Before deploying Operational Technology (OT) Discovery

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • The Discovery for Operational Technology (OT) solution enables you to set up the Service Graph Connector, Discovery Console for OT, Discovery Sensor for OT, and OT Discovery Collector needed to discover assets and in your OT environment.

    Before you deploy

    Here are a few questions that can help determine the environment architecture for the OT Discovery deployment. This list is not exhaustive:
    • Are you looking at OT devices or IT devices in the OT network?
    • Have you planned the Site location?
    • What is the network layout and architecture of the Site location?
      • Is it a flat or segmented layout?

      • The best way to start is to place a Discovery Sensor for OT in a location that includes many of the devices to be queried.

      • Next, place additional Sensors in areas of the network that might have segmentation or other barriers, such as a NATed environment or segmented silos.

    • Are there any Network zones in place? Such as NATed networks? Do you have any copy-paste networks, that is, networks within the site which have the same IP address ranges. It is important to note that if a Sensor is placed in a zoned location that can be reached from multiple Sensors, or in cases where assets are dual homed, ensuring the zoned Sensor is properly documented is important to ensure duplication of assets are not created.
    • What are the communication pathways that exist within the site? This helps determine where to place the Discovery Sensors.
    • If a Sensor is deployed in each NW zone, can it communicate with the assets in the OT network?
    • If there are sub-networks where the Sensor cannot reach, are there any devices where the OT Discovery Collector needs to be installed?
    • Where does the Discovery Console for OT get installed?
    • Can one Console be used for multiple sites or does the deployment require on Console per site?
    • Is there a communication path between the Discovery Sensors and the Discovery Console for OT?
    • Does the MID Server exist in DMZ?
    • Is there a communication path between the Console and the MID Server?
    • Are there any other tools (IDS or Discovery tools) in the environment?

    Adding capabilities over time

    With Discovery for OT, you can add layers of capabilities over time such as:
    • Deploy the Discovery Console for OT and Discovery Sensor for OT in a central location with access to multiple sites.
    • Deploy the Discovery Sensor for OT and additional Sensors at individual sites for policy enforcement or non-IP-enabled assets as needed.

    Adding locations over time

    On a site-by-site level, you can add locations over time:
    • Deploy the Discovery Console for OT and the Discovery Sensor for OT at a pilot site.
    • Repeat the process for additional sites.