Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Application Dependency Mapping (ADM) for Discovery

Application Dependency Mapping (ADM) for Discovery

Application Dependency Mapping (ADM) discovers CIs by detecting TCP connections between devices.

When ADM discovery is enabled, Discovery always runs the ADM probes during the exploration stage to find the TCP traffic on your network. Using these TCP connections, Discovery can find additional CIs and create relationships between them.

Standard and enhanced ADM discovery

Standard ADM discovery
Triggers an ADM probe to take a single snapshot of TCP connections on target machines using netstat and lsof commands. However, it does not detect new TCP connections that occur between these 24-hour intervals.

Standard ADM discovery is enabled by default.

Enhanced ADM discovery
Triggers an enhanced ADM probe that installs a script on host machines on which Discovery takes regular samples of active TCP connections. You can use a set of properties and probe parameters that control several aspects of enhanced ADM discovery.

Enhanced ADME is not enabled by default.

Service Mapping uses the ADM probes for traffic-based discovery. See Traffic-based discovery in Service Mapping for more information.

Requirements

Both standard and enhanced ADM discovery support the following operating systems:
  • Windows
  • Unix
  • Solaris (On Solaris machines, enhanced ADM is available in global zones. Only standard ADM is available for local zones.)
  • AIX
  • HP-UX

To use the WMI protocol, version 3.0 of PowerShell is required.

TCP tracking file for enhanced ADM

The first time that Discovery launches the enhanced probe, no TCP information is gathered. Rather, the enhanced probe only deploys the TCP tracking file, in which information about detected TCP connections is saved. After Discovery runs again, the enhanced probe relays the contents of the TCP tracking file back to the instance via the MID Server. The information is saved in the CMDB.

The TCP tracking file is saved in these locations by default:
  • Windows: admin$\temp\{your_instance_name}. While TCP connections are being monitored, the information is stored in memory and then later saved to the file.
  • Linux: /tmp/{your_instance_name}.
You can change the location and other aspects of the tracking file with ADM properties.

If you disable enhanced ADM, Discovery cleans up the folders from the host file system the next time Discovery runs, but the TCP tracking file remains.

Requirements for Enhanced ADM on Linux machines

Modify the sudoers file to include these commands:
Operating system Utility tool support Required sudoer commands Additional requirements
Windows netstat none
AIX netstat

lsof (if netstat does not work)

Cmnd_Alias ADME_CMDS=/usr/bin/netstat -Aan, /usr/sbin/lsof -iTCP -n -P

discoUser ALL=(root)NOPASSWD:ADME_CMDS

Defaults:discoUser ! requiretty

Solaris netstat (for Solaris version 11.2)

lsof (for Solaris versions prior to 11.2)

Cmnd_Alias ADME_CMDS = /usr/bin/netstat,/opt/csw/bin/lsof -iTCP -n -P -zglobal

discoUser ALL=(root) NOPASSWD:ADME_CMDS

Defaults!ADME_CMDS !requiretty

Cmnd_Alias ADME_PS = /usr/ucb/ps

discoUser ALL=(root) NOPASSWD:ADME_PS

Defaults!ADME_PS !requiretty

Note: You must add -zglobal for lsof to run.
Add the lsof path to the secure path. For example, if the path to lsof is /opt/csw/bin, the secure path should be secure_path = /usr/bin:/usr/sbin:/bin:/sbin:/opt/csw/bin
Note:

The commands with PS apply to standard ADM as well as enhanced ADM.

HP UX lsof

Cmnd_Alias ADME_CMDS = /usr/local/bin/lsof -iTCP -n -P

discoUser ALL=(root) NOPASSWD:ADME_CMDS

Defaults!ADME_CMDS !requiretty
Note: Netstat is not supported.
Centos and Ubuntu Cmnd_Alias ADME_CMDS = /usr/sbin/lsof -iTCP -n -P, /usr/bin/netstat -antp

discoUser ALL=(root) NOPASSWD:ADME_CMDS

Defaults!ADME_CMDS !requiretty

Note the following for the sudo commands:
  • ADME_CMDS is a variable referring to a list of commands.
  • /usr/bin/ is the directory where your lsof and netstat resides.
  • discoUser is a user that must have root access.

What to do (enhanced ADM)

To set up and use enhanced ADM, perform these steps:
  1. Enable enhanced ADM with the glide.discovery.enable_adme Discovery property.
  2. Determine the base directory where the TCP tracking file is placed on the host computers. If you want to change the location, specify it in these Discovery properties:
    • glide.discovery.adme.base_dir_unix
    • glide.discovery.adme.base_dir_windows
  3. Do either of the following based on the operating systems of the host computers:
    • Linux: modify the sudoers file to include the necessary commands.
    • Windows: Set the mid.windows.management_protocol parameter on the MID Server to use WinRM or WMI. This parameter sets the protocol that your MID Server uses to communicate with remote Windows hosts.
  4. Create a schedule and run Discovery.
  5. View the results in the TCP tables.
  6. Optionally control both the size of the TCP tracking file and the payload using parameters on the enhanced ADM probes. See TCP connection discovery for the names of the probes and parameters.

Configure ADM discovery parameters and properties

Using properties, you can enable or disable ADM discovery, and you can set the location of the TCP tracking file for enhanced ADM.

Before you begin

Role required: admin

About this task

You can also control both the size of the TCP tracking file and the payload using parameters on the enhanced ADM probes. See TCP connection discovery for the names of the probes and parameters.

Procedure

  1. Navigate to System Properties > Discovery.
  2. Configure the following properties:
    Table 1. ADM properties
    Property Description
    glide.discovery.enable_adme ADME: Enable enhanced ADM probe. If "yes", the ADM Enhanced probe will be triggered and only fall back to the ADM probe as needed.
    • Type: true | false
    • Default value: false
    glide.discovery.application_mapping Enable the application mapping feature. When this property is set to true, all discoveries trigger the relevant ADM probe during the exploration phase if Discovery finds a server.
    Attention: Disabling this property disables the creation of relationships between applications but does not disable the ADM probes and sensors, nor does it prevent process classification.
    • Type : true | false
    • Default value: true
    glide.discovery.adme.sampling_interval ADME - Sampling interval (sec): How often to sample process and connection data in seconds. Must be a minimum of 5 seconds.
    • Type : integer
    • Default value: 120
    glide.discovery.adme.base_dir_unix ADME: Unix Base Dir: An existing directory on the target Unix machines to be used as a workspace. Must be an absolute path to the directory. The UNIX and Linux credentials that you use to connect to the device must also be able to access this folder.
    • Type: string
    • Default value: /tmp
    glide.discovery.adme.base_dir_windows ADME: Windows Base Dir: A network share on the target Windows machines to be used as a workspace. If you change the directory, it must also be a network shared folder.
    • Type: string
    • Default value: admin$\temp
    glide.discovery.adme.aggregation_interval ADME - Aggregation interval (sec): How often to aggregate instantanous data into chunks in seconds. It must be a minimum of 60 seconds and it must be a multiple of ADME Sampling interval.
    • Type: integer
    • Default value: 3600
    glide.discovery.adme.rolling_window_size ADME - Rolling window size: How many recently aggregated chunks to keep. An aggregated chunk consists of ADME Aggregation interval divided by ADME Sampling interval samples. Only the newest chunks will be kept.
    • Type: integer
    • Default value: 24
    glide.discovery.adme.max_total_samples ADME - Max total samples: The limit of samples being taken by the script. The script will stop running after this amount of samples are taken.
    • Type: integer
    • Default value: 100
  3. Click Save.