Track-It! Inventory 101 - Discovery

Version 2
    Share:|

    I'd say the lion's share of "how do I..." questions that I get revolve around the Inventory module.  With that in mind, I decided to start a discussion here where I'll go over the Inventory module, chunk by chunk, from a "high level" point of view.  I'll attempt to break the module down into the pieces that make up the module, and discuss pros and cons of various ways to take advantage of it.

     

    I hope to update this section every day or so with another "chunk".

     

    With that in mind, here's the first one.  This is a high-level discussion of what Discovery does, and an oversimplified summary of how it does it.  Hopefully, this will help folks who are unfamiliar with Discovery to understand its strengths and environmental requirements, and to explain why it discovers something they think it shouldn't have; or doesn't discover something they think it should have.

     

     

    Overview of Discovery

     

    Discovery, on its best day (with all network environment configured exactly as we'd like to see it) can pick up three things from a computer:

     

    1) IP Address

    2) Machine Name

    3) MAC address

     

     

    IP Address

    It gets the IP address, effectively, from a ping request (ping <machine name> or ping <IP Address>, depending on how you've configured Discovery).

    -If you configure Discovery by IP address, it attempts to ping the IP address or IP range you've entered.

    -If you configured Discovery by domain or OU, it asks the applicable domain controller for a list of computer accounts; then it tries to ping those by name.

     

    If something responds to a ping, we temporarily assume that the IP address is good.  But, we know that most facilities use DHCP, so we need at least one other piece of information below to ensure we discovered something new, ore to update something already discovered.

     

     

    Machine Name

    It gets the machine name, effectively, from a reverse DNS lookup (ping -a <the IP Address that responded in the first step>).

     

    -If this resolves to a machine name, and that name hasn't previously been discovered, we assume we discovered a new computer

    -If it resolves to a machine name that has already been discovered, it updates the IP address for that machine

    -If this does not resolve to a machine name, then we must have a valid MAC address in order to say we discovered something.

     

     

    MAC Address

    It gets the MAC address from an arp request (arp -a <IP address from the first step>).  The MAC address tends to bear more weight in the Discovery process, because:

    -We understand that IP addresses are often dynamic, and;

    -Machine names are subject to human error.

     

    MAC addresses, on the other hand, are in theory unique to each computer.  So, if an IP address responds to a ping, and we get a MAC address, Discovery will update the IP address and machine name of whatever record has that MAC address.

     

    Here's where this can cause problems:

     

    Say there's a router (IP router used for subnetting, or VPN router, for example) between the Track-It! server and a small group of workstations.  If that router is not configured to pass arp requests, then when Discovery attempts to do the arp -a <IP Address> request, we get the MAC address of the router, not the MAC addresses of the individual workstations.

     

    In this situation, when Discovery tries to ping any IP address associated with a workstation on the other side of that router, we'll get a valid reply.  (We may, or may not get a valid machine name.)  But each arp request will give us exactly the same MAC address.  So, Discovery will think that each of those workstations is the same one, and all Discovery attempt update the same record.  What you see in "Manage Discovered Assets" will depend on which IP address (and machine name if returned) was the last to be discovered.