Discovery credentials

rishi4200 · ‎02-20-2018

Hi Experts,

Good Morning !

Could someone please let me know if we need to provide credentials for each and every device which we need to discover

under Discover ---> credentials ?

Suppose an organization has 50 desktops which we need to discover then do we need to provide credentials for each desktop ?

Thank you.

Rishi

dravvyramlochun · ‎02-20-2018

Hello

Credentials required for discovery of hosts running on UNIX/Linux:

Discovery and Orchestration explore UNIX and Linux devices by using SSH credentials to execute commands over Secure Shell (SSH). SSH commands must run with root privileges, either with root credentials or through the use of sudo.

To provide sufficient permissions, configure one of the following Unix and Linux credentials:

Non-root user and password and using the ‘sudo’ utility to run selected commands as root
Root user and password

For information on commands requiring sudo-level rights, see Service Mapping commands requiring a privileged user and Commands that require root privileges for Discovery and Orchestration.

To access Unix-based hosts with non-root credentials, provide the read access to the following files and directories:

/etc/*release
/etc/bashrc
/etc/profile
/proc/cpuinfo
/proc/vmware/sched/ncpus
/var/log/dmesg
APD directory

Credentials required for discovery of hosts running on Windows Servers:

To provide sufficient permissions, configure one of the following Windows credentials:

A domain user with local administrator access on the target Windows hosts.
A domain administrator.
Note: You may need domain administrator credentials only in some cases. For example, when discovering domain controllers.

Configure Windows credentials.

Configure MID Server to use Windows credentials.

Reference: https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/service-mapping/re...

Thanks,
Dravvy

Please Hit Helpful or Correct depending on the impact of the response

View solution in original post

dravvyramlochun · ‎02-20-2018

Hello

Credentials required for discovery of hosts running on UNIX/Linux:

Discovery and Orchestration explore UNIX and Linux devices by using SSH credentials to execute commands over Secure Shell (SSH). SSH commands must run with root privileges, either with root credentials or through the use of sudo.

To provide sufficient permissions, configure one of the following Unix and Linux credentials:

Non-root user and password and using the ‘sudo’ utility to run selected commands as root
Root user and password

For information on commands requiring sudo-level rights, see Service Mapping commands requiring a privileged user and Commands that require root privileges for Discovery and Orchestration.

To access Unix-based hosts with non-root credentials, provide the read access to the following files and directories:

/etc/*release
/etc/bashrc
/etc/profile
/proc/cpuinfo
/proc/vmware/sched/ncpus
/var/log/dmesg
APD directory

Credentials required for discovery of hosts running on Windows Servers:

To provide sufficient permissions, configure one of the following Windows credentials:

A domain user with local administrator access on the target Windows hosts.
A domain administrator.
Note: You may need domain administrator credentials only in some cases. For example, when discovering domain controllers.

Configure Windows credentials.

Configure MID Server to use Windows credentials.

Reference: https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/service-mapping/re...

Thanks,
Dravvy

Please Hit Helpful or Correct depending on the impact of the response

tim_broberg · ‎02-20-2018

Typically, one would provide a common account on all 50 machines with the same credential.

If you choose to have 50 different credentials, discovery will keep trying credentials until it succeeds the first time, which can tend to raise security alarms.

Once one credential works, for any given mid server, that credential / mid server / credential / target combination will be remembered in the dscy_credentials_affinity table.

rishi4200 · ‎02-20-2018

Thanks Tim for your response !

tim_broberg · ‎02-20-2018

I have seen users with one credential per server who load their credentials into CyberArk. The mid server asks CyberArk for the correct credential for the system, and CyberArk provides it.