Configuring a Network Service Dependency Scan

This lesson will explain how to scan for Network Service Dependency scan within an organization. The Network Service Dependency detection capability enables the discovery of devices that host services for use by other devices, and discovery of devices that use these services. The lesson assumes that you have already installed your PAD and set up Windows or SSH credentials.

Asset Vision® uses an agentless method of scanning.  Agentless scanning has the profound benefit of being non-disruptive to the configuration of your target systems.  The method we use to perform discovery is based on the creation of scanning jobs that run according to a particular schedule.  The scan jobs implement the various discovery techniques built into Asset Vision®.

1. Create a New Network Service Dependency Scan

Create a New Generic Service Dependencies Scan

Navigate to: Setup > Discovery > Scan Jobs > Manage. This data view displays all of the currently existing scan jobs.

  1. Click New at bottom of page to launch the Scan Job Setup Wizard.
  2. In the Selection dialog, select the Databases and Services job category.
  3. In the job type: drop-down, select Performance and Network Service Dependencies.
  4. Click OK.

2. Configure the Network Services Dependency Scan Settings

Configure the Network Service Dependencies Scan Settings

In the Configuration section:

  1. Discovery Probe: Select either NMAP or ICMP. NMAP is more thorough due to port probing, providing a detail from the scan, while ICMP will provide a faster scan with less information about the devices discovered.
  2. IPs per launch:  This is the number of IP addresses that will be scanned per scan iteration (the maximum number of IP Addresses that will be scanned simultaneously).
  3. Collect network activity: Check this box to enable the PAD probe that will collect the network service dependency data.
  4. Traceroute Protocol Type: Select either ICMP or UDP protocols, depending on your need. Note: Windows and AIX platforms use only ICMP and UDP protocols respectively for Dependency scanning.
  5. UDP port (available if UDP protocol is selected): UDP port required by systems involved in the traceroute.
  6. Number of hops: This is the number of hops that a traceroute will follow between devices in a service dependency.
  7. Wait timeout for each hop: the maximum number of time in seconds to wait for a hop to resolve.
  8. Click Next.

3. Select PAD

Select PAD

Select a PAD from a list of existing PADs from the drop down list. Click Next to continue.

4. Location

Location

Select a desired pre-defined IP Range Set:

  1. Click the Add (plus sign) button. This will bring up the IP Range Set dialog that contains previously-defined in other scan jobs or created manually via the IP Ranges UI.  
  2. Check the IP Ranges to be included in the Scan Job.
  3. At this point, you may also create a new Range Set by clicking New. This will open the IP Range Sets dialog that will allow you to define the new Range Set. For more information on this dialog, see the Create a New IP Range lesson.
  4. Click the Remove (minus sign) button to remove any unwanted IP Range Sets from the Scan Job.
  5. Click Next.

5. Select Credentials

Select Credentials

Add Credentials to be used for rights to successfully scan using the desired probes:

  1. Mark the Select credentials to be used for current scan: check box to use only the specified credentials for the current Scan Job.
  2. To use any available, pre-defined credentials, leave this box unchecked. The Scan Job will go through each available credential until the scan is successful.
  3. For any given credential type, click the Add (plus sign) button.
  4. In the Credential User Name dialog, select the credential or credentials required for the Scan Job. These credentials shall have sufficient rights to the endpoints to be successfully scanned.
  5. At this point, you may also create a new Credential by clicking New. This will begin the Create a New Credential process.
  6. Click the Remove (minus sign) button to remove any unwanted Credentials.
  7. Click Next.

6. Add Schedule

Add Schedule
  1. Select the desired Scan Window, or leave as Default if you would like for the scans to run at any time. For more information see Setting up a Scan Window.
  2. Pick the desired Schedule Type for the scan job.
    • Daily Schedule: Scan occurs every N days beginning at a specified time.
    • Weekly Schedule: Scan occurs on specified day(s) during the week (Monday, Wednesday, Friday, etc), beginning at a specified time.
    • Monthly Schedule: Scan occurs on a specified day of the month (Calendar day, or First Wednesday, Second Tuesday, etc.), repeating every N months, beginning at a specified time.
    • Repeating Schedule: Scan occurs continually throughout the defined Scan Window. A Repeating Schedule considers Scan Window Stop times a Pause instead of a Stop, and the scan continues at the next defined Start time. A Repeating Scan can only be stopped manually, and will stay stopped until it is restarted manually.
    • None: Default. Leave blank to create a Scan Job that will not be scheduled, and will not run until initiated manually.
  3. Check Enabled if you want to enable the scan job to run as scheduled once you save and finish the wizard. This option is helpful if you need to temporarily disable a scan job for any reason, but want to keep the settings.
  4. Select the Time Zone and Time. Note that the time zone will be saved in GMT/UTC time.
  5. Configure remaining options specific to the schedule type (Day of week:, Run on:, Repeat every:, etc.)
  6. Click Next.

7. Review Configuration

Review Configuration
  1. Provide a Name for the Scan Job.
  2. Review the Scan Job configuration summary. Click Back to modify any of the specified configurations.
  3. Click Save and Run to save the scan job and initiated it immediately, or Save and Finish to save the scan job and let it run at the scheduled time.