Credential-less host discovery occurs when a scanned host is found to be alive, but not
active, or when all configured credential-based classification probes have failed.
How the host Discovery pattern is launched
If the Shazzam probe scans a host that is alive but not active, and if credential-based
classification probes fail, horizontal Discovery launches the Credentialless Discovery
Network Device pattern to gather host information. If the host being scanned does not have a
CI defined, Service Mapping launches the HorizontalDiscoveryProbe probe, which in turn
launches the Credentialless Discovery Network Device pattern. This pattern attempts to
create a new CI if one does not already exist for the scanned host or to update an existing
CI in the Hardware [cmdb_ci_hardware] table.
Important :
To allow the
Credentialless Discovery Network Device pattern to launch, ensure that the
mid.discovery.credentialless.enable system property is set to
true. To disable, ensure this property is set to
false.
Tableau 1. ECC Queue entries
The system creates these entries in the ECC queue during execution of the
HorizontalDiscoveryProbe. Figure 1. Credential-less Discovery
Tableau 2. Log messages
These log messages are published during execution of the
HorizontalDiscoveryProbe.Figure 2. Credential-less host identifier
The Nmap command
The Nmap command executed on the MID Server determines if the host is up. Using the IP address and a list of ports passed to Nmap by the pattern, Nmap performs reverse DNS name resolution to identify the host name associated
with the IP address. If multiple host names are configured, the first name returned by Nmap is used. If no host name is configured, then the IP address of the remote host is used to create the host CI. The Npcap packet capture
library, included with the Nmap installation, identifies the host operating system family. If the scanned host is located on the same subnet as the WindowsMID Server host that executes Nmap, the remote host's MAC address is returned.
Remarque :
The list of ports that Nmap is configured to scan during credential-less host Discovery is stored in the IP Service
[cmdb_ip_service] table, which is editable. By default, all ports are available for scanning. To block the use of any port for an Nmap scan, set the value in the Credentialless Discovery [cl_discovery]
column to false.
Figure 3. Credential-less port list
Creating or updating host CIs
After successful execution of the Credentialless Discovery Network Device pattern, the SetCredentialLessDeviceClassName MID Server script runs to identify the operating system family of the discovered host.
The system class of the host CI is based on the operating system family that is returned by Nmap. If the OS family matches one of the six supported server operating systems, then the system uses a server class derived from the
Hardware [cmdb_ci_hardware] base class, such as Linux Server [cmdb_ci_linux_server]. If no match is found, the system uses the base class.
Remarque :
When the issue with the credentials is resolved and Discovery runs again, the instance uses the serial number,
host name, and system class provided by credential-based discovery to update the host CI that was created by credential-less Discovery.
Tableau 3. Supported OS families
OS family
CI table
AIX
cmdb_ci_aix_server
HP-UX
cmdb_ci_hpux_server
Linux
cmdb_ci_linux_server
Solaris
cmdb_ci_solaris_server
OS X or iOS
cmdb_ci_osx_server
Windows
cmdb_ci_win_server
Undefined
cmdb_ci_hardware
Hardware identification
The Discovery - IP Based [com.snc.discovery.ip_based] plugin adds an identifier to the
Hardware Rule for the Hardware [cmdb_ci_hardware] base table that matches on the host CI
name for Nmap scans. The Hardware Rule is used by both
credential-based and credential-less Discovery.Figure 4. Credential-less hardware rule
