Discovery

Pre-Workshop Readiness Kickoff

Speaker Name
Asset Number: 0001239

March 2024
User Instructions
PLEASE REMOVE THIS SLIDE BEFORE PRESENTING

To help our community of ServiceNow implementers i.e. Business Process Analysts, Platform
Architects, and Technical Consultants
Across our customers, partners and internal Expert Services teams
To deliver effective workshops for gathering requirements for setting up the tool
Review the slides for any interactive animations.
Provide feedback and subscribe on Now Create content
Are we breaking any copyright laws if we use these slides?
– No. We designed this deck to be used by the entire ServiceNow ecosystem
Are we breaking any copyright laws if we use these slides?
– No. We designed this deck to be used by the entire ServiceNow ecosystem
Use Slide Master to update “Partner Logo” in the footer image.

© 2024 ServiceNow, Inc. All Rights Reserved

Agenda
Introductions
Introduction to Discovery
Success Factors
Customer Preparation Checklist
Access and Security
Content for Customer Success

© 2024 ServiceNow, Inc. All Rights Reserved

Introductions

• Customer project team

– Name, Title
– Name, Title
• Partner project team
– Name, Title
– Name, Title
• ServiceNow project team
– Name, Title
– Name, Title

© 2024 ServiceNow, Inc. All Rights Reserved

Introduction
to Discovery
What is Discovery?
Scan
Discovery finds applications and devices on your
network, and then updates the CMDB with the information
it finds. Utilizing a specific step, or phased process
Discovery uses agentless discovery to find
the devices, software installations, running processes,
connected
supporting CIs and keeps your CMDB up to date. Explore Classify
Goals of Discovery: CMDB
• Scan your IT environment for discoverable
configuration items
• Classifies devices by operating systems
• Identifies if the device needs updated or created
accordingly
Identify
• Explores the device for running processes,
relationships to other devices, software installed
network gear

© 2024 ServiceNow, Inc. All Rights Reserved

MID Server Communication
• This diagram
demonstrates a typical
Discovery setup for a
hosted ServiceNow
instance

• MID Servers are installed

on the local internal
network

• Typical protocols the MID

Server uses to
communicate with devices

• Outbound only 128/256-

bit SSL communications to
your ServiceNow
applications on HTTPS
Port 443 © 2024 ServiceNow, Inc. All Rights Reserved.
MID Server Communication Architecture
1. Instructions Customer
are placed on Network
the ECC Queues SNMP Network
as out put jobs 2. MID Server polls Devices
the ECC Queue and
finds work, it gathers
the information PowerShell Windows

ECC Interne
requested Servers

Job Queue t
HTTPS:443 SSH Linux/Unix
Server
3. MID Server
reports MID Server
responses as an API ESX/
CMDB input record to Datacenter
the ECC Queue
CIM
Storage
4. The payload is
processed; CI runs
through IRE and
CMDB is populated

© 2024 ServiceNow, Inc. All Rights Reserved

MID Server and External CyberArk Credential
Store
Customer
The instance
maintains a unique
Network
identifier for each SNMP Network
credential, the Devices
credential type (such as
SSH, SNMP, or
PowerShell Windows
Windows), and
any credential affinities Servers

HTTPS:443 SSH Linux/Unix

Server
External Credentials
The MID Server supports all MID
obtains the credential ServiceNow credential Server API ESX/
types:
identifier, credential
•
Datacenter
CIM
type, and IP address
• JMS
from the instance, and CIM
• SNMP Community
then uses the External Storage
• SSH
Store to resolve into a
• SSH Private Key (with
usable credential
key only)
• VMware
• Windows
© 2024 ServiceNow, Inc. All Rights Reserved
MID Server Requirements
• Windows Server 2012 or greater
– .NET Framework 3.5, 4.0, 4.5, 4.6, or 4.7
– PowerShell version 3.0 and supports versions up to PowerShell 5.1
• Linux Redhat 6+
• Ubuntu 14+

• Standard Hard drive partition ~40GB

• 8GB Memory
• Quad Core processor 2+ GHz
• 64-bit systems
• Memory required can range from 4GB to 16GB
• PowerShell v3.0 – 5.10
More Information

• Ensure a validated connection from the servers to be monitored and the MID
server

