Review of Your Discovery Configuration Options
Connections
The Connections screen is where you configure integrations with multiple data sources, to obtain information on the physical and virtual devices on your network and in the cloud. Connections can be created manually or automatically and can include:
- SCCM
- Router
- vCenter
- Subnet
- Orion Nodes Discovery
- AWS Cloud Discovery
- Azure Cloud Discovery
- Jamf Cloud Discovery
Once a discovery scanner is installed, it detects the subnet on which it is deployed and automatically creates a new connection for the subnet. In addition it detects the default router and automatically creates a new connection with the router. All additional SCCM, Router, vCenters, Subnets, Nodes and Cloud Discovery on the network can be manually entered on the Connections Screen.
Best practices:
The implementation of Router integration provides several benefits:
- Provides information from the subnets connected to the specific router
- No need to add the additional subnets manually
-
Obtain MAC addresses of devices that are part of a subnet, different from the one where scanners are installed.
This is important since devices discovered must have a unique id (a MAC address or a serial number) to be added to the asset database.
Review of the columns on the Connections screen:
| COLUMN | DESCRIPTION |
|---|---|
|
NAME |
The connection name*. |
|
STATE |
Defines whether the connection is:
|
|
HOST |
The IP address / Host name / Subnet definition of this connection |
|
SCANNER |
The scanner assigned to scan this connection |
|
TYPE |
Router, subnet, vCenter or SCCM |
|
CREDENTIALS |
The associated credentials for this connection |
|
NEXT SCAN |
One of the following:
|
|
ACTIONS |
The toggle allows you to activate and deactivate the scan. When you hover over the row a trash bin appears. You may delete the device by clicking on the trash icon. |
*Automatically created connections are assigned a generic name. It is recommended to manually edit them and provide a name that is meaningful for your data collection.
Click on the 
icon to add a new Discovery connection.
Depending on the connection selected, you will enter the relevant information to assist in maximizing the data pulled and utilization for reporting purposes.
Any incorrect information (i.e. incorrect password) will prevent proper reporting in the Scanning report.
Last Scan Report
You can pull the Last Scan Report at any time to get a real time view of the current status of your infrastructure.
The report, displayed on the right pane, includes the Scanned Device per Type. To better understand the details provided, we have included the table below.
| STATUS | DESCRIPTION |
|---|---|
| Scanned Devices |
Total scanned devices per Connection:
|
| Devices Updated | Any change in device information when compared to the previous scan, leads to a database update. |
| New Devices Detected | Any device that has responded to a ping request for the first time. |
| Responded Devices |
Total number of devices recognized as active:
|
| Discarded Devices |
An IP Address alone is not a sufficient factor to uniquely identify an asset. Therefore the Discovery process will Discard any asset that does not possess a unique identifier, such as a MAC Address, Serial Number etc ... In cases where a MAC address is not detected by the scanner, there are multiple options to provide clarity:
|
| Skipped Devices |
Devices that have not been reported based on the following reasons:
|
Selecting your connection:
The following connection types are supported:
- SCCM
- Router
- vCenter
- Subnet
- Orion Nodes Discovery
- AWS Cloud Discovery
- Azure Cloud Discovery
- Jamf Cloud Discovery
SCCM
If you select SCCM, fill in the required fields.
Supported SCCM versions:
Console version: 5.0 or later
Site version: 5.0 or later
If you are working with a different version, please contact your account executive or support@samanage.com
| FIELD | DESCRIPTION |
|---|---|
|
Name* |
Name of the SCCM connection for internal use only, will not affect the scanning process |
|
Description |
A meaningful description, for internal use only. |
|
Scanner |
Select the discovery scanner to be associated with the SCCM integration. Please note that the selected scanner must have access to the windows server on which the SCCM database is located. |
|
Dataserver* |
e.g. 192.168.56.103\sqlexperss |
| Checkbox | Notice the ability to Import Installed Software from Devices (when selected, you will obtain both hardware and software details) |
|
Username* |
SCCM database username |
|
Password* |
SCCM database password |
|
Port* |
Default 1433 |
|
Database* |
SCCM database name |
*This marks a required field
Your SCCM scan can pull site information as well. To accomplish this, follow the steps below:
Prerequisite - The <PhysicalDeliveryOfficeName> attribute must be included in the AD (Active Directory) configuration
- When an asset is found, the <Primary Login User> will be identified
- The scanner will pull the site details from information provided by the AD information
Semi Scanned Devices - The SCCM database is fully scanned every 3 days, to ensure performance efficiency, a partial scan occurs every other day. Any changes that occur are reflected in the partial scan.
