diff --git a/.gitignore b/.gitignore index ce150f039..f693e238c 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,7 @@ .env.production.local *.swp .vscode/ -CLAUDE.md +.claude/ npm-debug.log* yarn-debug.log* diff --git a/docs/administration/appliance-manager/adding-multiple-network-interface-cardsnic-to-device42-vm.mdx b/docs/administration/appliance-manager/adding-multiple-network-interface-cardsnic-to-device42-vm.mdx index 09b4af6df..3f74d3a8c 100644 --- a/docs/administration/appliance-manager/adding-multiple-network-interface-cardsnic-to-device42-vm.mdx +++ b/docs/administration/appliance-manager/adding-multiple-network-interface-cardsnic-to-device42-vm.mdx @@ -5,7 +5,7 @@ sidebar_position: 1 If you need to reach networks that can not be reached from the primary virtual machine network adapter (e.g. for autodiscovery), you can add additional network adapters to your virtual machine as outlined below. -### Add multiple NICs to the VM +## Add Multiple NICs to the VM ![Add multiple NICs to the VM](/assets/images/wpid4810-vmware_nic.png) @@ -17,7 +17,7 @@ You can add as many NICs as you want. One of the NICs will be the primary interface and will have default gateway and DNS defined. The other NICs will serve as the direct connection to specific network segments only. -### Configuring the assigned NICs +## Configure the Assigned NICs ![Configuring the assigned NICs](/assets/images/wpid4809-vmware_console_ip_settings.png) @@ -25,7 +25,7 @@ From the Device42 virtual machine console, select option 1, then choose 'n' at t For each NIC, you will be prompted for the IP Address, Netmask, Gateway, and DNS Server (see below). As displayed above, the console will display the MAC address of the NIC being configured. Please make sure you are assigning the right IPs to each card. To make sure, please compare the displayed MAC address with the one shown in the virtual machine console. -### First interface vs. other interfaces +### First Interface Vs. Other Interfaces ![First interface vs. other interfaces](/assets/images/wpid4807-first_vs_rest_interface.png) @@ -33,7 +33,7 @@ As shown in the image above, first add the Gateway and DNS info for the first NI You can check your config after from the Device42 appliance manager as discussed in next step. -### Checking your network config +## Check Your Network Config ![Checking your network config](/assets/images/wpid4626-usage-network-info.png) diff --git a/docs/administration/appliance-manager/changing-device42-appliance-hostname.mdx b/docs/administration/appliance-manager/changing-device42-appliance-hostname.mdx index 2c35777f5..50697a5e6 100644 --- a/docs/administration/appliance-manager/changing-device42-appliance-hostname.mdx +++ b/docs/administration/appliance-manager/changing-device42-appliance-hostname.mdx @@ -5,7 +5,7 @@ sidebar_position: 3 You can change the Device42 Appliance hostname from the Appliance Manager or the VM console. -### Change Hostname in the Appliance Manager +## Change Hostname in the Appliance Manager [Log in to the Appliance Manager](device42-appliance-manager-login.mdx). @@ -17,7 +17,7 @@ You need to restart the Device42 application. Go to **Application > Restart Appl ![Change appliance name](/assets/images/changing-device42-appliance-hostname/restart-application.png) -### Change Hostname in the VM Console +## Change Hostname in the VM Console Log in to the VM console. diff --git a/docs/administration/appliance-manager/collecting-snmpwalk-output-for-troubleshooting.mdx b/docs/administration/appliance-manager/collecting-snmpwalk-output-for-troubleshooting.mdx index 4a6db635f..125bc9c23 100644 --- a/docs/administration/appliance-manager/collecting-snmpwalk-output-for-troubleshooting.mdx +++ b/docs/administration/appliance-manager/collecting-snmpwalk-output-for-troubleshooting.mdx @@ -7,7 +7,7 @@ You can collect SNMP walk output for a network device or PDU right from the GUI. From the Appliance Manager, go to **Application > Generate SNMP Output**. -### Simple SNMP Walk Output +## Simple SNMP Walk Output If this is not a new device, select the **No: Simple walk** option. @@ -15,7 +15,7 @@ Add your target switch or other SNMP target device info, click **Submit**, and p ![Collect SNMP walk Appliance Manager](/assets/images/collecting-snmpwalk-output-for-troubleshooting/simple-walk.png) -### MIB Browser-Based Walk +## MIB Browser-Based Walk For new devices, select **Yes: MIB browser based walk**. diff --git a/docs/administration/appliance-manager/device42-restore.mdx b/docs/administration/appliance-manager/device42-restore.mdx index b6017f1b8..276e955d1 100644 --- a/docs/administration/appliance-manager/device42-restore.mdx +++ b/docs/administration/appliance-manager/device42-restore.mdx @@ -10,13 +10,13 @@ Please take note of the following before you proceed with the restore process: - The restore process will delete all current data in the appliance. You can do a [test restore](#test-restore-options) first to verify that the restore works as you expect. ::: -### Active Directory Settings +## Active Directory Settings Active Directory settings are crucial for logging back in. Otherwise, you can use local accounts to log back in after the restore and add Active Directory settings later. If you are doing a restore and have only Active Directory users (no Device42-only users), you will need to manually add the Active Directory settings prior to the restore. -## Restoring the MA and RC Backup Files +## Restore the MA and RC Backup Files From the [Appliance Manager](/administration/appliance-manager/device42-appliance-manager-login.mdx), navigate to **Backup/Restore > Restore**. diff --git a/docs/administration/appliance-manager/enable-or-disable-tls-versions-from-appliance-manager.mdx b/docs/administration/appliance-manager/enable-or-disable-tls-versions-from-appliance-manager.mdx index 6571d78ab..f9178ced2 100644 --- a/docs/administration/appliance-manager/enable-or-disable-tls-versions-from-appliance-manager.mdx +++ b/docs/administration/appliance-manager/enable-or-disable-tls-versions-from-appliance-manager.mdx @@ -3,16 +3,14 @@ title: "Enable or Disable TLS Versions from Appliance Manager" sidebar_position: 8 --- -# Disabling or Enabling TLS Versions From the Appliance Manager - Device42 allows you to restrict TLS versions for Appliance Manager Access. The radio buttons shown below control this feature. -:::note -The Appliance Manager now defaults to **Enable TLS v1.2 only**. You can change the TLS settings in the Appliance Manager to **Enable TLS v.1.1 and v1.2** or **Enable All TLS**. -::: - -- To apply TLS version restrictions, log in to the Device42 Appliance Manager. See [Device42 Appliance Manager Login](device42-appliance-manager-login.mdx) for more details about accessing and logging in to the Appliance Manager. +To apply TLS version restrictions, log in to the Device42 Appliance Manager. See [Device42 Appliance Manager Login](device42-appliance-manager-login.mdx) for more details about accessing and logging in to the Appliance Manager. - From the main menu on the left side of the Appliance Manager, select **Global Settings** and then **TLS versions for Web Console** or **TLS versions for Appliance Manager**. - Select the appropriate radio button and click **Submit** to apply your changes. ![](/assets/images/enable-or-disable-tls-versions-from-appliance-manager/main-appliance-tls-options.png) + +:::note +The Appliance Manager now defaults to **Enable TLS v1.2 only**. You can change the TLS settings in the Appliance Manager to **Enable TLS v.1.1 and v1.2** or **Enable All TLS**. +::: diff --git a/docs/administration/appliance-manager/generate-log-bundle.mdx b/docs/administration/appliance-manager/generate-log-bundle.mdx index 563dcb9f5..191f54f5b 100644 --- a/docs/administration/appliance-manager/generate-log-bundle.mdx +++ b/docs/administration/appliance-manager/generate-log-bundle.mdx @@ -26,7 +26,7 @@ If you are experiencing issues with discovery, you can generate a log bundle and 5. Upload the generated log file at [upload.device42.com](https://upload.device42.com/). -### Remote Collector Log Bundle +## Remote Collector Log Bundle If you were also using the Remote Collector (RC) for the job, please get and upload the RC logs using the [same upload link](https://upload.device42.com/) above. diff --git a/docs/administration/appliance-manager/set-up-https-cert.mdx b/docs/administration/appliance-manager/set-up-https-cert.mdx index 49cbd90cd..69dc6527b 100644 --- a/docs/administration/appliance-manager/set-up-https-cert.mdx +++ b/docs/administration/appliance-manager/set-up-https-cert.mdx @@ -5,23 +5,23 @@ sidebar_position: 17 You can add your own https cert and key in apache style cert files to use a secure web console for Device42 and the Remote Collectors. You can generate a self-signed certificate with a CA using OpenSSL or Microsoft certificate server and upload it here, or you can also have one issued from a trusted certificate authority. -### Upload the cert and key files. +## Upload the Cert and Key Files ![](/assets/images/WEB_815_1.jpg) Upload both files: cert and key. The software will validate the certs before applying them. -### Adding the intermediate and the CA Root +### Add the Intermediate and the CA Root You'll need to concatenate all the certificates, starting with the server certificate, and going deeper in the chain, running through all the intermediate certificates. This can be done with "cat chain.crt >> mysite.com.crt" on the command line. (or via copy-paste via a text editor) -### Restart the Application +## Restart the Application ![](/assets/images/WEB_815_2.jpg) You will need to restart the application to see the new cert. -### Creating your own cert +## Create Your Own Cert If you create your own certs, these can be uploaded via the Appliance Manager. Device42 is unable to assist in the creation and signing of certificates, please use a CA like Thawte for creation and signing. diff --git a/docs/administration/appliance-manager/update-device42.mdx b/docs/administration/appliance-manager/update-device42.mdx index 022854cb7..e8e6dad8f 100644 --- a/docs/administration/appliance-manager/update-device42.mdx +++ b/docs/administration/appliance-manager/update-device42.mdx @@ -18,7 +18,7 @@ The URL option automates the process of downloading and uploading the upgrade pa In both cases, a green status message will appear instructing you to complete the upgrade from the VM console. -### Apply the Update +## Apply the Update From the VM console, enter option **(a) Apply Update**: diff --git a/docs/administration/appliance-manager/warm-ha-setup-failover-and-automated-backups.mdx b/docs/administration/appliance-manager/warm-ha-setup-failover-and-automated-backups.mdx index 076eeff45..34503eed1 100644 --- a/docs/administration/appliance-manager/warm-ha-setup-failover-and-automated-backups.mdx +++ b/docs/administration/appliance-manager/warm-ha-setup-failover-and-automated-backups.mdx @@ -3,9 +3,11 @@ title: "Warm HA Setup, Failover, and Automated Backups" sidebar_position: 19 --- +The Device42 Warm High Availability (HA) configuration allows you to put a second appliance on standby mode and do periodic restorations to the device for use as a failover. + ## Automate Restores to Back Up Your Main Appliance for Warm HA -The Device42 Warm High Availability (HA) configuration allows you to put a second appliance on standby mode and do periodic restorations to the device for use as a failover. This process consists of two steps: +This process consists of two steps: - Setting up the automated restores - Setting the backup appliance to production mode in the event of a device failure @@ -50,7 +52,7 @@ A backup file without metadata can still be used for an on-demand **Restore**. Refer to the Device42 docs to find additional details about [backup metadata](administration/appliance-manager/setting-up-backup-device42-appliance-manager.mdx#backing-up-metadata) and [scheduling the backup](administration/appliance-manager/setting-up-backup-device42-appliance-manager.mdx#scheduling-the-backup). -## Setting Appliance Mode via API +## Set Appliance Mode via API With automated restores in place on your backup appliance, you're ready to set the backup appliance to production mode in the event of a device failure. You can send a POST call to `/api/1.0/appliancemode/` with the payload `appliance_mode=production` or `appliance_mode=standby` to set the appliance to production or standby mode. This is intended to be triggered from the monitoring software of your choice (see the example below). After switching, a simple update to the DNS settings to point your domain to the new production instance IP will facilitate continuous use of Device42 without downtime. diff --git a/docs/administration/custom-column-views.mdx b/docs/administration/custom-column-views.mdx index 50ce3d3a2..7345351f3 100644 --- a/docs/administration/custom-column-views.mdx +++ b/docs/administration/custom-column-views.mdx @@ -6,15 +6,12 @@ sidebar_position: 6 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## Customs Column Views in Device42 - You can customize the column views of all list pages in Device42. You can create and save multiple custom column views for each list page, then set a global default view or set specific custom column views as the default views for particular users. To add a custom column view, navigate to a list page, such as **Resources > Compute > All Devices**. Click the **gear icon** on the far right of the screen - to right of the current view name. The default view is **System Column List**. - Settings > Global Settings** and scroll down to the **Logi }} /> -### Add Your Company Logo to Device42 +## Add Your Company Logo to Device42 If you upload a logo, it will replace the Device42 logo on the login screen. @@ -30,7 +30,7 @@ If you upload a logo, it will replace the Device42 logo on the login screen. }} /> -### Add User Instructions to the Login Page +## Add User Instructions to the Login Page If you upload user instructions, they will appear on the login page. diff --git a/docs/administration/data-reset-tool.mdx b/docs/administration/data-reset-tool.mdx index d4be6d9d0..522cbdbba 100644 --- a/docs/administration/data-reset-tool.mdx +++ b/docs/administration/data-reset-tool.mdx @@ -3,16 +3,14 @@ title: "Data Reset Tool" sidebar_position: 9 --- -## Data Reset Tool - Clear All Devices from Device42 +If you're looking to wipe your Device42 instance clean, grab the Python script available on [Github](https://github.com/device42/ResetDevice42Data) and use it to remove all devices from your Device42 Main Appliance. -If you're looking to wipe your Device42 instance clean, grab the Python script available on [Github](https://github.com/device42/ResetDevice42Data) and **use it to remove all devices from your Device42 MA.** +## Clear All Devices from Device42 To use the tool, simply open it in your favorite text editor (ours are [Notepad++](https://notepad-plus-plus.org/) & [Atom](https://www.Atom.io)), and edit the Device42 URL to point at your instance. Update the username and password fields with credentials for your instance, and save. You can then run the script on any computer with Python 3.7+ installed. -* * * - **Note:** The Device42 reset script does not currently clear subnets from the application, they will need to manually be cleared. :::warning diff --git a/docs/administration/feedback-and-contributions/how-to-contribute-documentation-fixes.mdx b/docs/administration/feedback-and-contributions/how-to-contribute-documentation-fixes.mdx index 840588990..41d4ec08c 100644 --- a/docs/administration/feedback-and-contributions/how-to-contribute-documentation-fixes.mdx +++ b/docs/administration/feedback-and-contributions/how-to-contribute-documentation-fixes.mdx @@ -9,12 +9,12 @@ If you notice a problem in the Device42 documentation that you know how to fix, If you see a problem but you're not sure how to fix it, or don't have the time, hit [the feedback button](./how-to-submit-documentation-feedback.mdx) at the top of each page and our team will address it! -### How Do I Edit a Document on GitHub? (Video) +## How Do I Edit a Document on GitHub? (Video) -### How Do I Edit a Document on GitHub? (Article) +## How Do I Edit a Document on GitHub? (Article) To edit a document on GitHub, you can create a [pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) with your changes, and we'll review them before making them live on our website. @@ -32,7 +32,7 @@ In the dialog box that opens, click "Create fork". ![](/assets/images/feedback_fork_repo_create.png) -### Opening a Pull Request if You’ve Forked the Device42 Documentation Repository Before +## Open a Pull Request If You've Forked the Device42 Documentation Repository Before If you've previously forked the Device42 documentation repo and you're signed in to GitHub in your browser, clicking the "Edit this page" link will take you directly to the page on GitHub. @@ -54,7 +54,7 @@ To target your pull request to the correct repository, do the following: * Click "Create pull request". -### How To Make Changes to the Markdown File +## Make Changes to the Markdown File If you're not in "Edit" mode already, enter it by clicking the pen icon on the top-right of the preview window. @@ -84,7 +84,7 @@ Here are some more tips for editing in Markdown: Visit [markdownguide.org](https://www.markdownguide.org/cheat-sheet/) for more information on Markdown syntax. -### How To Submit Your Changes by Opening a Pull Request +## Submit Your Changes by Opening a Pull Request When you're done editing, you will commit your changes before opening a pull request. diff --git a/docs/administration/feedback-and-contributions/how-to-submit-documentation-feedback.mdx b/docs/administration/feedback-and-contributions/how-to-submit-documentation-feedback.mdx index aa35cfb22..520ad1e73 100644 --- a/docs/administration/feedback-and-contributions/how-to-submit-documentation-feedback.mdx +++ b/docs/administration/feedback-and-contributions/how-to-submit-documentation-feedback.mdx @@ -10,7 +10,7 @@ At Device42, we strive for accurate, clear, informative documentation. If you en If you know exactly what change needs to be made, you can [contribute edits directly](./how-to-contribute-documentation-fixes.mdx). -### How Do I Provide Feedback Using the Device42 Feedback Widget? +## How Do I Provide Feedback Using the Feedback Widget? Use the Device42 feedback widget on our docs site for general reporting, including comments and compliments! You can alert us to issues such as broken links or missing images, or make a request for documentation. diff --git a/docs/administration/generating-csrs.mdx b/docs/administration/generating-csrs.mdx index 759883eb7..9136c02a8 100644 --- a/docs/administration/generating-csrs.mdx +++ b/docs/administration/generating-csrs.mdx @@ -3,12 +3,11 @@ title: "Generating CSRs" sidebar_position: 10 --- -## Generating a Certificate Via OpenSSL - Instructions to generate certificates with openSSL can also be found [documented here, on our support site.](https://support.device42.com/hc/en-us/articles/222221348-My-demo-certificate-for-https-expired-how-can-I-add-a-new-one-) -To generate a CSR (Certificate Signing Request), open a terminal that has the **openssl** package installed. The following commands will generate a (self-signed) SSL certificate from a new or existing OpenSSL installation: +To generate a CSR (Certificate Signing Request), open a terminal that has the **openssl** package installed. +The following commands will generate a (self-signed) SSL certificate from a new or existing OpenSSL installation: 1. Generate a **private** key for your server CA (Certificate Authority): ```bash @@ -42,7 +41,7 @@ To generate a CSR (Certificate Signing Request), open a terminal that has the ** Adding a new certificate is easy; See [add a new certificate via appliance manager instructions here](appliance-manager/set-up-https-cert.mdx). -## Generating Non-Production CSRs +## Generate Non-Production CSRs :::caution We recommend using the OpenSSL method outlined above. Use the following online generator at your own risk, and only for non-production purposes. A 'private' key generated by this link (or any third party) is unlikely to be truly private. diff --git a/docs/administration/licensing.mdx b/docs/administration/licensing.mdx index 7f5b98260..84e827715 100644 --- a/docs/administration/licensing.mdx +++ b/docs/administration/licensing.mdx @@ -6,34 +6,34 @@ sidebar_position: 11 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## Updating Your Device42 License +Device42 licenses are valid for one year from the date of purchase. To continue using Device42 after the license expires, please [contact support](https://support.device42.com/hc/en-us) about renewing it. -Device42 licenses are valid for one year from the date of purchase. To continue using Device42 after the license expires, please renew it. +This page answers common questions about finding, applying, and managing your Device42 license. -### Where Do I Find My License Information? +## Where Do I Find My License Information? -To see your current Device42 licenses, navigate to **Tools > Settings > Licensing** from the main menu to display the Licensing page. +- To see your current Device42 licenses, navigate to **Tools > Settings > Licensing** from the main menu to display the Licensing page. - + -The page displays the available license modules and whether they are enabled. +- The page displays the available license modules and whether they are enabled. - + -### How Do I Get a Device42 License? +## How Do I Get a License? After [purchasing](https://www.device42.com/pricing/?nab=0) or renewing your Device42 license, you'll receive a license file via email to upload on the Licensing page of the Main Appliance. @@ -41,7 +41,7 @@ After [purchasing](https://www.device42.com/pricing/?nab=0) or renewing your Dev If you need a developer or test license, please email [support@device42.com](mailto:support@device42.com). ::: -### How Do I Apply My License? +## How Do I Apply My License? Go to the License page under **Tools > Settings > Licensing** and do the following: @@ -71,7 +71,7 @@ Go to the License page under **Tools > Settings > Licensing** and do the followi - After registering your license, refresh the browser. The banner will disappear, and you'll see the updated expiration date on the Licensing page. -### How Do I Know When My License Expires? +## When Will My License Expire? You can check the **License Valid Until(YYYYMMDD):** date on the License page under **Tools > Settings > Licensing**. @@ -85,7 +85,7 @@ Two weeks before your license expires, on your Main Appliance home page, you'll }} /> -## What Uses a License in Device42? +## What Uses a License? Device42 has a Core license for autodiscovery and offers additional license modules for more discovery and data retrieval capabilities. diff --git a/docs/administration/main-appliance-remote-collector-faq.mdx b/docs/administration/main-appliance-remote-collector-faq.mdx index 79fe83103..ea78673ae 100644 --- a/docs/administration/main-appliance-remote-collector-faq.mdx +++ b/docs/administration/main-appliance-remote-collector-faq.mdx @@ -3,36 +3,38 @@ title: "Main Appliance & Remote Collector FAQ" sidebar_position: 12 --- -## How do I get the download files? +This page answers frequently asked questions about downloading, updating, and managing the Device42 Main Appliance (MA) and Remote Collector (RC). + +## How Do I Get the Download Files? Go to [https://www.device42.com/update/](https://www.device42.com/update/), there are now two options for download - the latest Main Appliance (MA) or the latest Remote Collector (RC). Enter your email in the field shown and we will send the file to you, along with release notes and next steps. -## Can I download the newest RC despite my MA version? +## Can I Download the Newest RC Despite My MA Version? No, it’s required that you be on the immediately-prior Main Appliance release to get the latest RC update. For example, if the latest MA version was 17.07.00, you cannot download the RC release of 17.07.02 until you’re on 17.07.00. -## What happens if I attempt to download the RC before I install the newest MA? +## What Happens if I Attempt to Download the RC Before I Install the Newest MA? The download will stop and tell you that you must first upgrade the MA. -## What if I install an older RC update onto a newer MA version? +## What if I Install an Older RC Update Onto a Newer MA Version? This action will fail - the installer will prompt you to get the correct version. -## Will MA updates update my RCs? +## Will MA Updates Update My RCs? Yes, just as in the past, when you download the MA update, it will subsequently update your RCs to the latest version. -## What if I’m on a much older version of the MA? +## What if I'm on a Much Older Version of the MA? If you’re more than three or four versions behind our current Main Appliance release (the website will give the specific cut off point), you will need to contact support for upgrade assistance. If you’re less than three versions behind, downloading the new MA file will bring you fully up to date. -## If I am on the latest MA release, how do I update my Remote Collectors? +## If I Am on the Latest MA Release, How Do I Update My Remote Collectors? This update will need to be pushed via the Appliance Manager once you have the upgrade file. Step by step instructions can be found here: [https://docs.device42.com/getstarted/using-device42/faqs/](/getstarted/using-device42/faqs.mdx). -## How is the Remote Collector proxy configured? +## How Is the Remote Collector Proxy Configured? -The proxy that you set up in the MA will be used for remote collector too. You can view and edit the inherited proxy settings from the [RC view and edit page](/auto-discovery/remote-collector-rc/#viewedit-remote-collector.mdx). \ No newline at end of file +The proxy that you set up in the MA will be used for remote collector too. You can view and edit the inherited proxy settings from the [RC view and edit page](/auto-discovery/remote-collector-rc/#viewedit-remote-collector.mdx). diff --git a/docs/administration/passwords/burnt-secret-password-storage.mdx b/docs/administration/passwords/burnt-secret-password-storage.mdx index 6f3ca3369..015d13bf6 100644 --- a/docs/administration/passwords/burnt-secret-password-storage.mdx +++ b/docs/administration/passwords/burnt-secret-password-storage.mdx @@ -6,15 +6,13 @@ sidebar_position: 1 import ThemedImage from '@theme/ThemedImage'; import useBaseUrl from '@docusaurus/useBaseUrl'; -### What is a Burnt Secret? - A 'burnt secret' is a way to store a Secret (saved credentials) and designate it as un-retrievable. If a Secret is set to **Burnt**, it can never be retrieved after being stored, however, Device42 can utilize a burnt secret for discovery. If a burnt Secret is forgotten, it **must** be reset and regenerated. Storing the new password as **Burnt** repeats this cycle. **Do not use burnt secrets if you will need to retrieve a stored password in the future.** -### Store a Burnt Secret +## Store a Burnt Secret Creating a burnt Secret is very similar to the creation of a normal stored Secret. Head to the **Resources > All Secrets** and click **Create**. @@ -28,7 +26,7 @@ The **Password Storage** option can be set to **Burnt** (as opposed to the defau }} /> -### View Burnt Secrets +## View Burnt Secrets Navigate to the Secrets list page under **Resources > Secrets**. Select the **Password Storage** filter and choose **Burnt** to view only burnt Secrets: diff --git a/docs/administration/passwords/password-operations.mdx b/docs/administration/passwords/password-operations.mdx index dfa5879fa..7540c3807 100644 --- a/docs/administration/passwords/password-operations.mdx +++ b/docs/administration/passwords/password-operations.mdx @@ -6,8 +6,6 @@ sidebar_position: 4 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -### About Passphrases - Secrets are objects that store credentials and related information saved to Device42, typically for the use of authentication during discovery. Before creating your first Secret, you need to set a passphrase to encrypt all stored passwords. You won't be able to create a password without setting a passphrase, and failing to do so will result in the following error message: @@ -16,7 +14,7 @@ Before creating your first Secret, you need to set a passphrase to encrypt all s If you [back up](administration/appliance-manager/setting-up-backup-device42-appliance-manager.mdx) and [restore](administration/appliance-manager/device42-restore.mdx) your data to a new Device42 appliance, you'll need this passphrase to decrypt (or see) the passwords. -### Create a Passphrase +## Create a Passphrase Navigate to **Tools > Settings > Password Security** and enter a 12-32 character passphrase. The longer the passphrase, the better. This is a one-time setup, so please choose your passphrase carefully and save it in a safe location. @@ -93,7 +91,7 @@ The default case, number, and special character counts can be changed in the **S }} /> -### View Secrets +## View Secrets Navigate to **Resources > Secrets > All Secrets** to display the Secrets list page. You can search for a password by username, label, Application Component, device name, or notes. diff --git a/docs/administration/passwords/password-policy.mdx b/docs/administration/passwords/password-policy.mdx index b144e694d..3064bf5c1 100644 --- a/docs/administration/passwords/password-policy.mdx +++ b/docs/administration/passwords/password-policy.mdx @@ -6,7 +6,7 @@ sidebar_position: 5 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -### Password Policy Options +Device42 administrators can define user password policy requirements and expiration settings to increase password strength and improve security. Select **Tools > Admins & Permissions > Password Profile** to display the password policy options. @@ -18,8 +18,6 @@ Select **Tools > Admins & Permissions > Password Profile** to display the passwo }} /> -Device42 administrators can define user password policy requirements and expiration settings to increase password strength and improve security. - Admins & Permissions > Administrators** page displays the current password and account status for each user. Administrators can expire a user’s password, exempt a user from password expiration, and unlock a user’s account. -### User Password and Account Status +## How Password Policies Affect Users -The **Tools > Admins & Permissions > Administrators** page displays the current password and account status for each user. Administrators can expire a user’s password, exempt a user from password expiration, and unlock a user’s account. +Selecting **Expire Passwords** and **Lock Accounts** options prevent users from logging into their accounts when the configured conditions are met. + +### Password Expiration + +- Users are alerted the designated number of days prior to password expiration. +- If a user enters a valid password after their password has expired, they are prompted to change their password. + +### Account Lockout + +- A login attempt with an invalid password counts against account lockout. +- Users locked out of their account see an alert when they try to login and must contact their administrator to regain account access. + diff --git a/docs/administration/passwords/password-security-and-permissions.mdx b/docs/administration/passwords/password-security-and-permissions.mdx index 6353648f5..1471df2ed 100644 --- a/docs/administration/passwords/password-security-and-permissions.mdx +++ b/docs/administration/passwords/password-security-and-permissions.mdx @@ -18,7 +18,7 @@ Navigate to the Secrets list page from **Resources > Secrets > All Secrets**. }} /> -### Global Permissions +## Global Permissions Navigate to **Tools > Admin Groups**, where you can grant Admin Groups global permissions to **add**, **view**, **change**, or **delete** Secrets. This controls whether users will be able to add new Secrets, view Secrets in the list page, or access the edit and delete buttons. Permissions are controlled granularly for individual Secrets (see below). @@ -40,7 +40,7 @@ The following Admin Group permissions are available: - **Delete permission** is required to see the delete button, but individual permission to delete a Secret is controlled by permissions granted on that Secret. If a user can change a Secret, they can also delete that Secret. -### Permissions for Individual Secrets +## Permissions for Individual Secrets When you add or edit a Secret (under **Resources > All Secrets**), you can set permissions to **view**, **use**, or **edit** individual Secrets by creating or editing a Secret. @@ -75,9 +75,9 @@ At least one User or Admin Group should have permission to edit a Secret. Otherw If no permissions are entered, the User who created the Secret will have **view/edit** permission by default. -### Bulk Permissions Change +## Bulk Permissions Change -- From the Secrets list page, you can edit the group permissions of many Secrets at once by selecting **Change group permissions for selected passwords** from the **Actions** dropdown menu. +From the Secrets list page, you can edit the group permissions of many Secrets at once by selecting **Change group permissions for selected passwords** from the **Actions** dropdown menu. Settings > Global Settings**, and then click **Edit**. diff --git a/docs/administration/role-based-access-control/index.mdx b/docs/administration/role-based-access-control/index.mdx index 192ca6e26..218295eec 100644 --- a/docs/administration/role-based-access-control/index.mdx +++ b/docs/administration/role-based-access-control/index.mdx @@ -5,14 +5,11 @@ title: "Role-Based Access Control" import ThemedImage from "@theme/ThemedImage"; import useBaseUrl from "@docusaurus/useBaseUrl"; - -## Role-Based Access Control Overview - Device42 supports role-based access control, which is useful in several cases. A corporation might want to restrict access by location, department, division, and corporate entity. For example, you might want a user to access only one department while another user has access to all departments within a division. Or you as a service provider might allocate subnets or racks to customers. The role-based access feature enables you to restrict customer access to specific subnets and racks. -## Setting Up Role-Based Access +## Set Up Role-Based Access To set up role-based access in Device42, navigate to **Tools > Settings > Global Settings**, and click **Edit** at the top right of the page. @@ -33,7 +30,7 @@ See the [Orphaned Objects](#orphaned-objects) section for details about the thre Click **Save** at the bottom of the Global Settings page to save your selections. -## Viewing Role-Based Access Permissions +## View Role-Based Access Permissions When role-based access is enabled, you'll see the view-only **Group Permissions** field on the details page for each object: @@ -50,7 +47,7 @@ The **Group Permissions** field tells you which groups are assigned to this devi - Groups assigned via buildings, rooms, or racks containing the device - VMs and blade chassis containing the device -### Defining Admin Groups +## Define Admin Groups Navigate to the Admin Groups list page under **Tools > Admins & Permissions > Admin Groups** to view, edit, and create new admin groups. @@ -97,7 +94,7 @@ The **Do Not Propagate** option can be set on buildings, rooms, and racks to sto In the above example, devices, assets, and PDUs in rack NH-CT-88 will be visible to anyone with permission to see the rack. This is useful for a co-location operator who wants to split a rack among different customers. In the rack layout view, a customer with permission to see specific racks and their devices, but not others, will see a grayed-out rack with no information about the devices, assets, and PDUs they are not authorized to view. -## Functional vs. Object Permissions +## Functional Vs. Object Permissions If role-based access is turned off, admin groups are granted 'functional permissions' that define the menu items that can be seen by users assigned to a group. @@ -153,7 +150,7 @@ Subnet Categories work on subnets exactly like Object Categories work on devices As with Object Categories, it's not necessary to assign a subnet category to every subnet. If a group is assigned to a VRF Group, then every subnet in that VRF Group will inherit the permissions of the VRF Group. Also, if a subnet is assigned a subnet category, then every child subnet of that subnet will also have the permissions granted by the subnet category. -## Assigning Object Permissions to Admin Groups +## Assign Object Permissions to Admin Groups You can assign admin groups to objects from the list view of the object type or the edit page of a specific object. You can also assign admin groups to discovered objects. @@ -212,7 +209,7 @@ Superusers are allowed to add, change, and delete groups for objects through the When you turn on role-based access, you will need to go to each admin group and check if they have the object permissions you want. If you give a group add, change, or delete permission, then all users assigned to that group (including non-superusers) will have the ability to add, change, or delete object permissions through the UI, imports, and APIs. -## Objects that Do Not Have Explicit Permissions +## Objects That Do Not Have Explicit Permissions Certain objects are subject to permissions even though admin groups are not directly granted these permissions. diff --git a/docs/administration/role-based-access-control/role-based-permissions-and-access.mdx b/docs/administration/role-based-access-control/role-based-permissions-and-access.mdx index 62aeaee04..343524cbb 100644 --- a/docs/administration/role-based-access-control/role-based-permissions-and-access.mdx +++ b/docs/administration/role-based-access-control/role-based-permissions-and-access.mdx @@ -8,7 +8,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl' Role-based access can be defined at either the group or user level. If you have many users but a smaller number of different permission sets, it would make sense to use admin groups. In the example below, we will create a new group with selected IP address, DNS, and VLAN management permissions. -### Creating a New Admin Group +## Create a New Admin Group To create a new admin group, navigate to **Tools > Admin Groups** and click the **Create** button on the right-hand side of the screen. @@ -54,7 +54,7 @@ And now we'll add some VLAN permissions. }} /> -### Assigning Users to Admin Groups +## Assign Users to Admin Groups Navigate to **Tools > Administrators**, select the user from the list page, and click **Edit** from their profile. Assign the user to the newly created admin group under the **Permissions** box. diff --git a/docs/administration/tags.mdx b/docs/administration/tags.mdx index 45b5bf4e3..a1382e3da 100644 --- a/docs/administration/tags.mdx +++ b/docs/administration/tags.mdx @@ -20,7 +20,7 @@ Navigate to the Tags list page under **Infrastructure > Organization > Tags** to }} /> -### Create Tags +## Create Tags Click the **Create** button on the Tags list page. You can also create tags using the **Tags** field on discovery job configuration pages. @@ -36,7 +36,7 @@ You can also create new tags directly from an object or an autodiscovery job con }} /> -### View and Edit Tags +## View and Edit Tags On the Tags list page, you can click on a tag name to view the objects with that tag. To remove an association, click **Edit**, check the **Delete?** checkbox, and click **Save**. @@ -48,9 +48,9 @@ On the Tags list page, you can click on a tag name to view the objects with that }} /> -## Tagging Objects +## Tag Objects -Add a tag to a device by filling in the **Tag** field when creating or editing a device. You also specify tags for discovered objects when configuring an autodiscovery job. +Add a tag to a device by filling in the **Tag** field when creating or editing a device. When configuring an autodiscovery job, you can specify tags for discovered objects . -### Merging Tags +## Merge Tags Due to misspellings or duplication, you may end up with multiple similar tags. You can merge them as follows: @@ -74,7 +74,7 @@ From the Tags list page, select two or more tags, and choose **Merge selected ta }} /> -### Remove Unused Tags +## Remove Unused Tags You can find and remove tags that are not associated with any objects. diff --git a/docs/administration/transferring-devices-assets-and-parts-to-other-data-centers.mdx b/docs/administration/transferring-devices-assets-and-parts-to-other-data-centers.mdx index 17e84654b..f68b806a4 100644 --- a/docs/administration/transferring-devices-assets-and-parts-to-other-data-centers.mdx +++ b/docs/administration/transferring-devices-assets-and-parts-to-other-data-centers.mdx @@ -8,7 +8,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl' Sometimes it is necessary to ship devices, assets, and spare parts from one building to another. Device42's Transfer Between Locations feature provides a means of keeping track of which devices, assets, and parts are in transit and of keeping a log of the receipt data and the receiving party. -### The Transfers List Page +## The Transfers List Page Navigate to the Transfers list page under **Tools > Templates & Bulk Operations > Transfer Between Locations**. @@ -30,7 +30,7 @@ The list view shows all pending and completed transfers. For each transfer, you }} /> -### Add a New Transfer +## Add a New Transfer Click the **Add Transfer Button** on the list page. @@ -64,7 +64,7 @@ Then, click **Save and add another** or click **Save** to view a summary of the The **Transfer Devices Status** section will be populated with the object(s) you just selected. The **Transfer Assets Status**, **Transfer PDUs Status**, and **Transfer Parts Status** sections will also be populated. -### Receive the Transfer +## Receive the Transfer In each section of the transfer, there is a **Received Date** entry and a **Receipt Room** entry that the receiving party will use to record full or partial completion of the transfer. diff --git a/docs/apps/application-components/application-component-templates.mdx b/docs/apps/application-components/application-component-templates.mdx index 29f67c85f..409ae404a 100644 --- a/docs/apps/application-components/application-component-templates.mdx +++ b/docs/apps/application-components/application-component-templates.mdx @@ -6,8 +6,6 @@ sidebar_position: 1 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## Introduction - You can use Application Component Templates to create and define your own Application Components based on services discovered by [Hypervisor/\*nix/Windows](/auto-discovery/windows-and-hyper-v-auto-discovery.mdx) autodiscovery jobs run against *nix and Windows platforms. Device42 adds the Application Components you create using templates to the [Application Components](/apps/application-components/index.mdx) list page. @@ -147,7 +145,7 @@ You can add a new template by clicking **Create** in the top right of the temp - Enter a name or partial name in the **Configuration Filename Filter** field to identify the configuration file(s). - Select **Traverse subdirectories** to have Device42 traverse the Configuration File Location directory. -### Device42 Details Section +### Details Section -### Converting Client-Only Process to Services +## Convert Client-Only Process to Services Convert a client-only process into a Service by clicking the **Convert to Service** action available when hovering over the client-only process in the Topology and Application Groups visualization pages: @@ -48,7 +48,7 @@ Convert a client-only process into a Service by clicking the **Convert to Servic Once converted, the process is treated as a full Service and can be used like any other service, for example, in Application Components and [AppFocus filters](apps/application-groups/calculation-rules.mdx). -### Defining Application Components Not Based on Services +## Define Application Components Not Based on Services Device42 automatically categorizes Application Components by **Database** or **Web Server**. You can filter the list page based on this **Category**, and can categorize your custom components as well. diff --git a/docs/apps/application-groups/calculation-rules.mdx b/docs/apps/application-groups/calculation-rules.mdx index 7d6b44e27..1d7443f51 100644 --- a/docs/apps/application-groups/calculation-rules.mdx +++ b/docs/apps/application-groups/calculation-rules.mdx @@ -7,11 +7,11 @@ import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' import statusImage from '/assets/images/calculation-rules/calc-rule-execution-statuses.png' -:::note +:::tip In 19.05, AppFocus Filters were renamed **Application Group Calculation Rules** and AppFocus Groups were renamed **Application Groups**. ::: -# The Revised ADM Workflow +## The Revised ADM Workflow In 19.05, we updated our Application Dependency Mapping (ADM) workflow to make it easier to create and manage Application Groups, and ultimately, Business Services (previously known as Business Applications). @@ -240,7 +240,7 @@ Toggle on the **Store and Display Connection Metadata** option to display commun ![Connection Metadata](/assets/images/calculation-rules/viz-metadata.png) -## Processing Calculation Rules +## Process Calculation Rules Process one or many Calculation Rules to generate Application Groups and Suggestions at any time. **Enabled** Calculation Rules are also processed nightly at 2 AM. diff --git a/docs/apps/application-groups/index.mdx b/docs/apps/application-groups/index.mdx index a221d7054..9381ab676 100644 --- a/docs/apps/application-groups/index.mdx +++ b/docs/apps/application-groups/index.mdx @@ -6,8 +6,6 @@ import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' import statusImage from '/assets/images/calculation-rules/calc-rule-execution-statuses.png' -## Overview - :::tip Affinity Groups have been renamed **Application Groups**. AppFocus Filters are now called [**Application Group Calculation Rules**](calculation-rules.mdx). ::: @@ -20,7 +18,7 @@ The collected information includes service names and communication details. Appl You define the services critical to your use case before Application Groups are processed. The result is a visualized grouping of communication patterns. -## Using Application Groups +## Use Application Groups :::note Please note that you need an ADM license to use Application Groups. Email support at [support@device42.com](mailto:support@device42.com) to enable this module in your Main Appliance. @@ -105,7 +103,7 @@ You can use the predefined **D42 Default Template** or create your own. See the }} /> -### Processing Application Groups +### Process Application Groups By default, enabled Application Groups are calculated daily at 2 AM. You can run Application Groups at any time from several locations in the UI: @@ -400,7 +398,7 @@ You can now quickly drill down to your discovered **Database** impact Applicatio Application Groups use the concept of pinned services. Pinned services represent the core dependencies of your infrastructure, and discovered database services are automatically pinned by default. -### Pinning Other 'Core' services +### Pin Other 'Core' Services Application Groups are only generated for your Core services, which are those services that have been pinned in Device42. If you don't see the Application Group Impact Chart you're looking for, ensure you've pinned the relevant services. Note that only pinned service listeners will lead to the formation of an Application Group. diff --git a/docs/apps/enterprise-application-dependency-mapping/adm-supported-applications.mdx b/docs/apps/enterprise-application-dependency-mapping/adm-supported-applications.mdx index 5d1ac7617..2a5ba3656 100644 --- a/docs/apps/enterprise-application-dependency-mapping/adm-supported-applications.mdx +++ b/docs/apps/enterprise-application-dependency-mapping/adm-supported-applications.mdx @@ -3,17 +3,13 @@ title: "ADM Detected Applications" sidebar_position: 1 --- -:::info -Set up Application Groups by defining a Starting Point or processing one of our predefined Calculation Rules. See the [Application Groups Calculation Rules](/apps/application-groups/calculation-rules.mdx) page for more details. -::: - -### Currently Supported Applications +Application Dependency Mapping (ADM) discovers running services and can import detailed configuration information for supported applications. The table below lists applications with enhanced discovery support, including the data that Device42 captures. -Enterprise Application Dependency Mapping discovers all running services, whether or not they are on this list. - -You can also use Enterprise Dependency Mapping to create [Application Components](/apps/application-components/index.mdx) for the following list of applications. +:::note +ADM discovers all running services, not just those listed here. For unlisted applications, you can use [Application Component Templates](/apps/application-components/application-component-templates.mdx) to automate Application Component creation with custom logic. +::: -Additionally, you can supplement the Device42 discovery processes by using [Application Component Templates](/apps/application-components/application-component-templates.mdx) to automate Application Component creation (with custom logic) for any applications not on this list. +## Supported Applications | Application | Services Discovered | Configuration Information Imported | | --- | --- | --- | diff --git a/docs/apps/enterprise-application-dependency-mapping/cloud-application-dependency-mapping.mdx b/docs/apps/enterprise-application-dependency-mapping/cloud-application-dependency-mapping.mdx index 8509d9fe6..f91f93409 100644 --- a/docs/apps/enterprise-application-dependency-mapping/cloud-application-dependency-mapping.mdx +++ b/docs/apps/enterprise-application-dependency-mapping/cloud-application-dependency-mapping.mdx @@ -6,15 +6,11 @@ sidebar_position: 2 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -:::info -Set up Application Groups by defining a Starting Point. See the [Application Groups Calculation Rules](/apps/application-groups/calculation-rules.mdx) page for more details. -::: - You can map connections between your on-prem and AWS databases. Cloud Application Dependency Mapping can help customers with hybrid environments to better understand their infrastructure, improve troubleshooting, ease migration frustrations, and optimize resource utilization, ultimately leading to better performance and cost savings. Currently, we support the following AWS Databases: RDS, DynamoDB and Redshift -### How to Configure +## Configure After you've discovered your on-prem and cloud databases, navigate to **Resources > Databases > Cloud Databases**. @@ -52,7 +48,7 @@ Hover to the right of a list item's name to reveal three actions. Search within }} /> -### Limitations +## Limitations - Currently DB to DB connections - Only AWS is currently supported diff --git a/docs/apps/enterprise-application-dependency-mapping/configure-application-dependency-mapping.mdx b/docs/apps/enterprise-application-dependency-mapping/configure-application-dependency-mapping.mdx index a575575cc..b7dca96ed 100644 --- a/docs/apps/enterprise-application-dependency-mapping/configure-application-dependency-mapping.mdx +++ b/docs/apps/enterprise-application-dependency-mapping/configure-application-dependency-mapping.mdx @@ -6,7 +6,9 @@ sidebar_position: 3 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## Turning On Application Discovery +This page explains how to enable and configure Application Dependency Mapping (ADM) in your autodiscovery jobs, view discovered dependencies, and work with Application Groups. + +## Turn On Application Discovery Ensure that your Device42 license has Enterprise Application Discovery enabled (**Tools > Settings > Licensing**). If you need to upgrade your license, contact the support team for more information at [support@device42.com](mailto:support@device42.com). @@ -28,7 +30,7 @@ You can change the ADM sampling interval to be used with your autodiscovery job. style={{ width: '80%' }} /> -### Importing Config Files +### Import Config Files You can opt to store config files by selecting the **Store Applications Components Config Files** option under the **Software and Applications** section of the autodiscovery job. @@ -41,7 +43,7 @@ You can opt to store config files by selecting the **Store Applications Componen style={{ width: '80%' }} /> -## Viewing Application Dependencies +## View Application Dependencies When autodiscovery is run, [Application Components](/apps/application-components/index.mdx) will be created based on related services on a server. For example, for a server running Oracle Database, a component would be created to group together all Oracle Database services on that machine. The Autodiscovery Application would also find the service-to-service connections so that you could, for example, see that your Apache service on "Prod-Server1" was directly dependent on the MySQL service running on "Prod-Database3". @@ -93,6 +95,6 @@ You can create an Application Group using one of the discovered Application Comp After configuring ADM sampling on the autodiscovery job, see the [Application Group Calculation Rules](/apps/application-groups/calculation-rules.mdx) page for a further explanation of how Starting Points are used to generate Application Groups. ::: -## Turning Off Application Discovery +## Turn Off Application Discovery For individual autodiscovery jobs, select **Off** from the **ADM Interval** dropdown. Then scroll down to the **Software and Applications** section and unselect the **Enterprise Application Mapping** checkbox. diff --git a/docs/apps/services/ignored-services.mdx b/docs/apps/services/ignored-services.mdx index 7ca927f1b..3b566731f 100644 --- a/docs/apps/services/ignored-services.mdx +++ b/docs/apps/services/ignored-services.mdx @@ -16,13 +16,13 @@ Any discovered ignored services are added to the Ignored Services page. You can ![](/assets/images/D42-15730_Ignored-Services-Edit.png) -### Ignored Services Actions +## Ignored Services Actions Select one or more ignored service, and then select an Action to apply to the ignored services. You can use the Action menu to activate or deactivate selected ignored services, and you can also delete or export ignored services. ![](/assets/images/WEB-293_Service-Ignored-View-Action_Menu.png) -### Add an Ignored Service +## Add an Ignored Service Click _Add Ignored Service_ to add an ignored service. diff --git a/docs/apps/services/network-shares.mdx b/docs/apps/services/network-shares.mdx index f65135914..6401d8be3 100644 --- a/docs/apps/services/network-shares.mdx +++ b/docs/apps/services/network-shares.mdx @@ -16,7 +16,7 @@ Navigate to **Resources > Storage > Network Shares** of the main appliance to vi }} /> -### Network Share Actions +## Network Share Actions Select one or more network shares and choose an action from the **Select an action** dropdown menu. Execute the selected action by clicking on the **hammer icon**. @@ -28,7 +28,7 @@ Select one or more network shares and choose an action from the **Select an acti }} /> -### Add a Network Share +## Add a Network Share Click on the **+ Add Network Share** button at the top right of the Network Share page to add a new network share. diff --git a/docs/apps/services/scheduled-tasks.mdx b/docs/apps/services/scheduled-tasks.mdx index 98caf499b..1f93f7364 100644 --- a/docs/apps/services/scheduled-tasks.mdx +++ b/docs/apps/services/scheduled-tasks.mdx @@ -7,13 +7,13 @@ Select _Apps > Services > Scheduled Tasks_ to view, edit, or add a scheduled tas ![](/assets/images/WEB-293_Scheduled-Task-View.png) -### Scheduled Task Actions +## Scheduled Task Actions Select one of more scheduled tasks, and then select an Action to apply that action to the tasks. ![](/assets/images/WEB-293_Scheduled-Task-View-Actions-Menu.png) -### Add a Scheduled Task +## Add a Scheduled Task Click _Add Scheduled Task_ to add a new task. diff --git a/docs/apps/services/service-communications.mdx b/docs/apps/services/service-communications.mdx index abab1bfde..9a6938367 100644 --- a/docs/apps/services/service-communications.mdx +++ b/docs/apps/services/service-communications.mdx @@ -3,33 +3,72 @@ title: "Service Communications" sidebar_position: 5 --- -Select Resources _> Services > Service Communications_ to view, edit, or add service communication information.  Click the _Client_ device name to edit an existing service communication. +import ThemedImage from '@theme/ThemedImage' +import useBaseUrl from '@docusaurus/useBaseUrl' -![](/assets/images/WEB-787_1.png) +Select **Resources > Services > Service Communications** to view, edit, or add service communication information.  Click the **Client** device name to edit an existing service communication. -![](/assets/images/WEB-787_2.png) + -### Service Communications Actions +## Service Communications Actions -Select one or more Service Communications, and then select an Action to apply the action to the items. +Select one or more Service Communication records, and then select an **Action** to apply to the selected items. -![](/assets/images/WEB-787_3.png) + -### Add a Service Communication +## Add a Service Communication -Click _Add Service Communication_ to add a new communication. +Click **Create** from the Service Communications list page to add a new communication. -![](/assets/images/WEB-787_4.png) + -Enter a Client IP Address, Listener IP Address. Port, and Protocol. You can also select the Client Device, Listener Device, and enter a Client process display name and a Client process name. Click Save at the bottom of the page to ad the service communication. +Enter a Client IP Address, Listener IP Address, Port, and Protocol. You can also select the Client Device, Listener Device, and enter a Client process display name and a Client process name. Click **Save** at the bottom of the page to add the service communication. -### Service Port IP Statistics +## Service Port IP Statistics -Select _Apps > Services > Service Communications_ to view service port IP statistics. As of version 16.00.00, Device42 has revamped statistics collection. Statistics are now only kept from a listener perspective and are client-IP-centric (not per client service). Previously collected statistics now appear in the _Classic Statistics_ section of this page. See below for descriptions of the Netstat and Netflow statistics Device42 collects. +Select **Resources > Services > Service Communications** and click on a record **ID** to view service port IP statistics. -![](/assets/images/WEB-787_5.png) +Statistics are only kept from a listener perspective and are client-IP-centric (not per client service). Collected statistics appear in the **Classic Statistics** section of this page. See below for descriptions of the Netstat and Netflow statistics Device42 collects. -#### Netstat Statistics +**Statistics** + + + +**Classic Statistics** + + + +## Netstat Statistics @@ -47,7 +86,7 @@ Select _Apps > Services > Service Communications_ to view service port IP statis - + @@ -65,7 +104,7 @@ Select _Apps > Services > Service Communications_ to view service port IP statis
Netstat Total PortsHow many open connections (eports) found. This is a running total.How many open connections (ephemeral ports) found. This is a running total.
Netstat Average Client Connections
-#### Values  Extrapolated from Netstat Statistics +### Values Extrapolated from Netstat Statistics @@ -79,13 +118,12 @@ Select _Apps > Services > Service Communications_ to view service port IP statis - +
Netstat Active Samples / Netstat Total Samples * 100Persistence of connection. Percentage of time that a connection is found when this listener is active. This last part is important as D42 only increments Total Samples when D42 actually discovers the listener. So if a service is only running on weekends for example, D42 doesn't affect the client percentage time during weekdays. So a service could still be connected 100% of the time if every time D42 found this service listening, it also saw this connection, even if the service was only listening 15% of the time.Persistence of connection. Percentage of time that a connection is found when this listener is active. This last part is important, as D42 only increments Total Samples when D42 actually discovers the listener. So if a service is only running on weekends for example, D42 doesn't affect the client percentage time during weekdays. So a service could still be connected 100% of the time if every time D42 found this service listening, it also saw this connection, even if the service was only listening 15% of the time.
- -#### Netflow Statistics +## Netflow Statistics @@ -107,7 +145,7 @@ Select _Apps > Services > Service Communications_ to view service port IP statis - + @@ -129,27 +167,27 @@ Select _Apps > Services > Service Communications_ to view service port IP statis
Netflow Average Client ConnectionsThis is a actually a calculated number of Netflow Total Ports / Netflow Active Samples.This is actually a calculated number of Netflow Total Ports / Netflow Active Samples.
