Account credentials for discovery account

Go to solution
LesM
Kilo Contributor

‎04-20-2018 01:41 AM

We are planning to deploy CMDB / Discovery to our estate -  One of the early phases will be the discovery for the CMDB - to do this we need to create "discovery accounts " on every server.  This will take a long time in our compoany so I wanted to kick this exercise off as soon as possible.  I need to know what the permissions the account requires and anything else specific about the account (i.e. do not force password reset on login !).  There are about 9000 servers to be manage so I don't want to start this and have to redo it.

 

Thanks

 

Labels:
0 Helpfuls
  • 6,280 Views
1 ACCEPTED SOLUTION

Go to solution
John Shores1
ServiceNow Employee
ServiceNow Employee

‎04-20-2018 08:25 AM

Les,

Discovery will need one or more credentials for each type of device you plan to discover - network gear (SNMP), Windows (WMI), Linux (SSH), load balancers (SNMP, SSH), etc. Some devices will need more than one type of credential.  In addition to credentials for each device, Discovery must have permissions on the target to execute privileged commands. It's important to get this access setup before you start to discover your environment.

Here's some pointers to get you started:

When you setup your credentials, pay attention to Credential Order. Credentials are used randomly until affinity is established. Credentials with lower numbers are used first, so make sure the credentials used most often have the lowest order numbers.

Also, the MID server service should be configured to autorun with the Windows domain account you plan to use to discover your Windows hosts with. That way, the MID server doesn't have to look for a credential for Windows hosts, it already has it.

Hope this helps!

John

 

View solution in original post

2 REPLIES 2

Go to solution
dravvyramlochun
ServiceNow Employee
ServiceNow Employee

‎04-20-2018 02:35 AM

Hello Les,

 

Have a look at the below:

Permission requirements for Windows credentialsProvide the proper permissions for the Windows creden...

To provide sufficient permissions, Windowscredentials must be one of the following:

  • A domain user with local administrator access on the target Windows hosts.
  • A local account that has administrator privileges and User Access Control (UAC) disabled on the same target host.
  • A user who meets the requirements of Discovery Windows probes and permissions (Discovery only).
  • A user who meets the requirements of the Orchestration activity to be run (Orchestration only).

 

Other references:

https://community.servicenow.com/community?id=community_question&sys_id=30c347a5dbd8dbc01dcaf3231f96...

https://docs.servicenow.com/bundle/helsinki-it-operations-management/page/product/service-mapping/re...

 

Thanks,
Dravvy

Please Hit Helpful or Correct depending on the impact of the response

Go to solution
John Shores1
ServiceNow Employee
ServiceNow Employee

‎04-20-2018 08:25 AM

Les,

Discovery will need one or more credentials for each type of device you plan to discover - network gear (SNMP), Windows (WMI), Linux (SSH), load balancers (SNMP, SSH), etc. Some devices will need more than one type of credential.  In addition to credentials for each device, Discovery must have permissions on the target to execute privileged commands. It's important to get this access setup before you start to discover your environment.

Here's some pointers to get you started:

When you setup your credentials, pay attention to Credential Order. Credentials are used randomly until affinity is established. Credentials with lower numbers are used first, so make sure the credentials used most often have the lowest order numbers.

Also, the MID server service should be configured to autorun with the Windows domain account you plan to use to discover your Windows hosts with. That way, the MID server doesn't have to look for a credential for Windows hosts, it already has it.

Hope this helps!

John