Router
If you select Router, fill in the required fields.
If you elect to use router integration, the router must support SNMP.
|
FIELD |
DESCRIPTION |
|---|---|
|
Name* |
Name of the router, for internal use only, will not affect the scanning process. |
|
Description |
A meaningful description, for internal use only. |
|
IP Address* |
Router’s IP Address* |
|
Scanner |
The SolarWinds scanner associated with this router. Please note that the selected scanner must have access to the router from the subnet on which it’s deployed. |
|
Credentials |
Select the SNMP credentials the discovery scanner should use in order to connect to the router. |
*This marks a required field
vCenter
Supported vCenter version:
VMware vCenter Server Appliance 6.0 or above
Type: vCenter Server with an embedded Platform Services Controller
If you select vCenter, fill in the required fields:
|
FIELD |
DESCRIPTION |
|---|---|
|
Name* |
Name of the vCenter, for internal use only, will not affect the scanning process. |
|
Description |
A meaningful description, for internal use only, will not affect the scanning process. |
|
Scanner |
Select the relevant scanning device from the dropdown menu. |
|
IP Address* |
Mandatory field |
|
Username* |
Mandatory field |
|
Password* |
Mandatory field |
*This marks a required field
*Credentials are required when selecting vCenter Connections.
Any incorrect information (i.e. incorrect password) will prevent proper reporting in the Scanning report.
Subnet
If you select Subnet, fill in the required fields:
Subnets are used to get the information from connected devices by using nmap.
|
FIELD |
DESCRIPTION |
|---|---|
|
Name* |
Give the subnet a meaningful name that will help identify the location of the subnet or the type of devices that are part of it. Name is for your ease and convenience. This information does not affect the scanning process. |
|
Description |
Provide a meaningful description of the subnet. |
|
Subnet* |
Provided in CIDR notation i.e. 192.168.10.0/24 |
|
Scanner |
Select from the dropdown menu. |
|
Credentials (Optional**) |
You can select one or more credentials to associate with the subnet to pull additional information from the devices. The credentials vary based upon available services on the device. e.g. ssh, SNMP |
|
Port Exclusion Range |
Provides you the ability to exclude predetermined ports from the scan. You may select one port by inputting the port number or start and end numbers to identify the range of excluded ports (see chart below to view default ports scanned). |
*This marks a required field
**Using multiple credentials helps discover more devices and attributes.
You can manage devices based on their geographic location. Often, a subnet represents a physical location in which all the subnet devices are located. Your Discovery Scanner automatically populates site information for devices discovered via a subnet. This will reduce time spent on adding these details manually, which helps improve the overall efficiency of your team.
Notice the ‘Site’ dropdown field on the Subnet connection page that displays all sites across your organization. Once you select a site from this field, this site information will appear on all devices that have been discovered via its respective subnet.
Orion Nodes Discovery
If you select to integrate with Orion, fill in the required fields.
We currently support only local domain accounts, active directory accounts are not supported
Orion Platform products supported:
- Network Performance Monitor (NPM)
- Network Configuration Manager (NCM)
- Server and Application Monitor (SAM)
A running instance of the Discovery Scanner is required and Orion credentials are needed to connect the Scanner to the Orion Platform
|
FIELD |
DESCRIPTION |
|---|---|
|
Name* |
Give a meaningful name that will provide you with significant data that will help identify the location of the node or the type of devices that are part of it. Name is for your ease and convenience. This information does not affect the scanning process. |
|
Description |
Provide a meaningful description of the data. |
|
Scanner |
Select a scanner from the drop down menu |
|
IP Address* |
Mandatory field |
|
Username* |
Mandatory field |
|
Password |
Orion password |
AWS Cloud Discovery
If you select to connect the Discovery Scanner with AWS Cloud, make sure to meet the prerequisite requirements.
