Terms in this set (214)
What are the 5 steps in Discovery?
1) ServiceNow puts output instructions on the ECC queue
2) A regular job runs on the MID server polling the ServiceNow instance
3) Depending on the type of probe, the MID Server begins interrogating the network
4) Responses are logged in the ECC queue as inputs
5) Discovery patterns decipher what course of action to take with the payload
What is the MID Server monitor checking for when polling SNOW?
Checking ECC queue entries with a value of Output and status of Ready
What are the 4 discovery phases?
1) Port Scan Phase
What happens during Port Scan phase?
It's a Shazzam probe that scans for all active services, essentially saying "Are you out there?"
What happens during the Classification Phase?
Determines the device type and how to classify it
What happens during the Identification Phase?
Determines the CI's existence and if it has ever seen it before
What happens during the exploration phase?
Explores the CI device for more information about itself
What does the dependency view show?
Shows how to CI are related. If one CI "runs on" another or "depends on" another
What's the difference between Service Mapping and Discovery?
Discovery runs horizontally looking for all CIs in an IP range, while Service Mapping is vertical interrogating CIs related to each other to define a business service
What's the primary purpose of the MID server?
To facilitate communication and movement of data between the ServiceNow platform and external application behind the enterprise firewall
What is a MID server?
A lightweight Java process that runs on a Windows or Linux server
What are probes?
Probes are what is launched by the MID server to gather information and bring it back
What are the 5 steps to installing a MID Server?
1) Download the MID server and JRE packages
2) Extract files and install JRE
3) Run MID installer
4) Validate MID
5) Update services Credentials
What should you keep in mind when installing multiple MID servers on the same Server?
The Wrapper name and Wrapper display name must be unique to the MID server
Where can you validate that a MID server is up and running?
Under the MID servers module, you can view the connectivity of the MID servers to the ServiceNow instance
How does the instance validate that a MID server is up and running?
The instance will put out a Heartbeat probe every 5 minutes, which the MID server will read just like any other probe. If if responds back then it will mark it as up, if not then it will mark it as down
How often does the MID server check if the instance needs to be upgraded?
When will changes to MID server parameters take effect?
Only when a MID server starts or restarts
What does ECC queue stand for?
Electronic Communication Channel Queue
How much does the MID server compress data when uploading to the SNOW input ECC?
MID servers compress data 10 to 1 when uploading to the input ECC queue
What are the 3 states of an ECC queue record?
How many instances can a MID server communicate with?
Only 1 at a time
How would you reconfigure a MID server to a new instance?
Rerun the MID server installer and input new URL and credentials
What fields are required when setting up a discovery job?
What are the related lists of a Discovery Schedule?
What are the 4 high level groups of Discovery troubleshooting?
Probes, Sensors, Process Classifiers
Credentials such as username and password are used to gain access into computers for Discovery. Where are these credentials stored?
They are stored in an encrypted field on the Credentials Table
How does the MID server store credentials?
The MID Server pulls down credentials and stores them locally
What happens when credentials are submitted or updated on the discovery_credentials table?
They are encrypted with a fixed instance key
When credentials are requested by the MID server what are the steps the platform takes to decrypting?
1) Credentials are decrypted on the instance with a fixed key
2) The credentials are re-encrypted on the instance with the fixed web service key
3) The credentials are encrypted on the instance with SSL
4) The credentials are decrypted on the MID server with SSL
5) The credentials are decrypted on the MID server with fixed web service key
What is credential affinity?
Credential Affinity is when discovery or orchestration first attempts to access a device, it uses all credentials. As soon as it finds the credentials it creates an affinity relationship for quicker access next time
What table are credential affinitys stored?
What version of PowerShell does ServiceNow support?
PowerShell 2.0 or later?
What is required to Discover Windows based systems?
You need to have PowerShell running on the MID server?
What is a likely scenario if you receive two credential authentication errors?
Powershell is enabled correctly, however both the Windows credentials and Windows Service credentials are incorrect, resulting in two authentication errors
What is the configurable property to disable accessing the Windows Service Credentials?
