Quantcast
Channel: Symantec Connect - Endpoint Management
Viewing all articles
Browse latest Browse all 7217

Network Discovery and Agentless Inventory 7.1, 7.5 Best Practices and Troubleshooting, Part 2

$
0
0

Device Classifications
     Troubleshooting Tips
Advanced Settings
Discovery Engine
     Main Engine
          Port Scan
          Master Browse List
     PPA Connection Profile
          ICMP
          SNMP
          AMT
          Other Protocols

Device Classifications

Specifying device classifications allows you to set not only the device type, make and model, but also the resource type The Symantec Management Platform will use to classify the device within the Altiris framework. Classifications are based solely on SNMP, so a device must be capable and SNMP must be enabled to be able to classify a device. The proper community string must also be provided in order to authenticate and fetch the necessary data. Lastly, the SysObjectID of the device needs to be known in order to setup a classification.

The following points should be used when discovering what the SysObjectID of a device is:

  • The SysObjectID is specific to the make and model of the device. All devices of that make and model will have the same ID.
  • The manufacturer knows what the SysObjectID is for a device.
  • An Internet search can provide that ID to you. Be sure to not take the first instance of the ID you find unless it is the manufacturer’s definitive website.
  • Running an initial Network Discovery (covered in a previous section) can provide you the SysObjectID of a device.
  • MIB or .my files are not required for classification. Only knowing the SysObjectID is.
  • Without a classification, many devices will be specified as a Network Resource (generic), or unknown. This limits how easily the device can be identified in the console.

The following steps you through setting up a Classification.

  1. In the Symantec Management Console, browse under Settings > All Settings > Discovery and Inventory > SNMP Settings > and select SNMP Device Classification.
  2. Do a search on the SNMP object ID, Manufacturer and Device Model to ensure an entry doesn’t already exist. If it does, you can edit the existing entry to make any corrections or adjustments.
  3. Click the Add button.
  4. Provide the following details:
    1. SNMP object ID: this will be unique to the device make and model. This is not a unique ID to the specific device, but to the make and model of the device. This means it will apply to the same make and model you have out in the environment.
    2. Device Type: This is for classification purposes for Reporting and filtering.
    3. Manufacturer: This field is a label for the manufacturer and can be used for reporting purposes.
    4. Device Model: This field is a label for the Device Model. Check your documentation for the device to ensure you input the correct model information.
    5. Resource Type: This dropdown correlates directly with the Resource Types available in the Symantec Management infrastructure. For example if you look under Manage > All Resources when you browse the views the Type selected here will determine where in this tree the device will show up. Note that Routers and Switches are considered Infrastructure Devices.

08_0.png

  1. Click OK to add the classification.
  2. Repeat this process for every device you need to classify. This is a manual process required for every device type that is in your environment; that is not already covered by the predefined classifications.

Classification is important to get the most out of Network Discovery. It is also essential when moving to Agentless Inventory as the Device Type and Resource Types determine what types of SNMP calls are made to those devices by default.

Troubleshooting Tips

  • When Network Discovery is running the SNMP routines against a discovered device, it will fetch the SNMP Object ID from the device. It will then compare the ID against what is known in the classifications table. If the wrong Object ID has been provided in the classification, it will not use that classification.
  • If a device isn’t classified, check to see if SNMP was successful. If no SNMP data class exists, likely SNMP was not fetched. Open Resource Manager for the device and check under View > Inventory to see if SNMP data classes are listed.
  • Check timeout and retry values for SNMP if you feel it should be working correctly in the Connection Profile.
  • You can test SNMP using the SNMPUtilg utility, covered in the Troubleshooting section.

Advanced Settings

This section will be remarkably short. In two places you have Advanced Settings, both as a global in the Symantec Management Console under Settings > All Settings > Discovery and Inventory > Network Discovery Settings, and within the Advanced Settings button per Network Discovery Task. The one setting is for the threads used for the discovery task.

