Discovery architecture

ServiceNow is normally hosted in ServiceNow's data center, and it does not have the ability to access the enterprise's network – but Discovery needs access to do its job. Many enterprises have multiple networks, often separated by slow WAN links or security barriers – and Discovery needs access to all of them. Discovery uses special server processes (called MID Servers), that are installed on each enterprise network that has computers or devices to be discovered.

Each MID server is a lightweight Java process that can run on a Linux, Unix, or Windows server. A dedicated server is not required, as the MID server's resource consumption is quite low (and is controllable). The MID server's job during Discovery is simply to execute probes and return the results back to the ServiceNow instance for processing; it does not retain any information. In effect, a MID server is a remote extension of the ServiceNow instance, on an enterprise network.

MID servers communicate with the ServiceNow instance they are associated with by a simple model: they query the instance for probes to run, and they post the results of probes they've completed back to the instance. There, the data collected by the probes is processed by sensors, which decide how to proceed. The MID server starts all communications, using SOAP on HTTPS – which means that all communications are secure, and all communications are initiated inside the enterprise's firewall. No special firewall rules or VPNs are required.

Discovery is agentless - meaning that it does not require any permanent software to be installed on any computer or device to be discovered. The MID server uses several techniques to probe devices without using agents. For example, the MID server will use SSH to connect to a Unix or Linux computer, and then run a standard command (such as uname or df) to gather information. Similarly, it will use the Simple Network Management Protocol (SNMP) to gather information from a network switch or a printer.