Tables of Contents
DISCOVERY Overview
Discovery roles
role | description |
|---|
discovery_admin | run discovery |
credential_admin | enter credentials |
|
|
|
|
|
|
CMDB Roles
| role | description |
|---|
ecmdb_admin
| manage cmdb Ci classes |
| itil_admin | allow access to CI Class Manager view and Health Reporting |
| cmdb_query_builder | allow access to create CMDB queries |
| itil | readonly access to call classes |
Discovery at Work
Discovery Phases
LAB 1.0 CMDB Overview
Validate your access:
|
|
|---|
| Use the email that you used to validate SN and AWS instances |
|
|
|
Access your ServiceNow Instance
CMDB and Dependency Views
Oracle DB Look Up
cmdb>database>oracle
click on PS ORA01
PS-ORA01 - Dashboard View
PS-ORA01 - Dependency Map
Legacy View Menu and Controls
Dependency Views maps contain the following menus and controls.
Map options
The following options are available across the top of the map.
| Menu to save, load and export views of the map. |
| <Root CI> | Next to the menu icon is the name of the current root node (CI) of the map. |
| Enter the name of a CI, application service, or business service to load into the map. Alternatively, you can start typing to have the auto-complete feature present a list of CIs and services that match your partial value. |
| Vertical | Display the map in vertical view. |
| Horizontal | Display the map in horizontal view. |
| Radial | Display the map in radial view. |
| Force | Centers the elements around the parent CI, regardless of upstream or downstream relationships. |
| Group | Groups the elements according to their CI type. |
| Details | Displays related lists such as Problems, Changes and Related Services that are associated with the selected CI.- Click a service to highlight the CIs that are associated with that service.
- Click Related Services, then double-click a service to display the map in the Event Management dashboard.
If the Event Management plugin is active, then events and alerts are also displayed. |
| Settings | Set filters for the map. |
| Use the navigation tools to increase or decrease the view of the map, rearrange the icons on the map, and move the map on the page.- Use the plus sign (+) to increase magnification of the map.
- Use the minus sign (-) to decrease magnification of the map.
- Click the center dot to center the map on the page.
- Use the direction arrows to move the page in that direction.
- Use the selection tool under the navigation tool to toggle between moving the entire map or moving one CI on the map.
|
The following options are available if you right-click the map background.
| Run Layout | Redraws the map with the current layout option. |
| Fit To Screen | Resizes the map to fit all the nodes in the map window. |
| Reset Filters | Performs the same action as the option. |
The following options are available if you right-click a node.
| View Form | Displays the CMDB record of the selected CI in a new tab of the browser. |
| View Map | Reloads the map using the selected CI as the new root node, with the currently defined layout setting. This option does not display on the root node. |
| View Related Tasks | Displays all tasks or outages associated with the selected CI, including incidents, problems, change requests, and follow-on tasks. This option is always available, even if there are no tasks associated with the CI. This option does not appear on collapsed nodes. |
| View Affected CIs | Shows a list of all tasks that have the CI listed as an Affected CI. This option is only visible when you access the map from the map icon in a task record's Configuration item field. |
| View Related Outages | Displays all outages involving the selected CI. This option only appears when there is an outage associated with the CI. This option does not appear on collapsed nodes. |
| Add Relationship | This option displays a dotted green line that you can drag to another CI to create a relationship link. A popup dialog allows you to define the relationship type. |
| Expand | Displays all CIs and components within a clustered node, or virtual groups (virtual nodes that appear when glide.bsm.too_many_children is reached). This option appears only if the node is a cluster node or a virtual group node. If Load More was previously used, then Expand reverts the results of the Load More operation. The number of additional icons to display is bound by the value of the glide.bsm.max_nodes property. |
| Collapse | Collapses all CIs and components within a cluster node back to a single node. Also, collapses a virtual group that has been expanded. This option only appears if the node has been expanded using the Expand menu item. If Load More was previously used, then Expand reverts the results of the Load More operation. |
| Run Layout From Here | This option re-runs the chosen layout using the current node. Use this option to get a new or clearer view on the same map. |
| Load More | Starting at the selected icon, loads the next level of the map, past the setting of Max Levels. Virtual grouping is not applied at the newly loaded level even if the criteria for virtual grouping is met. The number of additional icons to display is bound by the value of the glide.bsm.max_nodes property. |
The following options are available if you right-click a relationship link.
| View Relationship Form | Opens the CI Relationship form. You can modify the Parent, Type, and Child of the relationship from this form. |
| Modify Relationship | Searches for and selects a new relationship for this link. |
| Delete Relationship | Deletes a relationship. The relationship is deleted after prompting for confirmation. |
CI Relationships
Create or edit a relationship filter
Create a custom relationship filter to display CI relationships from selected tables in the CI relations formatter.
