Addmi 16-discovery monitoring


Published on

Published in: Technology, Design
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The No Access is just an example – obviously you can start looking at the no response or skipped ones as well.
  • These are 4 good starting points for exploring the results of the Discovery Run.
  • Core Discovery Credentials means: Login Credentials Tab – Unix and Windows via Credential Slave Slave Management Tab – AD and Workgroup Slave (Credential slave feedback will re-direct to Login Credentials Tab) SNMP Credentials Tab – Netware and other SNMP targets The Success Rate is calculated over the last access for each endpoint, so will change as discovery is run. Where it is stated that a credential has never been used then never is the valid for the depth of DDD retained on the appliance.
  • In the next slides we will analyse the detailed states but here you can see GREEN – 100% success YELLOW – less than 100% success BLUE – Never Used RED – Used but never succesful
  • Same on the slave page
  • Same on the SNMP page
  • If this credential is expected to be used then it is possible that The endpoints have not been scanned for some time Another credential matches this endpoint and is higher up the list Unused credentials should ideally be removed to prevent clutter
  • This is different from the BLUE Never Used state as this credential has been selected for Discovery but has failed to establish a session on 100% of recent attempts. The root cause of a red failure state is most likely to be a credential entered wrong, or a centrally administered credential that has been locked or changed. The root cause of a blue never used state is most likely to be the ordering of the credentials in the vault such that another credential further up the list is being used.
  • The reason we regard the SU case as both is this. It is a success as we established a session and it worked. However it is a failure as you told the system you expected to be able to switch user to the root account on this system and that failed. This allows you to track down the systems this fails on.
  • See later for detailed notes on analysing from the DA page onwards
  • So screens out Dark Space and non Host devices like switches, printers, storage etc
  • Update [Normal] – The cached credential from the last scan was able to establish a session and we update the Host node. This is the expected Business As Usual case Update [Credential Search] – This means we were able to establish a session and update the Host node but had to search a number of credentials o find one that worked. If you are rolling out Atrium Discovery (or extending your scanning to new areas) then this is expected behaviour as we need to find which credentials work. During normal Business As Usual operation this may indicate that credentials are being changed in the environment where you didn’t expect them and may warrant investigation.
  • Access Regression [Credential Failure] – There is an existing Host node related to this endpoint but we failed to update it on the last access to the endpoint as none of our credentials could establish a session Access Regression [Other Failure] - There is an existing Host node related to this endpoint but we failed to update it on the last access to the endpoint. The session was established successfully but other failures prevented full discovery; usually this means that HostInfo or InterfaceList methods have failed and frequently that can be because of timeouts. Either due to congestion in the network, busy hosts or other transient conditions sometimes a script will time out as data is not received in timely fashion and Foundation moves on. If you find that a particular credential suffers from timeouts regularly then click through to that credential and increase it’s timeout value – note that this will increase the time that this credential waits for a response so do this with care.
  • Unknown Host [Credential Failure] – The endpoint looks like a Host to Discovery but have never been related to a Host node in Foundation; a number of credentials were tried but no session could be established. These may be hosts that need credentials rolling out to them or new credentials need to be added to Foundation. Unknown Host [No Credential Available] - The endpoint looks like a Host to Discovery but have never been related to a Host node in Foundation; no current credentials (Login, Windows Slave or SNMP) are valid for this endpoint. These are hosts that need new credentials to be added to Foundation.
  • Addmi 16-discovery monitoring