In what order will Discovery attempt to use credentials for Windows systems?
It will attempt all Windows credentials and then it will attempt Windows Service credentials as a last ditch effort
What kind of credentials are used when discovering UNIX or LNUX devices?
What level of credentials must be used when trying to access UNIX and LINUX devices?
How do you enable the use of sudo privileges for accessing UNIX or LINUX devices?
Set the parameter must_sudo to true on the discovery record. Sudo must also be enabled on the system's side
What is the likely reason for error:
UNIX SSHCommand: No credential found for types [SSH Password, SSH Private Key]
No SSH credential was supplied
Differences between Quick discovery and Discovery Schedule?
Quick discovery is meant to discover one IP address to test credentials or connection while discovery schedule is used to discover a batch of devices.
Both require the same information, MID server, IP ranges, Name, Etc...
Where can you view a list of all devices captured through Discovery?
Where can you view details about all Discoveries ran?
What type of credential do you need to access a Red Hat Linux server?
SSH Private Key
What are external storage credentials?
Enables the ServiceNow instance to access an external credentials repository instead of accessing directly from the ServiceNow credentials table
What must you enable to use External Storage Credentials?
You must enable the associated plugin
When will ServiceNow search through the External Storage Credentials?
Only when the credential has the "External Storage" box checked
Microsoft SQL Servers require additional configurations. What happens if you do not make those configurations?
SQL Server will be discovered but only with a few attributes
What attributes of a SQL server will be gathered if the MID Server is configured correctly? (9 attributes)
MS SQL Catalogs
To successfully discover vmWare what two types of credentials must you have?
Why does it take two credentials to discover VMware?
You need windows credentials to access the server hosting the vCenter server and vmWare credentials to access the vCenter server
What type of credential is used to gain access to a host server in a SAN environment?
Windows or UNIX credential types
What type of credential is needed to gather information on SNMP enabled devices such as routers, switches, and printers?
SNMP Community Strings
DO SNMP credentials include a username?
No, just a password.
What must you do if SNMP devices use Access Control Lists?
The MID Server IP address must be added to SNMP access list in order for them to properly communicate with on another
What steps would an organization ned to take if they want to discover their routers?
1) Create a discovery schedule to discover routers
2) Define SNMP credential
3) Create an SNMP behavior
4) Change port probe classification priority
Explain what exactly happens during a Port Scan Phase?
A Shazzam probe is launched to discover open ports on devices on the network. The data returned is used by the Shazzam sensor to identify certain characteristics about the device. Discovery makes certain assumptions about what types of devices run on certain ports.
How would an organization go about changing the default port numbers that the Shazzam probe queries?
Configuring the Discovery Port Probes and IP Services
How does the Shazzam probe optimize efficieny?
It splits the IP ranges into batches (ex: 2 batches of 150 IP adresses) so that it can begin classifying before it finishes Port scanning all devices
What is the default batch size of a shazzam probe?
What is the minimum batch size of a shazzam probe?
How does ServiceNow enforce a minimum batch size?
A UI policy converts any number below 256 to 0, because batch sizes below that amount do not benefit from clustering
What details of a discovered device does Shazzam XML payload show?
How can you tell if something is a Probe or Sensor?
In the ECC queue, in the Queue column:
Sensor records are in the input Queue
Probe records are in the output queue
What are possible reasons for receiving "No results returned from probe"
- File and Printer sharing inbound rules are not enabled for ICMP - Windows Firewall
- No device exists for that IP
- Devices do not respond to any of the Shazzam probe ports
What exactly happens during the Classification phase?
Classify sensors process the data gathered from the probes and compare against the configurable criteria
How are computers classified in the Classification Phase?
By Operating System
What property do you need to enable to log all of the classifies that were tried for a Discovery, including the attributes and values being tested?
glide.discovery.debug.classification = true
What exactly happens during the Identification Phase?
Discovery attempts to find the device in the CMDB. If found it will update, if not it will insert
What is the main reason for duplicate CI items?
Multiple sources populating the CMDB, including discovery and Excel imports
Identifiers are records that help the Identification phase identify any existing CIs
What is the Applied To field on the CMDB table?