Netflow Client Connection First Found
-#### Time Span Notes +### Time Span Notes -For the two time spans – _Netflow Client Active Span_ and _Netflow Client Gap Span_ – these are heavily affected by your sample period. So if you sample every 1 minutes, D42 will consider a connection active as long as D42 sees two communications within this 1 minute period, even if between samples. Consider this example: +For the two time spans – _Netflow Client Active Span_ and _Netflow Client Gap Span_ – these are heavily affected by your sample period. So if you sample every 1 minute, D42 will consider a connection active as long as D42 sees two communications within this 1 minute period, even if between samples. Consider this example: **Sample File 1:** -_Communication A `<=>` B at 12:01:15 AM_ +Communication A `<=>` B at 12:01:15 AM -_Communication A `<=>` B at 12:01:45 AM_ +Communication A `<=>` B at 12:01:45 AM **Sample File 2:** -_Communication A `<=>` B at 12:02:10 AM_ +Communication A `<=>` B at 12:02:10 AM -_Communication A `<=>` B at 12:02:45 AM_ +Communication A `<=>` B at 12:02:45 AM **Sample File 3:** -_Communication A `<=>` B at 12:03:50 AM_ +Communication A `<=>` B at 12:03:50 AM -_Communication A `<=>` B at 12:03:55 AM_ +Communication A `<=>` B at 12:03:55 AM **Results for A `<=>` B stats are:** @@ -165,4 +203,4 @@ Active Span: 1 Min 40 sec Gap Span: 1 Min 5 Sec (This is the gap between 12:02:45 AM and 12:03:50 AM since it is longer than the sample interval.) -Also note that D42 doesn't count the remaining 5 seconds of the last internal until D42 gets the next sample file. Once D42 gets that, it will either count those 5 seconds as a gap or as active based on when the next _A `<=>` B_ match appears. +Also note that D42 doesn't count the remaining 5 seconds of the last interval until D42 gets the next sample file. Once D42 gets that, it will either count those 5 seconds as a gap or as active based on when the next _A `<=>` B_ match appears. diff --git a/docs/apps/services/service-listener-ports.mdx b/docs/apps/services/service-listener-ports.mdx index e1203bddc..d9cae3038 100644 --- a/docs/apps/services/service-listener-ports.mdx +++ b/docs/apps/services/service-listener-ports.mdx @@ -7,13 +7,13 @@ Select _Apps > Services > Service Listener Ports_ to view, edit, or add a listen ![](/assets/images/WEB-293_Service-Listener-View.png) -### Service Listener Port Actions +## Service Listener Port Actions Select one or more listener ports, and then select an Action to apply that action to the listener ports. ![](/assets/images/WEB-293_Service-Listener-View-Action-Menu.png) -### Add a Service Listener Port +## Add a Service Listener Port Click _Add Service Listener Port_ to add a new port. diff --git a/docs/auto-discovery/active-directory-sync.mdx b/docs/auto-discovery/active-directory-sync.mdx index f2285b423..3234860d3 100644 --- a/docs/auto-discovery/active-directory-sync.mdx +++ b/docs/auto-discovery/active-directory-sync.mdx @@ -6,17 +6,17 @@ sidebar_position: 2 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## AD/LDAP Sync Overview +This page is for Device42 administrators who need to synchronize Active Directory or LDAP users with Device42. Learn how to configure AD/LDAP settings and create discovery jobs to import and sync users as end users or administrators. The AD/LDAP auto-discovery tool performs one-way synchronization of your Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) domain users to Device42. -You can add AD/LDAP users to Device42 as regular end users or administrators. To keep your Device42 users up to date with your directory, it's a good idea to schedule your AD/LDAP syncs using the Device42 scheduling option. +Add AD/LDAP users as regular end users or administrators. Schedule regular syncs to keep users up to date with your directory. :::note -Changes to user accounts made in Device42 will not be sent to the AD/LDAP as the sync is one-way; from AD/LDAP to Device42 only. +Changes to user accounts made in Device42 will not be sent to AD/LDAP. The sync is one-way from AD/LDAP to Device42. ::: -## Prerequisites - The Settings Config +## Configure Active Directory Settings Before you create and run your AD/LDAP discovery jobs, configure the **Active Directory Settings** in Device42. These settings control authentication to AD, the servers to authenticate against, base DNs, and how to add discovered users to Device42. @@ -30,12 +30,14 @@ Before you create and run your AD/LDAP discovery jobs, configure the **Active Di }} /> -2. Click the **Create** button and enter values specific to your Active Directory (or LDAP) domain. +2. Click the **Create** button and enter values specific to your Active Directory (or LDAP) domain. -**Explanation of the fields** +### Configuration Options -- **LDAP Type**: Choose either **Active Directory** or **Open LDAP** for Lightweight directory access protocol for non-Microsoft directory servers. -- **Server**: Enter the AD or LDAP server IP address. Only use FQDN if your DNS can resolve it. Rather enter an IP address if your Device42 server doesn't use AD-Aware DNS servers, as it may not be able to resolve your domain name if it hasn't been configured across all your DNS servers +Configure the following settings to connect Device42 to your AD or LDAP server. + +- **LDAP Type**: Choose either **Active Directory** or **OpenLDAP** for Lightweight directory access protocol for non-Microsoft directory servers. +- **Server**: Enter the AD or LDAP server IP address. You can use the fully qualified domain name (FQDN) if your DNS can resolve it. Use an IP address if your Device42 server doesn't use AD-aware DNS servers, as the FQDN may not resolve correctly. - **Backup Server**: Add a secondary AD or LDAP server to use if the primary one isn't available. -- **Port**: Port for auth requests to your LDAP or Active Directory server. Note that **389** is the non-SSL default and **636** is the default SSL port. Ensure you change the port if you decide to enable SSL or run a non-standard port. +- **Port**: Port for authentication requests to your LDAP or Active Directory server. Note that `389` is the non-SSL default and `636` is the default SSL port. Ensure you change the port if you decide to enable SSL or run a non-standard port. - **Base**: Enter the Base DN that points to your users. -- **SSL**: Check this box if you want to query AD or LDAP using SSL. Please change the port to **636** or your configured SSL port if you check this box. -- **Username/Password**: This is the username a password that will be used for authentication against AD. +- **SSL**: Check this box if you want to query AD or LDAP using SSL. Please change the port to `636` or your configured SSL port if you check this box. +- **Username/Password**: The username and password for AD authentication. - **Username login style**: Choose how Device42 accounts created for AD users will be formatted both in Device42 and for login. :::caution - Changes to this setting only affects users imported after the change. To change the account and login format for all users, delete the existing Device42 accounts, change the login style setting, and then re-sync the accounts from AD. + Changes to the **Username login style** setting only affect users imported after the change. To change the account and login format for all users, delete the existing Device42 accounts, change the login style setting, and then re-sync the accounts from AD. ::: -- **Netbios name**: NetBIOS name is an up-to-15-character representation of your domain name, and may actually be entirely different from the domain name. Visit the [Microsoft Disjoint namespace scenarios](https://learn.microsoft.com/en-us/exchange/disjoint-namespace-scenarios-exchange-2013-help) article for help locating domain NetBIOS names. +- **NetBIOS name**: NetBIOS name is an up-to-15-character representation of your domain name, and may be entirely different from the domain name. Visit the [Microsoft Disjoint namespace scenarios](https://learn.microsoft.com/en-us/exchange/disjoint-namespace-scenarios-exchange-2013-help) article for help locating domain NetBIOS names. + ## Configure an AD/LDAP User Discovery Job When you've configured the AD/LDAP settings, create an AD/LDAP sync job. From the main menu, go to **Discovery > AD/LDAP Users** and click **Create**. @@ -90,7 +93,7 @@ Name the AD/LDAP sync job. Then choose the Device42 user **Type** to create from }} /> -- If you choose **End Users** as the user type, you may optionally choose AD/LDAP attributes to populate end user contact information, location, and notes. You'll also be able to choose and create **Departments**. +- If you choose **End Users** as the user type, you can choose AD/LDAP attributes to populate end user contact information, location, and notes. You'll also be able to choose and create **Departments**. -To create a new Admin group, click the **plus icon**, and in the popup that opens, name the new group, select the permissions, and click **Save**. +To create a new Admin group, click the **plus icon**. In the dialog box, name the new group, select the permissions, and click **Save**. Agent Based Scans**. Enter the URL as it will be accessed by the agent from the remote machine, and choose your **Platform** from the dropdown: Windows, Mac, Linux, FreeBSD, and so on. @@ -68,7 +70,7 @@ The agent can be run from the command line or can be scheduled using the relevan -capture-host-files capture hosts files -config-file string - reads the config from an encrypted file (Only works for signed binaries. Ignored Otherwise) + reads the config from an encrypted file (Only works for signed binaries. Ignored otherwise) -debug prints the data being sent and result of post operation -device-customer string @@ -176,13 +178,13 @@ The agent can be run from the command line or can be scheduled using the relevan ``` -## Scheduling With Crontab in Linux +## Schedule the Agent With Crontab on Linux -For best results, we recommend running the command with `sudo`. Make sure that `/home/system\_dev42/bin/d42agent` is owned by `root` with `\-rwx—— (0700)` permissions. This prevents the non-root user `system\_dev42` from overwriting the agent or adding it to `root`’s _crontab_ (or `cron.daily/hourly`) while allowing root to execute it. +For best results, run the command with `sudo`. Make sure that `/home/system_dev42/bin/d42agent` is owned by `root` with `-rwx--- (0700)` permissions. This prevents the non-root user `system_dev42` from overwriting the agent or adding it to `root`’s crontab (or `cron.daily/hourly`) while allowing root to execute it. -### Using a Limited Account +### Use a Limited Account -The Linux agent runs as `root` by default. However, it is possible to configure the agent to run with a limited, non-root account. Here's how you can create one: +The Linux agent runs as `root` by default. However, you can configure the agent to run with a limited, non-root account. 1. **Create a limited account**: - Create a new Linux account (for example, `d42_limited`) without root access. @@ -205,7 +207,7 @@ The Linux agent runs as `root` by default. However, it is possible to configure d42_limited ALL=(ALL) NOPASSWD: /usr/sbin/arp, /bin/cat, /sbin/ifconfig, /usr/bin/curl, /usr/bin/wget, /bin/ls, /usr/sbin/dmidecode, /usr/bin/lsof, /usr/bin/ps, /usr/bin/python3, /bin/uname, /usr/bin/systemctl, /sbin/ip, /usr/bin/df, /usr/bin/free, /usr/bin/mount, /usr/sbin/iptables ``` - Read the [Commands Required by the Discovery Agent](#commands-required-by-the-discovery-agent) section to see the full list of commands required by the agent. + Read the [Commands Required by the Discovery Agent](#required-agent-commands) section to see the full list of commands required by the agent. 3. **Configure the file ownership and permissions**: - Make sure that the `d42agent` binary is still owned by `root` and has restricted permissions: @@ -222,7 +224,7 @@ The Linux agent runs as `root` by default. However, it is possible to configure sudo -u d42_limited /home/system_dev42/bin/d42agent ``` -### Commands Required by the Discovery Agent +### Required Agent Commands
Click to expand the code block @@ -263,14 +265,14 @@ The Linux agent runs as `root` by default. However, it is possible to configure ```
-We need to ensure the limited account can execute all these commands through `sudo` without requiring a password. +Ensure the limited account can execute all these commands through `sudo` without requiring a password. Here's a shell script that can be used to check whether the limited account has access to the commands:
Click to expand the code block - ```py + ```bash #!/bin/bash # List of commands required by the discovery agent @@ -294,21 +296,21 @@ Here's a shell script that can be used to check whether the limited account has You can run this script to verify that the limited account has access to all the required commands. -## Linux and Mac Note +## Run the Agent on Linux and Mac After downloading the agent, make it executable by running the command `chmod +x ` and use `sudo` for best results. Use the command `--sudo-password="password"` to pass in the password. You may experience an issue with opening the application on your Mac. If so, please use the following Apple support link to [open a Mac app from an unidentified developer](https://support.apple.com/guide/mac-help/open-a-mac-app-from-an-unidentified-developer-mh40616/mac). -## Windows Note +## Schedule the Agent on Windows -After downloading the agent, use the Windows Task Scheduler to schedule the executable file (\*.exe) to run at the intervals you define. +After downloading the agent, use the Windows Task Scheduler to schedule the executable file (`*.exe`) to run at the intervals you define. ## View Agent Version and Agent Last Check-in Date The Devices list page now includes two columns that display the **Agent Version** and the **Agent Last Check-in Date** for devices discovered by the agent. -- On the Devices list page under **Resources > Compute > All Devices**, click the **gear icon** below the Advanced button to display the column list. +- On the Devices list page under **Resources > Compute > All Devices**, click the **gear icon** below the **Advanced** button to display the column list. -- If you want to define a new column view, type a name for the view in the field to the right of the **Table Columns** dropdown and **Save** the view. Device42 displays the agent information for devices discovered by the agent. +- If you want to define a new column view, type a name for the view in the field to the right of the **Table Columns** dropdown and **Save** the view. Device42 displays information for devices discovered by the agent. -### Filtering with Agent Columns +### Filter Devices Using Agent Columns You can use Agent Version and Agent Last Check-in Date to filter the devices list to look for devices found by specific agents or during certain periods. @@ -355,7 +357,7 @@ You can use Agent Version and Agent Last Check-in Date to filter the devices lis }} /> -- You can also use the agent columns in **Advanced search**. For example, the query below searches for devices discovered with a **Agent Last Check-in Date** less than 365 days ago. +- You can also use the agent columns in **Advanced search**. For example, the query below searches for devices discovered with an **Agent Last Check-in Date** less than 365 days ago. Agent Based Scans**. @@ -56,15 +54,15 @@ The discovery agent is built-in to your Device42 instance, and can be downloaded ``` put d42_linuxagent_x64 ``` - _For example:_ + For example: ![copy to target server](/assets/images/agent-based-offline-discovery/copy_to_target_server.png) 3. On Windows, you can skip this step. On Linux, change file permissions to make the file executable using the command: ``` - chmod +x d42_agentname: + chmod +x d42_agentname ``` - _For example:_ + For example: ![chmod to make executable](/assets/images/agent-based-offline-discovery/chmod_make_executable.png) @@ -72,18 +70,8 @@ The discovery agent is built-in to your Device42 instance, and can be downloaded ``` $ ./agentname -offline -sudo-password ‘password’ > $VAR1.log ``` - See the next section, "Creating Naming Variables for your agent logs", for details on configuring variables for your output log file names. - -### Obtain the Offline Discovery Data Processing Tool and Upload Utility - -**This tool is required to complete the agent-based discovery process.** -:::info -To download the current version of the Device42 Agent Log Upload Utility, visit the Device42 ["Miscellaneous Tools" download page](https://www.device42.com/miscellaneous-tools/). -::: - -When the Device42 Offline Discovery Agent runs, it outputs log files of discovery information. The Data Processing utility is required to get your agent-based offline discovery data into Device42 by uploading the discovery log files to your Device42 Main Appliance. - -The utility supports batch upload of multiple log files per run, is a **Windows-based** application, and is **compatible with Device42 15.14.04 and above**. + +Now proceed to configure variables for your output log file names. ### Create Naming Variables for Agent Logs @@ -92,6 +80,7 @@ It’s important to have a unique file name as you might want to run the discove Variables are used to define the file name. We use the computer name and the date-time stamp to generate the unique file names for the discovered data. **Windows example:** +
Click to expand the code block ``` @@ -118,7 +107,7 @@ Variables are used to define the file name. We use the computer name and the dat ```
-### Linux Prerequisite: Sudo Permissions +### Sudo Permissions for Linux On Linux, the agent file requires Sudo permissions to collect data. There are two ways to grant these permissions: @@ -136,6 +125,18 @@ On Linux, the agent file requires Sudo permissions to collect data. There are tw ``` > filename.log ``` + +## Download the Offline Discovery Data Processing Tool and Upload Utility + +:::note +This tool is required to complete the agent-based discovery process. +::: + +Download the tool from the Device42 [Miscellaneous Tools download page](https://www.device42.com/miscellaneous-tools/). + +When the Device42 Offline Discovery Agent runs, it outputs log files of discovery information. The Data Processing utility is required to get your agent-based offline discovery data into Device42 by uploading the discovery log files to your Device42 Main Appliance. + +The utility supports batch upload of multiple log files per run, is a **Windows-based** application, and is compatible with Device42 15.14.04 and above. ## Process Offline Discovery Data @@ -147,7 +148,7 @@ The agent will create two output files. Your output file is named based on the [ If you follow the instructions above, the files will be named `HOSTNAME-DATE-TIME.log` and `agent_local.log`. -You only need the specific log file for the host that you created. You don't need to collect the `agent\local.log` files, as it's for diagnostics only. +You only need the specific log file for the host that you created. You don't need to collect the `agent_local.log` files, as it's for diagnostics only. ### Process Using the Agent Log Upload Utility @@ -156,10 +157,10 @@ Set up and run the Device42 Agent Log Upload Utility tool as follows: 1. Unzip the compressed archive that contains the utility. 2. Browse to the unzipped folder and edit the `appsettings.json` file. Update these fields according to your instance: - **BaseURL**: Change `d42_url` to your instance address or IP address. - - **InputDir**: Change `c:/d42_loader` to the location of your collected scan logs. Note: Use the `/` character, not `\` in the path. + - **InputDir**: Change `C:/d42_loader` to the location of your collected scan logs. Note: Use the `/` character, not `\` in the path. - **Username**: Change to your instance username. - **Secret**: Change to your instance password. 3. Make sure all the files to be processed are in the input folder as specified in the configuration file in the previous step. 4. Run `d42_loader_winx64.exe` to begin processing the input files. Once successfully processed, it will move each file to the output directory. -You should now see your data in Device42! +You should now see your data in Device42. diff --git a/docs/auto-discovery/auto-discovery-system-requirements.mdx b/docs/auto-discovery/auto-discovery-system-requirements.mdx index 413967a93..a5b8028c1 100644 --- a/docs/auto-discovery/auto-discovery-system-requirements.mdx +++ b/docs/auto-discovery/auto-discovery-system-requirements.mdx @@ -3,41 +3,51 @@ title: "Autodiscovery System Requirements" sidebar_position: 6 --- -## General Discovery System Requirements +This page is for Device42 administrators who need to prepare their environment for autodiscovery. It covers system prerequisites, resource requirements, and configuration guidelines for successful discovery. + +## System Resource Requirements + +The Device42 appliance requires adequate system resources for optimal discovery performance: + +- **Minimum configuration:** 4 CPUs and 8 GB of memory for the Device42 appliance. +- **Network connection:** Ensure a 1 Gbps minimum network connection. +- **Resource allocation:** Use a dedicated resource pool for the Device42 VM to avoid resource contention issues. +- **Storage:** Placing the Device42 Appliance virtual machine VHD on an SSD is ideal but not required. + +## Network and Discovery Scope + +Configure your network environment and define the scope of discovery: + +- **IP ranges:** Identify the IP discovery ranges of interest. +- **IPv6 configuration:** If you aren't using IPv6, choose the **Ignore IPv6** option when configuring discovery jobs. +- **Remote collectors:** You can run WinRM Windows discovery from the Main Appliance or a Remote Collector. Deploy remote collectors to the desired network segments and select them when configuring your discovery jobs where appropriate. + +## Access and Security + +Create user accounts with the required access permissions. :::caution -Do not set up an autodiscovery scan using critical production account credentials! Please create a separate, dedicated account to use only for discovery. +Do not set up an autodiscovery scan using critical production account credentials. Create a separate, dedicated account to use only for discovery. -Account lock-out could result in an otherwise avoidable outage depending on your permissions and configured password policies. You as a customer are responsible for any such behavior. +Account lockout could result in an otherwise avoidable outage depending on your permissions and configured password policies. ::: -- Create Users with required access. -- Identify IP discovery scope (ranges of interest). - _If you are not using IPv6, it is advisable to choose the 'Ignore IPv6' option when configuring discovery jobs._ -- Minimum system resource configuration for the Device42 appliance: 4 vCPUs and 8GB memory. Ensure that a _minimum_ 1GBPS network connection is present, that there is a dedicated resource pool for the Device42 VM, and that there are no resource contention issues. Placing the Device42 Appliance's (Virtual Machine) VHD on SSD is ideal, but is not required. -- WinRM Windows discovery can be run from the main appliance or a Remote Collector. Deploy remote collector(s) to desired network segments and select them when configuring your discovery jobs where appropriate, if desired. -- To _(optionally)_ exclude known service port ranges from discovery, proceed to **Tools > Settings > Global Settings > Win/*nix Exclusions** and add your desired exclusions to the Autodiscovery application. This will limit the scope and volume of data that is discovered, helping to reduce noise and overhead while shortening the overall discovery time. -- Ignore certain IP and MAC addresses for all jobs by creating an exclusion for it in **Tools > Settings > Global Settings > Win/*nix Exclusions**. The device(s) will still be discovered, but its are details dropped from ingestion. - -The following are prerequisites and other general requirements and guidelines for successful discovery and optimum performance: - -- Create users with the required access. -- Identify the IP discovery scope (ranges) of interest. -- If you aren't using IPv6, it's advisable to choose the "Ignore IPv6" option when configuring discovery jobs. -- The minimum system resource configuration for the Device42 appliance is 4 CPUs and 8 GB of memory. -- Ensure a 1 Gbps _minimum_ network connection, a dedicated resource pool for the Device42 VM, and that there are no resource contention issues. -- Placing the Device42 Appliance's (Virtual Machine) VHD on an SSD is ideal but not required. -- WinRM Windows discovery can be run from the Main Appliance or a Remote Collector. Deploy remote collector(s) to the desired network segments and select them when configuring your discovery jobs where appropriate. -- To _(optionally)_ exclude known service port ranges from discovery, go to **Tools > Settings > Global Settings > Win/*nix Exclusions** and add your exclusions to the autodiscovery application. This limits the scope and volume of data that is discovered, helping to reduce noise and overhead while shortening the overall discovery time. -- Ignore certain IP and MAC addresses for all jobs by creating an exclusion for it under **Tools > Settings > Global Settings > Win/*nix Exclusions**. The devices will still be discovered, but the details are dropped from ingestion. +## Discovery Scope and Exclusions + +Optimize discovery performance by limiting the scope of data collection: + +- **Service port exclusions:** To exclude known service port ranges from discovery, go to **Tools > Settings > Global Settings > Win/\*nix Exclusions** and add your exclusions to the autodiscovery application. This limits the scope and volume of data that is discovered, helping to reduce noise and overhead while shortening the overall discovery time. +- **IP and MAC exclusions:** Ignore certain IP and MAC addresses for all jobs by creating an exclusion under **Tools > Settings > Global Settings > Win/\*nix Exclusions**. The devices will still be discovered, but the details are dropped from ingestion. + +## Platform-Specific Permissions See detailed permission information for OS platforms: -- Windows and WMI namespace: [Windows and HyperV Discovery](/auto-discovery/windows-and-hyper-v-auto-discovery.mdx) page. -- Linux and Sudo usage details: [Linux and Unix Server Discovery](/auto-discovery/linux-unix-server-auto-discovery.mdx) page. +- Windows and WMI namespace: [Windows and HyperV Discovery](/auto-discovery/windows-and-hyper-v-auto-discovery.mdx). +- Linux and Sudo usage details: [Linux and Unix Server Discovery](/auto-discovery/linux-unix-server-auto-discovery.mdx). -Contact [support@device42.com](mailto:support@device42.com) with any questions regarding specific privilege level requirements for WMI Namespaces and *nix commands run with or without Sudo. +Contact [support@device42.com](mailto:support@device42.com) with questions regarding specific privilege level requirements for WMI Namespaces and \*nix commands run with or without Sudo. -## Ports and Protocols Used By Discovery +## Ports and Protocols Used by Discovery -See [Discovery Port Configurations](/getstarted/deploy-device42/discovery-port-configurations.mdx) for a complete list. \ No newline at end of file +See [Discovery Port Configurations](/getstarted/deploy-device42/discovery-port-configurations.mdx) for a complete list. diff --git a/docs/auto-discovery/autodisc-best-practices.mdx b/docs/auto-discovery/autodisc-best-practices.mdx index eb563693e..367eaf4af 100644 --- a/docs/auto-discovery/autodisc-best-practices.mdx +++ b/docs/auto-discovery/autodisc-best-practices.mdx @@ -3,37 +3,47 @@ title: "Autodiscovery Best Practices" sidebar_position: 5 --- -## Automating Device Discovery – Introduction +This page explains how Device42 builds comprehensive device profiles through sequential discovery and device matching. For operational best practices on planning, configuring, and scheduling discovery jobs, see [Discovery Job Best Practices](/getstarted/getting-started-with-auto-discovery.mdx#discovery-job-best-practices). -Device42 automates a significant portion of your IT infrastructure with agentless, automated, device discovery tools to build an accurate picture. The discovery tools work seamlessly in the background to collect inventory data and populate the Device42 Configuration Management Database (CMDB). +Device42 uses agentless, automated device discovery tools to collect inventory data and populate the Configuration Management Database (CMDB). The discovery tools work seamlessly in the background and are not network-load intensive. You can schedule multiple autodiscoveries per day or hour, with frequency depending on how rapidly your environment changes. -Autodiscovery is based on your unique requirements and can be scheduled to keep your CMDB updated. The process isn't network-load intensive because autodiscovery only collects and reports inventory data. You can schedule many autodiscoveries in a day or even in an hour. The autodiscovery frequency depends on the amount of change occurring in the data center, with more change requiring more frequent autodiscovery jobs. +## Recommended Discovery Sequence -## Initial Discovery Sequence +You can run discovery jobs in any order, but Device42 recommends the following sequence to minimize reconciliation work and build more complete device profiles. For a comprehensive list including Storage, Certificate, Warranty, and other discovery types, see [Discovery Job Order](/getstarted/getting-started-with-auto-discovery.mdx#discovery-job-order). -While the discoveries can be run in any order, Device42 suggests the following order to minimize reconciliation work later on: +### Network Discovery (SNMP) -**Network:** Network autodiscovery builds your Layer 2 network landscape and pulls in your network devices inventory, VLANs, Subnets, IP Addresses, Mac Addresses, and more. +Network autodiscovery builds your Layer 2 network landscape and discovers network devices, VLANs, subnets, IP addresses, MAC addresses, and connectivity information. Run this first to establish the network foundation. -**V-Server:** V-Server autodiscovery collects data from hypervisors such as VMware, Citrix Xen, libvirt, and oVirt. +### Hypervisor Discovery (V-Server) -**Windows/Linux/Hyper-V:** Brings in Windows, Linux, and Hyper-V machine data. +Hypervisor autodiscovery collects data from virtualization platforms such as VMware, Citrix Xen, libvirt, and oVirt. This discovers hosts, virtual machines, and initial operating system information. -**Cloud autodiscovery:** Brings in virtual machine and storage data from Amazon Web Services, Microsoft Azure, Cloudstack, OpenStack, and numerous other platforms. +### Windows, Linux, and Hyper-V Discovery -**Blade:** Blade server autodiscovery identifies the blade chassis, S blade servers, and their location within the chassis. By matching serial numbers to previously discovered data, Device42 builds a comprehensive blade database. +OS-level discovery brings in detailed Windows, Linux, and Hyper-V machine data, including CPU counts, RAM, software, services, and configuration details. -**IPMI:** Intelligent Platform Management Interface defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. Device42 recommends running this last because IPMI might not have the correct hostname of the machine, but it will reconcile with a server discovered by any of the methods discussed above based on serial numbers. +### Cloud Discovery -## Matching Devices in Device42 +Cloud autodiscovery discovers virtual machines and storage from cloud platforms including Amazon Web Services, Microsoft Azure, Cloudstack, OpenStack, and other providers. -Autodiscovery checks against the serial number, UUID, and name, in that order, to check if it is an existing device to update or a new device to create. When looking for a name, Device42 also looks at any aliases that exist for a device. +### Blade Discovery -The latest discovered information on an existing device is always used. For example, if there was a manual change to a device stating it has two CPUs, and an autodiscovery job pulls information for this device with three CPUs, the newer discovered data will override the old entry. +Blade server autodiscovery identifies blade chassis, blade servers, and their physical locations within the chassis. Device42 matches this data to previously discovered devices using serial numbers to build comprehensive blade profiles. -## Building Comprehensive Discovery Profiles +### IPMI Discovery -Don’t be alarmed if one autodiscovery method doesn't provide the level of detail you were expecting. As more auto discoveries are run, Device42 constructs a comprehensive device profile by matching data such as the serial number, UUID, and device name collected during subsequent discovery stages. +Intelligent Platform Management Interface (IPMI) provides out-of-band management data for physical servers. Run IPMI discovery last because it may not have accurate hostname information, but Device42 reconciles it with servers discovered by other methods using serial numbers. + +## How Device42 Matches Devices + +Autodiscovery uses serial number, UUID, and device name (in that order) to determine whether discovered data updates an existing device or creates a new device. When matching by name, Device42 also checks device aliases. + +Device42 uses the latest discovered information for existing devices. For example, if a device record shows two CPUs and autodiscovery detects three CPUs, the newer discovered data overrides the previous entry. + +## Comprehensive Discovery Profiles + +Don't be alarmed if one autodiscovery method doesn't provide the level of detail you were expecting. As more auto discoveries are run, Device42 constructs a comprehensive device profile by matching data such as the serial number, UUID, and device name collected during subsequent discovery stages. ### Example Discovery Scenario @@ -45,14 +55,14 @@ The next level, blade discovery, identifies the Serial Number and adds it to the The native Windows and Linux OS discovery matches the Serial Number and UUID. The new data is added to Device42 including the number of CPUs associated with the VM, the amount of RAM, VM version, version number, and other OS-related information. -In the example above, you'll find out which blade server is in which chassis slot, what network ports or chassis it's connected to, what VMs are on that blade server (if it's a Hypervisor), all the services that are running on those VMs, and all the software installed on those VMs. +In the example above, you'll find out which blade server is in which chassis slot, what network ports or chassis the blade server is connected to, what VMs are on that blade server (if it's a Hypervisor), all the services that are running on those VMs, and all the software installed on those VMs. The result is a comprehensive profile of the discovered devices, their characteristics, locations, software, and the physical and virtual interdependencies between the devices. The discoveries populate the CMDB with detailed records and uses that information to construct Device42 impact and dependency mapping charts. ## User Account for Autodiscovery :::caution -Do not set up an autodiscovery scan using critical production account credentials! Please create a separate, dedicated account to use only for discovery. +Do not set up an autodiscovery scan using critical production account credentials. Create a separate, dedicated account to use only for discovery. -Account lock-out could result in an otherwise avoidable outage depending on your permissions and configured password policies. You as a customer are responsible for any such behavior. +Account lockout could result in an otherwise avoidable outage depending on your permissions and configured password policies. ::: diff --git a/docs/auto-discovery/blade-systems-auto-discovery.mdx b/docs/auto-discovery/blade-systems-auto-discovery.mdx index b1768dc9a..31890048d 100644 --- a/docs/auto-discovery/blade-systems-auto-discovery.mdx +++ b/docs/auto-discovery/blade-systems-auto-discovery.mdx @@ -6,14 +6,18 @@ sidebar_position: 7 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' +This page is for Device42 administrators setting up SNMP autodiscovery jobs to collect blade chassis and server information. + The Blade Systems autodiscovery method discovers HP and IBM blade systems, including the IBM BladeCenter. Cisco UCS is also supported, but in a separate menu entry. -If you would like to see other vendors, please email [support@device42.comt](mailto:support@device42.com). +If you would like to see other vendors, please email [support@device42.com](mailto:support@device42.com). + +## Discovered Blade Server Details Blade server discovery gets the following information: -- Enclosure or chassis: Name, Hardware Make and Model, Serial Number(s), MAC Address(es), IP Address(es), and Interface Name. -- Blade: Name, location within the chassis, Hardware Make and Model, Serial Number(s). +- **Enclosure or chassis details**: Name, Hardware Make and Model, Serial Number(s), MAC Address(es), IP Address(es), and Interface Name. +- **Blade details**: Name, location within the chassis, Hardware Make and Model, Serial Number(s). ## Add a Blade System Autodiscovery Job @@ -30,10 +34,10 @@ Navigate to **Discovery > SNMP** and click the **Create** button. Fill in the basic job details: 1. **Server(s):** Add the server, or range of servers to target. -2. **Port:** The default is "161". -3. **Give Precedence to hostname:** to overwrite the existing name, if one exists. +2. **Port:** The default is `161`. +3. **Give Precedence to hostname:** Overwrite the existing name, if one exists. 4. **Strip domain name:** Strip domain suffix from discovered device name. -5. Scroll down to **Credential(s)**, select the **SNMP version** (v1, v2c, v3 ), and add the authentication details. +5. Scroll down to **Credential(s)**, select the **SNMP version** (v1, v2c, v3), and add the authentication details. Certificates** and clicking the **Create** button. @@ -23,9 +21,8 @@ Create a new certificate autodiscovery job by navigating to **Discovery > Certif dark: useBaseUrl('/assets/images/certificate-management/certificate-discovery-list-19.06-dark.png'), }} /> -

-When creating a certificate autodiscovery job, enter an IP address or range of IP addresses and the ports to scan. Device42 will import discovered certificates. A certificate discovered on an IP address already associated with a device in Device42 will automatically be associated with that device. +When creating a certificate autodiscovery job, enter an IP address or range of IP addresses and the ports to scan. Device42 will import discovered certificates. Certificates discovered on IP addresses already linked to devices will automatically be associated with those devices. -

### SSL Certificate Cipher Suite Discovery -Device42 can discover SSL cipher suites as part of certificate autodiscovery. If you'd like to discover cipher suites, check the **Find cipher suites supported by the server** checkbox. +To discover SSL cipher suites as part of certificate autodiscovery, select the **Find cipher suites supported by the server** checkbox. -Newly created jobs will not run on the day they are created to prevent the unintended running of many jobs simultaneously. To run a job after its initial creation, click **Run Now** on the job details page or on the Certificate autodiscovery specs list page. +Device42 does not automatically run newly created jobs on the first day to prevent unintentionally running a large number of jobs at once. To run a job after its initial creation, click **Run Now** on the job details page or on the Certificate autodiscovery specs list page. Navigate to the certificates list pages under **Applications > Certificates** to inspect the discovered certificates. @@ -70,5 +66,5 @@ Navigate to the certificates list pages under **Applications > Certificates** to Certificate discovery can fail if [multitenancy](/administration/role-based-access-control/role-based-permissions-and-access.mdx) is enabled and the discovery job targets a VRF group whose subnet doesn't exist in Device42. -If you encounter this behavior, create the target subnet in Device42 or run a network discovery first, as recommended in [autodiscovery best practices](autodisc-best-practices.mdx). +If you encounter this behavior, create the target subnet in Device42 or run a network discovery first, as recommended in [Autodiscovery Best Practices](autodisc-best-practices.mdx). diff --git a/docs/auto-discovery/cisco-ucs-auto-discovery.mdx b/docs/auto-discovery/cisco-ucs-auto-discovery.mdx index 6b51c1276..50b2ce408 100644 --- a/docs/auto-discovery/cisco-ucs-auto-discovery.mdx +++ b/docs/auto-discovery/cisco-ucs-auto-discovery.mdx @@ -6,19 +6,23 @@ sidebar_position: 9 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -:::info -Load balancers share the discovery job page of the Main Appliance. See the [F5/Load balancer discovery](load-balancer-f5-autodiscovery.mdx) page if you are looking for load balancer discovery information. -::: +This page is for Device42 administrators who need to discover Cisco UCS clusters and ACI fabric networks. + +Device42 polls your Cisco UCS (Unified Computing System) Manager to discover cluster device information or ACI (Application Centric Infrastructure) Fabric to discover your SDN (software-defined networks). -Device42 will poll your Cisco UCS (Unified Computing System) Manager to discover cluster device information or ACI (Application Centric Infrastructure) Fabric to discover your SDN (software-defined networks). +UCS discovery jobs include network connectivity information beyond the original chassis and blade relationship data for UCS clusters. This provides a comprehensive overview of your entire cluster's connectivity, complete with port-channel aggregation information. -From version 18.12, UCS discovery jobs have been expanded to include network connectivity information beyond the original Chassis and Blade relationship data for UCS clusters. You'll now have a comprehensive overview of your entire cluster's connectivity, complete with port-channel aggregation information. +The image below shows an example of network connectivity discovered for a UCS cluster: ![UCS network discovery map](/assets/images/ucs-network-discovery-map.png) -## Setting up a Cisco UCS Cluster or ACI Fabric Discovery +## Set Up Cisco UCS Cluster or ACI Fabric Discovery -Create a job by navigating to **Discovery > Autodiscovery > UCS/ACI/Load Balancers** to add and edit Cisco UCS manager information. +Create a job by navigating to **Discovery > Autodiscovery > UCS/ACI/Load Balancers**. + +:::info +UCS, ACI, and load balancers share the same discovery job page. If you need to configure load balancer discovery, see [F5/Load Balancer Discovery](load-balancer-f5-autodiscovery.mdx). +::: Autodiscovery > UCS/ACI/Load Balance dark: useBaseUrl('/assets/images/cisco-ucs-auto-discovery/UCS-ACI-Load-Balancers-menu-19.06-dark.png'), }} /> -

-Add your Cisco UCS Manager or ACI Fabric discovery job by entering one or more IPs or FQDNs, and scroll down to enter your username and password (with permissions) on the device. +Add your Cisco UCS Manager or ACI Fabric discovery job by entering one or more IPs or FQDNs. Enter credentials for an account with appropriate permissions. -

- -### **Scheduling UCS Cluster or ACI Fabric Discovery Jobs** - -Schedule your autodiscovery job to run regularly on certain days and at specific times. - - -## UCS Cluster / ACI Fabric Discovery Option Definitions +### UCS Cluster / ACI Fabric Discovery Options -:::note -The following options only exist for UCS and ACI devices. -::: +Configure the following options to control how Device42 handles discovered UCS and ACI devices: - **Hostname to use:** Choose the **Discovered Name** or **Serial #** hostname format to use for newly discovered devices. - **Give precedence to hostname:** Select to force overwrite the existing hostname for devices that already exist using the hostname option. -- **VRF Group for discovered devices:** Place discovered devices into the following VRF group. +- **VRF Group for discovered devices:** Assign discovered devices to a VRF group. - **Object Category for discovered devices:** Place discovered objects into the chosen category in Device42. -- **Overwrite existing object categories:** Select to force overwrite of category on devices that already exist in Device42. +- **Overwrite existing object categories:** Select to overwrite the object category for devices that + already exist in Device42. ### Device and Chassis Names -If an existing device is not found for the Chassis or the Blade based on the serial number, Device42 will add a new device. The **Name** will be derived from the DN and the serial number of the device. +If Device42 does not find an existing device for the chassis or blade based on the serial number, it adds a new device. The **Name** is derived from the DN and the serial number of the device. Check the **Give precedence to hostname** option to use the discovered name for the device instead of its given name. @@ -78,23 +67,9 @@ Check the **Give precedence to hostname** option to use the discovered name for }} /> -### Service Profiles - -Navigate to **Infrastructure > Organization > UCS Service Profiles** to see a list of discovered service profiles. You can view the **Name**, **DN**, **UCSManager**, and **Device** information for each job. - -Search for specific profiles using the search bar on the Service Profile list page or the main dashboard. - - - -## Run Now or Schedule +## Run the Discovery Job -Newly created jobs will not run on the first day of their creation to prevent a large number of unintended jobs from running. To run a job after its initial creation, click on the **Run Now** button on the job details page. You can also run the job from the USC/ACI/Load Balancers for Autodiscovery list page. +Device42 does not automatically run newly created jobs on the first day to prevent running a large number of jobs at once. To run a job after its initial creation, click the **Run Now** button on the job details page. You can also run the job from the UCS/ACI/Load Balancers for Autodiscovery list page. -

-From the job create and edit modes, you can set one or more schedules for the job by clicking **+ Add another Autodiscovery Schedule**. +## Schedule the Discovery Job + +When creating or editing a job, you can set one or more schedules by clicking **+ Add another Autodiscovery Schedule**. +## Service Profiles +Navigate to **Infrastructure > Organization > UCS Service Profiles** to see a list of discovered service profiles. You can view the **Name**, **DN**, **UCSManager**, and **Device** information for each profile. +Search for specific profiles using the search bar on the Service Profile list page or the main dashboard. + + diff --git a/docs/auto-discovery/cloud-auto-discovery/automox-autodiscovery.mdx b/docs/auto-discovery/cloud-auto-discovery/automox-autodiscovery.mdx index e393db749..1349d16ea 100644 --- a/docs/auto-discovery/cloud-auto-discovery/automox-autodiscovery.mdx +++ b/docs/auto-discovery/cloud-auto-discovery/automox-autodiscovery.mdx @@ -8,11 +8,11 @@ import useBaseUrl from '@docusaurus/useBaseUrl' [Automox](https://www.automox.com/) cloud discovery retrieves up-to-date details about your devices, operating systems, and software packages directly into Device42, which serves as a source of truth for your IT environment. -This page outlines the Automox autodiscovery items, authentication requirements, and how to set up and schedule a discovery job. +This page outlines the Automox discovery items, authentication requirements, and how to set up and schedule a discovery job. -## Automox Autodiscovery Items +## Automox Discovery Items -Device42 gets the following details when an Automox discovery job is run: +Device42 collects the following details when an Automox discovery job runs: - Device name - Serial number and UUID @@ -32,7 +32,7 @@ Your Automox username and password are required for Device42 to request a bearer Navigate to **Discovery > Cloud** and click **Create**. -Name the autodiscovery job and under the **Type** dropdown, select **Automox**. +Name the discovery job and select **Automox** from the **Type** dropdown. -Select the **Bearer Token** or click on the **+** (plus sign) icon to create a Secret with your client credentials (bearer token). +Select the **Bearer Token** or click the **+** icon to create a Secret with your client credentials (bearer token). -### Schedule the Autodiscovery Job +### Schedule the Discovery Job -You can automate the autodiscovery process by choosing the day(s) and time(s) when the job runs. +Automate the discovery process by choosing the days and times when the job runs. -Create multiple jobs using the **+ Add another Autodiscovery Schedule** button. +Create multiple schedules using the **+ Add another Autodiscovery Schedule** button. -### Run Now +### Run the Discovery Job -After saving, you can click the **Run Now** button on the job details page that is displayed. +After saving, click **Run Now** on the job details page to run the job immediately. -You can also find the job on the **Cloud Autodiscovery** list page and click **Run Now** under the **Quick Actions** column to run the job at any time. +You can also find the job on the **Cloud Autodiscovery** list page and click **Run Now** under the **Quick Actions** column to run the job at any time. Cloud Resources**. Use the search bar on the left or click on one of the column dropdown menus to filter for specific AWS discovery item fields. @@ -40,20 +40,20 @@ If you want to keep this list page setup as the default view, select the **Syste **To create an AWS Autodiscovery job, you will need to:** -1. Prepare your AWS Account. You can use the policy example [shown below](#additional-endpoint-information). -2. Device42 uses your AWS Access Key and Secret Key to perform discovery, so please have these handy. +1. Prepare your AWS Account. You can use the [example IAM policy](#iam-policy-and-endpoints) below. +2. Have your AWS Access Key ID and Secret Key ready. Device42 uses these to perform discovery. :::note -Device42 encourages you to follow AWS best practices for managing your IAM credentials, including using strong passwords, regular password rotation, applying the principle of least privilege to users and their passwords, and so on. +Follow AWS best practices for managing IAM credentials, including strong passwords, regular rotation, and the principle of least privilege. ::: For more information, see [Best Practices for Managing AWS Access Keys](https://docs.aws.amazon.com/accounts/latest/reference/best-practices.html) on Amazon. ### Initiating an AWS Discovery -- Select **Discovery > Cloud** from the main menu and then click **Create** at the top right of the Cloud Autodiscovery list page. -- Enter a **Name** for the job. -- Select **Type > Amazon AWS** from the dropdown menu. +- Select **Discovery > Cloud** from the main menu and then click **Create** at the top right of the Cloud Autodiscovery list page. +- Enter a **Name** for the job. +- Select **Type > Amazon AWS** from the dropdown menu. -- Select the **Remote Collector** for the job. -- Select **Use Environment Credentials** (see [Setting Up Environment Credentials](#setting-up-environment-credentials-using-ec2-instance-profiles) below), or add your Amazon **Access Key ID** and **Secret Key** for the account(s) to be discovered: +- Select the **Remote Collector** for the job. +- Select **Use Environment Credentials** (see [Setting Up Environment Credentials](#credential-free-discovery-with-ec2-instance-profiles) below), or add your Amazon **Access Key ID** and **Secret Key** for the account(s) to be discovered. Click the **magnifying glass icon** and **Add Password** in the upper-right corner. Enter your Access Key ID or Secret Key in the field labeled **Password**. Device42 uses encryption to store the keys. +- Select **Discover Main Account** to discover the main AWS account in addition to any AWS Roles accounts you select. +- Select the **Available AWS Roles** for the account(s) you want to discover using the arrow to add them to the **Chosen AWS Roles** list. - Click the **magnifying glass icon** and **Add Password** in the upper-right corner. Enter your Access Key ID or Secret Key in the field labeled **Password**. Device42 uses encryption to store the keys. -- Select **Discover Main Account** to discover the main AWS account in addition to any AWS Roles accounts you select. -- Select the **Available AWS Roles** for the account(s) you want to discover using the arrow to add them to the **Chosen AWS Roles** list. - -**Note:** See [Defining AWS Roles](#addedit-aws-roles) below for instructions on creating the AWS Roles that Devices42 displays for AWS cloud autodiscovery jobs. +**Note:** See [Defining AWS Roles](#defining-aws-roles) below for instructions on creating the AWS Roles that Device42 displays for AWS cloud autodiscovery jobs. - Choose one or more Amazon regions to search. @@ -83,7 +81,7 @@ For more information, see [Best Practices for Managing AWS Access Keys](https:// /> - You can also use **Add vendor metadata as** to specify the format for vendor metadata, choose an **Action for Instance not found** in subsequent discoveries, select **Device Name Format** options, and add **Tags for discovered devices**. -- Check **Kubernetes Discovery** to discover Kubernetes clusters hosted on your cloud platform. +- Check **Kubernetes Discovery** to discover Kubernetes clusters hosted on your cloud platform. - Check **Extended Summary Discovery** to discover the full breadth of resources within your AWS Environment. These resources will be displayed in the Cloud Resources section with a limited dataset. - Optionally, you can set the [Service Level](index.mdx#service-level-and-object-category-options) of the job to be applied to the discovered items. - Add object categories, tags, and a customer for discovered devices. @@ -97,12 +95,99 @@ For more information, see [Best Practices for Managing AWS Access Keys](https:// }} /> -- Add an optional **Autodiscovery Schedule** to schedule the job. -- Add the **Admin Groups** for the job. -- Click **Save** or **Save and continue editing** to save the discovery job. -- To run the job immediately, go to the Cloud Discovery list page and click **Run Now**. +- Add an optional **Autodiscovery Schedule** to schedule the job. +- Add the **Admin Groups** for the job. +- Click **Save** or **Save and continue editing** to save the discovery job. +- To run the job immediately, go to the Cloud Discovery list page and click **Run Now**. + +### Defining AWS Roles + +Device42 includes an editor to define or edit the AWS Roles displayed for Amazon AWS cloud autodiscovery jobs. Follow the steps below to view and add AWS Roles: + +- Select **Resources > Secrets > AWS Roles** from the main menu. + + + +- Use the **AWS Role** dropdown to select a role to display or click **Advanced** to construct more specific searches. See [Advanced Search Feature](/getstarted/using-device42/advanced-search-feature.mdx) for instructions. + + + +- Click **Create** at the top right to add a new role. + + + +- Enter a **Name** for the role. +- Enter the **AWS Role** label and an optional **AWS Role Description**. +- In the **Account ID and External ID** section, click **+ Add New**. +- Add the **Account ID** and **External ID**. Click the eye icon to show or hide the field. Click the trash can icon to remove the entries. +- Click **Save** to save the role. + + + +Device42 adds the new AWS Role to the roles list; it will also appear in the Available AWS Roles list when you create or edit an Amazon AWS cloud autodiscovery job. -### AWS Discovery Items +The following steps are required if you are looking to leverage the AWS switch (Assume) Role on the API calls to scan other AWS accounts. + +**From the Main Account:** + + - Create a role within IAM using the **Another AWS Account** option. + - Enter the **Account ID** and select the **Require External ID** option. MFA is not required at this time. + - Use the [example IAM policy](#iam-policy-and-endpoints) needed for discovery. + +**From the sub- (or separate) account:** + +Assign a user to a role that has already been granted access as described in [Grant Access to the Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html#tutorial_cross-account-with-roles-2). + +### Setting Up Cross-Account Role Assumption + +You can discover all sub-accounts and add them to the discovery process using Dynamic Account Discovery. + +Before setting up the roles, complete these prerequisites: +1. Create a role with no accounts associated with it. +2. Use the role in the discovery with the key pair associated with it. + +**Option 1: Root Account Key Pair** + +- The key pair user must be deployed into the organization’s root account. +- This user's policy must have the following rights, at minimum: + - `sts:assumerole` + - `organizations:listaccounts` +- A role must be added to all accounts where discovery is desired, with the same role name used in every account where discovery is desired. +- The Device42 discovery policy must be granted to the role. +- For role config within Device42, do not add any accounts to the role. +- At this time, we cannot use dynamic account discovery to discover roles that use external ID values. + +**Option 2: Main Account Role or Direct Policy** + +If you don't want to follow the steps above, you can either: + - Make the assumable role available in the main account. Dynamic discovery will pull it in if no accounts are listed, or if the main account is included in the manually added list of IDs. + - Or also attach the Device42 discovery policy to the user directly. Select the **Discover main account** box on the job. + +## Discovered Services and Required Permissions Note that some Discovery items require enabling the feature and cannot be discovered otherwise. @@ -110,13 +195,14 @@ Note that some Discovery items require enabling the feature and cannot be discov | ------------------------- | --------------------------------- | ---------------------------------------- | ------------------------------------------------------ | ----------------------------------------------------- | | API Gateway | Resources --> All Resources | `apigateway._region_.amazonaws.com` | Cloud vendor, cloud account, etc. | `apigateway:GET` | | AWS Account Name (fallback) | Infrastructure --> Cloud Accounts | `iam.amazonaws.com` | Cloud account alias | `iam:ListAccountAliases` | -| CloudFront | Resources --> All Resources | `cloudfront.amazonaws.com` | Cloud vendor, cloud account, status, tags, etc | `cloudfront:ListDistributions`, `cloudfront:ListTagsForResource` | Dynamo DB | Resources --> All Resources | dynamodb._region_.amazonaws.com | Backup details, contributor insights, tables, limits, etc. | `dynamodb:DescribeGlobalTable`, `dynamodb:DescribeLimits`, `dynamodb:DescribeTable`, `dynamodb:ListGlobalTables`, `dynamodb:ListTables` | +| CloudFront | Resources --> All Resources | `cloudfront.amazonaws.com` | Cloud vendor, cloud account, status, tags, etc | `cloudfront:ListDistributions`, `cloudfront:ListTagsForResource` | +| DynamoDB | Resources --> All Resources | dynamodb._region_.amazonaws.com | Backup details, contributor insights, tables, limits, etc. | `dynamodb:DescribeGlobalTable`, `dynamodb:DescribeLimits`, `dynamodb:DescribeTable`, `dynamodb:ListGlobalTables`, `dynamodb:ListTables` | | EC2 Instances | Resources --> All Devices | ec2._region_.amazonaws.com | Service name, instance id, status, location, etc. | `ec2:Describe*` | | Elastic Block Storage (EBS) | Resources --> All Resources | ec2._region_.amazonaws.com | Lists, rules, tags, etc. | `ec2:Describe*` (EBS is part of EC2) | | ElastiCache Nodes | Resources --> All Resources | elasticache._region_.amazonaws.com | Account info, status, location | `elasticache:Describe*` | | Elastic File System (EFS) | Resources --> All Resources | elasticfilesystem._region_.amazonaws.com | File system, access points, mount targets | `elasticfilesystem:DescribeAccessPoints`, `elasticfilesystem:DescribeAccountPreferences`, `elasticfilesystem:DescribeFileSystems`, `elasticfilesystem:DescribeMountTargets` | | Elastic Load Balancer (ELB) | Resources --> All Resources | elasticloadbalancing._region_.amazonaws.com | Attributes, description, rules, tags, target groups | `elasticloadbalancing:Describe*` | -| Lambda | Resources --> All Resources | lambda._region_.com | Name, ARN, code size, memory, runtime | `lambda:GetAccountSettings`, `lambda:GetFunction`, `lambda:GetPolicy`, `lambda:List*` | +| Lambda | Resources --> All Resources | lambda._region_.amazonaws.com | Name, ARN, code size, memory, runtime | `lambda:GetAccountSettings`, `lambda:GetFunction`, `lambda:GetPolicy`, `lambda:List*` | | KMS | Resources --> All Resources | kms._region_.amazonaws.com | Region, categories, access points, ACLs, notes, tags, custom fields | `kms:DescribeKey`, `kms:ListKeys`, `kms:ListResourceTags` | | Kubernetes (EKS) | Resources --> All Resources | eks._region_.amazonaws.com | Containers, nodes, clusters | `eks:DescribeCluster`, `eks:DescribeNodegroup`, `eks:DescribeUpdate`, `eks:ListClusters`, `eks:ListNodegroups`, `eks:ListUpdates` | | RDS Instances | Resources --> All Resources | rds._region_.amazonaws.com | Account info, status, location | `rds:Describe*`, `rds:ListTagsForResource` | @@ -129,7 +215,7 @@ Note that some Discovery items require enabling the feature and cannot be discov | Subnets | Network --> Subnets | | Subnets | `ec2:DescribeSubnets` (Subnets are part of EC2) | | VPCs | Resources --> VPC | vpc.aws-region.amazonaws.com | Attributes, AZs, Auth rules, etc. | `ec2:DescribeVpcs` (VPCs are part of EC2) | -### Additional Endpoint Information +### IAM Policy and Endpoints **Regular Discovery** @@ -137,8 +223,6 @@ Note that some Discovery items require enabling the feature and cannot be discov - `sts..amazonaws.com` or `sts.*.amazonaws.com`: Try these endpoints if you encounter an SSL certificate error. - `https://organizations.us-east-1.amazonaws.com`: Only use this if one of the available features is enabled. - - **K8s cluster endpoints access per K8s RBAC setup** - `/api/v1/namespaces/kube-system` @@ -152,7 +236,7 @@ Note that some Discovery items require enabling the feature and cannot be discov
Click to expand code example - ```js + ```json { "Version": "2012-10-17", "Statement": [ @@ -235,18 +319,9 @@ Note that some Discovery items require enabling the feature and cannot be discov ```
-### AWS Tags +## AWS Tags and S3 Access Control -Organizations that use AWS tags can retrieve tags associated -with each cloud account within AWS. Discovered tags are located under the **Vendor Custom Fields** field. - - +Organizations that use AWS tags can retrieve tags associated with each cloud account within AWS. Discovered tags are located under the **Vendor Custom Fields** field. -* * * - -### Amazon S3 Fields and Access Control - Device42 can discover information on the following S3 fields: - Has Public Access Point - Has Public ACL @@ -274,255 +345,161 @@ A bucket can be [public](https://docs.aws.amazon.com/AmazonS3/latest/userguide/a - See [S3 Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) for more details. - Visit the [block public access settings](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html#access-control-block-public-access-options) section for S3 access control options. -### Add and Edit AWS Roles +## Multi-Account Discovery with AWS Roles -Device42 includes an editor to define or edit the AWS Roles displayed for Amazon AWS cloud autodiscovery jobs. Follow the steps below to view and add AWS Roles: +AWS Cloud Discovery jobs can use AWS roles to discover multiple accounts. When the job includes an AWS role, the discovery job dynamically retrieves accounts from AWS. A single role can discover multiple accounts, so you can either specify exact accounts to discover or leave the account empty to have the discovery job create cloud accounts automatically. -- Select **Resources > Secrets > AWS Roles** from the main menu. +## Credential-Free Discovery with EC2 Instance Profiles + +You can perform AWS discovery without supplying any form of long-term, programmatic credentials by leveraging Instance Profiles or IAM roles for Amazon EC2 instances. + +When **Use Environment Credentials** is enabled, the discovery job can be saved without selecting an Access Key ID or Secret Key in the job configuration. This is only possible when using an AWS-hosted Main Appliance or Remote Collector for discovery as it relies on internal AWS mechanisms. +### Step 1: Deploy a Main Appliance or Remote Collector Within AWS -- Use the **AWS Role** dropdown to select a role to display or click **Advanced** to construct more specific searches. See [Advanced Search Feature](/getstarted/using-device42/advanced-search-feature.mdx) for instructions. +Deploy either a Device42 Main Appliance or Remote Collector as an EC2 instance in your AWS environment. - +### Step 2: Create a New IAM Policy +On the IAM Policy creation screen, click **JSON** in the policy editor and paste one of the policies below based on your desired discovery configuration. -- Click **Create** at the top right to add a new role. +**Option 1: Single Account Discovery** - +Refer to the [example discovery policy](#iam-policy-and-endpoints) in the Discovered Services section. -- Enter a **Name** for the role. -- Enter the **AWS Role** label and an optional **AWS Role Description**. -- In the **Account ID and External ID** section, click **+ Add New**. -- Add the **Account ID** and **External ID**. Click the eye icon to show or hide the field. Click the trash can icon to remove the entries. -- Click **Save** to save the role. +**Option 2: Role Assumption Using Static Account Discovery** - +This option is good if you need to specify External IDs when assuming roles, as Dynamic Account Discovery does not support role assumption using External IDs. -Device42 adds the new AWS Role to the roles list; it will also appear in the Available AWS Roles list when you create or edit an Amazon AWS cloud autodiscovery job. +
+Example IAM Policy -The following steps are required if you are looking to leverage the AWS switch (Assume) Role on the API calls to scan other AWS accounts +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "sts:assumerole" + ], + "Resource": [ + "*" + ] + } + ] +} +``` +
-**From the Main Account:** - - - Create a role within IAM using the **Another AWS Account** option. - - - Supply an account that uses **Account ID** and an account that uses the **Require External ID** option. There isn't a requirement for MFA option at this time. - - - Use the [example IAM policy](#additional-endpoint-information) needed for discovery. - -**From the sub- (or separate) account:** +**Option 3: Role Assumption Using Dynamic Account Discovery** -Assign a user to a role that has already been granted access as described in [Grant Access to the Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html#tutorial_cross-account-with-roles-2). +This option is good if you want to discover resources in all member accounts without specifying individual Account IDs. -### Setting Up Dynamic Account Discovery Roles +:::note +This requires the associated Remote Collector or Main Appliance to be deployed within the organization's root (management) account. See [Setting Up Dynamic Account Discovery Roles](#setting-up-cross-account-role-assumption) for more details. +::: -You can discover all sub-accounts and add them to the discovery process using Dynamic Account Discovery. +
+Example IAM Policy -There are prerequisite steps we'll cover before getting into how to setting up the roles: -1. Create a role with no accounts associated with it. -2. Use the role in the discovery with the key pair associated with it. +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "sts:assumerole", + "organizations:listaccounts" + ], + "Resource": [ + "*" + ] + } + ] +} +``` +
-**Option 1:** +When you've confirmed you have the appropriate permission set selected, click **Next**, give the policy a name and description, and click **Create Policy**. -- The key pair user must be deployed into the organization’s root account. -- This user's policy must have the following rights, at minimum: - - `sts:assumerole` - - `organizations:listaccounts` -- A role must be added to all accounts where discovery is desired, with the same role name used in every account where discovery is desired. -- The Device42 discovery policy must be granted to the role. -- For role config within Device42, do not add any accounts to the role. -- At this time, we cannot use dynamic account discovery to discover roles that use external ID values. +### Step 3: Create a New IAM Role -**Option 2:** +1. On the IAM Role creation screen, select **AWS service** as the trusted entity type and **EC2** as the service or use case. Click **Next**. +2. On the add permissions screen, search for and select the policy created in Step 2. Click **Next**, give the role a name and description, and then click **Create Role**. -If you don't want to follow the steps above, you can either: - - Make the assumable role available in the main account. Dynamic discovery will pull it in if no accounts are listed, or if the main account is included in the manually added list of IDs. - - Or also attach the Device42 discovery policy to the user directly. Select the **Discover main account** box on the job. +If you want to do the role preparation via the AWS CLI instead of the AWS Management Console, you can reference the trust policy below: -## Using AWS Roles To Discover Accounts Within Discovery Jobs +
+Example Trust Policy -AWS Cloud Discovery Jobs can use AWS roles to discover accounts. When the job includes the AWS role, the discovery job will dynamically grab multiple accounts from AWS. We previously aimed to maintain a 1:1 relationship between roles and accounts. Now, a single role can discover multiple accounts. This enables AWS users to set up discovery and specify the precise account to create, or leave the account empty to have the discovery job create cloud accounts as a result of the discovery. +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "sts:AssumeRole" + ], + "Principal": { + "Service": [ + "ec2.amazonaws.com" + ] + } + } + ] +} +``` +
-## Cloud Instance Statuses +### Step 4: Attach the Role -All VMs in Device42 have their statuses normalized into one of three buckets: **Running**, **Stopped**, or **Deleted**. This allows for consistency regardless of which hypervisor or cloud is used. +1. From the EC2 Instances list page, select the EC2 instance deployed in Step 1. Then click **Actions > Security > Modify IAM role**. +2. From the "Modify IAM role" page, select the IAM Role created in Step 3 and click **Update IAM role**. -Device42's statuses aren't mapped to the naming convention of the cloud provider. For example, [in AWS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html), VM states include **Running**, **Stopped**, and **Terminated**. In Device42, the **Terminated** state is mapped to **Deleted**. +### Step 5: Additional Configuration for Multi-Account Role Assumption -## Setting Up Environment Credentials using EC2 Instance Profiles +If you're configuring Single Account Discovery, no further steps are needed. If you've opted for Role Assumption using static or dynamic account discovery, continue with the steps below. -You can perform AWS discovery without supplying any form of long-term, programmatic credentials by leveraging Instance Profiles or IAM roles for Amazon EC2 instances. +1. **Create the discovery policy** in each member account to be discovered. Follow Step 2 again, but this time, use the [example discovery policy](#iam-policy-and-endpoints). -When **Use Environment Credentials** is enabled, the discovery job can be saved without selecting an Access Key ID or Secret Key in the job configuration. This is only possible when using an AWS-hosted Main Appliance or Remote Collector for discovery as it relies on internal AWS mechanisms. +2. **Create the discovery role** in each member account to be discovered. Follow Step 3 again, but this time, select **Custom trust policy** instead of **AWS service**. Paste the trust policy below, then at the add permissions screen, search for and select the discovery policy created in the previous step. - +
+ Example Trust Policy -### Configuration - -1. **Deploy a Main Appliance or Remote Collector within AWS.** -2. **Create a new IAM Policy:** - - On the IAM Policy creation screen, click **JSON** in the policy editor and copy paste one of the policies below based on your desired discovery configuration: - - Option 1: For single account Discovery, refer to the example discovery policy above. - - - Option 2: Role Assumption Using Static Account Discovery - - This option is good if you have a need to specify External IDs when assuming roles, as Dynamic Account Discovery does not support role assumption using External IDs. - - *Example IAM Policy* - -
- Click to expand code example - - ```js - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sts:assumerole" - ], - "Resource": [ - "*" - ] - } - ] - } - ``` -
- - - Option 3: Role Assumption Using Dynamic Account Discovery - - This option is good if you want to discover resources in all member accounts without the need to specify individual Account IDs. - - **Note:** This requires the associated Remote Collector or Main Appliance to be deployed within the organization's root (management) account. - - See: [Setting Up Dynamic Account Discovery Roles](#setting-up-dynamic-account-discovery-roles) for more details on configuring Dynamic Account Discovery. - - *Example IAM Policy* - -
- Click to expand code example - - ```js + ```json + { + "Version": "2012-10-17", + "Statement": [ { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sts:assumerole", - "organizations:listaccounts" - ], - "Resource": [ - "*" - ] - } - ] + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::ROOT_ACCOUNT_ID:role/EC2_D42_RC_ROLE" + }, + "Action": "sts:AssumeRole" } - ``` -
- - When you've confirmed you have the appropriate permission set selected, click **Next**, give the policy a name and description, and click **Create Policy**. - -3. **Create a new IAM Role** - - - On the IAM Role creation screen, select **AWS service** as the trusted entity type and **EC2** as the service or use case. Click **Next**. - - On the add permissions screen, search for and select the policy created in Step 2. Click **Next**, give the role a name and description, and then click **Create Role**. - - If you want to do the role preparation via the AWS CLI and not within the AWS Management Console, you can reference the trust policy below: - - *Example Trust Policy* -
- Click to expand code example - - ```js - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sts:AssumeRole" - ], - "Principal": { - "Service": [ - "ec2.amazonaws.com" - ] - } - } - ] - } - ``` -
- -4. **Attach the role:** - - From the EC2 Instances list page, select the EC2 instance created in Step 1. Then click **Actions > Security > Modify IAM role**. - - From the "Modify IAM role" page, select the IAM Role created in Step 3 and then click **Update IAM role**. - -5. **Additional Member Account Configuration for Role Assumption Using Static or Dynamic Account Discovery** - - If you're configuring Single Account Discovery, then there are no remaining steps to be done. If you've opted instead for Role Assumption using static or dynamic account discovery, then continue following the steps below: - - - Create the discovery policy in each member account to be discovered. Follow Step 2 again, but this time, use the example discovery policy above. - - Create the discovery role in each member account to be discovered. - - Follow Step 3 again, but this time, select **Custom trust policy** instead of **AWS service**. Copy and paste the trust policy below. At the add permissions screen, search for and select the discovery policy created in the previous step. - - *Example Trust Policy* -
- Click to expand code example - - ```js - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::ROOT_ACCOUNT_ID:role/EC2_D42_RC_ROLE" - }, - "Action": "sts:AssumeRole" - } - ] - } - ``` -
- - Replace `ROOT_ACCOUNT_ID` and `EC2_D42_RC_ROLE` with your own values. - - - `ROOT_ACCOUNT_ID`: This is the root account ID where the role, which was configured in Step 3, resides. - - `EC2_D42_RC_ROLE`: This is the name of the role in the root account to establish trust with. + ] + } + ``` +
+ + Replace the placeholder values with your own: + - `ROOT_ACCOUNT_ID` — The root account ID where the role configured in Step 3 resides. + - `EC2_D42_RC_ROLE` — The name of the role in the root account to establish trust with. + +## Cloud Instance Statuses + +All VMs in Device42 have their statuses normalized into one of three buckets: **Running**, **Stopped**, or **Deleted**. This allows for consistency regardless of which hypervisor or cloud is used. + +Device42's statuses aren't mapped to the naming convention of the cloud provider. For example, [in AWS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html), VM states include **Running**, **Stopped**, and **Terminated**. In Device42, the **Terminated** state is mapped to **Deleted**. \ No newline at end of file diff --git a/docs/auto-discovery/cloud-auto-discovery/azure-autodiscovery.mdx b/docs/auto-discovery/cloud-auto-discovery/azure-autodiscovery.mdx index de5a83c17..75eb12cf1 100644 --- a/docs/auto-discovery/cloud-auto-discovery/azure-autodiscovery.mdx +++ b/docs/auto-discovery/cloud-auto-discovery/azure-autodiscovery.mdx @@ -7,34 +7,37 @@ import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' import azureTagsImg from '/assets/images/azure-autodiscovery/azure-tags.png' -Device42 provides insights into your Azure resources and services by using an application service principal in accordance with [Microsoft’s security recommendations](https://learn.microsoft.com/en-us/azure/active-directory/develop/secure-least-privileged-access). +Device42 Azure discovery provides visibility into your Azure resources and services, including virtual machines, databases, storage, networking, Kubernetes clusters, and more. Discovery uses an application service principal in accordance with [Microsoft's security recommendations](https://learn.microsoft.com/en-us/azure/active-directory/develop/secure-least-privileged-access). -This page walks you through the process of creating an application service principal with limited permissions to enable a quick and easy inventory of Azure resources using Device42. +This page walks you through creating an application service principal with limited permissions, configuring role-based access, and setting up an Azure discovery job in Device42. ## Get Started with Azure -Before you begin discovery in Device42, prepare your Azure environment. Ensure you've followed the two preparatory steps in your Azure account before you attempt discovery. +Before you begin discovery in Device42, prepare your Azure environment. Complete the following two preparatory steps in your Azure account before you attempt discovery. -### Application Preparation +### Prepare the Application -First, log in to Azure via [https://portal.azure.com](https://portal.azure.com), then navigate to **Azure Active Directory > Enterprise Applications > New Application > Create Your Own Application**. Name your application and select the **Integrate any other application you don’t find in the gallery (Non-gallery)** option. +1. Log in to Azure via [https://portal.azure.com](https://portal.azure.com). +2. Navigate to **Azure Active Directory > Enterprise Applications > New Application > Create Your Own Application**. +3. Name your application and select the **Integrate any other application you don't find in the gallery (Non-gallery)** option. +4. Navigate back to the top-level directory you created the app in and choose **App Registrations**. +5. Select your newly created app and note the **Application (client) ID** and the **Directory (tenant) ID**, as both are used for Device42 discovery. +6. Select **Certificates & Secrets**, then **New Client Secret**. +7. Give your secret an optional description and an expiration date, then select **Add**. +8. Note the string in the **Value** column. This is used as the **Client Secret ID** for Device42 discovery and will not be visible again once you sign out of the Azure portal. -Once your application has been created, navigate back to the top-level directory you created the app in and choose **App Registrations**. Select your newly created app and make note of the **Application (client) ID** and the **Directory (tenant) ID** as these will both be used for Device42 discovery. +### Prepare the Role -Select **Certificates & Secrets**, then **New Client Secret**. Give your secret an optional description and an expiration date. Then, select **Add**. Take note of the string in the **Value** column, as it will be used as the **Client Secret ID** for Device42 discovery, and it will not be visible again once you have signed out of the Azure portal. +Device42 lets you discover Azure resources at the tenant or subscription level. Tenant discovery is best suited to environments with large numbers of Azure subscriptions. If you only have a few Azure subscriptions, subscription discovery may be preferable. -### Role Preparation - -Device42 lets you discover Azure resources by tenant or subscription level. Tenant discovery is best suited to customers with large numbers of Azure subscriptions. If you only have a few Azure Subscriptions, you may find subscription discovery preferable. - -Please note that the assignable scope in the policy below assumes you are performing subscription-level discovery. +The assignable scope in the policy below assumes you are performing subscription-level discovery. If you are performing tenant-level discovery, be sure to change the assignable scope to: `/providers/Microsoft.Management/managementGroups/root-management-group-id-goes-here` #### Subscription Level -The next step is to create a role with limited permissions that will be applied to this application. If you haven't set up your roles yet, see the [Microsoft Assign Azure roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=delegate-condition) page. The role lets Device42 use the application for discovery purposes, while adhering to the principle of least privilege. +The next step is to create a role with limited permissions that will be applied to this application. If you haven't set up your roles yet, see the [Microsoft Assign Azure roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=delegate-condition) page. The role lets Device42 use the application for discovery purposes while adhering to the principle of least privilege. Navigate to the **Subscriptions** section in the Azure portal and select the subscription you would like to allow this application to discover. Take note of the **Subscription ID**, as it will be used later for Device42 discovery. @@ -44,8 +47,8 @@ The **Discover all subscriptions** option should be unchecked to enable subscrip Navigate to **Subscriptions > Select your Subscription > Access Control (IAM) >  Roles > Add > Add Custom Role**. Give the custom role a name, and an optional description, then select either **Start from scratch** or **Start from JSON**. -1. If using the **Start from scratch** option, you need to manually select each permission needed for this application to access the desired resources. The permissions needed are available in the Device42 [cloud autodiscovery](auto-discovery/cloud-auto-discovery/index.mdx) documentation. Select **Add permissions**, search for and select the desired permission, check the relevant box, and choose **Add**. Repeat this for any desired permissions. -2. If using the **Start from JSON** option, copy and paste the JSON data below, to pull in the necessary permissions from the list in the Discovery section, and save it as a `.json` file. Upload this file on the **Basics** page when creating the role, and the permissions will be automatically defined. +1. If using the **Start from scratch** option, manually select each permission needed for this application to access the desired resources. The permissions needed are available in the Device42 [cloud discovery](index.mdx) documentation. Select **Add permissions**, search for and select the desired permission, check the relevant box, and choose **Add**. Repeat this for any desired permissions. +2. If using the **Start from JSON** option, copy and paste the JSON data below to pull in the necessary permissions from the list in the Discovery section and save it as a `.json` file. Upload this file on the **Basics** page when creating the role, and the permissions will be automatically defined.
