Discovery basics

To run Discovery, you need a MID Server, the IP addresses on your network to scan, and the credentials to access the devices on your network.

Discovery uses special server processes, called MID Servers. Each MID server is a lightweight Java process that can run on a Linux, Unix, or Windows server. The MID server's job during Discovery is simply to execute probes, sensors, and patterns, and then return the results back to the instance for processing. It does not retain any information.

MID servers communicate with the ServiceNow instance they are associated with by a simple model: they query the instance for the initial probes to run, and they post the results back to the instance. There, the data collected by the probes is processed by sensors, which decide how to proceed. Optionally, if you use patterns, the operations in the patterns decide how to proceed. The MID server starts all communications, using SOAP on HTTPS, which means that all communications are secure, and all communications are initiated inside the enterprise's firewall. No special firewall rules or VPNs are required.

Discovery is agentless, meaning that it does not require any permanent software to be installed on any computer or device to be discovered. The MID server uses several techniques to probe devices without using agents. For example, the MID server will use SSH to connect to a Unix or Linux computer, and then run a standard command (such as uname or df) to gather information. Similarly, it will use the Simple Network Management Protocol (SNMP) to gather information from a network switch or a printer.

In addition to the MID Server, you need:
  • IP addresses
    The address or addresses to query on the network. You configure these on the Discovery schedule.
  • Credentials
    The access credentials for the devices that you intend Discovery to collect data on.

Discovery communications

Discovery communications cover how your instance talks to the MID Servers and how the MID Servers talk to your devices. The MID Server is installed on the local internal network. All communications between the MID Server and the instance is done via SOAP over HTTPS. Since we use the highly secure and common protocol HTTPS, the MID Server can connect to the instance directly without having to open any additional ports on the firewall. The MID Server can also be configured to communicate through a proxy server if certain restrictions apply.

The MID Server is deployed in the internal network, so it can, with proper login credentials, connect directly to discoverable devices.

Discovery communications