What are the pros and cons of auto discovery vs manual population of the CMDB?

jbarfield
Tera Contributor

I am relatively new to ServiceNow discovery and would like some guidance on how to populate the CMDB.
I have the following questions:

 

  1. What are the benefits of Auto Discovery?
  2. What are the benefits of Manual Population?
  3. What are some of the challenges with Auto Discovery?
  4. What are some of the challenges with Manual Population?

 

Thanks for you time

7 REPLIES 7

poyntzj
Kilo Sage
  1. If your network and devices are all set correctly, then it is a set and go and you will get information of all your devices automatically.  
    any new devices added, if setup correctly and in the correct ranges will auto add
    You will get lots of data back if you want (all routing on routers / switches, windows services, processes, SQL databse information, IIS information, VMWare)
  2. The data you are manually adding should be certified and is known to be correct / good / active.   however,... is it ?   Are you sure ?
  3. Mainly security.  
    wrong credentials
    security not configured correctly on devices - SNMP ACL or Traps,
    credentials have insufficient rights to Windows - designed or unintentional (devices not attached to a domain, GPO's not applied correctly)
    insufficient rights to SQL / IIS, etc
    Too much data for your requirements
    If you need to scan specific devices, you may need to create own probe
    SNMPv3 is currently not supported (Been told it is in Fuji)
  4. Making sure you have all the information as it is a manual process
    Keeping the data upto date - use Data Certification


We use Discovery in our main Datacenters and the Windows / VM information is very good.


Linux for us is not so good as we use Suse and i have not yet writtent anything to discover the devices, but its coverage is limited and the devices are in our CMDB via the VM Scans.


We have performed a scan of all the Network gear globally.   We got good returns of data compared to our monitoring tools, but when checking against a Cisco Managment tool we realised there are various items of kit (mainly switches in local offices, so not under global control) that we are not scanning.   Initial investigations show these are down to SNMP not being configured correctly, or an ACL/Trap set so the Servicenow MID servers cannot scan.   We are addressing


We are just finalising a global Firewall upgrade and the set standard is SNMPv3.   As we are on Calgary this is proving to be fun, but I will soon have something in place to scan all the addresses of our ASA/ISR/ASR's and bring that into Servicenow - even if it is basic.


For Domain Controllers and all local kit in China, we import that via a JDBC link from the relevant LANDesk cores.   Domain controllers are blocked for security reasons and as all our devices have LANDesk, it is easier to import all workstation information from LANDesk that perform a number of scans.



It does take some time and we do have a scheduled job that runs weekly to look at any asset not updated for over 3 months and then mark it as "retired".


These CI's are not visible in any form so cannot be chosen


we have seen an issue in Calgary where some SQL information is not updated, so when we have an SQL server retire, there are BR's set to search any SQL information / IIS info and then mark that retired too.


Thank you for your input.   This is very helpful information.


You may need to import an MIB or add OID's too.   forgot about that as I think I added a couple only.


Thanks good to know.