Click to expand the code block @@ -139,10 +142,10 @@ Navigate to **Subscriptions > Select your Subscription > Access Control (IAM) > #### Tenant Level -If using the Tenant ID for discovery, you must create a Single Role at the tenant level. Navigate to **Management Groups > Select your Azure Tenant Group > Access Control (IAM) > Roles > Add > Add Custom Role**. Give the custom role a name, and a description, then select **Start from scratch** or 88. +If using the Tenant ID for discovery, you must create a single role at the tenant level. Navigate to **Management Groups > Select your Azure Tenant Group > Access Control (IAM) > Roles > Add > Add Custom Role**. Give the custom role a name and a description, then select **Start from scratch** or **Start from JSON**. -1. If using the **Start from scratch** option, you will need to manually select each permission needed for this application to access the desired resources. Select **Add permissions**, search for and select the desired permission, check the relevant box, and choose **Add**. Repeat this for any desired permissions. -2. If using the **Start from JSON** option, copy and paste the in the JSON data, pulling in the necessary permissions from the list in the Discovery section, and save it as a `.json` file. Be sure to change the assignable scope to `/providers/Microsoft.Management/managementGroups/root-management-group-id-goes-here`. Then, upload this file on the Basics page when creating the role, and the permissions will be automatically defined. +1. If using the **Start from scratch** option, manually select each permission needed for this application to access the desired resources. Select **Add permissions**, search for and select the desired permission, check the relevant box, and choose **Add**. Repeat this for any desired permissions. +2. If using the **Start from JSON** option, copy and paste the JSON data, pulling in the necessary permissions from the list in the Discovery section, and save it as a `.json` file. Change the assignable scope to `/providers/Microsoft.Management/managementGroups/root-management-group-id-goes-here`. Then, upload this file on the **Basics** page when creating the role, and the permissions will be automatically defined. After defining the permissions, select **Next** to define the scope this application will have access to. You can define the scope at the subscription level or in any of the nested resource groups (this example uses the subscription level). Select **Next** to review or copy the JSON, then **Next** and **Create**. @@ -150,19 +153,17 @@ To apply the role, go back to the **Access Control (IAM) > Add > Add Role Assign ### Azure Kubernetes Service (AKS) -When **Authentication and Authorization** is set to "Azure AD authentication with Kubernetes RBAC" and **Kubernetes local accounts** is disabled, you must ensure that there is a group configured within the "Cluster admin ClusterRoleBinding" that includes the discovery user/service principal. +When **Authentication and Authorization** is set to **Azure AD authentication with Kubernetes RBAC** and **Kubernetes local accounts** is disabled, ensure that a group is configured within the **Cluster admin ClusterRoleBinding** that includes the discovery user or service principal. -It is important to note that you can specify multiple groups within the **Cluster admin ClusterRoleBinding** selection. +You can specify multiple groups within the **Cluster admin ClusterRoleBinding** selection. This can be useful if you want to keep the discovery user or service principal in a separate, dedicated discovery group rather than adding it to an existing group. -This can be useful if you would like to keep the discovery user/service principal in a separate, dedicated discovery group rather than adding it to an existing group. +## Create an Azure Discovery Job -### Device42 Azure Discovery +You can now configure an Azure discovery job in Device42 using the application details you noted earlier. The limited role you applied prevents access to unnecessary resources while still allowing visibility and discovery of in-scope resources. -Now, you are able to configure an Azure discovery job in Device42 using the application details you noted earlier. The limited role you have applied will prevent access to unnecessary resources, while still allowing for visibility and discovery of what is in scope. +Log in to the Device42 main appliance web console and navigate to **Discovery > Cloud > Add Cloud Autodiscovery**. Give your cloud discovery job a name, select **Microsoft Azure** from the **Cloud Type** dropdown, choose an appropriate remote collector, and select **Service Principal**. The four Azure values you noted earlier are used to configure the discovery job. -Log in to the Device42 main appliance web console and navigate to **Discovery > Cloud > Add Cloud Autodiscovery**. Give your cloud discovery job a name, select **Microsoft Azure** from the **Cloud Type** dropdown, choose an appropriate remote collector, and select **Service Principal**. The four Azure values you noted earlier will now be used to configure the discovery job. - -1. Click the magnifying glass icon for the **Client ID** value and choose **Add Secret** in the window that opens. The username field requires a value, so use it as a label (i.e., Azure Client ID). Next, put the **Application (client) ID** value for the Azure application in the **Password** field. Then, select **Save**. +1. Click the **magnifying glass icon** for the **Client ID** value and choose **Add Secret** in the window that opens. The username field requires a value, so use it as a label (for example, "Azure Client ID"). Next, enter the **Application (client) ID** value for the Azure application in the **Password** field. Then, select **Save**. 2. Repeat this process for the **Subscription ID** and **Client Secret** fields, where the **Subscription ID** and **Client Secret ID** values are entered in the respective password fields of their secret entries. 3. The **Directory (tenant) ID** can be pasted directly into the **Tenant ID** field of the discovery job. @@ -176,7 +177,7 @@ You can set the **Service Level** of the job to be applied to the discovered ite }} /> -**Here, you also have the option to configure any other discovery options as you require:** +You can also configure the following additional discovery options: - You can add vendor metadata as tags or custom fields, edit device name format, and enable Kubernetes discovery to pull in AKS resources. - Every **Vendor** is user-defined. Device42 does not ship with a list of vendors. @@ -211,7 +212,7 @@ You can set the **Service Level** of the job to be applied to the discovered ite - Check **Strip domain name** to have Device42 strip the discovered domain suffix (everything after the first period) from the device instance name. - Choose a category for discovered devices (note that categories are user-defined). -The **Advanced Features** section enables the discovery of database and function resources. +The **Advanced Features** section enables the discovery of database and function resources. -Next, click **Save**. You can click **Run Now** to run the job immediately, and have it run on a regular schedule. - -* * * +Next, click **Save**. Click **Run Now** to run the job immediately, or set it to run on a regular schedule. ## Azure Discovery Items -Instances of Azure Database for PostgreSQL flexible servers are discoverable. +The following Azure resources are discoverable. Instances of Azure Database for PostgreSQL flexible servers are also supported. All Resources | management.azure.com | Name, virtual subtype, tags | `Microsoft.Sql/servers/read`, `Microsoft.Sql/servers/databases/read` | -| Managed SQL Server | Resources -> All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.Sql/managedInstances/read`, `Microsoft.Sql/managedInstances/databases/read` | -| Azure DB for MySQL | Resources -> All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.DBforMySQL/flexibleservers/read`, `Microsoft.DBforMySQL/flexibleservers/databases/read` | -| Azure DB for Postgres | Resources -> All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.DBforPostgreSQL/servers/read`, `Microsoft.DBforPostgreSQL/servers/databases/read` | -| Azure DB for MariaDB | Resources -> All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.DBforMariaDB/servers/read`, `Microsoft.DBforMariaDB/servers/databases/read` | -| Cosmos DB | Resources -> All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.DocumentDB/databaseAccounts/read`, `Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read`, `Microsoft.DocumentDB/databaseAccounts/cassandrakeyspaces/read`, `Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/read`, `Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/read`, `Microsoft.DocumentDB/databaseAccounts/tables/read`, `Microsoft.DBforPostgreSQL/serverGroupsv2/*`, `Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read`, `Microsoft.Network/privateEndpoints/read`, `Microsoft.OperationalInsights/workspaces/read` (Log Analytics Reader on workspace level) | -| SQL VM | Resources -> All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.SqlVirtualMachine/sqlVirtualMachines/read` | -| Functions | Resources -> All Resources | management.azure.com | Resource group name, runtime, trigger, function type | `Microsoft.Web/sites/read`, `Microsoft.Web/sites/functions/read` | -| Kubernetes (AKS) | Devices -> Unknown | management.azure.com | Containers, nodes, clusters | `Microsoft.ContainerService/managedClusters/read`, `Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action` | -| Load Balancers | Devices -> All Devices | management.azure.com | Name, tags, IP | `Microsoft.Network/loadBalancers/read`, `Microsoft.Network/publicIPAddresses/read` | -| Networks (as VRF Groups) | Network -> VRF Groups | management.azure.com | Name | `Microsoft.Network/virtualNetworks/read` | -| Subnets | Network -> All Subnets | management.azure.com | Network, mask, name | `Microsoft.Network/virtualNetworks/read` | -| VMs | Devices -> All Devices | management.core.windows.net | Name, OS version, RAM size, CPU, IP, MAC | `Microsoft.Compute/virtualMachines/read`, `Microsoft.Network/networkInterfaces/read`, `Microsoft.Network/publicIPAddresses/read` | -| Blob Storage | Resources -> All Resources | management.azure.com | Capacity, available capacity | `Microsoft.Storage/storageAccounts/read`, `Microsoft.Storage/storageAccounts/blobServices/containers/read`, `Microsoft.Storage/storageAccounts/privateEndpointConnections/read`, `Microsoft.Network/privateEndpoints/read` | -| Workspaces | Resources -> All Resources | management.azure.com | | `Microsoft.OperationalInsights/workspaces/read` | -| Extended Summary Discovery | Resources -> All Cloud Resources | management.azure.com | | `Microsoft.Resources/subscriptions/resourceGroups/read` | -| Extended Summary Discovery Supplementary Permissions | Resources -> All Cloud Resources | management.azure.com | | `microsoft.aad/domainservices/read`, `microsoft.alertsmanagement/smartdetectoralertrules/read`, `microsoft.compute/disks/read`, `microsoft.compute/sshpublickeys/read`, `microsoft.compute/virtualmachines/extensions/read`, `microsoft.compute/virtualmachinescalesets/read`, `microsoft.containerservice/managedclusters/read`, `microsoft.dbforpostgresql/flexibleservers/read`, `microsoft.documentdb/databaseaccounts/read`, `microsoft.insights/actiongroups/read`, `microsoft.insights/components/read`, `microsoft.insights/datacollectionrules/read`, `microsoft.managedidentity/userassignedidentities/read`, `microsoft.migrate/migrateprojects/read`, `microsoft.network/applicationgateways/read`, `microsoft.network/connections/read`, `microsoft.network/dnsresolvers/read`, `microsoft.network/loadbalancers/read`, `microsoft.network/localnetworkgateways/read`, `microsoft.network/networkinterfaces/read`, `microsoft.network/networksecuritygroups/read`, `microsoft.network/networkwatchers/read`, `microsoft.network/networkwatchers/flowlogs/read`, `microsoft.network/privatednszones/read`, `microsoft.network/privatednszones/virtualnetworklinks/read`, `microsoft.network/privateendpoints/read`, `microsoft.network/publicipaddresses/read`, `microsoft.network/routetables/read`, `microsoft.network/virtualnetworkgateways/read`, `microsoft.network/virtualnetworks/read`, `microsoft.operationalinsights/querypacks/read`, `microsoft.operationalinsights/workspaces/read`, `microsoft.operationsmanagement/solutions/read`, `microsoft.recoveryservices/vaults/read`, `microsoft.servicebus/namespaces/read`, `microsoft.storage/storageaccounts/read`, `microsoft.web/serverfarms/read`, `microsoft.web/sites/read`, `Microsoft.Resources/subscriptions/resourceGroups/read/read` | +| SQL Server | Resources > All Resources | management.azure.com | Name, virtual subtype, tags | `Microsoft.Sql/servers/read`, `Microsoft.Sql/servers/databases/read` | +| Managed SQL Server | Resources > All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.Sql/managedInstances/read`, `Microsoft.Sql/managedInstances/databases/read` | +| Azure DB for MySQL | Resources > All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.DBforMySQL/flexibleservers/read`, `Microsoft.DBforMySQL/flexibleservers/databases/read` | +| Azure DB for Postgres | Resources > All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.DBforPostgreSQL/servers/read`, `Microsoft.DBforPostgreSQL/servers/databases/read` | +| Azure DB for MariaDB | Resources > All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.DBforMariaDB/servers/read`, `Microsoft.DBforMariaDB/servers/databases/read` | +| Cosmos DB | Resources > All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.DocumentDB/databaseAccounts/read`, `Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read`, `Microsoft.DocumentDB/databaseAccounts/cassandrakeyspaces/read`, `Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/read`, `Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/read`, `Microsoft.DocumentDB/databaseAccounts/tables/read`, `Microsoft.DBforPostgreSQL/serverGroupsv2/*`, `Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read`, `Microsoft.Network/privateEndpoints/read`, `Microsoft.OperationalInsights/workspaces/read` (Log Analytics Reader on workspace level) | +| SQL VM | Resources > All Resources | management.azure.com | Name, virtual subtype, tags, tables | `Microsoft.SqlVirtualMachine/sqlVirtualMachines/read` | +| Functions | Resources > All Resources | management.azure.com | Resource group name, runtime, trigger, function type | `Microsoft.Web/sites/read`, `Microsoft.Web/sites/functions/read` | +| Kubernetes (AKS) | Devices > Unknown | management.azure.com | Containers, nodes, clusters | `Microsoft.ContainerService/managedClusters/read`, `Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action` | +| Load Balancers | Devices > All Devices | management.azure.com | Name, tags, IP | `Microsoft.Network/loadBalancers/read`, `Microsoft.Network/publicIPAddresses/read` | +| Networks (as VRF Groups) | Network > VRF Groups | management.azure.com | Name | `Microsoft.Network/virtualNetworks/read` | +| Subnets | Network > All Subnets | management.azure.com | Network, mask, name | `Microsoft.Network/virtualNetworks/read` | +| VMs | Devices > All Devices | management.core.windows.net | Name, OS version, RAM size, CPU, IP, MAC | `Microsoft.Compute/virtualMachines/read`, `Microsoft.Network/networkInterfaces/read`, `Microsoft.Network/publicIPAddresses/read` | +| Blob Storage | Resources > All Resources | management.azure.com | Capacity, available capacity | `Microsoft.Storage/storageAccounts/read`, `Microsoft.Storage/storageAccounts/blobServices/containers/read`, `Microsoft.Storage/storageAccounts/privateEndpointConnections/read`, `Microsoft.Network/privateEndpoints/read` | +| Workspaces | Resources > All Resources | management.azure.com | | `Microsoft.OperationalInsights/workspaces/read` | +| Extended Summary Discovery | Resources > All Cloud Resources | management.azure.com | | `Microsoft.Resources/subscriptions/resourceGroups/read` | +| Extended Summary Discovery Supplementary Permissions | Resources > All Cloud Resources | management.azure.com | | `microsoft.aad/domainservices/read`, `microsoft.alertsmanagement/smartdetectoralertrules/read`, `microsoft.compute/disks/read`, `microsoft.compute/sshpublickeys/read`, `microsoft.compute/virtualmachines/extensions/read`, `microsoft.compute/virtualmachinescalesets/read`, `microsoft.containerservice/managedclusters/read`, `microsoft.dbforpostgresql/flexibleservers/read`, `microsoft.documentdb/databaseaccounts/read`, `microsoft.insights/actiongroups/read`, `microsoft.insights/components/read`, `microsoft.insights/datacollectionrules/read`, `microsoft.managedidentity/userassignedidentities/read`, `microsoft.migrate/migrateprojects/read`, `microsoft.network/applicationgateways/read`, `microsoft.network/connections/read`, `microsoft.network/dnsresolvers/read`, `microsoft.network/loadbalancers/read`, `microsoft.network/localnetworkgateways/read`, `microsoft.network/networkinterfaces/read`, `microsoft.network/networksecuritygroups/read`, `microsoft.network/networkwatchers/read`, `microsoft.network/networkwatchers/flowlogs/read`, `microsoft.network/privatednszones/read`, `microsoft.network/privatednszones/virtualnetworklinks/read`, `microsoft.network/privateendpoints/read`, `microsoft.network/publicipaddresses/read`, `microsoft.network/routetables/read`, `microsoft.network/virtualnetworkgateways/read`, `microsoft.network/virtualnetworks/read`, `microsoft.operationalinsights/querypacks/read`, `microsoft.operationalinsights/workspaces/read`, `microsoft.operationsmanagement/solutions/read`, `microsoft.recoveryservices/vaults/read`, `microsoft.servicebus/namespaces/read`, `microsoft.storage/storageaccounts/read`, `microsoft.web/serverfarms/read`, `microsoft.web/sites/read`, `Microsoft.Resources/subscriptions/resourceGroups/read/read` | *Specific calls are available on request. -## Using SAML +## Use SAML -When confirming SAML for Azure, change the **Signing Option** to **Sign SAML response**, this could take a few minutes to apply. +When confirming SAML for Azure, change the **Signing Option** to **Sign SAML response**. This change could take a few minutes to apply. In the Device42 Appliance Manager, go to **Global Settings > SAML 2.0 Settings** and check that the **Username field** has a value of "name": @@ -275,7 +274,7 @@ In the Device42 Appliance Manager, go to **Global Settings > SAML 2.0 Settings** To locate virtual devices, navigate to **Resources > All Devices** and use the **Type** dropdown to filter the list by **virtual**. You can view **Cloud Instance Information** on the virtual device details view. Unknown | [Compute API](https://www.googleapis.com/discovery/v1/apis/compute/v1/rest), [Container API](https://www.googleapis.com/discovery/v1/apis/container/v1/rest) | Containers, pods, clusters | -| Networks (as VRF Groups) | Network -> VRF Groups | [Compute API](https://www.googleapis.com/discovery/v1/apis/compute/v1/rest) | Name | -| Subnets | Networks -> Subnets | [Compute API](https://www.googleapis.com/discovery/v1/apis/compute/v1/rest) | Mask, name, VRF Group | -| SQL DB | | [SQL Admin API](https://www.googleapis.com/discovery/v1/apis/sqladmin/v1beta4/rest) | Tables, instances, etc. | -| VMs | Devices -> All Devices | [Compute API](https://www.googleapis.com/discovery/v1/apis/compute/v1/rest) | Type, Name, RAM, OS, CPU, cores, etc. | +| K8s (GKE) Discovery | Devices > Unknown | [Compute API](https://www.googleapis.com/discovery/v1/apis/compute/v1/rest), [Container API](https://www.googleapis.com/discovery/v1/apis/container/v1/rest) | Containers, pods, clusters | +| Networks (as VRF Groups) | Network > VRF Groups | [Compute API](https://www.googleapis.com/discovery/v1/apis/compute/v1/rest) | Name | +| Subnets | Networks > Subnets | [Compute API](https://www.googleapis.com/discovery/v1/apis/compute/v1/rest) | Mask, name, VRF Group | +| SQL DB | | [SQL Admin API](https://www.googleapis.com/discovery/v1/apis/sqladmin/v1beta4/rest) | Tables, instances, and so on | +| VMs | Devices > All Devices | [Compute API](https://www.googleapis.com/discovery/v1/apis/compute/v1/rest) | Type, name, RAM, OS, CPU, cores, and so on | Device42 also discovers the following GCP items: @@ -57,7 +59,7 @@ Device42 also discovers the following GCP items: ## GCP Permission Requirements -The following permissions are required to perform a GCP discovery job. You can create a custom IAM role with these permissions or ensure they are included in existing roles granted to your account or service account. +The following permissions are required for a GCP discovery job. Create a custom IAM role with these permissions, or ensure they are included in existing roles assigned to your account or service account.
Click to expand the code block @@ -105,11 +107,11 @@ resourcemanager.projects.get
-## GCP Discovery Job Configuration +## Create a GCP Discovery Job You need a user account with the built-in GCP "Viewer" role before you can begin a GCP discovery job. -### Create a New GCP Discovery Job +### Set Up the Discovery Job To create a new GCP discovery job, go to **Discovery > Cloud** and click **+ Add Cloud Autodiscovery**. Choose **Google Cloud** as the discovery **Type**. @@ -125,6 +127,8 @@ sources={{ ### Provide JSON Credentials +Add your Google Cloud Engine JSON key to the discovery job as a secret: + 1. Locate and save your [Google Cloud Engine JSON key](https://cloud.google.com/iam/docs/keys-create-delete) to your local machine. 2. Open the key in a text editor and copy its contents: ![Google Cloud Engine JSON key](/assets/images/google-cloud-platform-autodiscovery/google-json-key.png) @@ -138,11 +142,11 @@ sources={{ }} /> -### Determine Configuration Options +### GCP Discovery Job Options -The following configuration options are available for GCP: +The following configuration options are available for GCP discovery jobs: -- Select **Kubernetes Discovery** to discover Kubernetes clusters hosted on your GCP. +- Select **Kubernetes Discovery** to discover Kubernetes clusters hosted on GCP. Cloud Infrastructure > Cloud Accounts** and select your GCP account from the **Cloud Accounts** list page. -The available discovered account-level tags will be listed under the **Vendor Custom Fields** section. +Discovered account-level tags are listed under the **Vendor Custom Fields** section. Cloud**. You typically create one job per cloud account. Like other discovery jobs, cloud discovery jobs can be run immediately or scheduled. -Go to the Cloud Autodiscovery list page under **Discovery > Autodiscovery > Cloud** to create a new cloud autodiscovery job and see your existing jobs. You’ll typically create one job per cloud account. Like other autodiscovery jobs, cloud discovery jobs can be run immediately or scheduled. +## Create a Cloud Platform Discovery Job -### Create Cloud Platform Discovery Job +The **Cloud Autodiscovery** list page displays your existing jobs. Autodiscovery > Clou }} /> -Click the **Create** button in the top right to create a new job, then select the platform **Type**: +Click **Create** in the top right to create a new job, then select the platform **Type**: Compute > All Devices**, then select **Virtual** from the ** }} /> -Click on a device name to enter the view or edit mode. The **Cloud Instance Information** details are located at the bottom of the page. +Click a device name to view its details. The **Cloud Instance Information** section is located at the bottom of the page. -## Cloud Autodiscovery Jobs - -### Service Level and Object Category Options +## Service Level and Object Category Options All cloud platform discovery jobs have the option to set the **Service Level** to apply to the discovered items. For example, you can set it so that the **Development**, **Deployment**, or **Production** service level is applied to discovered items. -Select an option from the dropdown menu, or add a new service-level category using the **plus symbol** button. +Select an option from the dropdown menu, or add a new service-level category using the **plus icon**. -You can also create a new **Object Category for discovered devices** to add another specialized classification. The **Overwrite existing object categories** option gives preference to the discovered object category (if available) over the manually defined object category. +You can also set an **Object Category for discovered devices** to add another specialized classification. Select **Overwrite existing object categories** to give preference to the discovered object category over a manually defined object category. Cloud** and click **Create**. -- Select **Intune** from the cloud autodiscovery **Type:** dropdown menu. +- Select **Intune** from the **Type** dropdown menu. - Enter a **Name** and **URL** (for example: `https://login.microsoftonline.com/[tenant domain or ID]`) for the discovery job. + -### Configuration Options +### Intune Discovery Job Options -Optionally, you can also: +The following additional options are available: + + - Select or add a specific **Customer for discovered devices**. - Set the **Debug level** for the job. -- Choose to **Discover Software** to detect managed software applications. From 19.06, discovery will only bring in software with an 'installed' status. All other provisioned software records will be ignored as we cannot guarantee whether they are installed or not. +- Select **Discover Software** to detect managed software applications. As of version 19.06, discovery only imports software with an "installed" status. All other provisioned software records are ignored, as their installation status cannot be guaranteed. - Set the **Initial Software Type** for discovered software. - Set the category of **Intune Device Ownership** to discover "All", "Corporate", or "Personal" devices. - Enter any **Notes** for the job. @@ -112,7 +112,7 @@ Schedule the Intune discovery job to run automatically. ### Run the Intune Discovery Job -After clicking **Save**, the job details page will be displayed. Click **Run Now** to start the job at any time. You can also run the job from the Cloud Autodiscovery list page using the **Run Now** button. +After clicking **Save**, the job details page is displayed. Click **Run Now** to start the job at any time. You can also run the job from the **Cloud Autodiscovery** list page using the **Run Now** button. -### Intune OS Names +## Intune OS Names Intune OS data has lower precedence than data from more authoritative sources, like OS-level discovery. For example, the Device42 agent will pick up "Microsoft Windows 10 Enterprise" more quickly than the generic Intune name "Windows". The lower precedence ensures more detailed OS names are collected, enhancing the data-filtering capability of the agent. -## Renaming Intune Devices +## Rename Intune Devices -Devices within Intune are renamed during the build process. If a device name is not updated as expected following Device42 autodiscovery, or after being renamed and updated in Intune, ensure the **Overwrite existing device hostname with discovered hostname** option is enabled. +Devices within Intune are renamed during the build process. If a device name is not updated as expected following Device42 discovery, or after being renamed and updated in Intune, ensure the **Overwrite existing device hostname with discovered hostname** option is enabled. Containers > Kubernetes | Type, version, OS | -| Containers | Resources > Containers > Kubernetes | Region, status, capacity, creation information, etc. | +| Containers | Resources > Containers > Kubernetes | Region, status, capacity, creation information, and so on | | Whole Cluster Structure | Resources > Containers > Kubernetes | All general info, namespaces, endpoint details, custom fields | +## Kubernetes Discovery for AWS, GCP, and Azure -### Kubernetes Discovery for AWS, GCP, and Azure - -Kubernetes Discovery is available as an option for [Amazon Web Services (AWS)](auto-discovery/cloud-auto-discovery/aws-autodiscovery.mdx), [Google Cloud Platform (GCP)](auto-discovery/cloud-auto-discovery/google-cloud-platform-autodiscovery.mdx), and [Microsoft Azure (Azure)](auto-discovery/cloud-auto-discovery/azure-autodiscovery.mdx) cloud autodiscovery jobs. - -Navigate to **Discovery > Cloud** and click **Create** to configure a new discovery job. +Kubernetes discovery is available as an option for [Amazon Web Services (AWS)](aws-autodiscovery.mdx), [Google Cloud Platform (GCP)](google-cloud-platform-autodiscovery.mdx), and [Microsoft Azure](azure-autodiscovery.mdx) cloud discovery jobs. -Scroll down the **Add Cloud Discovery** form and check the **Kubernetes Discovery** option. - -Select an option under **Action for Kubernetes Resources not found:** to choose which action Device42 should take when Kubernetes cluster children resources aren't found during the discovery. - -Your cloud discovery job will now also include the discovery of Kubernetes resources on the target cloud platform. +- Navigate to **Discovery > Cloud** and click **Create** to configure a new discovery job. +- Scroll down the **Add Cloud Discovery** form and check the **Kubernetes Discovery** option. +- Select an option under **Action for Kubernetes Resources not found** to choose the action Device42 takes when Kubernetes cluster child resources are not found during discovery. -### Standalone Kubernetes Discovery +## Standalone Kubernetes Discovery -Select **Standalone Kubernetes** for the cloud autodiscovery **Type**, and fill in the fields that become available: +To discover a standalone Kubernetes cluster, navigate to **Discovery > Cloud**, click **Create**, and select **Standalone Kubernetes** from the **Type** dropdown. Fill in the following fields: - Enter a **URL**. - For **Authentication type**, choose between **Bearer Token** and **Basic Credentials**. @@ -54,9 +53,9 @@ Select **Standalone Kubernetes** for the cloud autodiscovery **Type**, and fill }} /> -Optionally, you can choose a **Vendor** and a **VRF Group**. Please note that all vendors and VRF groups are user-defined. +Optionally, you can choose a **Vendor** and a **VRF Group**. All vendors and VRF groups are user-defined. -You also have the option to set the **Service Level** for all discovered objects, such as "Development", "Deployment", or "Production". See [Service Level and Object Category Options in the Cloud Platform Autodiscovery documentation](index.mdx#service-level-and-object-category-options) for more information. +You can also set the **Service Level** for all discovered objects, such as "Development", "Deployment", or "Production". See [Service Level and Object Category Options](index.mdx#service-level-and-object-category-options) for details. -### View Discovered Kubernetes Resources +## View Discovered Kubernetes Resources + +Discovered Kubernetes resources appear on the **Resources** list page. -Discovered Kubernetes resources appear on the **Resources** list page. Navigate to **Resources > All Resources** from the main menu to display the list page. Use the **Vendor Resource Type** dropdown to choose which Kubernetes resources to include in the table. +- Navigate to **Resources > All Resources** from the main menu to display the list page. +- Use the **Vendor Resource Type** dropdown to choose which Kubernetes resources to include in the table. -- Click on the available links to see details about each resource. +- Click the available links to see details about each resource. -### Edit Discovered Kubernetes Resources +## Edit Discovered Kubernetes Resources -Click the **Edit** button on the bottom right to edit resource information. Editing is generally limited to adding or editing **Notes**, **Tags**, the **In Service** status or level, and **Custom Fields** values. +Click **Edit** on the bottom right to edit resource information. You can edit **Notes**, **Tags**, the **In Service** status or level, and **Custom Fields** values. Cloud** and click the **Create** button. +Device42 supports discovery for a variety of cloud platforms beyond the major providers. Each cloud type has its own configuration options and discovery items. -Device42 discovery supports the following cloud types, as listed in the **Type** dropdown menu of the **Add Cloud Autodiscovery** form: +This page covers how to set up discovery jobs for these additional cloud platforms. For all cloud discovery jobs, navigate to **Discovery > Cloud** and click **Create**. Select a cloud platform from the **Type** dropdown: - [Alibaba Cloud](#alibaba-cloud-discovery) - Amazon AWS @@ -35,13 +35,12 @@ Device42 discovery supports the following cloud types, as listed in the **Type** ## Alibaba Cloud Discovery -What information does Alibaba Cloud discovery gather? In addition to standard discovery methods, the discovery monitors network traffic to see all routes during discovery execution for Application Dependency Mapping. A read-only Alibaba role can be provided, as the discovery performs no changes to the cloud infrastructure during execution. +Alibaba Cloud discovery gathers infrastructure information and monitors network traffic during execution for Application Dependency Mapping. A read-only Alibaba role is sufficient, as discovery performs no changes to the cloud infrastructure. -**Alibaba Discovery Items** -| **Cloud Service/Object Name** | **Where To Locate in Device42** | **Accessed API** | **Information Generated** | +| Cloud Service or Object Name | Where To Locate in Device42 | Accessed API | Information Generated | |-------------------------------|-------------------------------|--------------------------------------------|------------------------------------------------------| -| VMs | Devices -> All Devices | http://ecs-cn-hangzhou.aliyuncs.com | Type, name, OS, notes, RAM, CPU, serial number | +| VMs | Devices > All Devices | http://ecs-cn-hangzhou.aliyuncs.com | Type, name, OS, notes, RAM, CPU, serial number | Select **Alibaba Cloud** from the **Type** dropdown menu, name your discovery job, and include both your **Access Key Id** and **Access Key Secret**. @@ -67,7 +66,7 @@ Select an option for **Action for Instance not found** and select a **Device Nam /> -Optionally, you can set the [**Service Level**](index.mdx#cloud-autodiscovery-jobs) of the job to be applied to the discovered items. For example, **Development**, **Deployment**, or **Production**. You also have the option to create a regular schedule, determining when the job will run. +Optionally, you can set the [**Service Level**](index.mdx#service-level-and-object-category-options) of the job to be applied to the discovered items. For example, **Development**, **Deployment**, or **Production**. You also have the option to create a regular schedule, determining when the job will run. Click **Save** and click **Run Now** to run the job immediately. You can also run the job from the Cloud Autodiscovery list page. @@ -75,9 +74,9 @@ Click **Save** and click **Run Now** to run the job immediately. You can also ru ## Arista CloudVision Discovery -| **Cloud Service/Object Name** | **Where to locate in Device42** | **Accessed API** | **Information Generated** | +| Cloud Service or Object Name | Where To Locate in Device42 | Accessed API | Information Generated | |-------------------------------|----------------------------|----------------------------------|---------------------------------------------------------| -| Network infrastructure | Devices --> All Devices | `https://\/api/resources/` | Device ID, device status, dashboard configs, etc. | +| Network infrastructure | Devices > All Devices | `https://\/api/resources/` | Device ID, device status, dashboard configs, and so on | Name the discovery job and select **Arista CloudVision (Preview)** from the **Type** dropdown menu. Select a **Remote Collector** and add the server IP address or FQDN in the **Node(s)** textbox. @@ -91,7 +90,7 @@ Name the discovery job and select **Arista CloudVision (Preview)** from the **Ty Select **Bearer Token** from the **Authentication type** dropdown menu to add your API token, or select **Basic Authentication** to add your username and password. -Optionally, add a **Service Level**, select an [**Object Category**](/administration/role-based-access-control/#object-category-field), and add **Tags for discovered devices**. Tags are useful metadata that categorize the discovered items for searching, filtering, and [ADM Calculation Rule](/apps/application-groups/calculation-rules/#what-are-calculation-rules) purposes. +Optionally, add a **Service Level**, select an [**Object Category**](/administration/role-based-access-control/index.mdx#object-category-field), and add **Tags for discovered devices**. Tags are useful metadata that categorize the discovered items for searching, filtering, and [ADM Calculation Rule](/apps/application-groups/calculation-rules.mdx#what-are-calculation-rules) purposes. Select or add a **Customer for discovered devices** and configure your error logging preferences from the **Debug level** dropdown menu. @@ -115,11 +114,11 @@ Save the job and click **Run Now** on the job details view or the Cloud Autodisc ## DigitalOcean Discovery -**DigitalOcean Discovery Items** +Device42 discovers DigitalOcean Droplets as virtual devices. -| **Cloud Service/Object Name** | **Where To Locate in Device42** | **Accessed API** | **Information Generated** | +| Cloud Service or Object Name | Where To Locate in Device42 | Accessed API | Information Generated | |-------------------------------|----------------------------|----------------------------------|---------------------------------------------------------| -| Droplets (VMs) | Devices --> All Devices | [https://api.digitalocean.com](https://api.digitalocean.com) | Type, name, RAM size, CPU count, HDD Size, Tags, OS, etc. | +| Droplets (VMs) | Devices > All Devices | [https://api.digitalocean.com](https://api.digitalocean.com) | Type, name, RAM size, CPU count, HDD Size, Tags, OS, and so on | Name the job, select **DigitalOcean** from the **Type** dropdown menu, and enter a **Token Key**. Then select any other options you want for the discovery job. @@ -140,11 +139,11 @@ Click **Save** and then **Run Now** to run the job immediately. Or run the job u ## Linode Discovery -**Linode Discovery Items** +Device42 discovers Linode instances as virtual devices. -| **Cloud Service/Object Name** | **Where To Locate in Device42** | **Accessed API** | **Information Generated** | +| Cloud Service or Object Name | Where To Locate in Device42 | Accessed API | Information Generated | |-------------------------------|----------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------| -| VMs | Devices --> All Devices | [https://api.linode.com/v4/linode/instances](https://api.linode.com/v4/linode/instances) [https://api.linode.com/v4/linode/instances/[linodeId]/disks](https://api.linode.com/v4/linode/instances/[linodeId]/disks) [https://api.linode.com/v4/linode/instances/[linodeId]/ips](https://api.linode.com/v4/linode/instances/[linodeId]/ips) [https://api.linode.com/?api_action=api.spec](https://api.linode.com/?api_action=api.spec) | Name, type, RAM, OS, HDD serial number and size, IP, etc. | +| VMs | Devices > All Devices | [https://api.linode.com/v4/linode/instances](https://api.linode.com/v4/linode/instances) [https://api.linode.com/v4/linode/instances/[linodeId]/disks](https://api.linode.com/v4/linode/instances/[linodeId]/disks) [https://api.linode.com/v4/linode/instances/[linodeId]/ips](https://api.linode.com/v4/linode/instances/[linodeId]/ips) [https://api.linode.com/?api_action=api.spec](https://api.linode.com/?api_action=api.spec) | Name, type, RAM, OS, HDD serial number and size, IP, and so on | You will need your API key to access Linode: @@ -156,7 +155,7 @@ You will need your API key to access Linode: ![Linode](/assets/images/2015-10-18-linode-1.png) -From Device42, click **Create** on the Cloud Autodiscovery list page and then select **Linode** from the **Type** dropdown menu. Enter your Linode API key by clicking the **+** (plus sign) icon to create a new Device42 [Secret](administration/passwords/index.mdx). +From Device42, click **Create** on the Cloud Autodiscovery list page and then select **Linode** from the **Type** dropdown menu. Enter your Linode API key by clicking the **plus icon** to create a new Device42 [Secret](/administration/passwords/index.mdx). Unknown Devices | v2: `/v2.0/tokens`, `/v2.0/tenants`, `/v2.1//os-hypervisors/detail`, `/v2.1//flavors/detail`, `/v2.1//servers/detail`, v3: `/v3/auth/tokens`, `/v3/projects` | Name, memory, CPU count, IP, MAC, etc. | -| VMs | Devices --> All Devices | Same as above | Type, name, RAM, UUID, IP, MAC, etc. | +| Hosts | Devices > Unknown Devices | v2: `/v2.0/tokens`, `/v2.0/tenants`, `/v2.1//os-hypervisors/detail`, `/v2.1//flavors/detail`, `/v2.1//servers/detail`, v3: `/v3/auth/tokens`, `/v3/projects` | Name, memory, CPU count, IP, MAC, and so on | +| VMs | Devices > All Devices | Same as above | Type, name, RAM, UUID, IP, MAC, and so on | ### Minimum Permission Requirements for OpenStack Discovery @@ -202,11 +201,11 @@ Device42 needs your OpenStack **User Name** (`username@UserDomainID:ProjectDomai -2. When you log in to OpenStack, you'll see the **Overview** screen with a list of projects. - +2. When you log in to OpenStack, the **Overview** screen displays a list of projects. + -3. Enter the name of the project you'd like to access in the Device42 **Project Name** field. +3. Enter the name of the project you want to access in the Device42 **Project Name** field. ### Create an OpenStack Discovery Job @@ -225,24 +224,24 @@ If you disable **Discover all projects/tenants**, then the **Project Name** is r Optionally, you can: -- Add a **Vendor**. Vendors can be user-defined or populated by the EnrichAI feature as part of discovery. +- Add a **Vendor**. Vendors can be user-defined or populated by the data Normalization and Enrichment Service as part of discovery. - Choose a **VRF Group**. All IPs found will be placed in subnets in the chosen VRF group. This is useful if you have duplicate IPs in your internal network. -- Select which **Action for Instance not found** you'd like Device42 to take. If you select **Delete Instance**, then each time this discovery job is run, any devices previously created for this account that aren't found by the latest discovery job will be deleted. This ensures that Device42 remains in sync with Linode. Otherwise, you could have Device42 Cloud Instances (cloud devices) that no longer exist in Linode. +- Select which **Action for Instance not found** Device42 should take. If you select **Delete Instance**, then each time this discovery job is run, any devices previously created for this account that aren't found by the latest discovery job will be deleted. This ensures that Device42 remains in sync with OpenStack. Otherwise, you could have Device42 cloud instances that no longer exist in OpenStack. - Set the **Service Level** of the job to be applied to the discovered items. For example, **Development**, **Deployment**, or **Production**. - Create a regular schedule to determine when the job will run. -Click **Save** and **Run Now** to run the job immediately. You can also run the job manually at any time by clicking the **Run Now** button on the Cloud Autodiscovery list page. +Click **Save** and **Run Now** to run the job immediately. You can also run the job manually at any time by clicking the **Run Now** button on the **Cloud Autodiscovery** list page. * * * ## Oracle Cloud Discovery -**Oracle Cloud Discovery Items** +Device42 discovers Oracle Cloud VMs and subnets. -| **Cloud Service/Object Name** | **Where To Locate in Device42** | **Accessed API** | **Information Generated** | +| Cloud Service or Object Name | Where To Locate in Device42 | Accessed API | Information Generated | |-------------------------------|---------------------------|--------------------------------------------------------------------------------------------------|----------------------------------| -| VMs | Devices --> All Devices | `https://iaas.<>.oraclecloud.com`, `https://identity.<>.oraclecloud.com` | Service name, instance ID, status, location, etc. | -| Subnets | Network --> Subnets | `https://iaas.<>.oraclecloud.com`, `https://identity.<>.oraclecloud.com`| Network, mask, name | +| VMs | Devices > All Devices | `https://iaas.<>.oraclecloud.com`, `https://identity.<>.oraclecloud.com` | Service name, instance ID, status, location, and so on | +| Subnets | Network > Subnets | `https://iaas.<>.oraclecloud.com`, `https://identity.<>.oraclecloud.com`| Network, mask, name | Name the discovery job and select **Oracle Cloud** from the **Type** dropdown menu. Enter details for the following fields: @@ -263,7 +262,7 @@ Name the discovery job and select **Oracle Cloud** from the **Type** dropdown me Optionally, you can: -- Add a **Vendor**. Vendors can be user-defined or populated by the EnrichAI feature as part of discovery. +- Add a **Vendor**. Vendors can be user-defined or populated by the data Normalization and Enrichment Service as part of discovery. - Choose a **VRF Group**. All IPs found will be placed in subnets in the chosen VRF group. This is useful if you have duplicate IPs in your internal network. - Select a **Remote Collector**. - Set the **Service Level** of the job to be applied to the discovered items. For example, **Development**, **Deployment**, or **Production**. diff --git a/docs/auto-discovery/cloud-auto-discovery/workspace-one-eum-airwatch.mdx b/docs/auto-discovery/cloud-auto-discovery/workspace-one-eum-airwatch.mdx index 817fcfa8a..084c1d390 100644 --- a/docs/auto-discovery/cloud-auto-discovery/workspace-one-eum-airwatch.mdx +++ b/docs/auto-discovery/cloud-auto-discovery/workspace-one-eum-airwatch.mdx @@ -1,18 +1,16 @@ --- -title: "Workspace ONE UEM (AirWatch) Autodiscovery" +title: "Workspace ONE UEM (AirWatch) Discovery" sidebar_position: 8 --- import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -Workspace ONE Unified Endpoint Management (UEM), formerly known as VMware AirWatch, is supported by Device42 autodiscovery. +Workspace ONE Unified Endpoint Management (UEM), formerly known as AirWatch, is a mobile device management platform. Device42 discovery retrieves data about the devices and apps managed by your Workspace ONE UEM account, keeping your CMDB updated as a central source of truth. -Create and schedule an autodiscovery job to fetch data about the devices and apps managed by your Workspace ONE UEM account and keep your Device42 CMDB updated as a central source of truth. +This page covers the items discovered, credential setup, and how to create and schedule a Workspace ONE UEM (WS1) discovery job. -This page outlines the discovered items and how to set up and run a Workspace ONE UEM (WS1) autodiscovery job. - -## Workspace ONE UEM Autodiscovery Items +## Workspace ONE UEM Discovery Items Currently, the following data is retrieved: @@ -21,23 +19,25 @@ Currently, the following data is retrieved: - IP and MAC addresses - Installed software and applications -## Create a Workspace ONE Autodiscovery Job +## Create a Workspace ONE UEM Discovery Job -First, create an API key for the user account on the WS1 console. +Before creating the job, create an API key for the user account on the WS1 console. -In Device42, navigate to **Discovery > Cloud** and click **+ Add Cloud Autodiscovery**. +To create the job in Device42: -Under the **Type** dropdown, select **Workspace One**. Provide your account **URL** and paste your WS1 API key in the **Tenant** field. +1. Navigate to **Discovery > Cloud** and click **Create** at the top right of the Cloud Autodiscovery list page. +2. Select **Workspace One** from the **Type** dropdown. +3. Provide your account **URL** and paste your WS1 API key in the **Tenant** field. -### Add Credentials +### Add Credentials Provide your WS1 username and password by creating a secure Secret. Click the **plus icon** next to **Basic credentials** to add a new Secret. @@ -49,9 +49,9 @@ Provide your WS1 username and password by creating a secure Secret. Click the ** }} /> -### Optional Fields +### Workspace ONE UEM Discovery Job Options -Choose how to associate vendor metadata to the autodiscovered items. Under **Add device vendor metadata as**, you can specify **Custom Fields**, **Tags**, or **Do Nothing**. +Choose how to associate vendor metadata to the discovered items. Under **Add device vendor metadata as**, select **Custom Fields**, **Tags**, or **Do Nothing**. -Choose an **Object Category for discovered devices**. If you'd like the object category of existing devices to match the newly selected object, check the **Overwrite existing object categories** box. +Choose an **Object Category for discovered devices**. To update the object category of existing devices to match the newly selected category, check the **Overwrite existing object categories** box. -Add **Tags for discovered devices** to categorize and later help you filter the discovered devices by your chosen tags. +Add **Tags for discovered devices** to categorize and filter the discovered devices. -### Schedule the Autodiscovery Job +### Schedule the Discovery Job -You can automate the autodiscovery process by choosing the day(s) and time(s) that the job will run. +You can automate the discovery process by choosing the day(s) and time(s) that the job will run. -Create multiple jobs using the **+ Add another Autodiscovery Schedule** button. +Add multiple schedules using the **+ Add another Autodiscovery Schedule** button. -### Run Now +### Run the Discovery Job -On saving, you'll have the option to run the job immediately. +After saving, you can run the job immediately. -You can also run the job later by navigating back to the **Cloud Autodiscovery** list page and clicking the **Run Now** button next to the job. +You can also run the job later from the **Cloud Autodiscovery** list page by clicking the **Run Now** button next to the job. diff --git a/docs/auto-discovery/d42-ping-sweep.mdx b/docs/auto-discovery/d42-ping-sweep.mdx index 1162938d8..96dbf9f25 100644 --- a/docs/auto-discovery/d42-ping-sweep.mdx +++ b/docs/auto-discovery/d42-ping-sweep.mdx @@ -6,13 +6,9 @@ sidebar_position: 23 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' +This page is for Device42 administrators who need to perform quick network scans to identify live IP addresses. Device42's Ping Sweep autodiscovery performs a series of pings against specified networks to discover which IPs are live and respond. -## Built-in Ping Sweep Autodiscovery - - -Device42's Ping Sweep autodiscovery performs a series of pings against the specified network(s) for a quick initial discovery of which IPs are live and respond to pings and which are not. - -For the time being, an external standalone [Device42 Ping Sweep utility](https://www.device42.com/autodiscovery/) is still available, but it may be deprecated in the future. See the [Using the External Ping Sweep Utility](#using-the-external-ping-sweep-utility) section below for information on using the standalone tool. +For the time being, an external standalone [Device42 Ping Sweep utility](https://www.device42.com/autodiscovery/) is still available, but it may be deprecated in the future. See the [Use the External Ping Sweep Utility](#use-the-external-ping-sweep-utility) section below for information on using the standalone tool. ## Add or Edit a Ping Sweep Autodiscovery Job @@ -32,7 +28,7 @@ Fill in the job details: 1. Enter a name for the job. 2. In the **Networks:** field, enter a network range using mask bits in slash notation (for example, `192.168.11.0/24`) or hyphenated IP ranges (`192.168.11.1-254`) in Nmap-style syntax. Multiple ranges can be separated via commas, spaces, or new lines. - - By default, the **Add devices by reverse DNS of discovered IP** checkbox is unchecked and unless your DNS setup is perfect, we recommend leaving it unchecked to avoid creating duplicate devices. If you want to use reverse DNS values as device names, check this option. + - By default, the **Add devices by reverse DNS of discovered IP** checkbox is unchecked Leave it unchecked unless you have a properly configured DNS environment to avoid creating duplicate devices. If you want to use reverse DNS values as device names, check this option. - Other options include **Strip domain name suffix** and an option to **Create new subnet for networks not found**. All IP Addresses** from the Device42 menu to display the }} /> -### General Ping Sweep Usage Considerations +### Ping Sweep Usage Considerations -Please add the respective subnets in Device42 before discovering and uploading IP information, otherwise, all IPs will go to an "undefined" subnet. +Add the respective subnets in Device42 before discovering and uploading IP information, otherwise, all IPs will go to an "undefined" subnet. **Ping Sweep considerations and best practices:** - MAC address discovery works only for local LANs. - If the reverse DNS option is selected, discovery will take longer. - Depending on the behavior of your network devices, some subnets or IP addresses will show up as used. For example, as some load balancers reply to pings for every IP on a given range, networks that live behind these load balancers may show up as used. -- Doing a discovery using a wireless card would only discover itself. -- Please note that there's both a built-in Ping Sweep tool and a standalone [external Ping Sweep utility](#using-the-external-ping-sweep-utility) version of the tool that runs as a standalone Windows application. +- Running discovery using a wireless card will only discover the wireless card itself. +- Device42 provides both a built-in Ping Sweep tool and a standalone [external Ping Sweep utility](#use-the-external-ping-sweep-utility) that runs as a Windows application. -## Using the External Ping Sweep Utility +## Use the External Ping Sweep Utility The external Ping Sweep utility is a standalone tool that does a ping sweep on specified networks and uploads the results to the Device42 appliance. It runs on Windows or Linux platforms and has no external dependencies. @@ -92,7 +88,7 @@ The external Ping Sweep utility is a standalone tool that does a ping sweep on s - `d42_pingsweep_linux` - `ping.cfg.sample` - `version.txt` -3. For Windows, you'll need to download the `.exe` file. For Linux, set the `d42_pingsweep_linux` file as executable by running the command: +3. For Windows, use the `.exe` file. For Linux, set the `d42_pingsweep_linux` file as executable by running the command: ```bash $ chmod +x d42_pingsweep_linux ``` @@ -126,7 +122,7 @@ Below is a sample of the `ping.cfg` file: ```
-1. In the **`[settings]`** section, enter the base URL (FQDN or IP) for the Device42 appliance on your network, including credentials. Make sure the credentials have the required access permissions. The minimum required for the user are: +1. In the **`[settings]`** section, enter the base URL (FQDN or IP) for the Device42 appliance on your network, including credentials. Make sure the credentials have the required access permissions. The minimum required permissions are: - Ping Sweep | Can add Ping Sweep - Ping Sweep | Can change Ping Sweep - IP Address | Can add IP Address @@ -138,7 +134,7 @@ Below is a sample of the `ping.cfg` file: - Device | Can add Device - Device | Can change Device -2. In the **`[targets]`** section, enter a network range using mask bits or you can use hyphen ranges (per Nmap syntax). For example, `192.168.11.0/24` for the subnet range or `192.168.11.1-254` for the hyphenated range. Multiple ranges can be separated by spaces. +2. In the **`[targets]`** section, enter a network range using mask bits or hyphen ranges (per Nmap syntax). For example, `192.168.11.0/24` for the subnet range or `192.168.11.1-254` for the hyphenated range. Multiple ranges can be separated by spaces. 3. The **`[options]`** section provides the following options, with explanations in the format **option_name**: explanation = default value @@ -163,12 +159,12 @@ Below is a sample of the `ping.cfg` file: - **`vrfgroup`**: VRF group for discovered subnets = `String` - **`type`**: Static/DHCP/Reserved = `String` -### Run and Schedule Ping Sweep jobs +### Run and Schedule Ping Sweep Jobs You can start the process by running the executable from the command line – root or administrator privileges are required. You can also schedule runs using an operating system task scheduler (like `crontab` or `at`). ### During and After an External Ping Sweep -You'll see a command prompt after you launch the ping sweep. When completed, the status will change to "Finished". If successful, you will see "Success" messages in the status box, and new and updated subnet and IP information in Device42 +You'll see a command prompt after you launch the ping sweep. When completed, the status will change to "Finished". If successful, you will see "Success" messages, and new and updated subnet and IP information in Device42. ![](/assets/images/WEB_695_PS41.png) diff --git a/docs/auto-discovery/database-discovery/cloud-databases.mdx b/docs/auto-discovery/database-discovery/cloud-databases.mdx index 54a431a85..69d6b0975 100644 --- a/docs/auto-discovery/database-discovery/cloud-databases.mdx +++ b/docs/auto-discovery/database-discovery/cloud-databases.mdx @@ -6,13 +6,13 @@ sidebar_position: 1 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## Introduction +Device42 discovery jobs identify and return database instances running on cloud platforms. You can view the resource details, related databases, and topology maps of these items. -Cloud databases are cloud platform database instances identified and returned by Device42 autodiscovery jobs. You can view the resource details, related databases, and topography maps of cloud database items. +This page covers how to view, edit, and delete cloud databases in Device42. ## View Cloud Databases -Select **Resources > Cloud Databases** from the Device42 menu to display the Cloud Databases list page. +Select **Resources > Cloud Databases** from the Device42 menu to display the Cloud Databases list page. Cloud Databases** from the Device42 menu to display the C }} /> -Device42 displays the Cloud Databases list page. On this page, you can **Search by resource name** (1), or filter the list by **Cloud Account -> Cloud Vendor** (2) and **Vendor Resource Subtype** (4). +Use the list page filters to find specific cloud databases: -Click **More Filters** (3) to add additional filters to the search. +- **Search by resource name** (1) +- **Cloud Account > Cloud Vendor** (2) +- **More Filters** (3) for additional filter options +- **Vendor Resource Subtype** (4) -The Cloud Databases list page also includes an **Advanced Search** option for constructing more specific searches. Instructions for this option are available on the [Advanced Search Feature](/getstarted/using-device42/advanced-search-feature.mdx) documentation page. +Use the **Advanced Search** option to construct more specific searches. See the [Advanced Search Feature](/getstarted/using-device42/advanced-search-feature.mdx) page for instructions. -Click **Save** to save your changes or **Cancel** to discard them. +Click **Save** to save your changes or **Cancel** to discard them. ## Delete Cloud Databases -Select one or more databases on the Cloud Databases list page and from the **Actions** dropdown, select **Fast Background Delete**, **Fast Background Archive**, or **Delete with Detailed Confirmation**. +Select one or more databases on the Cloud Databases list page. From the **Actions** dropdown, select **Fast Background Delete**, **Fast Background Archive**, or **Delete with Detailed Confirmation**. Settings > Licensing** to see if the license is enabled. Contact [support@device42.com](mailto:support@device42.com) for licensing assistance. @@ -22,21 +22,21 @@ By default, the target machine ports are defined by the database vendors as foll Dynamic discovery detects which ports to use. Device42 supports MSSQL and Oracle database discovery for customers with database instances configured to listen on non-standard ports, especially on shared database servers that host multiple instances. During database discovery, Device42 will identify and connect via the discovered active listening port. -If you want to specify database discovery details yourself, including the database server port, server IP address, and database access credentials, use [Database Connections Discovery](#database-connections-discovery-jobs) jobs (see below) to discover databases. +If you want to specify database discovery details yourself, including the database server port, server IP address, and database access credentials, use [Database Connections Discovery](#database-connections-discovery-jobs) jobs to discover databases. -### Discovery Exclusions +## Discovery Exclusions -Set discovery exclusions in **Tools > Settings > Global Settings** in the **Discovery Exclusions** section. +Configure discovery exclusions under **Tools > Settings > Global Settings** in the **Discovery Exclusions** section. If you enable the **Ignore DB Login Names** setting, database login names will not be collected during database discovery. -You can also specify interfaces, IP addresses, and MAC addresses to be ignored during discovery. +You can also specify interfaces, IP addresses, and MAC addresses to be ignored during discovery. -## MSSQL Server Database Discovery (on Windows Targets) +## MSSQL Server Database Discovery (on Windows and \*nix Targets) -Microsoft SQL Server (MSSQL) server discovery is supported on discovery targets running Microsoft Windows, although it requires a separate set of credentials to authenticate to the database instance itself. Ensure the discovery credentials have appropriate permissions to view the databases you are interested in discovering. +MSSQL server discovery requires a separate set of credentials to authenticate to the database instance. Ensure the discovery credentials have appropriate permissions to view the databases you want to discover. -Device42 supports autodiscovery on Windows and \*nix platforms for the following MSSQL versions: +Device42 supports discovery on Windows and \*nix platforms for the following MSSQL versions: - MSSQL 2005 - MSSQL 2008 @@ -48,7 +48,7 @@ Device42 supports autodiscovery on Windows and \*nix platforms for the following ### Minimum Permissions Requirements for MSSQL Discovery -To query the tables below, please ensure you have **View Server State** permissions. For the discovery to return detailed information about your database instance, you need read permissions to the following system views: +To query the tables below, ensure you have **View Server State** permissions. For discovery to return detailed information about your database instance, you need read permissions to the following system views:
  • `sys.dm_exec_connections`
  • `sys.dm_exec_sessions`
  • `sys.databases`
  • `sys.master_files`
  • `sys.tables`
  • `sys.dm_os_sys_info`
  • `sys.dm_os_sys_memory`
  • `sys.all_objects`
@@ -61,13 +61,15 @@ GRANT VIEW ANY DEFINITION TO [discovery_user]; GO ``` -**Note**: The discovery user must belong to the administrator’s user group to discover databases successfully. +:::note +The discovery user must belong to the administrator's user group to discover databases successfully. +::: -### Set Up Your MSSQL Discovery Job +### Set Up an MSSQL Discovery Job -Create a new Windows discovery job under **Discovery > HyperVisors /\*nix /Windows** to discover MSSQL databases running on Windows. +Create a new discovery job under **Discovery > HyperVisors /\*nix /Windows** to discover MSSQL databases. Use a Windows or \*nix job type depending on your target platform. -Enable database discovery by checking the **Collect database server information** checkbox. +Enable database discovery by checking the **Collect database server information** checkbox. -- **Discovery Target(s) Credential(s):** Credentials for authenticating to the Windows server. You can enter an ordered list of preferred **Discovery Target(s) Credential(s)**. When the job runs, it will use the credentials in the order that you entered them, stopping at the first successful authentication. Subsequent job runs use the last successful credential and then the remaining credentials in the ordered list. +- **Discovery Target(s) Credential(s):** Credentials for authenticating to the Windows server. You can enter multiple credentials in a preferred order. The job tries each credential in order and stops at the first successful authentication. Subsequent runs start with the last successful credential. -Run the autodiscovery job to test it by clicking **Run Now** from the autodiscovery jobs list. +Run the discovery job to test it by clicking **Run Now** from the discovery jobs list. As MSSQL databases are detected, discovery will import a list of all the instances, databases, and connection details it finds. @@ -113,15 +115,9 @@ You can see the status of the discovery job on the job setup page. Scroll down t }} /> -### View Your MSSQL Discovery Job Results - -Once the job finishes, there are multiple ways to view the results of your database discovery. +### View MSSQL Discovery Job Results -### Access Your Results Through the Discovered MSSQL Application Components - -The most direct method for viewing the discovered database details is via the discovered MSSQL application components themselves. - -Navigate to the Device42 main menu and go to **Applications > Application Components**. If you don't see your SQL Server instances at the top of the list, you can search for "SQL" to narrow down the list. +Once the job finishes, there are multiple ways to view the results. The most direct method is to view the discovered MSSQL application components. Navigate to **Applications > Application Components**. If you don't see your SQL Server instances at the top of the list, search for "SQL" to narrow down the list. You can see the newly discovered SQL Server instances in the example below. Click on the **Name** of one of the application components to view more details. @@ -145,11 +141,11 @@ sources={{ For a rundown of the database details that discovery provides, jump to the [**Available SQL Database Instance Information**](#available-sql-database-instance-information) section. -### Another Way To View SQL Database Details +### View SQL Database Details From the Device Record -Results are also available by browsing to the discovered Windows server instance's CI; either search for the device from the dashboard, via **Devices > All Devices**, go to **Analytics > Discovery Scores** and search for your discovery job, or navigate to your discovery job results page and access the servers from there. +You can also view results by navigating to the discovered Windows server instance's CI. Search for the device from the dashboard, via **Devices > All Devices**, or go to **Analytics > Discovery Scores** and search for your discovery job. -- Click the success number to go to the Discovery Scores page and quickly see the newly discovered items. +- Click the success number to go to the Discovery Scores page and see the newly discovered items. -- Click the links under the **Object** column to view the server details. +- Click the links under the **Object** column to view the server details.
  • V$SESSION
  • V$DATABASE
  • V$CONTAINERS
  • DBA_SEGMENTS
  • DBA_OBJECTS
  • SYS.ALL_USERS
  • DATABASE_COMPATIBLE_LEVEL
  • SYS.PRODUCT_COMPONENT_VERSION
+
  • V$SESSION
  • V$DATABASE
  • V$CONTAINERS
  • DBA_SEGMENTS
  • DBA_OBJECTS
  • SYS.ALL_USERS
  • DATABASE_COMPATIBLE_LEVEL
  • SYS.PRODUCT_COMPONENT_VERSION
To get information about pluggable databases (PDBs) within an Oracle container database (CDB), two key permission configurations are required for non-DBA users: -- SELECT permission on the V$CONTAINERS view. +- SELECT permission on the `V$CONTAINERS` view. - Set `container_data=all container=current` for context configuration. For example: ```sql @@ -286,9 +284,9 @@ To get information about pluggable databases (PDBs) within an Oracle container d ### System-Level Permissions -In addition to the minimum DB-level permissions above, discovery also needs shell access to the target system to run OS-level commands to get information about the Oracle environment. +In addition to the minimum DB-level permissions above, discovery needs shell access to the target system to run OS-level commands to gather information about the Oracle environment. -For example, shell access is needed to read the `tnsames.ora` file, which contains network connection details: +For example, shell access is needed to read the `tnsnames.ora` file, which contains network connection details: ```bash /usr/bin/cat: /dbprog/oracle/product/19.3.0.0.26/network/admin/tnsnames.ora @@ -300,7 +298,7 @@ Another example is the `lsnrctl status` command, which checks the status of the oracle -c 'lsnrctl status' ``` -To allow Device42 to run these commands securely, you can grant limited `sudo` access by adding the following to the `/etc/sudoers` file or by creating a separate `sudoers` file for Device42 Oracle discovery: +To allow Device42 to run these commands securely, grant limited `sudo` access by adding the following to the `/etc/sudoers` file or by creating a separate sudoers file for Device42 Oracle discovery:
Click to expand the code block @@ -331,9 +329,9 @@ Cmnd_Alias DEVICE42_ORACLE_RAC = \ ```
-### Set Up Your Oracle Discovery Job +### Set Up an Oracle Discovery Job -To begin discovering your Oracle databases, navigate to **Discovery > HyperVisors /\*nix /Windows**. Create a new discovery job for Windows or \*nix (or both) targets, and be sure to check the **Collect database server information** checkbox. +To discover Oracle databases, navigate to **Discovery > HyperVisors /\*nix /Windows**. Create a new discovery job for Windows or \*nix (or both) targets and check the **Collect database server information** checkbox. -### Oracle CDB/PDB Matching Process and Regular Processing Procedures +### Oracle CDB/PDB Matching Process -An Oracle database instance is created for each Container Database (CDB) and Pluggable Database (PDB), even in cases where they share the same endpoint listener. +An Oracle database instance is created for each Container Database (CDB) and Pluggable Database (PDB), even when they share the same endpoint listener. -We attempt to match any root database instance (CDB) with the same endpoint as our incoming resource (CDB or PDB). If we find a root database instance (CDB), we try to locate all related child databases (PDBs) for it and iterate through all of the child records. If any child database name matches the name of the incoming resource, we identify this database instance as the same as the incoming one and update the existing record with the new incoming resource data. +Device42 attempts to match any root database instance (CDB) with the same endpoint as the incoming resource (CDB or PDB). If a root database instance (CDB) is found, Device42 locates all related child databases (PDBs) and iterates through the child records. If any child database name matches the name of the incoming resource, that database instance is identified as the same and the existing record is updated with the new incoming resource data. -If we can't find any child database instance resources, we match the resource to the root resource. If there's no match to the root resource, we proceed with regular processing. +If no child database instance resources are found, the resource is matched to the root resource. If there is no match to the root resource, regular processing proceeds. -We don't aim to match orphaned PDBs to the CDB if a fresh CDB is incoming. +Orphaned PDBs are not matched to a CDB if a fresh CDB is incoming. If a candidate database instance is detected to be a child of a CDB, the matching process is skipped. -If a candidate database instance is detected to be a child of a CDB, we skip the matching process. +### Oracle User Discovery Details -### Oracle User Discovery Updates +The Device42 UI displays: -We've made the following changes to the UI: +1. **Database Instance Name** under the identifier (generally the service name). +2. **Database/Schema** showing only schemas with attached objects for Oracle. -1. Added **Database Instance Name** under the identifier (generally the service name). -2. Renamed **Database** to **Database/Schema** and only show ones with attached objects for Oracle. +Device42 discovers Oracle users that have at least one associated database object, ignoring empty user schemas. As a result, some Oracle database connections may not appear under specific user schemas. These database connections map to the main database instance instead of a specific **Database/Schema** resource. Key details like the user login and schema names are still preserved in the database instance details. -We previously gathered all Oracle users and collected them as "Device42 Databases." Then, we only retrieved Oracle users that had at least one associated database object, and from there, we implemented changes to ignore user schemas. As a result, some Oracle database connections may no longer show under specific user schemas. These 'orphaned' database connections now map to the main database instance, instead of mapping to a specific **Database/Schema** resource. While they’re not linked to individual schemas anymore, key details like the user login and schema names are still preserved in the database instance details. +## PostgreSQL Database Discovery (on \*nix Targets) -## PostgreSQL Database Discovery (on \*nix targets) - -Device42 offers PostgreSQL database discovery for \*nix discovery targets, although it requires a separate set of credentials to authenticate to the database instance itself. Ensure these additional credentials have the appropriate permissions for viewing the databases you are interested in discovering. +PostgreSQL database discovery is supported for \*nix targets and requires a separate set of credentials to authenticate to the database instance. Ensure these credentials have the appropriate permissions for viewing the databases you want to discover. ### Minimum Permissions Requirements for PostgreSQL Discovery -For discovery to return detailed information about your database instance, you will need access to the following tables: +For discovery to return detailed information about your database instance, you need access to the following tables: * `pg_database` (table) * `pg_tablespace` (table) * `pg_stat_activity` (table) * `⁠inet_server_addr()` (function) -### Set Up Your PostgreSQL Discovery Job +### Set Up a PostgreSQL Discovery Job -To begin discovering your PostgreSQL databases, create a new discovery job for \*nix targets, and be sure to enable database discovery by checking the **Collect database server information** checkbox. +To discover PostgreSQL databases, create a new discovery job for \*nix targets and check the **Collect database server information** checkbox. Fill out both sets of credentials: -- **Database Username / Password(s):** These credentials are used to authenticate to the Postgres database. -- **Discovery Target(s) Credential(s):** These credentials are used to authenticate to the \*nix server. +- **Database Username / Password(s):** Credentials to authenticate to the Postgres database. +- **Discovery Target(s) Credential(s):** Credentials to authenticate to the \*nix server. -You can enter an ordered list of preferred **Discovery Target(s) Credential(s)** when you create a database discovery job. When the job runs, it will use the credentials in the order that you entered them, stopping at the first successful authentication. Subsequent job runs use the last successful credential and then the remaining credentials in the ordered list. +You can enter multiple credentials in a preferred order. The job tries each credential in order and stops at the first successful authentication. Subsequent runs start with the last successful credential. -## DB2 Discovery (on \*nix targets) +## DB2 Discovery (on \*nix Targets) -DB2 database discovery is for \*nix discovery targets and requires a separate set of credentials to authenticate to the database instance itself. Ensure these credentials have the appropriate permissions for viewing the databases you are interested in discovering. +DB2 database discovery is supported for \*nix targets and requires a separate set of credentials to authenticate to the database instance. Ensure these credentials have the appropriate permissions for viewing the databases you want to discover. ### Permissions for DB2 Discovery -For discovery to return detailed info about your database instance, you will require the following permissions: +For discovery to return detailed information about your database instance, you need the following permissions: **1. Privileges for ENV_SYS_INFO:** @@ -561,7 +557,7 @@ For discovery to return detailed info about your database instance, you will req **6. Privileges for Monitoring:** - **EXECUTE** privilege on the `MON_GET_CONNECTION`. - - One of the following authorities: `DATAACCESS`, `DBADM`, or `SQLADM`. + - One of the following authorities: **DATAACCESS**, **DBADM**, or **SQLADM**. **7. Privileges for Routines:** @@ -582,17 +578,16 @@ For discovery to return detailed info about your database instance, you will req - **SYSCTRL** - **SYSADM** +### Set Up a DB2 Discovery Job -### Set Up Your DB2 Discovery Job - -To begin discovering your DB2 databases, create a new discovery job for \*nix targets, and be sure to enable database discovery by checking the **Collect database server information** checkbox. +To discover DB2 databases, create a new discovery job for \*nix targets and check the **Collect database server information** checkbox. -Be sure to fill out both sets of credentials. +Fill out both sets of credentials: -- **Database Username / Password(s):** These credentials are used to authenticate to the DB2 database. -- **Discovery Target(s) Credential(s):** These credentials are used to authenticate to the \*nix server itself. +- **Database Username / Password(s):** Credentials to authenticate to the DB2 database. +- **Discovery Target(s) Credential(s):** Credentials to authenticate to the \*nix server. -You can enter an ordered list of preferred **Discovery Target(s) Credential(s)** when you create a database discovery job. When the job runs, it will use the credentials in the order that you entered them, stopping at the first successful authentication. Subsequent job runs use the last successful credential and then the remaining credentials in the ordered list. +You can enter multiple credentials in a preferred order. The job tries each credential in order and stops at the first successful authentication. Subsequent runs start with the last successful credential. Autodiscovery >Database** from the main menu to display the **Database Discoveries** list page. +Follow these steps to create and configure a database connections discovery job: + +- Select **Discovery > Autodiscovery > Database** from the main menu to display the **Database Discoveries** list page. -

- Click on the job you want to view in the **Discovery Target** column. You can use the search bar and filters to find a specific database or narrow down your results. @@ -710,7 +706,6 @@ You can view **Discovery Scores** for the database jobs that have been run. dark: useBaseUrl('/assets/images/database-discovery/discovery-scores-page-19.06-dark.png'), }} /> -

- Click **Detailed Discovery Scores** to see additional information. @@ -721,7 +716,6 @@ You can view **Discovery Scores** for the database jobs that have been run. dark: useBaseUrl('/assets/images/database-discovery/discovery-scores-oracle-19.06-dark.png'), }} /> -

### View Discovered Databases diff --git a/docs/auto-discovery/database-discovery/on-premise-databases.mdx b/docs/auto-discovery/database-discovery/on-premise-databases.mdx index 58500ec30..f74200129 100644 --- a/docs/auto-discovery/database-discovery/on-premise-databases.mdx +++ b/docs/auto-discovery/database-discovery/on-premise-databases.mdx @@ -6,12 +6,13 @@ sidebar_position: 2 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' +On-premises (on-prem) databases are non-cloud database instances identified and returned by Device42 discovery jobs. You can view the discovered on-prem database details, edit fields, and manage related resources. -On-premise (on-prem) databases are non-cloud database instances identified and returned by Device42 autodiscovery jobs. You can view the discovered on-prem database details and related resources. +This page covers how to view, edit, delete, and associate on-prem databases with Business Services. ## View On-Prem Databases -Select **Resources > Databases > On-Prem Databases** from the Device42 menu to display the on-prem databases list. +Select **Resources > Databases > On-Prem Databases** from the main menu. Databases > On-Prem Databases** from the Device42 menu to light: useBaseUrl('/assets/images/on-premise-databases/on-prem-menu-19.06-light.png'), dark: useBaseUrl('/assets/images/on-premise-databases/on-prem-menu-19.06-dark.png'), }} -/>  +/> -On the on-prem databases list page, you can **Search by resource name, host, database type**, filter the list by **Database Type**, and add **More Filters** to narrow your results. +Use the list page filters to find specific databases: + +- **Search by resource name, host, database type** +- **Database Type** filter +- **More Filters** for additional filter options   +/> -Click on an on-prem database name to see the details about that database. +Click an on-prem database name to see its details.   +/> + +## Edit On-Prem Databases -Click edit to change some of the on-prem database details: **Database Instance Application Component**, **Custom Fields**, **Notes**, **Tags**, and **Service Level**. +From the database details page, click **Edit** to modify the following fields: **Database Instance Application Component**, **Custom Fields**, **Notes**, **Tags**, and **Service Level**.   +/> ## Delete On-Prem Databases -You can delete on-prem databases. On the on-prem databases list page, select one or more database instances, and select **Fast Background Delete**, **Fast Background Archive**, or **Delete with Detailed Confirmation** from the **Actions** dropdown menu. +Select one or more database instances on the on-prem databases list page. From the **Actions** dropdown menu, select **Fast Background Delete**, **Fast Background Archive**, or **Delete with Detailed Confirmation**.    +/> Confirm or cancel the deletion when prompted. @@ -71,11 +78,11 @@ Confirm or cancel the deletion when prompted. light: useBaseUrl('/assets/images/on-premise-databases/delete-confirmation-19.06-light.png'), dark: useBaseUrl('/assets/images/on-premise-databases/delete-confirmation-19.06-dark.png'), }} -/>   +/> -## Add an On-Prem Database to a Business Application +## Add an On-Prem Database to a Business Service -You can add an on-prem database to an existing or new [Business Service](apps/business-services/index.mdx). On the on-prem databases list page, select one or more database instances, choose **Add to Business Application** from the **Actions** dropdown menu. +You can add an on-prem database to an existing or new [Business Service](/apps/business-services/index.mdx). Select one or more database instances on the on-prem databases list page and choose **Add to Business Service** from the **Actions** dropdown menu.    +/> -Select a **Business Service name** from the drop-down list or click the plus sign to create a new Business Service. Click **Add selected On-Prem Database to Business Service** to confirm. +Select a **Business Service name** from the dropdown list or click the **plus icon** to create a new Business Service. Click **Add selected On-Prem Database to Business Service** to confirm.    +/> diff --git a/docs/auto-discovery/enrichai-data/enrichai-opt-out.mdx b/docs/auto-discovery/enrichai-data/enrichai-opt-out.mdx deleted file mode 100644 index 086581262..000000000 --- a/docs/auto-discovery/enrichai-data/enrichai-opt-out.mdx +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: "EnrichAI Opt Out" -sidebar_position: 100 ---- - -import ThemedImage from '@theme/ThemedImage' -import useBaseUrl from '@docusaurus/useBaseUrl' - -This section demonstrates how to disable EnrichAI Data, the Device42 service that enhances data from device discoveries. - -:::note -Please note that if you rediscover previously enriched data, you will lose that data until you opt back in to the EnrichAI Data cloud service. -::: - -Take the following steps to opt out of the EnrichAI Data service: - -Select **Tools > Cloud Services** to display the Cloud Services page. - - - -This page shows the status of your cloud services. - -- In the example below, **EnrichAI** has been **Enabled**. To disable this feature, click **Edit**. - - - -- In the Edit view, you are presented with the option to opt out of the EnrichAI Data service, as highlighted below. Click **disable** to do so. - - - -- The **Disable EnrichAI** dialog gives you the option to **Disable** or **Cancel**. Select **Disable** to opt out of the EnrichAI Data service and return to the Edit view. - - - -- The **EnrichAI** is now **Disabled**. You can **Save** your changes in the bottom-right corner of the page. - - - -You can follow the same steps to opt back in to the EnrichAI Data service. After re-enabling, we recommend rerunning your discovery jobs to ensure your data is enriched. diff --git a/docs/auto-discovery/enrichai-data/_category_.yml b/docs/auto-discovery/enriched-data/_category_.yml similarity index 67% rename from docs/auto-discovery/enrichai-data/_category_.yml rename to docs/auto-discovery/enriched-data/_category_.yml index 4dbff740a..923cec6f6 100644 --- a/docs/auto-discovery/enrichai-data/_category_.yml +++ b/docs/auto-discovery/enriched-data/_category_.yml @@ -1,4 +1,4 @@ position: 100 -label: 'Enrich AI Data' +label: 'Enriched Data' collapsible: true collapsed: true diff --git a/docs/auto-discovery/enriched-data/enriched-data-opt-out.mdx b/docs/auto-discovery/enriched-data/enriched-data-opt-out.mdx new file mode 100644 index 000000000..225f0a436 --- /dev/null +++ b/docs/auto-discovery/enriched-data/enriched-data-opt-out.mdx @@ -0,0 +1,73 @@ +--- +title: "Enriched Data Opt Out" +sidebar_position: 100 +--- + +import ThemedImage from '@theme/ThemedImage' +import useBaseUrl from '@docusaurus/useBaseUrl' + +You can disable the data Normalization and Enrichment Service if you no longer want Device42 to enrich data from device discoveries. This page walks through the steps to opt out and opt back in. + +:::note +If you rediscover previously enriched data, you will lose that data until you opt back in to the Enriched Data cloud service. +::: + +## Disable the Enriched Data Service + +To opt out of the Enriched Data service: + +1. Select **Tools > Cloud Services** to display the Cloud Services page. This page shows the status of your cloud services. + + + +2. Find the **EnrichAI** entry showing **Enabled** and click **Edit**. + + + +3. In the Edit view, click **Disable**. + + + +4. In the **Disable EnrichAI** dialog, select **Disable** to confirm. Select **Cancel** to return without changes. + + + +5. The **EnrichAI** status is now **Disabled**. Click **Save** in the bottom-right corner of the page. + + + +## Re-Enable the Enriched Data Service + +Follow the same steps to opt back in to the Enriched Data service. After re-enabling, rerun your discovery jobs to ensure your data is enriched. diff --git a/docs/auto-discovery/enrichai-data/index.mdx b/docs/auto-discovery/enriched-data/index.mdx similarity index 63% rename from docs/auto-discovery/enrichai-data/index.mdx rename to docs/auto-discovery/enriched-data/index.mdx index c0d6acf2e..c6c1b0dca 100644 --- a/docs/auto-discovery/enrichai-data/index.mdx +++ b/docs/auto-discovery/enriched-data/index.mdx @@ -1,16 +1,18 @@ ---- -title: "EnrichAI Data" +\--- +title: "Enriched Data" sidebar_position: 99 --- import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -EnrichAI is a Device42 cloud-based service for enhancing discovered data. Device42 supports the enrichment of software applications, operating systems (OS), and vendor that are discovered by Device42 Autodiscovery. +The data Normalization and Enrichment Service is a Device42 cloud-based service that cleanses and enhances the software, operating system (OS), and vendor data collected by Device42 discovery. It replaces raw discovered values with standardized names and version numbers, and adds extended fields such as product categories and support lifecycle dates. + +This page describes the enriched data fields, how the service collects and processes data, connectivity requirements, and the Enriched Data interface. ## Data Fields -The EnrichAI data service take the vendor name, product name, and version number fields as populated by the product vendor and uses it to replace those values with cleansed and normalized values. In addition, it adds values for an extended set of fields, like categories and support lifecycle dates. The enriched data is mined from validated, authoritative, public sources to ensure accuracy. +The Enriched Data service takes the vendor name, product name, and version number fields as populated by the product vendor and replaces them with cleansed and normalized values. The enriched data is mined from validated, authoritative, public sources to ensure accuracy. The following is a partial list of enriched fields: @@ -33,13 +35,12 @@ The following is a partial list of enriched fields: | OS Family | The OS release family (Linux, Windows, etc.) | | OS Edition | The edition of the OS (Enterprise, Datacenter, etc.) | | OS Version Number | The general version number of the release | -| OS Family | The OS release family (Linux, Windows, etc.) | | Service Pack | The service pack level of the OS release | -| Key Support Dates | See the details for the available date fields in the table below | +| Key Support Dates | See [Key Support Dates](#key-support-dates) below | -The **OS Architecture: 32 vs 64 bit** field is no longer part of EnrichAI Data. The 32- and 64-bit architectures have been coalesced into a single entry, since the architecture does not affect OS dates, licensing, patches, or risk profiles. +The **OS Architecture: 32 vs 64 bit** field is no longer part of Enriched Data. The 32- and 64-bit architectures have been merged into a single entry, as the architecture does not affect OS dates, licensing, patches, or risk profiles. -### Software Attributes +### Software Attributes | Field | Description | |---------------------|---------------------------------------------------------------| @@ -51,7 +52,7 @@ The **OS Architecture: 32 vs 64 bit** field is no longer part of EnrichAI Data. | Version | The full version number including major, minor, patch, and build values (using [Semantic Versioning](https://semver.org/)) | | Service Pack | The service pack level of the software release | | Category | The product category this software application belongs to | -| Key Support Dates | See the details for the available date fields in the table below | +| Key Support Dates | See [Key Support Dates](#key-support-dates) below | ### Key Support Dates @@ -63,23 +64,25 @@ The **OS Architecture: 32 vs 64 bit** field is no longer part of EnrichAI Data. | End of Life Date | When the release will no longer receive security/vulnerability updates | | End of Support Date | When mainstream support will no longer be available | | Extended End of Support Date | When extended support will no longer be available | -| End Of Maintenance Date | When non-security patches will no longer be released under standard maintenance agreement | -| Extended End Of Maintenance Date | When non-security patches will no longer be released under extended maintenance agreement | +| End of Maintenance Date | When non-security patches will no longer be released under standard maintenance agreement | +| Extended End of Maintenance Date | When non-security patches will no longer be released under extended maintenance agreement | :::note -Depending on the vendor's published information, EnrichAI Data may not populate all or any of the date fields. +Depending on the vendor's published information, Enriched Data may not populate all or any of the date fields. ::: -## EnrichAI Data Collection +## Enriched Data Collection -When EnrichAI Data is enabled, the device data collected during discovery jobs is queued, batched, and sent via HTTPS to the EnrichAI Data service, where it is processed in background tasks to prevent negative system impact. When EnrichAI finds a match, it responds with enriched data. All enriched data is displayed on the Analytics > EnrichAI Data page; depending on the number of requests in the queue and system load, this data may not be immediately visible. +When Enriched Data is enabled, device data collected during discovery jobs is queued, batched, and sent via HTTPS to the Enriched Data service. The service processes requests in background tasks to prevent negative system impact. When it finds a match, it responds with enriched data. All enriched data is displayed on the **Analytics > EnrichAI Data** page. Depending on the number of requests in the queue and system load, this data may not be immediately visible. -When presented with a new or unique data entry, the EnrichAI service may need to perform a background check with authoritative sources to identify any new or changed data that can be displayed on the next discovery for that device. As such, each discovery is validated by the EnrichAI Data service to ensure the discovered values are correct and up to date. No data sent to EnrichAI contains identifiable information, such as hostnames, IP addresses, or MAC addresses. Below is a sample of the payload: +When presented with a new or unique data entry, the Enriched Data service may need to perform a background check with authoritative sources to identify new or changed data. This data is then displayed on the next discovery for that device. Each discovery is validated by the service to ensure discovered values are correct and up to date. + +No data sent to the Enriched Data service contains identifiable information, such as hostnames, IP addresses, or MAC addresses. Below is a sample of the payload:
Click to expand the code block -```js +```json [ { "client_id": "D42", @@ -140,28 +143,26 @@ When presented with a new or unique data entry, the EnrichAI service may need to
-## EnrichAI Data Connectivity +## Enriched Data Connectivity -Please do the following to ensure connectivity with EnrichAI Data: +Do the following to ensure connectivity with the Enriched Data service: -1. Configure the Cloud Connector and check that it is reachable. -2. Make sure the EnrichAI Data endpoints are reachable, including the registration endpoint: +1. Configure the **Cloud Connector** and check that it is reachable. +2. Make sure the Enriched Data endpoints are reachable, including the registration endpoint: - `https://registration.device42.com` - `https://crs.device42.io/` - `https://enrichai.device42.io/api/normalizations` 3. Register the license online. -4. For enrichment of Software, the Software Enrichment license needs to be listed as Enabled under Tools > Licensing. - -Device42 [InsightsAI](/reports/device42-doql/insightsai.mdx) generates queries based on natural language prompts. The prompts you enter are sent to the `ai42.device42.io` endpoint. +4. For software enrichment, the Software Enrichment license must be listed as **Enabled** under **Tools > Licensing**. -## Using the EnrichAI Data Interface +## Enriched Data Interface -Select **Analytics > EnrichAI Data** to display the EnrichAI Data list page. +Select **Analytics > EnrichAI Data** to display the Enriched Data list page. EnrichAI Data** to display the EnrichAI Data list page. style={{ width: '90%' }} /> -Click the **Enriched Value** link to view the data record. If desired, you can click the **Lock** button on an EnrichAI data record to prevent Device42 from updating it in the future. +Click the **Enriched Value** link to view the data record. Click the **Lock** button on an Enriched Data record to prevent Device42 from updating it in the future. -Device42 currently displays additional information generated by EnrichAI Data on enriched vendor and OS view pages. You can identify enriched vendors by the **AI icon** included next to their names on the vendor list page (under **Infrastructure > Vendors**). +Vendor and OS view pages display additional information generated by the Enriched Data service. You can identify enriched vendors by the **AI icon** next to their names on the vendor list page (under **Infrastructure > Vendors**). -The image below shows a vendor view page with enriched data. Enriched data is also available via API and Device42 Object Query Language (DOQL) in the vendor and device OS DOQL views. +Enriched data is also available via API and Device42 Object Query Language (DOQL) in the vendor and device OS DOQL views. HyperVisors / \*nix / Windows**. - -Create a new discovery job, and select **IBM i/AS400** as the **Platform**. - - - -:::caution -Do not set up an autodiscovery scan using critical production account credentials! Please create a separate, dedicated account to use only for discovery. - -Account lock-out could result in an otherwise avoidable outage depending on your permissions and configured password policies. You as a customer are responsible for any such behavior. -::: - -## IBM System i/AS400 Discovery Fields - -The following fields are available for configuration when creating a new i/AS400 autodiscovery job: - -- **Job Name:** Enter a name of your choosing to identify the IBM i/AS400 autodiscovery job. -- **Remote Collector:** Optionally, specify a remote collector from which to run discovery instead of the main appliance. -- **Platform:** Select **IBM i/AS400**. -- **Discovery Target(s):** Specify the FQDN or IP address of the IBM i/AS400 to discover. If using FQDN, ensure Device42 is set up to resolve DNS. Note that you can configure the DNS in your VM console under option **1**. -- **Port:** Only change this if you have a custom listening port configuration. IBM i/AS400 discovery uses port 23 by default. -- **Discovery Target(s) Credential(s):** Specify a username with permissions on your IBM i/AS400 machine. -- **Debug Level:** Turn debug on for extra troubleshooting output. This is useful for support tickets. -- **ADM Sampling Interval:** Leave off or choose an interval in minutes or hours. -- **Discover Using FTP:** Run the discovery through FTP instead of Telnet. Selecting this option reveals the FTPS option: - - **Discover Using FTPS:** Use FTPS (FTP Secure) to enable secure communication with AS/400 systems. - - - -- **Timeout:** Specify the maximum time in seconds per command for performing a Telnet discovery. If there are connection issues or slow loading time, increasing the timeout may yield better results. - - - -- **Last Job Status:** This displays the status of the last discovery or task run. -- **Job Run Report:** This records changes made in the last task. -- **Schedule for autodiscovery:** The discovery job can be scheduled to run automatically. -- **Discover Lines of Code**: If selected under the **Software and Applications** section, a script will run to collect the total lines of code on the machine. If used, we recommend increasing the max timeout of the discovery to five minutes or more. +## AS400 Autodiscovery Items - +Discovery gathers the following information on the AS400 midrange compute platform: -### How FTP Discovery Works - -Using FTP, Device42 creates a directory on the targeted server named **D42TEST**. -- Device42 then uploads our CL/RPG programs to the server, transfers them to the QTEMP folder, and runs them. -- After the CL/RPG programs have run, Device42 transfers the output files back to **D42TEST** and parses them on the remote collector. -- Finally, Device42 removes all files placed or created on the server and disconnects. +- **Hardware Inventory** — including hostname(s), IP & MAC addresses, hardware specifications, and OS information. +- **Dependencies** +- **Services** +- **Service connections** -**Advantages over Telnet discovery:** +Sample IBM i/AS400 discovery output: -- FTP discovery does not rely on anything other than the permissions to place or delete files. With Telnet, customization could disrupt the flow and end the discovery. -- FTP discovery requires less total communication with the server, resulting in much faster run times if there is any slowness on the targeted server or the network. +![IBMi - AS400 discovery output sample data](/assets/images/IBMi-as400_sample_output.png) -Due to limitations, Device42 discovery needs to be able to create the directory **D42TEST**. Only the items that were placed or created during discovery will be removed. If an unexpected file is in that directory, the discovery will most likely fail. If discovery fails, please work with your AS400 Server administrator to remove the directory. -## Setting IBM i/AS400 Permissions +## Set IBM i/AS400 Permissions -Have your AS400 admin run the following command to configure IBM i/AS400 permissions requirements: +Ask your AS400 admin run the following command to configure IBM i/AS400 permissions requirements: ``` CRTUSRPRF USRPRF($USERNAME$) PASSWORD($YOURPASSWORD$) USRCLS(*SECOFR) SPCAUT(*ALLOBJ *JOBCTL) @@ -119,38 +49,84 @@ In the above IBM i/AS400 command: - Substitute `$USERNAME$` with the profile name of your choice. - Substitute `$YOURPASSWORD$` with a strong password of your choice. +- In `USRCLS(*SECOFR)`, `*SECOFR` may be substituted with `*USER` or `*PGMR` if desired. However, if you choose `*USER`, this option will prevent some software from being discovered. For complete discovery access, choose an option higher than `*USER`. + +For Telnet discovery, please ensure that the created user has the default initial menu (`MAIN`). Customized menus may cause issues when running the discovery. + +:::caution +Do not set up an autodiscovery scan using critical production account credentials. Create a separate, dedicated account to use only for discovery. -:::note -In `USRCLS(*SECOFR)`, `*SECOFR` may be substituted with `*USER` or `*PGMR` if desired. However, if you choose `*USER`, this option will prevent some software from being discovered. For complete discovery access, choose an option higher than `*USER`. +Account lockout could result in an otherwise avoidable outage depending on your permissions and configured password policies. ::: -For Telnet discovery, please ensure that the created user has the default initial menu (`MAIN`). Customized menus may cause issues when running the discovery. +## Create an IBM i/AS400 (Mid-Range) Discovery Job -## AS400 Autodiscovery Details +To add a new IBM i/AS400 discovery job, head to the main menu and select **Discovery > HyperVisors / \*nix / Windows**. -**What information does discovery gather on the AS400 midrange compute platform?** +Create a new discovery job, and select **IBM i/AS400** as the **Platform**. -- **Hardware Inventory** — including hostname(s), IP & MAC addresses, hardware specifications, and OS information. -- **Dependencies** -- **Services** -- **Service connections** + -Sample IBM i/AS400 discovery output: +### IBM System i/AS400 Discovery Options -![IBMi - AS400 discovery output sample data](/assets/images/IBMi-as400_sample_output.png) +The following fields are available for configuration when creating a new i/AS400 autodiscovery job: -## AS400 Limitations +| Field | Description | +|-------|-------------| +| **Job Name** | Enter a name of your choosing to identify the IBM i/AS400 autodiscovery job. | +| **Remote Collector** | Optionally, specify a remote collector from which to run discovery instead of the main appliance. | +| **Platform** | Select **IBM i/AS400**. | +| **Discovery Target(s)** | Specify the FQDN or IP address of the IBM i/AS400 to discover. If using FQDN, ensure Device42 is set up to resolve DNS. Note that you can configure the DNS in your VM console under option **1**. | +| **Port** | Only change this if you have a custom listening port configuration. IBM i/AS400 discovery uses port 23 by default. | +| **Discovery Target(s) Credential(s)** | Specify a username with permissions on your IBM i/AS400 machine. | +| **Debug Level** | Turn debug on for extra troubleshooting output. This is useful for support tickets. | +| **ADM Sampling Interval** | Leave off or choose an interval in minutes or hours. | +| **Discover Using FTP** | Run the discovery through FTP instead of Telnet. Selecting this option reveals the FTPS option. | +| **Discover Using FTPS** | Use FTPS (FTP Secure) to enable secure communication with AS/400 systems. See image below. | +| **Timeout** | Specify the maximum time in seconds per command for performing a Telnet discovery. If there are connection issues or slow loading time, increasing the timeout may yield better results. | +| **Last Job Status** | Displays the status of the last discovery or task run. | +| **Job Run Report** | Records changes made in the last task. | +| **Schedule for autodiscovery** | The discovery job can be scheduled to run automatically. | +| **Discover Lines of Code** | If selected under the **Software and Applications** section, a script will run to collect the total lines of code on the machine. If used, increase the max timeout of the discovery to five minutes or more. | + +**FTPS Option:** -AS400 support does _not_ currently include: + -- Individual application discovery -- Parts support +**Timeout Configuration:** -AS400 discovery has been verified and functionality tested with IBM i/AS400 operating system deployments configured with the Spanish language setting. AS400 discovery should also work with other non-English locale configurations. + -Please let us know about your experiences with other foreign language configurations or any issues you encounter; we love hearing from our users. Email [support@device42.com](mailto:support@device42.com). +**Discover Lines of Code Option:** -## Run Now + + + +### Run Now To run the job immediately, you can click **Run Now** after saving or editing the job from the job details page that's displayed. @@ -172,7 +148,7 @@ You can also click **Run Now** from the list page under **Discovery > HyperVisor }} /> -## Schedule the Job +### Schedule the Job When creating or editing the job, select **Add another Auto Discovery Schedule** to run the job on a schedule. @@ -184,4 +160,29 @@ When creating or editing the job, select **Add another Auto Discovery Schedule** }} /> -Newly created jobs will not run on the first day they are created to prevent an unintentionally large amount of jobs from running initially. If you would like to run a job after its initial creation, select the **Run Now** button. +Device42 does not automatically run newly created jobs on the first day to prevent running a large number of jobs at once. If you would like to run a job after its initial creation, select the **Run Now** button. + +## How FTP Discovery Works + +Using FTP, Device42 creates a directory on the targeted server named **D42TEST**. +- Device42 then uploads CL/RPG programs to the server, transfers them to the QTEMP folder, and runs them. +- After the CL/RPG programs have run, Device42 transfers the output files back to **D42TEST** and parses them on the remote collector. +- Finally, Device42 removes all files placed or created on the server and disconnects. + +**Advantages over Telnet discovery:** + +- FTP discovery does not rely on anything other than the permissions to place or delete files. With Telnet, customization could disrupt the flow and end the discovery. +- FTP discovery requires less total communication with the server, resulting in much faster run times if there is any slowness on the targeted server or the network. + +Due to limitations, Device42 discovery needs to be able to create the directory **D42TEST**. Only the items that were placed or created during discovery will be removed. If an unexpected file is in that directory, the discovery will most likely fail. If discovery fails, please work with your AS400 Server administrator to remove the directory. + +## AS400 Limitations + +AS400 support does not currently include: + +- Individual application discovery +- Parts support + +AS400 discovery has been verified and functionality tested with IBM i/AS400 operating system deployments configured with the Spanish language setting. AS400 discovery should also work with other non-English locale configurations. + +Please let us know about your experiences with other foreign language configurations or any issues you encounter; we love hearing from our users. Email [support@device42.com](mailto:support@device42.com). diff --git a/docs/auto-discovery/index.mdx b/docs/auto-discovery/index.mdx index 9d7bbc21b..7359c0d14 100644 --- a/docs/auto-discovery/index.mdx +++ b/docs/auto-discovery/index.mdx @@ -6,18 +6,24 @@ sidebar_position: 1 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## Device42 Autodiscovery Jobs +This page is for Device42 administrators who need a comprehensive guide to discovery in Device42. Use this page as your central reference to find all available discovery types, learn how to manage and schedule discovery jobs, and navigate to detailed documentation for each discovery method. -Device42 offers several autodiscovery tools, some of which are internal to Device42 while some run externally. Find the internal autodiscovery job types under the **Discovery** menu of the Main Appliance. If you are new to Device42 autodiscovery, start with a [Discovery Hub](/getstarted/using-device42/discovery-hub.mdx) network scan to establish baseline discovery information. +If you are new to Device42 discovery, see [Getting Started With Autodiscovery](/getstarted/getting-started-with-auto-discovery.mdx) for the recommended initial discovery sequence and setup guidance. For operational best practices on running and maintaining discovery jobs, see [Autodiscovery Best Practices](/auto-discovery/autodisc-best-practices.mdx). -You may run the autodiscovery tools in any combination and order that makes sense for your environment. All autodiscovery jobs can be run on a regular schedule to automate a significant portion of your network documentation. +Device42 offers several discovery tools, some of which are internal to Device42 while some run externally. Find the internal discovery job types under the **Discovery** menu of the Main Appliance. + +All discovery jobs can be run on a regular schedule to automate a significant portion of your network documentation. :::caution -Do not set up an autodiscovery scan using critical production account credentials! Please create a separate, dedicated account to use only for discovery. +Do not set up an discovery scan using critical production account credentials! Please create a separate, dedicated account to use only for discovery. -Account lock-out could result in an otherwise avoidable outage depending on your permissions and configured password policies. You as a customer are responsible for any such behavior. +Account lockout could result in an otherwise avoidable outage depending on your permissions and configured password policies. ::: +## Get Started + +Plan your discovery process by referencing the recommended [Initial Discovery Sequence](/getstarted/getting-started-with-auto-discovery.mdx) and set up your environment to get the most out of the discovery process. [Contact our support team](https://support.device42.com/hc/en-us) for additional guidance. + ### Start With the Network Running network discovery first is recommended to lay the framework for the rest of your discoveries. By first discovering your network, you collect data on the in-use subnets that contain all of the IP addresses to be discovered and construct the Layer 2 framework by discovering VLANs with live MAC addresses. @@ -50,11 +56,21 @@ The list of excluded IPs copied to the job can be seen in the newly created job' Note that previously created jobs will not be affected or updated with changes to the exclusion list. -### Cloning Discovery Jobs +## Manage Discovery Jobs + +Learn how to clone discovery jobs, run multiple jobs, and about retry behavior. + +### Remote Collector (RC) + +The Device42 remote collector (RC) is a lightweight virtual appliance (a VM) that can be quickly deployed, for example, in places like a secure network segment. RCs can be selected to run discovery jobs by simply choosing them when creating the job. Choose the desired RC from the **Remote Collector** dropdown when initially setting up a new discovery job, or editing an existing discovery job. Most discovery jobs that can be launched from the Device42 **Discovery** menu support running from a deployed RC. + +For more information, see the dedicated [Remote Collector page](auto-discovery/remote-collector-rc.mdx). + +### Clone Discovery Jobs -Clone an autodiscovery job to create a copy of the job with all its settings without manually re-entering all the job details. You can then modify the cloned job for your specific purposes. +Clone a discovery job to create a copy of the job with all its settings without manually re-entering all the job details. You can then modify the cloned job for your specific purposes. -1. From a discovery list page, click on a discovery **job name** of the job you want to clone and then click **Edit**. +1. From a discovery list page, click a discovery **job name** of the job you want to clone and then click **Edit**. -## Agent-Based Discovery +### Scanning Timeout, Retries, and Failure Behavior -There are special situations when using an agent for discovery makes more sense. We offer optional autodiscovery agents for many platforms. See [Device42 Agent-Based discovery](agent-based-discovery.mdx) to learn more. +For \*nix scans (via SSH), you can set the scanning timeout when configuring the discovery job under the **Miscellaneous** section. -## Agent-Based Offline Discovery and Upload Tool + + +Retries are done in Windows Discovery Service (WDS) scans. WDS retries a scan until it either gets a successful set of results or fails with the same errors across several retries. This design accounts for sporadic failures due to system load or temporary network issues with WMI/WDS. + +## Agent-Based and Offline Discovery -There are some edge cases where the network, or lack of network, doesn’t allow communication back to the main Device42 appliance for a variety of reasons. +There are special situations when using an agent for discovery makes more sense. Device42 offers optional discovery agents for many platforms. See [Device42 Agent-Based discovery](agent-based-discovery.mdx) to learn more. -Whether remote collectors can’t be deployed or the policy simply doesn’t allow it, we've got the solution: +### Agent-Based Offline Discovery and Upload Tool + +There are some edge cases where the network, or lack of network, doesn't allow communication back to the main Device42 appliance for a variety of reasons. + +Whether remote collectors can't be deployed or the policy simply doesn't allow it, Device42 has the solution: - See [Device42 Offline Agent-based discovery](agent-based-offline-discovery.mdx) - Download the [Offline Discovery Data Processing Tool or Agent Log Upload Utility](https://www.device42.com/miscellaneous-tools/). -## Blade Systems Discovery +## Infrastructure and Platform Discovery + +Discover hardware, cloud platforms, hypervisors, and network devices. -Use SNMP discovery to collect HP and IBM Blade System (or Blade Center) chassis and blade details. See [Blade Systems Autodiscovery](auto-discovery/blade-systems-auto-discovery.mdx) for more information. +### Blade Systems Discovery -The Cisco UCS Manager is supported as well. You can grab chassis, blade, service profile information, and more. See [Cisco UCS Cluster](cisco-ucs-auto-discovery.mdx) for more information. +Use SNMP discovery to collect HP and IBM Blade System (or Blade Center) chassis and blade details. See [Blade Systems Autodiscovery](auto-discovery/blade-systems-auto-discovery.mdx) for more information. -## Cloud Platform Discovery +The Cisco UCS Manager is supported as well. You can discover chassis, blade, service profile information, and more. See [Cisco UCS Cluster](cisco-ucs-auto-discovery.mdx) for more information. + +### Cloud Platform Discovery Connect to Amazon AWS, Alibaba Cloud, Microsoft Azure, Digital Ocean, Google Cloud, Linode, and OpenStack from the cloud discovery under **Discovery > Cloud**. Cloud discovery details can be found on the [Cloud Platforms Autodiscovery](cloud-auto-discovery/index.mdx) page. -## DNS Autodiscovery +### DNS Discovery -DNS autodiscovery is built into Device42 and can do zone transfer(s) from your DNS server(s). DNS autodiscovery is run and scheduled from the Device42 web UI under **Discovery > DNS Zone Sync (One way)**. +DNS discovery is built into Device42 and can do zone transfer(s) from your DNS server(s). DNS discovery is run and scheduled from the Device42 web UI under **Discovery > DNS Zone Sync (One way)**. -## Hypervisor / \*nix / Windows Autodiscovery +### Hypervisor / \*nix / Windows Discovery Hypervisors, Windows, and Linux/UNIX discovery jobs can all be created under **Discovery > HyperVisors / \*nix / Windows**. @@ -164,31 +198,17 @@ Visit the dedicated page for each machine type: - [Linux/UNIX discovery](linux-unix-server-auto-discovery.mdx) - [Windows and Hyper-V discoveries](/auto-discovery/windows-and-hyper-v-auto-discovery.mdx) -### Scanning Timeout, Retries, and Failure Behavior - -For \*nix scans (via SSH), you can set the scanning timeout when configuring the autodiscovery job under the **Miscellaneous** section. - - - -Retries are done in Windows Discovery Service (WDS) scans. WDS retries a scan until it either gets a successful set of results or fails with the same errors across several retries. This design accounts for sporadic failures due to system load or temporary network issues with WMI/WDS. - -## IPMI Autodiscovery +### IPMI Discovery Discover iLO, iDrac, or other IPMI/BMC boards with basic hardware info and BMC IP and MAC address for a given IP range. If the server has already been discovered by OS-level discovery methods, the BMC IP and MAC address will show up in the device properties. Visit [IPMI/Redfish Autodiscovery](ipmi-auto-discovery.mdx) for details. -## Midrange / Mainframe discovery (IBM AS/400 and z/OS) +### Midrange / Mainframe Discovery (IBM AS/400 and z/OS) Device42 supports agent-less mainframe and mid-range discovery of both the [IBM i / AS400 mid-range](ibm-i-as400.mdx) platform and the [IBM z/OS mainframe platform](z-os-ibm-mainframe.mdx). -## Network / SNMP Autodiscovery +### Network / SNMP Discovery Run an SNMP discovery job from the Device42 web UI main menu under **Discovery > SNMP**. @@ -200,46 +220,42 @@ Using SNMP v1/v2c/v3 discovery for network devices, you can automate the discove - MAC to switch port associations - Switch port status and remote port associations -Visit [SNMP Network Discovery](auto-discovery/network-auto-discovery.mdx) for more information. - -## Node Data From Chef and Puppet +### Other SNMP-Based Discovery -To manage and integrate your configuration management data with Device42, you can use the following scripts: - -- Send Ohai node data from Chef server to Device42: [Sync node data from Chef](https://github.com/device42/chef_to_device42_sync_py). +SNMP discoveries can also be used to discover many other types of devices, like power devices, UPS, ATS, and other SNMP-compatible network-connected hardware. Many environmental sensors also support SNMP discovery. -- Sync Puppet facts to Device42: [Script to sync Puppet nodes information](https://github.com/device42/puppet_to_device42_sync_py). +To run an SNMP v1/v2c/v3 discovery against any SNMP-compatible endpoint, see [SNMP - Network Discovery](network-auto-discovery.mdx). -- See the [Device42 API Autodiscovery GitHub repo](https://github.com/device42/Device42-AutoDiscovery-Scripts) for another Puppet integration script that reads the YAML factor files and populates inventory details in Device42 using the RESTful API. +### VMware / Citrix XenServer / oVirt / Redhat Virtualization / KVM -## Other SNMP-Based Discovery +Hypervisors are discovered via the Device42 web UI under **Discovery > HyperVisors / \*nix / Windows**. Using native APIs, Device42 connects to your VMWare vCenter server(s), ESX server(s), Citrix XenServer, oVirt, or Redhat Virtualization servers and retrieves host details, inventory details, and guest VM details. -SNMP discoveries can also be used to discover many other types of devices, like power devices, UPS, ATS, and other SNMP-compatible network-connected hardware. Many environmental sensors also support SNMP discovery. +See [Virtual Machine Autodiscovery](auto-discovery/virtual-machine-auto-discovery.mdx) for more information. -To run an SNMP v1/v2c/v3 discovery against any SNMP-compatible endpoint, see [SNMP - Network Discovery](network-auto-discovery.mdx). +## Configuration Management and Integrations -## Ping Sweep Utility +Integrate Device42 with configuration management tools and APIs. -The open-source, standalone [Ping Sweep tool](https://www.device42.com/autodiscovery/) uses NMAP in the background to run ping sweeps against the selected network(s), uploading discovered IP, MAC, and reverse DNS details via Device42's RESTful APIs. The Ping Sweep tool is written in .NET. +### Node Data From Chef and Puppet -There is also a ping sweep tool built into Device42. Find it in the UI under **Discovery > Ping Sweep**. Note that the UI-based option may be deprecated in the future and the standalone tool is much faster. +To manage and integrate your configuration management data with Device42, you can use the following scripts: -## Remote Collector (RC) +- Send Ohai node data from Chef server to Device42: [Sync node data from Chef](https://github.com/device42/chef_to_device42_sync_py). -The Device42 remote collector (RC) is a lightweight virtual appliance (a VM) that can be quickly deployed, for example, in places like a secure network segment. RCs can be selected to run autodiscovery jobs by simply choosing them when creating the job. Choose the desired RC from the **Remote Collector** dropdown when initially setting up a new autodiscovery job, or editing an existing discovery job. Most autodiscovery jobs that can be launched from the Device42 **Discovery** menu support running from a deployed RC. +- Sync Puppet facts to Device42: [Script to sync Puppet nodes information](https://github.com/device42/puppet_to_device42_sync_py). -For more information head to the dedicated [Remote Collector page](auto-discovery/remote-collector-rc.mdx). +- See the [Device42 API Autodiscovery GitHub repo](https://github.com/device42/Device42-AutoDiscovery-Scripts) for another Puppet integration script that reads the YAML factor files and populates inventory details in Device42 using the RESTful API. -## Using REST APIs +### Use REST APIs You can automate inventory management and integrate with your own scripts or other programs using the Device42 RESTful APIs as shown in the [Create Hardware Models](how-to-videos/api-imports-add-create-hardware-models.mdx) video. -## VMware / Citrix XenServer / oVirt / Redhat Virtualization / KVM +## Ping Sweep Utility -Hypervisors are discovered via the Device42 web UI under **Discovery > HyperVisors / \*nix / Windows**. Using native APIs, Device42 connects to your VMWare vCenter server(s), ESX server(s), Citrix XenServer, oVirt, or Redhat Virtualization servers and retrieves host details, inventory details, and guest VM details. +The open-source, standalone [Ping Sweep tool](https://www.device42.com/autodiscovery/) uses NMAP in the background to run ping sweeps against the selected network(s), uploading discovered IP, MAC, and reverse DNS details via Device42's RESTful APIs. The Ping Sweep tool is written in .NET. -See [Virtual Machine Autodiscovery](auto-discovery/virtual-machine-auto-discovery.mdx) for more information. +There is also a ping sweep tool built into Device42. Find it in the UI under **Discovery > Ping Sweep**. The UI-based ping sweep may be deprecated in the future and the standalone tool is much faster. ## Next Steps -To dive deeper into specific autodiscovery topics, take a look at this category's subpages in the sidebar. +To dive deeper into specific discovery topics, take a look at this category's subpages in the sidebar. diff --git a/docs/auto-discovery/ipmi-auto-discovery.mdx b/docs/auto-discovery/ipmi-auto-discovery.mdx index b93f79ff9..a8e424120 100644 --- a/docs/auto-discovery/ipmi-auto-discovery.mdx +++ b/docs/auto-discovery/ipmi-auto-discovery.mdx @@ -6,13 +6,13 @@ sidebar_position: 15 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## IP Management Interface (IPMI) Discovery +This page is for Device42 administrators who need to discover devices through IPMI or Redfish management interfaces. Learn how to create and configure IPMI/Redfish discovery jobs, set hostname naming priorities, and ensure IPMI over LAN is enabled for successful discovery. Device42 can discover a device via its IPMI/BMC (iDrac, iLo, etc.) board. From a device's IPMI interface, Device42 can discover the hardware model, serial number, and the BMC interface's IP address and MAC address, both of which are added to the device record as an interface labeled "mgmt". -## Add a New IPMI Autodiscovery Job +## Add a New IPMI Discovery Job -Navigate to **Discovery > IPMI / Redfish** and click **Create** to create the IPMI autodiscovery job. +Navigate to **Discovery > IPMI / Redfish** and click **Create** to create the IPMI discovery job. IPMI / Redfish** and click **Create** to create the IP Fill in the job details: -- **Job Name:** Enter a unique name for the job. +- **Job Name:** Enter a unique name for the job. - **Server(s):** Input the IP address range against which you want to run the job. -- **Exclude Server(s):** Add any servers for which you want to exclude fetching information. +- **Exclude Server(s):** Add any servers that you want to exclude from discovery. - **Discovery Type:** Choose between **IPMI** and **Redfish**. - - - +/> + - **Discovery Target(s) Credential(s):** Add credentials to connect to the IPMI board. - +/> -### Hostname To Use and Other Options +### Hostname to Use and Other Options Under the **Hostname to use** option, select a naming order to apply to newly discovered devices. When an IPMI discovery job is the first to discover a device, or there is no match against an existing device, a new device record is created with the hostname order you select. @@ -58,46 +59,45 @@ Note that this option does not affect devices that have already been discovered; Select one of the **Hostname to use** options: - **Serial # / Reverse DNS / IP**: If the serial number is found, it is used as the device name. Otherwise, the reverse DNS name is used. If neither the serial number nor the reverse DNS name is found, the IP address is used to name the device. - **Discovered Name / Serial # / Reverse DNS / IP**: If the discovered name from IPMI is found, it is used to name the device. If no discovered name is found, the naming order is the same as above. -- **Reverse DNS / Discovered Name / Serial # / IP**: If the reverse DNS name is found, it is used as the device name. Otherwise, the discovered name is used. If neither the reverse DNS name nor the discovered name is found, the serial number is used to name the device. If neither those names nor the serial number is found, the IP address is used as the device name. +- **Reverse DNS / Discovered Name / Serial # / IP**: If the reverse DNS name is found, it is used as the device name. Otherwise, the discovered name is used. If neither the reverse DNS name nor the discovered name is found, the serial number is used to name the device. If neither those names nor the serial number is found, the IP address is used as the device name. - + - **Add hardware model, if found:** Select this option to add the hardware model discovered via the naming method. Note that the naming method is ignored for existing devices with hardware models. -- **Debug Level:** Select **Debug On** to generate a debug log that can be sent to the support via log bundle. -- Deselect **Run as Operator** to allow autodiscovery to run as an administrator on the IPMI device. By default, IPMI autodiscovery is run as an operator rather than an administrator, which may result in some details not being autodiscovered. - - +- **Debug Level:** Select **Debug On** to generate a debug log that can be sent to support via log bundle. +- Deselect **Run as Operator** to allow discovery to run as an administrator on the IPMI device. By default, IPMI discovery is run as an operator rather than an administrator, which may result in some details not being discovered. + + - **Serial to use:** Choose between **Product Serial**, **Board Serial**, and **Service Tag**. - + ## Ensure IPMI Over LAN Is Enabled -The following image is an example from the Dell iDrac web portal that shows why IPMI over LAN must be enabled for autodiscovery to work. +The following image is an example from the Dell iDrac web portal that shows why IPMI over LAN must be enabled for discovery to work. ![Make sure IPMI over LAN is enabled](/assets/images/ipmi-settings.png) - ## Run Now or Schedule When creating or editing the job, select **Add another Autodiscovery Schedule** to run the job on a schedule. @@ -106,12 +106,11 @@ When creating or editing the job, select **Add another Autodiscovery Schedule** alt="Schedule job" sources={{ light: useBaseUrl('/assets/images/ipmi-auto-discovery/schedule-ipmi-light.png'), - dark: useBaseUrl('/assets/images/ipmi-auto-discovery/schedule--ipmi-dark.png'), + dark: useBaseUrl('/assets/images/ipmi-auto-discovery/schedule-ipmi-dark.png'), }} /> - -Newly created jobs will not run on the first day they are created, to prevent an unintentionally large number of jobs from running initially. If you want to run a job after its initial creation, select the **Run Now** button on the job details page that is displayed after a job is saved. +Device42 does not automatically run newly created jobs on the first day to prevent running a large number of jobs at once. If you would like to run a job after its initial creation, select the **Run Now** button on the job details page. -You can also run the job from the list page under **Discovery > IPMI / Redfish**, click **Run Now** to run the job immediately. +You can also run the job from the list page under **Discovery > IPMI / Redfish**. Click **Run Now** to run the job immediately. Cloud** and click **Create**. @@ -49,30 +49,30 @@ Navigate to **Discovery > Cloud** and click **Create**. - Enter the **URL** the job will use, including the port if necessary. -- Enter your **Basic credentials** for the Jamf account. You can optionally add a **Service Level** and select an **Object Category for the discovered devices** to be assigned to. +- Enter your **Basic credentials** for the Jamf account. You can optionally add a **Service Level** and select an **Object Category for the discovered devices**. - **Add device vendor metadata as** either **Tags** or **Custom Fields**, or leave it set as the default option, **Do Nothing**. -- Optionally, include **Tags for discovered devices**. Tags are useful metadata that categorize the discovered items for searching, filtering, and [ADM Calculation Rule](/apps/application-groups/calculation-rules/#what-are-calculation-rules) purposes. +- Optionally, include **Tags for discovered devices**. Tags are useful metadata that categorize discovered items for searching, filtering, and [ADM calculation rule](/apps/application-groups/calculation-rules.mdx#what-are-calculation-rules) purposes. - Select a **Customer for discovered devices**. - Choose **No Debug** or **Extended Debug** from the **Debug level** dropdown menu to change the default logging level, **Normal Debug**. Cloud** and click **Create**. ### Schedule the Job -Scroll down to create a run schedule for the job. Create multiple schedules for the job with the **+ Add another Autodiscovery Schedule** button. +Scroll down to create a run schedule for the job. You can create multiple schedules with the **+ Add another Autodiscovery Schedule** button located below the schedule options. -You can also run the job from the list view. +You can also run the job from the list view by clicking the **Run Now** button in the table. Hypervisors / \*nix / Windows** from the main menu and click the **Create** button to add a discovery job to connect and gather host and VM details. @@ -46,7 +48,7 @@ Choose **\*nix** as the platform, and enter your discovery target (hostnames, IP }} /> -### Discovery Job Option Definitions +### Linux/Unix Discovery Job Options - **Job Name:** User-defined name for the job. - **Remote Collector:** Select the remote collector to run the discovery job from (_optional_). @@ -56,21 +58,21 @@ Choose **\*nix** as the platform, and enter your discovery target (hostnames, IP - **Use telnet if SSH port is closed:** Fall back to telnet (port 23) if the SSH port is found to be closed. - **Collect database server information:** Select this option to discover Oracle database servers. - **Database Username/Password(s):** Username and password with database server permissions. -- **ADM Sampling Interval:** Is _Off_ by default. Enter a sampling interval in minutes or hours. +- **ADM Sampling Interval:** Off by default. Enter a sampling interval in minutes or hours. - **Enable Resource Utilization Tracking for Device(s):** Optionally enable the collection of resource utilization metrics from discovered devices. - **Resource Utilization Sampling Interval:** Set the interval for RU data collection (only in effect if RU Tracking is enabled). -- **Discovery Target(s) Credential(s):** Use username with permission to connect to the Linux and Unix targets. +- **Discovery Target(s) Credential(s):** Use a username with permissions to connect to the Linux and Unix targets. - **Schedule for autodiscovery:** You can schedule the discovery to run at certain times. :::caution -Please don't set up an autodiscovery scan using critical production account credentials. +Do not set up a discovery scan using critical production account credentials. Create a separate, dedicated account to use only for discovery. -Account lock-out could result in an otherwise completely avoidable outage depending on the permissions granted and your configured password policies. You are responsible for any such behavior that might result if you choose to ignore this requirement. +Account lockout could result in an otherwise avoidable outage depending on the permissions granted and your configured password policies. ::: -### Option To Ignore IPs and MAC Addresses +### Option to Ignore IPs and MAC Addresses -You can prevent IP and MAC addresses from being included in our database during autodiscovery. Devices with these addresses will still be discovered but the detailed information that would typically be collected and stored is ignored. +You can prevent IP and MAC addresses from being included in the database during discovery. Devices with these addresses will still be discovered but the detailed information that would typically be collected and stored is ignored. Configure rules to ignore IP and MAC addresses for a specific job when creating or editing the job. @@ -121,6 +123,8 @@ Globally, you can add an **Exclusion** to ignore IP and MAC addresses for all jo ### Naming Options +Configure the naming options for discovered devices. + + - **Hostname as Discovered:** If the domain is present and the domain is not in the name, it is set to `name`. - **Hostname plus Domain Name:** The device name becomes `name.domain`. @@ -155,7 +159,7 @@ Globally, you can add an **Exclusion** to ignore IP and MAC addresses for all jo ### Host Discovery -Enabling the **Discover ProviderID/CloudID** option reveals the **Provider Token** option, which might be needed for authentication with the cloud service provider. +Enable the **Discover ProviderID/CloudID** option to reveal the **Provider Token** option, which might be needed for authentication with the cloud service provider. HyperVisors / \*nix / Windows** and click **+ Add Hypervisors/\*nix/win for Autodiscovery**. +- Set up a new discovery job. Go to **Discovery > HyperVisors / \*nix / Windows** and click **Create**. - Select a credential for the **Discovery Target(s) Credential(s)** field that includes the SSH key file instead of a password. - You can also add the file via the discovery job page, or by going to **Resources > All Secrets** and clicking **Create**. @@ -302,9 +306,9 @@ Add your private SSH RSA or DSA Private key created in [Step 1](#step-1-configur }} /> -If you set a passphrase for your SSH key, check the **Use Password** box and supply the SSH key file's password and SSH key. Note that you can do this later by editing your created credential (called a Secret). +If you set a passphrase for your SSH key, check the **Use Password** box and supply the SSH key file's password and SSH key. Note that you can do this later by editing your created credential (called a Secret). -You're all set to run Linux discovery using an SSH key! Save and run your discovery job. +Save and run your discovery job to begin Linux discovery using an SSH key. ### Download the Key File @@ -365,7 +369,7 @@ Newly created jobs will not run on the day they are created to prevent an excess ## Linux Considerations -Linux autodiscovery has been tested against Redhat, Debian, CentOS, Ubuntu, and Oracle distributions and should work fine against just about all similar Linux distributions. +Linux discovery has been tested against Redhat, Debian, CentOS, Ubuntu, and Oracle distributions and should work fine against just about all similar Linux distributions. Confirm compatibility by checking to see if your platform supports the following commands: @@ -402,9 +406,9 @@ Confirm compatibility by checking to see if your platform supports the following ## Linux Permissions -Several commands are run as part of the Linux autodiscovery process that, by default, typically require root privileges. We do extensive testing to see which commands we can run without `sudo` while still obtaining all available information. +Several commands run as part of the Linux discovery process typically require root privileges by default. Device42 does extensive testing to see which commands can run without `sudo` while still obtaining all available information. -The following is a table of commands we sometimes or always run as `sudo`. For the "Sometimes" commands, we'll try to run the command first without `sudo`, and if we receive a "permission denied" command rather than an "invalid command", "command not found", or similar, we'll attempt to run it as `sudo`. This list also specifies whether the command is run on every Linux or UNIX flavor, or only certain platforms: +The following table lists commands that Device42 sometimes or always runs with `sudo`. For the "Sometimes" commands, Device42 first tries to run the command without `sudo`. If the response is "permission denied" rather than "invalid command" or "command not found", Device42 attempts the command with `sudo`. This list also specifies whether the command runs on every Linux or UNIX flavor, or only certain platforms: | Command | Run with sudo? | OS flavor | |---------------------|----------------|-----------------------------------------------------------| @@ -456,13 +460,13 @@ The following is a table of commands we sometimes or always run as `sudo`. For t | `vzlist` | Sometimes | Aix | | `zlogin` | Always | Solaris (For Zones) | -Below you can see an example of how to allow a particular user or group to run a specific sudo command without being prompted for a password: +The following example shows how to allow a particular user or group to run a specific sudo command without being prompted for a password: ``` -**%your-group-here ALL = (ALL) NOPASSWD:/usr/sbin/dmidecode, /sbin/hdparm, /sbin/fdisk** +%your-group-here ALL = (ALL) NOPASSWD:/usr/sbin/dmidecode, /sbin/hdparm, /sbin/fdisk ``` -Adjust the above paths as needed to match the location of each program. If these permissions are missing, the autodiscovery client will not be able to discover hardware, manufacturer, serial number, and so on, as well as service dependencies and valuable application configuration information. You might also have to comment out `Default Require tty` in the `/etc/sudoers` file. +Adjust the paths as needed to match the location of each program. If these permissions are missing, the discovery client cannot discover hardware, manufacturer, serial number, and so on, as well as service dependencies and application configuration information. You might also need to comment out `Default Require tty` in the `/etc/sudoers` file. ## SUDO PATH in Non-Interactive Shells @@ -470,9 +474,9 @@ If you have a Linux discovery where Device42 uses a non-interactive shell, Devic You can set that information in the `sudoers` file for the service account to prevent these commands from being executed multiple times. It should be there by default, but sometimes it's commented out or removed for security hardening. -It's not a bug, but some deployments may see security alerts for invalid commands being executed because of this. +This is not a bug, but some deployments may see security alerts for invalid commands being executed because of this. -In sudoers, there should be a line as follows: +The `sudoers` file should contain a line as follows: ``` Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" ``` diff --git a/docs/auto-discovery/load-balancer-f5-autodiscovery.mdx b/docs/auto-discovery/load-balancer-f5-autodiscovery.mdx index e684dbd64..ca0fd8c7d 100644 --- a/docs/auto-discovery/load-balancer-f5-autodiscovery.mdx +++ b/docs/auto-discovery/load-balancer-f5-autodiscovery.mdx @@ -6,11 +6,9 @@ sidebar_position: 32 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## Discovering F5, NetScaler, and Other Load Balancers or Cluster Devices +This page is for Device42 administrators who need to discover load balancers, Cisco UCS, and ACI devices. Learn how to create discovery jobs and configure options for these device types. -Device42’s load balancer discovery maps out virtual servers, pools, and their relationships to backend devices. - -To get started, first [create and run an SNMP job](network-auto-discovery.mdx) to identify and discover the load balancer and other cluster devices. Next, run a [Windows/*nix job](auto-discovery/index.mdx#hypervisor--nix--windows-autodiscovery) to discover backend servers (pool members). Finally, create an API-based load balancer job under **Discovery > UCS/ACI/Load Balancers** to collect connectivity and dependency data. +Device42's load balancer discovery maps out virtual servers, pools, and their relationships to backend devices. To get started, first [create and run an SNMP job](network-auto-discovery.mdx) to identify and discover the load balancer and other cluster devices. Next, run a [Windows/*nix job](index.mdx#hypervisor--nix--windows-autodiscovery) to discover backend servers (pool members). Finally, create an API-based load balancer job under **Discovery > UCS/ACI/Load Balancers** to collect connectivity and dependency data. Device42 discovers Cisco ASA, Cisco UCS, NetScaler, and cluster devices via their native APIs. Devices from A10 Networks should also produce good output using SNMP. @@ -18,6 +16,8 @@ Citrix NetScaler load balancer API discovery is used to build TCP or UDP connect ## Load Balancer Discovery +Create a job to collect load balancer configuration and connectivity data. + ### Prerequisites For F5 discovery, ensure you have the **username for a local account** with access to the F5 API. The API calls work with read-only access and do not require administrative privileges. @@ -38,7 +38,7 @@ Navigate to **Discovery > UCS/ACI/Load Balancers**, click **Create**, and select If you're discovering an F5 device, follow these steps: -1. Start by scanning an F5 device via SNMP. Add a job under **Discovery > SNMP** and input the correct matching community string. Ensure you configure SNMP on your F5. See the [Load Balancers](auto-discovery/load-balancers.mdx) page for more information about SNMP discovery. +1. Start by scanning an F5 device via SNMP. Add a job under **Discovery > SNMP** and input the correct matching community string. Ensure you configure SNMP on your F5. See the [Load Balancers](load-balancers.mdx) page for more information about SNMP discovery. 2. Once discovered via SNMP, scan your F5 pool members via either SSH or the API, depending on the device's OS. This will allow you to gather detailed information about the F5 pool members. 3. After you've discovered via SNMP, scan the F5 by creating a discovery job under **Discovery > UCS/ACI/Load Balancers** as shown above. This requires an account with F5 API permissions. @@ -47,7 +47,7 @@ If you're discovering an F5 device, follow these steps: To discover UCS or other cluster devices, select **UCS** from the **Platform** dropdown menu (pictured above). 1. Give your job a meaningful, descriptive name and specify the server hostnames, IP addresses, IP ranges, or CIDR blocks for your cluster devices. -2. Choose a Remote Collector (RC) if desired, specify the correct port, and select or unselect the SSL option as needed +2. Choose a Remote Collector (RC) if desired, specify the correct port, and select or clear the SSL option as needed. 3. Choose one or more sets of credentials that will allow Device42 to authenticate and query your UCS/Cluster devices. 4. Set other options (explained below) as needed, create a schedule if desired, and save your job. 5. Select **Run now** from the list page to run the discovery job now. @@ -67,7 +67,7 @@ Visit the [dedicated Cisco UCS / ACI discovery docs page](cisco-ucs-auto-discove The following options apply to UCS/ACI devices: - **Hostname to use:** Choose the hostname format to use for newly discovered devices. Choose between **Discovered Name** or **Serial #**. -- **Give precedence to hostname** Select to force-overwrite the current hostname for existing devices in Device42, using the hostname option selection in **Hostname to use**. +- **Give precedence to hostname:** Select to force-overwrite the current hostname for existing devices in Device42, using the hostname option selection in **Hostname to use**. - **VRF Group for discovered devices:** Place discovered devices into the chosen VRF group. All Resources** from the Device42 menu to display the list page. You can consult the Device42 [Managed Resources](resources/index.mdx) documentation for more information. +Discovered F5 load balancers are included in the **Resources** list. Navigate to **Resources > All Resources** from the Device42 menu to display the list page. See the [Managed Resources](resources/index.mdx) documentation for more information. -Click the **Vendor Resource Type** dropdown and check "F5" to filter the list for load balancer resources. +Click the **Vendor Resource Type** dropdown and select **F5** to filter the list for load balancer resources. -Click on a load balancer and use the right-hand panel to navigate between sections of the load balancer's details. +Click on a load balancer and use the right-hand panel to navigate between sections of the load balancer's details. -Click **Resource Map** on the top left of the load balancer details page to view the topography map for the resource. In the **Tools & Breakdown** section of the left-hand panel, you can view, add, highlight, and search items to include in the map according to their resource type. +Click **Resource Map** on the top left of the load balancer details page to view the topography map for the resource. In the **Tools & Breakdown** section of the left-hand panel, you can view, add, highlight, and search items to include in the map according to their resource type. -The image below shows an example resource map for clustered load balancers. +The following image shows an example resource map for clustered load balancers. -The chart views for Application Groups are now much simpler and easier to understand. Navigate to **Applications > Application Groups** from the Device42 main menu to display the **Application Groups** list page. +The chart views for Application Groups are simpler and easier to understand. Navigate to **Applications > Application Groups** from the Device42 main menu to display the **Application Groups** list page. @@ -19,14 +23,14 @@ sudo launchctl load /Library/LaunchDaemons/ ## Make Changes to the `.plist` File -If you make changes to the `.plist` file, you need to `unload` and then `load` it again by running: +If you make changes to the `.plist` file, unload and then load it again by running: ``` sudo launchctl unload /Library/LaunchDaemons/ sudo launchctl load /Library/LaunchDaemons/ ``` -To make sure that the file is correctly loaded, run: +To verify that the file is correctly loaded, run: ``` sudo launchctl list | grep device42 @@ -34,13 +38,13 @@ sudo launchctl list | grep device42 ## Install via MDM -If you need to deploy in bulk to many machines, you can use MDM. +If you need to deploy in bulk to many machines, you can use MDM. Package the Launch Agent using Composer and deploy it via the JSS, Casper Remote, or ARD. -Include the following as a post-flight script to set some permissions and load the agent. Right-click **Scripts**, click **Shell Script**, and then **post flight**. +Include the following as a post-flight script to set permissions and load the agent. Right-click **Scripts**, click **Shell Script**, and then **post flight**. -``` +```bash #!/bin/bash chown root "/Library/LaunchDaemons/NAMEOF.plist" chmod 644 "/Library/LaunchDaemons/NAMEOF.plist" @@ -50,4 +54,4 @@ launchctl load "/Library/LaunchDaemons/NAMEOF.plist" ## Notes - By default, logs are stored under `/var/log` or as otherwise configured in the `.plist` file. -- The `agent_local.log` file is under the default `/opt/device42` working directory. +- The `agent_local.log` file is in the default `/opt/device42` working directory. diff --git a/docs/auto-discovery/microsoft-dhcp-discovery.mdx b/docs/auto-discovery/microsoft-dhcp-discovery.mdx index 7bcdce3da..b3768762c 100644 --- a/docs/auto-discovery/microsoft-dhcp-discovery.mdx +++ b/docs/auto-discovery/microsoft-dhcp-discovery.mdx @@ -6,9 +6,13 @@ sidebar_position: 4.8 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -# Microsoft DHCP Discovery +This page covers how to discover Microsoft DHCP servers and automatically populate records of IP addresses, subnets, and DHCP details like scope, state, lease duration, and DNS information. -Select the Microsoft DHCP discovery type by navigating to **Discovery > DHCP** on the Main Appliance. +Microsoft Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to dynamically assign IP addresses and other network configuration parameters to devices on a network. If you use Microsoft DHCP Servers in your environment, Microsoft DHCP discovery automatically populates records of discovered DHCP servers, IP addresses, and subnets. + +## Create a DHCP Discovery Job + +Navigate to **Discovery > DHCP** on the Main Appliance and click **Create**. DHCP** o }} /> -Microsoft Dynamic Host Configuration Protocol (DHCP) is a service provided by the Microsoft Windows Server operating system. DHCP is a network management protocol used to dynamically assign IP addresses and other network configuration parameters, like the subnet mask, default gateway, and DNS servers, to devices on a network. - -If you already use Microsoft DHCP Servers in your environment, Microsoft DHCP Discovery will automatically populate records of discovered DHCP Servers, IP Addresses, and subnets; including additional DHCP details like DHCP Scope, State, Lease Duration, DNS information, Start and End address ranges. - -## Discovery +Microsoft DHCP discovery uses WMI by default, but WinRM is also supported and can be enabled in the job configuration. The **URL prefix** and **Port** fields default accordingly when you select **Discover Using WinRM**. -Microsoft DHCP Discovery uses WMI by default, but WinRM is also supported and can be enabled in the job configuration. The **URL prefix** and **Port** fields will default accordingly upon selecting **Discover Using WinRM**. - -Although WinRM is fast and Microsoft's preferred protocol, we don't necessarily recommend updating existing jobs to use WinRM, as we currently (v19.06) use NTLM, which Microsoft is in the process of deprecating. We'll use Kerberos in the near future. +Although WinRM is fast and Microsoft's preferred protocol, updating existing jobs to use WinRM is not recommended, as Device42 currently (v19.06) uses NTLM, which Microsoft is deprecating. Kerberos support is planned for a future release. :::note -If **Discovery Using WinRM** is not enabled, pair a WDS with the selected Remote Collector to use WMI. +If **Discover Using WinRM** is not enabled, pair a WDS with the selected Remote Collector to use WMI. ::: - -## Additional Options +### Additional Options You can set a schedule to run the job automatically, turn off the default **Create Device from DHCP lease information** option, and set a **Service Level**. Remote Collectors**. Click the name of the RC you want to use for NetFlow collection. +1. Follow the [RC Installation and Configuration](remote-collector-rc.mdx#rc-installation-and-configuration/) instructions on the [Remote Collector (RC) page](remote-collector-rc.mdx). After installation, return to this page to complete NetFlow configuration for your RC. +2. Enable NetFlow collection on your newly installed Device42 RC from the Device42 main menu under **Discovery > Remote Collectors**. Click the name of the RC you want to use for NetFlow collection. -3. From the **View remote collector** screen, click the **Edit** button in the upper right-hand corner. Scroll down to the **NetFlow options**. +3. From the **View remote collector** screen, click the **Edit** button in the upper right-hand corner and scroll down to the **NetFlow options**. -5. Finally, ensure all your NetFlow generating devices are sending their NetFlows to the Device42 RC you just configured. If you haven't configured that already, do that now. This procedure will differ depending on the hardware you are using. Consult the manufacturer's directions for help should you need it. +5. Ensure all your NetFlow generating devices are sending their NetFlows to the Device42 RC you just configured. If you haven't configured that already, do it now. This procedure differs depending on the hardware you are using. Consult the manufacturer's documentation for help. ### Install the Device42 Standalone NetFlow Collector -The Standalone NetFlow Collector doesn't require any installation; it can simply be run from the command line. +The Standalone NetFlow Collector doesn't require installation and can be run from the command line. ## Run the Standalone NetFlow Collector To run the collector, open a command prompt and navigate to the directory it's stored in. Run the collector as follows: -`d42-netflow-collector-windows-v100.exe -h https://yourdevice42url -u D42UserName -p D42Password` +``` +d42-netflow-collector-windows-v100.exe -h https://yourdevice42url -u D42UserName -p D42Password +``` -This will start the listener on port 2055 (unless a different port is specified) and will begin collecting the data sent to this device from your NetFlow-enabled devices. Ensure you've pointed your switches and/or other NetFlow-enabled devices you are using at this NetFlow collector. Each device's NetFlow _output_ should be the IP address of the server you have running the Device42 NetFlow collector. +This starts the listener on port 2055 (unless a different port is specified) and begins collecting data sent to this device from your NetFlow-enabled devices. Ensure you've pointed your switches and other NetFlow-enabled devices at this NetFlow collector. Each device's NetFlow output should be the IP address of the server running the Device42 NetFlow collector. ### Standalone NetFlow Collector Options -The following options are available to augment the behavior of `d42-netflow-collector-windows-v100.exe`: +The following options are available to modify the behavior of `d42-netflow-collector-windows-v100.exe`:
Click to expand the code block @@ -99,11 +97,10 @@ The following options are available to augment the behavior of `d42-netflow-coll ```
-The NetFlow collector will capture and send data to Device42 in 5-minute increments by default. You may customize this interval using the `-i` command switch. +The NetFlow collector captures and sends data to Device42 in 5-minute increments by default. You can customize this interval using the `-i` command switch. -Device42 will attempt to associate the data it receives with services known to Device42. If there are no services with which to associate the collected data, Device42 will retain one million rows of the most recent data, discarding the oldest information as needed. As new services are discovered, data is matched against this million-row buffer. +Device42 attempts to associate the data it receives with services known to Device42. If there are no services with which to associate the collected data, Device42 retains one million rows of the most recent data, discarding the oldest information as needed. As new services are discovered, data is matched against this million-row buffer. ## Licensing -Please contact Device42 today for a demo license. Email [support@device42.com](mailto:support@device42.com) to **take NetFlow for a spin today!** - +Contact Device42 for a demo license at [support@device42.com](mailto:support@device42.com). diff --git a/docs/auto-discovery/network-auto-discovery.mdx b/docs/auto-discovery/network-auto-discovery.mdx index 049a66a59..eeb781d3c 100644 --- a/docs/auto-discovery/network-auto-discovery.mdx +++ b/docs/auto-discovery/network-auto-discovery.mdx @@ -6,25 +6,25 @@ sidebar_position: 27 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -This guide provides instructions for configuring and running Simple Network Management Protocol (SNMP) discovery across your network. +This page covers how to configure and run Simple Network Management Protocol (SNMP) discovery across your network. Learn how to create SNMP discovery jobs, configure credentials, and manage discovered network devices. -Please see our [list of supported hardware vendors for SNMP autodiscovery](auto-discovery/vendors-supported-in-snmp-auto-discovery.mdx) and let us know if you have a device that needs additional support! +See the [list of supported hardware vendors for SNMP discovery](vendors-supported-in-snmp-auto-discovery.mdx) for compatibility information. -## Introduction to SNMP-Based Autodiscovery +## Introduction to SNMP-Based Discovery -SNMP is a widely supported protocol and standard for managing network-connected hardware. There are three broadly deployed versions: SNMP v1, v2c (most commonly used), and v3. +SNMP is a widely supported protocol and standard for managing network-connected hardware. There are three broadly deployed versions: SNMP v1, v2c (most commonly used), and v3. -SNMP is typically used in a read-only capacity, but it can support read and write permissions. By default, it uses port 161. SNMP exposes management data in the form of variables, which are organized in a Management Information Base (MIB). An MIB essentially describes the variables available on a given system, each of which can be remotely queried via SNMP. +SNMP is typically used in a read-only capacity, but it can support read and write permissions. By default, it uses port 161. SNMP exposes management data in the form of variables, which are organized in a Management Information Base (MIB). An MIB describes the variables available on a given system, each of which can be remotely queried via SNMP. -:::note -SNMP autodiscovery supports IPv6 addresses for device discovery. +:::note +SNMP discovery supports IPv6 addresses for device discovery. ::: -### SNMP Autodiscovery Items +## SNMP Discovery Items -Network devices can be discovered by Device42 using SNMP v1, v2c, or v3. If you're looking to do [Storage discovery](storage-arrays-autodiscovery/snmp-san-server-auto-discovery.mdx) via SNMP, you may want to visit the dedicated [SNMP SAN/Server Autodiscovery](storage-arrays-autodiscovery/snmp-san-server-auto-discovery.mdx) page. +Network devices can be discovered by Device42 using SNMP v1, v2c, or v3. If you're looking to do [Storage discovery](storage-arrays-autodiscovery/snmp-san-server-auto-discovery.mdx) via SNMP, visit the dedicated [SNMP SAN/Server Autodiscovery](storage-arrays-autodiscovery/snmp-san-server-auto-discovery.mdx) page. -SNMP discovery will pull in CDP/LLDP neighbors as long as SNMP credentials are the same across all neighbors. If the credentials are **not** the same, you can add those devices using separate discovery jobs. +SNMP discovery pulls in CDP/LLDP neighbors as long as SNMP credentials are the same across all neighbors. If the credentials are **not** the same, you can add those devices using separate discovery jobs. ### Categories of Discovered SNMP Data @@ -32,11 +32,11 @@ Depending on the device type and compatibility matrix linked above, the followin - **Switch inventory:** The switch name, serial number, model, and manufacturer. - **Stacked switches:** Stacked switches are added as cluster devices and all physical devices as part of the cluster. -- **Access Points**: Access points are added as the device host with a device type other than controller device. -- **VLANs**: Layer 2 VLANs. +- **Access Points:** Access points are added as the device host with a device type other than controller device. +- **VLANs:** Layer 2 VLANs. - **Subnets:** Layer 3 subnets. -- **Switch IP and MAC address**: The IP address and MAC address belonging to the switch. -- **IP to MAC address association:** Basically the ARP table, if available. So all IPs that are available with MAC association. +- **Switch IP and MAC address:** The IP address and MAC address belonging to the switch. +- **IP to MAC address association:** The ARP table, if available. All IPs that are available with MAC association. - **MAC address to switch port association:** Switch ports and MAC addresses found on that port (MAC table). The MAC to switch port association brings only switch ports with MAC addresses. Use the **Get all switch ports** option to get: @@ -47,12 +47,9 @@ The MAC to switch port association brings only switch ports with MAC addresses. - **Port administratively up/down status** - **Remote port connectivity, if any** +## Create an SNMP Discovery Job -## SNMP discovery jobs - -### Create or Edit an SNMP Discovery Job - -Go to **Discovery > SNMP** to add a new network autodiscovery job. +Go to **Discovery > SNMP** to add a new network discovery job. SNMP** to add a new network autodiscovery job. }} /> -When creating an SNMP job for Cisco Nexus, you must set up an SNMP server context for the management VRF. This actually needs to be done for any Cisco VRF contexts that you want to query over SNMP: +When creating an SNMP job for Cisco Nexus, you must set up an SNMP server context for the management VRF. This needs to be done for any Cisco VRF contexts that you want to query over SNMP: ```shell snmp-server context mymgmt vrf management ``` -Job configuration fields: +### SNMP Discovery Job Options -- **Server(s)**: Enter the FQDN, the IP addresses of a network device, or an IP range. +Configure the following job fields: + +- **Server(s):** Enter the FQDN, the IP addresses of a network device, or an IP range. :::note When specifying a CIDR block, the job automatically excludes the network and broadcast addresses (the first and last IPs in the block). This is expected behavior. As a workaround, you can manually add individual network or broadcast addresses as targets in the SNMP job. ::: -- **Port**: Leave at 161 if you are unsure -- **SNMP Version**: Choose SNMP v1, v2c, or v3 -- **Community String**: Save your community strings as passwords, and select them for v1 or v2c. See below for v3. -- **Run Autodiscovery on CDP/LLDP Neighbors**: Find all CDP/LLDP neighbors that are reachable. -- **Strip Domain Name**: Strip domain name from discovered switch name. -- **Get all Switch Ports**: Retrieve all switch ports. -- **Delete Switch Ports Not Found**: Delete any switch ports in Device42 that were not found in this discovery. -- **Use Alias/Name for port description**: Choose if you prefer the Alias/Name for the port description. -- **Delete older MAC association after**: Specify the number of days after which unfound MAC addresses are deleted. -- **ICMP/TCP Port Check**: Leave this option enabled to improve the efficiency and reduce the execution time of the job. If you experience any issues with multicast IPs, uncheck this option. - - - **Scan All Protocols**: When checked, this option expands the scan to include IGMP (Protocol 2) along with ICMP and IPv4. In most cases, you can leave this option unselected. - +- **Port:** Leave at 161 if you are unsure. +- **SNMP Version:** Choose SNMP v1, v2c, or v3. +- **Community String:** Save your community strings as passwords, and select them for v1 or v2c. See below for v3. +- **Run Autodiscovery on CDP/LLDP Neighbors:** Find all CDP/LLDP neighbors that are reachable. +- **Strip Domain Name:** Strip domain name from discovered switch name. +- **Get all Switch Ports:** Retrieve all switch ports. +- **Delete Switch Ports Not Found:** Delete any switch ports in Device42 that were not found in this discovery. +- **Use Alias/Name for port description:** Choose if you prefer the Alias/Name for the port description. +- **Delete older MAC association after:** Specify the number of days after which unfound MAC addresses are deleted. +- **ICMP/TCP Port Check:** Leave this option enabled to improve efficiency and reduce the execution time of the job. If you experience any issues with multicast IPs, uncheck this option. + + - **Scan All Protocols:** When checked, this option expands the scan to include IGMP (Protocol 2) along with ICMP and IPv4. In most cases, you can leave this option unselected. + - + :::note Jobs created prior to Device42 v19.06 will continue to run using the full protocol set by default. ::: @@ -103,7 +102,7 @@ Job configuration fields: ### Vendor-Specific SNMP v3 Information **Cisco Nexus 7K switches:** -- The user for SNMP v3 autodiscovery may need to be in the `network-operator` or `vdc-operator` group. +- The user for SNMP v3 discovery may need to be in the `network-operator` or `vdc-operator` group. **Huawei Switches:** - By default, some Huawei devices ship with LLDP (Link Layer Discovery Protocol) via SNMP disabled. @@ -116,8 +115,8 @@ Job configuration fields: - To fix this authentication error on Cisco hardware, an additional SNMP-server configuration is required on these switches that enables access to the per-VLAN/per-context MAC address table: Switches running newer versions of Cisco IOS: -- Simply run this command once: -```shell +- Run this command once: +```shell snmp-server group v3group v3 auth context vlan- match prefix ``` @@ -127,12 +126,12 @@ Switches with older IOS releases (that don't support "match prefix wildcard"): ### Preferred Credentials -You can enter preferred community string credentials when you create an SNMP discovery job. When the job runs, it will use the credentials in the order in which you enter them, stopping at the first successful authentication. Subsequent job runs use the last successful credential and then the remaining credentials in the ordered list. +You can enter preferred community string credentials when you create an SNMP discovery job. When the job runs, it uses the credentials in the order in which you enter them, stopping at the first successful authentication. Subsequent job runs use the last successful credential and then the remaining credentials in the ordered list. -Click on the **+ Add another community string** button at the bottom of the **Credentials** section. Then select the secret for the community string by clicking **+** (the plus icon). +Click on the **+ Add another community string** button at the bottom of the **Credentials** section. Then select the secret for the community string by clicking the **plus icon**. :::note -For successful SNMP v3 discovery, please only use one set of SNMP v3 credentials per username. Currently, entering multiple credentials with shared passwords results in only one of the credential sets being used. +For successful SNMP v3 discovery, use only one set of SNMP v3 credentials per username. Entering multiple credentials with shared passwords results in only one of the credential sets being used. ::: -Re-order the credentials by clicking the **up** and **down** arrow buttons to the right of the screen. +Reorder the credentials by clicking the **up** and **down** arrow buttons to the right of the screen.

-For SNMP v3, we support the following **Auth Protocols**: +Device42 supports the following SNMP v3 **Auth Protocols**: - MD5 - SHA - SHA256 - SHA512 -For SNMP v3, we support the following **Privacy Protocols**: +Device42 supports the following SNMP v3 **Privacy Protocols**: - DES - 3DES - AES -- AES128 +- AES128 - AES192 - AES192C - AES256 - AES256C -If you keep **Get all switch ports** selected, you will see extra form items: +If you keep **Get all switch ports** selected, you will see extra form items: -1. **Port name prefix to ignore macs**: Ignore MAC addresses from ports that start with this prefix. -2. **VLANs to ignore**: Do not discover MAC addresses on these VLANs. -3. **Give precedence to hostname**: Check this option to give precedence to the discovered hostname in the network device discovery. -4. **Delete older mac association after**: To keep your mac addresses and switch port connectivity up to date, leave this at "0". This will delete all stale MAC addresses not discovered on the switch port anymore. Otherwise, you can choose the number of days after you want to delete the stale MAC association with a switch port. -5. **Discovered port types to ignore**: You might not want to see certain port types in your switch port list. Here you can choose what port types to ignore. For the first time: - - You will have to let it find the port types the first time. +1. **Port name prefix to ignore macs:** Ignore MAC addresses from ports that start with this prefix. +2. **VLANs to ignore:** Do not discover MAC addresses on these VLANs. +3. **Give precedence to hostname:** Check this option to give precedence to the discovered hostname in the network device discovery. +4. **Delete older mac association after:** To keep your MAC addresses and switch port connectivity up to date, leave this at "0". This deletes all stale MAC addresses not discovered on the switch port anymore. Otherwise, you can choose the number of days after which to delete the stale MAC association with a switch port. +5. **Discovered port types to ignore:** You might not want to see certain port types in your switch port list. Choose what port types to ignore. For the first time: + - Let the job find the port types first. - If you want to ignore specific port types, you must manually delete the corresponding switch ports. You can filter by discovered type under **IPAM > Switch Ports**. - - Add the ports to ignore list on the discovery page -6. **Discovered port types not to count:** Similar to above. This will still bring the ports in, excluding selected port types from the count. + - Add the ports to the ignore list on the discovery page. +6. **Discovered port types not to count:** Similar to above. This still brings the ports in, but excludes selected port types from the count. ## Globally Exclude OIDs -You can set certain OIDs to be ignored globally to prevent them from being collected during SNMP discovery. Navigate to **Tools > Global Settings** and scroll down to the **Ignore OID(s):** field. +You can set certain OIDs to be ignored globally to prevent them from being collected during SNMP discovery. Navigate to **Tools > Global Settings** and scroll down to the **Ignore OID(s)** field. Device42 supports two methods of exclusion: Use a trailing dot (`.`) to ignore entire categories of data, or omit it to ignore specific OIDs. @@ -234,7 +233,7 @@ Device42 supports two methods of exclusion: Use a trailing dot (`.`) to ignore e }} /> -- To exclude an OID category, include a period (`.`) at the end of the OID. +- To exclude an OID category, include a period (`.`) at the end of the OID. For example: @@ -242,7 +241,7 @@ Device42 supports two methods of exclusion: Use a trailing dot (`.`) to ignore e 1.3.6.1.2.1.4.35.1. # ignore entire OID tree ``` - This will ignore `1.3.6.1.2.1.4.35.1.2`, `1.3.6.1.2.1.4.35.1.3`, and all other OIDs that start with `1.3.6.1.2.1.4.35.1.` + This ignores `1.3.6.1.2.1.4.35.1.2`, `1.3.6.1.2.1.4.35.1.3`, and all other OIDs that start with `1.3.6.1.2.1.4.35.1.` :::note -When OIDs are set to be ignored globally, existing discovery jobs will not automatically inherit these ignored OIDs. To apply the ignored OIDs to existing discovery jobs, a new discovery job must be created. +When OIDs are set to be ignored globally, existing discovery jobs do not automatically inherit these ignored OIDs. To apply the ignored OIDs to existing discovery jobs, create a new discovery job. ::: ## Run Now or Schedule -When you have saved the network switch for autodiscovery, you will need to run the autodiscovery process. Select **Run Now** on the job's page after saving, or from the list page. +After saving the network switch for discovery, you need to run the discovery process. Select **Run Now** on the job's page after saving, or from the list page. - -You can also see a real-time report of all running jobs and their statuses under **Analytics > Jobs Dashboard**, and of all completed jobs under **Completed Jobs**: +You can also see a real-time report of all running jobs and their statuses under **Analytics > Jobs Dashboard**, and of all completed jobs under **Completed Jobs**. - diff --git a/docs/auto-discovery/nmap-autodiscovery.mdx b/docs/auto-discovery/nmap-autodiscovery.mdx index 6c38c22a3..9cd5aa313 100644 --- a/docs/auto-discovery/nmap-autodiscovery.mdx +++ b/docs/auto-discovery/nmap-autodiscovery.mdx @@ -6,19 +6,19 @@ sidebar_position: 20 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## Nmap Autodiscovery +This page covers how to use Nmap (network mapper) discovery to identify services running on ports across your network. Device42 combines Nmap data with [NetFlow](netflow-collector.mdx) data to automatically create a map of services and application dependencies. -Nmap (network mapper) is a tool primarily used for security scanning. However, it can be used to “guess” which services are running on which ports. Device42 uses Nmap to discover which services are running on which ports and automatically combines this data with the [NetFlow](auto-discovery/netflow-collector.mdx) data to automatically create a map of services and application dependencies. +Nmap is a tool primarily used for security scanning, but it can also identify which services are running on which ports. -## Add an Nmap Autodiscovery Job +## Create an Nmap Discovery Job -Navigate to the **Discovery > Nmap** list page and click **Create** to add a new Nmap autodiscovery job.  +Navigate to the **Discovery > Nmap** list page and click **Create** to add a new Nmap discovery job. Enter the following required fields for the Nmap job: - **Name:** A unique name for the job. - **Remote Collector:** The name of the Remote Collector to use. A Local Collector cannot be used. -- **Target Host(s) and Network(s):** A comma-separated list of IP addresses, IP ranges, CIDR block(s), or hostname(s) to use for Nmap discovery. +- **Target Host(s) and Network(s):** A comma-separated list of IP addresses, IP ranges, CIDR block(s), or hostname(s) to use for Nmap discovery. +### Nmap Discovery Job Options + You can optionally configure these Nmap job options: -- **Exclude Target Host(s) and Network(s):** A comma-separated list of IP addresses, IP ranges, CIDR block(s), or hostname(s) to exclude for Nmap discovery. +- **Exclude Target Host(s) and Network(s):** A comma-separated list of IP addresses, IP ranges, CIDR block(s), or hostname(s) to exclude from Nmap discovery. - **Nameserver to use for reverse DNS:** The IP address or FQDN of the nameserver. -- **OS Detection**: On by default. Detect operating systems and versions. -- **Service and Version Detection**: On by default. Detect running services. +- **OS Detection:** On by default. Detects operating systems and versions. +- **Service and Version Detection:** On by default. Detects running services. - **Object Category for discovered devices:** Select an existing object category or add a new category. - **VRF Group for discovered IP addresses and subnets:** Select an existing VRF group or add a new group. - **Overwrite existing object categories:** Overwrite the object categories for existing discovered devices and child devices. - **Tags for discovered devices:** Add a comma-separated list of device tags. - + -## Run Now or Schedule +### Run Now or Schedule -Select **Add another Auto Discovery Schedule** when creating or editing the job to add a schedule for the job. +Select **Add another Auto Discovery Schedule** when creating or editing the job to add a schedule.