This field holds the table that the CIs are classified to during discovery. The identifier entries can search through this table or any related ones
What are the Criterion attributes on the Identifier Entries record?
These are the fields that will be tried for matching
What are Reconciliation Definitions?
These specify the attributes that a data source is authorized to update
What is Datasource Precedence?
If two datasources are authorized to update the same attributes or tables, this sets an order to the sources and will not allow a higher order from overwriting a lower order
What exactly happens during the Exploration Phase?
Probes and Patterns are launched to explore the CI for more information about itself
What can you do in the Discovery Configuration Console?
- Determine which types of devices are scanned in the Shazzam phase
What are likely reasons for troubleshooting in Port Scan Phase?
-Firewalls preventing connectivity
- IP Ranges not defined correctly
- Inaccurate behavior deployed for device
What are likely reasons for troubleshooting in Classification Phase?
- Inaccurate credentials preventing access to device
- Classifiers not accurately defined
What are likely reasons for troubleshooting in Identification Phase?
- CI Identifiers
- Duplicate records created
- Reconciliation definition/Datasource precedence
What are likely reasons for troubleshooting in Exploration Phase?
- Information not being returned as expected
- Information returned as XML but does not show up on form
- Process classifiers not defined correctly
What happens if multiple matches are found during the discovery process?
It will not get passed the identification phase and will log a duplicate error problem
How do classifiers work?
Within a classifier there are classification criteria, and if those criteria are met then Discovery will use that classification
What is the software installation table by default?
What is the software installation table by SAM?
What does Input on the ECC queue signal?
Something coming back into ServiceNow
What does AMB stand for?
Asynchronous Message Bus
How often does ServiceNow send a heartbeat probe to the MID server?
Every 5 minutes
Is concurrent schedule possible in ServiceNow?
What permissions are needed for Linux?
What permissions are needed for Networks?
How can you find out if Powershell is installed on midServer?
Type powershell into command line.
Or $PSVersionTable to get the version
Where can you change discovery Identification parameters?
What is the OOTB order of Port probes?
What view displays application dependencies?
Business Service Map (BSM)
Sensors stay in the instance and Probes travel to the host?
Which roles are required to be assigned to a MID server?
mid_server role, SOAP roles
Discovered hardware populates which table?
Which type of server needs two credentials?
ESX Severs (Windows and vCenter credentials)
Running discovery can be cancelled?
What is the default Shazzam batch size?
Where can running discovery logs be found?
What encryption does ServiceNow use to store credentials in the Discover Credentials table?
3 DES Encryption
What is the paramter name on the MID server record to disable the use of credentials if required?
What does '.' or '.ssh' indicate?
Does SNMP use a username and password?
No, just a password.
Can you configure multiple port per probe?
Protocal vs Port
SSH on 22
WMI on 135
SNMP on 161
If discovery does not go beyond the port scan, what ca you assume is the issue?
If discovery does not go beyond the classification phase, what can you assume is the issue?
What could be the issue if information is not returned as expected?
Trigger probe or custom probe/pattern is not configured correctly
What could be the issue if information is returned in the XML payload but not displayed in the form properly?
Custom sensors were not scripted properly
What's one reason discovery does not get past the identification phase?
Duplicate records were found
Application dependency mapping view displays what kind of relationships
App to Host
App to App
Why use process handlers?
a. Process handler can to configured to help with the situations where the parameter might contain changeable port.
b. It can overwrite the data gathered from process on the running process list for the discovered host.
c. It can make sure that the data is same after restart by running a script and therefor eliminating duplicate CI's.
d. All ----------------- Correct
How many CI identifiers can you have per CI class?
What can you do to process Shazzam probe across multiple MID servers?
Select "Shazzam Cluster Support"
If a MID Server fails, which business rule selects the next highest available MID Server?
MID Server Cluster Management Server
What do sensors do in Discovery?
- Parse the result from a probe
- Update the CMDB
- Trigger another probe
During what phase are application dependencies discovered?
When ServiceNow automatically creates an application, what is the default naming convention?