Prerequisites:
- You must have a scanner up and running in your local environment, scanning data and collecting information from your local network.
- Once you decide you would like to expand the data collected to include information stored on AWS Cloud, you will first need to :
-
Create a dedicated user including credentials via the AWS console at the following url: https://console.aws.amazon.com//iam
Once the connection is established, the scanner will import EC2 data from the AWS Cloud into your SWSD Database.
You have now created a new secure connection between the selected Scanner and the AWS API Gateway. As part of the configuration you need to provide information regarding the AWS Environment, User Credentials and the selected Scanner.
In order to establish a connection between the Solarwinds Service Desk and the AWS API, you will need to create a new user from the AWS IAM Console
From the Setup menu, navigate to Discovery.
From the Connections index page, select the 
icon and click on AWS Cloud Discovery.
The details page is revealed:
Enter the relevant data as described in the table below:
|
FIELD |
DESCRIPTION |
|---|---|
|
Name* |
Give a meaningful name that will provide you with significant data. Name is for your ease and convenience. This information does not affect the scanning process. |
|
Description |
Provide a meaningful description of the data. |
|
Scanner |
Select a scanner from the drop down menu which will establish the connection with the AWS API gateway |
|
AWS Region* |
Mandatory field |
|
AWS User - Access key ID* |
Mandatory field |
|
AWS User - Secret access key |
Personal password |
Once all the information is entered, make sure to click Create on the top right of the screen to save this connection.
If you need to create a user, please go to:
https://console.aws.amazon.com//iam
It is recommended to provide Read-Only permissions to the EC2 user - AmazonEC2ReadOnlyAccess
Once the data is extracted from the AWS Cloud via the API, the EC2 information is imported into your SWSD as an asset including details such as CPUs, memory etc.
In addition, details from AWS Cloud are included such as Region, Zone etc.
Below is an example of the details extracted:
Azure Cloud Discovery
If connecting via Azure Cloud Discovery, review the required information for connection:
- You must have a scanner up and running in your local environment, scanning data and collecting information from your local network.
- Once you decide you would like to expand the data collected to include information stored on Azure Cloud, you will first need to :
-
Create a dedicated user including credentials via the Azure console at the following url: https://azure.microsoft.com
Cloud Identification
- Subscription ID
- Tenant ID (Found under Azure Active Directory in the Azure portal)
Authentication Credentials
- Client ID (Azure Portal > Azure Active Directory> App Registration > Add New Registration)
- Client Secret (Inside the app registration added > Certificates and Secrets > Create new client secret)
Permissions Required
Reader permissions (Add Inside specific subscription > Access Control (IAM) > Role Assignments > Add Role Assignment)
You have now created a secure connection between the selected Scanner and Azure Cloud you can retrieve the following information:
| Basic Information | |
|---|---|
| Field | Example |
| Instance ID (VM ID) | eb982846-4594-4a66-afe5-dfb49f66 |
| Name | Win10-API-1 |
| User (Admin Username) | Discovery |
| Operating System (OS) | windows/linux |
| Cloud Details | |
|---|---|
| Field | Example |
| Location | (US) East US |
| VM Size | Standard_B1ls |
| Memory and CPU | |
|---|---|
| Field | Example |
| Memory | 0.5 GB |
| Number of CPUs | 1 |
| Drives | |
|---|---|
| Field | Example (from cloud) |
| Name | CentOS-API-1_DataDisk_0 |
| Size | 1024 GB |
| Type | Microsoft.Compute/disks |
Jamf Cloud Intergration
If connecting via Jamf Cloud Discovery, review the required information for connection:
Prerequisites:
- You must have a scanner up and running in your local environment.
-
Identify user credentials that can be used to access your Jamf Pro instance.
Cloud Identification
- To establish a connection between SWSD and the Jamf API:
- You must provide the Jamf Pro organizational account URL
Provide credentials for a user that has access to your Jamf Pro instance (read access is sufficient)
Authentication Credentials
- Credentials must be entered to pull data such as:
- Name (host name)
- Mac address
- IP address
- Serial number
- Asset ID
- Department
- Site and more
To create a new Jamf cloud connection, in the Setup menu, navigate to Discovery & Assets and select Connections.