    1. 1. Discovery Monitoring Keeping Access In Grade A Condition
    2. 2. Monitoring Discovery Outline <ul><li>3 Main Aspects </li></ul><ul><li>Per Run </li></ul><ul><ul><li>How did the run I scheduled go? </li></ul></ul><ul><ul><li>Current/Recent Runs </li></ul></ul><ul><li>Per Credential/Slave </li></ul><ul><ul><li>How well are my credentials working for me? </li></ul></ul><ul><ul><li>Credential/Slave usage feedback </li></ul></ul><ul><li>Current State </li></ul><ul><ul><li>What are my current access levels like? </li></ul></ul><ul><ul><li>Discovery Dashboard </li></ul></ul>
    3. 3. Monitoring Per Run
    4. 4. Per Discovery Run <ul><li>Monitor from the Recent Runs list </li></ul><ul><li>Discovery > Discovery Status > Recent Runs </li></ul><ul><li>Click on the run of interest to see details </li></ul>
    5. 5. Discovery Run Summary <ul><li>Click through to see a list view of endpoint for that Discovery State </li></ul><ul><ul><li>Example Shown: No Access </li></ul></ul>
    6. 6. Discovery Run Detailed Reports <ul><li>Endpoint Access Analysis </li></ul><ul><ul><li>Useful general starting point </li></ul></ul><ul><li>Endpoint Timings </li></ul><ul><ul><li>Look for performance hotspots </li></ul></ul><ul><li>Possible Host Devices </li></ul><ul><ul><li>Look for Hosts that you don’t yet have access to </li></ul></ul><ul><li>Possible Process to Port Issues </li></ul><ul><ul><li>Look for hosts that need lsof/sudo to get connection mapping </li></ul></ul>
    7. 7. Monitoring Per Credential or Per Slave
    8. 8. Per Credential/Slave <ul><li>Success rate feedback is calculated for all core discovery credentials </li></ul><ul><li>Start at the Discovery Tab and then the Credentials second level navigation </li></ul>
    9. 9. Login Credentials Success Rate
    10. 10. Slave Management Success Rate
    11. 11. SNMP Credentials Success Rate
    12. 12. Understanding Success Rate (1) <ul><li>100% Success: shown in Green </li></ul><ul><li>Credential has been selected for Discovery </li></ul><ul><li>All recent attempts have successfully established a session </li></ul>
    13. 13. Understanding Success Rate (2) <ul><li>Partial Success: shown in Yellow </li></ul><ul><li>Credential has been selected for Discovery </li></ul><ul><li>There were issues with some sessions </li></ul><ul><ul><li>Summarised by type of issue </li></ul></ul>
    14. 14. Understanding Success Rate (3) <ul><li>Never Used: shown in Blue </li></ul><ul><li>Credential has never selected for Discovery </li></ul>
    15. 15. Understanding Success Rate (4) <ul><li>100% Failure: shown in Red </li></ul><ul><li>Credential has been used </li></ul><ul><li>All attempts have failed </li></ul><ul><ul><li>Summarised by type of issue </li></ul></ul><ul><li>If the credential has worked in the recent past this will also be indicated </li></ul><ul><ul><li>This may mean that there has been a recent access change that should be investigated </li></ul></ul>
    16. 16. What Is Counted As a Failure? <ul><li>Any failure to establish a Unix or Windows session </li></ul><ul><li>Where a session is established but HostInfo or InterfaceList methods do not complete </li></ul><ul><ul><li>This will prevent a Host node being updated </li></ul></ul><ul><ul><li>DeviceInfo will already exist as we have a session </li></ul></ul><ul><li>Where a session is established with a credential marked as “Become Super User” fails to SU </li></ul><ul><ul><li>This will be reported as a success and a failure </li></ul></ul>
    17. 17. Investigating Credential Success Issues
    18. 18. Investigating Credential Success Issues
    19. 19. Monitoring by Current State
    20. 20. Current State Reporting (1) <ul><li>There is a specific Discovery Dashboard </li></ul>
    21. 21. Current State Reporting (2) <ul><li>Reports are also available under the Discovery tab Discovery Reports </li></ul>
    22. 22. Current UNIX and Windows Access <ul><li>Check to see that the access methods and Windows slaves you expect are in use </li></ul><ul><li>Check in Probe sector for access regressions or Hosts without credentials rolled out </li></ul>
    23. 23. Discovery Radar <ul><li>Classifies the last access to IPs that Discovery thinks are hosts </li></ul>
    24. 24. Discovery Radar - Details (1) <ul><li>Update [Normal] </li></ul><ul><ul><li>Host updated via cached credential </li></ul></ul><ul><li>Update [Credential Search] </li></ul><ul><ul><li>Host updated but several credentials tried </li></ul></ul>
    25. 25. Discovery Radar - Details (2) <ul><li>Access Regression [Credential Failure] </li></ul><ul><ul><li>Host failed to update as no credential established a session </li></ul></ul><ul><li>Access Regression [Other Failure] </li></ul><ul><ul><li>Host failed to update as there were other failures </li></ul></ul>
    26. 26. Discovery Radar - Details (3) <ul><li>Unknown Host [Credential Failure] </li></ul><ul><ul><li>No Host was created as no credential established a session </li></ul></ul><ul><li>Unknown Host [No Credential Available] </li></ul><ul><ul><li>Host failed to update as there were other session failures </li></ul></ul>
    27. 27. Further Resources <ul><li>Online Documentation: </li></ul><ul><ul><li> </li></ul></ul>Tideway Foundation Version 7.2 Documentation Title