-To prevent an unintentionally large number of jobs from running initially, newly created jobs will not run on the first day they are created. If you would like to run a job after its initial creation, click the **Run Now** button on the job summary page that is displayed after you save a new job. +Newly created jobs do not run on the first day they are created to prevent an unintentionally large number of jobs from running initially. To run a job after its initial creation, click the **Run Now** button on the job summary page displayed after you save a new job. The **Run Now** button is also available on the list page (**Discovery > Nmap**). +## Nmap and NetFlow Discovery Notes -## Nmap and NetFlow Autodiscovery Notes - -In Device42, NetFlow and Nmap can be used by themselves, together, or in combination with point-in-time discovery. Using NetFlow and Nmap data together but without point-in-time discovery results in a good services dependency mapping capability. However, just using these two sources of data is still limited in the following ways: +In Device42, NetFlow and Nmap can be used by themselves, together, or in combination with point-in-time discovery. Using NetFlow and Nmap data together but without point-in-time discovery results in good service dependency mapping. However, using only these two data sources has the following limitations: -1. A map of service inter-dependencies and interrelationships can be created. However, many services often combine applications and associated information to form the entire application. For example, there might be multiple Oracle services plus configuration files that together form the Oracle application. Installed apps on a web server, and instances and named pipes on a database, cannot be discovered by the NetFlow/Nmap combination. +1. A map of service inter-dependencies and interrelationships can be created, but many services often combine applications and associated information to form the entire application. For example, there might be multiple Oracle services plus configuration files that together form the Oracle application. Installed apps on a web server, and instances and named pipes on a database, cannot be discovered by the NetFlow/Nmap combination. 2. The services that Nmap finds are guesses, and the guessed version number is probably wrong as often as it is right. -3. Some enterprises have such restrictive firewall rules that Nmap will discover few, if any, services. -4. NetFlow can’t “see” application interactions inside a physical, virtual, or cloud server. NetFlow can only see interactions that go through the router. So, many dependencies will be missed. -5. While NetFlow works well for physical routers and switches, it's not great for the virtual routers and switches found in hypervisors because many hypervisors do not support NetFlow. -6. On routers and switches, NetFlow must be set up for every segment. If some segments are not set up, the application interactions will not be found. +3. Some enterprises have such restrictive firewall rules that Nmap discovers few, if any, services. +4. NetFlow cannot see application interactions inside a physical, virtual, or cloud server. NetFlow can only see interactions that go through the router, so many dependencies are missed. +5. While NetFlow works well for physical routers and switches, it's not effective for the virtual routers and switches found in hypervisors because many hypervisors do not support NetFlow. +6. On routers and switches, NetFlow must be set up for every segment. If some segments are not set up, the application interactions are not found. -To overcome these limitations, it is better to use NetFlow and Nmap in conjunction with point-in-time discovery. +To overcome these limitations, use NetFlow and Nmap in conjunction with point-in-time discovery. diff --git a/docs/auto-discovery/operating-systems-supported-in-auto-discovery.mdx b/docs/auto-discovery/operating-systems-supported-in-auto-discovery.mdx index a0fc82d59..58b5903e3 100644 --- a/docs/auto-discovery/operating-systems-supported-in-auto-discovery.mdx +++ b/docs/auto-discovery/operating-systems-supported-in-auto-discovery.mdx @@ -3,25 +3,23 @@ title: "Operating Systems Supported in Autodiscovery" sidebar_position: 21 --- -## Background on the Device42 Test Lab - We test on as many operating systems as we can get our hands on for agentless autodiscovery. This list is by no means exhaustive or exclusive but should provide a good starting point. As a general rule, if there's an OS giving you trouble, we're happy to try and build in support for it. You can [email support](mailto:support@device42.com) or [submit a request](https://support.device42.com/) on our website. :::note -All discoveries can be run without agents on the Device42 Main Appliance with the option of using one or more remote collectors. Agentless Windows discovery requires at least one instance of the Windows Discovery Service (WDS) to be deployed on your network, where it can reach your desired discovery targets. +All discoveries can be run without agents on the Device42 Main Appliance with the option of using one or more remote collectors. Agentless Windows discovery requires at least one instance of the Windows Discovery Service (WDS) deployed on your network where it can reach your desired discovery targets. ::: ## Supported Distros and Operating Systems -**Major Linux distributions** work well with autodiscovery, including: -- Debian +**Major Linux distributions** work well with autodiscovery, including: +- Debian - Ubuntu - Red Hat - CentOS - Fedora - SUSE -- OpenSUSE - +- OpenSUSE + **Most UNIX distros** are well supported, including: - AIX - OpenBSD @@ -33,10 +31,12 @@ Other UNIX distros should also work well with autodiscovery (via SSH). Major **Windows releases (7, 8, 10, Server 2000+) are all supported** and should all work well with autodiscovery (via WMI/WinRM). -Discovery of the **IBM i powered mid-range** line and **IBM z/OS** powered mainframes are also supported. +Discovery of the **IBM i powered mid-range** line and **IBM z/OS** powered mainframes is also supported. ## Tested Distros and Operating Systems +The following operating systems have been tested with Device42 discovery: + @@ -61,7 +61,7 @@ Discovery of the **IBM i powered mid-range** line and **IBM z/OS** powered mainf
  • FreeBSD 10.3-RELEASE
  • FreeBSD 9.3-RELEASE
  • HP-UX 11
    • -
  • IBM i v7.1 (English & Spanish locales)
    • +
  • IBM i v7.1 (English and Spanish locales)
  • IBM z/OS 2.1, 2.3
  • Microsoft Windows 7
  • Microsoft Windows 8
    • @@ -109,4 +109,4 @@ Discovery of the **IBM i powered mid-range** line and **IBM z/OS** powered mainf -
    \ No newline at end of file + diff --git a/docs/auto-discovery/packet-capture.mdx b/docs/auto-discovery/packet-capture.mdx index 58218d595..746bcf717 100644 --- a/docs/auto-discovery/packet-capture.mdx +++ b/docs/auto-discovery/packet-capture.mdx @@ -3,9 +3,9 @@ title: "Packet Capture" sidebar_position: 22 --- -The [Device42 Packet Capture tool](https://www.device42.com/autodiscovery/) enables packet capture to be leveraged as a means of discovery. Packet capture discovers service communication happening in real-time for any service listeners known to Device42. It lets you discover service communications that are too infrequent for scheduled discovery jobs to catch. +The [Device42 Packet Capture tool](https://www.device42.com/autodiscovery/) enables packet capture as a means of discovery. Packet capture discovers service communication happening in real-time for any service listeners known to Device42, letting you discover service communications that are too infrequent for scheduled discovery jobs to catch. -Device42 packet capture supports both individual and promiscuous interfaces, allowing you the flexibility to deploy and use packet capture in the way that makes the most sense for your IT environment. +Device42 packet capture supports both individual and promiscuous interfaces, giving you the flexibility to deploy and use packet capture in the way that makes the most sense for your IT environment. ## Prerequisites @@ -17,38 +17,38 @@ You need the following to use the Device42 Packet Capture tool: - A packet capture library installed on your operating system: - On **Windows**, use a WinPcap-compatible library like [Npcap](https://npcap.com/). Be sure to select the **Install in API-Compatible mode** option during setup. - On **Linux**, use `libpcap`. - -You can optionally enable promiscuous mode (aka 'monitor' mode) for the network or the interface of interest. + +You can optionally enable promiscuous mode (also known as monitor mode) for the network or the interface of interest. :::tip -Watch our [Intro to Packet Capture video](https://www.youtube.com/watch?v=y1U37Xc9V2k) for a quick overview of how to set up and use packet capture with Device42. +Watch the [Intro to Packet Capture video](https://www.youtube.com/watch?v=y1U37Xc9V2k) for a quick overview of how to set up and use packet capture with Device42. ::: -## Configuration +## Configure Packet Capture 1. [Download](https://www.device42.com/autodiscovery/) the compressed `d42-packet-capture.zip` utility file and extract the contents to a directory of your choice. 2. Place the `d42pcap.json` config file into the directory with the utility. -3. On **Linux**, create a symlink for `libpcap` as required by the application, as it searches for the filename `libpcap.so.1`: +3. On **Linux**, create a symlink for `libpcap` as required by the application, which searches for the filename `libpcap.so.1`: ```bash sudo ln -s /usr/lib/x86_64-linux-gnu/libpcap.so.1.8.1 /usr/lib/x86_64-linux-gnu/libpcap.so.1 ``` - + On **Windows**, no extra configuration is needed. -4. Configure the utility by editing the `d42pcap.json`file. At minimum, configure the following sections to run the Packet Capture utility: +4. Configure the utility by editing the `d42pcap.json` file. At minimum, configure the following sections to run the Packet Capture utility: - - **Point the utility at your Device42 instance** by inputting its IP address, username, and password in the `device42` section of the config file. Save the file. + - **Point the utility at your Device42 instance** by entering its IP address, username, and password in the `device42` section of the config file. Save the file. - Enter the name of your capture interface in the `device` property of the `pcap` section. Use the name as shown under `ipconfig` on Windows or `ifconfig` on Linux. For example, `ens32`. - - Adjust the interval property of the common section. The default is to relay 60-second chunks of capture data to Device42 to not overwhelm the MA, especially if filtering isn't used or you're capturing traffic from many devices. + - Adjust the `interval` property of the `common` section. The default is to relay 60-second chunks of capture data to Device42 to avoid overwhelming the MA, especially if filtering isn't used or you're capturing traffic from many devices. -5. The utility may be installed to run as a Windows or Linux Service as desired. See the [Installing Device42 Packet Capture as a System Service](#installing-device42-packet-capture-as-a-system-service) section. +5. Optionally install the utility to run as a Windows or Linux service. See the [Install Packet Capture as a System Service](#install-packet-capture-as-a-system-service) section. -## Executing the Packet Capture Utility +## Run the Packet Capture Utility 1. Ensure all [Prerequisites](#prerequisites) are met. -2. Configure the utility as described in the [Configuration](#configuration) section above. +2. Configure the utility as described in the [Configure Packet Capture](#configure-packet-capture) section above. 3. Execute the utility by running: - - Windows:     `c:\>  d42pcap.exe` - - Linux:     `$ sudo ./d42pcap_linux_64` + - Windows: `c:\> d42pcap.exe` + - Linux: `$ sudo ./d42pcap_linux_64` 4. Optionally configure the following runtime parameters: | Parameter | Description | @@ -56,86 +56,90 @@ Watch our [Intro to Packet Capture video](https://www.youtube.com/watch?v=y1U37X | `list-devices` | Lists all network adapters on the host | | `version` | Prints the version of the utility | | `logs-dir` | Overrides the directory to which log files are written | -| `settings-dir` | The directory containing the utility’s JSON configuration file | -| `settings-name` | The name of the utility’s JSON configuration file | +| `settings-dir` | The directory containing the utility's JSON configuration file | +| `settings-name` | The name of the utility's JSON configuration file | | `debug` | Turns on debug logging | | `install-win-service` | Installs the utility as a Windows service (Windows executable only) | -| `remove-win-service ` | Removes the utility from the installed Windows services. (Windows executable only) | +| `remove-win-service` | Removes the utility from the installed Windows services (Windows executable only) | ## Configuration File Definitions +The configuration file contains the following sections: + | Section | Description | | -------- | ----------------------------------------------------------------------------------------------------------- | | `device42` | Contains settings required to interact with Device42. | | `common` | Contains common application settings. | | `pcap` | Contains settings that affect how raw network packets are handled. | -| `capture` | Settings affect Device42 Netflow and Packet Capture engine event processing. Note: Section intended for Device42 support. | +| `capture` | Settings that affect Device42 NetFlow and Packet Capture engine event processing. This section is intended for Device42 support. | ### Device42 Configuration | Property | Description | Required | | -------- | --------------------------------- | -------- | -| `Host` | Base URL of the Device42 website | yes | -| `User` | Username | yes | -| `Password` | Password | yes | +| `Host` | Base URL of the Device42 website | Yes | +| `User` | Username | Yes | +| `Password` | Password | Yes | -### Common configuration +### Common Configuration | Property | Description | Required | | -------- | -------------------------------------------------------------------------- | -------- | -| `Interval` | The number of seconds to collect network events before sending to Device42 | yes | -| `logs-dir` | The directory to which log files are written | no | +| `Interval` | The number of seconds to collect network events before sending to Device42 | Yes | +| `logs-dir` | The directory to which log files are written | No | -### PCAP Configuration Section +### PCAP Configuration | Property | Description | Required | | ----------------------------- | ---------------------------------------------------------------------------- | -------- | -| `Device ` | Specify network capture interface | yes | -| `include-source-tcp-ports` | TCP source ports to include | no | -| `include-destination-tcp-ports` | TCP destination ports to include | no | -| `include-source-udp-ports` | UDP source ports to include | no | -| `include-destination-udp-ports`| UDP destination ports to include | no | -| `include-source-tcp-ips ` | TCP source IPs to include | no | -| `include-dest-tcp-ips` | TCP destination IPs to include | no | -| `include-source-udp-ips` | UDP source IPs to include | no | -| `include-dest-udp-ips` | UDP destination IPs to include | no | -| `ignore-tcp` | Ignore all TCP network events | no | -| `ignore-udp` | Ignore all UDP network events | no | -| `promiscuous-mode` | `true` captures all packets passed and received rather than just host packets | yes | -| `sniff-timeout` | Duration in nanoseconds to wait for network events to be read. (Default = 2) | yes | -| `snap-length` | Length of raw network packets to collect. (Default = 1600) | yes | - -### Capture Configuration Section +| `Device` | Specify network capture interface | Yes | +| `include-source-tcp-ports` | TCP source ports to include | No | +| `include-destination-tcp-ports` | TCP destination ports to include | No | +| `include-source-udp-ports` | UDP source ports to include | No | +| `include-destination-udp-ports`| UDP destination ports to include | No | +| `include-source-tcp-ips` | TCP source IPs to include | No | +| `include-dest-tcp-ips` | TCP destination IPs to include | No | +| `include-source-udp-ips` | UDP source IPs to include | No | +| `include-dest-udp-ips` | UDP destination IPs to include | No | +| `ignore-tcp` | Ignore all TCP network events | No | +| `ignore-udp` | Ignore all UDP network events | No | +| `promiscuous-mode` | `true` captures all packets passed and received rather than just host packets | Yes | +| `sniff-timeout` | Duration in nanoseconds to wait for network events to be read (default: 2) | Yes | +| `snap-length` | Length of raw network packets to collect (default: 1600) | Yes | + +### Capture Configuration | Property | Description | Required | | ------------------- | ------------------------- | -------- | -| `live-entries` | Display live entries | no | -| `live-entries-ok` | Display OK live entries | no | -| `live-entries-nok` | Display NOK live entries | no | -| `print-data` | Print data | no | -| `ignore-ips` | Ignored IPs | no | -| `ignore-ports` | Ignored Ports | no | -| `pass-to` | Reserved for Device42 use | no | -| `default-protocol` | Reserved for Device42 use | no | -| `only-stats` | Reserved for Device42 use | no | -| `report-any-ip` | Reserved for Device42 use | no | -| `report-src-ip` | Reserved for Device42 use | no | -| `report-dst-ip` | Reserved for Device42 use | no | -| `unprocessed-packets` | Reserved for Device42 use | no | - -## Installing Device42 Packet Capture as a System Service +| `live-entries` | Display live entries | No | +| `live-entries-ok` | Display OK live entries | No | +| `live-entries-nok` | Display NOK live entries | No | +| `print-data` | Print data | No | +| `ignore-ips` | Ignored IPs | No | +| `ignore-ports` | Ignored ports | No | +| `pass-to` | Reserved for Device42 use | No | +| `default-protocol` | Reserved for Device42 use | No | +| `only-stats` | Reserved for Device42 use | No | +| `report-any-ip` | Reserved for Device42 use | No | +| `report-src-ip` | Reserved for Device42 use | No | +| `report-dst-ip` | Reserved for Device42 use | No | +| `unprocessed-packets` | Reserved for Device42 use | No | + +## Install Packet Capture as a System Service + +You can install the Packet Capture utility to run as a system service on Windows or Linux. **On Windows:** -Simply execute with the `install-win-service` flag or follow the instructions to create a new Linux service daemon. +Execute with the `install-win-service` flag: ```shell -C:\\> d42pcap -install-win-service +C:\> d42pcap -install-win-service ``` -**On Linux Daemon** +**On Linux:** -1. To run the utility as a Linux daemon, create a service file like the following example in the `/etc/systemd/system` directory: +1. Create a service file in the `/etc/systemd/system` directory: ``` [Unit] @@ -153,12 +157,9 @@ C:\\> d42pcap -install-win-service WantedBy=multi-user.target ``` -2. Enable and then start the service: - -```bash -sudo systemctl enable d42pcap.service -``` +2. Enable and start the service: -```bash -sudo systemctl start d42pcap.service -``` + ```bash + sudo systemctl enable d42pcap.service + sudo systemctl start d42pcap.service + ``` diff --git a/docs/auto-discovery/remote-collector-rc.mdx b/docs/auto-discovery/remote-collector-rc.mdx index 701da7d6a..83a9bbfe1 100644 --- a/docs/auto-discovery/remote-collector-rc.mdx +++ b/docs/auto-discovery/remote-collector-rc.mdx @@ -6,27 +6,27 @@ sidebar_position: 24 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## The Device42 Remote Collector +A Remote Collector (RC) is a virtual appliance deployed separately from the Device42 Main Appliance (MA). An RC is controlled from the MA and sent discovery jobs that it executes remotely. All discovery jobs, including Power SNMP jobs, are supported and can be run remotely on an RC. -A Remote Collector (RC) is a virtual appliance deployed separately from the Device42 Main Appliance (MA). An RC is controlled from the MA and sent autodiscovery jobs that it executes remotely. All autodiscovery jobs, including Power SNMP jobs, are supported and can be run remotely on an RC. +This page covers sizing recommendations, how to run remote discoveries, and how to view and manage Remote Collectors. For installation instructions, see [Remote Collector Installation](/getstarted/deploy-device42/remote-collector-rc-installation.mdx). :::note -Windows discovery requires at least one [Windows Discovery Service](getstarted/deploy-device42/windows-discovery-service-installation.mdx) (WDS) instance to be deployed. +Windows discovery requires at least one [Windows Discovery Service](/getstarted/deploy-device42/windows-discovery-service-installation.mdx) (WDS) instance to be deployed. ::: -You may configure an unlimited number of RC appliances as needed across your environment. RCs facilitate SNMP, IPMI, hypervisor, and other types of autodiscovery across networks requiring only HTTPS access, eliminating the need to open numerous ports across network segments. +You can configure an unlimited number of RC appliances as needed across your environment. RCs facilitate SNMP, IPMI, hypervisor, and other types of discovery across networks requiring only HTTPS access, eliminating the need to open numerous ports across network segments. -### Sizing Recommendations +## Sizing Recommendations -For one RC per 1000 workloads, the sizing recommendations are as follows: +For one RC per 1000 workloads, the sizing recommendations are: - Two vCPU - 4GB RAM - 50GB vDisk -## Running Remote Discoveries +## Run Remote Discoveries -Once registered, you can schedule any autodiscovery job from the MA and instruct it to run on the RC of your choosing. Each autodiscovery screen shows a **Remote Collector** dropdown menu. Click this dropdown to display all registered RCs and choose the RC you would like to run the discovery job: +Once registered, you can schedule any discovery job from the MA and instruct it to run on the RC of your choosing. Each discovery screen shows a **Remote Collector** dropdown menu. Click this dropdown to display all registered RCs and choose the RC to run the discovery job. Remote Collectors** and click the RC **Name** on the list page to view or edit a specific RC. Click the **Edit** button to edit the RC. -Note that the view and edit pages now include a **MAC Address** field showing the address of the RC. Be careful editing this address; an incorrect address will cause the RC to disconnect. +The view and edit pages include a **MAC Address** field showing the address of the RC. Be careful when editing this address; an incorrect address causes the RC to disconnect. -### Remote Collector List Page Actions +## Remote Collector List Page Actions -Navigate to the **Remote Collectors** list page under **Discovery > Remote Collectors** and click **Actions**. +Navigate to **Discovery > Remote Collectors** and click **Actions** to access bulk actions. Remote Colle Select the relevant RC(s) from the table, choose one of the following actions, and click the **hammer icon** to execute the action: -- **Delete with Detailed Confirmation**: Delete the selected RC(s) with a confirmation prompt. -- **Export Selected Items as CSV**: Export a CSV file with information about the selected RC(s). -- **Clear logs**: Clear the log files for the selected RC(s). -- **Reboot Collectors**: Reboot the selected connected RC(s). Note that if your RC is exhibiting unusual behavior, rebooting the RC is a good first step to resolving the problem. -- **Set Logging Level**: Set the RC logging level. Select **Information** to reduce the log file size. You can also set a Global Logging Level via the RC console. -- **Set Proxy Settings**: Edit the RC(s) inherited proxy settings. +- **Delete with Detailed Confirmation:** Delete the selected RC(s) with a confirmation prompt. +- **Export Selected Items as CSV:** Export a CSV file with information about the selected RC(s). +- **Clear logs:** Clear the log files for the selected RC(s). +- **Reboot Collectors:** Reboot the selected connected RC(s). If your RC is exhibiting unusual behavior, rebooting the RC is a good first step to resolving the problem. +- **Set Logging Level:** Set the RC logging level. Select **Information** to reduce the log file size. You can also set a Global Logging Level via the RC console. +- **Set Proxy Settings:** Edit the RC(s) inherited proxy settings. -## Installation and Configuration +## Install and Configure Remote Collectors -See the [Remote Collector Installation page](/getstarted/deploy-device42/remote-collector-rc-installation.mdx) for installation and configuration instructions. +See the [Remote Collector Installation](/getstarted/deploy-device42/remote-collector-rc-installation.mdx) page for installation and configuration instructions. diff --git a/docs/auto-discovery/resource-utilization-overview.mdx b/docs/auto-discovery/resource-utilization-overview.mdx index 04234ebd0..5d0623663 100644 --- a/docs/auto-discovery/resource-utilization-overview.mdx +++ b/docs/auto-discovery/resource-utilization-overview.mdx @@ -6,19 +6,19 @@ sidebar_position: 25 import ThemedImage from '@theme/ThemedImage'; import useBaseUrl from '@docusaurus/useBaseUrl'; -:::note -You need to have an RU license installed in order to use Device42's Resource Utilization features. See [Licensing](/administration/licensing.mdx) for more details. -::: - -The Resource Utilization (RU) module tracks and stores data on CPU, memory, disk, and network usage, as well as power and environmental sensors. This data is collected at a user-defined interval and stored in a time-series database (TSDB) on the Remote Collector (RC) that discovered the device. RU data is then used to generate reports under **Analytics > Reports**. +The Resource Utilization (RU) module tracks and stores data on CPU, memory, disk, and network usage, as well as power and environmental sensors. This page covers how to enable RU tracking, understand the data storage architecture, visualize trends, and use the RU API. RU resource-usage metrics can fuel advanced business and capacity-planning decisions, migration planning, move-group selection (via Application Groups), and cloud-target rightsizing, as well as support a variety of other digital transformation projects. -## Enabling Resource Utilization +:::note +You need an RU license installed to use Device42's Resource Utilization features. See [Licensing](/administration/licensing.mdx) for more details. +::: + +## Enable Resource Utilization -Enable RU tracking by checking **Enable Resource Utilization Tracking for Device(s)** on Hypervisor/\*nix/Windows autodiscovery jobs. +Enable RU tracking by checking **Enable Resource Utilization Tracking for Device(s)** on Hypervisor/\*nix/Windows discovery jobs. -Select an interval from the **Resource Utilization Sampling Interval** dropdown – the default period is ten minutes (600 seconds). When RU tracking is enabled, you will not be able to save the discovery job unless an interval is specified. +Select an interval from the **Resource Utilization Sampling Interval** dropdown. The default period is ten minutes (600 seconds). When RU tracking is enabled, you cannot save the discovery job unless an interval is specified. -### Enabling Tracking on Devices +### Enable Tracking on Devices -Discovered devices are tracked when **Enable Resource Utilization Tracking for Device(s)** is checked on the discovery job when the job is run. If the option was unselected when the job was run, enable it and it should bring in data the next time the discovery job runs. +Discovered devices are tracked when **Enable Resource Utilization Tracking for Device(s)** is checked on the discovery job when the job runs. If the option was unselected when the job ran, enable it and the job will bring in data the next time it runs. -On an individual device's details page, you'll see that the **Is Device42 monitoring enabled** option is set to **Yes**. +On an individual device's details page, the **Is Device42 monitoring enabled** option is set to **Yes**. - + ## Technical Details: RU Data Storage +This section explains how RU data is stored and aggregated. + ### The Time-Series Database (TSDB) -Monitoring data is kept on the RC in a TSDB. A dedicated database called `sensors` is used for this purpose, and it contains the following series: +Monitoring data is kept on the RC in a TSDB. A dedicated database called `sensors` is used for this purpose and contains the following series: -- **`infeeds`**: Stores infeeds stats -- **`outlets`**: Stores outlets stats -- **`banks`**: Stores banks stats -- **`battery`**: Stores battery stats -- **`device`**: Stores device sensors - usually load, power factor, etc. -- **`env_sensor`**: Stores all types of `device_sensors` - humidity, temperature, CPU, etc. +- **`infeeds`:** Stores infeeds stats +- **`outlets`:** Stores outlets stats +- **`banks`:** Stores banks stats +- **`battery`:** Stores battery stats +- **`device`:** Stores device sensors (usually load, power factor, and so on) +- **`env_sensor`:** Stores all types of `device_sensors` (humidity, temperature, CPU, and so on) -You can think about these series as if they were Excel sheets, with the first column always consisting of a timestamp. For example, a memory series looks like this: +You can think of these series as Excel sheets, with the first column always consisting of a timestamp. For example, a memory series looks like this: ![A memory series in Device42](/assets/images/sensor_data_series.png) @@ -76,13 +78,13 @@ Aggregation takes multiple data points and converts their values to one data poi * * * -
    As an example, if we were to generate `AVG` physical values from 5-minute intervals, with a point every minute, from the table in the screenshot above, we would get:The `MIN` setting, instead, would return the smallest value from each set:
    • (53.242 + 51.672) / 2 = 52.457
    • (52.688 + 52.676) / 2 = 52.682
    • 53.242 < 51.672 = 51.672
    • 52.688 > 52.676 = 52.676
    +
    As an example, if you were to generate `AVG` physical values from 5-minute intervals, with a point every minute, from the table in the screenshot above, you would get:The `MIN` setting, instead, would return the smallest value from each set:
    • (53.242 + 51.672) / 2 = 52.457
    • (52.688 + 52.676) / 2 = 52.682
    • 53.242 < 51.672 = 51.672
    • 52.688 > 52.676 = 52.676
    * * * ### Data Capture Intervals -Available intervals: +The available intervals are: - SNMP: 1 second - Linux: 5 seconds @@ -92,7 +94,7 @@ Available intervals: To visualize data, choose the **Trends** option from any device that has RU enabled. This option is not displayed when tracking is not active or the license does not allow it. -Note that for users with power tracking enabled, `device_sensors` is also shown here. +For users with power tracking enabled, `device_sensors` is also shown here. So, let’s look at the following example data for ReadTransfer:
    • 00:01 – 100 bytes
    • 00:02 – 123 bytes
    • 00:03 – 234 bytes
    If a user requests data between 00:01 and 00:03 with density=3 (see API section for density details), Device42 will print:
    • 00:01 – 0 bytes
    • 00:02 – 23 bytes
    • 00:03 – 111 bytes
    +
    For example, the following data for ReadTransfer:
    • 00:01 – 100 bytes
    • 00:02 – 123 bytes
    • 00:03 – 234 bytes
    		If a user requests data between 00:01 and 00:03 with density=3 (see API section for density details), Device42 prints:
    • 00:01 – 0 bytes
    • 00:02 – 23 bytes
    • 00:03 – 111 bytes
    -If results cannot be retrieved from an RC (if the RC is down, etc.), an **Inaccessible Remote Collector** message will be displayed on trend reports. +If results cannot be retrieved from an RC (if the RC is down, for example), an **Inaccessible Remote Collector** message is displayed on trend reports. * * * @@ -149,18 +153,18 @@ If results cannot be retrieved from an RC (if the RC is down, etc.), an **Inacce There are three types of RU data reports available via **Analytics > Reports** based on captured RU data. -**Users may select the "Type of Data" they would like to see:** +**Select the "Type of Data" you want to see:** -- **Minimum**: Report uses data minimums -- **Maximum**: Report uses data maximums -- **Average**: Report uses data averages +- **Minimum:** Report uses data minimums +- **Maximum:** Report uses data maximums +- **Average:** Report uses data averages **Peak (Maximum) calculations:** -- **CPU**: A single number that represents the sum of all (CPU power times percentage peak usage) -- **Memory**: Total Peak, RAM, Swap, and RAM + Swap -- **Network**: Peak per card -- **Disk**: Peak IO across disks and Peak latency +- **CPU:** A single number that represents the sum of all (CPU power times percentage peak usage) +- **Memory:** Total Peak, RAM, Swap, and RAM + Swap +- **Network:** Peak per card +- **Disk:** Peak IO across disks and Peak latency * * * @@ -172,15 +176,15 @@ Currently, this API endpoint provides results in CSV format. JSON format may be ### General API Parameters -- **`type`**: Type of report, currently supports only device. _Optional_. -- **`id`**: Device ID -- **`ids`**: Comma-separated list of IDs. _Optional_. -- **`metric`**: The aggregation function that will be used. Can be `AVG`, `MIN`, or `MAX`. -- **`timezoneoffset`**: Your time zone is represented by GMT offset in minutes. For Moscow it is -180 (minus) and for NY 240 (without plus) -- **`end_date`**: The date of the final data point in US date and 24H time format, 12/31/17 15:16:17. -- **`timeperiod`**: The number of hours that you want to observe. +- **`type`:** Type of report, currently supports only device. Optional. +- **`id`:** Device ID +- **`ids`:** Comma-separated list of IDs. Optional. +- **`metric`:** The aggregation function that will be used. Can be `AVG`, `MIN`, or `MAX`. +- **`timezoneoffset`:** Your time zone represented by GMT offset in minutes. For Moscow it is -180 (minus) and for NY 240 (without plus). +- **`end_date`:** The date of the final data point in US date and 24H time format, `12/31/17 15:16:17`. +- **`timeperiod`:** The number of hours that you want to observe. -### Possible Values: +### Possible Values Pass an integer, `1-9`, to represent the following values: @@ -196,39 +200,38 @@ Pass an integer, `1-9`, to represent the following values: | `8` | 31 days | | `9` | 183 days | - ### Data Points Control Parameters -To control the number of data points, use the `interval` or `density` parameter. Choose one or the other, as trying to use both will cause one to override the other. +To control the number of data points, use the `interval` or `density` parameter. Choose one or the other, as trying to use both causes one to override the other. -- **`interval`**: Specify the number of seconds between data points. For example, if you want to get AVG/MIN/MAX data at 5-minute intervals for the last 24 hours, set `interval=300` and you will receive 288 data points. -- **`density`**: The number of points to collect per interval. This is similar to `interval`, but you should use it if you want to get an exact number of points for a given interval. For example, if you use a time of `period=6` (24 hours) and `density=100`, you will get 100 points with an interval of approximately 14.5 minutes. With a density of 1000, you will get 1000 points with a 1.5-minute interval. +- **`interval`:** Specify the number of seconds between data points. For example, if you want to get AVG/MIN/MAX data at 5-minute intervals for the last 24 hours, set `interval=300` and you will receive 288 data points. +- **`density`:** The number of points to collect per interval. This is similar to `interval`, but you should use it if you want to get an exact number of points for a given interval. For example, if you use a time of `period=6` (24 hours) and `density=100`, you will get 100 points with an interval of approximately 14.5 minutes. With a density of 1000, you will get 1000 points with a 1.5-minute interval. -**Important Limitation**: If the device polling interval is `N` seconds, and `N > interval`, the RC will reset `interval` to `N`. For example, if the polling interval for the device is 15 seconds, and you set `density=1000` and `period=1` (30 min), you will not get 1000 points. Instead, you will get `30 min * 60 seconds = 1800 seconds / 15 seconds polling interval = 120 points`. +**Important Limitation:** If the device polling interval is `N` seconds, and `N > interval`, the RC resets `interval` to `N`. For example, if the polling interval for the device is 15 seconds, and you set `density=1000` and `period=1` (30 min), you will not get 1000 points. Instead, you will get `30 min * 60 seconds = 1800 seconds / 15 seconds polling interval = 120 points`. -**CSV contains next type-measure combinations of data:** +**CSV contains the following type-measure combinations of data:** -- **`CPU-load`**: Aggregated CPU load for the selected interval as a percentage (for CPUs without a number, it is averaged across all numbered CPUs) -- **`Mem-physical`**: Aggregated physical memory used -- **`Mem-swap`**: Aggregated swap used -- **`Disk-(total,write,read)_iops`**: Aggregated IOPS for the disk -- **`Disk-(total,write,read)_iorate`**: Aggregated IORate for the disk -- **`Disk-(total,write,read)_latency`**: Aggregated latency for the disk -- **`Disk-(total,write,read)_transfer`**: Raw transfer for the disk at the end of the interval -- **`Disk-(total,write,read)_transfer_diff`**: Difference between raw transfer at the end and the start of the interval -- **`Nic-(in,out)_speed`**: Aggregated speed for the interface -- **`Nic-(in,out)_transfer`**: Raw transfer for the network interface at the end of the interval -- **`Nic-(in,out)_transfer_diff`**: Difference between raw transfer at the end and at the start of the interval +- **`CPU-load`:** Aggregated CPU load for the selected interval as a percentage (for CPUs without a number, it is averaged across all numbered CPUs) +- **`Mem-physical`:** Aggregated physical memory used +- **`Mem-swap`:** Aggregated swap used +- **`Disk-(total,write,read)_iops`:** Aggregated IOPS for the disk +- **`Disk-(total,write,read)_iorate`:** Aggregated IORate for the disk +- **`Disk-(total,write,read)_latency`:** Aggregated latency for the disk +- **`Disk-(total,write,read)_transfer`:** Raw transfer for the disk at the end of the interval +- **`Disk-(total,write,read)_transfer_diff`:** Difference between raw transfer at the end and the start of the interval +- **`Nic-(in,out)_speed`:** Aggregated speed for the interface +- **`Nic-(in,out)_transfer`:** Raw transfer for the network interface at the end of the interval +- **`Nic-(in,out)_transfer_diff`:** Difference between raw transfer at the end and at the start of the interval ## What If My RC Is Offline? -If your target RC is offline, you will not be able to fetch data from it, as the RC must be responsive to queries for data. All fields will either come back empty or will display the `-` character. Charts and reports will show empty gaps in data for periods when the RC was down. One exception is the PDU main page, which will display the latest values because its data is cached. +If your target RC is offline, you cannot fetch data from it, as the RC must be responsive to queries for data. All fields either come back empty or display the `-` character. Charts and reports show empty gaps in data for periods when the RC was down. One exception is the PDU main page, which displays the latest values because its data is cached. -## Handling of the Same IP/Machine Instance Across Multiple RCs +## Handle the Same IP Across Multiple RCs -If an IP is discovered across multiple Remote Collectors (RCs), Device42 will **not** monitor that IP again if it is already being monitored; were this otherwise permitted, unexpected behavior would likely result. We will adjust this and other RU workflows based on user feedback - please do let us know about any ideas or changes you have that would help you! +If an IP is discovered across multiple Remote Collectors (RCs), Device42 does **not** monitor that IP again if it is already being monitored. Permitting duplicate monitoring would likely result in unexpected behavior. -### Monitoring Management - Example Scenarios +### Monitoring Management Example Scenarios Consider the following scenario: @@ -241,35 +244,35 @@ Two discovery jobs are configured: * * * -You run Job#1 on RC#1 with monitoring enabled. After discovery, you will have: +You run Job#1 on RC#1 with monitoring enabled. After discovery, you have: - DeviceA with monitoring on RC#1 - DeviceB with monitoring on RC#1 - DeviceC without monitoring -Then you decide to run discovery using Job#2 on RC#2 with monitoring disabled. After this discovery job runs, you will have: +Then you decide to run discovery using Job#2 on RC#2 with monitoring disabled. After this discovery job runs, you have: - DeviceA with monitoring on RC#1 - DeviceB with monitoring on RC#1 - DeviceC without monitoring -Then you change the settings on Job #2 and run it from RC#2 with monitoring enabled. The end result will be: +Then you change the settings on Job#2 and run it from RC#2 with monitoring enabled. The end result is: - DeviceA with monitoring on RC#1 - DeviceB with monitoring on RC#1 - DeviceC with monitoring on RC#2 -Note that DeviceB does not switch the RC that it's attached to. +DeviceB does not switch the RC that it's attached to. -## (Legacy) How Can I Switch Device RU Monitoring to Another RC? +## (Legacy) Switch Device RU Monitoring to Another RC -If you _want_ to move a device to another RC, open the device list, select the device, and select one of the **Disable monitoring for selected devices...** actions. After disabling monitoring, run the job again with monitoring re-enabled on the new target RC. +If you want to move a device to another RC, open the device list, select the device, and select one of the **Disable monitoring for selected devices...** actions. After disabling monitoring, run the job again with monitoring re-enabled on the new target RC. ![Disable RU Monitoring on devices](/assets/images/disable_RU_monitoring_device_list_view-1.png) -The options differ according to how they handle the historical data for the device in question. The **...but keep data** action stores data for as long as needed, so that if the same device were rediscovered, the existing data would be automatically utilized. The **...and delete data** option simply deletes all existing data from the server. When a previously existent device is rediscovered with this option selected, its history begins anew. +The options differ according to how they handle the historical data for the device. The **...but keep data** action stores data for as long as needed, so that if the same device is rediscovered, the existing data is automatically utilized. The **...and delete data** option deletes all existing data from the server. When a previously existent device is rediscovered with this option selected, its history begins anew. -Now rerun Job#2 on RC#2 with monitoring enabled once again. After that run, you can see the device has moved to RC2: +Now rerun Job#2 on RC#2 with monitoring enabled once again. After that run, the device has moved to RC2: - DeviceA with monitoring on RC#1 - DeviceB with monitoring on RC#2 diff --git a/docs/auto-discovery/resources/cloud-resources.mdx b/docs/auto-discovery/resources/cloud-resources.mdx index 454449fc8..638a89f04 100644 --- a/docs/auto-discovery/resources/cloud-resources.mdx +++ b/docs/auto-discovery/resources/cloud-resources.mdx @@ -6,17 +6,17 @@ sidebar_position: 30 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -Cloud resources are items that have been identified and returned by Device42 discovery jobs and can be visualized in the resource map view. +Cloud resources are items identified and returned by Device42 discovery jobs. You can visualize them in the resource map view and sort by cloud vendor, region, subnet, Virtual Private Cloud (VPC), and other resource types. -Discovered information can be sorted by cloud vendor, region, subnet, Virtual Private Cloud (VPC), and other discovered resource types in your environments. +This page covers how to view cloud accounts, use the resource map, and navigate resource details. :::note -While you can display Azure and GCP environments in the resource map, AWS currently displays more accurate information. We are working to add this like-for-like functionality for all cloud accounts. +While you can display Azure and GCP environments in the resource map, AWS currently displays more detailed information. ::: ## View Cloud Resources -Navigate to **Infrastructure > Cloud Infrastructures > Cloud Accounts** from the Device42 menu to display the Cloud Accounts list page. +Navigate to **Infrastructure > Cloud Infrastructures > Cloud Accounts** from the main menu to display the Cloud Accounts list page. Cloud Infrastructures > Cloud Accounts** from the dark: useBaseUrl('/assets/images/cloud-resources/cloud-menu-dark.png'), }} style={{ width: '90%' }} -/>  +/> -### Cloud Accounts List Page +### Filter Cloud Accounts From the Cloud Accounts list page, you can use the search bar and **Cloud Vendor** dropdown to filter the cloud accounts. Add additional filtering criteria using the **More Filters** button. @@ -37,15 +37,11 @@ From the Cloud Accounts list page, you can use the search bar and **Cloud Vendor light: useBaseUrl('/assets/images/cloud-resources/cloud-accounts-list-light.png'), dark: useBaseUrl('/assets/images/cloud-resources/cloud-accounts-list-dark.png'), }} -/>   +/> ## Resource Map View -From the list page, click on a cloud account to view its details. Navigate back up to the **Cloud Vendor** to view all accounts. - -Access the **Resource Map** view to view the cloud account and its related resources and assets in a chart view. - -Click on the account level or provider to display additional cloud accounts in your environment. +From the list page, click a cloud account to view its details, then click **Resource Map** to view the account and its related resources in a chart. Click the account level or provider to display additional cloud accounts in your environment.    +/> -The **Show All** view can be applied to all areas in the resource map. Please note that large environments will take a few seconds to fully populate. +The **Show All** option can be applied to all areas in the resource map. Large environments may take a few seconds to fully populate.     +/> ### View Details with Resource Icons -Regions and some resource items have an **expand icon** (1) to drill down into regions and other resources and a **magnifying glass icon** (2) to see the resources in the region. +Regions and some resource items have an **expand icon** (1) to drill down into resources, and a **magnifying glass icon** (2) to view the resources in a region.    +/> -The **magnifying glass icon** will change to a **compass icon** and an info box will open that you can use to identify the resources and assets within that region. Click **Show All** to load and display all the listed resources on the map. +The **magnifying glass icon** changes to a **compass icon** and opens an info box listing the resources and assets within that region. Click **Show All** to load and display all listed resources on the map. -:::info -Please keep in mind that large environments will need a few seconds to fully populate. -::: - -Click the **expand icon** and then select the resource to open a summary box displaying important information such as the **Service Level**, **Last Changed** date and time, **Vendor Resource Type**, and **Resource Categories**. +Click the **expand icon** and select a resource to open a summary box with details such as **Service Level**, **Last Changed** date and time, **Vendor Resource Type**, and **Resource Categories**. All Resources** from the Device42 menu to display the **Resources** list page. +Select **Resources > All Resources** from the main menu to display the **Resources** list page. -Click **More Filters** and select from a range of resource properties, including: +Click **More Filters** and select from a range of resource properties, including: - Vendor Resource Subtype - Region @@ -50,13 +52,13 @@ sources={{ }} /> -Use the **Advanced** search option to construct more specific searches. See the [Advanced Search Feature](/getstarted/using-device42/advanced-search-feature.mdx) documentation for instructions. +Use the **Advanced** search option to construct more specific searches. See [Advanced Search Feature](/getstarted/using-device42/advanced-search-feature.mdx) for details. ### View Resource Details -Click on a resource **Name** to see details about that resource, including sections for the resource-specific CI types. For example, a NetApp storage array includes sections for **Disks** and **Volumes**. +Click a resource **Name** to see its details, including sections for resource-specific CI types. For example, a NetApp storage array includes sections for **Disks** and **Volumes**. -Click on the links in the sections to view the details of specific items. +Click the links in each section to view the details of specific items. +For example, clicking a linked item opens its detail page: + -### Application Group Calculation +### Application Group Calculation -Similar to the Device view, the Resources view includes an **Application Group Calculation** tab, provided you have a license for the [Application Dependency Mapping (ADM)](/apps/enterprise-application-dependency-mapping/configure-application-dependency-mapping/#turning-on-application-discovery) module. +Similar to the Device view, the Resources view includes an **Application Group Calculation** tab, provided you have a license for the [Application Dependency Mapping (ADM)](/apps/enterprise-application-dependency-mapping/configure-application-dependency-mapping.mdx#turn-on-application-discovery) module. -The tab displays a visualization of the Application Group calculation data for the selected resource, with a single [Starting Point](/apps/application-groups/index.mdx), and the resource's related dependencies and impact objects in the diagram. +The tab displays the Application Group calculation for the selected resource, showing a single [Starting Point](/apps/application-groups/index.mdx) along with the resource's related dependencies and impact objects. ### Resource Map -Click **Resource Map** in the top left of a resource page to see the topography map for that resource. Use the options in the left panel to highlight and search for related CIs to display on the map. +Click **Resource Map** in the top left of a resource page to see the topology map for that resource. Use the options in the left panel to highlight and search for related CIs to display on the map. -**Save** your edits or click **Cancel** to discard them. - ## Select Resources Across Multiple Pages -Select resources across multiple list pages to run bulk actions on them. Actions include deleting, archiving, or adding the resources to a Business Service. +You can select resources across multiple list pages to run bulk actions on them, such as deleting, archiving, or adding resources to a Business Service. -- Select the **Resources** list page to view and select resources. The page shows you how many items are selected. -- Use the numbers and arrows to scroll to different list pages and select more resources on that page. The page updates the selected-items count. -- You can then make a selection from the **Actions** dropdown. +1. Select resources on the **Resources** list page. The page shows how many items are selected. +2. Use the page numbers and arrows to navigate to other list pages and select additional resources. The selected-items count updates as you go. +3. Choose an action from the **Actions** dropdown. Software Components** section. -- **[Software Components](/infrastructure-management/software/software-components.mdx):** Includes details such as - - **Software Type** (**Managed** or **Unmanaged**) - - **License Model** (such as **Individual - User/Subscription**) +- **[Software Components](/infrastructure-management/software/software-components.mdx):** Includes details such as: + - **Software Type:** **Managed** or **Unmanaged** + - **License Model:** For example, **Individual - User/Subscription** - **Vendor** -- **[Software In Use](/infrastructure-management/software/software-in-use.mdx):** Includes fields for +- **[Software In Use](/infrastructure-management/software/software-in-use.mdx):** Includes fields for: - **Version** - **Install Date** - **End User** - - **Last Login** (30-day tracking period) + - **Last Login:** 30-day tracking period ### Discovered End Users @@ -90,12 +90,13 @@ sources={{ }} /> -- Name the job and choose which **Remote Collector** to use. -- Select your identity provider (**Azure AD**, **Okta**, or **Gsuite**) from the **Type** dropdown menu. -- Add the authentication credentials for your identity provider account: - - Azure AD: **Credential**, **Cloud Definition**, **Tenant ID**, and **Client ID** - - Okta: **Credential** and **URL** - - G Suite: **Admin Email** and **Credential** +- **Name:** A unique name for the job. +- **Remote Collector:** The Remote Collector to use. +- **Type:** Select your identity provider (**Azure AD**, **Okta**, or **Gsuite**). +- Add the authentication credentials for your identity provider account: + - **Azure AD:** **Credential**, **Cloud Definition**, **Tenant ID**, and **Client ID** + - **Okta:** **Credential** and **URL** + - **G Suite:** **Admin Email** and **Credential** ### Schedule the Job diff --git a/docs/auto-discovery/sccm-discovery.mdx b/docs/auto-discovery/sccm-discovery.mdx index a0834e943..ebbce5af3 100644 --- a/docs/auto-discovery/sccm-discovery.mdx +++ b/docs/auto-discovery/sccm-discovery.mdx @@ -6,17 +6,15 @@ sidebar_position: 25.5 import ThemedImage from '@theme/ThemedImage'; import useBaseUrl from '@docusaurus/useBaseUrl'; -# SCCM Discovery - -As of 18.11.00, SCCM Discovery is integrated into our main discovery jobs. Microsoft System Center Configuration Manager (SCCM) or Microsoft Endpoint Configuration Manager (MECM), is a comprehensive management platform for managing and deploying software, applications, updates, and operating systems in an enterprise environment. SCCM offers administrators a centralized, unified solution for efficiently managing a wide range of physical and virtual devices running various versions of Windows, macOS, Linux, and other operating systems +SCCM discovery is integrated into the main discovery jobs. Microsoft System Center Configuration Manager (SCCM), or Microsoft Endpoint Configuration Manager (MECM), is a comprehensive management platform for managing and deploying software, applications, updates, and operating systems in an enterprise environment. SCCM offers administrators a centralized, unified solution for efficiently managing a wide range of physical and virtual devices running various versions of Windows, macOS, Linux, and other operating systems. If you already use SCCM in your environment, the Device42 SCCM integration can automatically sync the hardware and software inventory (Configuration Item) data to Device42. SCCM discovery can discover devices, OS, CPU, memory, network, and software from SCCM. -SCCM Discovery can be configured using either WinRM, WMI (Requires a WDS and read only access to the SMS namespace), or direct database discovery. +SCCM discovery can be configured using WinRM, WMI (requires a WDS and read-only access to the SMS namespace), or direct database discovery. -### View, Run, and Add Jobs +## View, Run, and Add Jobs -Navigate to the list page under **Discovery > HyperVisors / \*nix / Windows** to view existing jobs, run a job, or create a new SCCM job by clicking the **Create** button on the top right. +Navigate to **Discovery > HyperVisors / \*nix / Windows** to view existing jobs, run a job, or create a new SCCM job by clicking **Create**. HyperVisors / \*nix / Windows** to Click on a job to view its details. The **Discovery Target** must be the database server and not other SCCM components. -Modify the job using the **Edit** button on the top right. +Modify the job by clicking **Edit**. -### Discovery Using WDS Credentials +## Discovery Using WDS Credentials Select the **Use Service Account Credentials (only Applies to WDS)** checkbox. @@ -50,7 +48,7 @@ Select the **Use Service Account Credentials (only Applies to WDS)** checkbox. }} /> -### Discovery Using WinRM +## Discovery Using WinRM Select **Discover Using WinRM (Preview)** to set the **URL prefix** and **Port** to use. @@ -64,7 +62,7 @@ Select **Discover Using WinRM (Preview)** to set the **URL prefix** and **Port** ## SCCM Database Discovery -For discovery to return detailed information, you will require read permissions to the following system views: +For discovery to return detailed information, read permissions are required for the following system views: @@ -102,4 +100,6 @@ The **MSSQL SCCM Instance** field is optional and should be left blank unless yo }} /> -Note: The discovery user must belong to the administrator’s user group to discover databases successfully. +:::note +The discovery user must belong to the administrator's user group to discover databases successfully. +::: diff --git a/docs/auto-discovery/setup-dns-autodiscovery.mdx b/docs/auto-discovery/setup-dns-autodiscovery.mdx index 5df28c0dc..0da2ae772 100644 --- a/docs/auto-discovery/setup-dns-autodiscovery.mdx +++ b/docs/auto-discovery/setup-dns-autodiscovery.mdx @@ -6,13 +6,17 @@ sidebar_position: 12 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -The following sections explain how to prepare your Microsoft DNS server for DNS autodiscovery and how to create and run a Device42 DNS Zone autodiscovery job. +DNS discovery syncs DNS zone data into Device42, giving you visibility into DNS records, IPs, and related details. + +This page covers how to prepare your Microsoft DNS server for DNS zone transfers and how to create and schedule a DNS zone discovery job. ## Microsoft Setup +Configure your Microsoft DNS server to allow zone transfers to Device42. + ### Allow Zone Transfers -First, **Allow zone transfers** from your DNS server to your Device42 virtual appliance IP address. +Select **Allow zone transfers** from your DNS server to your Device42 virtual appliance IP address. Right-click on the zone name, go to **Properties**, and go to the **Zone Transfers** tab. @@ -26,14 +30,15 @@ Next, allow your Device42 virtual appliance's IP address. You can enable zone transfers to your Device42 appliance's IP at your discretion. -## Set Up a DNS Zone Autodiscovery Job +## Create a DNS Zone Discovery Job + +Navigate to **Discovery > DNS Zone Sync (One way)** and click **Create**. -Next, go back to your Device42 web console and navigate to the DNS Zones for Autodiscovery list page under **Discovery > DNS Zone Sync (One way)**. +Fill out the following fields: -Click **Create** to create a new autodiscovery job and fill out the following: -- **Name:** Enter the name of the zone to be transferred - this will likely be the zone you just enabled. -- **Nameserver:** Enter the FQDN or IP address for the DNS server. The FQDN will work only if the DNS is configured correctly from the console. -- **Auto Delete Enabled:** Check this box to delete records in Device42 that were not found in new transfers of the zone but were found in older transfers. Selecting this option also deletes any entries manually added in Device42 that have not yet been added to your DNS server. +- **Name:** The name of the zone to be transferred. This will likely be the zone you just enabled. +- **Nameserver:** The FQDN or IP address for the DNS server. The FQDN works only if DNS is configured correctly from the console. +- **Auto Delete Enabled:** Deletes records in Device42 that were not found in new transfers of the zone but were found in older transfers. This option also deletes any entries manually added in Device42 that have not yet been added to your DNS server. -Save the autodiscovery job and click **Run Now** to test it. If you see "Success!" in the **Last Status** box, then the new zone, IPs, and related details will be available in Device42. +Save the discovery job and click **Run Now** to test it. If you see "Success!" in the **Last Status** box, the new zone, IPs, and related details will be available in Device42. -### Run Now or Schedule Discovery +### Run or Schedule the Job When creating or editing the job, select **Add another Auto Discovery Schedule** to schedule the job. @@ -67,7 +72,7 @@ Newly created jobs will not run on the first day they are created to prevent an }} /> -You can also select **Run Now** from the autodiscovery list page. +You can also select **Run Now** from the discovery list page. Agent Based Scans**. +## Install the Signed Mac Agent + +1. Download the **Signed Mac Agent for Discovery** from [https://www.device42.com/autodiscovery/](https://www.device42.com/autodiscovery/) for Intel or Apple Silicon macOS machines. + +2. Download the **Encrypted config file for Agent** from the Device42 Main Appliance under **Discovery > Agent Based Scans**. -This will be an encrypted URL and a public key with some other data needed for discovery. It uses AES-256-bit encryption. +The config file contains an encrypted URL and a public key with other data needed for discovery. It uses AES-256-bit encryption. + +## Run the Agent + +To run the signed Mac Agent: + +1. Unzip the notarized binary file. +2. Store the config file on the file system. +3. Run the binary with the config file: -Run the agent as: ``` (sudo) --config-file=/d42_agent_config ``` -To run the above: - -- Unzip the notarized binary file. -- Store the config file somewhere on the file system. -- Run the binary calling the config file. +Enterprise customers can deploy the agent via JAMF or other MDM solutions. -Enterprise customers should be able to do this via JAMF or other MDM solutions. +## Usage Notes -## Notes +Keep the following in mind when using the signed Mac Agent: -- The `-config-file` switch only works for this executable, and won’t work for any agent executable downloaded from the Main Appliance. -- All other switches, like for overriding the host, will work for this executable and any agent downloaded from the Main Appliance. -- It won't auto-update (as that would break the signing) and needs to be manually updated or updated via MDM solutions. +- The `--config-file` switch only works for this executable and does not work for agent executables downloaded from the Main Appliance. +- All other switches, such as overriding the host, work for both this executable and agents downloaded from the Main Appliance. +- The signed Mac Agent does not auto-update, as that would break the signing. Update it manually or via MDM solutions. ## Troubleshooting diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.mdx b/docs/auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.mdx index 8926f5cc2..8f8da3e48 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.mdx +++ b/docs/auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.mdx @@ -3,80 +3,93 @@ title: "All Other Storage Autodiscovery" sidebar_position: 4.5 --- +This page covers discovery configuration for Infinidat, NetApp, Nutanix, Oracle ZFS, and Pure Storage arrays. It lists the access protocols and default ports for each array, and provides steps for setting up users with minimum read-only permissions. + +For general storage array discovery job setup, see [Storage Arrays Discovery](index.mdx). + ## Access Protocols by Array -![](/assets/images/discovery_storage_arrays_autodiscovery_all-other-storage-autodiscovery.png) +The following table lists the supported storage arrays and their access methods: + +| Vendor | Array | Access Mechanism | Default Port | +|--------|-------|------------------|--------------| +| Infinidat | Infinidat | REST | 443 | +| NetApp | FAS Series | Vendor API | 80 or 443 | +| Nutanix | Nutanix | REST | 9440 | +| Oracle | ZFS | REST | 80 or 443 | +| Pure Storage | Pure Storage | REST | 80 or 443 | -## Minimum Permissions for Storage Array Autodiscovery +## Minimum Permissions for Storage Array Discovery -Follow the steps in the sections below to set up users or roles with minimum read-only permissions that you can use when you create storage array autodiscovery jobs. +Follow the steps below to set up users or roles with minimum read-only permissions for storage array discovery jobs. ### Infinidat 1. Log in to the Infinidat console. -2. Select **Settings** from the left panel. -3. Click on **Users** from the tab. -4. Click the **Create User** button to open the Create User panel. -5. Create a user and assign it one of the available roles: - - ADMIN - - POOL\_ADMIN - - READ\_ONLY +2. Select **Settings** from the left panel. +3. Click **Users** from the tab. +4. Click **Create User** to open the Create User panel. +5. Create a user and assign it the minimum **READ\_ONLY** role. The available roles are: + - `ADMIN` + - `POOL_ADMIN` + - `READ_ONLY` +6. Click **OK** and save the user. -6. Select the minimum **READ\_ONLY** role -7. Click **OK** and save the user. +### NetApp Filers -### Netapp Filers - -- Connect to your Netapp via SSH. -- Create a monitoring role with the necessary permissions. +1. Connect to your NetApp filer via SSH. +2. Create a monitoring role with the necessary permissions. ```shell - _useradmin role add -a api-system-get-version,login-http-admin,security-api-vfiler,api-system-get-info,api-fcp-adapter-list-info,api-iscsi-initiator-list-info,api-iscsi-adapter-list-info,api-disk-list-info,api-aggr-list-info,api-volume-list-info,api-lun-list-info,api-qtree-list,api-quota-list-entries,api-cifs-share-list-iter-start,api-perf-object-get-instances,api-lun-map-list-info,api-cifs-share-list-iter-next,api-lun-get-serial-number_ + useradmin role add -a api-system-get-version,login-http-admin,security-api-vfiler,api-system-get-info,api-fcp-adapter-list-info,api-iscsi-initiator-list-info,api-iscsi-adapter-list-info,api-disk-list-info,api-aggr-list-info,api-volume-list-info,api-lun-list-info,api-qtree-list,api-quota-list-entries,api-cifs-share-list-iter-start,api-perf-object-get-instances,api-lun-map-list-info,api-cifs-share-list-iter-next,api-lun-get-serial-number ``` - **Permissions contained in the above command:** - - - `api-system-get-version` - - `login-http-admin` - - `security-api-vfiler` - - `api-system-get-info` - - `api-fcp-adapter-list-info` - - `api-iscsi-initiator-list-info` - - `api-iscsi-adapter-list-info` - - `api-disk-list-info` - - `api-aggr-list-info` - - `api-volume-list-info` - - `api-lun-list-info` - - `api-qtree-list` - - `api-quota-list-entries` - - `api-cifs-share-list-iter-start` - - `api-perf-object-get-instances` - - `api-lun-map-list-info` - - `api-cifs-share-list-iter-next` - - `api-lun-get-serial-number` - -- Create a monitoring group, attaching the monitoring role created above. +
