Configuring a Generic Service Dependency Scan
This lesson will explain how to scan for Generic Service Dependency scan within an organization. The Generic Service Dependency detection capability enables the discovery of devices that host services for use by other devices, and discovery of devices that use these services. The lesson assumes that you have already installed your PAD and set up Windows credentials. See the previous lessons in this chapter if you have not done so.
Asset Vision® uses an agentless method of scanning. Agentless scanning has the profound benefit of being non-disruptive to the configuration of your target systems. The method we use to perform discovery is based on the creation of scanning jobs that run according to a particular schedule. The scan jobs implement the various discovery techniques built into Asset Vision®.
Create a New Generic Service Dependencies Scan
Navigate to: Setup > Discovery > Scan Jobs > Manage. This data view displays all of the currently existing scan jobs.
- Click New at bottom of page to launch the Scan Job Setup Wizard.
- In the Selection dialog, select the Databases and Services job category.
- In the job type: drop-down, select Generic Service Dependencies using Netstat and Traceroute.
- Click OK.
Configure the Generic Service Dependencies Scan Settings
In the Configuration section:
- Discovery Probe: Select either NMAP or ICMP. NMAP is more thorough due to port probing, providing a detail from the scan, while ICMP will provide a faster scan with less information about the devices discovered.
- IPs per launch: This is the number of IP addresses that will be scanned per scan iteration (the maximum number of IP Addresses that will be scanned simultaneously).
- Traceroute Protocol Type: Select either ICMP or UDP protocols, depending on your need. Note: Windows and AIX platforms use only ICMP and UDP protocols respectively for Dependency scanning.
- UDP port (if UDP protocol selected): UDP port required by systems involved in the traceroute.
- Number of hops: This is the number of hops that a traceroute will follow between devices in a service dependency.
- Wait timeout for each hop: the maximum number of time in seconds to wait for a hop to resolve
Location
If the NMAP or ICMP options were selected in the previous step, the Location options step will appear, else this section will be skipped and proceed to the Schedule section.
- Select an Existing IP Range from the list that you have already defined, or you can also define a New IP Range here in the Include Ranges: and Exclude Ranges: boxes.
- Click Next.
Schedule
- Select the desired Scan Window, or leave as Default if you would like for the scans to run at any time. For more information see Setting up a Scan Window.
- Pick the desired Schedule Type for the scan job.
- Check Enabled if you want to enable the scan job to run as scheduled once you save and finish the wizard.
- Select the Time Zone and Time. Note that the time zone will be saved in GMT/UTC time.
- Configure remaining options (Day of week:, Run on:, Repeat every:, etc.)
- Click Next.
Review and Implement
- Give the Scan Job a meaningful name.
- Select a PAD Server. Scan jobs run on a particular PAD, so you need to assign this to a particular PAD. The type of scan has a bearing on which PAD Asset Vision loads the job onto. For example, there would be no point setting up a Windows scan on a PAD that has no Windows machines that it can access.
- Save and Run the scan immediately or Save and Finish configuring the scan job and let it run at the scheduled time.