Role required: ecmdb_admin The CI relations formatter displays related CIs for the base CI, and the relationships between the CIs. You can use relationship filters on the CI relations formatter to customize CI relationship views.
- Navigate to .
- Click New or select a filter to edit.
- Enter or edit the relationship filter name.
- Right-click the form header and click Save.
- In the Configuration Types section, click Edit.
- On the Edit Members form, select the tables of the CIs that you want to show with the filter and then move the tables to the Configuration Types list.
- Click Save.
On a CI form, in the relations formatter settings, you can select the newly defined relationship filter from the
Filter Relations by CMDB View list.
In the legacy CI relations formatter, you can click View and select the newly defined relationship filter.
After you select a filter, the relations formatter displays only CIs from the tables specified in the filter or from descending tables.
OOB Relationships
SN
SNMP OID Classification
A CI classification allows Discovery to discover most common operating systems, network devices, and processes.
- Navigate to.
- Select the type of classification to create.
- ClickNewin the list of classifications for the type you selected.
- Complete the form using the fields in the table.
Classification form fields| Field | Input Value |
|---|
| Name | Name of the configuration item (CI). |
| OID | SNMP system OID for matching this device.When the OID value matches that of an SNMP device, Discovery uses the information to populate the CMDB with the specified manufacturer, model, and classifier. |
| Operator | Operator for determining how to match and SNMP OID. The choices areIsandStarts with. This field is available only for SNMP System OIDs classifiers. |
| Active | Enables or disables this classifier. When a classifier is disabled, the system stops classification at this level and does not launch classifiers of a lower order. For example, when the classifier for Windows 2008 Server is disabled, the system stops Discovery at this point and does not launch the Windows 2012 Server classifier. |
| Order | Order (sequence) in which the platform runs this classifier. |
| Table | Table for this classification. For example, if this record classifies aLinuxserver, select the Linux Server [cmdb_ci_linux_server] table. |
| Classifier | Classification of an SNMP device, such asA10 Load Balancer. This field is available only for SNMP System OIDs classifiers. |
| Relationship type | Type of relationship for this classifier, such asRuns on::Runs. This field is available only for application and process classifiers. |
| Match criteria | Criteria that must match to classify this device. The choices areAnyof the parameters orAllof the parameters. |
| Manufacturer | Name of the manufacturer of a network device. This field is available only for SNMP and SNMP System OIDs classifiers. |
| Model | Model number of a network device. This field is available only for SNMP and SNMP System OIDs classifiers. |
| On classification script | Script that runs if classification criteria are met. Use this script to perform any special tasks after a device is classified. It is possible to use theg_probe_parametershashmap from within a classification script to set probe parameters for any configured, triggered probes. For example, this code sets a 'node_port' parameter to 16001 for all triggered probes:(JS), g_probe_parameters['node_port']=16001;// |
| Related lists |
| Classification Criteria | Criteria formed from specific parameters and the values that they must contain to match devices thatDiscoveryfinds in the network with CIs in the CMDB. For a detailed discussion of these parameters, seeDiscovery classification parameters. |
| SNMP OID Classifications | Unique "fingerprints" of all the SNMP devices that ship with the baseDiscoveryproduct. Users can add OIDs for SNMP devices not in this list. This related list is available only for SNMP devices. |
| Triggers probes | Exploration probes thatDiscoverylaunches to gather detailed information about a CI that it has classified in the network. If you want to use patterns for horizontal discovery, add theHorizontal Patternprobe in theProbecolumn, and then specify your pattern in thePatterncolumn. Warning:Do not specify your pattern inProbecolumn. Choose the Horizontal Pattern probe, which launches the specified pattern. |
| Versions | Lists versions of this classifier. A new version is created whenever you modify the classifier record. To revert to a previous version, open that record and selectRevert to this versionunderRelated Links. |
This example shows a completed CI classification form with exploration probes defined. For instruction on creating probes, see
Discovery probes and sensors. The probes defined here are launched when the device is properly classified, unless
Discoveryis configured to stop after classification.Discovery classification form
CMDB Health Dashboards
LAB 2.0 CMDB Health Dashboard
MidServer Overview
Mid Server Services Requirement
How does the mid-server works?
MidServer Installation Process 
MidServer and Proxy Server
Install Windows Mid Server Services
- Verify that the MID Server host has the correct JRE installed.
