Documentation forSolarWinds Service Desk

Review of Your Discovery Instance Tabs

Connections

The Connections screen is where you configure integrations with multiple data sources to get the information on the physical and virtual devices on your network. This includes all SCCM, Router, vCenter and Subnet connections that can be created manually or automatically.

Once a discovery scanner is installed, it detects the subnet on which it is deployed and automatically creates a new connection for the subnet. In addition it detects the default router and automatically creates a new connection with the router. All additional SCCM, Router, vCenters and Subnets on the network can be manually entered on the Connections Screen. 

We recommend using router integration. This will provide information from the subnets connected to the specific router, and the user will not need to add the additional subnets manually.

Defining the columns on the Connections screen:

COLUMN DESCRIPTION

NAME

The connection name*.

STATE

Defines whether the connection is:

  • Inactive - connection is not used

  • Idle - connection is used but not in process

  • Queued - connection is about to start scanning but other connections are currently being scanned

  • Scanning - connection scan in progress

  • Overlapping - connection was intended to start scanning but a previous scan has not yet completed

  • Empty - no connected devices found during last scan

  • Not reporting - connection was not sending data for too long

  • No Connection - the IP address used for this connection does not respond

  • Invalid credentials - the supplied credentials could not be used to access the connection. This status is not applicable to the subnet connection type.

HOST

The IP address / Host name / Subnet definition of this connection

SCANNER

The scanner assigned to scan this connection

TYPE

Router, subnet, vCenter or SCCM

CREDENTIALS

The associated credentials for this connection

NEXT SCAN

One of the following:

  • Empty (when a connection is inactive or not reporting)

  • Next scheduled scan time when connection is active and not during scan

  • Progress when connection is running a  scan

ACTIONS

The toggle allows you to activate and deactivate the scan.  When you hover over the row a trash bin appears.  You may delete the device by clicking on the trash icon.

*Automatically created connections are assigned a generic name. It is recommended to manually edit them and provide a name that is meaningful for your data collection.

Click on the icon to add additional SCCM, Routers, vCenters, Subnets, Orion Nodes, AWS and/or Azure Cloud Discovery.

When adding SCCM, Router, and/or vCenter connections, the IP address is required.

It is imperative to enter all information accurately.

Any incorrect information (i.e. incorrect password) will prevent proper reporting in the Scanning report.

Depending on the Connection selected, you will enter the relevant information to assist in maximizing the data pulled and utilization for reporting purposes.

Last Scan Report

You can pull the Last Scan Report at any time to get a real time view of the current status of your infrastructure.

The report, displayed on the right pane, includes the Scanned Device per Type. To better understand the details provided, we have included the table below.

STATUS DESCRIPTION
Scanned Devices

Total scanned devices per Connection:

  • Subnet - Subnet size
  • Router - Based on the ARP table size
  • SCCM - Number of hosts in the database
  • vCenter - Number of hosts in the database
Devices Updated Any change in device information when compared to the previous scan, leads to a database update.
New Devices Detected Any device that has responded to a ping request for the first time.
Responded Devices

Total number of devices recognized as active:

  • Subnet - Number of devices nMap has identified as active
  • Router - Based on the ARP table size
  • SCCM - Number of hosts in the database
  • vCenter - Number of hosts in the database
Discarded Devices

An IP Address alone is not a sufficient factor to uniquely identify an Asset. Therefore the Discovery process will Discard any Asset that does not possess a unique identifier, such as a MAC Address, Serial Number etc ...

In cases where a MAC address is not detected by the scanner, there are multiple options to provide clarity:

  • Provide additional Credentials such as WMI, SNMP etc ...
  • Locate the Scanner on the same physical subnet
  • Provide SNMP Credential to the Router, to allow the import of the ARP Table
Skipped Devices

Devices that have not been reported based on the following reasons:

  • There is an Agent installed on the host, therefore this device is already listed in the CMDB database
  • The device has already been detected, scanned and reported on by another mechanism (such as SCCM etc...)

Selecting your connection:

Review your options below or select the link to go directly to the relevant source:

SCCM

If you select SCCM, fill in the required fields.

Supported SCCM versions:

Console version: 5.0.

Site version: 5.0.

If you are working with a different version, please contact your account executive or support@samanage.com

FIELD DESCRIPTION

Name*

Name of the SCCM connection for internal use only, will not affect the scanning process

Description

A meaningful description, for internal use only, will not affect the Discovery process

Scanner

Select the discovery scanner which is associated with the SCCM integration. Please note that the selected scanner must have access to the windows server on which the SCCM database is located.

