Discovering Devices

The following section explains the device discovery process, as well as the different methods of adding devices to Unified Assurance.

Objectives

The following list shows you the objectives of this section:

1. Use Manual Discovery to discover and add a single device to Unified Assurance.

2. Use Inclusion and Exclusion profiles to automate device discovery.

3. Run the Device Auto Discovery scheduled job to discover devices.

4. Setup SNMP discovery and run the Device SNMP Discovery scheduled job.

5. Organize devices into groups using the Device Groups interface.

Manual Discovery

Manual Discovery is a standard configuration interface for the middle ground between full auto-discovery with profiles and manually entering all of the device details. It is logically equivalent to creating a new discovery profile, populating it with a single IP, and running the Device Auto Discovery scheduled job on just that profile.

Note:

• Manual Discovery will place the device in the device zone set for the Device Auto Discovery application that is used (Default First Zone by default).

• There must be an enabled job named Device Auto Discovery for manual discovery to function. The job does not need to have a schedule.

1. Navigate to the Manual Discovery UI.

   Configuration -> Device Discovery -> Manual Discovery

2. Select the Unified Assurance server that you intend to use to run discovery from the Run on Server drop-down box.

   1. For a single-server install, there will be only one server available.

   2. In a multi-server install, there may be more than one server to choose from.

3. In the Devices (DNS/IPs) field, enter the DNS name or IP address of the device to discover (for example, 192.0.2.22).

   Note:

   You can manually discover multiple devices at once, by comma-separating the IPs/DNS names (for example, 192.0.2.22, 192.168.5.51, 10.24.125.50).

4. Click the Discover button (bottom right of the UI). The device discovery process will begin.

Device Automatic Discovery

Automatic discovery uses inclusion and exclusion profiles to discover a range of devices. Once a device has been discovered, it is added to a device group and device zone for organization. Device SNMP Discovery can then be run to obtain SNMP information about the device, such as its SysOID or serial number.

1. Navigate to the Inclusion Profiles UI.

   Configuration -> Device Discovery -> Inclusion Profiles

2. Inclusion Profiles is a configuration interface to maintain the various profiles used by the Device Auto Discovery scheduled job to provide criteria for the devices that should be discovered and added to the Device Catalog. A profile can specify a seed list of IPs, a range of IPs, a CDP scan, or a LDAP scan. One or more profiles can be created to discover the devices within a network. Configure a profile and enable it to allow the Device Auto Discovery scheduled job to find the devices using the profile settings. There are four profile types to choose from:

   1. Ping Scan: Defines an IP address range (for example, 10.24.*.*) to be pinged by the Device Auto Discovery scheduled job.

   2. Seed Scan: Defines a list of specific IP addresses (and/or DNS names) of devices to be discovered (reduced search time over Ping Scan).

   3. LDAP Scan: Active Directory query-based scan.

   4. CDP Scan: A scan based on the Cisco Discovery Protocol (Scans for devices and their directly connected neighbors).

3. Click the Example Ping Scan profile to open the profile for editing (the form opens on the right).

4. Change the Status to Enabled.

5. Enter the IP address range you wish to scan into the IP Address Regex Range text field (for example 10.10.21.*).

6. Click Submit to save the changes.

7. Click the Example Seed Scan profile to open the profile for editing.

8. Change Status to Enabled.

9. Enter the list of IP addresses/DNS names of the devices you wish to discover (comma separated values, for example, 10.24.125.50, example.monolith.com, 10.10.5.1) into the Devices text field.

10. Click Submit to save the changes.

11. Navigate to the Exclusion Profiles UI.

    Configuration -> Device Discovery -> Exclusion Profiles

    1. An exclusion profile allows you to define a list or range of IP addresses for which device discovery should never be attempted. Using exclusion profiles, a small number of IP addresses can be excluded from discovery, even if they would have been included in a larger range of an inclusion profile. For example, you might have a Ping Scan inclusion profile for 172.16.27.*, but may want to exclude 172.16.27.129 from discovery. An exclusion profile allows you to accomplish this without splitting the single inclusion profile into multiple profiles.

12. Add a new profile, or edit an existing profile, to exclude IP addresses from the discovery process. For example, edit the Example Device List profile in order to exclude 10.10.21.7 and 10.10.21.50 from the discovery process.

13. Navigate to the Jobs UI.

    Configuration -> Broker Control -> Jobs

14. Select the Device Auto Discovery job.

    1. Jobs is a configuration UI for adding, editing, and removing Jobs. A Job is an application that will be run at scheduled times, using a cron-like syntax. The Device Auto Discovery scheduled job runs device discovery and discovers devices based on the Inclusion and Exclusion profiles provided.

