ServiceNow Discovery is a tool that finds devices on your network, gets detailed information about them, and stores that information in the database. Discovery is performed using Probes and Sensors.
Probes: They are scripts that Discovery uses to collect information about network devices found.
Sensors Processes information that probes collect.
When a device is found, discovery explores the device’s configuration, provisioning, and current status. Then updates the CMDB database.
Discovery also identifies any software running on the computer system and any TCP connections between them.
Discovery occurs in four phases:
- Scanning: During this pase Shazzam probes detects if specific ports are open on the network and what devices are responding to those port queries.
- Classification Phase: If Shazzam finds devices, discovery continues to th classification phase where classification probes determine the type of device at each ip address. For example, it checks to see if it’s a Windows device, network switch, Linux switch, etc.
- Identification Phase: At the Identification phase, Discovery launches probes specific to the device to gather more information about it and determines whether the device has a record in the CMDB or not. If a record already exists, Discovery continues to the Exploration phase. If there is no record in the CMDB, Discovery creates a record for it.
- Exploration Phase: This phase is where additional probes are launched to gather more information about the identified devices.
Basically, Discovery can fail at any of these phases.
The ECC Queue (External Command Channel Queue) is the normal connector point between the ServiceNow instance and other systems that integrate with it. During Discovery, the ECC Queue is how the MID Server and the instance communicates. The agent field always contains the prefix mid.server along with the MID Server’s name. Each record in the ECC Queue is a message.
Troubleshooting Scanning Phase Failure