Consider any change requests that

need to be submitted to have the MID
Servers built

© 2024 ServiceNow, Inc. All Rights Reserved

MID Server
Prod Test Dev

• Lightweight Java application that runs as a Windows • Redundancy is needed in production environments –
service or UNIX daemon create MID Server clusters
• May be relaxed in sub-production
• Must be hosted on Windows to Discover Windows &
Unix • Set the MID Server JVM memory size as needed
• Job is to execute probes/patterns and return the results • Start planning production deployment
back to the instance for processing
• Clustering, Performance, Access
• Set the supported application in ServiceNow to
Discovery. Capabilities set to ALL
• Use results from scans during development
• Consider access, location and availability
• MID Servers cannot be shared between instances

More Information

© 2024 ServiceNow, Inc. All Rights Reserved

Number of MID Servers required
• MID Server performance and system requirement
are driven by multiple factors including but not
limited to:

• The size of the customer infrastructure and specific

function (Capability) MID Server is configured to How
perform
• The number of MID Servers installed on the host. many MID Start
with at
• The number of threads per MID Server. servers least 2
• A single MID server is expected* to discover:
–
are
Single System – ~90 seconds
– Class ‘C’ Network (254 IPs) - ~13 minutes needed?
– Class ‘B’ Network (16k IP’s) – ~6 hours

• *The figures for a single MID Server are estimates Leading Practice:
and will vary regarding the total number of devices
in each subnet. They also vary based on the Production environment, you should configure
number of commands that are run at least two MID Servers to support zero-
• Use the MID Server Calculator touch configuration and ensure that a MID
Server is always available if one fails

© 2024 ServiceNow, Inc. All Rights Reserved

Access and Permissions
• Access – Whitelisting the MID Server IP address
• Permission – providing local admin for servers, network gear, and other discoverable configuration
items

Network
Domains Firewalls DMZs
ACLs
• Admin credentials • Inbound and • Inbound and • MID Servers are
outbound outbound placed in DMZ
• External store –
CyberArk • Standard ports and • Standard ports and • Outbound Port 443
protocols protocols is opened
• Restrict access
through AD Group
Policy

© 2024 ServiceNow, Inc. All Rights Reserved

MID Server – Windows Service Requirements
Windows Discovery
• Domain User that has Local Admin Privileges on the targets to be discovered.
• Account does NOT need to be interactive. Meaning it needs no ‘logon’ privilege.
Why Local Admin?
When we discover a system, we execute a number of WMI queries and read registry entries to learn about the
makeup of a Windows computer.
• For asset information, a read-only user can be utilized
• To discover application dependencies (critical application to application relationships) local admin is required
• Application Dependency Mapping needs it to gather application dependencies we run the command Netstat
to gather TCP connections sent and received by a target
• Discovery uses this information to map the communications that applications are making to one another.
Netstat by default is an Admin only command
• Note: Netstat can be exposed to a read only user but will only get connections in the context of that user.

© 2024 ServiceNow, Inc. All Rights Reserved

Credentials required to discover devices
Windows
• Discover Windows devices
• Local admin – service account
• Pushed out by Group Policy

SSH
• Discover Unix/Linux devices
• Support for SSH Password and Private Key
• Unique commands that require SUDO access
SNMP
• Discover Network and Print devices
• ‘Read only’ string is required
VMWare
• Requires read only user that query’s the vCenter API
CIM
• Used to discover Storage Servers, SAN and NAS
• Admin user configured on storage agent when using a SLP Provider, same
• user configured on host

Cloud Environment
• AWS, Azure, Google and IBM – dependent on scoped environments – Cloud
Discovery of Datacenter and resources. Provisioning is not included

More Information © 2024 ServiceNow, Inc. All Rights Reserved

Discovery
Agentless Data Collection
Creates direct relationships between CIs, does not map Services to CI’s CMDB
Classes

Routers

Switche
s

Windows
Servers

Linux
Server
ServiceNo s
w
Discovery Databases

Installed
Application
s

© 2024 ServiceNow, Inc. All Rights Reserved

Success
Factors
Resources Required for Project Success
CI Analysts and
Technology
SME’s might be
same people!