15. Click Start to run the device auto discovery. The discovery may take some time, depending on the number of devices discover.

16. Once the Discovery is complete, navigate to the Devices UI.

    Configuration -> Device Catalog -> Devices

    1. The Devices UI is where all discovered devices are displayed, that have been discovered in Unified Assurance through various pollers and discovery agents. From this list, you can manually add and edit devices as well as modify device settings such as custom name, IP address, and device state. This list can also be easily exported to Excel for inventory or accounting purposes.

17. The devices that have been discovered by the Device Auto Discovery scheduled job, as well as the manual discovery earlier, will be displayed in this UI.

    1. The State column shows all of the devices as being Verified.

       1. State refers to the discovery state of the device.

       2. Verified means that the device is ping-able, but has not been SNMP discovered. The Device SNMP Discovery scheduled job is used to discover SNMP-enabled devices. But first an SNMP Access Profile must be set up.

Device SNMP Discovery

1. Navigate to the SNMP Access UI.

   Configuration -> Device Discovery -> SNMP Access

2. Unified Assurance has a Default Public (v2c) SNMP Access profile by default, which uses the public community string. If your SNMP-enabled devices also use the public community string and SNMPv2, then the Default Public profile can be used for SNMP Discovery. If your devices use a different SNMP version and/or different community strings, then a new SNMP Access profile must be created (via the Add or Clone button) with the relevant information.

   1. Adding or cloning a profile will open a form to the right of the UI. The relevant information needs to be entered in the Access Profile Information section.

      1. SNMP Version: The SNMP version running on your devices (If there are different devices running different SNMP versions, access profiles will need to be added for each SNMP version. The Clone button is useful for this purpose).

      2. Profile Name: A descriptive name for your profile.

      3. Priority Order: The order priority in which the profile should be executed. If you have more than one access profile, the priority order determines which profile gets run by the Device SNMP Discovery scheduled job first. Profiles with lower priority order numbers will be executed before profiles with higher numbers.

      4. SNMP UDP Port: The SNMP Port used for the connection.

      5. MTU: The MTU size for the connection.

      6. Device Zone: The device zone to run the SNMP discovery against.

   2. If the devices are running SNMP version 1 or 2, you must enter the community string in the Community String field. If the devices are running SNMPv3, this field can be left blank.

   3. For devices running SNMPv3, the relevant access information must be entered into the SNMP(v3) Information section of the form.

   4. Best Practice:

      1. The public community string is the default read-only community on many devices. This can be a security risk and best practice is to change the default community to a local, protected value. Some customers leave the default public community in their access profiles to be used as a warning. If they find that any devices have associated with the public profile it is a nice early-warning sign that an improperly configured device has been added to their network.

      2. It is possible for the same community string to be used by both v1 and v2c devices. It is preferable for different strings to be used, but if the same string must be used, assign the v1 profile a higher Priority Order. This will ensure that v2c devices will use the v2c profile and the v1 devices will use the v1 profile. Using the correct version will reduce problems in other applications such as interface discovery, metrics collection, etc.

3. With the Access Profiles created, navigate to the Jobs UI.

   Configuration -> Broker Control -> Jobs

4. Select the Device SNMP Discovery scheduled job, and click Start to run the job. SNMP discovery may take some time, depending on the number of devices.

   Note:

   Devices must be discovered first (through manual discovery or Device Auto Discovery) before running SNMP Discovery.

5. Once SNMP discovery is complete, navigate to the Devices UI. Notice that for devices in which SNMP discovery was successful, the State value has now changed to Discovered. With SNMP discovery successful, these devices can now be polled for performance data.

   Configuration -> Device Catalog -> Devices

Device Groups

Device Groups is the concept of associating devices and providing common additional functionality. Usually this is used for Navigation, Security, and Command/Control. Unified Assurance uses device grouping in the follow ways:

1. Navigation: Makes related devices easier to find.

2. Restriction Grouping: Device access can be restricted and provide multi-tenant functionality to any device-based function.

3. Reporting: TopN and Inventory Overviews that allow applicable comparisons.

4. Hierarchies of Device Groups can be created through the establishment of parent and child groups. At the top level of the hierarchy, there is a single group (Root) which contains all devices. Subgroups or children can be created off the main level. Additional child groups can be created within each subgroup to categorize devices within groups, thus creating a hierarchical structure.

Note:

Unified Assurance supports non-mutually exclusive groupings of Devices. One Device can belong to multiple Device Groups.

Creating a Device Group

1. Navigate to the Device Groups UI.

   Configuration -> Device Catalog -> Device Groups

2. From Device Groups, select the Root device group and click Add to add a new device group.

3. In the Device Group (New) form, enter a name for the device group in the Device Group Name field.

4. Select the Remove from other groups checkbox. When this checkbox is selected, any devices added to this group will also be removed from any other groups.