The supported JRE version required for the MID Server host is any version in the Java 1.8 family, later than 1.8.0_152. Java 9 and 10 families are not supported.
- If the MID Server host does not have the JRE installed or is running an unsupported version, download and install the correct version, and then configure either of the following:
- Set the JAVA_HOME environment variable to point to a supported JRE.
- Make java available in the PATH running environment.
- Log in to the Windows host machine where you want to install the MID Server.
- Create a folder for the MID Server on the top level of the drive such asServiceNow\MID Server1.
- Download the MID archive file into the new folder.
- Right-click the archive and select Extract All.
- Navigate to the service-now\<mid server name>\agent folder that was created when the file was extracted.
- Run installer.bat to start the MID Server installer.
To configure the MID Server manually, skip to
this step.
- Use the installer to enter the following information.
| Field | Description |
|---|
| ServiceNow instance URL | Enter the full URL of your instance, for example: https://mycompanyinstace.service-now.com
|
| ServiceNow MID Server username | Enter the name of the MID Server userthat you already created. The MID Server user must have the mid_server role. |
| ServiceNow MID Server password | Enter the password for the user in the ServiceNow MID Server username. |
| Use proxy | Select this check box if your MID Server communicates through a proxy to connect to the instance. Note: Your proxy server must use Basic Authentication for the MID server to connect to the instance. |
| Proxy host | Enter the proxy server host name or IP address. Do not include the protocol in the host name. For example, enter proxyserver.domain.com, not https://proxyserver.domain.com. |
| Proxy port | Enter the port through which the proxy server communicates. If you leave this field blank, it should use the proxy server's default port number. |
| Proxy username | Enter the user name that has administrator rights to the proxy server. |
| Proxy password | Enter the password for the user name. |
- Click Test your connection to validate the credentials and instance information. If you encounter any errors, verify the information that you input.
- Click Next.
- Configure the MID name parameters (see table).
| Field | Description |
|---|
| MID Server name | Enter any MID Server name. |
| MID Service wrapper name | Modify this field if necessary. It is populated automatically by prefixing snc_mid_ to the MID Server name. In most cases, you do not need to modify this. |
| MID Server wrapper display name | Modify this field if necessary. It is populated automatically by prefixing ServiceNow MID Server_ to the MID Server name. In most cases, you do not need to modify this. |
- Click Next to view the summary.
- Click Start MID Server.
The local host starts the MID Server.
When the MID Server service starts, it verifies that it is the only active (not down) MID Server with that name. If the MID Server discovers another active MID Server with the same name, the starting MID Server waits 5 minutes and sends another query. The MID Server repeats this query three times and logs each attempt in the agent log. If the MID Server still detects a duplicate after this cycle, it creates a record in the
MID Server Issue [ecc_agent_issue] table and shuts itself down.
Note: The record in the MID Server Issue [ecc_agent_issue] table cannot be resolved automatically by the instance. Close this record manually for accounting purposes. Either mark the issue Resolved or delete it.
- Click Mid Servers List Page.
The installer opens the MID Server list from your instance.
- Select the MID Server name from the list.
Note: It may take a few seconds for the MID Server time to establish a connection with your instance.
The system displays the MID Server record.
- From Related Links, click Validate.
The MID Server Validated changes to Yes.
- To configure the MID Server manually, edit the config.xml file with a text editor such as WordPad:
- Find the element <parameter name="url" value="https://YOUR_INSTANCE.service-now.com" /> element and change the value to the URL of your instance.
- Enter the MID user credentials in the mid.instance.username and mid.instance.password parameters.
By default, the MID Server, uses basic authentication for SOAP messages. The password value is also encrypted authentication.
- (Optional) Find the <parameter name="name" value="YOUR_MIDSERVER_NAME_GOES_HERE" /> element and change the value for the MID Server name.
- (Optional) Enter connection information for the proxy server. Remove the appropriate comment tags from the proxy configuration information.
For example, you can configure these parameters:
- mid.proxy.use_proxy
- mid.proxy.host
- mid.proxy.port
- mid.proxy.username
- mid.proxy.password
- Start the MID Server and verify that it is active.
- In the MID Server home directory (agent), execute the batch file start.batto start the new MID Server.
- Log into the instance and navigate to to verify that the Status of your new MID Server is Up.
Additional log information appears here:
- The MID Server log on the instance.
- The corresponding agent0.log.0 and wrapper logs (wrapper.log) in the MID Server agent\logs folder.
- To stop the MID Server, use either of these procedures:
- Windows command line: From the MID Server home directory (agent) run stop.bat.
- Windows Services console: Right click ServiceNow <MID Server name>, and then select Stop.
