Discovery and Inventory Group

 View Only
Back to Library

Network Discovery and Inventory for Network Devices Tips and Tricks Article 3 

Oct 29, 2018 12:16 PM

Pluggable Protocol Architecture

Pluggable Protocol Architecture, or PPA, provides a profile that allows you to use multiple credentials and protocols for tasks needed by the Notification Server. Network Discovery requires the use of a connection profile from PPA in order to authentication and use the various protocols it supports. In the previous article (2) we created the credentials needed, and now we’ll tie them together using a connection profile in PPA.

 

The following steps walk through setting up a Connection Profile for use with Network Discovery.

  1. In the Symantec Management Console, browse under Settings > All Settings > Monitoring and Alerting > Protocol Management > Connection Profiles > and select Manage Connection Profiles.
  2. Click the Add settings button.
  3. Provide a Connection profile name, such as “Network Discovery Protocols”.
  4. In the list of protocols, use the arrow to expand the section for ICMP.
  5. Increase the Timeout to 1000 miliseconds.
  6. Increase the Retry count to 2. This will help avoid timeouts which could cause a device not to be discovered.
    NOTE: Increasing the timeout and retry count will increase the time it takes for a Discovery to run
  7. Turn on the protocol by clicking the red light indicator dropdown and selecting “On”.
  8. In the list of protocols, use the arrow to expand the section for SNMP.
  9. Under the SNMP Versions radial select, choose either V2 or V3.
  10. For V2, from the community names: dropdown, select the credentials created previously for SNMP V1 V2. Note that if you did not need to create a credential for this, i.e. public is the correct community string for all devices, the default credential will work.
  11. Review the Read field to ensure you have the correct community strings listed.
  12. Timeout and Retry count values are generally sufficient.
  13. For V3, from the community names: dropdown, select the credentials created previously for SNMP V3.
  14. Review the Read field to ensure you have the correct community strings listed.
  15. Timeout and Retry count values are generally sufficient.
  16. Turn on the protocol by clicking the red light indicator dropdown and selecting “On”.
  17. In the list of protocols, use the arrow to expand the section for SSH.
  18. In the dropdown, select the credentials you created for SSH.
  19. Check the details to ensure the Username is the one you intend for the Discovery process.
  20. Change the Port if needed, and increase the Timeout only if timeouts are suspected.
  21. Turn on the protocol by clicking the red light indicator dropdown and selecting “On”.
  22. In the list of protocols, use the arrow to expand the section for WMI.
  23. In the dropdown, select the credentials you created for WMI.
  24. Check the details to ensure the Domain and Username is the one you intend for the Discovery process.
  25. Timeout and Retry count values are generally sufficient.
  26. Authentication Level is generally sufficient being unchecked.
  27. Enable and check the settings for any other protocol you may be using, such as AMT.
  28. Click OK to save the connection profile.

 

When complete, ensure all desired protocols are turned on. The following screenshot shows and example of the completed profile, without SSH since no Mac systems were to be discovered:

 

You are now ready to run a Network Discovery!

 

Troubleshooting Tips

  • If you are getting inconsistent results, where some devices are discovered and others are not, increase the timeout settings for both ICMP and SNMP. If latency on the network causes a timeout to occur, we may not gather data on a device. For ICMP triple the numbers, and for SNMP double them. Play with these settings as it will increase the time it takes to run a Network Discovery, so you can find the lowest timeout value possible that will work in the environment.
  • For WMI if it is not working as you would suspect, and you’ve successfully used wbemtest to connect to it, you may need to enable Use authentication level. There are a number of values so they will need to be tested in order to find the right one. It is recommended to test against a single Windows computer as you work to find a valid setting.
  • Disable protocols not being used. If all Protocols are enabled, each protocol will be attempted against each IP Address found as part of the Discovery process. This will increase the amount of time it takes to complete a Network Discovery.
  • For advanced troubleshooting, or if you need to report an issue to Symantec Support, you can enable trace logging. You can do this by following the knowledgebase article here: How to easily enable both Network Discovery and PPA trace logging

Next Article:

Network Discovery and Inventory for Network Devices Tips and Tricks Article 4

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.