As a general rule, this setting should be left alone. If you have having resource problems on the Notification Server when a discovery runs you can try lowering this amount. If the lowering does not change the behavior, set it back to 40.

Discovery Engine

Network Discovery uses a myriad of ways to find devices. Understanding what methods are used can help troubleshoot issues that may arise when using the product. There are two main categories for discovery. The first is labeled Main Engine, or those items done that are not exposed through the Connection Profile. The second are those exposed and configured through PPA’s Connection Profile. Each section is covered below.

Main Engine

Many of the original protocols the engine used exclusively have been broken out into the connection profile. There are a few items Discovery uses as part of its discovery that does not show up in the list.

Port Scan– This is not configurable, but Network Discovery scans the open ports on a device to try and determine what that device is. Based on what is returned, it can deduce if a device is a switch, router, or other device based on what ports are available. As this is not configurable, there is no visibility into this process.

Master Browse List

For Windows systems the Master Browse List is queried in order to get a list of known systems and there NetBios Names and IP Addresses. This allows the engine to check known names against the IP Addresses it has in its list to discover. Almost all other protocols supersede the use of this method so often the end result is not factored by the MBL data.

PPA Connection Profile

These are configured via the PPA Connection Profile covered in a previous section. Each Protocol interacts differently with the devices and are unique to that protocol.

ICMP– When ND uses the ICMP protocol; ND queries the device using ICMP (echo(8)); ND queries the device using NetBIOS status (UDP 137); and ND queries the DNS server (UDP 53) with forward and reverse lookups. The forward lookup is based on the name returned from the device and the NS's NIC's DNS Suffix Search List. Here are DOS commands that simulate these actions:

  • Ping request: ping 192.168.2.15
  • NetBIOS query: nbtstat -A 192.168.2.15
  • DNS forward lookup: nslookup -type=a sql-w2k8-01.epm.local
  • DNS reverse lookup: nslookup -type=ptr 192.168.2.15

SNMP– When ND uses the SNMP protocol; ND queries the device using SNMP (UDP 161), authenticating using the community string provided by the connection profile; next ND queries device using NetBIOS and the DNS server as described above; finally ND queries the device using SNMP for additional information. Essentially the ND with SNMP includes everything from ND with ICMP, plus some SNMP items.

The SNMP calls are made using the GET command specifying a specific SysObjectID. These IDs are garnered from the MIB files already pre-loaded. MIBs represent Object IDs and what values they represent. A collection of standard MIBs (RFC), or specifically SNMP SysObject ID calls, are supported by virtually all network devices. Network Discovery uses these calls to fetch basic data from all devices it comes into contact with that supports SNMP.

AMT– AMT, or Intel vPro technology, must be configured and setup in order to be used by Network Discovery. The connection profile entry for AMT must also be setup properly for it to be utilized. This is not an easy process, so if you are unsure if you have AMT capable and enabled systems, you probably don’t. Prior to AMT 9, AMT uses soap-http (16992); AMT-soap-https (16993)

The process of setting up AMT is difficult. Please refer to the following links when looking to use AMT:

Other Protocols

The following are a list of protocols and what calls/ports they use:

  • ASF > asv-rmcp (udp:623)
  • IPMI > asv-rmcp (udp:623)
  • SSH > ssh (tcp:22)
  • VMWare > https (tcp:443)
  • WMI > netbios-ns (udp:137) & epmap (tcp:135)
  • WS-MAN > oob-was-http (tcp:623)

Network Discovery and Agentless Inventory 7.1, 7.5 Best Practices and Troubleshooting, Part 1

Network Discovery and Agentless Inventory 7.1, 7.5 Best Practices and Troubleshooting, Part 3

Network Discovery and Agentless Inventory 7.1, 7.5 Best Practices and Troubleshooting, Part 4


Viewing all articles
Browse latest Browse all 7217

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>