Discovery needs access to all of them.
Discovery uses special server processes (called MID servers), with one or more located on each enterprise network that has computers or devices to be discovered. Each MID server is a lightweight Java process that can run on a Linux, Unix, or Windows server. A dedicated server is not required, as the MID server's resource consumption is quite low (and is controllable). The MID server's job during Discovery is simply to execute probes and return the results back to the Service-now instance for processing; it does not retain any information. In effect, a MID server is a remote extension of the Service-now instance, on an enterprise network.
MID servers communicate with the Service-now instance they are associated with by a simple model: they query the instance for probes to run, and they post the results of probes they've completed back to the instance. The MID server starts all communications, using SOAP on HTTPS – which means that all communications are secure, and all communications are initiated inside the enterprise's firewall. No special firewall rules or VPNs are required.
Discovery is agentless - meaning that it does not require any permanent software to be installed on any computer or device to be discovered. The MID server uses several techniques to probe devices without using agents. For example, the MID server will use SSH to connect to a Unix or Linux computer, and then run a standard command (such as uname or df) to gather information. Similarly, it will use the Simple Network Management Protocol (SNMP) to gather information from a network switch or a printer.
For more details, see Discovery Agentless Architecture.
Discovery vs. Help the Help Desk
Help the Help Desk is a standard Service-now feature available through the self-service application (Self Service --> Help the Help Desk). It will gather information (much as Discovery does) about a single Windows computer by running a script on that computer. Discovery does many things that Help the Help Desk can not do. Here's a comparison of the two:
| Capability | Discovery | Help the Help Desk |
| Automatic discovery by schedule | yes | no |
| Automatic discovery on user login | no | yes |
| Manually initiated discovery | yes | yes |
| Windows workstations | yes | yes |
| Windows servers | yes | yes |
| Linux systems | yes | no |
| Unix systems (Solaris, AIX, HP-UX, Mac (OSX)) | yes | no |
| Network devices (switches, routers, UPS, etc.) | yes | no |
| Printers | yes | no |
| Automatic discovery of computers and devices | yes | no |
| Automatic discovery of relationships between processes running on servers | yes | no |
