Debugging, post-go-live

There are two midservers:

vm-sndevmid-01.its.yale.edu

vm-snprdmid-01.its.yale.edu

Any host that is getting discovered should be configured to respond to SNMP probes from both hosts.

example:

[db692@vm-sndevmid-01 ~]$ !snmpwalk
snmpwalk -v2c -On -c Spassword_goes_here dbgap.med.yale.edu sysname
.1.3.6.1.2.1.1.5.0 = STRING: dbgap.med.yale.edu

Probe Types (Out Of Box)

wmi, snmp, ssh, http, wins, dns, printer, osx, ip_phone

...

• port scanner runs against IPs to see what's open
• determines device type
• depending on type, runs applicable probes:
  • Windows: WMI & powershell
  • Unix: SSH
  • Printers: SNMP
  • Network Devices: SNMP
  • Web: HTTP headers
  • UPS: SNMP
• search the CMDB using weighted identifiers (serial, MAC, IP etc), do either of the following:
  • update/add matching CI
  • no-op

Questions/Answers

What does it find with _no credentials or bogus credentials? Yes, it's agent-less, but is it still basically an opt-in technology?_
You don't without customizations, and furthermore, this data is of no value on its own. This can be collected and inserted trivially with existing technology. Furthermore, this data cannot be used on its own to draw any conclusions. It therefore adds no value, and the recommendation from the technical team is that the hours be spent elsewhere.

How do we recommend Yale leverages this tool? Do we use it once and update every so often? Do we enable people to use this as an asset management import tool?
Insofar as this tool is designed to aid in automation of CMDB updates, it should be used wherever it does not undermine other stated assertions and principles. It should be used continuously to cover gaps in Change Management process. Federation with other CMDBs is on the table. The final recommendations will be presented in another document.

• How many MID servers and where, based on: security, firewall
  MIDs pull instructions and push data over https when talking to the cloud. MIDs probe behavior on the network depends on the probe type.

Assertions

• Must obey principle of least privilege for SN instance and MID Server
• We should net something; i.e., either quality of CMDB or speed of discovery should be better than without the tool

...

Result: Lots of useful data, no significant CI mapping activity

• cmdb_ci_win_server (1).pdf
• cmdb_ci_win_server (2).pdf
• cmdb_ci_win_server (3).pdf
• cmdb_ci_win_server (4).pdf

Windows Desktops (med school campus)

Result: Credential availability very sporadic, no significant CI mapping activity, waiting on gap analysis comparing discovery with a potential BigFix integration.

Windows Servers (whole subnet scan of 175)

Result: Lots of stuff found, more CI mapping of higher order assets like databases and IIS instance. Windows is satisfied and will be helping with broader scan schedules. Waiting on firewall discussion.

Network & Telephony

Waiting on DNO to respond to initial feeler about an SNMP pilot.

Implementation Plan

See CMDB Plan

Related Topics

Related Links

https://projects.yale.edu/ITS50/Project%20Documents/CMDB%20Blueprint%20Information/Fruition%20CMDB%20Blueprint%20and%20Service%20Categorization%20v1.pptx