Dataserver*

e.g. 192.168.56.103\sqlexperss

Checkbox Notice the ability to Import Installed Software from Devices (when selected, you will obtain both hardware and software details)

Username*

SCCM database username

Password*

SCCM database password

Port*

Default 1433

Database*

SCCM database name

*This marks a required field

Your SCCM scan can pull site information as well. To accomplish this, follow the steps below:

Prerequisite - The <PhysicalDeliveryOfficeName> must be included in the AD (Active Directory) configuration

  1. The scanner must be set up to contact the SCCM via the API
  2. When an asset is found, the <Primary Login User> will be identified
  3. Will pull the site details from information provided by the AD information

Semi Scanned Devices - The SCCM database is fully scanned every 3 days, to ensure performance efficiency, a partial scan occurs every other day. Any changes that occur are reflected in the partial scan.

Router

If you select Router, fill in the required fields.

If you elect to use router integration, the router must support SNMP.

FIELD

DESCRIPTION

Name*

Name of the router, for internal use only, will not affect the scanning process.

Description

A meaningful description, for internal use only, will not affect the Discovery process.

IP Address*

Router’s IP Address*

Scanner

The SolarWinds scanner associated with this router. Please note that the selected scanner must have access to the router from the subnet on which it’s deployed.

Credentials

Select the SNMP credentials the discovery scanner should use in order to connect to the router.

*This marks a required field

vCenter

Supported vCenter version:

VMware vCenter Server Appliance 6.0.

Type: vCenter Server with an embedded Platform Services Controller

If you select vCenter, fill in the required fields:

FIELD

DESCRIPTION

Name*

Name of the vCenter, for internal use only, will not affect the scanning process.

Description

A meaningful description, for internal use only, will not affect the scanning process.

Scanner

Select the relevant Scanning Device from the dropdown menu.

IP Address*

Mandatory field

Username*

Mandatory field

Password*

Mandatory field

*This marks a required field

*Credentials are required when selecting vCenter Connections. It is imperative to enter all information accurately.

Any incorrect information (i.e. incorrect password) will prevent proper reporting in the Scanning report.

Subnet

If you select Subnet, fill in the required fields:
Subnets are used to get the information from connected devices by using nmap.

FIELD

DESCRIPTION

Name*

Give the subnet a meaningful name that will provide you with significant data.

Name is for your ease and convenience.  This information does not affect the scanning process.

Description

Provide a meaningful description of the subnet.

Subnet*

Provided in CIDR notation

i.e. 192.168.10.0/24

Scanner

Select from the dropdown menu.

Credentials (Optional**)

You can select 1 or more credentials to associate with the subnet to pull additional information from the devices.  The credentials vary based upon available services on the device. 

e.g. ssh, SNMP

Port Exclusion Range

Provides you the ability to exclude predetermined ports from the scan.

You may select one port by inputting the port number or start and end numbers to identify the range of excluded ports (see chart below to view default ports scanned).

*This marks a required field

**By electing to provide Credentials you enable the scanner to provide additional data.  as usual

Orion Nodes Discovery

If you select to integrate with Orion, fill in the required fields.

Currently support only local domain account, active directory accounts are not supported

Orion Platform products supported:

  • Network Performance Monitor (NPM)
  • Network Configuration Manager (NCM)
  • Server and Application Monitor (SAM)

A running instance of the Discovery Scanner is required and Orion credentials are needed to connect the Scanner to the Orion Platform

FIELD

DESCRIPTION

Name*

Give a meaningful name that will provide you with significant data.

Name is for your ease and convenience.  This information does not affect the scanning process.

Description

Provide a meaningful description of the data.

Scanner

Select a scanner from the drop down menu

IP Address*

Mandatory field

Username*

Mandatory field

Password

Orion password

AWS Cloud Discovery

If you select to connect the Discovery Scanner with AWS Cloud, make sure to meet the prerequisite requirements.

Prerequisite:

  • You must have a scanner up and running in your local environment, scanning data and collecting information from your local network.
  • Once you decide you would like to expand the data collected to include information stored on AWS Cloud, you will first need to :
  • Create a dedicated user including credentials via the AWS console at the following url: https://console.aws.amazon.com//iam

Once the connection is established, the scanner will imports EC2 data from the AWS Cloud into your SWSD Database.

You have now created a new secure connection between the selected Scanner and the AWS API Gateway. As part of the configuration you need to provide information regarding the AWS Environment, User Credentials and the selected Scanner.

In order to establish a connection between the Solarwinds Service Desk and the AWS API, you will need to create a new user from the AWS IAM Console

From the Setup menu, navigate to Discovery.

From the Connections index page, select the icon and click on AWS Cloud Discovery.

