Configuration Manager can use
a variety of network protocols to probe your network and gather data
about the objects it discovers into the site database. Network discovery
can be used to identify potential ConfigMgr clients. Network discovery
can also be used to add network topology data and information about
non-client network devices to your database for use in queries,
collections, and reports. Configuration Manager network discovery is
similar to that in SMS 2003, except there is a new configuration tab for
DHCP servers and support added for IPv6.
To configure network discovery, right-click
Network Discovery in the Configuration Manager console under System
Center Configuration Manager -> Site Database -> Site Management
-> <Site Code> <Site Name> -> Discovery Methods -> Network Discovery and then choose Properties. As displayed in Figure 1, there are three levels of network discovery:
Note: About Network Discovery Resource Utilization
Network discovery can have a major impact on
your network and site systems. To avoid overloading network or server
resources, you should schedule network discovery to run during off-peak
times. If you have a large number of machines, you should perform
initial discovery in phases. You may choose to discover a few subnets at
a time or you may choose to first discover topology only, then clients,
and later add operating system discovery. You should limit the number
of new resources you expect to discover to no more than 5,000 at a time.
If discovery will traverse slow network
segments, check the Slow network box on the General tab to throttle the
number of concurrent network request and adjust timeout values.
The Subnets, Domains, and SNMP Devices tabs determine the initial scope of network discovery. Figure 2
displays the Subnets tab. By default, the local subnet and the site
server’s domain will be discovered. You can add subnets, domains, or
SNMP devices using the starburst icon (circled in Figure 2) on the respective tabs. You can also remove or modify existing subnets or domains.
Discovering Network Topology
Network
discovery uses Simple Network Management Protocol (SNMP) to query
network infrastructure devices for basic information about your network
topology. The discovery process generates data discovery records (DDRs)
for network devices and subnets. A DDR
is a small file with identifying information about an object that is
processed and stored in the ConfigMgr database. The properties for SNMP
discovery are configured on the SNMP tab of the Network Discovery
Properties sheet, shown in Figure 3.
All SNMP devices are configured with a community string, which by default is named public.
To connect to an SNMP device, you must add its community string to the
list of communities to discover. The maximum hops specified on the SNMP
tab controls how far discovery will traverse the network. If the number
of hops is set to 0, the devices on the site server’s local subnet will
be discovered. If the number of hops is more than 0, network discovery
will query the routing tables of the local router to retrieve a list of
subnets connected to it and the IP addresses of devices listed in the
ipRouteNextHop of the router. These subnets and devices are considered
to be one hop away. Network discovery will continue to perform the same
process based on the routing data of the devices on the next hop, until
it reaches the maximum number of hops. Additional subnets and devices on
those subnets will be discovered if one of the following occurs:
Because
a router can be connected to many subnets, the scope of network
discovery can increase dramatically with each higher value of the
Maximum hops setting. On the local subnet, network discovery can connect
to the router using Router Information Protocol (RIP) or by listening
for Open Shortest Path First (OSPF) multicast addresses, even if SNMP is
not available on the router.
Network discovery can also retrieve information
from Microsoft DHCP servers. The Network Discovery Properties DHCP tab
lists the DHCP servers to query. By default, network discovery will use
the site server’s DHCP server, although typically, the site server is
not configured as a DHCP client and you will need to add DHCP servers
manually using the starburst icon. Figure 4 displays an example of this.
The site server will establish an RPC connection
to each of the specified DHCP servers to retrieve subnet and scope
information. Subnets defined on the DHCP servers are added to the list
of available subnets for future network discovery, but are not enabled
for discovery by default. For each active lease on the DHCP server, the
network discovery process also attempts to resolve the IP address to a
name.
Topology and Client Discovery
To discover potential Configuration Manager
clients, network discovery attempts to identify as many devices as
possible on the IP network. An array of IP addresses from the
ipNetToMediaTable of SNMP devices is used to identify IP addresses in
use, and network discovery
pings each address to determine if it is currently active. If the
device replies to the ping, network discovery attempts to use SNMP to
query the device. If network discovery can access the device’s
management information through SNMP, it will retrieve any routing table
or other information the device holds about other IP addresses it is
aware of. Each IP address is resolved to a NetBIOS name if possible.
Network discovery will also retrieve the Browse
list for any domains specified on the Domains tab. The Browse list is
the same list used to display machines in the Windows Network
Neighborhood, and can be enumerated with the Net View command. As with
other discovered devices, network discovery then attempts to ping the
device to see if it is active.
Discovering Topology, Client, and Client Operating Systems
In addition to the discovery process for
topology and clients, if client operating system discovery is specified,
network discovery will attempt to make a connection using LAN Manager
calls to determine whether the machine is running Windows and, if so,
what version of Windows it is running.
In order for network discovery to create a DDR
for a discovered device, the IP address and subnet mask of the device
must be retrieved. Network discovery retrieves the subnet mask from one
of the following:
The device itself if it is manageable through SNMP—
Windows machines are only manageable through SNMP if the SNMP service
is running and configured with the required community information. This
will generally not be the case.
The Address Resolution Protocol (ARP) cache of a router with information about the device—
ARP is a protocol used to resolve IP addresses to the Media Access
Control (MAC) addresses of the network cards. Routers keep this
information cached for a finite amount of time, depending on the router
configuration. The ARP cache generally will not have information about
every device on the attached network segment. This makes retrieving
subnet mask information from the router ARP cache a hit-or-miss
operation.
The DHCP server—
If you are using Microsoft DHCP for all of your IP address assignment,
retrieval of subnet mask information from the DHCP server will generally
work well. Any machines with static IP addresses or any machines using
non-Microsoft DHCP will need to be discovered by another method. All
DHCP servers must also be listed on the DHCP tab.
There are many
dependencies for network discovery to work properly. Required protocols
must be allowed by firewalls, enabled, and configured properly on
clients. Network discovery is an important way to discover clients, but
in general you will not want to rely on it exclusively.