Executive Sponsor Project Manager CMDB Manager/CI Analysts Security

• Assures • Project Planning • CMDB Management • Provides clearance
communication across • Progress • Supports Effort • Aware of Roles and Access
teams – OCM Updates • Affects CMDB change and • Align customer policy to
• Provides resources • Manages RIDAC adaptions Discovery implementation
• Stakeholder

Discovery Technology SMEs

Administrator(s)
• Works side by side with Implementation • Network SME - Provides access and open communication
partner to configure to devices
• Participates in requirement gathering • Network and Server SMEs - Helps to resolve Discovery
• Resolves Discovery errors errors
• Works with SMEs • Confirms credentials/access
• Participates in Go Live • Builds MID Servers
• Platform Owner
© 2024 ServiceNow, Inc. All Rights Reserved.
Discovery Administrator requirements
Leading Practice:
Most Enterprise Discovery implementations and ongoing
Utilize a resource from a server
support/maintenance require at least full time in this role, if administration background and
not more has scripting skills! Take
ServiceNow on demand course.

Proficient in ServiceNow Successfully completed ServiceNow

platform interaction Discovery Fundamentals

Knowledgeable in Understanding of industry

Datacenter standard protocols
infrastructure

Server (Windows/*nix) Understanding of IP ranges, data

administration and has centers and Cloud environments
command-line/scripting
skills

© 2024 ServiceNow, Inc. All Rights Reserved.

Resources Required for Project and Ongoing
Success
Service Mapping
Administrator(s)

“Day in the Discovery

Administrator(s)
Life” Activities
Works with Technology Owners and Security
• Gains needed security access to devices
• Resolves issues with discovery of CIs
• Error Handling
• Understands tagging strategy/governance
• Integration sources are maintained
• Pattern extension and creation
• Creates and maintains Discovery Schedules

Works with Service Mapping Administrator

• Pattern extension and creation
• Provide information on discovered CIs or errors with discovering CIs
• Assists as needed

Works with CMDB Manager and CI Analysts

• Validates data accuracy for CMDB and CI Analysts
• Discovers new devices
© 2024 ServiceNow, Inc. All Rights Reserved
 Implementation and Maintenance Plan – High
Level

We are
here

Prepare Initial Build Schedules Review/ Verify Continue

• Educate and Define Setup/Configuration • Gather of IP • Run POC • Review Discovery
Workshop • Build Mid Servers addresses/ranges Errors
• Review Discovery
• Select and Train • Verify properties, • Build out Discovery Errors • Resolve Errors
Resources capabilities and schedules based on
locations • Resolve Errors • Side by Side Training
• Organizational configuration
• Side by Side Training with your Infrastructure
Change • Set up Clusters • Set Max Run times/Verify SMEs
Management with your Discovery
• Side by Side entry and • Set up excluded IPs Admin • Maintain MID Servers
• Evaluate testing of Credentials
Environment • Side by Side • Maintain Discovery
• SMEs for Servers, discussion with Schedules
• CMDB Health Networks and Security Infrastructure SMEs
available to assist with
testing

© 2024 ServiceNow, Inc. All Rights Reserved.

Keys to Deployment Success
Confi rm Inventory Review the number of devices per in scope
Numbers 1 devices 30, 60, 90 days?
Most vendors
Security Approval and support
Credentials 2 Get Security Approvals, gather local admin
credentials for in scope devices to be1discovered
or 2 levels

Resource Availability Available resources to work side by side with the expert
and Training 3 technical team. Having training encourages well executed
project? 30, 60, 90 days?
supports all
Workshop Attendance 4 5 levels,
Attending the workshop is for the network, monitoring and
maximizing
infrastructure engineers, CMDB Admin, Discovery Admin to
breadth
learn how Discovery works and the benefits? 30, 60, 90 days?
Cross-team and depth.
communicatio 5 Leadership support is needed for cross team
communications and cooperation, for the resolution of errors
n
in access and permissions

Success

© 2024 ServiceNow, Inc. All Rights Reserved

Other Discovery Tasks to be completed

1 Discovery Plug-in activated in Development, Test and Production instances

2 MID Servers are provisioned in a timely manner

Resources are ready, trained and cross-team SMEs are available to assist with access and
3 permissions

4 Obtain Network ranges, topology, locations,

5 Add MID Servers to network access control lists (ACLs)

6 Internal firewall ports opened between zones

7 Inventory totals for devices are available

8 Security Operations is aware an on board before implementation workshop.

© 2024 ServiceNow, Inc. All Rights Reserved

Other considerations
What is your change request window? Who will
1 be submitting the needed change requests?

