Discovery and Inventory Overview

This lesson describes the Discovery and Inventory mechanisms within Asset Vision

Terminology

It is vital to start with two terms, which are often misused and frequently interchanged.

  • Discovery is the term used to describe the process of identifying live devices on a network, typically by finding a live IP number.
  • Inventory is the term used to describe the process of classifying what each device found during Discovery actually is and collecting details on the device, e.g. a computer, a serial number, the installed software, the hardware details, etc.

In short, Discovery is identifying the device, and Inventory is collecting details on the device.

Discovery and Inventory Process

In a typical scenario a user of Asset Vision scans a network of connected devices to find out what is attached.

The Discovery and Inventory process typically involves two phases;

  1. The Discovery of live IP numbers on the network.
  2. The subsequent Inventory of the discovered live IP numbers.

The phases run concurrently, in that discovered IP numbers are submitted for Inventory as they are found. As Discovery is faster than Inventory, the discovered IP numbers are queued for Inventory.

Discovery and Inventory Technologies

The technologies used for each phase are outlined below.

Discovery

Discovery uses one of two technologies to finding live IP numbers;

  • ICMP/PING: Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response.
  • NMAP port scan: NMAP is an application that will detect a live device number by checking a number of ports at each IP address. The ports that are checked are configurable.

The approach used depends on the network policies involved. ICMP/PING is quick as it only attempts to send the echo request to each IP address. However, it is easy to block and many networks and/or individual devices block it.

NMAP on the other hand is extremely effective at discovering and even classifying devices based on their responses to the port scan. However, it will be typically slower than ICMP/PING.

Inventory

The Inventory process uses a number of technologies depending on the device being inventoried;

  • Windows devices: Remote WMI calls are used to collect information on hardware, software and other aspects of the device.
  • Unix-type platforms such as Linux, Solaris, AIX, HP-UX: remote SSH calls are used to collect information on hardware, software and other aspects of the device.
  • ESX devices: https calls are used to collect information on hardware, software and other aspects of the device.
  • Routers, Switches, and other network devices: SNMP(Simple Network Management Protocol) is used to collect information on the device.

The selection of which technology to use for a given device is automatically performed by Asset Vision. Most Inventory technologies are secured in some way and typically require credentials to be supplied in order to access the device in question.

Discovery and Inventory Architecture

Discovery and Inventory Architecture

Asset Vision is hosted in Amazon’s AWS while a small component  the PAD  is installed onto the customer’s network. The PAD  Proxy, Adapter and Discovery  is responsible for carrying out all onsite tasks, under control of the Asset Vision server.

All Discovery and Inventory is performed on the PAD and operates remotely across the company network.

Once the physical components are in place, the PAD can be used for Discovery and Inventory.

IP Ranges, Credentials, Scan Rules and Jobs

Before a network can be scanned, some information is required;

  • IP Range: this is the range the scan should cover, e.g. 192.168.0.1  192.16.0.254
  • Credentials: these are the logon credentials used by the various Inventory technologies to access a device.
  • Scan Rules: Scan rules simply determine how Discovery is performed and what will be Inventoried. For example, Discovery could use ICMP/PING and Inventory Windows machines only, or Windows machines and ESX Servers.
  • Jobs: a job is a collection of IP Ranges, Credentials and Scan Rules for Discovery and Inventory. It can be run manually or scheduled. The job is defined and held on the server and when run specific instructions are sent to the PAD. For example, a job could be defined that only performed Inventory for Windows machines, across a range 192.168.0.1  192.16.0.254, using local Admin credentials and which ran every Sunday.

Probes and Processors

The Discovery Sequence is, as the name suggests, a sequence of operations that can be as complex or as simple as required. They can be written in Java or scripted.

Probes

A Probe is responsible for doing something in the environment, e.g. discovering IP numbers or manipulating a file. The output from a Probe is processed by a Processor. Probes are useful in gathering inventory data from servers and workstations.

Processors

A Processor is responsible for processing the output of the Probe, e.g. formatting some data, writing to the DB or even starting a secondary Probe (as with Inventory).

During Discovery and Inventory the DB is continually updated. First any discovered IP numbers are written to the cmdb_ci_network_device table, and some period of time later when Inventory may or may not have run against a device, the data is enriched with device class and other inventory data. So, we first discover and record the IP number and then attempt to inventory the device and update the information.

There are many secondary probes for each type of device, for example, for Windows there are these secondary probes;

  • WMI Base information
  • WMI Battery information
  • WMI Memory information
  • WMI Printer information
  • WMI Terminal Server information
  • WMI Partition information
  • WMI Network information
  • WMI Disk information
  • WMI Software information
  • WMI Patches information
  • WMI Tags information
  • WMI Hyper-V information

This is done for speed  to take advantage of the ability to run probes in parallel.

System Center Configuration Manager Probe

"SCCM” refers to "System Center Configuration Manager" as well as it's older identification as "Systems Management Server".

Asset Vision's current integration with SCCM allows the following:

  1. Collection of machine identification details held in SCCM.
  2. Matching of machines in Asset Vision with those known to SCCM.
  3. Creation of an uninstall job in SCCM for software packages detected by Asset Vision’s Inventory process.

The SCCM probe consists of two probes:

  • SCCM Inventory Probe
  • SCCM Uninstall Probe.

SCCM Inventory Probe

The Inventory probe is similar to other WMI-based probes, though it is designed to be used against a single SCCM site server, so currently the setup is manual through the Advanced Discovery menus (not via the job UI). It has very little configuration necessary to get it working  just the IP address of the site server.

Currently the SCCM Inventory Probe is designed to collect just the information needed to support the SCCM Uninstall Probe.

SCCM Uninstall Probe

The SCCM Uninstall Probe creates an uninstall job in SCCM. It allows any MSI package to be uninstalled, not just those packages that were defined to SCCM Software Distribution.

Unlike the Inventory probe, which runs as a normal Discovery job, the Uninstall probe always runs on demand, driven from a UI component. Like the Inventory probe, the Uninstall probe needs an SCCM site server to use, but there is more information that the probe uses to tell the SCCM server what to do.