Deeper understanding of the Discovery processes.

humblecommitted
Kilo Guru

Hello Community,

I had a few questions on the Discovery process with ServiceNow:

  1. How does the Discovery schedule call upon probes?
    • does it run through all probes configured on the instance, or
    • do you configure specific probes to run?
      • if so where do we go to attach what probes to run on the scheduled discovery?
  2. Correct me if I am wrong, but what I gather from ECC Queue is the probes that ran will be stored here for review?
  3. I noticed pre-configured OOB sensors in ServiceNow and they take the information gathered from the probes and converts them to data to populate the ServiceNow CI, what if we have special commands that run powershell or special ssh commands, how do use these sensors to capture these outputs?
    • Do we have to script a special javascript to convert this data?
    • is there OOB scripts that we can use to capture the probe outputs of the special commands that were run?

Thanks in advance.

Sincerely,

Humble committed student.

1 ACCEPTED SOLUTION

glennpinto
Kilo Guru

See answers inline:



  • How does the Discovery schedule call upon probes?
    • does it run through all probes configured on the instance, or

Discovery goes through 4 phases:


1. Shazzam: Port scan to see what type of device responds (Windows, UNIX, SNMP)


2. Classify: Determines exact type of device (i.e Windows 2003)


3. Identify: Determine to insert or update a CI


4. Exploration: Discovers additional attributes on device (i.e. CPU, Memory etc)


So discovery only uses the probes and sensors needed for a specific type of device




    • do you configure specific probes to run?

Baseline, discovery deploys all the needed probes/sensors automatically to discover a specific type of device.


      • if so where do we go to attach what probes to run on the scheduled discovery?

If you build your own probe to discover attributes of a device that are not collected in a baseline instance, you would have to add the probe to the trigger probe list of the specific classifier you want it to run for (see the classifiers under Discovery Definition > CI Classifier, this is where you would add your own probes to be deployed for a certain type of device, i.e. solaris, switch, windows 2008)


  • Correct me if I am wrong, but what I gather from ECC Queue is the probes that ran will be stored here for review?

Yes, this will show all probes deployed and the results returned from each probes if you view the details of the input record.


  • I noticed pre-configured OOB sensors in ServiceNow and they take the information gathered from the probes and converts them to data to populate the ServiceNow CI, what if we have special commands that run powershell or special ssh commands, how do use these sensors to capture these outputs?
    • Do we have to script a special javascript to convert this data?
    • is there OOB scripts that we can use to capture the probe outputs of the special commands that were run?

If you build your own probe you will have to build your own sensor in order to parse the data returned in the payload from the execution of the probe on the target. I would view some of the baseline sensors to see how they are configured to react to a specific probe. From the sensor you can add your logic to write specific data returned from the probe execution to a specific field for the CI in the CMDB. This is one of the few areas when working with Discovery where you will need to have javascript skills. Most of Discovery requires only configuration and knowlege of networking/operating systems.



Additionally we have a 2 day Discovery training that takes you through all the ins and outs of running Discovery and building probes/sensors. Highly recommended to take this training to save time in the learning process.


See link below.


ServiceNow Discovery


View solution in original post

5 REPLIES 5

Chuck Tomasi
Tera Patron

Hi,



Let me take a crack at these... there's a lot of information and I recommend you consider taking our Discovery course to better appreciate what is going on here.



Training info: ServiceNow Discovery



1. Discovery schedules kick off what we call a "Shazzam" problem. This goes through the IP range you specify and checks the protocols configured (e.g. SNMP, WMI, and SSH) to see what ports respond. At this point it is just asking "Is there anyone home and GENERALLY, what type of system are you?" The shazzam probe returns the results and the instance makes a note of them. Then, one by one, it tries to figure out what type of devices they are. We call this classification. It just launches some basic probes based on the previous results (e.g. a uname command against hosts that responded with ssh.) Once it classifies, then we try to identify based on the classification, and finally we explore the details based on the identification/classification. The probes you may be looking at are in the explore phase at the end.



http://wiki.servicenow.com/index.php?title=Discovery_Agentless_Architecture#gsc.tab=0



2. The ECC queue is a channel with which we communicate with the MID server. It is used for discovery, integrations, and more.


http://wiki.servicenow.com/index.php?title=MID_Server#gsc.tab=0



3. If you want to extend the probes and sensors to include your own custom PowerShell, Unix commands, or SNMP OIDs, then you will also need to create a sensor to process the results returned. This requires a bit of JavaScript knowledge and our API. It's all documented.


http://wiki.servicenow.com/index.php?title=Discovery_Probes_and_Sensors


Thank you for your prompt reply Chuck,



I will review your information.


johnram
ServiceNow Employee
ServiceNow Employee

The ServiceNow Wiki content is no longer supported. Updated information about this topic is located here:


Discovery Probes and Sensors
MID Server        
     
 


Visit http://docs.servicenow.com for the latest product documentation


glennpinto
Kilo Guru

See answers inline:



  • How does the Discovery schedule call upon probes?
    • does it run through all probes configured on the instance, or

Discovery goes through 4 phases:


1. Shazzam: Port scan to see what type of device responds (Windows, UNIX, SNMP)


2. Classify: Determines exact type of device (i.e Windows 2003)


3. Identify: Determine to insert or update a CI


4. Exploration: Discovers additional attributes on device (i.e. CPU, Memory etc)


So discovery only uses the probes and sensors needed for a specific type of device




    • do you configure specific probes to run?

Baseline, discovery deploys all the needed probes/sensors automatically to discover a specific type of device.


      • if so where do we go to attach what probes to run on the scheduled discovery?

If you build your own probe to discover attributes of a device that are not collected in a baseline instance, you would have to add the probe to the trigger probe list of the specific classifier you want it to run for (see the classifiers under Discovery Definition > CI Classifier, this is where you would add your own probes to be deployed for a certain type of device, i.e. solaris, switch, windows 2008)


  • Correct me if I am wrong, but what I gather from ECC Queue is the probes that ran will be stored here for review?

Yes, this will show all probes deployed and the results returned from each probes if you view the details of the input record.


  • I noticed pre-configured OOB sensors in ServiceNow and they take the information gathered from the probes and converts them to data to populate the ServiceNow CI, what if we have special commands that run powershell or special ssh commands, how do use these sensors to capture these outputs?
    • Do we have to script a special javascript to convert this data?
    • is there OOB scripts that we can use to capture the probe outputs of the special commands that were run?

If you build your own probe you will have to build your own sensor in order to parse the data returned in the payload from the execution of the probe on the target. I would view some of the baseline sensors to see how they are configured to react to a specific probe. From the sensor you can add your logic to write specific data returned from the probe execution to a specific field for the CI in the CMDB. This is one of the few areas when working with Discovery where you will need to have javascript skills. Most of Discovery requires only configuration and knowlege of networking/operating systems.



Additionally we have a 2 day Discovery training that takes you through all the ins and outs of running Discovery and building probes/sensors. Highly recommended to take this training to save time in the learning process.


See link below.


ServiceNow Discovery