The details page is revealed:

Enter the relevant data as described in the table below:

FIELD

DESCRIPTION

Name*

Give a meaningful name that will provide you with significant data.

Name is for your ease and convenience.  This information does not affect the scanning process.

Description

Provide a meaningful description of the data.

Scanner

Select a scanner from the drop down menu which will establish the connection with the AWS API gateway

AWS Region*

Mandatory field

AWS User - Access key ID*

Mandatory field

AWS User - Secret access key

Personal password

Once all the information is entered, make sure to click Create on the top right of the screen to save this connection.

If you need to create a user, please go to:

https://console.aws.amazon.com//iam

It is recommended to provide Read-Only permissions to the EC2 user - AmazonEC2ReadOnlyAccess

Once the data is extracted from the AWS Cloud via the API, the EC2 information is imported into your SWSD as an asset including details such as CPUs, memory etc.

In addition, details from AWS Cloud are included such as Region, Zone etc.

Below is an example of the details extracted:

Azure Cloud Discovery

If connecting via Azure Cloud Discovery, review the required information for connection:

  • You must have a scanner up and running in your local environment, scanning data and collecting information from your local network.
  • Once you decide you would like to expand the data collected to include information stored on Azure Cloud, you will first need to :
  • Create a dedicated user including credentials via the Azure console at the following url: https://azure.microsoft.com

Cloud Identification

  • Subscription ID
  • Tenant ID (Found under Azure Active Directory in the Azure portal)

Authentication Credentials

  • Client ID (Azure Portal > Azure Active Directory> App Registration > Add New Registration)
  • Client Secret (Inside the app registration added > Certificates and Secrets > Create new client secret)

Permissions Required

Reader permissions (Add Inside specific subscription > Access Control (IAM) > Role Assignments > Add Role Assignment)

You have now created a secure connection between the selected Scanner and Azure Cloud you can retrieve the following information:

Basic Information
Field Example
Instance ID (VM ID) eb982846-4594-4a66-afe5-dfb49f66
Name Win10-API-1
User (Admin Username) Discovery
Operating System (OS)  windows/linux
Cloud Details
Field Example
Location (US) East US
VM Size Standard_B1ls
Memory and CPU
Field Example
Memory 0.5 GB
Number of CPUs 1
Drives
Field Example (from cloud)
Name CentOS-API-1_DataDisk_0
Size 1024 GB
Type Microsoft.Compute/disks

Scanned Ports

Whether you choose a SCCM, Router, vCenter or other connection, the list below is a default list of all ports that can be scanned. Of course you can customize this list to suit your organizational needs.

