Overview
Depending on your specific environment, infrastructure, and applications that you plan to discover and integrate with the ServiceNow CMDB, going through lessons specific to your implementation is recommended, however this lesson provides a wealth of information regarding several typical discovery options that ServiceNow customers are performing to populate their CMDB
discovery playlist link: Discovery
Types of discovery:
There are two types of discovery:
1. Horizontal Discovery
Horizontal discovery is a technique that Discovery uses to scan your network, find computers and devices, and then populate the CMDB with the CIs it finds. Horizontal discovery does create direct relationships between CIs, such as a runs on
relationship between an application CI and the actual computer CI that it runs on. Horizontal discovery is not aware of business services and does not create relationships between CIs based on the business service they are in.
2. Top-down discovery
Top-down discovery is a technique that Service Mapping uses to find and maps CIs that are part of business services, such as an email service. For example, top-down discovery can map a website business service by showing the relationships between an Apache Tomcat web server service, a Windows server, and the MSSQL database that stores the data for the business service.
Typically, Service Mapping and Discovery work together to run horizontal discovery first to find CIs, and then top-down discovery to establish the relationships between business services that you need to know.
Note: CMDB’s are often just glorified spreadsheet inventories that contain no relationships. When populating the CMDB with 3rd party data imports, generally only attributes are brought in with no relationships. ServiceNow Discovery and Service Mapping create relationships which turns an inventory into a true CMDB.
Discovery Phase
Phase 1: Scanning
When Discovery is initiated, a probe called Shazzam is launched to detect open ports on devices in the network. The data returned is used by the Shazzam sensor to identify certain characteristics about these devices based on the activity known to exist on these ports. For example, UNIX-based operating systems communicate with the SSH protocol over port 22, and Windows communicates with the WMI protocol over port 135 or higher. Discovery makes certain assumptions about the devices, applications, and processes running on these ports and launches the appropriate classify probes to find out more.
Phase 2: Classification
If Discovery receives a response from a device on a specific IP address, it sends additional probes to find the type of device or the operating system on the device. For example, Discovery sends the WMI probe to a Windows machine to detect the Windows 2012 operating system. Then Discovery uses records called classifiers, which specify the trigger probe or probes that run during the next two phases. If you are using patterns, the classifier specifies a trigger probe that in turn launches a pattern.
Phase 3: Identification
Discovery tries to gather more information about the device and then tries to determine if a CI for the device exists in the CMDB. Discovery then uses additional probes, sensors, and identifiers to update existing CIs in the CMDB or create new ones. CI Identifiers, also known as identification rules, specify the attributes that are used when identifying the discovered CIs against the CIs that already exist in the CMDB. In recent releases where patterns are used, the patterns contain steps that collect the needed attributes used to perform identification of the CI and determine if it is a new CI or a CI that already exists in the CMDB.
Phase 4: Exploration
The identifier launches additional probes configured in the classifier. These probes are especially designed as exploration probes to gather additional information about the device, like the applications running it, and additional attributes, such as memory, network cards, and drivers. Discovery then creates relationships between applications and devices and between applications. In recent releases where patterns are used, the patterns contains steps that perform the exploration of the CI.
Discovery Schedules
A schedule determines what horizontal discovery searches for, when it runs, and which MID Servers are used. You can use a Discovery schedule to launch horizontal discovery, which uses probes, sensors, and pattern operations to scan your network for CIs.
Use the Discovery Schedule module in the Discovery application to:
- Configure device identification by IP address or other identifiers.
- Determine if credentials are used in device probes.
- Name the MID Server to use for a particular type of discovery.
- Create or disable a schedule that controls when the discovery runs in your network.
- Configure the use of multiple Shazzam probes for load balancing.
- Configure the use of multiple MID Servers for load balancing.
- Run a Discovery schedule manually.
- Run Discovery on a single IP address.
Discovery Schedule Scan Types
Configuration Items
Performs a complete scan of all devices reachable and accessible by Discovery. Robust hardware data, installed software, and application data are collected and inserted or updated in the CMDB. This option is the most commonly used scan type and therefore is the default option.
IP Addresses
Scans devices without the use of credentials. These scans discover all the active IP addresses in the specified range and create device history records, but do not update the CMDB. IP address scans also show multiple IP addresses that are running on a single device. Identify devices by class and by type, such as Windows computers and Cisco network gear. The Max range size Shazzam probe property determines the maximum number of IP addresses Shazzam scans.
Networks
Often used by customers that have little awareness of their network which could be due to someone with the knowledge leaving the company or an acquisition resulting in a gap of visibility.
Through a starting router configuration, Discovery scans and identifies routed IP networks from routers and L3 switches by collecting information from their ARP table. From this information, Discovery learns about the originating router and its peers. Peers will also be queried that may know of the same type of information. Discovery will communicate with those peers and their peers spidering through the network that it has access to until an edge router is reached or the number of peers is exhausted.
Results from this search are used to populate the IP Network [cmdb_ci_ip_network] table with a list of IP addresses and network masks. This data can then be used to create IP range sets that allow a Discovery administrator to add the records to standard configuration item type discoveries finding the available hosts and CIs on a company network.
It is important to note that network discovery does update routers and layer 3 switches in the CMDB that are identified as either starting devices or peers, but will not update any CI’s in the ranges it discovers
Service
Discovers services for the Service Mapping application.
This option is only available on the Service Mapping Discovery Schedules form by navigating to Service Mapping > Administration > Discovery Schedules.
Serverless
Discovery can find applications on host machines without the need to discover the host first.
Serverless discovery relies on infrastructure patterns to explore CIs on a host. This kind of discovery skips the scanning and classification phases of discovery. There are two types of serverless discovery: standard and host-based. Both types require an infrastructure pattern.
The infrastructure patterns that serverless discovery uses are triggered from a Discovery schedule, rather than from a classifier. Serverless discovery ignores classifiers. Use a serverless schedule type for both types of serverless discovery. Google Cloud and Kubernetes discovery can both been executed by Serverless discovery.
Cloud application
Discovers only the cloud resources for the patterns that are specified.
Cloud resources
Discovers resources on AWS and Azure clouds such as the availability zone, region, image etc. This option only appears when discovery is run from a service account. It cannot be selected from a new Discovery schedule.
[…] Horizontal discovery is a technique that Discovery uses to scan your network, find computers and devices, and then populate the CMDB with the CIs it finds. via […]
Hi Runjay, I need cmdb and discovery setup docs that you shows during video. I need prerequisites for cmdb and discovery setup and common errors comes in discovery docs. it will reakly helpful for me if u share that?
This blog post have all the content which i was referencing during the video, what else you need?
Hi Runjay,
Hope you’re doing well too!
I recently completed some ServiceNow training, but your explanation of discovery was much clearer. I really enjoyed it!
In your video “ServiceNow discovery tutorial | ServiceNow discovery full course | ServiceNow discovery fundamentals,” you showed a CMDB PowerPoint presentation around the 20-minute mark. I couldn’t find it on your blog. Could you let me know where I can access it?
Thanks in advance!