Review of Your Discovery Instance Tabs

Connections

The Connections screen is where you configure integrations with multiple data sources to get the information on the physical and virtual devices on your network. This includes all SCCM, Router, vCenter and Subnet connections that can be created manually or automatically.

Once a discovery scanner is installed, it detects the subnet on which it is deployed and automatically creates a new connection for the subnet. In addition it detects the default router and automatically creates a new connection with the router. All additional SCCM, Router, vCenters and Subnets on the network can be manually entered on the Connections Screen. 

We recommend using router integration. This will provide information from the subnets connected to the specific router, and the user will not need to add the additional subnets manually.

Defining the columns on the Connections screen:

COLUMN	DESCRIPTION
NAME	The connection name*.
STATE	Defines whether the connection is: Inactive - connection is not used Idle - connection is used but not in process Queued - connection is about to start scanning but other connections are currently being scanned Scanning - connection scan in progress Overlapping - connection was intended to start scanning but a previous scan has not yet completed Empty - no connected devices found during last scan Not reporting - connection was not sending data for too long No Connection - the IP address used for this connection does not respond Invalid credentials - the supplied credentials could not be used to access the connection. This status is not applicable to the subnet connection type.
HOST	The IP address / Host name / Subnet definition of this connection
SCANNER	The scanner assigned to scan this connection
TYPE	Router, subnet, vCenter or SCCM
CREDENTIALS	The associated credentials for this connection
NEXT SCAN	One of the following: Empty (when a connection is inactive or not reporting) Next scheduled scan time when connection is active and not during scan Progress when connection is running a  scan
ACTIONS	The toggle allows you to activate and deactivate the scan.  When you hover over the row a trash bin appears.  You may delete the device by clicking on the trash icon.

*Automatically created connections are assigned a generic name. It is recommended to manually edit them and provide a name that is meaningful for your data collection.

Click on the icon to add additional SCCM, Routers, vCenters, Subnets, Orion Nodes, AWS and/or Azure Cloud Discovery.

When adding SCCM, Router, and/or vCenter connections, the IP address is required.

It is imperative to enter all information accurately.

Any incorrect information (i.e. incorrect password) will prevent proper reporting in the Scanning report.

Depending on the Connection selected, you will enter the relevant information to assist in maximizing the data pulled and utilization for reporting purposes.

Last Scan Report

You can pull the Last Scan Report at any time to get a real time view of the current status of your infrastructure.

The report, displayed on the right pane, includes the Scanned Device per Type. To better understand the details provided, we have included the table below.

STATUS	DESCRIPTION
Scanned Devices	Total scanned devices per Connection: Subnet - Subnet size Router - Based on the ARP table size SCCM - Number of hosts in the database vCenter - Number of hosts in the database
Devices Updated	Any change in device information when compared to the previous scan, leads to a database update.
New Devices Detected	Any device that has responded to a ping request for the first time.
Responded Devices	Total number of devices recognized as active: Subnet - Number of devices nMap has identified as active Router - Based on the ARP table size SCCM - Number of hosts in the database vCenter - Number of hosts in the database
Discarded Devices	An IP Address alone is not a sufficient factor to uniquely identify an Asset. Therefore the Discovery process will Discard any Asset that does not possess a unique identifier, such as a MAC Address, Serial Number etc ... In cases where a MAC address is not detected by the scanner, there are multiple options to provide clarity: Provide additional Credentials such as WMI, SNMP etc ... Locate the Scanner on the same physical subnet Provide SNMP Credential to the Router, to allow the import of the ARP Table
Skipped Devices	Devices that have not been reported based on the following reasons: There is an Agent installed on the host, therefore this device is already listed in the CMDB database The device has already been detected, scanned and reported on by another mechanism (such as SCCM etc...)

Selecting your connection:

Review your options below or select the link to go directly to the relevant source:

• SCCM
• Router
• vCenter
• Subnet
• Orion Nodes Discovery
• AWS Cloud Discovery
• Azure Cloud Discovery

SCCM

If you select SCCM, fill in the required fields.

Supported SCCM versions:

Console version: 5.0.

Site version: 5.0.

