What are the pros and cons of auto discovery vs manual population of the CMDB?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2014 05:53 AM
I am relatively new to ServiceNow discovery and would like some guidance on how to populate the CMDB.
I have the following questions:
- What are the benefits of Auto Discovery?
- What are the benefits of Manual Population?
- What are some of the challenges with Auto Discovery?
- What are some of the challenges with Manual Population?
Thanks for you time
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2014 07:16 AM
- If your network and devices are all set correctly, then it is a set and go and you will get information of all your devices automatically.
any new devices added, if setup correctly and in the correct ranges will auto add
You will get lots of data back if you want (all routing on routers / switches, windows services, processes, SQL databse information, IIS information, VMWare) - The data you are manually adding should be certified and is known to be correct / good / active. however,... is it ? Are you sure ?
- Mainly security.
wrong credentials
security not configured correctly on devices - SNMP ACL or Traps,
credentials have insufficient rights to Windows - designed or unintentional (devices not attached to a domain, GPO's not applied correctly)
insufficient rights to SQL / IIS, etc
Too much data for your requirements
If you need to scan specific devices, you may need to create own probe
SNMPv3 is currently not supported (Been told it is in Fuji) - Making sure you have all the information as it is a manual process
Keeping the data upto date - use Data Certification
We use Discovery in our main Datacenters and the Windows / VM information is very good.
Linux for us is not so good as we use Suse and i have not yet writtent anything to discover the devices, but its coverage is limited and the devices are in our CMDB via the VM Scans.
We have performed a scan of all the Network gear globally. We got good returns of data compared to our monitoring tools, but when checking against a Cisco Managment tool we realised there are various items of kit (mainly switches in local offices, so not under global control) that we are not scanning. Initial investigations show these are down to SNMP not being configured correctly, or an ACL/Trap set so the Servicenow MID servers cannot scan. We are addressing
We are just finalising a global Firewall upgrade and the set standard is SNMPv3. As we are on Calgary this is proving to be fun, but I will soon have something in place to scan all the addresses of our ASA/ISR/ASR's and bring that into Servicenow - even if it is basic.
For Domain Controllers and all local kit in China, we import that via a JDBC link from the relevant LANDesk cores. Domain controllers are blocked for security reasons and as all our devices have LANDesk, it is easier to import all workstation information from LANDesk that perform a number of scans.
It does take some time and we do have a scheduled job that runs weekly to look at any asset not updated for over 3 months and then mark it as "retired".
These CI's are not visible in any form so cannot be chosen
we have seen an issue in Calgary where some SQL information is not updated, so when we have an SQL server retire, there are BR's set to search any SQL information / IIS info and then mark that retired too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2014 07:57 AM
Thank you for your input. This is very helpful information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2014 08:26 AM
You may need to import an MIB or add OID's too. forgot about that as I think I added a couple only.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2014 08:29 AM
Thanks good to know.