mark.lillywhite

DIFFERENT METHODS OF PROVIDING DATA FOR SNOW RECOGNITION

Blog Post created by mark.lillywhite Employee on Jun 22, 2018

Snow gathers its deployed software information in the following ways:

 

SNOW AGENT

The Snow agent will scan certain areas of the disk looking for installed software executables, RPMs etc. It will gather attributes about these files – Vendor name, exe name, version typically.

In addition, the Snow agent will gather certain registry keys, SWID tags, and also executes encrypted read-only PowerShell scripts to gather specific information about certain vendors – SQL edition, Autodesk Region, Toad edition etc.

All of this information is passed to Snow Inventory, where once per day the information is processed against the Snow Recognition Service, to produce real product and vendor names to view in Snow License Manager.

 

SNOWXML

SnowXML is an open XML format created by Snow to enable processing of inventory data from any 3rd party inventory source. SnowXML converts the data from the inventory source into a format that the SRS (Software Recognition Service) can work with.

There are two ways to configure how the data will be formatted ready for the SRS. The first option is to flag the data as “raw inventoried data” - the other is to flag it as “Recognized”.

 

Raw Inventory Data

Raw inventoried data is actual software data, which should be equivalent to what the Snow inventory client picks up (executables, registry keys, ISO 19970-2 tags etc.). Below is a screenshot of some of the raw data populated:

 

Pre-Recognised Data

 Recognised data means there has already been some level of recognition carried out by the 3rd party Inventory tool, and thus the data supplied will include a standardized name, manufacturer, and version of the product. Inventory Tools such as BMC ADDM, IBM Bigfix, iQuate provide pre-recognised data.

A screenshot of ‘IsRecognised’ data is shown below:

 

 

CSV to XML

If there isn’t an official Snow connector, it is possible to convert a CSV file to SnowXML using a PowerShell or SQL stored procedure. This has the advantage that as long as the inventory tool can provide EITHER Raw data, or pre-recognised data in a format that has already been created in our SRS, you will get recognised software shown in Snow License Manager.

 

 

MINIMUM DATA NEEDED

For raw data the SRS must receive as a minimum:

 

Executable name

Publisher name

Executable version

Operating System (Windows, OSX, LINUX, UNIX, IOS, ANDROID)

Hostname

 

For Pre-recognised data SRS requires:

 

Software Name

Publisher Name

Software version

Hostname

 

A good example of recognised data is in Add/remove programs (see below) where Snow has already created a wealth of SRS rules

 

 

HOW DO THESE DIFFERENT FORMATS AFFECT THE OUTCOME?

 

Good

Unofficial Snow data sources vary enormously. For example, Tanium out of the box does not provide Software Publisher, which puts the recognition at about 10%. Using the Tanium Asset module (which provides .exe information instead of add/remove programs) and the recognition jumps to around 75%. Likewise, Splunk can provide good recognised data for a good level of recognition, if it queries the right registry keys.

 

Unofficial Snow data sources are delivered as a project via a technical team, and as such are not supported. Also, they will require manual scheduling on the Snow server to convert CSV to SnowXML each day. Whilst this data can be sufficient, it is the least desirable option.

 

Better

Official Snow Connectors have been validated by Snow, and potentially have additional recognition rules in the SRS specifically for that source. Certainly, they will provide decent application recognition. Depending on the source depends on the level of recognition – typically expect between 60-80% of the recognition that the snow agent would provide. For example, SCCM default data typically provides around 60% recognition, but with the addition of SCCM asset intelligence and a full SCCM Software Scan, the recognition rate increases to 85%. This is because ISO 19770-2 tags are now gathered, and exe’s are being scanned compared to the default add/remove programs normally gathered.

 

An official Snow connector is also fully automated, meaning the Snow Integration manager is installed and configured once, and then scheduled automatically.

 

Best

The Snow Agent provides EXACTLY the right data for the SRS rules to match. Thus, it provides the best recognition. Its also light (8Mb) and quick (40 second scan daily) – providing around 50Kb of data per scan.

 In addition, the Snow agent monitors usage of all applications, detects Virtualised and remotely accessed applications, and is able to monitor SAAS usage via the user’s Browser – the most comprehensive data set available.

Outcomes