- To restart a stopped MID Server, use any of these procedures:
- In the instance, navigate to and open the record for a Down server. Under Related Links, click Restart MID.
- Windows command line: In the MID Server home directory (agent), run Restart.bat.
- Windows Services console: Right click ServiceNow <MID Server name>, and then select Start.
Install Linux Mid-Server Services
- Verify that the MID Server host has the correct JRE installed.
The supported JRE version required for the MID Server host is any version in the Java 1.8 family, later than 1.8.0_152. Java 9 and 10 families are not supported.
- If the MID Server host does not have the JRE installed or is running an unsupported version, download and install the correct version, and then configure either of the following:
- Set the JAVA_HOME environment variable to point to a supported JRE.
- Make java available in the PATH running environment.
- From the Linux command line, type mkdir -p /servicenow/mid server name to create the installation directory. You need to have read/write/execute permissions on this folder.
- Extract the downloaded MID Server archive file, mid.os.zip into the servicenow/mid server name/ directory. Use the MID Server name created in the instance or create a new name that you will use for this MID Server moving forward.
The resulting directory structure is /servicenow/<mid server name>/agent.
- Change to the servicenow/mid server name /agent directory, and enter the following command to start the MID Server installer: ./installer.sh.
If you prefer to manually configure the MID Server instead, skip to
this step.
- Use the installer to enter the following information.
| Field | Description |
|---|
| ServiceNow instance URL | Enter the full URL of your instance, for example: https://mycompanyinstace.service-now.com
|
| ServiceNow MID Server username | Enter the user name of the MID Server user that you already created. The MID Server user must have the mid_server role. |
| ServiceNow MID Server password | Enter the password for the user in the ServiceNow MID Server username. |
| Use proxy | Select this check box if your MID Server communicates through a proxy to connect to the instance. Note: Your proxy server must use Basic Authentication for the MID server to connect to the instance. |
| Proxy host | Enter the proxy server host name or IP address. Do not include the protocol in the host name. For example, enter proxyserver.domain.com, not https://proxyserver.domain.com. |
| Proxy port | Enter the port through which the proxy server communicates. If you leave this field blank, it should use the proxy server's default port number. |
| Proxy username | Enter the user name that has administrator rights to the proxy server. |
| Proxy password | Enter the password for the user name. |
- Click Test your connection to validate the credentials and instance information. If you encounter any errors, verify the information that you input.
- Click Next.
- Configure the MID name parameters (see table).
| Field | Description |
|---|
| MID Server name | Enter any MID Server name. |
| MID Service wrapper name | Modify this field if necessary. It is populated automatically by prefixing snc_mid_ to the MID Server name. In most cases, you do not need to modify this. |
| MID Server wrapper display name | Modify this field if necessary. It is populated automatically by prefixing ServiceNow MID Server_ to the MID Server name. In most cases, you do not need to modify this. |
- Click Next to view the summary.
- Click Start MID Server.
The local host starts the MID Server.
When the MID Server service starts, it verifies that it is the only active (not down) MID Server with that name. If the MID Server discovers another active MID Server with the same name, the starting MID Server waits 5 minutes and sends another query. The MID Server repeats this query three times and logs each attempt in the agent log. If the MID Server still detects a duplicate after this cycle, it creates a record in the
MID Server Issue [ecc_agent_issue] table and shuts itself down.
Note: The record in the MID Server Issue [ecc_agent_issue] table cannot be resolved automatically by the instance. Close this record manually for accounting purposes. Either mark the issue Resolved or delete it.
- Click Mid Servers List Page.
The installer opens the MID Server list from your instance.
- Select the MID Server name from the list.
Note: It may take a few seconds for the MID Server time to establish a connection with your instance.
The system displays the MID Server record.
- From Related Links, click Validate.
The MID Server Validated changes to Yes.
- To configure the MID Server manually, change to the servicenow/mid server name /agent directory, and then edit the config.xml file as follows:
- Find the element <parameter name="url" value="https://YOUR_INSTANCE.service-now.com" /> and change the value to the URL of your instance.
- Enter the MID user credentials in the mid.instance.username and mid.instance.password parameters.
By default, the MID Server, uses basic authentication for SOAP messages. The password value is also encrypted authentication.
- Find the <parameter name="name" value="YOUR_MIDSERVER_NAME_GOES_HERE" /> element and change the value for the MID Server name.
- (Optional) Enter connection information for the proxy server. Remove the appropriate comment tags from the proxy configuration information.