If you are working with a different version, please contact your account executive or support@samanage.com

FIELD	DESCRIPTION
Name*	Name of the SCCM connection for internal use only, will not affect the scanning process
Description	A meaningful description, for internal use only, will not affect the Discovery process
Scanner	Select the discovery scanner which is associated with the SCCM integration. Please note that the selected scanner must have access to the windows server on which the SCCM database is located.
Dataserver*	e.g. 192.168.56.103\sqlexperss
Checkbox	Notice the ability to Import Installed Software from Devices (when selected, you will obtain both hardware and software details)
Username*	SCCM database username
Password*	SCCM database password
Port*	Default 1433
Database*	SCCM database name

*This marks a required field

Your SCCM scan can pull site information as well. To accomplish this, follow the steps below:

Prerequisite - The <PhysicalDeliveryOfficeName> must be included in the AD (Active Directory) configuration

1. The scanner must be set up to contact the SCCM via the API
2. When an asset is found, the <Primary Login User> will be identified
3. Will pull the site details from information provided by the AD information

Semi Scanned Devices - The SCCM database is fully scanned every 3 days, to ensure performance efficiency, a partial scan occurs every other day. Any changes that occur are reflected in the partial scan.

Router

If you select Router, fill in the required fields.

If you elect to use router integration, the router must support SNMP.

FIELD	DESCRIPTION
Name*	Name of the router, for internal use only, will not affect the scanning process.
Description	A meaningful description, for internal use only, will not affect the Discovery process.
IP Address*	Router’s IP Address*
Scanner	The SolarWinds scanner associated with this router. Please note that the selected scanner must have access to the router from the subnet on which it’s deployed.
Credentials	Select the SNMP credentials the discovery scanner should use in order to connect to the router.

*This marks a required field

vCenter

Supported vCenter version:

VMware vCenter Server Appliance 6.0.

Type: vCenter Server with an embedded Platform Services Controller

If you select vCenter, fill in the required fields:

FIELD	DESCRIPTION
Name*	Name of the vCenter, for internal use only, will not affect the scanning process.
Description	A meaningful description, for internal use only, will not affect the scanning process.
Scanner	Select the relevant Scanning Device from the dropdown menu.
IP Address*	Mandatory field
Username*	Mandatory field
Password*	Mandatory field

*This marks a required field

*Credentials are required when selecting vCenter Connections. It is imperative to enter all information accurately.

Any incorrect information (i.e. incorrect password) will prevent proper reporting in the Scanning report.

Subnet

If you select Subnet, fill in the required fields:
Subnets are used to get the information from connected devices by using nmap.

FIELD	DESCRIPTION
Name*	Give the subnet a meaningful name that will provide you with significant data. Name is for your ease and convenience.  This information does not affect the scanning process.
Description	Provide a meaningful description of the subnet.
Subnet*	Provided in CIDR notation i.e. 192.168.10.0/24
Scanner	Select from the dropdown menu.
Credentials (Optional**)	You can select 1 or more credentials to associate with the subnet to pull additional information from the devices.  The credentials vary based upon available services on the device.  e.g. ssh, SNMP
Port Exclusion Range	Provides you the ability to exclude predetermined ports from the scan. You may select one port by inputting the port number or start and end numbers to identify the range of excluded ports (see chart below to view default ports scanned).

*This marks a required field

**By electing to provide Credentials you enable the scanner to provide additional data.  as usual

Orion Nodes Discovery

If you select to integrate with Orion, fill in the required fields.

Currently support only local domain account, active directory accounts are not supported

Orion Platform products supported:

• Network Performance Monitor (NPM)
• Network Configuration Manager (NCM)
• Server and Application Monitor (SAM)

A running instance of the Discovery Scanner is required and Orion credentials are needed to connect the Scanner to the Orion Platform

FIELD	DESCRIPTION
Name*	Give a meaningful name that will provide you with significant data. Name is for your ease and convenience.  This information does not affect the scanning process.
Description	Provide a meaningful description of the data.
Scanner	Select a scanner from the drop down menu
IP Address*	Mandatory field
Username*	Mandatory field
Password	Orion password

AWS Cloud Discovery

If you select to connect the Discovery Scanner with AWS Cloud, make sure to meet the prerequisite requirements.

Prerequisite:

• You must have a scanner up and running in your local environment, scanning data and collecting information from your local network.
• Once you decide you would like to expand the data collected to include information stored on AWS Cloud, you will first need to :

• Create a dedicated user including credentials via the AWS console at the following url: https://console.aws.amazon.com//iam

Once the connection is established, the scanner will imports EC2 data from the AWS Cloud into your SWSD Database.

You have now created a new secure connection between the selected Scanner and the AWS API Gateway. As part of the configuration you need to provide information regarding the AWS Environment, User Credentials and the selected Scanner.

In order to establish a connection between the Solarwinds Service Desk and the AWS API, you will need to create a new user from the AWS IAM Console

From the Setup menu, navigate to Discovery.

From the Connections index page, select the icon and click on AWS Cloud Discovery.

