Introduction to Summit Discovery

Option 1: Standard discovery

Summit uses various protocols and credentials to discovery infrastructure.

Option 2: Discovery based on Nmap

• Nmap ("Network Mapper") is utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
• Nmap is integrated with Summit (disabled by default). It needs to be enabled manually to use Nmap discovery.
• If Nmap is not enabled, Summit uses standard discovery functionality.
• Nmap collects basic information like IP, Hostname, Ports enabled, OS, device type. After discovery, Nmap provides the information about Device Type and OS with probable percentage. For example, for a Device, it says the OS is Windows 2008 R2 with probable percentage of 80%.
• With the Nmap traceroute information, Summit derives relationship between Cis (Configuration Items)
• Using Nmap discovery information, Summit does the discovery again to collect more details like Hardware, Software, Patches, and so on.
• Nmap discovery is stored in Summit DB tables.
• Nmap Utility must be downloaded by Customer and follow instructions provided in document to use Nmap in Summit.
• Customer Security clearance to use Nmap as it does port scanning

Primary Pre-requisites

Option 1: Standard discovery

WMI

• Dedicated domain account (Details available in last section of this document.)
• All the Target Servers and Summit Proxy must be in same Domain
• The following Windows Services should be in running state in all target servers
• Windows Management Instrumentation
  • Remote Procedure Call (RPC)
  • Remote Registry
• Port Requirements o ICMP, TCP ports 135,445 and WMI Ports from Summit Proxy Servers to Target Server Note: Detailed requirement is available here last section of this document.

SNMP

• SNMP V1 / V2: Separate Read only community string must be enabled
• SNMP V3:
• noAuthnoPriv
  • Username and Password
• authNoPriv
  • Username and Password
  • Authentication Protocols MD5 or SHA (Secure Hash Algorithm).
• authPriv

• Username and Password
• Authentication Protocols MD5 or SHA (Secure Hash Algorithm).
• Encryption Protocols AES (Advanced Encryption Standard) or DES (Data Encryption Standard)
• Encryption key or password
• SNMP Service should be in running state in all target devices
• Summit Proxy IP to be allowed in SNMP service on target device
• Port Requirements
  • Summit Proxy IP to be allowed at all devices to access
  • Port Requirements

  • ICMP, SNMP Polling (Usually 161) ports from Summit Proxy Servers to Target devices

    Source IP	Destination IP	Port Number	Direction
    Summit Proxy	Device IP	ICMP SNMP (Default port:161)	Unidirectional

SSH

• Dedicated account with sudo access or root account
• Port Requirements o ICMP, SSH (Usually 22) ports from Summit Proxy Servers to Target devices
• To know how to enable Sudo Access.

Option 2: Discovery based on Nmap

• NMap Binary files
• Broadcast pings
• Commands