For example, you can configure these parameters:
- mid.proxy.use_proxy
- mid.proxy.host
- mid.proxy.port
- mid.proxy.username
- mid.proxy.password
- Start the MID Server and verify that it is active.
- In the MID Server home directory (agent), execute the shell script start.shto start the new MID Server.
- Log into the instance and navigate to to verify that your new MID Server has a Status or Up.
Additional log information appears here:
- The MID Server log on the instance.
- The corresponding agent0.log.0 and wrapper logs (wrapper.log) in the MID Server agent\logs folder.
- To configure the MID Server to restart automatically when the host is restarted, run
${base_install_dir}/agent/bin/mid.sh install as root.This command installs the MID Server as a daemon service and adds the auto start scripts to the
init.d directory.
Note: You cannot install more than one MID Server service as a daemon on a Linux host. This is a limitation of the Tanuki wrapper service.
- To stop the MID Server, navigate to the MID Server home (agent) directory and execute the stop.sh shell script.
- To restart a stopped MID Server, use either of these procedures:
- In the instance, navigate to and open the record for a Down server. Under Related Links, click Restart MID.
- Navigate to the MID Server home (agent) directory and execute the restart-service.sh script, using one of these commands:
- ./restart-service.sh
- sh restart-service.sh
- bash restart-service.sh
Discovery Overview
Discovery Schedules
ECC Queues - Status
Troubleshooting
Lab 4.0 - Execute Discovery
Create Discovery Schedules
PORT PROBES > PROBES- PATTERN and SENSORS
Discovery Schedule
Discovery Timeline
PROBES - PATTERNS
https://yalesandbox.service-now.com/discovery_port_probe_list.do?sysparm_userpref_module=97fddeb70a0a070300eba90e0db535cd&sysparm_clear_stack=true
SSH
LINUX Probes
LINUX Patterns
Linux Server Pattern
pattern {
metadata {
id = "1d2810b14fa12200609b92918110c7a7"
name = "Linux Server"
description = ""
citype = "cmdb_ci_linux_server"
}
identification {
name = "discovery"
entry_point {type = "*"}
find_process_strategy {strategy = NONE}
step {
name = "Unix\\Linux Name Formatting"
ref {refid = "46d81a979f10320055063758442e707f"}
}
step {
name = "Insert OS name, version and name to cmdb_ci_linux_server"
transform {
src_table_name = "cmdb_ci_linux_server"
target_table_name = "cmdb_ci_linux_server"
operation {
set_field {
field_name = "os_version"
value = get_attr {"osVersion"}
}
set_field {
field_name = "os_name"
value = get_attr {"osName"}
}
set_field {
field_name = "name"
value = get_attr {"formattedHostname"}
}
}
}
}
step {
name = "DNS"
ref {refid = "ede27fe5db652200868a7c841f961984"}
}
step {
name = "Linux - Identity"
ref {refid = "a273cfe39f2032001d753758442e70b7"}
}
step {
name = "Linux - Find FQDN"
ref {refid = "5e1243e39f2032001d753758442e7041"}
}
step {
name = "Linux - Distribution"
ref {refid = "fe32c7e39f2032001d753758442e7065"}
}
step {
name = "UNIX - OS Uptime"
ref {refid = "80d2cbe39f2032001d753758442e7092"}
}
step {
name = "Update start date on Linux CI"
set_attr {
"cmdb_ci_linux_server[*].start_date"
get_attr {"start_date"}
}
}
step {
name = "Linux - Memory"
ref {refid = "4103cbe39f2032001d753758442e709a"}
}
step {
name = "Linux - Memory Modules"
ref {refid = "dc334fe39f2032001d753758442e70b7"}
}
step {
name = "Linux - Network ARP Tables"
ref {refid = "84538fe39f2032001d753758442e7086"}
}
step {
name = "Linux - CPU"
ref {refid = "e69343279f2032001d753758442e7067"}
}
step {
name = "Linux - Storage"
ref {refid = "303407279f2032001d753758442e708c"}
}
step {
name = "Linux - Cloud"
ref {refid = "4660f86edb057200c12ef9361d96190c"}
}
}
}
Horizontal discovery pattern probe failure
Horizontal Probe executed Commands
SENSORS
SNMP OID
DISCOVERY Data Collections and Requirements
Discovery Schedules
Discovery Behaviors
Create a Discovery behavior to determine which probes Shazzam launches and which MID Server is used.
Role required: discovery_admin
- Navigate to and click New.
- Enter a name.
- Right-click the form header and select Save.
- In the Discovery Functionality related list, click New.
Discovery Functionality defines what each MID Server in this behavior must do, specifically which protocols to detect.