Is there conflicting projects with this implementation of

2 Discovery?

If CMDB is already in place, is it healthy? Are we

3 removing any integrations?

4 Does Security Sign off on the use of system credentials?

© 2024 ServiceNow, Inc. All Rights Reserved

Homework before Implementation Workshop
Customer Preparation Documentation

Resources – Populate the next slides to determine roles, access and Subject Matter
1 Experts

Security and Credentials – Security clearance achieved, Gather device credentials

2 based in scope devices

3 Training – Discovery admin training is attended

4 Activate Plugins – Request Plugin Activation from Now Support

© 2024 ServiceNow, Inc. All Rights Reserved

Core Project Team Security Roles
Role Description Access Rights Name(s)
Discovery Admin Users who are expected to configure All
[discovery_admin] and execute Discovery in your network.
This role grants access to the tables in
the Discovery application.
Configuration Manager Approves or rejects CMDB requests for Create/Read Update/Delete
[sn_cmdb_user] and [itil] new CI selection and attribute
determination.
Access to CMDB Workspace
Views policies in Data Manager

CMDB Admin Executes on the change requests for Create/Read Update/Delete

[sn_cmdb_admin] and [itil] CMDB configuration
Utilizes Data Manager to bulk update CIs
for retirement, deletion or archival
Configures the CMDB Records
Runs CMDB Queries
Configures IRE rules
Network Team Member (CI View Parent and Child CIs and maintain Create/Read/Update
Analyst) them, also provides support to
[itil] includes [cmdb_query_builder] troubleshoot permissions and access.
Remediates duplication, may
troubleshoot integrations
Server Admin, IT Application View Parent and Child CIs and maintain Create/Read/Update
Owner, and Platform Team them, also provides support to
Member troubleshoot permissions and access.
(CI Analyst) Remediates duplication, may
[itil] includes [cmdb_query_builder] troubleshoot integrations

© 2024 ServiceNow, Inc. All Rights Reserved

Device Credentials
Environment Person to Contact Obtained?
Routers <Name>

Switches <Name>

Windows Servers <Name>

Linux Servers <Name>

VMware <Name>

© 2024 ServiceNow, Inc. All Rights Reserved

Other Credentials
Environment Person to Contact Obtained?
Azure <Name>

AWS <Name>

Database Applicative Credentials <Name>

(SQL admin)

Storage Servers <Name>

Other in scope

© 2024 ServiceNow, Inc. All Rights Reserved

 Content For Customer Success
EMPOWERING DIGITAL TRANSFORMATION

Knowledge Now Support Now Learning Now Community

• Yearly Conference
• Report an Issue • Fundamentals • Forums
• CreatorCon
• Knowledge Base • On Demand • Articles
• Meetups
• Known Error Portal • Live with Instructor • Blogs
• Now Learning Live
• Manage Instances • Manage Certificates • User Groups
• Technical Support • Idea Portal

Meet and Train and

Self-Help Connect
Link Learn Link Link Certify Link

Customer Product Now Create Developer

Success Center Documentation Portal
• Workshop Decks
• Leading Practices • Admin Guides • Process Guides • App Building Guides
• Success Maps • Release Notes • Preparation Guides • Personal Instance
• Playbooks • Detail Product • Starter Stories • Coding Best Practice
• Events and Webinars Information
• Checklists • Product Overview
• Tools & Calculators
Gain Insights Understand Implement Build
Link Link Link Link

Additional
Content• ServiceNow.co • YouTube • Spotify Podcasts • ServiceNow Store
m
– NowSupport – TechBytes – Out of Band Feature
– Blogs – Community Live Strea – Community Releases
– Case Studie m – Finding Water – 3rd Party Apps/Solutions
s – Customer Connection – Integrations
– Resources – Innovation Labs

© 2024 ServiceNow, Inc. All Rights Reserved.