Horizontal discovery process flow with probes and sensors

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Horizontal discovery process flow with probes and sensors

    The horizontal discovery process in ServiceNow systematically identifies and classifies devices on a network using a sequence of probes and sensors. This process involves four key phases—scanning, classification, identification, and exploration—that work together to gather information about target machines and update the Configuration Management Database (CMDB) accordingly.

    Show full answer Show less

    Process Flow and Key Features

    • Initiation: Discovery starts when a user schedules it or triggers it on-demand, specifying IP addresses or ranges to scan.
    • Scanning Phase: The Shazzam probe is first placed in the External Communication Channel (ECC) queue, and the MID Server executes it to detect open ports on target machines using protocols like WMI, HTTP, SSH, and SNMP. Response data identifies the machine type.
    • Classification Phase: Based on port responses, Discovery sends a classification probe to determine machine specifics such as operating system version, which defines the Configuration Item (CI) class.
    • Identification Phase: Discovery selects the appropriate classifier for the CI class, which dictates which identification trigger probes to run. These probes run via the MID Server and gather detailed identification data. Discovery then uses sensors to process this data and applies identification rules to insert or update CIs in the CMDB. An alternative approach may use a horizontal pattern probe that handles both identification and exploration operations without additional probes.
    • Exploration Phase: Discovery runs exploration trigger probes specified in the classifier to collect further data on the CI. Data returned is processed by sensors to update the CMDB similarly to the identification phase.

    Practical Implications for ServiceNow Customers

    This structured probe and sensor approach enables customers to accurately discover, classify, identify, and enrich CIs in their CMDB. Understanding this flow helps optimize discovery schedules, ensure comprehensive network visibility, and maintain up-to-date asset information crucial for IT service management.

    The horizontal discovery process passes through the four phases of discovery using probes, which gather information on the target machine, and then sensors, which help Discovery determine what to do with that information.

    Kicking off discovery

    A user triggers horizontal discovery by configuring a discovery schedule or by launching an on-demand discovery with Discover now or Quick Discovery. The schedule specifies one or more IP addresses or range of IP addresses.

    Scanning phase

    1. Discovery first takes the Shazzam probe (and then port probes) and places it in a request in the External Communication Channel (ECC) queue.
    2. The MID Server checks the ECC queue, retrieves the discovery request, and runs the probes against the host and discovers open ports.
    3. The port probes scan common ports using several protocols, such as WMI, HTTP, SSH, and SNMP.
    4. If one or more ports respond, the Shazzam probe sends information about the port back to the ECC queue through the MID Server.
    5. Discovery checks the ECC queue to find out which ports responded, which identifies the type of machine. For example, if Shazzam detects that the machine is listening on port 22, Discovery treats the machine as a UNIX or Linux machine.

    Classification phase

    1. The Discovery application determines which classification probe to send to the newly discovered device by using information in the record of the port probe that successfully responded.
    2. Discovery puts the classification probe into the ECC queue.
    3. The MID Server checks the ECC queue, retrieves the discovery request, and runs the classification probe.
    4. The classification probe retrieves additional information, such as which version of the operating system is running on a machine. This information determines the class of the CI that Discovery found. There is only one classification probe per discovered device.
    5. The classification probe sends information back to the instance ECC queue through the MID Server.

    The Identification phase

    1. Discovery determines which classifier to use based on the class of the CI and the criteria specified in all CI classifier records. The classifier specifies which probes to use for the next two phases.
    2. Discovery puts the identification trigger probe for the CI classifier into the ECC queue. For example, a UNIX machine running HP-UX would require the HP-UX classifier, which specifies that the Multi Probe-HP-UX Identity identification trigger probe. These probes use identification rules to determine whether or not to insert or update a CI in the CMDB.
      Note:
      The trigger probe could also be the Horizontal Pattern probe, which tells Discovery to follow the operations in the specified pattern, rather than sending out additional probes. The operations in the pattern cover both the identification and exploration phases. Discovery knows which identification rules to use based on the CI type, and Discovery makes inserts or updates to the CMDB based on these rules. Probes and sensors are not used.
    3. The MID Server checks the ECC queue, retrieves the discovery request, and runs the identification trigger probe.
    4. The identification probe accumulates identification data for each device and sends that data back to the instance via the MID Server.
    5. Discovery uses sensors for the identifier probe to process the information.
    6. Discovery performs the analysis on the CMDB using CI identifiers. Discovery can update existing CIs in the CMDB or create new ones.

    The Exploration phase

    1. Discovery looks at the Triggers Probes related list in the classifier to find exploration probes to run.
    2. Discovery puts the exploration trigger probe into the ECC queue.
    3. The MID Server checks the ECC queue, retrieves the discovery request, and runs the exploration trigger probes.
    4. The probes send data back to the instance via the MID Server and sensors make updates to the CMDB, just as in the identification phase.