Anthony.Yip

Getting the Most Out of Snow Inventory Discovery

Blog Post created by Anthony.Yip Employee on Sep 26, 2018

 

Enemy: Unknown

Your organisation has Snow Inventory and Snow License Manager up and running. Agents are rolled out to all devices on your estate and you are starting to make use of all the data. One fact remains: your network is huge. Multiple VLANs, multiple regions connected by MPLS, secured networks and more – how can you be sure that you can see every network device? After all, SAM is only as effective as the data you put in. In this article, we will discuss an all-to-often overlooked functionality that Snow Inventory provides – Discovery.

 

The Gateway Drug

Snow Inventory offers scalability through the use of Snow Inventory Gateways. We can install as many Inventory Gateways as is required – this is included within your Snow Inventory license. These Gateway Service instances can then be used to feed back discovery data on a network back to the Inventory Master Server.

 

 

Gateway Server instances can then be managed from within the Inventory SMaCC console on the Master Server:

 

Double-clicking into a Gateway will allow you to configure Network Discovery:

 

 

Discovery Methods

Now it’s time to look at the different types of discovery we can use…

 

Active Directory

Using an LDAP, we can identify machines across any number of domains. The data gathered can then be cross-referenced by Snow License Manager to identify any computers that are in the domain or domains and give an output of the machines that are not inventoried (i.e. there is no Snow Inventory Agent installed on the machine).

Any domains that do not have a Trust Relationship to the domain where the Master Server resides will require a Gateway Server within that domain.

 

SNMP (Simple Network Management Protocol)

Not all network devices can be fully inventoried, but you can still discover them. Who knows what devices you may have out there sitting in frame rooms? SNMP, or Simple Network Management Protocol is usually used for remote management of simple devices – uninterruptable power supplies (UPS), routers, switches, printers and other such devices may not even be running a full operating system but still have network connectivity so that they can report back basic information to your IT team – IP address, MAC address, serial number, firmware version etc. Snow Inventory can use this to discover and report on such devices.

 

DNS Lookup

Domain Name System lookup – DNS assigns a name to an IP address. Inventory can use this to attach hostnames to IP addresses to further identify devices.

 

TCP/IP Fingerprinting

TCP/IP Fingerprinting is used to try and determine what OS is behind the IP address that has been discovered. This can particularly help identify elusive Linux and Unix machines, as well as Windows, if WinRPC is unable to.

 

WinRPC/WMI

This protocol is used solely for Windows remote management and is another tool that Inventory could use to potentially identify a Windows machine on the network. Port 135 must be open on the target machine to be able to be scanned via WinRPC.

 

SSH (Secure Socket Shell)

SSH protocol is most often used to remotely manage Unix devices, for example, when using a tool like PuTTY to SSH protocol is used (usually via port 22) to secure copy (SCP) files to a Unix-based machine. Using this protocol, Inventory can identify Unix machines on the network.

 

Making Use of Discovery Data

Once Inventory has discovered two of the following – an IP address, a MAC address and a hostname, then this device is discovered and will show up on Discovered Devices reports within Snow Inventory.

 

Within Discovery, there are a number of default views:

 

 

AD and SIM Computers – All computers that have been found by the Active Directory discovery or any SIM Connectors.

 

Reachable Network Devices – Any devices picked up by the SNMP protocol, i.e. switches, printers etc.

 

Reachable Unknown Devices – These devices have been discovered but there is not enough information to determine much more than the IP address and MAC.

 

Reachable Computers – These devices have been discovered by either the WinRPC/WMI, TCP/IP Fingerprinting or Active Directory protocols to determine the operating system.

 

Reachable Computers with Snow Inventory Client 3.x for Windows – This is useful for identifying any Windows machines that are still using the old Inventory Client. These machines can then be targeted for Inventory Agent deployment.

Outcomes