Please use for the latest documentation.

This site is for reference purposes only and may not be accurate for the latest ServiceNow version

Getting Started with Agentless Discovery

From Wiki Archive
Jump to: navigation, search

{{ #if: Orchestration

- Orchestration
{{ #if:

}}}} {{#if: Related Topics | |-

Related Topics

{{ #if: Get the Book | |-

Get the Book
{{ #if:

Knowledge.gif Discovery
Knowledge.gif Data Collected by Discovery
Knowledge.gif Orchestration for VMWare

Knowledge.gif Discovery
Knowledge.gif Data Collected by Discovery
Knowledge.gif Orchestration for VMWare

Note: This article applies to Fuji and earlier releases. For more current information, see Discovery at

The ServiceNow Wiki is no longer being updated. Visit for the latest product documentation.


Discovery uses conventional techniques and technology to extract information from computers and other devices. It uses a wide variety of probes (simple commands or queries) to gather information, and matching sensors (small, simple programs, usually in JavaScript that you can modify) to analyze that information and load it into the CMDB. Discovery uses these probes and sensors to explore any given computer or device, starting first with basic probes and then using more specific probes as it learns more.

Discovery finds out about the existence of any device connected to the network by using the Shazzam probe to determine what TCP ports are open, and whether the device responds to SNMP queries. From this information, Discovery infers what kind of device is at that IP address – a Unix server, a Windows computer, network switch, and so on.

For each type of device, Discovery uses different kinds of probes to extract more information about the computer or device, and the software that's running on it:

  • Windows computers and servers: remote WMI queries, shell commands
  • Unix and Linux servers: shell command (via SSH protocol, version 2). Discovery supports Bourne Shell (sh), Bourne-again Shell (bash), Korn Shell (ksh), C-Shell (csh), Tenex Shell (tcsh)
  • Storage: CIM/WBEM, SMI-S queries
  • Printers: SNMP queries
  • Network gear (switches, routers, etc.): SNMP queries
  • Web servers: HTTP header examination
  • Uninterruptible Power Supplies (UPS): SNMP queries

What Discovery Does with the Information

The information that Discovery gathers about devices can be used to update the Configuration Management Database (CMDB) automatically. Discovery employs Identifiers to search the CMDB for Configuration Items (CI) that match devices discovered in the network. These Identifiers can be configured to instruct Discovery to take certain actions when device matches are made or not made. There are three possible result states that Discovery recognizes:

  • When a discovered device is found to match an existing CI in the CMDB, then continue Discovery and update the CI.
  • When a discovered device is not found to match an existing CI, then continue Discovery and create a new CI in the CMDB.
  • Take no action in the CMDB, whether a match is made or not. Discovery stops after the identification process.

By default, the [active] property in the records that Discovery creates for discovered devices, is set to true. To change this default behavior and to set it differently, you need to implement business rules that operate on the [cmdb_ci] table.

Discovery Architecture

ServiceNow is normally hosted in ServiceNow's data center, and it does not have the ability to access the enterprise's network – but Discovery needs access to do its job. Many enterprises have multiple networks, often separated by slow WAN links or security barriers – and Discovery needs access to all of them.

Discovery uses special server processes, called MID Servers, that are installed on each enterprise network that has computers or devices to be discovered. Each MID server is a lightweight Java process that can run on a Linux, Unix, or Windows server. A dedicated server is not required, as the MID server's resource consumption is quite low (and is controllable). The MID server's job during Discovery is simply to execute probes and return the results back to the ServiceNow instance for processing; it does not retain any information. In effect, a MID server is a remote extension of the ServiceNow instance, on an enterprise network.

MID servers communicate with the ServiceNow instance they are associated with by a simple model: they query the instance for probes to run, and they post the results of probes they've completed back to the instance. There, the data collected by the probes is processed by sensors, which decide how to proceed. The MID server starts all communications, using SOAP on HTTPS, which means that all communications are secure, and all communications are initiated inside the enterprise's firewall. No special firewall rules or VPNs are required.

Discovery is agentless, meaning that it does not require any permanent software to be installed on any computer or device to be discovered. The MID server uses several techniques to probe devices without using agents. For example, the MID server uses SSH to connect to a Unix or Linux computer, and then run a standard command (such as uname or df) to gather information. Similarly, it uses the Simple Network Management Protocol (SNMP) to gather information from a network switch or a printer.

For more details, see Discovery Agentless Architecture.

Discoverable Windows Operating Systems

Discovery can classify and discover Windows servers and workstations that use the following operating systems:

  • Windows NT Server
  • Windows 2000 Server
  • Windows 2003 Server
  • Windows 2008 Server
  • Windows 2012 Server (starting with the Dublin release)
  • Windows XP
  • Windows Vista
  • Windows 7

Discovery vs. Help the Help Desk

Help the Help Desk is a standard ServiceNow feature available through the self-service application (Self Service > Help the Help Desk). It gathers information, much as Discovery does, about a single Windows computer by running a script on that computer. Discovery does many things that Help the Help Desk can not do. Here's a comparison of the two:

Capability Discovery Help the Help Desk
Automatic discovery by schedule Tick.png
Automatic discovery on user login
Manually initiated discovery Tick.png Tick.png
Windows workstations Tick.png Tick.png
Windows servers Tick.png Tick.png *
Linux systems Tick.png
Unix systems (Solaris, AIX, HP-UX, Mac (OSX)) Tick.png
Network devices (switches, routers, UPS, etc.) Tick.png
Printers Tick.png
Automatic discovery of computers and devices Tick.png
Automatic discovery of relationships between processes running on servers Tick.png

* Returns information about Windows server machines when Discovery is installed.