Difference between cloud discovery and IP based discovery?

Go to solution
pratiksha5
Mega Sage

‎11-22-2021 09:49 PM

What is the difference between discovering CI with the help of cloud discovery vs IP-based discovery? I notice even after creating a service account, we still need to give credentials to search the VMs in the cloud. 

0 Helpfuls
  • 4,468 Views
1 ACCEPTED SOLUTION

Go to solution
DaveHertel
Kilo Sage
Kilo Sage

‎11-22-2021 10:19 PM

Hello --

  Generally speaking, there are 2 types of discovery needed to get the 'full picture' of a virtual machine/device.   

1st cloud discovery gets the cloud-based meta data, such a network definitions (VPC details in AWS world), data centers, etc.   But this does not get the running details of the OS (processes, installed software, IP connections between nodes, etc.)... that's actually impossible in some cases if you think about it.  When a VM is shut OFF, there are no running processes, no IP connections between devices that are not running etc.. but the cloud disco can find the definition of the VM and its components (the config that is managed within the AWS console for example).  

2nd discovery is IP-based disco that is only possible when the VM machine is on, active and accessible.  When this 2nd disco runs, it can uncover IP connections, installed software, etc.. i.e. all the details that can be found only when the machine is up and running.

Same principal applies to all cloud and virtual environments.  The 1st disco is getting the definition of the virtual world and its hosting infrastructure, while the 2nd disco interrogates the running machines.

Hope this helps some?  

View solution in original post

12 REPLIES 12

Go to solution
DaveHertel
Kilo Sage
Kilo Sage

‎11-22-2021 10:19 PM

Hello --

  Generally speaking, there are 2 types of discovery needed to get the 'full picture' of a virtual machine/device.   

1st cloud discovery gets the cloud-based meta data, such a network definitions (VPC details in AWS world), data centers, etc.   But this does not get the running details of the OS (processes, installed software, IP connections between nodes, etc.)... that's actually impossible in some cases if you think about it.  When a VM is shut OFF, there are no running processes, no IP connections between devices that are not running etc.. but the cloud disco can find the definition of the VM and its components (the config that is managed within the AWS console for example).  

2nd discovery is IP-based disco that is only possible when the VM machine is on, active and accessible.  When this 2nd disco runs, it can uncover IP connections, installed software, etc.. i.e. all the details that can be found only when the machine is up and running.

Same principal applies to all cloud and virtual environments.  The 1st disco is getting the definition of the virtual world and its hosting infrastructure, while the 2nd disco interrogates the running machines.

Hope this helps some?  

Go to solution
pratiksha5
Mega Sage
In response to DaveHertel

‎11-22-2021 10:29 PM

Hi, Dave thank you for the reply. So when we do cloud discovery by creating a service account, it will discover cloud resources in cloud discovery. The after discovery for CI will discover the VMs. Do we have to provide credentials for discovering the VMs in cloud discovery? or it will discover with the help of the service account we created?

 

My understanding was after creating a service account it will discover all the resources and I don't have to give credentails individually.

 

0 Helpfuls

Go to solution
DaveHertel
Kilo Sage
Kilo Sage
In response to pratiksha5

‎11-23-2021 08:37 AM

Hi -- I believe the approach for the 2nd Discovery (i.e. IP-based disco) varies depending on the cloud provider.  For example, in AWS the current best practice is to set up cloud disco with appropriate AWS permissions to A) get all cloud details and then when configuring the disco-schedule there is an OPTION to allow the same AWS-account to do: B) IP-level discovery using the same authority access.   This simplifies the procedure because 1 master AWS acct can do EVERYTHING, ie. both 1st (cloud) and 2nd (IP) disco.  Of course, this situation still requires 2 phases (get cloud stuff, then get IP stuff).  This is for AWS as a best practice.. and this changed from a few years ago in an earlier version of SN.     

For Azure and other cloud providers, I'm not sure if there is a current capability within SN to do both step 1 and step 2 within a single schedule.  Perhaps there is.... i just haven't checked.  But I do know setting up AWS discovery has evolved and improved over the last several SN version.   If you are doing AWS disco, I recommend watching this

BEST PRACTICE:  AWS Discovery using Assume-Role based Disco technique
AWS Disco setup https://youtu.be/MMSpW1b3BlA  published April 2021.
 
Hope this helps??
0 Helpfuls

Go to solution
cynlink1
Tera Expert
In response to DaveHertel

‎05-04-2022 08:56 AM

Hi Dave,

For AWS, it is my understanding that I do not need to define specific IP ranges because Cloud Discovery automatically selects the IP addresses of the virtual machines in the data centers I select in the wizard. However, I was advised by a consultant that I need to manually define IP ranges for AWS to obtain the richer data needed for Service Mapping. Can you confirm if this is indeed necessary? 

I have already set up the AWS service account and credentials. I also have two discovery schedules configured - one for cloud stuff and one for VMs - see attachments. Would you mind taking a look at them and letting me know your thoughts?

Thanks in advance!

Preview file
205 KB
Preview file
148 KB
0 Helpfuls