    + Permissions contained in the above command + + - `api-system-get-version` + - `login-http-admin` + - `security-api-vfiler` + - `api-system-get-info` + - `api-fcp-adapter-list-info` + - `api-iscsi-initiator-list-info` + - `api-iscsi-adapter-list-info` + - `api-disk-list-info` + - `api-aggr-list-info` + - `api-volume-list-info` + - `api-lun-list-info` + - `api-qtree-list` + - `api-quota-list-entries` + - `api-cifs-share-list-iter-start` + - `api-perf-object-get-instances` + - `api-lun-map-list-info` + - `api-cifs-share-list-iter-next` + - `api-lun-get-serial-number` + +
    + +3. Create a monitoring group, attaching the monitoring role created above. ``` useradmin group add -r ``` -- Create a monitoring user and assign it to the monitoring group created in the step above. +4. Create a monitoring user and assign it to the monitoring group created above. ``` useradmin user add -g ``` -**Cluster Mode** +### NetApp Cluster Mode 1. Connect to your NetApp cluster via SSH. -2. Create a user with the following config: +2. Create a user with the following configuration: - - **VServer to discover:** `` - - **Discovery User name:** `` - - **Role:** readonly (existing system role) - - **Application:** ontapi - - **Auth Method:** Password + - **VServer to discover:** `` + - **Discovery User name:** `` + - **Role:** `readonly` (existing system role) + - **Application:** `ontapi` + - **Auth Method:** `password` ``` security login create -vserver -user-or-group-name -application ontapi -authentication-method password -role readonly @@ -85,34 +98,32 @@ Follow the steps in the sections below to set up users or roles with minimum rea ### Nutanix 1. Log in to the Nutanix console. -2. Click the gear icon or select **Settings** from the main menu. -3. Select **Local User Management** under **Users and Groups**. -4. Click on the **+ New User** button. +2. Click the **gear icon** or select **Settings** from the main menu. +3. Select **Local User Management** under **Users and Groups**. +4. Click the **+ New User** button. 5. Do not select any roles, so that the user is assigned a viewer role by default. -6. Click **OK** and save the user. +6. Click **OK** and save the user. ### Oracle ZFS 1. Log in to the Oracle ZFS console. -2. Select **Configuration** from the main menu. -3. Click on the **+** button next to **Roles** to create a new role. - - Add the following Authorizations to the role (leave Domain as “\*”): - - **Analytics:** Read - - **Worksheet:** Read -4. Click on the **+** button next to **Users** to create a new user. - - Select the Role created in step 3 for the user. - - “Kiosk User” must **NOT** be selected. - +2. Select **Configuration** from the main menu. +3. Click the **+** button next to **Roles** to create a new role. Add the following authorizations to the role (leave Domain as `*`): + - **Analytics:** Read + - **Worksheet:** Read +4. Click the **+** button next to **Users** to create a new user. + - Select the role created in step 3 for the user. + - **Kiosk User** must **NOT** be selected. 5. Click **Finish** to save the user. ### Pure Storage -Pure Storage does not allow for multiple local users, and relies on an LDAP provider to supply user authentication and group membership for a non-root user. +Pure Storage does not allow multiple local users and relies on an LDAP provider for user authentication and group membership for non-root users. 1. Log in to the Pure Storage console. -2. Click on **System Menu**. -3. Click on **Configuration**. -4. Click on **Directory Service**. +2. Click **System Menu**. +3. Click **Configuration**. +4. Click **Directory Service**. 5. Connect your Pure Array to your LDAP provider, making sure to map the Read Only Group to the appropriate OU within your LDAP environment. 6. Create a discovery user account in your LDAP environment. 7. Add that LDAP user account to the OU associated with the Pure Storage Read Only Group. diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.mdx b/docs/auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.mdx index 4269ca2fc..90d2479c4 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.mdx +++ b/docs/auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.mdx @@ -3,101 +3,110 @@ title: "Dell/EMC Autodiscovery" sidebar_position: 1 --- +Device42 discovers Dell and EMC storage arrays including Compellent, VNX/VMAX, Data Domain, Unity, and Isilon. This page lists the access protocols and default ports for each array, and provides steps for setting up users with minimum read-only permissions. + +For general storage array discovery job setup, see [Storage Arrays Discovery](index.mdx). + ## Access Protocols by Array -![](/assets/images/discovery_storage_arrays_autodiscovery_dell-emc-autodiscovery.png) +| Vendor | Array | Access Mechanism | Default Port | +|--------|-------|------------------|--------------| +| Dell | Compellent | REST | 3033 | +| Dell | VNX or VMAX | SMIS | 5988 or 5989 | +| EMC | Data Domain | REST or SSH | 3009 or 22 | +| EMC | Unity | REST | 443 | +| Dell | Isilon (Gen 6) | Vendor API | 8080 | -## Minimum Permissions for Storage Array Autodiscovery +## Minimum Permissions for Storage Array Discovery -Follow the steps in the sections below to set up users or roles with minimum read-only permissions that you can use when you create storage array autodiscovery jobs. +Follow the steps below to set up users or roles with minimum read-only permissions for storage array discovery jobs. ### Dell Compellent -Compellent discovery requires use of an associated Dell Storage Manager appliance. +Compellent discovery requires an associated Dell Storage Manager (DSM) appliance. 1. Log in to your DSM deployment’s web UI. 2. Select **Data Collector** settings. 3. Go to the **Users** tab. 4. Go to the **Users & User Groups** tab. -5. Create a user and assign it the **Reporter** role. +5. Create a user and assign it the **Reporter** role. 6. Select your new user and connect it to your target **Storage Center** via the **Select Storage Center Mappings** menu. ### VNX or VMAX Using EMC SMIS Provider -Log in to SMIS provider using `http://:5988/ECOMConfig` or `https://:5989/ECOMConfig`. +Log in to the SMIS provider using `http://:5988/ECOMConfig` or `https://:5989/ECOMConfig`. -- Click **Add User** and create a user with the **monitor** role. +1. Click **Add User** and create a user with the **monitor** role. -![Add User](/assets/images/dell-emc-autodiscovery/smis-add-user.png) + ![Add User](/assets/images/dell-emc-autodiscovery/smis-add-user.png) -- Use the **Dynamic Settings** shown below. +2. Use the **Dynamic Settings** shown below. -![Dynamic Settings](/assets/images/dell-emc-autodiscovery/smis-dynamic-settings.png) + ![Dynamic Settings](/assets/images/dell-emc-autodiscovery/smis-dynamic-settings.png) ### EMC Data Domain 1. Log in to the Data Domain console. -2. Select **Administration → Access** on the left panel. -3. Go to the **Local Users** tab. -4. Create a user and assign one of the available roles: - - - admin - - limited-admin - - security - - user - - back-operator - - none - -6. Select the minimum **user** role. -7. Click **OK** and save the user. +2. Select **Administration > Access** on the left panel. +3. Go to the **Local Users** tab. +4. Create a user and assign it the minimum **user** role. The available roles are: + - `admin` + - `limited-admin` + - `security` + - `user` + - `back-operator` + - `none` +5. Click **OK** and save the user. ### EMC Unity -1. Log in to the EMC Unity Console console. -2. Click on the gear icon in the tool bar to open the **Settings** window. -3. Click on the **Users and Groups** tab. -4. Click on the **+** button to add a user. This will launch the **Create User** wizard. -5. Select type of user on first page, and click **Next**. -6. Enter username and password, and click **Next**. -7. Assign one of the available roles: - +1. Log in to the EMC Unity console. +2. Click the **gear icon** in the toolbar to open the **Settings** window. +3. Click the **Users and Groups** tab. +4. Click the **+** button to add a user. This launches the **Create User** wizard. +5. Select the type of user and click **Next**. +6. Enter a username and password, and click **Next**. +7. Assign the minimum **Operator** role. The available roles are: - Administrator - Storage Administrator - Operator - - VM Administrator - -8. Select the minimum **Operator** role. -9. Click **Finish** and save the user. + - VM Administrator +8. Click **Finish** and save the user. ### Isilon Create a new role and add the following read-only permissions: -- ISI_PRIV_LOGIN_CONSOLE -- ISI_PRIV_LOGIN_PAPI -- ISI_PRIV_LOGIN_SSH -- ISI_PRIV_SYS_SHUTDOWN -- ISI_PRIV_SYS_SUPPORT -- ISI_PRIV_AUTH -- ISI_PRIV_AUDIT -- ISI_PRIV_CLUSTER -- ISI_PRIV_DEVICES -- ISI_PRIV_FTP -- ISI_PRIV_HDFS -- ISI_PRIV_HTTP -- ISI_PRIV_MONITORING -- ISI_PRIV_NDMP -- ISI_PRIV_NETWORK -- ISI_PRIV_NFS -- ISI_PRIV_NS_TRAVERSE -- ISI_PRIV_NS_IFS_ACCESS -- ISI_PRIV_QUOTA -- ISI_PRIV_REMOTE_SUPPORT -- ISI_PRIV_SMARTPOOLS -- ISI_PRIV_SMB -- ISI_PRIV_STATISTICS - -**You can also use CLI commands to create such roles:** +
    + Isilon read-only permissions + +- `ISI_PRIV_LOGIN_CONSOLE` +- `ISI_PRIV_LOGIN_PAPI` +- `ISI_PRIV_LOGIN_SSH` +- `ISI_PRIV_SYS_SHUTDOWN` +- `ISI_PRIV_SYS_SUPPORT` +- `ISI_PRIV_AUTH` +- `ISI_PRIV_AUDIT` +- `ISI_PRIV_CLUSTER` +- `ISI_PRIV_DEVICES` +- `ISI_PRIV_FTP` +- `ISI_PRIV_HDFS` +- `ISI_PRIV_HTTP` +- `ISI_PRIV_MONITORING` +- `ISI_PRIV_NDMP` +- `ISI_PRIV_NETWORK` +- `ISI_PRIV_NFS` +- `ISI_PRIV_NS_TRAVERSE` +- `ISI_PRIV_NS_IFS_ACCESS` +- `ISI_PRIV_QUOTA` +- `ISI_PRIV_REMOTE_SUPPORT` +- `ISI_PRIV_SMARTPOOLS` +- `ISI_PRIV_SMB` +- `ISI_PRIV_STATISTICS` + +
    + +You can also use CLI commands to create roles: 1. Log in to the cluster using SSH. @@ -106,65 +115,70 @@ Create a new role and add the following read-only permissions: - To create a read-only role: ``` - isi auth roles create –name readonly_role –description “Read-only role for D42” + isi auth roles create --name readonly_role --description “Read-only role for D42” ``` - - To give permissions to this role add all the permissions from above: + - To give permissions to this role, add all the permissions from above: ``` - isi auth roles modify readonly_role –add-priv-ro=ISI_PRIV_LOGIN_PAPI + isi auth roles modify readonly_role --add-priv-ro=ISI_PRIV_LOGIN_PAPI ``` - - To create a USER: + - To create a user: ``` - isi auth users create readonly_user –enabled yes –password xxxxxx + isi auth users create readonly_user --enabled yes --password xxxxxx ``` - To add a user to the role: ``` - isi auth roles modify readonly_role –add-user=readonly_user + isi auth roles modify readonly_role --add-user=readonly_user ``` -**Alternatively, you can create the Role/User via the web UI** +Alternatively, you can create the role and user via the web UI: 1. Log in to the cluster web UI. -2. Select **Access Tab → Membership & Roles**. -3. Select the **Users** tab. +2. Select **Access Tab > Membership & Roles**. +3. Select the **Users** tab. 4. Select **LOCAL: System** for the provider. -5. Create user: +5. Create a user: - Set the username and password. - Select **Users** as the primary group. - Enable the account. -7. Select the **Roles** tab. -8. Create a role: +6. Select the **Roles** tab. +7. Create a role: - Set the **Role Name**. - Add the member (the user created above). - Add the following privileges as read-only: - - Console - - Platform API - - SSH - - Shutdown - - Support - - Auth - - Audit - - Cluster - - Devices - - FTP - - HDFS - - HTTP - - Monitoring - - NDMP - - Network - - NFS - - Remote Support - - SmartPools - - SMB - - Statistics - - Namespace Traverse - - Namespace Acces_s +
    + Isilon web UI privileges + + - Console + - Platform API + - SSH + - Shutdown + - Support + - Auth + - Audit + - Cluster + - Devices + - FTP + - HDFS + - HTTP + - Monitoring + - NDMP + - Network + - NFS + - Remote Support + - SmartPools + - SMB + - Statistics + - Namespace Traverse + - Namespace Access + +
    diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.mdx b/docs/auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.mdx index 173a6e47a..ab9072b29 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.mdx +++ b/docs/auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.mdx @@ -3,48 +3,55 @@ title: "HP Autodiscovery" sidebar_position: 2 --- -Follow the steps below to set up read-only users for HP Storage Array autodiscovery. +Device42 discovers HP and HPE storage arrays including Nimble, 3PAR, and StoreEasy. This page lists the access protocols and default ports for each array, and provides steps for setting up users with minimum read-only permissions. + +For general storage array discovery job setup, see [Storage Arrays Discovery](index.mdx). ## Access Protocols by Array -![](/assets/images/discovery_storage_arrays_autodiscovery_hp-autodiscovery.png) +| Vendor | Array | Access Mechanism | Default Port | +|--------|-------|------------------|--------------| +| HP | Nimble | REST | 5392 | +| HP | 3PAR | SMIS | 5988 or 5989 | +| HPE | StoreEasy | REST | 49258 | -## Minimum Permissions for Storage Array Autodiscovery +## Minimum Permissions for Storage Array Discovery -The sections below guide you through how to set up users or roles with minimum read-only permissions that you can use when you create storage array autodiscovery jobs. +Follow the steps below to set up users or roles with minimum read-only permissions for storage array discovery jobs. ### HP Nimble -1. Log in to the Nimble console. -2. Select **Administration → Security** from the menu. -3. Click on **Users and Groups** in the left panel. -4. Click on the **+USER** button to open the Create User panel. -5. Create a user and assign them one of the available roles: - - - administrator - - power-user - - operator - - guest +Create a user with `operator` permissions on the Nimble console. -6. Select the minimum **operator** role. -8. Click **OK** and save the user. +1. Log in to the Nimble console. +2. Select **Administration > Security** from the menu. +3. Click **Users and Groups** in the left panel. +4. Click the **+USER** button to open the Create User panel. +5. Create a user and assign the minimum `operator` role. The available roles are: + - `administrator` + - `power-user` + - `operator` + - `guest` +6. Click **OK** and save the user. ### HPE StoreEasy -The StoreEasy platform relies on local users created at the server level. Currently, Admin access is required to run a successful discovery. +The StoreEasy platform relies on local users created at the server level. Admin access is required to run a successful discovery. 1. Create a local user on the HPE StoreEasy host server. -2. Add that user to the admin group. +2. Add that user to the `admin` group. ### HP 3PAR +Create a user with the `browse` role on the HP 3PAR Management Console. + 1. Log in to the HP 3PAR Management Console. -2. Click on the **Actions** menu. -3. Select the **Security & Domains** submenu -4. Select **Users** and then **Create User**. -5. Enter a username and password and click **Next**. -6. Grant the user the **browse** role on the appropriate domain. -7. Click **Finish** and save the user. +2. Click the **Actions** menu. +3. Select the **Security & Domains** submenu. +4. Select **Users** and then **Create User**. +5. Enter a username and password, and click **Next**. +6. Grant the user the `browse` role on the appropriate domain. +7. Click **Finish** and save the user. **Example CLI user creation:** diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/ibm-autodiscovery.mdx b/docs/auto-discovery/storage-arrays-autodiscovery/ibm-autodiscovery.mdx index 3343c290d..522d70ab6 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/ibm-autodiscovery.mdx +++ b/docs/auto-discovery/storage-arrays-autodiscovery/ibm-autodiscovery.mdx @@ -3,31 +3,37 @@ title: "IBM Autodiscovery" sidebar_position: 3 --- +Device42 discovers IBM storage arrays including V7000 and Storwize. This page lists the access protocols and default ports, and provides steps for setting up users with minimum read-only permissions. + +For general storage array discovery job setup, see [Storage Arrays Discovery](index.mdx). + ## Access Protocols by Array -![](/assets/images/discovery_storage_arrays_autodiscovery_ibm-autodiscovery.png) - -## Minimum Permissions for Storage Array Autodiscovery - -Follow the steps in the sections below to set up users or roles with minimum read-only permissions that you can use when you create storage array autodiscovery jobs. - -### IBM V7000/StoreWize - -1. Log into the IBM V7000 Management Console. -2. Click on _Access → Users_ Panel. -3. Click on _Create Group_. -4. Select one of the role from the available roles: - - SecurityAdmin - - Admin - - ExportAdmin - - StorageAdmin - - SnapAdmin - - SystemAdmin - - CopyOperator - - Monitor - - Service - - Enahanced - - Select the minimum _**Monitor**_ role. -5. Click **Finish** and save the Group. -6. Create a new User and add the User to the Group. +| Vendor | Array | Access Mechanism | Default Port | +|--------|-------|------------------|--------------| +| IBM | V7000 or Storwize | REST | 7443 | + +## Minimum Permissions for Storage Array Discovery + +Follow the steps below to set up users or roles with minimum read-only permissions for storage array discovery jobs. + +### IBM V7000 or Storwize + +Create a group with the `Monitor` role and add a user to it. + +1. Log in to the IBM V7000 Management Console. +2. Click **Access > Users**. +3. Click **Create Group**. +4. Create a group and assign the minimum `Monitor` role. The available roles are: + - `SecurityAdmin` + - `Admin` + - `ExportAdmin` + - `StorageAdmin` + - `SnapAdmin` + - `SystemAdmin` + - `CopyOperator` + - `Monitor` + - `Service` + - `Enhanced` +5. Click **Finish** and save the group. +6. Create a new user and add the user to the group. diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/index.mdx b/docs/auto-discovery/storage-arrays-autodiscovery/index.mdx index b9b539e7f..5c79bf67b 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/index.mdx +++ b/docs/auto-discovery/storage-arrays-autodiscovery/index.mdx @@ -6,26 +6,28 @@ sidebar_position: 28 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -Storage Arrays are identified and returned by Device42 Storage Arrays autodiscovery. On the Storage Discovery page, you will find resource details, related resources, and topology maps. +Device42 storage array discovery identifies and returns storage arrays from a wide range of vendors, including Dell/EMC, HP, IBM, NetApp, Pure Storage, and more. Discovered resources include resource details, related resources, and topology maps. + +This page lists the supported storage array platforms, links to vendor-specific discovery details, and explains how to create and schedule a storage array discovery job. ## Storage Array Platforms -Click the **Platform** dropdown to view and select the available storage array type for a discovery job. +Click the **Platform** dropdown to view and select the available storage array types for a discovery job. -If you want to see the discovered storage arrays on the Devices list page, then discover storage arrays by SNMP. +To see discovered storage arrays on the Devices list page, discover them using [SNMP SAN/Server discovery](snmp-san-server-auto-discovery.mdx). -The "(Preview)" tag in the **Platform** list indicates that these arrays have not been fully tested due to a lack of access to testing equipment, and full functionality cannot be guaranteed at this time. Additional versions and configurations may or may not be discovered, but we cannot guarantee support for them at this time. The list will be updated as more testing is completed. +The "(Preview)" tag in the **Platform** list indicates that the array has not been fully tested due to limited access to testing equipment. Full functionality cannot be guaranteed for preview platforms, and additional versions or configurations may not be discovered. The list is updated as more testing is completed. -We currently support the following platforms: -| | | | +The following platforms are supported: +| | | | |---------------------------------|-----------------------------------------------|--------------------------------| | Celerra (Preview) | EMC VPlex (Preview) | Lenovo (Preview) | | Dell Compellent | HDS G1000 (Preview) | LSI (Preview) | @@ -38,14 +40,13 @@ We currently support the following platforms: | EMC VMAX/PMAX using Unisphere | IBM Flash and Storwize | Tintri (Preview) | | EMC VMAX/VNX using SMIS | Infinidat | UCS (Preview) | +## Vendor-Specific Discovery Details -## Additional Storage Array Autodiscovery Information - -Use the links below to access additional information about access protocols and minimum permissions for storage array autodiscovery. +The following pages provide additional information about access protocols and minimum permissions for each vendor. ### Dell/EMC Arrays -See the [Dell/EMC Autodiscovery](auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.mdx) page for more information about the following storage arrays: +See [Dell/EMC Discovery](dell-emc-autodiscovery.mdx) for details on the following arrays: - Dell Compellent - Dell PowerStore @@ -56,7 +57,7 @@ See the [Dell/EMC Autodiscovery](auto-discovery/storage-arrays-autodiscovery/del ### HP Arrays -See the [HP Autodiscovery](auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.mdx) page for more information about the following storage arrays: +See [HP Discovery](hp-autodiscovery.mdx) for details on the following arrays: - HP Nimble - HPE StoreEasy @@ -64,13 +65,13 @@ See the [HP Autodiscovery](auto-discovery/storage-arrays-autodiscovery/hp-autodi ### IBM Arrays -See the [IBM Autodiscovery](auto-discovery/storage-arrays-autodiscovery/ibm-autodiscovery.mdx) page for more information about the following storage array: +See [IBM Discovery](ibm-autodiscovery.mdx) for details on the following array: - IBM V7000/Storwize ### Lenovo Arrays -See the [Lenovo Autodiscovery](auto-discovery/storage-arrays-autodiscovery/lenovo-autodiscovery.mdx) page for more information about the following storage arrays: +See [Lenovo Discovery](lenovo-autodiscovery.mdx) for details on the following arrays: - ThinkSystem DE2000 - ThinkSystem DE4000 @@ -79,7 +80,7 @@ See the [Lenovo Autodiscovery](auto-discovery/storage-arrays-autodiscovery/lenov ### All Other Storage Arrays -See the [All Other Storage Autodiscovery](auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.mdx) page for more information about the following storage arrays: +See [All Other Storage Discovery](all-other-storage-autodiscovery.mdx) for details on the following arrays: - Infinidat - Netapp Filers @@ -87,9 +88,9 @@ See the [All Other Storage Autodiscovery](auto-discovery/storage-arrays-autodisc - Oracle ZFS - Pure Storage -## Add a Storage Array Autodiscovery Job +## Create a Storage Array Discovery Job -Select **Discovery > Storage Arrays** in the Device42 menu to display the **Storage Arrays** discovery list page, and then **Create** a new discovery job.  +Select **Discovery > Storage Arrays** from the main menu to display the **Storage Arrays** discovery list page, and then click **Create**. Storage Arrays** in the Device42 menu to display the **Sto }} /> -Enter or select the following information to create the autodiscovery job: +Enter or select the following information for the discovery job: -* **Job Name**: Enter a unique name for the job. -* **Remote Collector**: Select the RC to use for the job. An RC is **required** for Storage Arrays discovery. -* **Platform**: Select the storage array platform or vendor. -* **Discovery Targets**: Select the FQDN or IPs of the servers or CIDR or ranges. -* **Target Type**: Select Filer, DFM, or OCUM (displayed depending on the Platform selected). -* **Protocol Type**: Select HTTPS, HTTP, or insecure-HTTPS (displayed depending on the Platform selected). -* **Enable Performance Data Collection**: Yes/No. -* **Performance Data Sampling Interval**: Select the time interval for data sampling (if selected). -* **Action for Storage Array not found**: Choose how to handle unfound Storage Arrays in subsequent discovery — **Keep Array Resource** or **Delete Array Resource**. -* **Discovery Target(s) Credential(s)**: Enter or select the username and password for the discovery job. +* **Job Name:** A unique name for the job. +* **Remote Collector:** The RC to use for the job. An RC is **required** for storage array discovery. +* **Platform:** The storage array platform or vendor. +* **Discovery Targets:** The FQDN, IPs, CIDR, or ranges of the target servers. +* **Target Type:** Select **Filer**, **DFM**, or **OCUM**. Available options depend on the platform selected. +* **Protocol Type:** Select **HTTPS**, **HTTP**, or **insecure-HTTPS**. Available options depend on the platform selected. +* **Enable Performance Data Collection:** Toggle performance data collection on or off. +* **Performance Data Sampling Interval:** The time interval for data sampling (if performance data collection is enabled). +* **Action for Storage Array Not Found:** How to handle unfound storage arrays in subsequent discovery — **Keep Array Resource** or **Delete Array Resource**. +* **Discovery Target(s) Credential(s):** The username and password for the discovery job. -When you are done, click **Save**, and you'll see the **Run Now** button, which you can use to run the job immediately. You can also run the job immediately from the Storage Array list page.  +Click **Save** when done. Use the **Run Now** button to run the job immediately, or run it from the Storage Array list page. ### Schedule the Job -Use the **Autodiscovery Schedule** section of the page to schedule when your job runs. You can create multiple schedules for each job, specifying the days of the week and the times when it runs.  +Use the **Autodiscovery Schedule** section to schedule when the job runs. You can create multiple schedules for each job, specifying the days and times. :::note -Autodiscovery scheduling behavior: Newly created jobs will not run on the first day they are created, to prevent an excessive number of jobs from running simultaneously. If you would like to run a job after its initial creation, click the **Run Now** button. +Newly created jobs will not run on the first day they are created, to prevent too many jobs from running simultaneously. To run a job after its initial creation, click the **Run Now** button. ::: SNMP** and click **Create**. -The autodiscovery job specification takes the FQDN or IP addresses of the servers to be discovered and ignored as input. You can also list any OIDs and operating systems that should be ignored in the autodiscovery process. +The discovery job takes the FQDN or IP addresses of the target servers. You can also list OIDs and operating systems to ignore during the discovery process. -Under **Credential(s)**, select the **SNMP Version** and add a **Community String:** +Under **Credential(s)**, select the **SNMP Version** and add a **Community String:** -The job can also be scheduled like other autodiscovery jobs. - -## Run Now or Schedule +## Schedule the Job -Click **Add another Autodiscovery Schedule** from the **Autodiscovery Schedule** section when editing the job to create a run schedule for the job. +Click **Add another Autodiscovery Schedule** in the **Autodiscovery Schedule** section to create a run schedule for the job. -After saving the job, select **Run Now** to run the job immediately. You can also run the job from the list page (**Discovery > SNMP**). +After saving the job, click **Run Now** to run the job immediately. You can also run the job from the list page at **Discovery > SNMP**. :::note -To prevent a large amount of jobs from running initially, newly created jobs will not run on the first day they are made. If you would like to run a job after its initial creation, simply select the **Run Now** button next to the job after creation. +Newly created jobs will not run on the first day they are created, to prevent too many jobs from running simultaneously. To run a job after its initial creation, click the **Run Now** button. ::: diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/storage-arrays.mdx b/docs/auto-discovery/storage-arrays-autodiscovery/storage-arrays.mdx index 15dab32c4..0b761995c 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/storage-arrays.mdx +++ b/docs/auto-discovery/storage-arrays-autodiscovery/storage-arrays.mdx @@ -1,16 +1,18 @@ --- -title: "Viewing Storage Arrays" +title: "View Storage Arrays" sidebar_position: 6 --- import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -Storage arrays are identified and returned by the Device42 [storage arrays autodiscovery](./). Storage arrays also display their resource details, related resources, and topology maps. +Storage arrays are identified and returned by Device42 [storage array discovery](index.mdx) jobs. You can view resource details, related resources, and topology maps for each discovered array. -## View All Storage Arrays +This page covers how to view, filter, edit, and manage storage arrays, including resource maps and import or export options. -Select **Resources > Storage > Arrays** from the Device42 menu to display the **Storage Arrays** list page. +## Storage Arrays List Page + +Select **Resources > Storage > Arrays** from the Device42 menu to display the **Storage Arrays** list page. Storage > Arrays** from the Device42 menu to display the }} /> -On this page, you can **Search by name**, filter the list by **Type**, and add **More Filters**. +On this page, you can **Search by name**, filter the list by **Type**, and add **More Filters**. :::note -The **Storage Arrays** list page also includes an **Advanced Search** option you can use to construct more specific searches. See the [Advanced Search Feature](/getstarted/using-device42/advanced-search-feature.mdx) documentation page for instructions. +The **Storage Arrays** list page also includes an **Advanced Search** option you can use to construct more specific searches. See [Advanced Search Feature](/getstarted/using-device42/advanced-search-feature.mdx) for instructions. ::: -Click on an array **Name** to see details about that array. You can use the links in the panel on the right to see details about that related resource. +Click an array **Name** to see details about that array. + +Use the links in the right panel to view related resources. + +The **Parts** tab lists the attached storage arrays. + -Click on a **Parts** link to see that resource (in this case a LUN). +Click a **Parts** link to see that resource (in this case, a LUN). -## Resource Maps and Trends Graphs +## Resource Maps -Click **Resource Map** at the top left of the page to see the topography map for the array. On the left panel, you can add, highlight, or search by type or individual items to customize the chart view. +Click **Resource Map** at the top left of the page to see the topology map for the array. Use the left panel to add, highlight, or search by type or individual items to customize the chart view. -## Edit Storage Arrays +## Edit a Storage Array -Click **Edit** on the storage array view page to edit the array. You can add or edit **Notes** (1) or **D42 Tags** (2) for the array, toggle the **In Service** (3) indicator on or off, and select or add a **Service Level** value (4). +Click **Edit** on the storage array view page to modify the following fields: + +- **Notes** (1): Add or edit notes for the array. +- **D42 Tags** (2): Add or edit tags. +- **In Service** (3): Toggle the indicator on or off. +- **Service Level** (4): Select or add a service level value. -Click **Save** to save your edits or click **Cancel** to discard them. - -## Storage Arrays Actions +Click **Save** to save your edits or click **Cancel** to discard them. -Select one or more arrays from the list and choose an action from the menu. +## Storage Array Actions -To delete items, choose **Delete with Detailed Confirmation**, **Fast Background Delete**, or **Fast Background Archive** from the **Actions** dropdown menu. +Select one or more arrays from the list and choose an action from the **Actions** dropdown menu. -You can also select storage arrays to **Add to Business Application**. +The available actions are **Delete with Detailed Confirmation**, **Fast Background Delete**, **Fast Background Archive**, and **Add to Business Service**. -## Storage Array Discovery Job Import and Export +## Import and Export Storage Array Discovery Jobs -You can import or export storage array discovery jobs using an Import/Export Excel file. +You can import or export storage array discovery jobs using an Excel file. -- Select **Tools > Imports/Exports (xls)** from the Device42 main menu. Locate the **Autodiscovery – Create Storage Array Autodiscovery Jobs** row and click **Download Sample Excel File**. +1. Select **Tools > Imports/Exports (xls)** from the Device42 main menu. Locate the **Autodiscovery - Create Storage Array Autodiscovery Jobs** row and click **Download Sample Excel File**. -- Fill in the Excel file to set up your storage array discovery job. Click on the tips in the cell headings for details on what values to enter in each column. - +2. Fill in the Excel file to set up your storage array discovery job. Click the tips in the cell headings for details on what values to enter in each column. + ![Sample Excel file](/assets/images/storage-arrays/sample-excel-download.png) -- **Browse** to the Excel file and click **Upload** to add the storage array discovery jobs to Device42. +3. Click **Browse** to select the Excel file and click **Upload** to add the storage array discovery jobs to Device42. TCP Port Scan** and click **Create**. -- From the main menu, select **Discovery > TCP Port Scan** to open the **TCP Port Scan** list page and click **Create**. +Provide the range of FQDN or IP addresses for the **Server(s)** and specify which **Remote Collector** with Windows Discovery Service (WDS) to run the scan on. Optionally, add any servers to exclude from the scan. -- Provide the range of FQDN or IP addresses for the **Server(s)** and specify which **Remote Collector** with Windows Discovery Service (WDS) you want to run the scan on. Optionally, add any servers to exclude from the scan. - - + -Under **Settings for auto-created Hypervisors/\*nix/win AD Task**, provide the settings you want the \*nix or Windows autodiscovery job to be created with. This will create the appropriate autodiscovery job for you, with the provided naming template and specified settings, and maintain the list of servers based on the results of each TCP port scan run. +Under **Settings for auto-created Hypervisors/\*nix/win AD Task**, provide the settings for the \*nix or Windows discovery job to be created with. Device42 creates the appropriate discovery job with the provided naming template and specified settings, and maintains the list of servers based on the results of each TCP port scan run. -- Define the naming template pattern that will be used to generate unique names for the created discovery jobs. Include any credentials required for accessing the target servers under the **Username / Password(s)** field. +- Define the naming template pattern used to generate unique names for the created discovery jobs. Include any credentials required for accessing the target servers under the **Username / Password(s)** field. -- Configure the settings related to the discovery of virtual environments. +- Configure the settings for discovery of virtual environments. -- Use the **Device name format** settings to set your naming preferences for discovered devices and specify the scope of the data to be collected. +- Use the **Device name format** settings to set your naming preferences for discovered devices and specify the scope of the data to be collected. -- Specify the settings for the discovery of software and services, which include two cloud service options (**Discover ProviderID/Cloud ID** and **Use provider token**:). +- Specify the settings for the discovery of software and services, which include two cloud service options (**Discover ProviderID/Cloud ID** and **Use provider token**). - - **Store Application Components Config Files**: Visit the [Application Components](/apps/application-components/index.mdx) page for more information on application components. + - **Store Application Components Config Files:** See the [Application Components](/apps/application-components/index.mdx) page for more information. -- Apply naming conventions to the discovered devices. Select **Strip domain suffix** to drop everything after the first period (`server.domain.com` becomes `server`), and optionally, elect to **Use the server as the device name**. +- Apply naming conventions to the discovered devices. Select **Strip domain suffix** to drop everything after the first period (`server.domain.com` becomes `server`), and optionally select **Use the server as the device name**. -- Change the service level to the specified level when no VM is detected, assign the discovered devices to a VRF group, and associate specific customers with the discovered devices. +- Change the service level to the specified level when no VM is detected, assign the discovered devices to a VRF group, and associate specific customers with the discovered devices. - + - Allow the generated discovery jobs to **Collect database server information**. -- Configure the metadata settings by selecting an **Object Category for discovered devices** and entering **Tags for discovered devices**. Tags are particularly useful to use with the Device42 [Application Dependency Mapping](/apps/enterprise-application-dependency-mapping/index.mdx) feature. +- Configure the metadata settings by selecting an **Object Category for discovered devices** and entering **Tags for discovered devices**. Tags are useful with the Device42 [Application Dependency Mapping](/apps/enterprise-application-dependency-mapping/index.mdx) feature. -- If you select **Enable Resource Utilization Tracking for Device**, select an interval from the **Resource Utilization Sampling Interval** dropdown – the default period is ten minutes (600 seconds). You will not be able to save the discovery job unless an interval is specified. See the [Resource Utilization](/auto-discovery/resource-utilization-overview.mdx) page for more information. +- If you select **Enable Resource Utilization Tracking for Device**, select an interval from the **Resource Utilization Sampling Interval** dropdown. The default period is ten minutes (600 seconds). The discovery job cannot be saved unless an interval is specified. See the [Resource Utilization](/auto-discovery/resource-utilization-overview.mdx) page for more information. :::note New secrets added to TCP port scans will not be added to their corresponding hypervisors, \*nix, or Windows discovery jobs. ::: -## Run Now or Schedule +## Run or Schedule the Job -You can schedule TCP port scans similarly to all other autodiscovery jobs. +You can schedule TCP port scans similarly to all other discovery jobs. -Select **+ Add another Autodiscovery Schedule** when editing a job to create a run schedule for that job. +Select **+ Add another Autodiscovery Schedule** when editing a job to create a run schedule. :::note -Setting the schedule on a TCP port scan job will schedule the TCP port scan job itself but not the autodiscovery jobs created as a **result** of that TCP port scan. +Setting the schedule on a TCP port scan job schedules the TCP port scan job itself, but not the discovery jobs created as a **result** of that TCP port scan. ::: -Upon saving the job, click **Run Now** to run the job immediately. You can also run the job from the list page. +After saving the job, click **Run Now** to run the job immediately. You can also run the job from the list page. -Newly created jobs will not run on the first day they are created, to prevent an excessive number of jobs from running simultaneously. If you would like to run a job after its initial creation, click the **Run Now** button next to the job after creation. +Newly created jobs will not run on the first day they are created, to prevent an excessive number of jobs from running simultaneously. To run a job after its initial creation, click **Run Now** next to the job. diff --git a/docs/auto-discovery/unprocessed-device-records.mdx b/docs/auto-discovery/unprocessed-device-records.mdx index 31bda8022..47d254dd4 100644 --- a/docs/auto-discovery/unprocessed-device-records.mdx +++ b/docs/auto-discovery/unprocessed-device-records.mdx @@ -6,11 +6,11 @@ sidebar_position: 33 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -Due to the scope of Device42 discovery, duplicate items may occur. To help avoid and consolidate duplicate records, we apply a proprietary matching algorithm to the unprocessed device tables. +Due to the scope of Device42 discovery, duplicate items may occur. To help avoid and consolidate duplicate records, Device42 applies a proprietary matching algorithm to the unprocessed device tables. -When a new full discovery is performed, the algorithm will use various device attributes to determine potential matches with previously discovered devices. +When a new full discovery is performed, the algorithm uses various device attributes to determine potential matches with previously discovered devices. This page explains the device matching levels, the attributes used for matching, and how to handle unmatched devices. -### Device Matching Level +## Device Matching Level Under **Tools > Global Settings**, you can set the device matching level in the **Miscellaneous** section. @@ -24,7 +24,7 @@ Device42 supports three different matching models: **Classic**, **Moderate**, an }} /> -With **Classic** matching, Device42 will check the serial number, UUID, and name (in that order) of discovered devices against existing records to verify whether an existing device should be updated or a new device should be created. +With **Classic** matching, Device42 checks the serial number, UUID, and name (in that order) of discovered devices against existing records to determine whether to update an existing device or create a new one. **Moderate** and **Conservative** device matching both use various device attributes, weighted by significance, to calculate a score that determines potential matches with devices already in Device42. @@ -37,9 +37,9 @@ A device is identified as a match when the calculated match score is equal to or You can change the matching aggressiveness to ensure the best performance in a given environment, no matter the present state of the organization or the naming and deployment conventions in use. -### Enhanced Device Matching +## Enhanced Device Matching -We recommend enabling the **Enhanced Device Matching** option (under **Tools > Global Settings > Miscellaneous**) for improved accuracy when dealing with separate devices with the same name. +Enable the **Enhanced Device Matching** option (under **Tools > Global Settings > Miscellaneous**) for improved accuracy when dealing with separate devices that share the same name. To access this setting, which is turned off by default, select the **Moderate** or **Conservative** matching level under **Device Matching Level**. @@ -53,7 +53,7 @@ To access this setting, which is turned off by default, select the **Moderate** Enhanced matching also uses heuristics to determine if a potential match from [Application Dependency Mapping (ADM)](/apps/enterprise-application-dependency-mapping/index.mdx) is correct or incorrect. -### Device Attributes Used in Matching +## Device Attributes Used in Matching The following device properties, ordered from most to least significant (levels 1 - 4), are used for matching: @@ -65,9 +65,9 @@ The following device properties, ordered from most to least significant (levels 4. ID of the discovery job (for example, `jobtype-id: vserver-1`) -### Unmatched Devices +## Unmatched Devices -A device must have at least one match for a match score to be calculated. If no matches are found, the device will be treated as a new device. +A device must have at least one match for a match score to be calculated. If no matches are found, the device is treated as a new device. The advanced matching model mitigates the possibility of false positives and increases the intelligence of automatic matching, but can result in unmatched devices when score results are too low.  diff --git a/docs/auto-discovery/using-apis-for-custom-auto-discovery.mdx b/docs/auto-discovery/using-apis-for-custom-auto-discovery.mdx index 3b9b46d3a..a22fdaf8d 100644 --- a/docs/auto-discovery/using-apis-for-custom-auto-discovery.mdx +++ b/docs/auto-discovery/using-apis-for-custom-auto-discovery.mdx @@ -2,9 +2,11 @@ title: "Using APIs for Custom Autodiscovery" sidebar_position: 34 --- -If you need autodiscovery methods that aren't provided by Device42, you can create your own autodiscovery tools that use Device42 APIs to load data into a Device42 instance. +If you need discovery methods that are not provided by Device42, you can create your own discovery tools that use Device42 APIs to load data into a Device42 instance. -Device42 provides several [sample scripts](https://github.com/device42/Device42-AutoDiscovery-Scripts) you can use as a basis for custom autodiscovery tools, including the following: +This page lists the available sample scripts and walks through an example using IronPython. + +Device42 provides several [sample scripts](https://github.com/device42/Device42-AutoDiscovery-Scripts) you can use as a basis for custom discovery tools, including the following: - `api-sample.py`: This script runs against a single Windows server and uploads info to the Device42 appliance. - `ad-sample.py`: This script runs against Active Directory computers, servers, or a list of IP addresses, and uploads discovered systems info to the Device42 appliance. @@ -16,20 +18,18 @@ Device42 provides several [sample scripts](https://github.com/device42/Device42- All these scripts are written in Python, but you can use any programming language that calls RESTful APIs. -The remainder of this document demonstrates how to use one of these scripts. We use IronPython for this example because it is simple to install. You can drop the executables into a folder, and as long as you have the .NET 4 framework installed, you are good to go. - -* * * +The remainder of this page demonstrates how to use one of these scripts. The example uses IronPython, as it is simple to install. You can drop the executables into a folder and run them as long as you have the .NET 4 framework installed. ## Install IronPython Binaries -### Requirements +You need the following software to follow along with this example: - [IronPython](https://ironpython.net/download/) - The [.NET Framework 4](https://www.microsoft.com/en-us/download/details.aspx?id=17851) - PowerShell version 1 or 2 (preferred) - Device42 [sample scripts](https://github.com/device42/Device42-AutoDiscovery-Scripts) (the latest versions are under the `src` folder) -When you have installed PowerShell and the .NET Framework 4, download the installer or binaries for IronPython (we recommend the binaries because you can unzip the folder), and you are ready to go. +After installing PowerShell and the .NET Framework 4, download the installer or binaries for IronPython. The binaries are recommended, as you can unzip the folder and start using them right away. ![1. Install IronPython](/assets/images/install_ironpython.png) @@ -41,7 +41,7 @@ Download the [latest script](https://github.com/device42/Device42-AutoDiscovery- Click on the script file to open it, then click the download button and save the file in the same folder as the unzipped binaries for IronPython. -## Get Sample Script Ready for Your Environment +## Prepare the Sample Script for Your Environment Open the script and locate the following sections: @@ -56,7 +56,7 @@ Open the script and locate the following sections: Edit the sections as follows: - Change the value of `BASE_URL` to the URL for the Device42 appliance. Ensure there is no trailing `/` at the end of the URL. Example: `BASE_URL='https://d42app.device42.pvt'`. -- Change the values for `USER` and `PASSWORD` to the credentials for an administrator user with log-in access to the Device42 appliance. +- Change the values for `USER` and `PASSWORD` to the credentials for an administrator user with login access to the Device42 appliance. ## Run the Script diff --git a/docs/auto-discovery/vendors-supported-in-snmp-auto-discovery.mdx b/docs/auto-discovery/vendors-supported-in-snmp-auto-discovery.mdx index 5cb204a8f..8b77dbcb7 100644 --- a/docs/auto-discovery/vendors-supported-in-snmp-auto-discovery.mdx +++ b/docs/auto-discovery/vendors-supported-in-snmp-auto-discovery.mdx @@ -3,13 +3,11 @@ title: "Vendors Supported in SNMP Autodiscovery" sidebar_position: 35 --- -Device42 aims to support as many vendors as possible for SNMP-based discovery. Here's a list of vendors that we have verified support for. +Device42 aims to support as many vendors as possible for SNMP-based discovery. The table below lists the vendors that have been verified. -Note that this list is not all-inclusive; it's intended to give a sense of the vendors that we support. +This list is not all-inclusive. Even if a vendor is not listed, discovery will generally still bring in some information, even if your specific hardware has not yet been added. -Even if the vendor is not listed, discovery will generally still bring in some information even if your specific hardware has not yet been added. - -## Vendors that we've verified support for include: +## Verified Vendors | | | | | | |--------------|-------------|--------------|-------------|------------| @@ -55,8 +53,8 @@ Even if the vendor is not listed, discovery will generally still bring in some i | Cradlepoint | Juniper | Riedo | UTP | | -## Adding support for non-verified vendors +## Add Support for Non-Verified Vendors -If you come across a device that isn't fully discovered or if you have hardware that you want to see supported, you can [generate an SNMP walk of the device](administration/appliance-manager/collecting-snmpwalk-output-for-troubleshooting.mdx) by navigating to **Application > Generate SNMP Template** in your Appliance Manager. +If you come across a device that is not fully discovered or if you have hardware that you want to see supported, you can [generate an SNMP walk of the device](/administration/appliance-manager/collecting-snmpwalk-output-for-troubleshooting.mdx) by navigating to **Application > Generate SNMP Template** in your Appliance Manager. -Fill out the form, attach your MIB files, and select the standard data you want added. Once you've completed this form, it will be routed to our engineers for inclusion! +Fill out the form, attach your MIB files, and select the standard data you want added. The completed form is routed to the Device42 engineering team for inclusion. diff --git a/docs/auto-discovery/virtual-machine-auto-discovery.mdx b/docs/auto-discovery/virtual-machine-auto-discovery.mdx index 168acbe76..b424b5944 100644 --- a/docs/auto-discovery/virtual-machine-auto-discovery.mdx +++ b/docs/auto-discovery/virtual-machine-auto-discovery.mdx @@ -6,7 +6,9 @@ sidebar_position: 36 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -Device42 can discover a range of Virtual Machine (VM) hypervisors directly from the UI. These include VMware ESXi (managed via vCenter), as well as other virtualization platforms: +Device42 discovers a range of Virtual Machine (VM) hypervisors directly from the UI, including VMware ESXi (managed via vCenter) and other virtualization platforms. + +This page covers the supported platforms, job configuration options, and how to schedule VM discovery.
