Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Discovery basics

Log in to subscribe to topics and get notified when content changes.

Discovery basics

Discovery finds computers, servers, printers, and a variety of IP-enabled devices, and the applications that run on them. It can then update the CIs in your CMDB with the data it collects.

Horizontal discovery and top-down discovery

There are actually two types of discovery:
Horizontal discovery

The Discovery application performs horizontal discovery, which means that it finds devices on your network and several attributes about those devices including the operating system, software, memory, and so on. It can also establish relationships between the applications and the device, and between applications. But it does not draw relationships between CIs that are part of specific business services.

Top-down discovery

Top-down discovery, which is a technique used by Service Mapping, finds and maps CIs that are part of business services in your organization, such as an email service. Service Mapping actually utilizes horizontal discovery to find devices in the scanning and classification phases, and top-down discovery to map business services.

Note: Both Discovery and Service Mapping can use the same pattern; however, you define steps in the pattern differently for the two applications.

Planning for discovery

This video provides an overview of the horizontal discovery process.

Probes, sensors, and patterns

Discovery uses these components to explore computers and devices (which are also known as hosts):
Probes and sensors
Probes and sensors are scripts that collect data on the host, process it, and update the CMDB. Several probes and sensors are provided out of box, but you can also customize them and create custom ones. You can also configure parameters to control the behavior of a particular probe every time it is triggered. A base set of probes and sensors is always used in the first two stages of Discovery. If you are not using patterns, additional probes and sensors are used to identify and explore hosts and the software that runs on them (see Discovery phases).
Patterns are a series of operations that also collect data on a host, process it, and update the CMDB, just as probes and sensors do. Patterns differ from probes and sensors in that they are written in Neebula Discovery Language (NDL) rather than JavaScript, and they are called into action during the last two phases of Discovery. Default patterns are provided, but you can customize or create new patterns using the Pattern Designer. See Create or modify patterns.

Horizontal discovery phases

The four phases of discovery are outlined here. For a more detailed, step-by-step breakdown of the steps for each phase, see Horizontal discovery process flow with probes and sensors and Horizontal discovery process flow with patterns.

Discovery follows these phases:
  • Scanning
    Discovery sends the Shazzam probe to the network to see if specified ports are open on the network and if they can respond to queries. For example, if Shazzam finds a device that responds on port 135, Discovery knows that it is a Windows server.
  • Classification
    If Discovery finds devices, it continues to send probes to find the type of device at each IP address. For example, Discovery sends the WMI probe to detect Windows 2012 running on a Windows device. Classifiers specify which trigger probes to run for identification and exploration.
  • Identification
    Discovery tries to gather more information about the device, looks at those attributes to determine if a CI for the device exists in the CMDB, and then reconciles that information by either updating the CI or creating a new one. Discovery uses additional probes, sensors, and identifiers to do this. Identifiers, also known as identification rules, specify the attributes that the probes look at when reconciling data with the CIs in the CMDB. If you are using patterns, Discovery uses the appropriate identification rule for the CI type specified in the pattern.
  • Exploration
    The identifier in the previous step (Identification) launches the exploration probes configured in the classification record to gather additional information about the device, like the applications running on the device, and device attributes, such as memory, network cards, and drivers. Discovery then maps applications to devices and to other applications. In this phase, Discovery also uses additional probes and sensors that are hard-coded to find this additional information. If you are using a pattern, the operations in the pattern perform the exploration of the CI.

Discovery and MID Servers

Discovery uses special server processes, called MID Servers. Each MID server is a lightweight Java process that can run on a Linux, Unix, or Windows server. The job of the MID server during Discovery is to execute probes and patterns, and then return the results back to the instance for processing. It does not retain any information.

MID servers communicate with the instance they are associated with by a simple model: They query the instance for the initial probes to run, and they post the results back to the instance. There, the data collected by the probes is processed by sensors, which decide how to proceed. Optionally, if you use patterns, the operations in the patterns decide how to proceed. The MID server starts all communications, using SOAP on HTTPS, which means that all communications are secure, and all communications are initiated inside the enterprise's firewall. No special firewall rules or VPNs are required.

Discovery is agentless, meaning that it does not require any permanent software to be installed on any computer or device to be discovered. The MID server uses several techniques to probe devices without using agents. For example, the MID server uses SSH to connect to a Unix or Linux computer, and then run a standard command (such as uname or df) to gather information. Similarly, it uses the Simple Network Management Protocol (SNMP) to gather information from a network switch or a printer.

In addition to the MID Server, you need:
  • IP addresses
    The address or addresses to query on the network. You configure these on the Discovery schedule.
  • Credentials
    The access credentials for the devices that you intend Discovery to collect data on.

IP service affinity

IP Service affinity saves the IP service information that is used to successfully find a device and associates it with the IP address of the device. Using this information, Discovery can target the device in subsequent runs with the accurate protocol. Discovery records the IP Service along with the IP address. Discovery can store the successful IP service information in the IP Service Affinity table [ip_service_affinity].

For example: A network device has both an SSH port and an SNMP port open. By its agentless design, Discovery tries SSH first. However, network devices should be discovered through SNMP. Discovery tries the SSH probe and it fails. This triggers the SNMP probe, which succeeds. With the association between the IP address and the IP service, subsequent discovery runs that target this IP address use SNMP first, because that is the probe that succeeded.

Discovery communications

Discovery communications cover how your instance talks to the MID Servers and how the MID Servers talk to your devices. The MID Server is installed on the local internal network. All communications between the MID Server and the instance are done via SOAP over HTTPS. Since we use the highly secure and common protocol HTTPS, the MID Server can connect to the instance directly without having to open any additional ports on the firewall. The MID Server can also be configured to communicate through a proxy server if certain restrictions apply.

The MID Server is deployed in the internal network, so it can, with proper login credentials, connect directly to discoverable devices.

Discovery communications

Discovery and Help the help desk

Help the Help Desk is a standard feature available through the self-service Help the Help Desk application.

It gathers information, much as Discovery does, about a single Windows computer by running a script on that computer. Discovery does many things that Help the Help Desk cannot do.
Functionality Discovery Help the Help Desk
Automatic discovery by schedule Check
Automatic discovery on user login Check
Manually initiated discovery Check Check
Windows workstations Check Check
Windows servers Check Check*
Linux systems Check
Unix systems (Solaris, AIX, HP-UX, Mac (OSX)) Check
Network devices (switches, routers, UPS, etc.) Check
Automatic discovery of computers and devices Check
Automatic discovery of relationships between processes running on servers Check
*Returns information about Windows server machines when Discovery is installed.