The details page is revealed:

Enter the relevant data as described in the table below:

FIELD	DESCRIPTION
Name*	Give a meaningful name that will provide you with significant data. Name is for your ease and convenience.  This information does not affect the scanning process.
Description	Provide a meaningful description of the data.
Scanner	Select a scanner from the drop down menu which will establish the connection with the AWS API gateway
AWS Region*	Mandatory field
AWS User - Access key ID*	Mandatory field
AWS User - Secret access key	Personal password

Once all the information is entered, make sure to click Create on the top right of the screen to save this connection.

If you need to create a user, please go to:

https://console.aws.amazon.com//iam

It is recommended to provide Read-Only permissions to the EC2 user - AmazonEC2ReadOnlyAccess

Once the data is extracted from the AWS Cloud via the API, the EC2 information is imported into your SWSD as an asset including details such as CPUs, memory etc.

In addition, details from AWS Cloud are included such as Region, Zone etc.

Below is an example of the details extracted:

Azure Cloud Discovery

If connecting via Azure Cloud Discovery, review the required information for connection:

• You must have a scanner up and running in your local environment, scanning data and collecting information from your local network.
• Once you decide you would like to expand the data collected to include information stored on Azure Cloud, you will first need to :

• Create a dedicated user including credentials via the Azure console at the following url: https://azure.microsoft.com

Cloud Identification

• Subscription ID
• Tenant ID (Found under Azure Active Directory in the Azure portal)

Authentication Credentials

• Client ID (Azure Portal > Azure Active Directory> App Registration > Add New Registration)
• Client Secret (Inside the app registration added > Certificates and Secrets > Create new client secret)

Permissions Required

Reader permissions (Add Inside specific subscription > Access Control (IAM) > Role Assignments > Add Role Assignment)

You have now created a secure connection between the selected Scanner and Azure Cloud you can retrieve the following information:

Basic Information
Field	Example
Instance ID (VM ID)	eb982846-4594-4a66-afe5-dfb49f66
Name	Win10-API-1
User (Admin Username)	Discovery
Operating System (OS)	windows/linux

Cloud Details
Field	Example
Location	(US) East US
VM Size	Standard_B1ls

Memory and CPU
Field	Example
Memory	0.5 GB
Number of CPUs	1

Drives
Field	Example (from cloud)
Name	CentOS-API-1_DataDisk_0
Size	1024 GB
Type	Microsoft.Compute/disks

Scanned Ports

Whether you choose a SCCM, Router, vCenter or other connection, the list below is a default list of all ports that can be scanned. Of course you can customize this list to suit your organizational needs.