    @@ -35,11 +37,11 @@ Device42 can discover a range of Virtual Machine (VM) hypervisors directly from
    -While configuring the job, you may elect to have your primary Device42 appliance directly perform the discovery, or you may designate a [Remote Collector (RC)](remote-collector-rc.mdx) to run each task. +When configuring the job, you can have the primary Device42 appliance perform the discovery directly or designate a [Remote Collector (RC)](remote-collector-rc.mdx) to run each task. -## Setting up VMware/Citrix XenServer/oVirt/KVM/LXC Autodiscovery +## Set Up VM Discovery -From the Device42 main menu, under **Discovery > Hypervisors/\*nix/Windows**, add a Hypervisor, UNIX/Linux (\*nix), or a Windows discovery job to connect to your hosts or guests and gather physical and VM details. +Navigate to **Discovery > Hypervisors/\*nix/Windows** and add a Hypervisor, UNIX/Linux (\*nix), or Windows discovery job to connect to your hosts or guests and gather physical and VM details. Hypervisors/\*nix/Windows**, ad }} /> -**Job Name:** Enter a unique name to identify the autodiscovery job. - -**Remote Collector:** Optionally run the discovery job from the chosen RC instead of the Main Appliance (MA). - -**Job Debug Level:** Set to **Debug On** to collect extra debug info that's useful to include in a support ticket. - -**Platform:** Choose the VM platform, such as Vmware, Citrix XenServer, oVirt Server, KVM or libvirt, Docker, LXC, etc. - -**URL Prefix:** This will be HTTPS in most cases. But if you've changed it, you have the option to switch it to HTTP. - -**Discovery Target(s):** This is the FQDN or IP of the vCenter server or the ESX server. If using FQDN, set up DNS resolution in the Device42 VM console first. +- **Job Name:** A unique name to identify the discovery job. +- **Remote Collector:** Optionally run the discovery job from the chosen RC instead of the Main Appliance (MA). +- **Job Debug Level:** Set to **Debug On** to collect extra debug info useful for support tickets. +- **Platform:** Choose the VM platform, such as VMware, Citrix XenServer, oVirt Server, KVM or libvirt, Docker, or LXC. +- **URL Prefix:** HTTPS in most cases. Change to HTTP if you have modified the default. +- **Discovery Target(s):** The FQDN or IP of the vCenter server or the ESX server. If using FQDN, set up DNS resolution in the Device42 VM console first. :::note You need to add each vCenter server you wish to discover. Device42 does not automatically find or crawl additional vCenter servers linked to your first one. ::: -**Port:** This is 443 by default. Only change if you have changed it. - -**Enable Resource Utilization Tracking for Device(s):** This option enables the periodic collection and examination of server resource usage metrics. See [Resource Utilization](/auto-discovery/resource-utilization-overview.mdx) for more information. - -**Discovery Target(s) Credential(s):** Specify username and password (account credentials) with permission to view all the hosts and VM inventory info. For oVirt, the username is most probably in the format of `username@domain`, for example, `admin@internal`. +- **Port:** 443 by default. Only change if you have modified it. +- **Enable Resource Utilization Tracking for Device(s):** Enables periodic collection of server resource usage metrics. See [Resource Utilization](/auto-discovery/resource-utilization-overview.mdx) for more information. +- **Discovery Target(s) Credential(s):** Specify a username and password with permission to view all hosts and VM inventory info. For oVirt, the username is typically in the format `username@domain`, for example, `admin@internal`. -**Strip domain suffix:** Checking this box will strip domain suffixes from host and VM names. - -**VM name to use:** If the VM has a different name on the host and as found from the tools, you can choose which name should be used while adding/updating the VM in device42. Available for VMware only for now. - -**Add multiple VM names as alias:** If the VM name on the host and the VM name found from tools don't match, you can add the second name as a device alias by checking this box. Currently only available for VMware. - -**Track VM name change:** Added in v5.8.0 to track any changes to the VM name. This applies if the name is changed on an existing VM (verified by UUID). If the new name already exists in the system, it will be ignored. - -**Prepend VM Host Name:** Prepend (add) VMhost name to the front of the discovered guest name for each discovered VM. +- **Strip domain suffix:** Strips domain suffixes from host and VM names. +- **VM name to use:** If the VM has a different name on the host than the name found from the tools, choose which name to use when adding or updating the VM in Device42. Available for VMware only. +- **Add multiple VM names as alias:** If the VM name on the host and the VM name found from tools do not match, adds the second name as a device alias. Available for VMware only. +- **Track VM name change:** Tracks changes to the VM name. This applies if the name is changed on an existing VM (verified by UUID). If the new name already exists in the system, it is ignored. +- **Prepend VM Host Name:** Adds the VM host name to the front of the discovered guest name for each discovered VM. ### Host Discovery +Configure host-level discovery behavior and actions for VMs that are no longer found. + -**Ignore Host OS Info:** Do not discover host operating system information. - -**Allow hosts with duplicate serials:** Create two VM hosts (don't merge) with the same serial number. - -**Ignore host serial #:** Do not discover the host serial number. - -**Ignore host UUID #:** Do not discover the host UUID number. - -**Action for VM not found:** Choose one of the following four actions for stale, deleted, or no longer discovered VMs: +- **Ignore Host OS Info:** Do not discover host operating system information. +- **Allow hosts with duplicate serials:** Creates two VM hosts (without merging) with the same serial number. +- **Ignore host serial #:** Do not discover the host serial number. +- **Ignore host UUID #:** Do not discover the host UUID number. +- **Action for VM not found:** Choose one of the following actions for stale, deleted, or no longer discovered VMs: -**Toggle service level on VM power state:** If a VM is powered off, checking this box will mark that VM as "Not in Service". - -**Get Guest OS Info:** This grabs the guest OS information for a VM from VMware. It is not as detailed as machine-level WMI/SSH discovery. - -**Ignore Guest UUID:** Do not discover guest UUID number. - -**Discover vCloud:** Discover vCloud instances (if using vCloud connector for vSphere, vRealize, etc.) and create custom fields for any VMWare tags. +- **Toggle service level on VM power state:** If a VM is powered off, marks that VM as "Not in Service". +- **Get Guest OS Info:** Retrieves the guest OS information for a VM from VMware. Not as detailed as machine-level WMI or SSH discovery. +- **Ignore Guest UUID:** Do not discover the guest UUID number. +- **Discover vCloud:** Discovers vCloud instances (if using vCloud connector for vSphere, vRealize, and so on) and creates custom fields for any VMware tags. ### Miscellaneous Options @@ -174,13 +164,13 @@ Depending on the permissions granted and your configured password policies, acco }} /> -**Add first discovered disk for VM:** Add the first discovered vHDD to the device properties (the default is false). This might not be accurate for your particular environment so use this option with care. +- **Add first discovered disk for VM:** Adds the first discovered vHDD to the device properties. Off by default. This may not be accurate for your particular environment, so use this option with care. -## Run Now or Schedule +## Run or Schedule the Job -You can schedule the autodiscovery to run on a recurring basis. Specifically, you can choose to run autodiscovery on certain days of the week and at a specific time each day. +You can schedule the discovery to run on a recurring basis on certain days of the week and at a specific time each day. -Select **Add another Autodiscovery Schedule** when creating or editing a job to create a run schedule for that job. +Select **Add another Autodiscovery Schedule** when creating or editing a job to create a run schedule. -When you save the job, you'll see the **Run Now** button to run the job immediately. You can also run the job from the list page. +After saving the job, click **Run Now** to run the job immediately. You can also run the job from the list page. -Newly created jobs will not run on the first day they are created to prevent an unintentionally large number of jobs from running initially. If you would like to run a job after its initial creation, click the **Run Now** button. - -* * * +Newly created jobs will not run on the first day they are created to prevent an unintentionally large number of jobs from running initially. To run a job after its initial creation, click **Run Now**. ## Under the Hood diff --git a/docs/auto-discovery/warranty-autodiscovery.mdx b/docs/auto-discovery/warranty-autodiscovery.mdx index dfefc6cfa..526fb349e 100644 --- a/docs/auto-discovery/warranty-autodiscovery.mdx +++ b/docs/auto-discovery/warranty-autodiscovery.mdx @@ -6,9 +6,11 @@ sidebar_position: 37 import ThemedImage from "@theme/ThemedImage"; import useBaseUrl from "@docusaurus/useBaseUrl"; -Device42 supports the autodiscovery of hardware warranties, making tracking within Device42 a breeze. +Device42 discovers hardware warranties from Dell, IBM, Lenovo, Meraki, and Cisco (Preview), and tracks service contracts, order details, and coverage dates. -The Device42 warranty autodiscovery and management tools find and help you track your hardware warranties from Dell, IBM, Lenovo, and Meraki. The functionality originally started as a standalone script, which still functions, and is now integrated into the main UI. Select **Discovery > Warranty Sync** from the main menu. +This page covers API key setup and how to configure and run a warranty discovery job. Warranty discovery originally started as a standalone script, which still works, but is now integrated into the Device42 Main Appliance. + +Navigate to **Discovery > Warranty Sync** from the main menu. Vendors**. 2. Check the checkbox for the vendors you want to merge. @@ -63,12 +65,10 @@ To merge multiple vendor names into a single vendor name, perform the following ), }} /> -
    -
    ### Set the Model Field -The EnrichAI module has largely automated this requirement: Set the **Model** field to **Dell**, **IBM**, **Lenovo**, or **Meraki**. Hardware with different vendor name variations will not return a warranty. +The data Normalization and Enrichment Service has largely automated this requirement. Set the **Model** field to **Dell**, **IBM**, **Lenovo**, or **Meraki**. Hardware with different vendor name variations will not return a warranty. You can easily add the proper **Vendor Aliases** to the vendors if your vendors are named differently. On the vendor edit screen, update the vendor entries. Enter `dell` for Dell, `ibm` for IBM, `meraki` for Meraki, and `lenovo` for Lenovo: @@ -82,21 +82,33 @@ You can easily add the proper **Vendor Aliases** to the vendors if your vendors ### Get Your API Key -**Dell API key**: Instructions for obtaining a Dell API key are now available from [TechDirect](https://tdm.dell.com/td-auth?lang=en_UShttps://techdirect.dell.com/Portal/Login.aspx?ReturnUrl=%2Fportal%2FAboutAPIs.aspxtdLegacyUrl=%2Fportal%2FAboutAPIs.aspx), which requires a valid Dell login. +- **Dell API key:** Instructions for obtaining a Dell API key are available from [TechDirect](https://tdm.dell.com/td-auth?lang=en_UShttps://techdirect.dell.com/Portal/Login.aspx?ReturnUrl=%2Fportal%2FAboutAPIs.aspxtdLegacyUrl=%2Fportal%2FAboutAPIs.aspx), which requires a valid Dell login. +- **Meraki API keys:** Device42 requires you to [obtain a Meraki API key](https://developer.cisco.com/meraki/api-v1/#!authorization/obtaining-your-meraki-api-key) in order to retrieve warranty information. +- **Lenovo API keys:** Lenovo provides a warranty lookup API key to customers who request it via Lenovo Sales or Support Account Representatives. +- **IBM API keys:** Log in to your [IBM account](https://login.ibm.com/authsvc/mtfim/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:basicldapuser&Target=https%3A%2F%2Flogin.ibm.com%2Foidc%2Fendpoint%2Fdefault%2Fauthorize%3FqsId%3D18d7b5a9-bbe1-4d66-9e31-57a48ef148c5%26client_id%3DOGMyMGQ1MzQtZDFhYi00) to access your warranty lookup information. -**Meraki API keys**: Device42 requires you to [obtain a Meraki API key](https://developer.cisco.com/meraki/api-v1/#!authorization/obtaining-your-meraki-api-key) min order to retrieve warranty information. +### Cisco Support API Info -**Lenovo API keys**: Lenovo provides a warranty lookup API key to customers who request it via Lenovo Sales or Support Account Representatives. +:::info +The required Cisco API, SN2INFO, is not available by default. You need to request access from Cisco. +::: -**IBM API keys**: Log in to your [IBM account](https://login.ibm.com/authsvc/mtfim/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:basicldapuser&Target=https%3A%2F%2Flogin.ibm.com%2Foidc%2Fendpoint%2Fdefault%2Fauthorize%3FqsId%3D18d7b5a9-bbe1-4d66-9e31-57a48ef148c5%26client_id%3DOGMyMGQ1MzQtZDFhYi00) to access your warranty lookup information. +Cisco warranty discovery uses the [Serial Number to Information](https://developer.cisco.com/docs/support-apis/#!serial-number-to-information/get-coverage-summary-by-serial-numbers) (SN2INFO) API and the following endpoint: +`https://apix.cisco.com/sn2info/v2/coverage/summary/serial_numbers/{sr_no,sr_no,sr_no}.` -:::note -If using the standalone warranty script (instructions in the **STANDALONE** section below), Python 2.7 must be installed along with the python library requests. -::: +To get access, [register an application](https://developer.cisco.com/docs/support-apis/#!application-registration/application-registration) on the Cisco API console. When registering, select only the **Client Credentials** checkbox and nothing else; this allows you to use your client ID and secret to generate an OAuth 2.0 authorization token for API requests. + +Most of the configuration information required for a successful Cisco warranty discovery is entered in the App Registration form in the Cisco API console. + +The **Application Type** should be set to **Service**. Once registered, the API should be enabled and displayed in the **My Apps & Keys** section. + +### Meraki Details + +For Meraki warranty discovery, all access points with corresponding serial numbers and hardware models need to have **Meraki** set as the vendor prior to sync. ## Secure Communication Details -Both the UI and the warranty script transmit the same information (relevant serial number(s)) to the appropriate vendor via port 443 SSL. This only includes the API key entered into Device42 if required by the vendor (Dell or Meraki). Payload looks as follows: +Both the UI and the warranty script transmit the same information (relevant serial numbers) to the appropriate vendor via port 443 SSL. The API key entered into Device42 is only included if required by the vendor (Dell or Meraki). The payload looks as follows: ``` payload = {'id': inline_serials, 'apikey': self.api_key, 'accept': 'Application/json'} @@ -110,19 +122,21 @@ Lenovo/IBM - support.lenovo.com https port 443 Meraki - api.meraki.com https port 443 ``` -## Configuring a Job With an API Key +## Configure a Job With an API Key -1. Select **Discovery > Warranty Sync** from the main menu, click **Create**, and **Name** your job. +To set up a warranty discovery job: + +1. Select **Discovery > Warranty Sync** from the main menu, click **Create**, and name your job. 2. Select a **Vendor**: - For Dell or Meraki, be sure to enter your matching API key (see the **API Keys** section above for details on obtaining a Dell or Meraki API key). If you select Dell, ensure you choose the API version from the dropdown. + For Dell or Meraki, enter your matching API key (see the [Get Your API Key](#get-your-api-key) section for details). If you select Dell, choose the API version from the dropdown. - For IBM or Lenovo, you are required to be a large enterprise customer and need to contact a sales representative who will put you in contact with the correct team for the API key. + For IBM or Lenovo, you need to be a large enterprise customer and contact a sales representative who will connect you with the correct team for the API key. -3. Add your API key right by clicking the magnifying glass on the **Access Key** field, clicking **Add Password** in the upper-right corner of the popup, and add your key as shown below. Repeat these steps for the **Secret Key** if necessary. +3. Add your API key by clicking the magnifying glass on the **Access Key** field, clicking **Add Password** in the upper-right corner of the popup, and adding your key as shown below. Repeat these steps for the **Secret Key** if necessary. 4. Choose your **Order Number Type** and **Debug level** options. 5. Set a schedule if desired and save the job. -6. Go ahead and run the job! +6. Run the job. -### Configuring the STANDALONE Warranty Script +## Standalone Warranty Script + +The warranty discovery functionality is now built into the main UI. The standalone script still functions but may be deprecated in the future. The latest version can be [downloaded from GitHub](https://codeload.github.com/device42/warranty_check/zip/refs/heads/master). -1. Create a working directory. Copy the files from [Device42’s `warranty_check` GitHub repo](https://github.com/device42/warranty_check/). +:::note +If using the standalone warranty script, Python 2.7 must be installed along with the Python library `requests`. +::: + +### Configure the Standalone Script + +1. Create a working directory. Copy the files from [Device42's `warranty_check` GitHub repo](https://github.com/device42/warranty_check/). 2. Copy the file `warranty.cfg.example` to `warranty.cfg`. -3. Set the required parameters in `warranty.cfg` **[D42 instance info & API keys]**: +3. Set the required parameters in `warranty.cfg` **[D42 instance info and API keys]**: -4. Run the script! +4. Run the script: ``` $ python starter.py ``` - -### Obtaining the STANDALONE Script - -As noted above, this functionality is now built into the main UI. - -The latest version of the standalone script can be [downloaded from GitHub](https://codeload.github.com/device42/warranty_check/zip/refs/heads/master), although this may be deprecated in future. - -### Cisco Support API Info - -:::info -The required Cisco API, SN2INFO, is not available by default and you need to request access from Cisco. -::: - -Cisco discovery specifically uses the Cisco support API, labeled **Serial Number to Information**, and the following endpoint:  -`https://apix.cisco.com/sn2info/v2/coverage/summary/serial_numbers/{sr_no,sr_no,sr_no}.` - -Visit [![](https://static.production.devnetcloud.com/images/favicon.ico)Cisco Developer](https://developer.cisco.com/docs/support-apis/#!serial-number-to-information/get-coverage-summary-by-serial-numbers) to learn more about the Cisco support API. - -If you have questions about accessing the Cisco Support API, you can register an application on the Cisco API console. Select only the Client Credentials checkbox selected and nothing else. This should allow you to use your client ID and secret to generate an authorization token, using OAuth 2.0 to make requests to the API. - -Visit [![](https://static.production.devnetcloud.com/images/favicon.ico)Cisco Developer](https://developer.cisco.com/docs/support-apis/#!application-registration/application-registration) to learn more about registering an application. - -Most of the configuration information required for a successful Cisco warranty discovery is entered in the App Registration form in the Cisco API console. - -The **Application Type** should be a **Service**. - -The API should be enabled and will be displayed in the **My Apps & Keys** section. - -### Meraki Details - -For Meraki warranty discovery, all access points with corresponding serial numbers and hardware models need to have **Meraki** set as the vendor prior to sync. diff --git a/docs/auto-discovery/windows-and-hyper-v-auto-discovery.mdx b/docs/auto-discovery/windows-and-hyper-v-auto-discovery.mdx index 8fa977534..743c75618 100644 --- a/docs/auto-discovery/windows-and-hyper-v-auto-discovery.mdx +++ b/docs/auto-discovery/windows-and-hyper-v-auto-discovery.mdx @@ -6,15 +6,17 @@ sidebar_position: 38 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -Device42 discovery uses multiple protocols to communicate with the target devices. Either WinRM or WMI can be used for Windows discovery. As of 18.10.00, WMI is the default protocol. +Windows and Hyper-V discovery collects detailed host information, operating systems, services, software, and virtual machine data from Windows-based targets. Device42 can use either WinRM or WMI to communicate with target devices, with WMI as the default. + +This page covers prerequisites, how to create and run Windows and Hyper-V discovery jobs, device naming options, and the minimum permissions required for WMI and WinRM. ## Prerequisites -When using WMI, you need to install the Windows Discovery Service (WDS) and connect to your Remote Collectors (RCs) before setting up your Windows discovery job. For WDS installation instructions and information, visit the [Windows Discovery Service Installation](/getstarted/deploy-device42/windows-discovery-service-installation.mdx) documentation. +When using WMI, install the Windows Discovery Service (WDS) and connect to your Remote Collectors (RCs) before setting up your Windows discovery job. For WDS installation instructions and information, visit the [Windows Discovery Service Installation](/getstarted/deploy-device42/windows-discovery-service-installation.mdx) documentation. ### WinRM Network Requirements -WinRM uses port 5985 (HTTP) or 5986 (HTTPS), depending on the configuration of the target host. These connections come from the RC selected at the top of the jobs page. For configuration within your environment, please refer to the [Microsoft documentation](https://learn.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management). Note that you must enable WinRM on your Windows machines, which can be configured through a Group Policy Object (GPO). +WinRM uses port 5985 (HTTP) or 5986 (HTTPS), depending on the configuration of the target host. These connections come from the RC selected at the top of the jobs page. For configuration within your environment, refer to the [Microsoft documentation](https://learn.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management). You must enable WinRM on your Windows machines, which can be configured through a Group Policy Object (GPO). ### WMI Network Requirements @@ -22,11 +24,11 @@ WMI is based on DCOM/RPC. This means a connection is first initiated on port 135 ### Network Issues -Our support team can provide best-effort assistance in resolving issues. However, for both protocols, it is best to reach out to your network or system admin to resolve connection issues. +The Device42 support team can provide best-effort assistance in resolving issues. However, for both protocols, reach out to your network or system admin to resolve connection issues. ## Discovered Information -Provided with a successful configuration of the discovery account, and given the data's availability, Device42 will gather the following information: +With a properly configured discovery account, Device42 gathers the following information: @@ -51,9 +53,9 @@ Provided with a successful configuration of the discovery account, and given the Within the **Parts** section of device details, the CPU, RAM, and storage entries for the device will be displayed. You may also see additional information such as model number, slot, and location. -## Creating and Running Windows Discovery Jobs +## Create a Windows or Hyper-V Discovery Job -Navigate to **Discovery > HyperVisors / \*Nix / Windows** to set up and save multiple autodiscovery jobs for Windows, Hyper-V, and other platforms. +Navigate to **Discovery > HyperVisors / \*Nix / Windows** to set up and save multiple discovery jobs for Windows, Hyper-V, and other platforms. -1. Click the **Create** button to set up a new Windows or Hyper-V autodiscovery job. +1. Click the **Create** button to set up a new Windows or Hyper-V discovery job. 2. For Windows or Hyper-V discovery, select **Windows** as the **Platform**. - - You can select **Discover Using WinRM** to use the WinRM protocol for discovery, which is fast and Microsoft's preferred protocol. The **URL prefix** and **Port** fields will default accordingly. - :::note - We don't deem it necessary to update existing jobs to use WinRM, as we currently use NTLM, which Microsoft is in the process of deprecating. We'll use Kerberos in the near future. + - Select **Discover Using WinRM** to use the WinRM protocol for discovery, which is fast and Microsoft's preferred protocol. The **URL prefix** and **Port** fields will default accordingly. + :::note + It is not necessary to update existing jobs to use WinRM, as Device42 currently uses NTLM, which Microsoft is in the process of deprecating. Kerberos support is planned for a future release. ::: - - If you're using WinRM, we recommend selecting the **WinRM through WDS** option to run the discovery using the local WDS. Ensure that your WDS service account operates under a domain account and is not set to "Local System", as it doesn't support remote authentication. + - If you're using WinRM, select the **WinRM through WDS** option to run the discovery using the local WDS. Ensure that your WDS service account operates under a domain account and is not set to **Local System**, as it doesn't support remote authentication. -3. Click **Add another Username/Password** to add one or more sets of credentials for the autodiscovery targets. - +3. Click **Add another Username/Password** to add one or more sets of credentials for the discovery targets. + -\***Classic WinRM** is no longer a Platform type as of 18.08.00. Existing Classic WinRM jobs will continue to function. +:::note +**Classic WinRM** is no longer a **Platform** type as of 18.08.00. Existing Classic WinRM jobs will continue to function. +::: -### Windows and Hyper-V discovery Options +### Windows and Hyper-V Discovery Job Options + +The following options are available when configuring a Windows or Hyper-V discovery job. - **Job Name:** Provide a unique name for the job. @@ -103,21 +109,21 @@ sources={{ - **Use Service Account Credentials:** Use the currently logged-in user of the system running WDS to perform WMI discovery. -- **Query domain controller to obtain a list of discovery devices:** Select this to hide the Discovery Target(s) field. Target(s) discovered in this mode are instead defined by the result of the chosen LDAP Criteria, as returned by the specified Microsoft Windows Active Directory Domain or Domain Directory Server. See the [Query domain controller](#query-domain-controller-to-obtain-list-of-discovery-devices-option) section below. +- **Query domain controller to obtain a list of discovery devices:** Select this to hide the **Discovery Target(s)** field. Targets discovered in this mode are instead defined by the result of the chosen LDAP Criteria, as returned by the specified Microsoft Windows Active Directory Domain or Domain Directory Server. See the [Query Domain Controller](#the-query-domain-controller-to-obtain-list-of-discovery-devices-option) section below. -- **Collect database server information:** Select this option to discover Oracle, MSSQL, DB2, and Postgres database servers, and display a **Database Username/Password(s)** field. +- **Collect database server information:** Select this option to discover Oracle, MSSQL, DB2, and Postgres database servers. Displays a **Database Username/Password(s)** field. -- **ADM Sampling Interval:** Turn **Off** or add the sampling interval in minutes or hours. +- **ADM Sampling Interval:** Turn **Off** or set the sampling interval in minutes or hours. -- **Enable Resource Utilization Tracking for Device(s):** Optionally enable the collection of resource utilization metrics from discovered devices. +- **Enable Resource Utilization Tracking for Device(s):** Enable the collection of resource utilization metrics from discovered devices. -- **Resource Utilization Sampling Interval:** Set the interval for RU data collection (only in effect if RU Tracking is enabled). +- **Resource Utilization Sampling Interval:** Set the interval for resource utilization data collection. Only takes effect if resource utilization tracking is enabled. -- **Autodiscovery Schedule:** You can [schedule the discovery](#scheduling-autodiscovery-jobs) to run at certain times. +- **Autodiscovery Schedule:** [Schedule the discovery](#schedule-discovery-jobs) to run at specific times. -### Options To Ignore IPs and MAC Addresses +### Options to Ignore IPs and MAC Addresses -You can ignore IP and MAC addresses to exclude them from our database during autodiscovery. Devices with these addresses will still be discovered but the detailed information that is typically stored and collected will be ignored. +You can ignore IP and MAC addresses to exclude them from the database during discovery. Devices with these addresses will still be discovered, but the detailed information that is typically stored and collected will be ignored. When creating or editing a job, you can configure rules to ignore IP and MAC addresses for that specific job. @@ -153,32 +159,32 @@ The relevant fields when using this discovery mode are as follows: - **Use FQDN:** Use the fully qualified domain name (FQDN). -- **LDAP Criteria:** Choose an LDAP query to execute against the Active Directory (AD). The resultant list will then be targeted for Windows autodiscovery. Select **Custom** to specify a custom LDAP filter or query. +- **LDAP Criteria:** Choose an LDAP query to execute against Active Directory (AD). The resultant list will be targeted for Windows discovery. Select **Custom** to specify a custom LDAP filter or query. **LDAP Query Example: Query Domain Controller** -The following query will search the domain server for all computers with DNS hostname `d42sus.pvt` and autodiscover the matches: +The following query searches the domain server for all computers with DNS hostname `d42sus.pvt` and discovers the matches: ``` (&(objectCategory=computer)(dNSHostName=d42sus.pvt)) ``` -### Discovery with Microsoft LAPS +### Discovery with Microsoft LAPS -Microsoft Local Admin Password Solution (LAPS) is a method of securing AD member servers that randomly generates a server's local admin password and stores it as an attribute of that server's AD object in AD. +Microsoft Local Admin Password Solution (LAPS) secures AD member servers by randomly generating a server's local admin password and storing it as an attribute of that server's AD object. -This password can then be looked up on demand via an AD LDAP query and is often used to support scripted actions that iterate through lists of AD member servers. +This password can be looked up on demand via an AD LDAP query and is often used to support scripted actions that iterate through lists of AD member servers. **Resources:** -- If you want to install LAPS, visit the [Microsoft LAPS download page](https://www.microsoft.com/en-us/download/details.aspx?id=46899). -- For more information, see [the Microsoft security advisory article about LAPS](https://support.microsoft.com/en-us/topic/microsoft-security-advisory-local-administrator-password-solution-laps-now-available-may-1-2015-404369c3-ea1e-80ff-1e14-5caafb832f53). -- If you'd like to deploy LAPS, you might find the [Deploying LAPS guide](https://flamingkeys.com/deploying-the-local-administrator-password-solution-part-1/) helpful. +- To install LAPS, visit the [Microsoft LAPS download page](https://www.microsoft.com/en-us/download/details.aspx?id=46899). +- For more information, see the [Microsoft security advisory article about LAPS](https://support.microsoft.com/en-us/topic/microsoft-security-advisory-local-administrator-password-solution-laps-now-available-may-1-2015-404369c3-ea1e-80ff-1e14-5caafb832f53). +- To deploy LAPS, see the [Deploying LAPS guide](https://flamingkeys.com/deploying-the-local-administrator-password-solution-part-1/). -Device42 supports pulling credentials from LAPS when discovering AD domain member servers that use Microsoft LAPS to manage their local admin passwords. You will see this option **only** when you have checked **Query domain controller to obtain list of discovery devices**. Once checked, you will see **Use LAPS (only Applies to WDS)**. +Device42 supports pulling credentials from LAPS when discovering AD domain member servers that use Microsoft LAPS to manage their local admin passwords. This option appears only when you select **Query domain controller to obtain list of discovery devices**. Once selected, the **Use LAPS (only Applies to WDS)** option is displayed. -Check the **Use LAPS (only Applies to WDS)** checkbox to enable it: +Select the **Use LAPS (only Applies to WDS)** checkbox to enable it. -### Scheduling Autodiscovery Jobs +### Schedule Discovery Jobs -In the **Autodiscovery Schedule** section, you can set as many different autodiscovery schedules as you need to cover your environment. You can choose specific times and days of the week to run the autodiscovery job. +In the **Autodiscovery Schedule** section, set as many different discovery schedules as you need to cover your environment. Choose specific times and days of the week to run the discovery job. -### Job Status and Run Report +## Job Status and Run Report -The **Job Status** section contains information about the last run status of the autodiscovery job. +The **Job Status** section contains information about the last run status of the discovery job. -The **Job Run Report** has summary diagnostic details of `stderr` and `stdout` for the last discovery job. +The **Job Run Report** has summary diagnostic details of `stderr` and `stdout` for the last job run. @@ -348,7 +354,7 @@ The following requirements represent the minimum user account permissions to all
    :::note -For Hyper-V discovery against Windows Server2k12 and newer: Because Microsoft verifies permissions differently on these newer operating systems, you may need to add your Device42 discovery account to the built-in Hyper-V administrators group if discovery fails due to a permissions error. +For Hyper-V discovery against Windows Server 2012 and newer: Because Microsoft verifies permissions differently on these newer operating systems, you may need to add your Device42 discovery account to the built-in Hyper-V administrators group if discovery fails due to a permissions error. ::: 2. Enable the following firewall rules: @@ -369,7 +375,7 @@ For Hyper-V discovery against Windows Server2k12 and newer: Because Microsoft ve 4. Ensure the discovery user account is a member of the **Performance Monitor Users Group** and **Distributed COM Users Group** on the machines targeted for discovery. :::info -If you discover servers that do not belong to a domain, your User Account Control (UAC) settings may be causing issues. Please refer to this [MSDN article](https://learn.microsoft.com/en-us/windows/win32/wmisdk/user-account-control-and-wmi?redirectedfrom=MSDN) to learn more about the effect of UAC on WMI. +If you discover servers that do not belong to a domain, your User Account Control (UAC) settings may be causing issues. Refer to this [MSDN article](https://learn.microsoft.com/en-us/windows/win32/wmisdk/user-account-control-and-wmi?redirectedfrom=MSDN) to learn more about the effect of UAC on WMI. ::: ### Windows ADM Minimum Permissions @@ -384,7 +390,7 @@ For the local administrator method: For the alternate method: -If the `IPC$` and `ADMIN$` shares are inaccessible when setting up the discovery job, you can now use a network share. +If the `IPC$` and `ADMIN$` shares are inaccessible when setting up the discovery job, you can use a network share instead. 1. Specify a share. It can be local to the device or a shared location on your network. 2. Give the scanning account read and write privileges to the new shared location. @@ -428,14 +434,14 @@ Use the `sc.exe sdset scmanager` command to grant `SC_MANAGER_CONNECT` permissio ## Best Practices and Limitations -- If you've populated Device42 with devices before your first discovery run (using CSV imports, spreadsheets, or manual entry), be sure to test discovery against a few devices to check that the selected discovery naming options are correct for your naming convention. For example, if you added `nh-linux01` as a device, autodiscovery could find the hostname `nh-linux01.example.com` and add it as a new device because the names don't match. See the [Device Naming and Duplicate Device Prevention](#device-naming-and-duplicate-device-prevention) section. -- It's best to **run device autodiscovery after running network autodiscovery** or after defining the subnets where your network IPs reside. -- Floating IPs that logically belong to a cluster but are found on a device during autodiscovery will be assigned to that device and **not** the cluster resource. -- You can run the WDS from any or multiple network segments. Communication from the autodiscovery client back to the main Device42 instance requires access via port TCP/443 (HTTPS) to be allowed on your network. +- If you've populated Device42 with devices before your first discovery run (using CSV imports, spreadsheets, or manual entry), test discovery against a few devices to verify that the selected discovery naming options are correct for your naming convention. For example, if you added `nh-linux01` as a device, discovery could find the hostname `nh-linux01.example.com` and add it as a new device because the names don't match. See the [Device Naming and Duplicate Device Prevention](#device-naming-and-duplicate-device-prevention) section. +- **Run device discovery after running network discovery** or after defining the subnets where your network IPs reside. +- Floating IPs that logically belong to a cluster but are found on a device during discovery will be assigned to that device and **not** the cluster resource. +- You can run the WDS from any or multiple network segments. Communication from the discovery client back to the main Device42 instance requires access via port TCP/443 (HTTPS) on your network. ## Legacy Windows 2000 Discovery Prerequisites -If you are looking to discover a legacy Windows 2000-based operating system, a few OS settings need to be tweaked on the machine hosting your WDS to obtain proper results: +To discover a legacy Windows 2000-based operating system, adjust the following OS settings on the machine hosting your WDS: 1. Change or create the `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel` element so that it has the value `1`. 2. Change the WDS service user from `System` to one of the host users (like an admin account). You can try to run a discovery job without this step, but users report failure without making this change. diff --git a/docs/auto-discovery/windows-discovery-troubleshooting.mdx b/docs/auto-discovery/windows-discovery-troubleshooting.mdx index 91f37050d..f4aff8808 100644 --- a/docs/auto-discovery/windows-discovery-troubleshooting.mdx +++ b/docs/auto-discovery/windows-discovery-troubleshooting.mdx @@ -3,58 +3,62 @@ title: "Windows Discovery Troubleshooting" sidebar_position: 39 --- -## Purpose +If your Device42 Windows discovery jobs are failing, use this checklist to systematically diagnose authentication, WMI or WinRM, and connectivity issues. -Use this checklist when your Device42 Windows Discovery jobs are failing due to authentication, WMI/WinRM, or connectivity issues. +This page is organized as a step-by-step troubleshooting flow, starting with basic environment checks and progressing through network, authentication, firewall, and permission validation. For general Windows discovery setup, see [Windows and Hyper-V Autodiscovery](windows-and-hyper-v-auto-discovery.mdx). ## 1. Basic Environment and Discovery Setup +Verify that the fundamental components of your discovery environment are in place. + | Item | Notes | |------|-------| -| Device42 Windows Discovery Job created | Use the correct discovery type (Windows/Hyper-V) | +| Device42 Windows discovery job created | Use the correct discovery type (Windows or Hyper-V) | | At least one **Windows Discovery Service (WDS)** is installed and online | WDS should be registered in Device42 | -| Correct **WDS** selected in job (if applicable) | Job → Advanced Options | +| Correct **WDS** selected in job (if applicable) | **Job > Advanced Options** | | Target hosts specified (IPs or FQDNs resolve properly) | Use valid DNS names or IPs | -| Valid **Windows credentials** assigned to job | Either manual, or WDS "Service Account Credentials" | +| Valid **Windows credentials** assigned to job | Either manual or WDS **Service Account Credentials** | | Job logs show which credentials were attempted | Use debug mode if needed | ## 2. Network Connectivity Checks -Run from WDS or discovery machine: +Run the following tests from the WDS or discovery machine. | Test | Command / Notes | |------|-----------------| -| Ping/Netstat Windows host | `ping HOSTNAME` or IP
    `netstat HOSTNAME` or IP | +| Ping or netstat Windows host | `ping HOSTNAME` or IP
    `netstat HOSTNAME` or IP | | Test port 135 (for WMI) | PowerShell: `Test-NetConnection -ComputerName HOST -Port 135` | | If using WinRM, test port 5985 (HTTP) or 5986 (HTTPS) | `Test-NetConnection -ComputerName HOST -Port 5985` | | Hostname resolves correctly | `nslookup HOSTNAME` | -| If using IPs, DNS isn't required | Ensure IPs are pingable | +| If using IPs, DNS is not required | Ensure IPs are pingable | ## 3. Authentication Validation +Confirm that the credentials used by the discovery job are valid and correctly configured. + | Check | Notes | |-------|-------| -| Credentials are valid and **not expired/locked** | Try login via RDP to confirm | +| Credentials are valid and **not expired or locked** | Try logging in via RDP to confirm | | Domain credentials are fully qualified (e.g. `DOMAIN\user`) | Required for remote auth | -| If using gMSA, WDS service is running as the gMSA | Check Windows Service "Log On As" | -| For gMSA, discovery job set to "Use Service Account Credentials" | Only works with WDS | +| If using gMSA, WDS service is running as the gMSA | Check Windows Service **Log On As** | +| For gMSA, discovery job set to **Use Service Account Credentials** | Only works with WDS | ## 4. Firewall and Port Configuration -On **target** Windows host: +Check the following firewall rules and port settings on the **target** Windows host. | Item | Command / Notes | |------|-----------------| -| Port 135 allowed (for WMI/DCOM) | Windows Firewall inbound rule: "WMI (DCOM-In)" | -| WMI rule enabled | "Windows Management Instrumentation (WMI-In)" | +| Port 135 allowed (for WMI and DCOM) | Windows Firewall inbound rule: **WMI (DCOM-In)** | +| WMI rule enabled | **Windows Management Instrumentation (WMI-In)** | | Ephemeral port range not blocked | Allow dynamic ports or set custom port range for WMI | | WinRM enabled and allowed (if using WinRM) | Run: `winrm quickconfig` on target | | WinRM listener exists | `winrm enumerate winrm/config/listener` | -| WinRM firewall rule enabled | "Windows Remote Management (HTTP-In)" | +| WinRM firewall rule enabled | **Windows Remote Management (HTTP-In)** | -## 5. WMI / WinRM Functionality Tests +## 5. WMI and WinRM Functionality Tests -From WDS or discovery system: +Run these commands from the WDS or discovery system to verify that WMI and WinRM are functioning correctly. ### WMI Test @@ -68,41 +72,47 @@ Get-WmiObject -Class Win32_OperatingSystem -ComputerName TARGET -Credential (Get Test-WSMan TARGET ``` -Or: +Or use the `winrm` command directly: ```powershell winrm id -r:TARGET ``` -| Result | Expect | +| Result | Expected Outcome | |--------|--------| -| WMI command succeeds | Returns OS info | -| WinRM test returns 200 OK | WinRM properly set up | +| WMI command succeeds | Returns OS information | +| WinRM test returns 200 OK | WinRM is properly configured | + +## 6. Permission and Namespace Access -## 6. Permission / Namespace Access +Verify that the discovery account has the required permissions on the target host. | Item | Notes | |------|-------| -| Account has remote WMI permissions | Can use Device42 WMI Tester | -| Can connect to `\\TARGET\root\cimv2` | Use Device42 WMI Tester | +| Account has remote WMI permissions | Use the Device42 WMI Tester to verify | +| Can connect to `\\TARGET\root\cimv2` | Use the Device42 WMI Tester to verify | | Account is in **Distributed COM Users** | Or granted DCOM launch permissions manually | | Account is in **Performance Monitor/Log Users** (optional) | For perf counters | | Account is in **Event Log Readers** (optional) | For Windows events | ## 7. Device42 Job-Specific Settings +Review the following settings within your Device42 discovery job. + | Check | Notes | |-------|-------| | Discovery job set to correct **protocol** (WMI or WinRM) | WinRM recommended where possible | -| Selected WDS is online and has connectivity | Test from same system | -| Job runs with **Debug** enabled for verbose logs | Review log output in Job History | -| Device42 not behind proxy blocking outbound port 443 | For job report / updates | +| Selected WDS is online and has connectivity | Test from the same system | +| Job runs with **Debug** enabled for verbose logs | Review log output in **Job History** | +| Device42 not behind proxy blocking outbound port 443 | For job report and updates | ## 8. If the Job Still Fails +If you have completed the checks above and the job still fails, try the following additional steps. + | Step | Notes | |------|-------| -| Use Device42 **WMI Test Tool** | [Download from Device42](/how-to-videos/wmi-authentication-testing-tool-how-to.mdx) | +| Use the Device42 **WMI Test Tool** | [Download from Device42](/how-to-videos/wmi-authentication-testing-tool-how-to.mdx) | | Use WBEMTest locally | Connect to `\\TARGET\root\cimv2` with credentials | -| Review Device42 job logs for authentication errors | Check for "Access Denied" vs "RPC Unavailable" vs other | -| [Open support ticket with Device42](https://support.device42.com/hc/en-us)| Include logs, test results, account details, and network path info | +| Review Device42 job logs for authentication errors | Check for `Access Denied` vs `RPC Unavailable` vs other errors | +| [Open a support ticket with Device42](https://support.device42.com/hc/en-us) | Include logs, test results, account details, and network path info | diff --git a/docs/auto-discovery/z-os-ibm-mainframe.mdx b/docs/auto-discovery/z-os-ibm-mainframe.mdx index d7a29f02c..4a2045d89 100644 --- a/docs/auto-discovery/z-os-ibm-mainframe.mdx +++ b/docs/auto-discovery/z-os-ibm-mainframe.mdx @@ -7,51 +7,56 @@ import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' :::tip -Are you looking to discover an IBM i/AS400 midrange system? [Click here for the IBM i/AS400 docs page](ibm-i-as400.mdx). +Looking to discover an IBM i/AS400 midrange system? See the [IBM i/AS400 docs page](ibm-i-as400.mdx). ::: -Device42 can discover IBM mainframes running the z/OS operating system, and like most discovery jobs, z/OS discovery can be scheduled to run automatically. +Device42 can discover IBM mainframes running the z/OS operating system, collecting device details, IP addresses, hardware information, services, and disk space data. Like most discovery jobs, z/OS discovery can be scheduled to run automatically. -## IBM z/OS Discovery Job Prerequisites and Information +This page covers prerequisites, how to create and configure an IBM z/OS discovery job, and the latest discovery enhancements. + +## Discovered Information + +IBM z/OS discovery jobs collect the following details: -- **License requirement**: IBM z/OS discovery requires a license. -- **Compatibility**: IBM z/OS discovery works for almost all z/OS systems. -- **Discovered details**: IBM z/OS discovery jobs currently find: - - Device names - - IP addresses (both v4/v6) - - Machine information (serials, capacities, manufacturers, device names) - - OS versions - - Hardware (CEC units) - - Services attached to service ports -- **FTP configuration**: Discovery happens via FTP on port 21. FTP **must** be enabled and connections accepted for an IBM z/OS discovery to succeed. +- Device names +- IP addresses (both IPv4 and IPv6) +- Machine information (serials, capacities, manufacturers, device names) +- OS versions +- Hardware (CEC units) +- Services attached to service ports - Our FTP discovery expects to use the default IBM translation tables — if you encounter an issue with this, please [contact Device42 Support](https://support.device42.com/). +## IBM z/OS Discovery Job Prerequisites and Information + +Review the following requirements and details before setting up an IBM z/OS discovery job. -- **Netstat communication**: Device42 requires access to the TSO `NETSTAT CONN` command. -- **Permission**: Collecting disk information requires access to the `STGADMIN.IDC.DCOLLECT` profile. -- **Security** No special security rights are required. A standard TSO logon is sufficient. +- **License requirement:** IBM z/OS discovery requires a license. +- **Compatibility:** IBM z/OS discovery works for almost all z/OS systems. +- **FTP configuration:** Discovery happens via FTP on port 21. FTP **must** be enabled and connections accepted for an IBM z/OS discovery to succeed. The FTP discovery expects to use the default IBM translation tables. If you encounter an issue with this, [contact Device42 Support](https://support.device42.com/). +- **Netstat communication:** Device42 requires access to the TSO `NETSTAT CONN` command. +- **Permission:** Collecting disk information requires access to the `STGADMIN.IDC.DCOLLECT` profile. +- **Security:** No special security rights are required. A standard TSO logon is sufficient. -Discovery is a non-intrusive process, as no files are created on the z/OS system and no software is installed on the z/OS system. +Discovery is a non-intrusive process, as no files are created and no software is installed on the z/OS system. One discovery job must be created **per job card**. If multiple instances share the same job card (as configured), they can be discovered in the same job, but this is often not the case. ## IBM z/OS Discovery Updates -Device42 has enhanced IBM z/OS discovery with additional capabilities and device results. +Device42 has enhanced IBM z/OS discovery with the following additional capabilities and device results. -- **Processor information**: The number of IBM z Integrated Information Processors (zIIPs) and IBM z Application Assistance Processors (zAAPs) are recorded as components on the device record. -- **Disk space details**: The number of drives, their capacity, and their space used (in TB) are captured as mount points on the device. Note: Access to the `STGADMIN.IDC.DCOLLECT` profile is required to collect disk information. -- **User and connection data**: Information on current TSO users, TN3270 connections, and GCP processor capacity in MIPS is added in the form of extra fields on the device record. -- **Database and queue managers**: The data of executing DB Managers for DB2 and IMS/IBM MQ Managers is captured as **Services**. +- **Processor information:** The number of IBM z Integrated Information Processors (zIIPs) and IBM z Application Assistance Processors (zAAPs) are recorded as components on the device record. +- **Disk space details:** The number of drives, their capacity, and their space used (in TB) are captured as mount points on the device. Access to the `STGADMIN.IDC.DCOLLECT` profile is required to collect disk information. +- **User and connection data:** Information on current TSO users, TN3270 connections, and GCP processor capacity in MIPS is added as extra fields on the device record. +- **Database and queue managers:** The data of executing DB Managers for DB2 and IMS or IBM MQ Managers is captured as **Services**. ## Create an IBM z/OS Mainframe Discovery Job -Navigate to **Discovery > HyperVisors / \*nix / Windows**, and click **Create** to create a new discovery job. +Navigate to **Discovery > HyperVisors / \*nix / Windows** and click **Create** to create a new discovery job. The following options are available. -- **Job Name:** Enter a unique name to identify the IBM z/OS autodiscovery job. -- **Remote Collector:** Optionally, specify a Remote Collector from which to run discovery, instead of from the Main Appliance. -- **Job Debug level**: Turn debug on or off. -- **Platform:** Select **BM z/OS** for mainframe discovery. +- **Job Name:** Enter a unique name to identify the IBM z/OS discovery job. +- **Remote Collector:** Optionally, specify a Remote Collector from which to run discovery instead of from the Main Appliance. +- **Job Debug level:** Turn debug on or off. +- **Platform:** Select **IBM z/OS** for mainframe discovery. - **Discovery Target(s):** Specify the FQDN or IP address of the IBM z/OS target you want to discover. If using FQDN, ensure Device42 is set up to resolve DNS. Configure the DNS settings in your Device42 virtual machine (VM) console. - **Port:** Only change this if your admin has configured a custom listening port. IBM z/OS discovery uses FTP port 21 by default. - **ADM Sampling Interval:** Specify the application dependency mapping (ADM) data collection interval. @@ -64,85 +69,85 @@ Navigate to **Discovery > HyperVisors / \*nix / Windows**, and click **Create** }} /> -- **Discovery Target(s) Credential(s):** Specify a username with permissions on your z/OS mainframe. Usernames are not case sensitive on z/OS. +- **Discovery Target(s) Credential(s):** Specify a username with permissions on your z/OS mainframe. Usernames are not case-sensitive on z/OS. - - -- **Discover Using FTPS**: Use FTPS for the discovery job. + + +- **Discover Using FTPS:** Use FTPS for the discovery job. - **Job Card:** Input the job card specific to this discovery job. You may need to contact your administrator to get this information. One job card is required per job, and a new z/OS discovery job must be created for each additional job card. -- **Alternate zOS TCP Command:** Enter a parameter you can use to specify the TCP command used in discovery. - - - -- **Autodiscovery Schedule:** Optionally, you can set z/OS discovery jobs to automatically run on a schedule. - - - -- **Job Status:** View or enter the status of the last discovery job or task run. -- **Exclusions:** Input any IP addresses or FQDNs to exclude from the associated discovery job. -- **Naming Options**: Set a device name, as given in the server field of the job, and add non-authoritative aliases. - - - -- **Host Discovery**: Select options for the host OS name, serial number, and UUID, then specify the action to take if no VM is found, and select an object category for discovered devices. +- **Alternate zOS TCP Command:** Specify the TCP command to use in discovery. + + + +- **Autodiscovery Schedule:** Set z/OS discovery jobs to run automatically on a schedule. + + + +- **Job Status:** View the status of the last discovery job run. +- **Exclusions:** Enter any IP addresses or FQDNs to exclude from the discovery job. +- **Naming Options:** Set a device name as given in the server field of the job, and add non-authoritative aliases. + + + +- **Host Discovery:** Select options for the host OS name, serial number, and UUID. Specify the action to take if no VM is found and select an object category for discovered devices. - - -- **Software and Applications**: Select options to discover software and services. - - - -- **Miscellaneous**: Select the service level, the service customer, the device VRF group, and tags. - - - -For information on other jobs that can be run via this screen, see the dedicated [Linux / Unix Discovery Docs page](/auto-discovery/linux-unix-server-auto-discovery.mdx). - -## Run Now - -Newly created jobs will not run on the first day they are created, to prevent an unintentionally large number of jobs from running initially. If you would like to run a job after its initial creation, select **Run Now** on the job details page. + + +- **Software and Applications:** Select options to discover software and services. + + + +- **Miscellaneous:** Select the service level, service customer, device VRF group, and tags. + + + +For information on other jobs that can be run via this screen, see the [Linux and Unix Server Discovery](/auto-discovery/linux-unix-server-auto-discovery.mdx) page. + +## Run a Discovery Job + +Newly created jobs will not run on the first day they are created to prevent an unintentionally large number of jobs from running initially. To run a job after its initial creation, select **Run Now** on the job details page. `, numbers are en }} /> -## Search Value Formatting: +## Search Value Formatting + +Use specific formatting in advanced search queries for different data types. ### Text -Most search values in our advanced search should be enclosed with double quotes. For example, to search for things with name _Test Device_, the query would be: +Most search values in advanced search should be enclosed with double quotes. For example, to search for things with name _Test Device_, the query would be: `name = "Test Device"` @@ -95,6 +95,8 @@ Numbers should be entered as just number values (integer or float, depending on ## Operators +Use the following operators in advanced search queries. + ### EQUALS (=) The `=` operator can be used for exact searches. This is a case-sensitive lookup on a column for a specific value. When using this operator on a column that represents a list of values, the value you search on will be compared to each value in the list – if it matches on any, that record will return. @@ -103,7 +105,7 @@ Example: `vendor_resource_type = "EBS"` -This will get back all items with Vendor Resource Type _EBS_. +This returns all items with Vendor Resource Type _EBS_. Example of column representing a list (IP Column on Device List page): @@ -111,7 +113,7 @@ Example of column representing a list (IP Column on Device List page): will return all records that contain the _10.90.10.20_ IP address. -#### Special Values +### Special EQUALS Values **EMPTY –** the ‘EMPTY’ keyword can be used to represent a ‘null’ or ‘blank’ value. @@ -131,11 +133,11 @@ For example, `vendor_resource_type != "EBS"` -This will get back all items that do NOT have Vendor Resource Type of “EBS”. +This returns all items that do NOT have Vendor Resource Type of “EBS”. ### IN and NOT IN -`IN` and `NOT IN` are simply short hand for multiple `=` or `!=` clauses, respectively. For example, +`IN` and `NOT IN` are shorthand for multiple `=` or `!=` clauses, respectively. For example, `vendor_resource_type IN ("EBS", "Mountpoint")` @@ -147,7 +149,7 @@ As you can see from the example, IN and NOT IN values **must** be enclosed with ### CONTAINS -The `contains` operator can be used for case-insensitive, partial search on text columns. As with the Equals operator, you can use this operator on a column representing a list – the partial match will be tried against each item in that list. Contains values **must** be enclosed by parenthesis. +The `contains` operator can be used for case-insensitive, partial search on text columns. As with the Equals operator, you can use this operator on a column representing a list – the partial match will be tried against each item in that list. Contains values **must** be enclosed by parentheses. Examples: @@ -161,7 +163,7 @@ will return all objects with a Service Command Line Argument that contain the te ### NOT CONTAINS -The not contains operator can be used to retrieve values that do not match the specified case-insensitive substring for text columns. As with the Equals operator, you can use this operator on a column representing a list – the partial non-match will be tried against each item in that list. Not Contains values must be enclosed by parenthesis. +The not contains operator can be used to retrieve values that do not match the specified case-insensitive substring for text columns. As with the Equals operator, you can use this operator on a column representing a list – the partial non-match will be tried against each item in that list. Not Contains values must be enclosed by parentheses. Examples: @@ -175,7 +177,7 @@ will return all objects with a Service Command Line Argument that do not contain ### COMPARATORS `(>, >=, <, <=)` -The comparator operators can be used with number, date, and IP columns. As with the Equals operator, when using any of these operators on a column representing a list, the comparison will be done against each element in the list & if any are true, the record will return. +The comparator operators can be used with number, date, and IP columns. As with the Equals operator, when using any of these operators on a column representing a list, the comparison will be done against each element in the list and if any are true, the record will return. Simple examples: @@ -187,11 +189,11 @@ to find all objects added before June 18, 2022 to find all objects with listener ports under 25. -##### Special Values +### Special COMPARATOR Values **Interval** -The interval value can be used for date columns. interval is a special operator you can use to filter date columns using a specified offset rather than an explicit date (this works only with the `<=` or `\>=` operators). The search values for an interval operation are `
    +## DOQL API Query Parameters + +The following database query parameters can be used with DOQL via the API. The required parameters are `query` and `output_type`. + +- **`query`**: This is the DOQL query you want to run, a `SELECT` command that returns results as CSV data (required). +- **`delimiter`**: This specifies the character that separates columns within each row (line) of the file. The default is a comma (`,`). This must be a single one-byte character. +- **`header`**: If `yes`, this specifies that the file contains a header line with the names of each column in the file. On output, the first line contains the column names from the table. +- **`quote`**: This specifies the quoting character to be used when a data value is quoted. The default is a double-quote (`"`). It must be a single one-byte character. +- **`null_string`**: A parameter defining how null values are represented in the CSV. The default is an empty string, but you can customize this (for example, to represent nulls with a specific string like `'NULL'`). +- **`quote_escape`**: This specifies the character that should appear before a data character that matches the `QUOTE` value. The default is the same as the `QUOTE` value (so that the quoting character is doubled if it appears in the data). It must be a single one-byte character. +- **`output_type`**: Get JSON results by setting this parameter to `json`. + ### Query Results in JSON Format If you'd like your DOQL query results in JSON format, set the `output_type` query parameter to `json`. For example: @@ -50,19 +62,7 @@ If you'd like your DOQL query results in JSON format, set the `output_type` quer ``` -### DOQL API Query Parameters - -The following database query parameters can be used with DOQL via the API. The required parameters are `query` and `output_type`. - -- **`query`**: This is the DOQL query you want to run, a `SELECT` command that returns results as CSV data (required). -- **`delimiter`**: This specifies the character that separates columns within each row (line) of the file. The default is a comma (`,`). This must be a single one-byte character. -- **`header`**: If `yes`, this specifies that the file contains a header line with the names of each column in the file. On output, the first line contains the column names from the table. -- **`quote`**: This specifies the quoting character to be used when a data value is quoted. The default is a double-quote (`"`). It must be a single one-byte character. -- **`null_string`**: A parameter defining how null values are represented in the CSV. The default is an empty string, but you can customize this (for example, to represent nulls with a specific string like `'NULL'`). -- **`quote_escape`**: This specifies the character that should appear before a data character that matches the `QUOTE` value. The default is the same as the `QUOTE` value (so that the quoting character is doubled if it appears in the data). It must be a single one-byte character. -- **`output_type`**: Get JSON results by setting this parameter to `json`. - -### The Data Dictionary, ERD, and Viewer Schema +## The Data Dictionary, ERD, and Viewer Schema The Data Dictionary is available in JSON format via the API at the following endpoint: @@ -168,7 +168,7 @@ The query URL links to the DOQL query API endpoint and returns the results of th }} /> -## Device42 DOQL Notes +## DOQL Notes - Wherever possible, DOQL syntax is equivalent to PostgreSQL syntax, but this document highlights the areas where the two syntaxes differ. - `POST` calls are recommended rather than `GET` calls, as the URL length isn't limited in `POST` calls. @@ -267,7 +267,7 @@ Below is a sample database schema in JSON format: ``` -## Obtaining DOQL Support +## Get DOQL Support Generate DOQL queries by entering natural language descriptions in the **InsightsAI** chat, under **Analytics > InsightsAI** on the MA. See the [InsightsAI page](insightsai.mdx) for more details. diff --git a/docs/reports/device42-doql/insightsai.mdx b/docs/reports/device42-doql/insightsai.mdx index 6f5ead4e1..bf46eb246 100644 --- a/docs/reports/device42-doql/insightsai.mdx +++ b/docs/reports/device42-doql/insightsai.mdx @@ -6,7 +6,7 @@ sidebar_position: 3 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -InsightsAI generates queries from the natural language descriptions you provide to quickly generate DOQL queries and tailored reports from your CMDB. +InsightsAI generates queries from the natural language descriptions you provide to quickly generate DOQL queries and tailored reports from your CMDB. The prompts you enter are sent to the `ai42.device42.io` endpoint. When you type plain English messages, like “Which SSL/TLS certificates are expiring in the next 90 days?” or "Find all Resources where name contains 'Nested'," InsightsAI creates queries that can be executed without requiring deep knowledge of the query language or data model. You can preview the results and refine the query as needed. diff --git a/docs/reports/reports/cloud-recommendation-engine.mdx b/docs/reports/reports/cloud-recommendation-engine.mdx index 1b7e25c06..0d55991ff 100644 --- a/docs/reports/reports/cloud-recommendation-engine.mdx +++ b/docs/reports/reports/cloud-recommendation-engine.mdx @@ -6,8 +6,6 @@ sidebar_position: 6 import ThemedImage from '@theme/ThemedImage' import useBaseUrl from '@docusaurus/useBaseUrl' -## What Is the Cloud Recommendation Engine? - The Cloud Recommendation Engine is a powerful feature that can provide you with exactly the details you need to plan your next cloud migration, compare costs between Amazon AWS, Microsoft Azure, Google Cloud Platform, Oracle, and VMware Cloud on AWS cloud platforms, and right-size your next cloud deployment. Select **Analytics > Reports > Cloud Recommendation Engine** and get clear recommendations for sizing cloud instances to suit your physical or virtual workloads. diff --git a/docs/reports/reports/discovery-quality-scores.mdx b/docs/reports/reports/discovery-quality-scores.mdx index 12be9ee0c..862cc7497 100644 --- a/docs/reports/reports/discovery-quality-scores.mdx +++ b/docs/reports/reports/discovery-quality-scores.mdx @@ -46,7 +46,7 @@ Clicking on any of the items in the **Discovery Targets** column will bring yo }} /> -### Discovery Score Column Details +## Discovery Score Column Details Each discovered device in the list on the Discovery Score view page includes helpful statistics that offer insight into what was discovered from each device. diff --git a/docs/reports/reports/export-records.mdx b/docs/reports/reports/export-records.mdx index 3660f8b5b..a7593f383 100644 --- a/docs/reports/reports/export-records.mdx +++ b/docs/reports/reports/export-records.mdx @@ -10,7 +10,7 @@ The **Tools > Exports (CSV)** menu gives you options for exporting data from Dev You can also export data via the **Reports** menu under **Analytics** and via the APIs. -### Exporting Records and Generating Reports +## Export Records and Generate Reports Jobs Dashboard**. The dashboard has three other sub-dashboards: **Completed Jobs**, **Queue Processing Stats**, and **Other Jobs Summary**. Settings > Mail Server Settings** to add the mail server settings. Please note that passwords are not saved on the page. If you change any field and a password is required, you will need to re-enter the password. @@ -20,7 +20,7 @@ Go to **Tools > Settings > Mail Server Settings** to add the mail server setting }} /> -### Understanding Scheduling +## Understand Scheduling On the Standard Report add page, toggle the **Report Schedule** option on to reveal the email address field and schedule options. @@ -49,7 +49,7 @@ Also, please go to **Tools > Settings > Time Settings** to verify that your time /> -### Export Report to Excel +## Export Report to Excel On the Standard Report add page, enter a unique name for the Standard Report, click **Export**, and select **Excel**. Selecting this option delivers the report in the form of an Excel Spreadsheet. diff --git a/docs/what-is-device42.mdx b/docs/what-is-device42.mdx index 52648807a..7adca6f0a 100644 --- a/docs/what-is-device42.mdx +++ b/docs/what-is-device42.mdx @@ -55,9 +55,9 @@ Device42's powerful DCIM features streamline data-center modeling with intuitive Insights+ provides out-of-the-box reports and dashboards, plus the ability to harness InsightsAI, a [chat-style interface](reports/device42-doql/insightsai.mdx), for creating custom reports and dashboards by generating SQL code or retrieving precise answers instantly. -### [EnrichAI®](auto-discovery/enrichai-data/index.mdx) +### [Data Normalization and Enrichment Service](auto-discovery/enriched-data/index.mdx) -EnrichAI uses artificial intelligence and third-party data to add to and improve your already discovered IT data, across vendors, operating systems, and software names, end-of-life (EOL) and end-of-support (EOS) dates, and other data. +The data Normalization and Enrichment Service uses artificial intelligence and third-party data to add to and improve your already discovered IT data, across vendors, operating systems, and software names, end-of-life (EOL) and end-of-support (EOS) dates, and other data. ### [Warranty](auto-discovery/warranty-autodiscovery.mdx) and [SSL Certificate Management](/auto-discovery/certificate-auto-discovery.mdx#add-ssl-certificate-discovery-job) diff --git a/docusaurus.config.js b/docusaurus.config.js index c7bb3c35d..555bf0f00 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -1228,12 +1228,12 @@ const config = { from: ['/how-to-videos/update-d42-how-to/'], }, { - to: '/auto-discovery/enrichai-data/enrichai-opt-out', - from: ['/enrichai-data/enrichai-opt-out/'], + to: '/auto-discovery/enriched-data/enriched-data-opt-out', + from: ['/enrichai-data/enrichai-opt-out/', '/auto-discovery/enrichai-data/enrichai-opt-out'], }, { - to: '/auto-discovery/enrichai-data/', - from: ['/enrichai-data/'], + to: '/auto-discovery/enriched-data/', + from: ['/enrichai-data/', '/auto-discovery/enrichai-data/'], }, ], },