<name of process classifier>@<Name of the computer where the CI resides>
What is a process handler?
In the event of an application restart, if any values of the application change like port, the process handler is able to recognize that and overwrite the changed values in order to eliminate duplicate CIs
How many CI identifiers can you have per CI class?
What is the CI Class Manager?
The CI Class manager allows you to look at different CI Classes and how they are related to one another, different attributes about the class, and how it's identified
What is a MID Server cluster?
A grouping of MID Servers that essentially balances the load of work by both continuously checking the ECC queue and executing as necessary. This is valuable for load balancing or failover protection
What is a load balance cluster?
If the cluster business rule determines a MID Server is a part of a cluster the application using the MID server automatically balances the load between the MID servers in that cluster
What happens during Port Scan phase if a MID server cluster is used?
The MID server defined in the schedule will execute the entire port scan, if Shazzam cluster support is not selected
*Load balancing will take place if cluster support is selected
What must MID Servers have to be in a cluster?
A Capability defined
What should you set a MID server to to make it available to any cluster?
Set to "All"
A MID Server in a cluster must have the same capabilities as the MID server it is expected to replace
What business rule determines the next MID server in line in the event of a failure?
MID Server Cluster Management Business Rule
Do failover MID server clusters load balance?
What are the 3 ways of extending Discovery?
Probes & Sensors
What is the purpose of Sensors?
- To parse the information sent returned from the probe and posted in the ECC queue
- To update the CMDB
- To trigger other probes
What must you do to read information gathered from a probe?
Associate a sensor to that probe
What are the two types of horizontal discovery patterns?
What are infrastructure patterns used for?
To discover hardware or hosts including servers, load balancers, power, and network devices
What are applications patterns used for?
To discover an application running on a host
What does the pattern designer consist of?
Left column: Steps the pattern will take to update or create a CI
Middle column: Select and define operation for gathering data
Right column: View and interact with temporary variables
What are the 4 different operation choices in the pattern designer?
What is the Query operation pattern?
These are methods that interrogate the target for information (ex: get process, get registry key)
What is the Parse operation pattern?
These are operations that search through data for specific information either from the target or pattern variables (ex: find url, parse file)
What is the Data operation pattern?
These operations edit the pattern variables after the data is retrieved from the target. They generally server as a way to take information from the variables and populate the CMDB
What is the Action operation pattern?
These operations are the rest of the actions you would take such as handling authentication or changing a user
What does the set parameter field operation do?
It's an operation that allows you to populate a variable with a constant value
What do you want to avoid when creating patterns?
To hard code the gathering of a target, instead query for the variables to account for change
What is Merge Table?
Merge table is often used as the final step in a pattern. It merges 2-3 tables together
How can you pass multiple commands while creating a new probe?
Select multiprobe and script the command in the ECC Queue Name field
Which phase are Horizontal Probes or Infrastructure Discovery Patterns used?
An Infrastructure Pattern can only be used by...
An Application Pattern can be used by...
Horizontal and Vertical Discovery
In Discovery, which of the following should the customer always configure during implementation?
a. Change Mgmt.
Which of the following discovery phases would the error "No credentials would authenticate, tried" be found on?
In Discovery, which one of the following causes a pattern to fail during discovery?
a. No firewalls installed on the host
b. No parse variable operation used in a step
c. No pattern attached to a classification
d. No CI Identifier exists
c. No pattern attach to a classification
What is the best practice when creating a new pattern?
Bind it to a classifier after the initial save
The Pattern + icon turns what color to show that comments exist?
How many tables does the Transform Table operation work?
c. One or Two
One or Two
Does the transform table operation merge the matching variables?
Which operation in pattern designer allows variables captured in different steps to be stored in the same pattern table without losing previously captured variable in the pattern?
Tranform Table Operation
In the discovery pattern log, if a discovery fails which color does the icon become?
During which phase does Horizontal Discovery with patterns run?
Identification and Exploration
During which phase does horizontal Discovery with probes run?
All four phases
Which type of discovery supports Cloud Discovery, Configuration File Tracking, and CI Deletion Strategies?
