The ServiceNow Discovery application finds computers and other devices connected to an enterprise's network. When Discovery finds a computer or device, it explores the device's configuration, provisioning, and current status and updates the CMDB accordingly. On computer systems, Discovery also identifies the software that is running and any TCP connections between computer systems. Discovery creates all the relationships between computer systems (such as an application on one server that uses a database on another server).
One of the most important characteristics of Discovery is Discovery Agentlesss Architecture. It covers two important parts: Communications and Data Collection and Processing. Communication is how your ServiceNow instance talks to the MID Servers and how the MID Servers talk to your devices. Data Collection and Processing is how we scan your devices and process the information we have gathered.
The diagram showed below demonstrates a typical Discovery setup for a hosted ServiceNow instance. The MID Server is installed on the local internal network (intranet). All communications between the MID Server and the ServiceNow instance is done via SOAP over HTTPS (Secure HTTP - grey lines). Because ServiceNow uses HTTPS, the MID Server can connect to the instance directly without having to open any additional ports on the firewall. The MID Server can also be configured to communicate through a proxy server if certain restrictions apply (dashed lines).
The MID Server is deployed in the internal network, so it can connect directly to discoverable devices (red lines). Typical protocols the MID Server uses to communicate with devices are:
- SNMP (routers, switches, printers)
- SSH (Secure Shell, UNIX)
- WMI (Windows Management Instrumentation)
- Windows PowerShell
Data Collection and Processing (Probes and Sensors)
At ServiceNow, we refer to "Data Collection" as a probe and "Data Processing" as a sensor. Hence when you hear the term "Probes and Sensors" you can think of "Data Collection and Processing". The red lines represent the MID Server probing for information. The MID Server then passes the results of each probe to the ServiceNow instance via SOAP/HTTPS (grey lines). Sensors (red box) within the ServiceNow instance process the information gathered and update the CMDB.
If a CI that Discovery found in a previous run does not respond, the CMDB data is not updated. For example, if a server or database is down and there is no response to the probe on that port, the port is ignored for that Discovery run.
The following phases occur during the Discovery lifecycle:
- Port Scan phase: The ServiceNow instance initiates Discovery and launches the Shazzam probe. The Shazzam probe runs on the MID Server to scan port addresses to find open port addresses for a given range of IP addresses. On the instance, a Shazzam sensor determines which devices are active for discovery based on known protocols. The instance also launches the classifier probes.
- Classification phase: The MID Server uses known credentials for the given protocol. It probes each active device, gathers additional classification information, and sends it to the ServiceNow instance. On the instance, the classifier sensor determines what identity probe to run for this device class, and then the instance launches the identity probe.
- Identification phase: The MID Server probes each classified device, gathers additional identity information, and returns the information to the ServiceNow instance. On the instance, the identity sensor processes the information and queries the CMDB for a matching device. The instance launches the appropriate exploration probes.
- Exploration phase: The MID Server probes devices for more detailed information and sends it to the ServiceNow instance. The exploration sensors of the instance process results, update the CMDB, and trigger additional probes as necessary.