Discovery domain separation

Configuration item (CI) data that Discovery collects can be separated into domains.

How Discovery domain separation works

Discovery implements data domain separation through the MID server by impersonating the MID Server user during sensor processing. Discovery uses the domain that the MID Server user is in to determine which domain the discovered data should be put into. Discovery configuration information, including classifiers, identifiers, probes, and sensors, is not domain separated.

Domain separation for Discovery is available starting with the Helsinki release.

Note: Amazon Web Services and Microsoft Azure is not domain separated when Discovery uses a MID Server designated as a NODE_AGENT. This type of MID Server has no defined user and, consequently, no domain.

Domain separation for MID Server files

You can create versions of these specific MID Server policy records that only a MID Server from the same domain can use. This process separation is supported for records in tables that extend MID Server Synchronized Files [ecc_agent_sync_file]:

By default, all records in these tables are members of the global domain. A user can override the default global domain and create a version of these policies for use in the user's own domain.

Note: Attachments on MIB or JAR file records might not appear as they did in a non-domain separated environment. This occurs because the Attachments [sys_attachment] table is data separated. When data is separated between domains, a record in a child domain cannot access records in a parent domain.

See Set up domain separation for MID servers for instructions on setting up domain separation through the MID server.

Domain separated tables

Records in all tables that extend the Base Configuration Item [cmdb] table can be domain separated. In addition, records in these tables can also be domain separated:
  • Serial Number [cmdb_serial_number]
  • TCP Connection [cmdb_tcp]
  • Fibre Channel Initiator [cmdb_fc_initiator]
  • Fibre Channel Targets [cmdb_fc_target]
  • IP Address to DNS Name [cmdb_ip_address_dns_name]
  • Service [cmdb_ip_service_ci]
  • KVM Virtual Device [cmdb_kvm_device]
  • Load Balancer Service VLAN [cmdb_lb_service_vlan]
  • Load Balancer VLAN Interface [cmdb_lb_vlan_interface]
  • Switch Port [cmdb_switch_port]