Default Ports Scanned via Nmap

General Description
7 Ping, Echo Protocol
161 SNMP
162 SNMP
Servers/Service
20 File Transfer Protocol (FTP) data transfer
21 File Transfer Protocol (FTP) control (command)
26 Port used by RSFTP - a simple FTP-like protocol.
25 Simple Mail Transfer Protocol (SMTP), used for email routing between mail servers
37 Time Protocol[25]
53 Domain Name System (DNS)[34][10]
80 Hypertext Transfer Protocol (HTTP)[10][46][47][48]
106 Allows passwords to be changed on POP servers
110 Post Office Protocol, version 3 (POP3)[10][60][61]
119 Network News Transfer Protocol (NNTP),[10] retrieval of newsgroup messages[65][66]
389 Lightweight Directory Access Protocol (LDAP)[10]
465 Authenticated SMTP[10] over TLS/SSL (SMTPS)[86]
514 Syslog,[10] used for system logging
587 email message submission[10][89] (SMTP)
990 FTPS Protocol (control), FTP over TLS/SSL
995 Post Office Protocol 3 over TLS/SSL (POP3S)[10]
143-144 Internet Message Access Protocol (IMAP),[10] management of electronic mail messages on a server[70]
2049 Network File System (NFS)
2121 FTP Proxy
8008-8009 Alternative port for HTTP. See also ports 80 and 8080.
8080-8081 Alternative port for HTTP. See also ports 80 and 8008.
Host/Access
22 Secure Shell (SSH),[10] secure logins, file transfers (scp, sftp) and port forwarding
23 Telnet protocol—unencrypted text communications[10][23]
88 Kerberos[10][51][52] authentication system
111 Open Network Computing Remote Procedure Call (ONC RPC, sometimes referred to as Sun RPC)
513 rlogin
Microsoft
135
Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service,[67] used to remotely manage services including DHCP server, DNS server and WINS. Also used by DCOM
137 NetBIOS Name Service, used for name registration and resolution
138 NetBIOS Datagram Service
139 NetBIOS Session Service[68][69]
445 Microsoft-DS (Directory Services) SMB[10] file sharing
1688 Microsoft Key Management Service (KMS) for Windows Activation
3020 Common Internet File System (CIFS). See also port 445 for Server Message Block (SMB), a dialect of CIFS.
5061 Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT)
555 Web Services for Devices (WSDAPI) (only provided by Windows Vista, Windows 7 and Server 2008)
Printers
515ֿ Line Printer Daemon (LPD),[10] print service
631 Common Unix Printing System (CUPS) administration console (extension to IPP)
Routing & Network
179 Border Gateway Protocol (BGP),[77] used to exchange routing and reachability information among autonomous systems (AS) on the Internet
465 URL Rendezvous Directory for SSM (Cisco protocol)[importance?]
520 Routing Information Protocol (RIP)
646 Label Distribution Protocol (LDP), a routing protocol used in MPLS networks
711 Cisco Tag Distribution Protocol—being replaced by the MPLS Label Distribution Protocol
830 Netconf
1293 Internet Protocol Security (IPSec)
1701 Layer 2 Tunneling Protocol (L2TP)
1707 L2TP/IPsec, for establish an initial connection
1723 Point-to-Point Tunneling Protocol (PPTP)[10]
VoIP & Media
554 Real Time Streaming Protocol (RTSP)[10]
1720 H.323 call signaling
1755 Microsoft Media Services (MMS, ms-streaming)
2000-2001 Cisco Skinny
2427 Media Gateway Control Protocol (MGCP) media gateway
5060 Session Initiation Protocol (SIP)
5061 Session Initiation Protocol (SIP) over TLS
7070 Real Time Streaming Protocol (RTSP), used by QuickTime Streaming Server. TCP is used by default, UDP is used as an alternate.
DB
1521 Oracle SQL Net Listener
1433 Microsoft SQL Server database management system (MSSQL) server
1434 Microsoft SQL Server database management system (MSSQL) monitor
2483 Oracle database listening for insecure client connections to the listener, replaces port 1521
2484 Oracle database listening for SSL client connections to the listener
3306 MySQL database system
5432 PostgreSQL database system
8000 DynamoDB Local
Misc
9 Discard Protocol[12]
13 Daytime Protocol[16]
26 Port used by RSFTP - a simple FTP-like protocol.
79 Finger protocol[10][44][45]
81 TorPark onion routing[verification needed]
113 Ident, authentication service/identification protocol,[10][62] used by IRC servers to identify users
199 SNMP Unix Multiplexer (SMUX)[79]
427 Service Location Protocol (SLP)[10]
443 Hypertext Transfer Protocol over TLS/SSL (HTTPS)[10]
444 Simple Network Paging Protocol (SNPP), RFC 1568
543-544 klogin, Kerberos login
548 Apple Filing Protocol (AFP) over TCP[10]
873 rsync file synchronization protocol
993 Internet Message Access Protocol over TLS/SSL (IMAPS)[10]
1025-1029 Ports > 1024 are designated for dynamic allocation by Windows
1110 nfsd-status, Cluster status info
1900 Simple Service Discovery Protocol (SSDP),[10] discovery of UPnP devices
2717
3000 In use by multiple applications
3128 Squid caching web proxy
3986 mapper-ws_ethd, MAPPER workstation server
4899 Radmin (Fama Tech) - remote administration of PCs
5000 UPnP—Windows network device interoperability
5009 Apple AirPort Admin Utility, AirPort Express Assistant, Xwis (TCP/UDP)
5051 ita-agent Symantec Intruder Alert
5101 Yahoo Messenger P2P Instant Messages
5190 AOL Instant Messenger protocol. The chat app is defunct as of 15 December 2017.
5631 pcANYWHEREdata, Symantec pcAnywhere (version 7.52 and later[219])[220] data
5666 NRPE (Nagios)
5800 VNC Remote Frame Buffer RFB protocol over HTTP
5900 Virtual Network Computing (VNC) Remote Frame Buffer RFB protocol
6000-6001 X11—used between an X client and server over the network
6646 McAfee Network Agent (unofficial)
8443 Apache Tomcat SSL
8888 HyperVM over HTTPS[citation needed]
9100 PDL Data Stream, used for printing to certain network printers
9999-10000 In use by multiple applications
32768 Red Hat, first ports typically used for outgoing connections by some Linux distros like Red Hat
49152-49157 Linux commonly used by applications that utilize a dynamic/random/configurable port

From the Connections screen, when you select a Connection you are routed to a screen that provides detailed information. On the top right corner, you can see the time and date of the next scheduled scan. You have the option to click Scan now or activate and deactivate the scan via the status pill.