Scanned Ports
Whether you choose a SCCM, Router, vCenter or other connection, the list below is a default list of all ports that can be scanned. Of course you can customize this list to suit your organizational needs.
Default Ports Scanned via Nmap
| General | Description |
|---|---|
| 7 | Ping, Echo Protocol |
| 161 | SNMP |
| 162 | SNMP |
| Servers/Service | |
| 20 | File Transfer Protocol (FTP) data transfer |
| 21 | File Transfer Protocol (FTP) control (command) |
| 26 | Port used by RSFTP - a simple FTP-like protocol. |
| 25 | Simple Mail Transfer Protocol (SMTP), used for email routing between mail servers |
| 37 | Time Protocol[25] |
| 53 | Domain Name System (DNS)[34][10] |
| 80 | Hypertext Transfer Protocol (HTTP)[10][46][47][48] |
| 106 | Allows passwords to be changed on POP servers |
| 110 | Post Office Protocol, version 3 (POP3)[10][60][61] |
| 119 | Network News Transfer Protocol (NNTP),[10] retrieval of newsgroup messages[65][66] |
| 389 | Lightweight Directory Access Protocol (LDAP)[10] |
| 465 | Authenticated SMTP[10] over TLS/SSL (SMTPS)[86] |
| 514 | Syslog,[10] used for system logging |
| 587 | email message submission[10][89] (SMTP) |
| 990 | FTPS Protocol (control), FTP over TLS/SSL |
| 995 | Post Office Protocol 3 over TLS/SSL (POP3S)[10] |
| 143-144 | Internet Message Access Protocol (IMAP),[10] management of electronic mail messages on a server[70] |
| 2049 | Network File System (NFS) |
| 2121 | FTP Proxy |
| 8008-8009 | Alternative port for HTTP. See also ports 80 and 8080. |
| 8080-8081 | Alternative port for HTTP. See also ports 80 and 8008. |
| Host/Access | |
| 22 | Secure Shell (SSH),[10] secure logins, file transfers (scp, sftp) and port forwarding |
| 23 | Telnet protocol—unencrypted text communications[10][23] |
| 88 | Kerberos[10][51][52] authentication system |
| 111 | Open Network Computing Remote Procedure Call (ONC RPC, sometimes referred to as Sun RPC) |
| 513 | rlogin |
| Microsoft | |
| 135 |
Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service,[67] used to remotely manage services including DHCP server, DNS server and WINS. Also used by DCOM
|
| 137 | NetBIOS Name Service, used for name registration and resolution |
| 138 | NetBIOS Datagram Service |
| 139 | NetBIOS Session Service[68][69] |
| 445 | Microsoft-DS (Directory Services) SMB[10] file sharing |
| 1688 | Microsoft Key Management Service (KMS) for Windows Activation |
| 3020 | Common Internet File System (CIFS). See also port 445 for Server Message Block (SMB), a dialect of CIFS. |
| 5061 | Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT) |
| 555 | Web Services for Devices (WSDAPI) (only provided by Windows Vista, Windows 7 and Server 2008) |
| Printers | |
| 515ֿ | Line Printer Daemon (LPD),[10] print service |
| 631 | Common Unix Printing System (CUPS) administration console (extension to IPP) |
| Routing & Network | |
| 179 | Border Gateway Protocol (BGP),[77] used to exchange routing and reachability information among autonomous systems (AS) on the Internet |
| 465 | URL Rendezvous Directory for SSM (Cisco protocol)[importance?] |
| 520 | Routing Information Protocol (RIP) |
| 646 | Label Distribution Protocol (LDP), a routing protocol used in MPLS networks |
| 711 | Cisco Tag Distribution Protocol—being replaced by the MPLS Label Distribution Protocol |
| 830 | Netconf |
| 1293 | Internet Protocol Security (IPSec) |
| 1701 | Layer 2 Tunneling Protocol (L2TP) |
| 1707 | L2TP/IPsec, for establish an initial connection |