5. The Available section contains a list of all of the discovered devices in Unified Assurance. Select the devices that you with to add, and use the arrow buttons to add them to the group.

6. Click Submit button (bottom right) to save the changes.

7. Click the Unified Assurance logo on the top left of the UI to refresh the UI.

8. Click on the Devices link in the navigation (left pane). Note that your new device group is visible (as a sub-group of Root). Click on the arrow icon (to the immediate left of the folder icon) to expand the new device group to show the devices.

Related Interfaces

Device Management

Use the Device Management UI to perform large and extensive changes to groups of devices within the Device Catalog.

Configuration -> Device Catalog -> Device Management

You can make the following changes to multiple devices at once using this interface:

• Load Device Meta Tags

• Set Device Category

• Set Device Priority

• Move Device to Zone

• Set Device Shard

• Mark Device For SNMP Rediscovery

• Unmanage Device

• Force Device Delete

These actions can be performed on a selection of devices, or on a particular device group.

Device Type Categories

The Device Type Categories UI is used for editing and removing Device Type Categories from the Unified Assurance system.

Configuration -> Device Catalog -> Device Type Categories

A Device Type Category is used when creating Device Types, and gets assigned to a device during SNMP Discovery. When viewing the device list, the image and name assigned to the category will be displayed.

Device Types

The Device Types UI is used for adding, editing, and removing the different device types that can be associated with discovered devices. Some example device types include firewalls, switches, and routers.

Configuration -> Device Catalog -> Device Types

It is best practice to routinely verify that all devices discovered in Unified Assurance have a valid Device Type. This will help in device categorization and maintenance.

Device Zones

The Device Zones UI is used for adding, editing, and removing device zones within the Device Catalog.

Configuration -> Device Catalog -> Device Zones

• Device Zones are mutually exclusive groupings of Devices. A Device can only belong to one Device Zone, unlike Device Groups, where a Device can be associated with one or more groups.

• Device Zones are commonly used for polling or active collection, so that collectors and/or pollers can be distributed to various locations. This cannot be accomplished with Device Groups.

• Devices can be moved from zone to zone using either the Devices UI (for single devices) or the Device Management UI (for multiple devices).

Grouping specific devices into a particular zone can be used for organization or for polling purposes. This provides scoping for discovery and pro-active polling, ensuring that devices within a zone are accessed by monitoring components in that zone. Multiple devices with the same IP address must be in separate zones for proper polling.

Maintenance Windows

The Maintenance Windows UI allows you to configure device-based maintenance windows. Specifying maintenance windows allows for special rules processing for events for the relevant devices during the window.

Configuration -> Device Catalog -> Maintenance Windows

Maintenance Window processing is available but may need to be enabled in the 'base.load' rules files for different applications.

1. Navigate to the Rules UI.

   Configuration -> Rules

2. The UI contains a list of rules directories and sub-directories.

3. Click the white arrow symbol to the immediate left of a folder icon to expand that directory. Click the black arrow symbol to collapse the directory.

4. Click to expand Core Rules (core) -> Default read-write branch (default) -> collection -> event -> trap.

5. Click the base.load rules file to open it for viewing/editing.

6. A commented example exists within this base.load file (likewise with the Syslog 'base.load' file). The rules can be implemented as described in the commented sections. Once the code has been un-commented and distributed to base.rules (and custom code added if desired/needed), and the changes to base.rules have been saved, the aggregator must be restarted, in order for the changes to be taken into effect.

Meta Types

The Meta Types UI is used for adding, editing and removing Meta Types. Device Meta Type tagging is the concept of associating additional device information to a set of devices. The Meta Types can be associated manually or dynamically with rules. Tagging devices with Meta Types also provides for device-based enrichment such as Event correlation, as well as special polling of devices.

Configuration -> Device Catalog -> Meta Types

Unified Assurance uses device-based meta tags in several ways including the following:

• Event Navigation: Making operators view basket-of-technology or application-based dynamic event lists.

• Event Enrichment: Utilizing the device-based data to enrich events on the fly.

• Automatic Configuration: Allowing Unified Assurance components to automatically configure themselves based upon meta data.

Note:

Meta Tags can be added using either the Manage Devices (single device at a time) or Device Management (multiple devices at a time) interfaces.

Vendors

The Vendors interface is used for adding, editing and removing Vendors/Manufacturers from the Unified Assurance system. Vendors can be used for grouping Device Types.

---

Title and Copyright Information

Implementation Guide

F59716-01

Copyright © 2022, Oracle and/or its affiliates.