Discovery101 Overview

Discovery
101
Douglas Schulze
Senior Consultant for Automa6on
ServiceNow
Anders Henriksson
Senior Technical Consultant
ServiceNow
Lab Agenda
Se>ng up a base Discovery on your lab instance is our goal today
We are going to do a basic Deployment and answer any
technical ques6ons around capabili6es
Mapping the Landscape
Execu6ng a Discovery
Test Outcome, basic troubleshoo6ng
Addi6onal resources
Q & A throughout
2013 ServiceNow All Rights Reserved 2

Our Guide Today
Before becoming a fan of
disco, Stu was known as
Nau6cal Stu due to his career
as a Sea Captain, before
giving it up for his disco.

In 2002 Disco Stu revealed
that he's aware disco is dead,
and that he does not even
like it anymore. He expresses
worry that he has let disco
dene him as a person and
fears becoming a "one note
guy. simpsons.wikia.com

That was un6l.. Sevicenow
gave him new purpose

What is Discovery?
ServiceNow discovery is an agentless method of popula6ng your
CMDB with relevant hardware and so\ware assets within your
enterprise enterprise environment
U6lizing a specic step or phased process we remotely discover your

Windows and Unix computers/servers, network devices, powering and
prin6ng equipment and most any other IP enabled device that we can
talk to

With our plaborm we map specic Applica6on to Host and Applica6on
to Applica6on dependencies. Please be sure to go to Discovery 201
Applica:on Mapping
*We do not build physical, Layer 2, Hardware rela:onships

Discovery Value Return
Asset Management
Many enterprise environments have limited visibility to the hundreds or thousands
of devices that make up their IT environment. It is cri6cal to have the capability to
account for and iden6fy IP connected computers services printers and the
mul6tudes of dierent IP enabled assets within a global or local environment

Applica6on Management
Knowing just that an asset exists can be valuable in any environment. However
ServiceNows discovery takes it to the next level by iden6fying the running
applica6ons, installed so\ware, versions and patch levels

Outage Impacts
With our advanced mapping technology not only are you provided the ability to
understand what physical assets are under your control but what applica6ons they
are running. We provide the insight of applica6on dependencies so you can quickly
iden6fy the impact a server or related services have on your environment when
they go down for maintenance or suer an unexpected outage

Local Footprint from the cloud
The MIDServer
To gather your important data and providing for industry standard
security requirements a MIDServer applica6on will be deployed
within your infrastructure for the agent less, behind the rewall
look into your secure environment
Secure outbound only 128bit SSL communica6on to your specic
ServiceNow applica6ons, complying with strict Corporate and
Regulatory standards

Deploying a MIDServer
Due to lab limita6ons this is an instructor
demonstrated piece. A MIDServer has been pre-
deployed to allow for our environment
For those with access and ability you can deploy your
own MIDServer on your laptops so please follow along
if you can
Fun Fact: the MID in MIDServer is an acronym that

stands for Management, Integra6on, Discovery

Downloading your MIDServer
1

3

2
Get your MID on

1. In the Applica6on Search Bar.. Search for mid server
2. Click the Downloads link
3. Select your Opera6ng System saving the link to your desktop

MIDServer needs to be known as well
The MidServer authenticates like any other user
when talking to the application, however with its own
specific role the mid_server role
MIDServers can share logins
The user will be the identity that creates and/or
updates records

Create the MIDServers User
1
3

2

Create a User for our MIDServer applicaMon
1. In the Applica6on Search Bar.. Search for users
2. Click Users
3. Select New

Create the MIDServers User
Create a unique name for your
MidServers user
Provide a password that meets 1
your internal security
requirements. The more complex
the beoer!
1. Right click and save the record

You will see a new related list
Roles, click edit
Provide this user with the
mid_server role, then save
You will see by adding one role,
the user inherits other necessary
roles to properly func6on

On the host Deploy the MidSever
First Create a folder
structure
Create o your preferred
local drive a folder called
ServiceNow
Inside that folder create
another folder called
DiscoveryMidServer

Extract the MidServer
DoubleClick the
downloaded zip le
On the top le\ of the
window select Extract all
les
Browse to your folder
loca6on you just created
Click Extract

Extract the MidServer
You will now see you have an agent folder
Click into that folder and open the cong.xml le with wordpad.
To do so, right click the le chose open with > wordpad
Or you can choose your favorite advanced text editor such as
TextWranger or Notepad ++

Congure the MidServer
1. Add the URL to your ServiceNow instance
2. Enter the username and password you ini6ally created for the
MidServer
3. Give the MidServer a unique name
4. Save and close the record

Start it Up!
In your /agent folder
Double Click the start.bat!
Check the wiki for unique start up instruc6ons for OS types

Start it Up!
1. Log onto your instance and search Disco
2. Select the MID Servers module in the Discovery Applica6on
3. *Note the IP Address of the Mid Server, we will need that later!

Time to get YOU to work!
From here you will be conguring your lab
instance
We will be crea6ng schedules and running
a discovery
You will be using the pre-installed
MIDServer on your instances.

