Discovery for Operational Technology

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Discovery for Operational Technology

    Discovery for Operational Technology (OT) enables ServiceNow customers to identify and manage IT-class OT devices such as switches, routers, and computers within designated Purdue levels of Industrial Control System (ICS) networks. This discovery focuses on the IT and OT devices found in factories and industrial environments, extending beyond standard IT Discovery which primarily targets enterprise IT infrastructure.

    Show full answer Show less

    Key Features

    • Targeted Purdue Levels: Unlike standard Discovery, which operates mainly in Purdue Levels 4 and 5 (site business/logistics and enterprise network), OT Discovery focuses on Purdue Levels 3.5 (DMZ/Industrial DMZ) and 3 (site operations). This focus allows secure discovery of devices in plant control and monitoring zones without impacting sensitive lower levels (0-2), which are critical to industrial operations.
    • Discovery Process: The OT discovery process scans assigned IP ranges to identify hardware. For each discovered configuration item (CI), it triggers an internal event that checks and updates or creates corresponding OT entity records in the Configuration Management Database (CMDB).
    • Attribute Synchronization: The process synchronizes defined attributes from the OT discovery schedule to both the CI and related OT entity records, ensuring accurate and up-to-date device information.
    • Application Discovery: OT Discovery also identifies applications installed on OT devices and creates OT entity records for them, accessible via the Industrial Workspace under Applications.
    • Scheduling and Execution: Customers can define OT discovery schedules to control when and how discovery runs. Options include immediate Quick Discovery or full OT Discovery runs, orchestrated via the ServiceNow interface.

    Practical Considerations for ServiceNow Customers

    • Run OT Discovery primarily in Purdue Levels 3.5 (IDMZ) and 3 to avoid disrupting critical industrial processes.
    • Use OT discovery schedules to automate and tailor discovery activities, ensuring continuous and accurate inventory of OT devices and applications.
    • Leverage the integration with CMDB to maintain comprehensive asset records that include OT-specific entities, supporting improved operational visibility and governance.
    • Access discovered applications and devices through the Industrial Workspace for streamlined management of OT assets.

    Related Functionality

    Discovery for Operational Technology integrates with ServiceNow capabilities such as MID Server, horizontal discovery processes with probes and sensors, and OT extension classes. Customers can build on these to create a robust and secure OT asset management strategy within their ServiceNow environment.

    You can run the Discovery for Operational Technology function to discover IT class Operational Technology (OT) devices in designated Purdue levels in your Industrial Control System (ICS) networks. IT class items include switches, routers, and computers that exist both in data centers and in your factories.

    Where standard Discovery processing takes place

    The Discovery for Operational Technology process operates in a manner that is similar to the standard Discovery processes.

    Figure 1. Targeted Purdue levels in standard and Operational Technology Discovery
    Targeted Purdue levels in standard and Operational Technology Discovery.

    Standard Discovery processing in the ServiceNow AI Platform® normally takes place in the following Purdue levels in your enterprise:

    Table 1. Processed Purdue levels
    Purdue Level Description
    4 Site business and logistics, such as all Information Technology (IT) functions.
    5 Enterprise Network, where Enterprise Resource Planning (ERP) functions take place.
    Note:
    To learn more about Purdue levels in Industrial Control Systems, see https://subscription.packtpub.com/book/networking_and_servers/9781788395151/1/ch01lvl1sec10/the-purdue-model-for-industrial-control-systems.

    Where and how Discovery for Operational Technology processing takes place

    In contrast, Discovery for Operational Technology processing can take place in the following Purdue levels, depending on which you select when you create an OT discovery schedule:
    Table 2. Processed Purdue levels
    Purdue Level Description
    3.5 Demilitarized Zone (DMZ) or Industrial Demilitarized Zone (IDMZ). Similar to a traditional (IT) DMZ, the OT-oriented IDMZ enables you to securely connect networks with different security requirements.
    3 Site operations where plant or site-wide control and monitoring functions reside.
    You typically run Discovery for Operational Technology in the DMZ (or IDMZ, Purdue Level 3.5) of your ICS networks. This Purdue level is where there are usually IT and OT class computers and servers to discover and manage.
    Note:
    To avoid the possibility of disrupting your industrial operations, you should not run Discovery processes against Purdue levels 0 through 2 in your ICS networks.
    Figure 2. Discovery for Operational Technology processing
    Discovery for Operational Technology processing.

    When you run an OT discovery schedule, it performs the following processing:

    1. Proceeds through the assigned IP addresses and discovers all hardware items that exist in it.
    2. When it completes discovery of a configuration item (CI), it internally triggers a (discovery.device.complete) event. This logic checks if an OT entity (cmdb_ot_entity) record exists for it in the Configuration Management Database (CMDB).
      • If one exists, and any related attributes have changed for the discovered item, it updates the OT Entities that are related to that CI.
      • If one does not exist, it creates one for it.
    3. In addition to the location attribute, it also pushes the defined attributes from the OT discovery schedule to the CI and to the related OT entity records.
    4. It also creates OT entity records for the applications installed on discovered OT devices. To view the applications that have OT entity records created through OT Discovery, navigate to the Industrial Workspace list view and open the Applications list under Operational Technology (OT).