- Fill out the form fields:
| Field | Description |
|---|
| Phase | Enter an integer that represents an arbitrary phase. The phase is used to group one or more functionalities together. All the functionalities within a specified phase are executed together, and all phases are executed in numerical order. All functionalities in a behavior can have the same phase. The Shazzam probe runs once for each phase in a behavior, which makes fewer phases desirable. Run multiple phases for behaviors only when devices in the network are running multiple protocols, such as SSH and SNMP. In that example, set one phase for the SSH scan and another phase for the SNMP scan. |
| Active | Keep this option selected to apply the discovery functionality. |
| Functionality definition | Click the lookup icon, and then select a pre-configured functionality that defines the protocol or list of protocols that each MID Server scans. |
| Match criteria | Define criteria here for Windows MID Servers. |
| MID Servers | Select one or more MID Servers to perform this functionality for the following Discovery types:Discovery automatically balances the load when multiple MID Servers are selected. |
- Right-click the form header and select Save.
- To add criteria that the functionality must meet in order to be triggered, click New in the Functionality Criteria related list, fill out the form fields, and then click Submit.
| Field | Input Value |
|---|
| Name | The name in the criteria is the variable that passes the following information:- mid_server: MID Server that processes the results from the Shazzam probe.
- win_domain: Windows domain of the target device.
|
| Operator | Select a logical operator. |
| Value | Enter the actual name of the MID Server (mid_server) or domain (win_domain) to pass to Discovery for this criteria. This field can also have a value of mid_domain, which defines the Windows domain of the MID Server that is processing the Shazzam results. |
Note:Functionality criteria are required for Windows MID Servers only, and only when the behavior controls Discovery across multiple domains. When the instance launches the Shazzam probe for a Discovery in which a behavior defines multiple MID Servers to scan multiple domains, the functionality criteria determine which MID Server process the results of the probe.
The following graphic shows an example of functionality criteria.
A schedule determines what horizontal discovery searches for, when it runs, and which MID Servers are used.
Roles required: admin, discovery_admin You can use a Discoveryschedule to launch horizontal discovery, which uses probes, sensors, and pattern operations to scan your network for CIs. Use this procedure to create a schedule manually from the Discovery Schedule form..
Service Mapping also provides a Discovery schedule for top-down discovery.
Use the Discovery Schedule module in the Discovery application to:
- Configure device identification by IP address or other identifiers.
- Determine if credentials are used in device probes.
- Name the MID Server to use for a particular type of discovery.
- Create or disable a schedule that controls when the discovery runs in your network.
- Configure the use of multiple Shazzam probes for load balancing.
- Configure the use of multiple MID Servers for load balancing.
- Run a Discovery schedule manually.
- Run Discovery on a single IP address.
To create a Discovery schedule
- Navigate to and create a new record.
- Complete the Discovery Schedule form, using the fields in the table.
- Right-click in the header of the record and select Save from the context menu.
- To create a range of IP addresses to discover, click Quick Ranges under Related Links.
| Field | Description |
|---|
| Name | Enter a unique, descriptive name for your schedule. | | Discover | Select one of the following scan types: |
| Configuration items: Uses Discovery identifiers to match devices with CIs in the CMDB and update the CMDB appropriately. Perform a simple discovery by selecting a specific MID Server to scan for all protocols (SSH, WMI, and SNMP). Or, perform advanced discoveries with discovery behaviors. When you select a behavior, the MID Server field is not available. | | IP addresses: Scans devices without the use of credentials. These scans discover all the active IP addresses in the specified range and create device history records, but do not update the CMDB. IP address scans also show multiple IP addresses that are running on a single device. Identify devices by class and by type, such as Windows computers and Cisco network gear. The Max range size Shazzam probe property determines the maximum number of IP addresses Shazzam scans. | | Discovers IP networks (routers and switches). Results from this search are used to populate the IP Network [cmdb_ci_ip_network] table in with a list of IP addresses and network masks. Network scans update routers and layer 3 switches in the CMDB. | | Service: Discovers services for the Service Mapping application | | Serverless: Finds CIs without needing to run discovery on a host, or CIs on a proxy host that is already in the CMDB | | Cloud application: Discovers only the cloud resources for the patterns that you specify. | | Cloud resources: Discovers resources on AWS and Azure clouds. |
|
Mid Server Selection | Auto-Select MID Server: Allow Discovery to select the MID Server automatically based on the Discovery IP Ranges you configure. To find a matching MID Server, you must configure MID Servers to use:- The Discovery application, or ALL applications. This setting authorizes the MID Server access from Discovery.