Set your CredenMals
Select the creden6als module in the Discovery Applica6on
Enter Creden6als for the en6re environment (Windows does need
PowerShell discovery enabled)*See wiki
Unix creden6als need limited SUDO permissions*See wiki
Enter yours!

Set your CredenMals
Select the creden6als module in the Discovery Applica6on
Select new
1
2
3
4
1. Name it
2. Select SSH
3. User name: discovery
4. Password: d!$c0

Create a Discovery Schedule
1. Log onto your instance and search Disco

2. Select the Discovery Schedules module in the Discovery Applica6on
3. Select New

Congure your schedule
1
4
2
3
1. Enter the name of your schedule, normally folks name by loca6on

2. Set the MIDServer you would like to use
3. Are you discovering a geographic loca6on?
4. Check ac6ve and alive
Alive Log the IP addresses that were responsive but not available to be discovered
Log state changes tell me about the complete transi6on of a record through its
discovery process

Congure your schedule
This is where you will enter you IP Ranges

In real life you could have full networks, individual IPs or range groups to a limit
of 100k per schedule
Today click Quick Ranges on the form and enter the IP address of the MidServer

Disco(very) Stu says lets party!
Click discover now!

Reviewing Results..
Click on status under the discovery applica6on

This list contains all discoveries run either on a scheduled basis or on demand

Reviewing Results..
Here in the status record we can see all the work taking place
The Dierent sec6ons include the log, ECC Queue Table and the
devices we discovered
Understanding the Discovery Process
Discovery uses a repe66ve step by
step process to populate the CMDB
to ensure we are bringing back only
the most valued of informa6on
Port Scan (Shazzam)

Classica6on
Iden6ca6on
Explora6on
Process Classica6on

Port Scan - Shazzam
(1) SHAZZAM
Scan for ac6ve devices
Shazzam probe
Ports determined by Port Probes
and/or specic behavior
Each Port Probe is determined by
IP Services
You can have mul6ple ports per
Port Probe (ex: mul6ple ssh ports)

ClassicaMon
(2) CLASSIFICATION
Classify type of device
Unix
Windows
Network D
Computers are classied by
opera6ng system

Network Devices are classied
primarily by func6onality (power,
print, switch, route)

IdenMcaMon
(3) IDENTIFICATION
Iden:fy the par6cular device
following a specic set of rules
The iden6ty probe launched is

dictated by the CI classica6on
A\er the iden6ty probe nishes,

the sensor runs through the CI
Iden6ers looking for a match in
the CMDB

IdenMcaMon Rules
In iden6ca6on Three things can happen based on a complete match

Find no complete match create
Find single complete match - update
Stop evalua6on we found the match
Find mul6ple matches stop
But rst check all the rules to make sure there isnt a complete match

ExploraMon
(4) EXPLORATION
Explore the device

Time to nd the good stu

Probes launched are dictated by
the CI classica6on
trigger_probes list with phase
equal to Explora6on

Process ClassicaMon
In the explora6on phase we gathered all the processes
that were running at the 6me of discovery
Discovery will build two primary types of applica6on
rela6onships
Applica6on to host Runs on::Runs
Based on the running process
Applica6on to applica6on Depends on::Used by
Based on the running processes TCP connec6ons

ApplicaMon RelaMonship
Building

Create a process classier
First lets look at the returned device in the status record
Click on CMDB CI
returned value
and focus on the
running processes

Iden6fy the Java process that tomcat runs under
Click on the Process ID (PID) of the process with /usr/lib/jvm/

java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java

Lets nd something unique to use in our process classica6on
That bootstrap value looks good!

But does that process also make connec6ons to other devices? Lets
check the TCP connec6ons and see if that PID is communica6ng with
something else

Create a process classifier
Indeed that applica6on is making a TCP connect to port 3306 (MSQL)

Excellent! Lets Map it Dan-O


Select Processes under Discovery Deni6on > CI Classica6on Group
Then click the new Buoon

Here well give it a Name of Tomcat
Dene a table that it should live in
We have an OOB table already
Dene the rela6onship
Most Common is Runs on ::Runs
Right click the grey header bar and select save

Here we dene what the signature

of that running process. In the name
eld value we chose from the actual
running process. These are case
sensi6ve!
name
command
parameters

Excellent! Now lets go run another discovery against our

device.Back to discovery schedules, chose your schedule
and discover now again
Remember you can always add addi6onal proves and
sensors to gather addi6onal informa6on from the
applica6on when it found
Click discover now!

Reviewing Results..
Click on status under the discovery applica6on

This list contains all discoveries run either on a scheduled basis or on demand

Reviewing Results..
Lets look at the record under devices

Reviewing Results..
Click on the BSM icon and revel in your disco!

Reviewing Results..

Adding Discovery Horsepower!
You might recall from looking at our

MIDServer list that we deployed two
midservers for this lab!
You can u6lize mul6ple MidServers to work
as a cluster to perform discoveries even
quicker
As an added bonus all our clusters include
failover!