| 1723 | Point-to-Point Tunneling Protocol (PPTP)[10] |
| VoIP & Media | |
| 554 | Real Time Streaming Protocol (RTSP)[10] |
| 1720 | H.323 call signaling |
| 1755 | Microsoft Media Services (MMS, ms-streaming) |
| 2000-2001 | Cisco Skinny |
| 2427 | Media Gateway Control Protocol (MGCP) media gateway |
| 5060 | Session Initiation Protocol (SIP) |
| 5061 | Session Initiation Protocol (SIP) over TLS |
| 7070 | Real Time Streaming Protocol (RTSP), used by QuickTime Streaming Server. TCP is used by default, UDP is used as an alternate. |
| DB | |
| 1521 | Oracle SQL Net Listener |
| 1433 | Microsoft SQL Server database management system (MSSQL) server |
| 1434 | Microsoft SQL Server database management system (MSSQL) monitor |
| 2483 | Oracle database listening for insecure client connections to the listener, replaces port 1521 |
| 2484 | Oracle database listening for SSL client connections to the listener |
| 3306 | MySQL database system |
| 5432 | PostgreSQL database system |
| 8000 | DynamoDB Local |
| Misc | |
| 9 | Discard Protocol[12] |
| 13 | Daytime Protocol[16] |
| 26 | Port used by RSFTP - a simple FTP-like protocol. |
| 79 | Finger protocol[10][44][45] |
| 81 | TorPark onion routing[verification needed] |
| 113 | Ident, authentication service/identification protocol,[10][62] used by IRC servers to identify users |
| 199 | SNMP Unix Multiplexer (SMUX)[79] |
| 427 | Service Location Protocol (SLP)[10] |
| 443 | Hypertext Transfer Protocol over TLS/SSL (HTTPS)[10] |
| 444 | Simple Network Paging Protocol (SNPP), RFC 1568 |
| 543-544 | klogin, Kerberos login |
| 548 | Apple Filing Protocol (AFP) over TCP[10] |
| 873 | rsync file synchronization protocol |
| 993 | Internet Message Access Protocol over TLS/SSL (IMAPS)[10] |
| 1025-1029 | Ports > 1024 are designated for dynamic allocation by Windows |
| 1110 | nfsd-status, Cluster status info |
| 1900 | Simple Service Discovery Protocol (SSDP),[10] discovery of UPnP devices |
| 2717 | |
| 3000 | In use by multiple applications |
| 3128 | Squid caching web proxy |
| 3986 | mapper-ws_ethd, MAPPER workstation server |
| 4899 | Radmin (Fama Tech) - remote administration of PCs |
| 5000 | UPnP—Windows network device interoperability |
| 5009 | Apple AirPort Admin Utility, AirPort Express Assistant, Xwis (TCP/UDP) |
| 5051 | ita-agent Symantec Intruder Alert |
| 5101 | Yahoo Messenger P2P Instant Messages |
| 5190 | AOL Instant Messenger protocol. The chat app is defunct as of 15 December 2017. |
| 5631 | pcANYWHEREdata, Symantec pcAnywhere (version 7.52 and later[219])[220] data |
| 5666 | NRPE (Nagios) |
| 5800 | VNC Remote Frame Buffer RFB protocol over HTTP |
| 5900 | Virtual Network Computing (VNC) Remote Frame Buffer RFB protocol |
| 6000-6001 | X11—used between an X client and server over the network |
| 6646 | McAfee Network Agent (unofficial) |
| 8443 | Apache Tomcat SSL |
| 8888 | HyperVM over HTTPS[citation needed] |
| 9100 | PDL Data Stream, used for printing to certain network printers |
| 9999-10000 | In use by multiple applications |
| 32768 | Red Hat, first ports typically used for outgoing connections by some Linux distros like Red Hat |
| 49152-49157 | Linux commonly used by applications that utilize a dynamic/random/configurable port |
From the Connections screen, when you select a Connection you are routed to a screen that provides detailed information. On the top right corner, you can see the time and date of the next scheduled scan. You have the option to click Scan now or activate and deactivate the scan via the status pill.