- The IP Range that includes the ranges you configure on the Discovery Schedule.
| | Specific MID Cluster: Use a preconfigured cluster of MID Servers. Select the cluster. You are not required to specify one member of the cluster. The MID Server cannot be part of multiple clusters, such as one that supports load balancing and one that supports failover. You can add any cluster regardless of the application that the MID Servers are assigned to. When you select the cluster, the Discovery application is automatically added when it does not exist for the MID Servers in the cluster. | | Specific MID Server: Use only one MID Server. If that MID Server is part of a cluster, only that MID Server is used. The cluster is not used. You can add any MID Server regardless of the application it is assigned to. The Discovery application is automatically added when it is not already assigned for the MID Server you select. You can assign a specific MID Server for all types of Discover scans except Service. | - Use Behavior: Use a behavior when a single schedule requires the use of multiple MID Servers to perform any of the following activities:
- Scans requiring multiple Windows credentials.
- A schedule that must execute two or more particular protocols (SNMP, SSH, or WMI) using more than one MID Server.
- Load balancing for large discoveries where a single MID Server would be inadequate.
- Scanning multiple domains.
Note: The Discovery schedule enforces domain separation. The MID Servers that are available for selection are limited to the same domain of the user who is configuring the schedule. | | Midserver | Select the MID Server to use for this schedule. This field is available if MID Server selection method is set to Specific MID Server, or if you discover IP addresses, networks, or web services. | | MidServer Cluster | Select the MID Server cluster to use for this schedule. This field is available if MID Server selection method is set to Specific MID Cluster. | | Active | Select a behavior configured for the MID Servers in your network. This field is available only if MID Server selection method is set to Use Behavior. | | Location | Choose a location to assign to the CIs that the schedule discovers. If this field is blank, then no location is assigned. | | Max Run Time | Set a time limit for running this schedule. When the configured time elapses, the remaining tasks for the discovery are canceled, even if the scan is not complete. Use this field to limit system load to a desirable time window. If no value is entered in this field, this schedule runs until complete. | | Run and Related Fields | Determines the run schedule of the discovery. Configure the frequency in the Run field and the other fields that appear to specify an exact time. Note: The run time always uses the system time zone. If you add the optional Run as tz field, it has no effect on the actual runtime. | | Include Alive | Select this check box to include alive devices, which are devices that have at least one port that responds to the scan, but no open ports. Discovery knows that there is a device there, but has no information about it. If this check box is cleared, Discovery returns all active devices, which are devices that have at least one open port. | | Log State Changes | Select this check box to create a log entry every time the state changes during a discovery, such as a device going from Active to Classifying. View the discovery states from the Discovery Devices related list on the Discovery Status form. The Completed activity and Current activity fields display the states. | Shazzam batch Size
| Enter the number of IP addresses that each Shazzam probe can scan. Dividing the IP addresses into batches improves performance by allowing classification for each batch to begin after the batch completes. rather than after all IP addresses have been scanned. The probes run sequentially. For example, the value is set to 1000 and a discovery scans 10,000 IP addresses using a single MID Server. It creates 10 Shazzam probes with each probe scanning 1000 IP addresses. By default, the batch size is 5000. A UI policy enforces a minimum batch size of 256 because batch sizes below 256 IP addresses do not benefit from clustering. The policy converts any value below 256 to a value of zero. The value for this field cannot exceed the value defined in the maximum range size property for the Shazzam probe. | | Shazzam Cluster Support | Select the check box to distribute Shazzam processing among multiple MID Servers in a cluster and improve performance. This setting works with the Shazzam batch size. For example, a schedule is created to scan 100,000 IP addresses, with 10 MID Servers assigned to do the work. Each MID Server is assigned to scan 10,000 IP addresses. If the Shazzam batch size is set to 5,000 IP addresses per probe, the schedule runs two Shazzam probes per MID Server (10,000 IP addresses/5,000 per batch). These probes are run in sequence and not concurrently. | | Use SNMP Version | Use this field to designate the SNMP version to use for this discovery. Valid options are v1/v2c, v3, or All. | Quick Range
| Define IP addresses and address ranges to scan by entering IP addresses in multiple formats (network, range, or list) in a single, comma-delimited string. | | Discover now | Use this link to immediately start this Discovery | | IP Ranges | This related list defines the ranges of IP addresses to scan with this schedule. If you are using a simple CI scan (no behaviors), use this related list to define the IP addresses to discover. | | Discover Range Sets | This related list defines each range set in a schedule to scan by one or more Shazzam probes. | | Discovery Status | | This related list displays the results of current and past schedule runs. |
|
|
|
|---|
Discovery Run Options| Daily | Runs every day. Use the Time field to specify the time of day.
