We will assist your organization with the process of scanning your network, discovering relevant assets and capturing that information as Configuration Items (CI).
To start the process send a request to oit_cmdb_mgmt@help.ncsu.edu. Once the CMDB Discovery Prerequisites have been collected, the discovery process will start.
Terminology (links to ServiceNow documentation)
- Discovery - ServiceNow Cloud Discovery finds applications and devices on your network, and then updates the Multisource CMDB with the information it finds
- MID server - The Management, Instrumentation, and Discovery (MID) Server is a Java application that runs as a Windows service or UNIX daemon on a server in your local network.
- Configuration Management Database (CMDB) - Video - The CMDB creates and maintains the logical configurations your network infrastructure needs to support a ServiceNow service.
- Configuration Item (CI) - Any computer, device, software, or service in the CMDB. A CI's record will include all of the relevant data, such as manufacturer, vendor, location, etc. Configuration items can be created or maintained either using tables, lists, and forms within the platform, or using the Discovery application.
CMDB Discovery Prerequisites
- Configure Firewall access setup to Production and Development MID Server(s):
- Reference docs for ServiceNow required ports
- TCP port access - These ports are defined in the "SNOW_Discovery_CMDB" port group
- Allow MID servers access to target hosts
- Production ---- snowdismidprod.oit.ncsu.edu - 10.36.1.63
- Development - snowdismiddev.oit.ncsu.edu - 10.36.1.64
- New ServiceNow accounts for customers will be added to the credential_admin group in ServiceNow Development and Production
Credential Requirements for Discovery of a host
- Windows credential requirements
- A Domain User with local Admin privileges - The account "Wolftech\wt-cmdb-adi.svc" has already been created for this purpose, or a new one can be created. It is configured with local Admin privileges.
- Non-domain systems must have a local Administrator account
- Domain credentials must be used for remote access if User Account Control is active.
- Example settings in ServiceNow
- Unix/Linux Credential Requirements
- Secure Shell (SSH) – SSH credentials require either :
- A standard SSH user
- A private key (with an optional pass phrase)
- Individual commands that require SUDO access are outlined on links below.
- NCSU CLS Config for SSH Key Account Discovery
- Example settings in ServiceNow
- Secure Shell (SSH) – SSH credentials require either :
- Using SSH keys for authentication from MID server to host being discovered
- Using SSH keys as credentials for ServiceNow Discovery in Windows
- Additional setup on Windows hosts is required to use SSH keys
- Configuring SSH key authentication in Windows
- SNMP
- 'Read Only' string is required for network based devices (Routers/Switches/Printers/UPS/PDU)
- SNMP Credential Requirements
- Show settings in ServiceNow: OIT ComTech SNMP Account
- VMWare
- The vCenter credential is a read only user that queries the vCenter API and identifies
- a running process
- a discovered vCenter appliance.
- VMWare Credential Requirements
- Show settings in ServiceNow: Campus IT - Libraries vCenter Account
- The vCenter credential is a read only user that queries the vCenter API and identifies
- Cloud Service accounts - your managed cloud infrastructure.
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
- Show settings in ServiceNow: OIT Windows Services (WMS) Azure Service Account
Scope of discovery
Types of assets - Servers, VMs, network appliances, network storage and cloud datacenters. As these devices are discovered, configuration items (CI) will be created.
- Provide the Configuration Item (CI) Information:
- Host names, IP addresses (preferred) or network ranges for the devices to be discovered
- Linux or Windows?
- Define the business rules for how the assets are managed
- Owned By - user that is responsible/CI owner?
- Change Group - which group is responsible for change management
- Support Group - group responsible for incidents involving an asset (CI)
- Managed by - assigned a default based on class (Linux vs Windows) at a particular location. This identifies the group responsible for managing the details of a CI
Excluding test hosts from discovery
You may have assets that do not need to be discovered. These are typically test systems that may only exist for short periods of time or whose configuration may not match that of the corresponding production host(s)
The current way to exclude hosts from CMDB Discovery is through the use of the "CMDBDiscovery" tag category in VMWare.
If a host should not be captured for CMDB Discovery, the "CMDBDiscovery" category should be populated with the tag value "CMDBExclude".
Adding the CMDBExclude tag
- Log into vSphere
- Select the VM object
- Right click the VM name and select "Tags and Custom Attributes" OR when viewing the asset, select "Tags and Custom Attributes" from the 3 line menu in the upper left corner
- Select "Assign Tag"
- Click in the "TagName" header to sort by tag name, then navigate to the tag "CMDBExclude"
- Click in the checkbox next to "CMDBExclude"
- Click Assign
Discovery Testing and Verification
Initial Discovery will be conducted in the Development NCSU ServiceNow instance using the Development Mid Server.
Development instance : https://ncsudev.service-now.com/
Signoff/Approval by stakeholders
Once successful discovery is verified on the development instance, the discovery schedules will be re-created on the production instance and re-tested.
Production instance : https://ncsu.service-now.com/
ServiceNow Documentation:
Ports and protocols for firewall rules
Discovery configuration for Linux in ServiceNow
NCSU ServiceNow Knowledge Base:
Dashboard for your Group : My Groups CMDB CI’s