Horizontal Discovery with Patterns
What is a PID?
A unique identifier for a process running on a host
What do you need to provide for Pattern debugging in Horizontal (Discovery) patterns?
A debug type
PID entry point
Where can you find a PID?
What are the 3 CMDB health dashboard metrics?
What happens after a CI is not discovered in 14 days?
Deletes application to maintain relationship dependency view
What happens if a CI is not rediscovered in 30 days?
Status is set to absent and a notification is sent to the Discovery admin
What determines and tracks host relationships of CIs?
Process classifiers - During the exploration phase
How does SNOW determine host to app or app to app relationships?
Discovery ascertains TCP connections between systems and applications to determine these relationships
What are the 3 levels of the ITOM product suite?
Standard (Discovery and EM)
Profession (All but Service Mapping and Cloud)
What are the criteria for CMDB Completeness?
What are the criteria for CMDB Compliance?
What are the criteria for CMDB Correctness?
How often do the CMDB Dashboard scheduled jobs run?
Every day at Midnight
What Port does the MID server communicate on?
What enables MID Servers to continually query for probes?
Long Polling via AMB
What is the default MID server poll time?
If a proxy server is involved what must you do during MID Server configuration?
Select "Use Proxy"
What is mid.windows.management_protocol?
A MID Server parameter that sets the protocol the MID server uses to communicate with remote Window hosts (default: WMI)
What are the 3 initial criteria set when configuring a MID Server?
Allow ALL applications
Allow ALL capabilities
Allow ALL IP ranges
What are Tracked Configuration Files?
The horizontal discovery process can find configuration files that belong to certain applications and add those configuration files to the CMDB. You can track the changes to these files by comparing them to previous versions.
Is configuration file tracking available for discoveries performed by traditional probes and sensors?
What type of servers do SSH keys apply to?
UNIX & LINUX
What is PuTTY used for?
Test if SSH keys work on the SSH device
What happens for a Discovery of VMWare device?
When discovery runs, a classifier called vCenter classifies the process and launches the VMWare - Vcenter probe
Discovery finds and maps dependencies for the following types of storage? (CIM)
What type of credential is used to access information around the host server in a SAN environment?
Windows or UNIX credential type
What type of SNMP community strings are required?
read-only community strings
What are the 3 aspects of Discovery behaviors?
How are probes and classifiers related?
Probes are assigned to classifier.
They will not run unless assigned to one
How are probes, patterns, and classifiers related?
Probe added to classifier
Pattern added to probe
What are examples of Query operations?
Cloud REST Call
Get Regsitry Key
What are examples of Parse operations?
Find Matching URL
Parse Command Output
What are examples of Data operations?
Set Parameter Value
What are examples of Action operations?
Run SSH Script File
What temporary variables are available by default?
What are the 3 types of variables used in discovery?
What is a pattern variable?
You use variables in discovery patterns to refer to parameters or attributes of the CI that the pattern discovers.
What does an infrastructure pattern require to test against?
A viable host IP address
What do you use to indicate a constant value vs. variable in "Set Parameter Value"?
"" for Constant
$ for Variables
In an SNMP query, what do Scalar and Table variable types allow you to do? (MID Object)
Scalar: Allows you to query a single MIB object
Table: Allows you to query multiple related MIB objects
What does [*] represent in Parse Variable operation?
To replace all existing instances in an array with a specified string
What does Parse Variables operation do?
Uses variables from a query to populate pattern tables
How does Merge Table work?
Any variables that match names between the first and the second pattern table, should be populated in the target table and keep all the unmatched variables as their existing names in the target table
What do you need for horizontal discovery pattern debugging?
1 Host IP
How does Transform table differ from Merge?
It does not merge matching variables
What are important syntax rules for Transform Table?
+ for combining constants and variables
 to return the first value for a variables
What is WMI query?
Sends a WMI query, selects values based on conditional clause, and populates the values into the pattern table
What is the Horizontal Discovery Log?
For each step of a pattern all the data and time of execution are recorded in this log
What defines a CI as Stale?
Aging CI 60 days or more
What property, if set to true, provides logging on the classification phase?