Application Dependency Mapping (ADM) for Discovery
-
- UpdatedAug 1, 2024
- 5 minutes to read
- Xanadu
- Discovery
Application Dependency Mapping (ADM) discovers CIs by detecting TCP connections between devices.
When ADM discovery is enabled, Discovery always runs the ADM probes during the exploration stage to find the TCP traffic on your network. Using these TCP connections, Discovery can find additional CIs and create relationships between them.
IPv6 Is supported for ADM.
Standard and enhanced ADM discovery
- Standard ADM discovery
- Triggers an ADM probe to take a single snapshot of TCP connections on target
machines using
netstat
andlsof
commands. However, it does not detect new TCP connections that occur between these 24-hour intervals.Standard ADM discovery is enabled by default.
- Enhanced ADM (ADME) discovery
- Triggers an enhanced ADM probe that installs a script on host machines on which Discovery takes regular samples of active TCP connections. You can use a
set of properties and probe parameters that control several aspects of enhanced ADM
discovery.
ADME discovery is not enabled by default.
Service Mapping uses the ADM probes for traffic-based discovery. See Discovery based on Predictive Intelligence for more information.
Requirements
- Windows
- Unix
- Solaris (On Solaris machines, enhanced ADM is available in global zones. Only standard ADM is available for local zones.)
- AIX
- HP-UX
To use the WMI protocol, version 3.0 of PowerShell is required.
If you set your Windows server Execution Policy to RemoteSigned or AllSigned, ADME can run PowerShell scripts. You must import the ServiceNow certificate to the trusted publisher in order for the scripts to execute properly.
TCP tracking file for enhanced ADM
The first time that Discovery launches the enhanced probe, no TCP information is gathered. Rather, the enhanced probe only deploys the TCP tracking file, in which information about detected TCP connections is saved. After Discovery runs again, the enhanced probe relays the contents of the TCP tracking file back to the instance via the MID Server. The information is saved in the CMDB.
- Windows:
admin$\temp\{your_instance_name}
. While TCP connections are being monitored, the information is stored in memory and then later saved to the file. - Linux:
/tmp/{your_instance_name}
.
If you disable enhanced ADM, Discovery cleans up the folders from the host file system the next time Discovery runs, but the TCP tracking file remains.
Requirements for Enhanced ADM on Linux machines
- Windows
- Utility tool support: netstat
- Required sudoer commands: None
- Additional requirements: None
- AIX
- Utility tool support:
- netstat
- lsof (if netstat does not work)
- Required sudoer commands:
Cmnd_Alias ADME_CMDS=/usr/bin/netstat -Aan, /usr/sbin/lsof -iTCP -n -P
discoUser ALL=(root)NOPASSWD:ADME_CMDS
Defaults:discoUser ! requiretty
- Additional requirements: None
- Utility tool support:
- Solaris
- Utility tool support:
- netstat (for Solaris version 11.2)
- lsof (for Solaris versions prior to 11.2)
- Required sudoer commands:
Cmnd_Alias ADME_CMDS = /usr/bin/netstat,/opt/csw/bin/lsof -iTCP -n -P -zglobal
discoUser ALL=(root) NOPASSWD:ADME_CMDS
Defaults!ADME_CMDS !requiretty
Cmnd_Alias ADME_PS = /usr/ucb/ps
discoUser ALL=(root) NOPASSWD:ADME_PS
Disco ALL=(root) /usr/bin/pfiles
Disco ALL=(root) /usr/bin/pgrep
Defaults!ADME_PS !requiretty
Note: You must add -zglobal for lsof to run.
- Additional requirements: Add the lsof path to the secure path. For example, if
the path to lsof is /opt/csw/bin, the secure path should be
secure_path =
/usr/bin:/usr/sbin:/bin:/sbin:/opt/csw/bin
Note: The commands with
PS
apply to standard ADM as well as enhanced ADM.
- Utility tool support:
- HP UX
- Utility tool support: lsof
- Required sudoer commands:
Cmnd_Alias ADME_CMDS = /usr/local/bin/lsof -iTCP -n -P
discoUser ALL=(root) NOPASSWD:ADME_CMDS
Defaults!ADME_CMDS !requiretty
Note: Netstat is not supported.
- Additional requirements: None
- Centos and Ubuntu
- Utility tool support: None
- Required sudoer commands:
Cmnd_Alias ADME_CMDS = /usr/sbin/lsof -iTCP -n -P, /usr/bin/netstat -antp, /sbin/ss -tlnp, /sbin/ss -tenp
discoUser ALL=(root) NOPASSWD:ADME_CMDS
Defaults!ADME_CMDS !requiretty
- Additional requirements: None
ADME_CMDS
is a variable referring to a list of commands./usr/bin/
is the directory where your lsof and netstat resides.discoUser
is a user that must have root access.
Setup and use enhanced ADM
- Enable enhanced ADM with the glide.discovery.enable_adme Discovery property.
- Determine the base directory where the TCP tracking file is placed on the host
computers. If you want to change the location, specify it in these
Discovery properties:
glide.discovery.adme.base_dir_unix
mid.powershell.target_base_dir
- Do either of the following based on the operating systems of the host computers:
- Linux: modify the sudoers file to include the necessary commands.
- Windows: Set the
mid.windows.management_protocol
parameter on the MID Server to use WinRM or WMI. This parameter sets the protocol that your MID Server uses to communicate with remote Windows hosts.
- Create a schedule and run Discovery.
- View the results in the TCP tables.
- Optionally control both the size of the TCP tracking file and the payload using parameters on the enhanced ADM probes. See TCP connection discovery for the names of the probes and parameters.
Configure ADM discovery parameters and properties
Using properties, you can enable or disable ADM discovery, and you can set the location of the TCP tracking file for enhanced ADM.
Before you begin
About this task
Procedure