For this article, I'll cover technical details of how Discovery works. Read through the following sections for insight on the process.
Advanced Settings
This section will be remarkably short. In two places you have Advanced Settings, both as a global in the Symantec Management Console under Settings > All Settings > Discovery and Inventory > Network Discovery Settings, and within the Advanced Settings button per Network Discovery Task. The one setting is for the threads used for the discovery task.
As a general rule, this setting should be left alone. If you have having resource problems on the Notification Server when a discovery runs you can try lowering this amount. If the lowering does not change the behavior, set it back to 40.
Discovery Engine
Network Discovery uses a myriad of ways to find devices. Understanding what methods are used can help troubleshoot issues that may arise when using the product. There are two main categories for discovery. The first is labeled Main Engine, or those items done that are not exposed through the Connection Profile. The second are those exposed and configured through PPA’s Connection Profile. Each section is covered below.
Many of the original protocols the engine used exclusively have been broken out into the connection profile. There are a few items Discovery uses as part of its discovery that does not show up in the list.
Port Scan – This is not configurable, but Network Discovery scans the open ports on a device to try and determine what that device is. Based on what is returned, it can deduce if a device is a switch, router, or other device based on what ports are available. As this is not configurable, there is no visibility into this process.
For Windows systems the Master Browse List is queried in order to get a list of known systems and there NetBios Names and IP Addresses. This allows the engine to check known names against the IP Addresses it has in its list to discover. Almost all other protocols supersede the use of this method so often the end result is not factored by the MBL data.
These are configured via the PPA Connection Profile covered in a previous section. Each Protocol interacts differently with the devices and are unique to that protocol.
ICMP – When ND uses the ICMP protocol; ND queries the device using ICMP (echo(8)); ND queries the device using NetBIOS status (UDP 137); and ND queries the DNS server (UDP 53) with forward and reverse lookups. The forward lookup is based on the name returned from the device and the Notification Server NIC's DNS Suffix Search List. Here are commands that simulate these actions:
- - Ping request: ping 192.168.2.15
- - NetBIOS query: nbtstat -A 192.168.2.15
- - DNS forward lookup: nslookup -type=a sql-w2k8-01.epm.local
- - DNS reverse lookup: nslookup -type=ptr 192.168.2.15
SNMP – The following details concern SNMP v2. v3 uses secure methods.
When ND uses the SNMP protocol; ND queries the device using SNMP (UDP 161), authenticating using the community string provided by the connection profile; next ND queries device using NetBIOS and the DNS server as described above; finally ND queries the device using SNMP for additional information. Essentially the ND with SNMP includes everything from ND with ICMP, plus some SNMP items.
The SNMP calls are made using the GET command specifying a specific SysObjectID. These IDs are garnered from the MIB files already pre-loaded. MIBs represent Object IDs and what values they represent. A collection of standard MIBs (RFC), or specifically SNMP SysObject ID calls, are supported by virtually all network devices. Network Discovery uses these calls to fetch basic data from all devices it comes into contact with that supports SNMP.
AMT – AMT, or Intel vPro technology, must be configured and setup in order to be used by Network Discovery. The connection profile entry for AMT must also be setup properly for it to be utilized. This is not an easy process, so if you are unsure if you have AMT capable and enabled systems, you probably don’t. Prior to AMT 9, AMT uses soap-http (16992); AMT-soap-https (16993)
The process of setting up AMT is difficult. Please refer to the following links when looking to use AMT:
The following are a list of protocols and what calls/ports they use:
- ASF > asv-rmcp (udp:623)
- IPMI > asv-rmcp (udp:623)
- SSH > ssh (tcp:22)
- VMWare > https (tcp:443)
- WMI > netbios-ns (udp:137) & epmap (tcp:135)
- WS-MAN > oob-was-http (tcp:623)
Next Article:
Network Discovery and Inventory for Network Devices Tips and Tricks Article 7