Adding Discovery Horsepower
IN the applica6on search bar lets look for Mid server

Then Select Servers

Select the rst

MIDServer in the list
Clusters work basked on the MidServers

capability. Basically, you are telling the
instance what tasks the MIDServer is
capable of performing based on protocol

Since these are linux based midservers they cant do Windows queries so
select all but Powershell and WMI then add them over to the capabili6es list
(Inside baseball) Clusters

were developed for RBA but
discovery gets to reap its
benets.
NOTE: Discovery doesnt care
about capabili6es, just that
they exist, so be sure to have
only like opera6ng systems in
the same cluster
Rinse and repeat for the second MidServer

Now its 6me to set up your cluster. Select clusters from the Mid Server applica6on
Then select new

Name this Load Balance or of

course what ever you would like
to reference it by..
Choose Load Balance
Click Submit
A Load Balance Cluster will u6lize A Failover cluster will only use the
all Mid Servers in the group and it rst MIDServer in the group and
inherently includes failover. will fail over to the next, based on
Where if a MIDServer goes down its order.
the work it was doing or pending
to do will be reallocated to all
other Mid Servers in the group

Select Edit
And just like you did with the

capabili6es include the Mid
Servers you want to include, add
both

Select Edit
Now we have our cluster group!

By just calling a MIDServer that is part of the cluster the instance

automa6cally knows to use all in the group to perform the task
Click discover now!

Disco(very) Stu says Thats a Wrap
And here we have the load balancing across our two Mid Servers

Q&A
Great sources of informa6on:

Discovery Wiki
hop://wiki.servicenow.com/index.php?6tle=Discovery
Discovery Community
hop://community.servicenow.com/forum/administra6on/
enterprise-discovery

Top Three Takeaways
Discovery is agentless
Easily congurable
Extensible

SoWhat Did You Think?
Please complete your survey form
and hand it in as you leave the room
This is how we will transform this

amazing Knowledge13 event into
a spectacular Knowledge14 event

Thank You

Doug Schulze Anders Henriksson
Automa6on Consultant Automa6on Consultant
ServiceNow ServiceNow
Doug.schulze@servicenow.com Anders.Henriksson@servicenow.com


Discovery101 Overview

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Discovery101 Overview

Uploaded by

Copyright:

Available Formats

Discovery

2013 ServiceNow All Rights Reserved 2

2013 ServiceNow All Rights Reserved 3

U6lizing a specic step or phased process we remotely discover your

*We do not build physical, Layer 2, Hardware rela:onships

2013 ServiceNow All Rights Reserved 4

2013 ServiceNow All Rights Reserved 5

2013 ServiceNow All Rights Reserved 6

Fun Fact: the MID in MIDServer is an acronym that

2013 ServiceNow All Rights Reserved 7

Get your MID on

2013 ServiceNow All Rights Reserved 8

2013 ServiceNow All Rights Reserved 9

2013 ServiceNow All Rights Reserved 10

1. Right click and save the record

2013 ServiceNow All Rights Reserved 12

2013 ServiceNow All Rights Reserved 13

2013 ServiceNow All Rights Reserved 14

2013 ServiceNow All Rights Reserved 15

2013 ServiceNow All Rights Reserved 16

2013 ServiceNow All Rights Reserved 17

2013 ServiceNow All Rights Reserved 18

2013 ServiceNow All Rights Reserved 19

2013 ServiceNow All Rights Reserved 20

1. Log onto your instance and search Disco

1. Enter the name of your schedule, normally folks name by loca6on

This is where you will enter you IP Ranges

2013 ServiceNow All Rights Reserved 23

Click discover now!

2013 ServiceNow All Rights Reserved 24

Click on status under the discovery applica6on

2013 ServiceNow All Rights Reserved 25

Port Scan (Shazzam)

2013 ServiceNow All Rights Reserved 27

2013 ServiceNow All Rights Reserved 28

2013 ServiceNow All Rights Reserved 29

The iden6ty probe launched is

A\er the iden6ty probe nishes,

2013 ServiceNow All Rights Reserved 30

In iden6ca6on Three things can happen based on a complete match

2013 ServiceNow All Rights Reserved 31

Explore the device

2013 ServiceNow All Rights Reserved 32

2013 ServiceNow All Rights Reserved 33

2013 ServiceNow All Rights Reserved 34

2013 ServiceNow All Rights Reserved 35

Click on the Process ID (PID) of the process with /usr/lib/jvm/

2013 ServiceNow All Rights Reserved 36

That bootstrap value looks good!

2013 ServiceNow All Rights Reserved 37

2013 ServiceNow All Rights Reserved 38

Then click the new Buoon

2013 ServiceNow All Rights Reserved 39

Right click the grey header bar and select save

2013 ServiceNow All Rights Reserved 40

Here we dene what the signature

2013 ServiceNow All Rights Reserved 41

Excellent! Now lets go run another discovery against our

Click discover now!

2013 ServiceNow All Rights Reserved 43

Click on status under the discovery applica6on

2013 ServiceNow All Rights Reserved 44

Lets look at the record under devices

2013 ServiceNow All Rights Reserved 45