Examples of Discovery behavior functionalities

  • Release version: Yokohama
  • Updated January 30, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Examples of Discovery behavior functionalities

    This guide explains how to configure Discovery behavior functionalities in ServiceNow's Yokohama release to efficiently scan multiple domains and device types using MID Servers. It highlights the need for separate functionalities due to Windows authentication constraints and the desire to avoid redundant scans.

    Show full answer Show less

    Key Functionalities

    • Functionality 1: WMI Scanning on Domain A
      • Configures a Windows MID Server (e.g., sandb01-358) to scan for Windows devices via WMI on Domain A.
      • WMI scans require the MID Server to belong to the scanned Windows domain due to authentication limitations.
      • Set phase to 1 for efficient Shazzam probe usage.
      • Select Windows, DNS, and WINS as protocols.
      • Match criteria set to "All" with specific criteria to identify the MID Server and Windows domain (midserver and windomain).
      • Functionality activated by enabling the Active checkbox.
    • Functionality 2: SSH and SNMP Scanning on Domain A
      • Configured on the same MID Server (sandb01-358) to discover UNIX and network devices using SSH and SNMP.
      • Excludes Windows devices to prevent duplicate classification.
      • Phase is also set to 1 to consolidate scanning.
      • Select all protocols except Windows (no WMI).
      • Match criteria remain default "Any" as no domain-specific criteria are needed.
      • Activated by selecting the Active checkbox.
    • Functionality 3: WMI Scanning on Domain B
      • Uses a different Windows MID Server (e.g., disco-win2003) that is a member of Domain B to perform WMI scans on Windows devices there.
      • Also uses phase 1 to share the Shazzam probe across functionalities.
      • Select Windows, DNS, and WINS for WMI scanning.
      • Match criteria set to "All" with criteria specifying the MID Server and Domain B.
      • Activation through the Active checkbox.

    Practical Considerations

    • Windows MID Servers can only authenticate and scan WMI within their own domains; hence, separate functionalities per domain are necessary.
    • SSH and SNMP scans can be performed by Windows MID Servers across domains but require separate functionalities to avoid mixing with WMI scans.
    • Using a single phase number (e.g., 1) for all functionalities allows launching a single Shazzam probe, optimizing scan efficiency.
    • Defining explicit criteria for Windows functionalities ensures the correct MID Server and domain are targeted.
    • Activating functionalities is essential to enable the desired Discovery behavior.

    Next Steps

    • Create Discovery behaviors based on these functionalities to tailor scanning to your environment.
    • Consider setting up load balancing behaviors to distribute scanning load effectively.
    • For accessing devices protected by ACLs (e.g., SNMP), configure appropriate credentials and permissions.

    This example of a Discovery behavior requires three functionalities for the behavior.

    We will create three functionalities for this Behavior: one MID Server to scan Domain A for Windows devices only; a second functionality for the same MID Server to scan for all SSH and SNMP devices; and a third functionality that names a second MID Server to scan Domain B for Windows devices. The rationale for this is as follows:
    • A Windows MID Server can only discover Windows machines on the Windows domain to which it is joined. This is entirely due to the way Windows authentication works. For this reason, we need a WMI functionality for each domain.
    • A Windows MID Server, provided with the correct credentials, can discover SSH and SNMP devices anywhere; however, we cannot combine WMI, SSH, and SNMP functionalities across Windows domains. This is because the functionality criteria for the WMI scans locks in the Discovery to one specific domain. For this reason, SSH and SNMP discoveries require a separate functionality.
    • We want to scan each machine only once.

    Functionality 1: WMI Scanning on Domain A

    We configure a MID Server to scan for the WMI protocol on Domain A. WMI scans authenticate on Windows machines using the domain credentials of the Windows MID Server machine. Windows MID Servers cannot scan for the WMI protocol outside their own domains.

    Create the first functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select Windows, DNS, and WINS from the list. This functionality defines the WMI protocol that will be scanned and resolves the domain. Because we selected to scan for WMI, we must select a Windows MID Server for this functionality.
    MID Servers We select a Windows MID Server from Domain A - in this case sandb01-358.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Change the criteria to All.

    Create Functionality Criteria

    All Windows functionality requires criteria to identify the domain and the MID Server. In our example, we will create two criteria for this functionality. To create Functionality Criteria, click New in the Related List and enter the following values for the MID Server doing the WMI scanning on Domain A:
    Field Input Value
    Name Create the following criteria:
    • Enter mid_server to name the MID Server that will execute the WMI scans on Domain A.
    • Enter win_domain to name the Windows domain that Discovery will scan with the MID Server defined.
    Operator Select equals as the operator in this criteria.
    Value
    • For the mid_server value, enter the name of the MID Server that will scan Domain A for Windows devices.
    • For the win_domain value, enter the name of Domain A that this MID Server will scan for Windows devices.
    Active Be sure to enable the criteria by selecting this check box (true).

    The completed criteria appear in the Discovery Functionality form for this behavior.

    Functionality 2: SSH and SNMP

    In our network, we want to scan for UNIX computers and netgear, but we don't want to classify these devices twice. One of our MID Servers will be configured to classify SSH and SNMP using a different functionality than it does for WMI scans. We do not need to create criteria for non-WMI functionality.

    Create the second functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select All except Windows (no WMI) from the list. This functionality will scan SSH and SNMP protocols only.
    MID Servers We select the MID Server from Domain A - in this case sandb01-358.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Leave the default criteria of Any. Criteria are not used for non-WMI functionalities.

    Functionality 3: WMI Scanning on Domain B

    All that remains is to create a functionality for the WMI scans on Domain B. Because of the Windows authentication mechanism, we must configure a Windows MID Server to scan Domain B that is a member of that domain.

    Create the third functionality using the following values:
    Field Input Value
    Phase Type a phase number of 1 in this field. All functionalities in this example use the same phase number, which launches a single Shazzam probe for all the functionalities in that phase. A single phase, when feasible, is the most efficient use of the Shazzam probe.
    Functionality Select Windows, DNS, and WINS from the list. This functionality defines the WMI protocol that will be scanned and resolves the domain. Because we selected to scan for WMI, we must select a Windows MID Server for this functionality.
    MID Servers We select a Windows MID Server from Domain B - in this case disco-win2003.
    Active Make sure this check box is selected to enable this behavior.
    Match criteria Change the criteria to All.

    Create Functionality Criteria

    All Windows functionality requires criteria to identify the Windows domain and the MID Server. In our example, we will create two criteria for this functionality. To create Functionality Criteria, click New in the Related List and enter the following values for the MID Server doing the WMI scanning on Domain B:
    Field Input Value
    Name Create the following criteria:
    • Enter mid_server to name the MID Server that will execute the WMI scans on Domain B.
    • Enter win_domain to name the Windows domain that Discovery will scan with the MID Server defined.
    Operator Select equals as the operator in this criteria.
    Value
    • For the mid_server value, enter the name of the MID Server that will scan Domain B for Windows devices.
    • For the win_domain value, enter the name of Domain B that this MID Server will scan for Windows devices.
    Active Be sure to enable the criteria by selecting this check box (true).

    The completed criteria appear in the Discovery Functionality form for this behavior.