Best practices and FAQs
Can I use multiple Discovery instances?
It is possible to use multiple Instances of the Discovery-Tool, but it is not recommended.
If the instances executing scans at the same time it can affect the performance of the scans.
Also it is possible to create memory leaks and affect the system performance.
It will be more effective to use one instance with multiple scan settings and using parallel threads
Can the scan settings overlap?
Scan-Settings can not overlap.
If one Setting is executing and another Setting reaches the scheduled time it will start after the running Setting is finished.
How do I scan a large number of destination systems?
If you reaching the maximum of scannable systems with all possibility's of split up Scan-Setting over the day and using 2 threads per CPU-Core then you need to create another discovery server to spread the "load" to different scan-systems.
(Do not create multiple Discovery Instances on the same server)
How many systems can I scan per day?
This time required for a scan depends on many various factors in your environment. (e.g. WMI needs more execution time, how many applications are installed, custom pattern, available CPU-Cores, etc.) that we can just provide some example calculations and you need to figure out what are your limits in your environment.
The following calculations are based on the experience of average required time for:
System Type | Average time |
|---|---|
Windows Client (20 Applications) | 85 seconds |
| Windows Server | 45 seconds |
Linux Client/Server | 20 seconds |
| Mac OS | 100 seconds |
| SNMP Devices | 2 seconds |
Rough calculations for example environments:
Windows Clients | Windows Server | Linux Clients/Server | Mac OS | SNMP Devices | Average Time | Example Discovery Setup |
|---|---|---|---|---|---|---|
| 50 | 20 | 5 | 5160 seconds | 1 Scan-Server 1 CPU-Cores 2 Threads | ||
| 50 | 50 | 50 | 20 | 7540 seconds | 1 Scan-Server 1 CPU-Cores 2 Threads | |
| 200 | 150 | 100 | 30 | 50 | 29950 seconds | 1 Scan-Server 2 CPU-Cores 4 Threads |
| 300 | 500 | 150 | 50 | 20 | 56040 seconds | 1 Scan-Server 2 CPU-Cores 4 Threads |
| 100 | 100 | 500 | 23000 seconds | 1 Scan-Server 2 CPU-Cores 4 Threads | ||
| 500 | 1500 | 1500 | 140000 seconds | 1 Scan-Server 4 CPU-Cores 8 Threads | ||
| 1000 | 2000 | 2500 | 300 | 100 | 255200 seconds | 2 Scan-Server 2 CPU-Cores 4 Threads |
| 2000 | 2000 | 4000 | 340000 seconds | 2 Scan-Server 4 CPU-Cores 8 Threads | ||
| 1000 | 3000 | 5000 | 1000 | 500 | 421000 seconds | 2 Scan-Server 4 CPU-Cores 8 Threads |
| 4000 | 7000 | 4000 | 2000 | 739000 seconds | 3 Scan-Server 4 CPU-Cores 8 Threads |
How can we limit access to the discovered data imported into Assets in Jira Service Management?
Access to the object schema you’re importing the data to can be limited to a certain Jira group. However, members of the group jira-system-administrators can always modify the object schema settings. This schema can be restricted from members of the jira-administrators group.
Can we discover cell phones with your product?
No. As of factory default Apple iOS or Android do not support any kind of remote access like SSH or SNMP. We cannot recommend Jailbreaking or Rooting your devices to gain remote access.
What kind of data can be collected from laptops (PCs & Macs)?
Discovery will find the laptops connected to your network at the time of scanning. It will collect IP and MAC address without using credentials to get into the machines. But if you also provide credentials equivalent to local admins, you are able to get a lot more information from the machines like hostname, user profiles, CPU, RAM, installed software etc. (See Data collected by Assets Discovery)
We have already imported hundreds of servers and computers into [text]. What happens if we start using Assets Discovery and automatically import (mostly) the same hosts again? Will they be linked somehow?
As of the initial version of Assets Discovery, it will not consider any existing object types or objects in your Assets configuration. When you run the first import, you will need to select which object schema to import to and Assets Discovery will build up an object type structure there with all the discovered data. This topic is something we will look deeper into though.
What version of SNMP is supported by Assets Discovery?
Assets Discovery supports SNMP version 1, 2, and 3.
Is there a Linux Version of the Discovery-Tool?
Yes. Since Release 2.2.0 the Discovery Tool will run on a Linux Desktop Environment with Mono installed. Using Discovery on Linux
Why does the Import of the result doesn't work?
Please, make sure that the user that is running the JIRA Instance (Tomcat-Service) has read and write permissions at the configured import folder and files.
Does a scan impact my network?
Generally, no. the average network load per scanned system is around 400kb.
Does a scan impact the remote system?
Generally, no. However, some combinations of operating systems and scanning patterns may have a measurable impact on the remote system.
Can I use the Discovery-Tool on an existing Server-System?
We do not recommend to use the Discovery-Tool on a system that provide any other services. The Discovery-Tool needs to handle a lot of objects and will use a lot of the system memory.
After updating to 2.6.0 I get double ESXi Hosts, what can I do?
The change from collecting ESXi informations from SSH or SNMP to the provided Web-Api can result to new Object Hashes for the ESXi Host System.
This is related to the issue that the attribute "Serial Number" can not be collected in some cases. We apologise that and we hope that this issue will be fixed by VMWare.
You have two options to handle that situation:
- If the "old" ESXi-Object(s) are not used for connected JIRA-Issues you can delete the "old" ESXi-Object(s)
- If you want to use the "old" ESXi-Object(s) copy the ObjectHash Value from the "new" ESXi-Object to the "old" ESXi-Object.
Now you can delete the "new" ESXi-Object and the "old" one will be updated in future.
Do I need the super administrator access credentials, such as root username and password, of each and every device that has to be scanned, which can be hundreds? Is there another way that our client's users don't have to provide us with all this compromised data?
Yes, we recommend to create a "Discovery"-User which is used to connect to the systems.
Please take a look to technical solutions called LDAP or Active Directory to prevent adding hundreds of "single"-credentials to the Discovery-Tool
How can I create SNMP Walk Result-Data that can be used to build custom pattern?
For SNMP Pattern you need to know which OID contains the data that you like to assign to the Assets Object.
The OID Values can be assign to the "default"- Object properties of a Discovery Info Class or can be used for Extended Information of a Discovery Info Class.
To include the OID in an SNMP Walk you need to add the parameter "-O n" to the SNMP Walk command.
snmpwalk -v1 -O n -c public 192.168.178.60 .iso > walk_out.txt
My Discovery Service Name changed, how can I remove the "wrong" service manually?
First try to use the "Discovery.exe -u" command.
If the service is still in the List of Windows Services:
Open a Command Prompt and execute the following command with your exact Service Name.
After restarting the system the service is uninstalled.
sc delete [service name]