How does ServiceNow service discovery work?
- Agentless discovery
- Two parts:
- Data collection and processing
MID server (see figure) uses following protocols to connect to discoverable devices
-> UDP: SNMP etc
-> TCP: SSH, WMI, Powershell etc
All communication between MID (Management, Instrumentation, and Discovery) server and ServiceNow instance are over HTTPS.
Data collection and processing:
Data collection is referred to as ‘probe‘, and data processing is referred as ‘sensor‘.
There are 4 phases:
- Port scan: Launch shazzam probe on MID server. Scans port addresses to find open addresses for given IP range. On the ServiceNow Instance (SNI), shazam sensor determines which devices are active for discovery based on known protocols. Then launches classifier probe
- Classification phase: MID server uses known credentials for given protocol. Probes each active device, gathers more classification information and sends to SNI. On SNI, sensor determines what identity probe to run for the found device class and launches it
- Identification phase: Probes each device and returns information. On SNI, sensor queries Configuration Management Database (CMDB) for matching device. Exploration probe is launched.
- Exploration phase: MID Server gathers more information, sends to SNI. On SNI, data is processed and CMDB is updated.
Let’s say we have a SNI, and a MID server is connected to it, which is in the network that needs to be discovered. The first step in this process is that the SNI prepares the probe and sends it to the MID Server. We also supply credentials to the MID Server which it uses to login into the devices. This MID Server then scans the given IP range. For example: It’ll check the port 22 (TCP/IP), and if it receives a reply, it can infer that it’s either a UNIX or LINUX machine. If it sees that port 80 is open, then it can be inferred that there’s a web server running on the machine and so on. The MID Server reports this information back to SNI, where the sensor processes this data, and prepares new probes to further get more information about the device like Operation System, Memory available etc. The MID server gets this new information based on the previous information it acquired like if it was UNIX/LINUX machine, it’ll use the protocol SSH to communicate with the device. It’ll also use the credentials that we supplied earlier. All the information that the SNI acquires is added or updated to the CMDB. Previously discovered devices may have received an OS upgrade, or increased memory etc.
ServiceNow has a free developer instance available to use, but the discovery plugin is available as a separate subscription and needs to be purchased. So, finding out how exactly does it work is an issue.
Right now, I’m learning how Netflix built Eureka where we have a service registry that maps to the application concept managed by Asgard. Each instance has an application name that it registers with Eureka. This helps in middle-tier load balancing. Extra meta-data that Netflix needs from each instance is also stored in Eureka.