Default Ports Scanned via Nmap

General	Description
7	Ping, Echo Protocol
161	SNMP
162	SNMP
Servers/Service
20	File Transfer Protocol (FTP) data transfer
21	File Transfer Protocol (FTP) control (command)
26	Port used by RSFTP - a simple FTP-like protocol.
25	Simple Mail Transfer Protocol (SMTP), used for email routing between mail servers
37	Time Protocol[25]
53	Domain Name System (DNS)[34][10]
80	Hypertext Transfer Protocol (HTTP)[10][46][47][48]
106	Allows passwords to be changed on POP servers
110	Post Office Protocol, version 3 (POP3)[10][60][61]
119	Network News Transfer Protocol (NNTP),[10] retrieval of newsgroup messages[65][66]
389	Lightweight Directory Access Protocol (LDAP)[10]
465	Authenticated SMTP[10] over TLS/SSL (SMTPS)[86]
514	Syslog,[10] used for system logging
587	email message submission[10][89] (SMTP)
990	FTPS Protocol (control), FTP over TLS/SSL
995	Post Office Protocol 3 over TLS/SSL (POP3S)[10]
143-144	Internet Message Access Protocol (IMAP),[10] management of electronic mail messages on a server[70]
2049	Network File System (NFS)
2121	FTP Proxy
8008-8009	Alternative port for HTTP. See also ports 80 and 8080.
8080-8081	Alternative port for HTTP. See also ports 80 and 8008.
Host/Access
22	Secure Shell (SSH),[10] secure logins, file transfers (scp, sftp) and port forwarding
23	Telnet protocol—unencrypted text communications[10][23]
88	Kerberos[10][51][52] authentication system
111	Open Network Computing Remote Procedure Call (ONC RPC, sometimes referred to as Sun RPC)
513	rlogin
Microsoft
135	Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service,[67] used to remotely manage services including DHCP server, DNS server and WINS. Also used by DCOM
137	NetBIOS Name Service, used for name registration and resolution
138	NetBIOS Datagram Service
139	NetBIOS Session Service[68][69]
445	Microsoft-DS (Directory Services) SMB[10] file sharing
1688	Microsoft Key Management Service (KMS) for Windows Activation
3020	Common Internet File System (CIFS). See also port 445 for Server Message Block (SMB), a dialect of CIFS.
5061	Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT)
555	Web Services for Devices (WSDAPI) (only provided by Windows Vista, Windows 7 and Server 2008)
Printers
515ֿ	Line Printer Daemon (LPD),[10] print service
631	Common Unix Printing System (CUPS) administration console (extension to IPP)
Routing & Network
179	Border Gateway Protocol (BGP),[77] used to exchange routing and reachability information among autonomous systems (AS) on the Internet
465	URL Rendezvous Directory for SSM (Cisco protocol)[importance?]
520	Routing Information Protocol (RIP)
646	Label Distribution Protocol (LDP), a routing protocol used in MPLS networks
711	Cisco Tag Distribution Protocol—being replaced by the MPLS Label Distribution Protocol
830	Netconf
1293	Internet Protocol Security (IPSec)
1701	Layer 2 Tunneling Protocol (L2TP)
1707	L2TP/IPsec, for establish an initial connection
1723	Point-to-Point Tunneling Protocol (PPTP)[10]
VoIP & Media
554	Real Time Streaming Protocol (RTSP)[10]
1720	H.323 call signaling
1755	Microsoft Media Services (MMS, ms-streaming)
2000-2001	Cisco Skinny
2427	Media Gateway Control Protocol (MGCP) media gateway
5060	Session Initiation Protocol (SIP)
5061	Session Initiation Protocol (SIP) over TLS
7070	Real Time Streaming Protocol (RTSP), used by QuickTime Streaming Server. TCP is used by default, UDP is used as an alternate.
DB
1521	Oracle SQL Net Listener
1433	Microsoft SQL Server database management system (MSSQL) server
1434	Microsoft SQL Server database management system (MSSQL) monitor
2483	Oracle database listening for insecure client connections to the listener, replaces port 1521
2484	Oracle database listening for SSL client connections to the listener
3306	MySQL database system
5432	PostgreSQL database system
8000	DynamoDB Local
Misc
9	Discard Protocol[12]
13	Daytime Protocol[16]
26	Port used by RSFTP - a simple FTP-like protocol.
79	Finger protocol[10][44][45]
81	TorPark onion routing[verification needed]
113	Ident, authentication service/identification protocol,[10][62] used by IRC servers to identify users
199	SNMP Unix Multiplexer (SMUX)[79]
427	Service Location Protocol (SLP)[10]
443	Hypertext Transfer Protocol over TLS/SSL (HTTPS)[10]
444	Simple Network Paging Protocol (SNPP), RFC 1568
543-544	klogin, Kerberos login
548	Apple Filing Protocol (AFP) over TCP[10]
873	rsync file synchronization protocol
993	Internet Message Access Protocol over TLS/SSL (IMAPS)[10]
1025-1029	Ports > 1024 are designated for dynamic allocation by Windows
1110	nfsd-status, Cluster status info
1900	Simple Service Discovery Protocol (SSDP),[10] discovery of UPnP devices
2717
3000	In use by multiple applications
3128	Squid caching web proxy
3986	mapper-ws_ethd, MAPPER workstation server
4899	Radmin (Fama Tech) - remote administration of PCs
5000	UPnP—Windows network device interoperability
5009	Apple AirPort Admin Utility, AirPort Express Assistant, Xwis (TCP/UDP)
5051	ita-agent Symantec Intruder Alert
5101	Yahoo Messenger P2P Instant Messages
5190	AOL Instant Messenger protocol. The chat app is defunct as of 15 December 2017.
5631	pcANYWHEREdata, Symantec pcAnywhere (version 7.52 and later[219])[220] data
5666	NRPE (Nagios)
5800	VNC Remote Frame Buffer RFB protocol over HTTP
5900	Virtual Network Computing (VNC) Remote Frame Buffer RFB protocol
6000-6001	X11—used between an X client and server over the network
6646	McAfee Network Agent (unofficial)
8443	Apache Tomcat SSL
8888	HyperVM over HTTPS[citation needed]
9100	PDL Data Stream, used for printing to certain network printers
9999-10000	In use by multiple applications
32768	Red Hat, first ports typically used for outgoing connections by some Linux distros like Red Hat
49152-49157	Linux commonly used by applications that utilize a dynamic/random/configurable port

From the Connections screen, when you select a Connection you are routed to a screen that provides detailed information. On the top right corner, you can see the time and date of the next scheduled scan. You have the option to click Scan now or activate and deactivate the scan via the status pill.