Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 29 Next »

Probe Types (Out Of Box)

wmi, snmp, ssh, http, wins, dns, printer, osx, ip_phone

Unix SSH Probes (Out Of Box)

See discovery_probes.pdf

How Discovery Works (Out Of Box)

  • port scanner runs against IPs to see what's open
  • determines device type
  • depending on type, runs applicable probes:
    • Windows: WMI & powershell
    • Unix: SSH
    • Printers: SNMP
    • Network Devices: SNMP
    • Web: HTTP headers
    • UPS: SNMP
  • search the CMDB using weighted identifiers (serial, MAC, IP etc), do either of the following:
    • update/add matching CI
    • no-op

Questions/Answers

What does it find with _no credentials or bogus credentials? Yes, it's agent-less, but is it still basically an opt-in technology?_
You don't without customizations, and furthermore, this data is of no value on its own. This can be collected and inserted trivially with existing technology. Furthermore, this data cannot be used on its own to draw any conclusions. It therefore adds no value, and the recommendation from the technical team is that the hours be spent elsewhere.

How do we recommend Yale leverages this tool? Do we use it once and update every so often? Do we enable people to use this as an asset management import tool?
Insofar as this tool is designed to aid in automation of CMDB updates, it should be used wherever it does not undermine other stated assertions and principles. It should be used continuously to cover gaps in Change Management process. Federation with other CMDBs is on the table. The final recommendations will be presented in another document.

  • How many MID servers and where, based on: security, firewall
    MIDs pull instructions and push data over https when talking to the cloud. MIDs probe behavior on the network depends on the probe type.

Assertions

  • Must obey principle of least privilege for SN instance and MID Server
  • We should net something; i.e., either quality of CMDB or speed of discovery should be better than without the tool

Experiments

No-Credential Discovery

Discover a DC subnet w/o credentials, see what you get with out of the box settings.

Result: Nothing, as it turns out.

Basic SSH Unix Discovery

Discover a linux server with a non-privileged shell (i.e. adduser testuser, no sudo rights), see what you get.

Result: You get quite a bit, although it also gets a lot wrong or misses stuff entirely.
Gets:

  • OS (but revision is for kernel, not OS)
  • cpu brand/type/speed/count
  • RAM amount
  • net interfaces/IP/DNS
  • filesystems & sizes
  • installed software (RPMs)
  • running processes (do we really want/need this in DB?)

Misses:

  • OS rev
  • "is a VM" flag not flipped
  • logical and physical disks
  • serial number
  • most of the relationships you might expect:

RHEL6 + Privilege

Discover a linux server with a privileged shell (i.e. prescribed sudo rights), see what you get.

Result: Not at all different from the non-privileged version. Don't know if this is because RHEL6 is different or what, but I don't see any additional benefit from allowing lsof or dmidecode. Maybe because nothing of interest is exposed by those commands on this particular machine.

RHEL5 + Tomcat

Discover another OS version with a set of (perhaps) more interesting and compatible components and see if we get anything more.

Result: More from a RHEL5 box with a standard tomcat than a RHEL6 box with an embedded tomcat. But the dependencies look wrong (e.g. why does one tomcat seem to depend on the other? Inaccurate)

Gets:

  • machine type of VM, "is virtual" flagged
  • OS (but revision is for kernel, not OS)
  • RAM amount and some DIMM config
  • net interfaces/IP/DNS
  • some serial number info
  • disk devices & file systems
  • software (RPM)
  • running processes
  • apache listeners
  • apache virtual servers
  • apache tomcat connectors
  • tomcat containers
  • tomcat listeners

Misses:

  • logical volume layout
  • tomcat apps
  • OS Rev
  • relationship heuristics are hokey

AIX5+ Oracle

Result: Some useful data, poor CI mapping

Gets:

  • Oracle instance
  • cpu speed, count, model, serial, ram amount
  • OS + rev
  • if/mac/ip/dns
  • fs
  • process list

Misses:

  • Oracle DBs, listeners
  • LVM
  • RPMs, installp
  • all the UNIX services (ftp, telnet, ssh, etc)
  • LPAR/HMC
  • CI relationships weak

Windows Servers (low quantity scan)

Result: Lots of useful data, no significant CI mapping activity

Windows Desktops (med school campus)

Result: Credential availability very sporadic, no significant CI mapping activity, waiting on gap analysis comparing discovery with a potential BigFix integration.

Windows Servers (whole subnet scan of 175)

Result: Lots of stuff found, more CI mapping of higher order assets like databases and IIS instance. Windows is satisfied and will be helping with broader scan schedules. Waiting on firewall discussion.

Network & Telephony

Waiting on DNO to respond to initial feeler about an SNMP pilot.

Implementation Plan

See CMDB Planning

Related Topics

https://projects.yale.edu/ITS50/Project%20Documents/CMDB%20Blueprint%20Information/Fruition%20CMDB%20Blueprint%20and%20Service%20Categorization%20v1.pptx

  • No labels