Horizontal discovery process flow with probes and sensors

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Horizontal Discovery Process Flow with Probes and Sensors

    The horizontal discovery process in ServiceNow systematically identifies and maps devices in your network by using probes and sensors. This process includes four key phases—scanning, classification, identification, and exploration—enabling comprehensive data collection and accurate Configuration Item (CI) creation or updates in the CMDB. The process is initiated either by scheduling a discovery or launching an on-demand discovery.

    Show full answer Show less

    Key Features

    • Initiating Discovery: Users start discovery via a scheduled job or immediate options like Discover now or Quick Discovery, specifying target IP addresses or ranges.
    • Scanning Phase: The MID Server executes the Shazzam probe followed by port probes to detect open ports on target devices using protocols such as WMI, HTTP, SSH, and SNMP. This identifies machine types based on responsive ports.
    • Classification Phase: Based on port probe results, a classification probe is run to gather additional details like operating system version, determining the specific CI class. Only one classification probe runs per device.
    • Identification Phase: Discovery selects a classifier based on CI class and uses identification trigger probes to apply rules that decide whether to insert or update CIs in the CMDB. This phase may alternatively use horizontal pattern probes to follow predefined discovery operations. Sensors are used here to analyze identification data and update the CMDB accordingly.
    • Exploration Phase: Discovery runs exploration trigger probes defined in the classifier to gather further detailed information about the CI. These probes send data back via the MID Server, and sensors update the CMDB as in the identification phase.

    Key Outcomes

    • Accurate identification and classification of network devices based on open ports and operating system details.
    • Efficient CI creation and update in the CMDB through the use of identification rules and sensors.
    • Enhanced detail gathering in the exploration phase to maintain a comprehensive view of the discovered infrastructure.
    • Flexible discovery execution via scheduling or on-demand initiation, supporting dynamic network environments.

    The horizontal discovery process passes through the four phases of discovery using probes, which gather information on the target machine, and then sensors, which help Discovery determine what to do with that information.

    Kicking off Discovery

    A user triggers horizontal discovery by configuring a discovery schedule or by launching an on-demand discovery with Discover now or Quick Discovery. The schedule specifies one or more IP addresses or range of IP addresses.

    Scanning phase

    1. Discovery first takes the Shazzam probe (and then port probes) and places it in a request in the External Communication Channel (ECC) queue.
    2. The MID Server checks the ECC queue, retrieves the discovery request, and runs the probes against the host and discovers open ports.
    3. The port probes scan common ports using several protocols, such as WMI, HTTP, SSH, and SNMP.
    4. If one or more ports respond, the Shazzam probe sends information about the port back to the ECC queue through the MID Server.
    5. Discovery checks the ECC queue to find out which ports responded, which identifies the type of machine. For example, if Shazzam detects that the machine is listening on port 22, Discovery treats the machine as a UNIX or Linux machine.

    Classification phase

    1. The Discovery application determines which classification probe to send to the newly discovered device by using information in the record of the port probe that successfully responded.
    2. Discovery puts the classification probe into the ECC queue.
    3. The MID Server checks the ECC queue, retrieves the discovery request, and runs the classification probe.
    4. The classification probe retrieves additional information, such as which version of the operating system is running on a machine. This information determines the class of the CI that Discovery found. There is only one classification probe per discovered device.
    5. The classification probe sends information back to the instance ECC queue through the MID Server.

    The Identification phase

    1. Discovery determines which classifier to use based on the class of the CI and the criteria specified in all CI classifier records. The classifier specifies which probes to use for the next two phases.
    2. Discovery puts the identification trigger probe for the CI classifier into the ECC queue. For example, a UNIX machine running HP-UX would require the HP-UX classifier, which specifies that the Multi Probe-HP-UX Identity identification trigger probe. These probes use identification rules to determine whether or not to insert or update a CI in the CMDB.
      Note:
      The trigger probe could also be the Horizontal Pattern probe, which tells Discovery to follow the operations in the specified pattern, rather than sending out additional probes. The operations in the pattern cover both the identification and exploration phases. Discovery knows which identification rules to use based on the CI type, and Discovery makes inserts or updates to the CMDB based on these rules. Probes and sensors are not used.
    3. The MID Server checks the ECC queue, retrieves the discovery request, and runs the identification trigger probe.
    4. The identification probe accumulates identification data for each device and sends that data back to the instance via the MID Server.
    5. Discovery uses sensors for the identifier probe to process the information.
    6. Discovery performs the analysis on the CMDB using CI identifiers. Discovery can update existing CIs in the CMDB or create new ones.

    The Exploration phase

    1. Discovery looks at the Triggers Probes related list in the classifier to find exploration probes to run.
    2. Discovery puts the exploration trigger probe into the ECC queue.
    3. The MID Server checks the ECC queue, retrieves the discovery request, and runs the exploration trigger probes.
    4. The probes send data back to the instance via the MID Server and sensors make updates to the CMDB, just as in the identification phase.