| | Weekly | Runs on one designated day of each week. Use the Time field to specify the time of day.
| | Monthly | Runs on one designated day of each month. Use the Day field to select the day of the month. Use the Time field to specify the time of day. If the designated day does not occur in the month, the schedule does not run that month. For example, if you designate day 30, the schedule does not run in February.
| | Periodically | Runs every designated period of time. Use the Repeat Interval field to define the period of time in days, hours, minutes and seconds. The first Discovery runs at the point in time defined in the Starting field. The subsequent discoveries run after each Repeat Interval period passes.
| | Once | Run one time as designated by the date and time defined in the Starting field.
| | On Demand | Does not run on a schedule. Click Discover now to run Discovery.
| | Weekdays | Runs every Monday, Tuesday, Wednesday, Thursday, and Friday. Use the Time field to select the time of day.
| | Weekends | Runs every Saturday and Sunday. Use the Time field to select the time of day.
| | Month Last Day | Run the last day of every month. Use the Time field to select the time of day.
| | Calendar Quarter End | Runs on March 31, June 30, September 30, and December 31. Use the Time field to select the time of day. To change the dates, modify the DiscoveryScheduleRunType script include. |
| After Discovery | Allows you to sequentially stagger the schedule. Use this option to run this schedule after the Discovery designated in the Run after field finishes. Select the Even if canceled check box to designate that this discovery should run even if the Run after Discovery is canceled before it finishes.- This option is not valid when the Discovery is started via DiscoverNow, or when using the Discover CI feature.
- You cannot designate an inactive Discovery schedule.
- You cannot create a loop by designating the run after Discovery to be the same Discovery.
- This Discovery does not run if the Run after Discovery does not finish, with the exception that the Even if canceled check box is selected and the Discovery is canceled.
|
|
|
|
|
Validate discovery results
Validate the results of your discovery by accessing the ECC queue, analyzing the XML payload, and checking the Discovery log.
Role required: discovery_admin
Initial discoveries often reveal unexpected results, such as previously unknown devices and processes or failed authentication. Results should also accurately identify known devices and update the CMDB appropriately. Become familiar with the network that is being discovered and the types of data returned for the different types of discoveries. Use the
Discovery Log and the ECC Queue to monitor the
Discovery process as data is returned from probes or pattern operations.
ECC Queue
- To view the actual payload of a probe, click the XML icon in a record in the ECC Queue.
- Use the Discovery Log form for a quick look at how the probes are doing. To display the Discovery Log, navigate to .
Discovery Log
The
Discovery Log provides this information:
| Column | Information |
|---|
| Created | Displays the timestamp for the probe launched. Click this link to view the record for the probe launched in this list. |
| Level | Displays the type of data returned by this probe. The possible levels are:- Debug
- Error
- Information
- Warning
|
| Message | Message describing the action taken on the information returned by the probe. |
| ECC queue input | Displays the ECC queue name associated with the log message. |
| CI | The CI discovered. Click this link to display the record from the CMDB for this CI. |
| Source | Displays the probe name that generated the log message. |
| Device | Displays the IP address explored by the probe. Click this link to examine all the log entries for the action taken on this IP address by this Discovery. |
MID Server clusters
These steps are followed when you select
Specific MID Clusterfor the
MID Server selection methodon the
Discoveryform, and the cluster is a load balancing cluster:
- Discoveryuses the first MID Server in the cluster that it finds with the status ofUp.
- If more than one MID Servers are up, it randomly picks one. If it cannot find any MID Servers, it looks for MID Servers in the cluster with the status ofPausedorUpgrading.
These steps are followed when the cluster is a failover cluster:
- Discovery uses the MID Server with the lowest Order value that also has the status of Up.
- If no MID Servers are found, it looks for MID Servers in the cluster with the status of Paused or Upgrading, choosing the one with the lowest Order value.
Port scan (Shazzam) phase
During the port scan phase, Discovery collects all the target IP addresses. It splits them equally between MID Servers matching the criteria (MID Servers are qualified to do the port scan). The Shazzam batch size, which you configured on the Discovery schedule, determines the number of IP addresses that each Shazzam probe can scan. This phase helps determine how much work each MID Server does during the port scan phase.
For example, you have 16,000 IP addresses to scan among three qualified MID Servers, and you use the default Shazzam batch size of 5000. Two of the MID Servers handle 5000 IP address scans (one Shazzam probe each). The other MID Server handles 6000 IP address scans by launching two Shazzam probes.
LAB 3.0 Install Mid-Servers Services
