Follow

Info: Comparing Discovery Methods and Device placement

Applies To:

18.x

Summary:

Each method of Discovery will place Certificates, Devices and Applications slightly differently, which can not only be confusing, but causes different results depending on the order you perform discovery. For instance, if you perform an agent-based discovery prior to Network discovery, or vise-versa, you'll get different end results.

More Information:

The following chart compares the three main discovery methods (Onboard discovery is significantly different and not compared here).



Network Discovery

Simple Agent Discovery

Advanced Agent Discovery

 
 

1. Scans devices on exposed ports for certificates attached and active on those ports.

1. Scans devices on ports and is configurable to look in the file system as well as in other certificate stores.

1. Scans devices on ports and is configurable to look in the file system as well as in other certificate stores.

 

2. Devices are LEFT in the Policy Tree where they are IF they already exist. If they do not exist, they follow placement rules.

2. Devices are left in the Policy Tree where they are IF they already exist. If they do NOT exist, then they are created according to placement rules.

2. Allows for scanning of SSH - requires selecting advanced options when configuring the work for the agent.

 

3. If the device is newly created (see #2 above) it is configured for Agentless provisioning.

3. If the device is newly created from #2 above, then it will be configured for "Agent" based provisioning

3. Devices are ALWAYS placed according to the placement rules. If the device already exists elsewhere in the policy tree, a duplicate will be created. If the device exists in the same folder already, it will not be modified

 

 

 

4. If the device is newly created from #3 above, then it will be configured for "Agent" based provisioning.

 

 

 

The result of these configuration differences can be interesting if you're running discovery via multiple methods. For instance:

  • Network Discovery first, THEN Advanced Agent Discovery could potentially have 2 new devices if the Network Discovery is not pointing to the same location as Agent discovery (generally, they ARE different locations).
  • Advanced Agent Discovery first THEN Network Discovery should only give you a single device created.

The problem with this is that creating a "plan" is tricky. For instance, if you have a golden image with an agent built in, it may connect prior to Network Discovery runs, most of the time, unless the agent doesn't connect just as network discovery is running. Alternatively, if you are pushing out the agent after-the-fact, then a nightly discovery has a very real chance of finding the system first, part of the time, yielding inconsistent results.

Possible Options:

  1. Control the provisioning method of devices at the policy level, so you don't have to worry about which finds the device first.
  2. Combine the Network Disovery and Agent Discovery locations into the same location to prevent creation of devices in two locations.
  3. Don't "scan" systems that will have an agent on them.
Was this article helpful?
0 out of 0 found this helpful

Comments