Infrastructure discovery is the process of identifying and tracking all hardware, software, and virtualized assets enterprises operate at their data centers. Companies are adopting hybrid cloud infrastructures, including public cloud workloads, to drive digital business initiatives. IT teams now manage a vast, sprawling array of assets, many of which they may not know about. In addition, enterprise infrastructures change constantly as devices are added, subtracted, and changed. IT teams use infrastructure discovery to develop and maintain an accurate inventory of all assets and changes so that they can achieve strategic goals, streamline operational processes, and improve infrastructure stability and security.
This article covers:
- Reaping the benefits of data center infrastructure discovery and visibility: Developing and updating a comprehensive inventory of all assets enables teams to improve infrastructure visibility, asset management, troubleshooting, capacity planning, and regulatory compliance.
- Ensuring effective infrastructure discovery: Discovering infrastructure involves identifying assets and mapping network connectivity and dependencies. Many companies use a configuration management database (CMDB) to accomplish these tasks.
- Deciding which methodology to use: Teams can use agent-based or agentless discovery processes, which have different pros and cons. Most use both to identify and track all assets.
- Surmounting the challenges of infrastructure discovery: Dynamic and evolving IT environments introduce scalability issues and security concerns teams must address. In addition, teams must ensure data is accurate and complete.
- Implementing best practices: To make data center infrastructure discovery a core competency, teams are conducting regular audits and reviews, automating key processes, collaborating across teams, documenting and standardizing processes, and integrating discovery with change management processes.
- Navigating security considerations: Infrastructure discovery data is sensitive, so teams should encrypt it, implement role-based access controls, and monitor data usage. Using an on-premises discovery solution also enables IT teams to maintain data sovereignty.
- Seizing the potential of future trends: Leading software providers are integrating artificial intelligence (AI), machine learning (ML), and automation into infrastructure discovery tools. In addition, edge computing is increasing discovery challenges by extending infrastructure footprints.
By reading this article, teams will understand why to make infrastructure discovery a strategic priority, how to do it, and how to ensure this practice keeps pace with business and network growth.
Benefits of Effective Infrastructure Discovery
As infrastructures have grown, most companies have traded manual processes for automated ones. They use next-generation CMDBs to discover all infrastructure, map network connectivity and dependencies, and track configurations and changes over time. The following case studies demonstrate how effective infrastructure discovery processes enable organizations to improve core processes:
- Improving visibility: With automated infrastructure discovery, teams gain real-time visibility into their IT environment: what devices they have, where they are located, and what their current condition is. They can also easily identify network connectivity paths and dependency mapping, developing a holistic view of how devices support applications and services. With this intelligence, IT teams can make strategic decisions about new IT investments, modernizing application portfolios, virtualizing systems, nas strengthening service quality.
The Information and Communications Technology (ICT) Department at Imperial College London manages a hybrid infrastructure that encompasses onsite data centers and colocation facilities, supporting private clouds, high-performance computing environments, blade platforms, and rack-mount servers; SaaS providers; and multiple public cloud providers, providing PaaS, IaaS, and services, running anything from VMs to containerized applications, function applications, and databases.
- The team deployed Device42, a leading CMDB, to create visibility into this complex and ever-growing environment. “We use Device42 to discover an inventory of everything that sits inside our data centers, colocation facilities, and in the cloud,” said Andy Lax, Head of Tooling. “We also use it for inventory, asset management, data center management, and power management.”
- Improving asset management: Companies spent 5% to 19% of their annual revenues on technology in 2023. IT leaders want to ensure that their firms reap substantial value from these investments.
With infrastructure discovery, IT teams identify and track all hardware, software, and virtualized assets and cloud services and their connections. They can then use this detailed data to decide which vendor accounts to expand or terminate, maximize warranties and discounts, and decommission little-used assets. In the event of vendor disputes, teams can provide up-to-the-minute reporting, defending their counts of hardware and software to avoid unnecessary spending.
The IT team at a large U.S. hospital system used infrastructure discovery to settle a vendor dispute. As the team navigated the final steps of their annual Microsoft licensing process, Microsoft questioned the total server numbers and operating systems.
Microsoft’s proposed true-up far exceeded the hospital’s budgeted overages. The IT team used Device42 to quickly confirm how many Windows Server systems were in use, their version, CPUs, and core counts, avoiding any increase in spending. They also leveraged automated discovery to understand how many Windows Servers and Cores were allocated to a given hypervisor host to increase the use of virtualization and drive down costs.
- Enhancing troubleshooting capabilities: When IT issues occur, IT service management (ITSM) teams are on the clock to resolve them. These teams must focus on productive work, such as identifying and resolving issues, rather than gathering basic device information.
Automated infrastructure discovery processes pre-populate IT asset management (ITAM) and CMDB solutions, providing a wealth of information ITSM teams can use to troubleshoot IT issues, identify root causes, and prevent their recurrence. They can see device owners, users, the latest changes and configurations, and other vital data that they can use to speed the mean time to resolution.
One of the world’s largest car manufacturers was experiencing two critical IT incidents on average per month, which took about one hour to identify and fix. The IT team deployed Device42 to streamline incident management, improving resolution timeframes by 30%.
- Facilitating capacity planning: Many organizations are experiencing fast-paced business growth, increasing the need for capacity planning. IT teams create a capacity planning strategy that ensures that their organization’s current and projected resources will satisfy the workload demands of users, customers, and clients. IT teams consider six key disciplines as they plan new capacity: power and cooling, white space, networks, and data storage requirements and energy efficiency and sustainability goals.
Automated infrastructure discovery helps IT teams plan capacity by identifying all current resources, mapping past growth over a specified period, and projecting future needs. In addition, identifying overutilized and underutilized resources can help teams decide which areas need spending — and which don’t.
Leading CMDBs may also provide integrated data center infrastructure management (DCIM) capabilities, which offer visibility into real-time power consumption.
Teams can use this data to plan more efficient use of energy and cooling resources.
- Ensuring regulatory compliance: CMDBs map all assets and upstream and downstream dependencies, enabling teams to evaluate how data is used, stored, and transmitted. This information helps organizations meet a wide array of industry and regional regulations and standards, such as the FedRamp in the federal government, HIPAA in healthcare, PCI for commerce, and SOX for financial services; General Data Protection Regulation; and CIS Controls, ISO 27000, and relevant NIST standards. By using infrastructure data, teams can identify and address security weaknesses or process violations, ensure covered data maintains continuous compliance, and easily report to executives, customers, and regulators.
A large regional bank needed to provide data and reporting for an audit by the U.S. Federal Deposit Insurance Corporation (FDIC) to keep its FDIC-insured status after a merger. The bank’s IT organization needed to document network assets, where they were located, how they connected, and how they interacted for the audit.
The bank used Device42 to tag all assets that use or store personally identifiable information, credit cards, and other sensitive data, generating a report with this critical information. As a result, the team was able to provide reporting to the regulator and close the audit findings within 90 days.
Key Components of Infrastructure Discovery
CMDBs also map network connectivity, visually depicting all devices that are physically and logically linked to the corporate network. These diagrams help IT teams plan work, break down large tasks into simpler ones, and more easily identify faults.
With CMDB dependency mapping, teams identify upstream and downstream connections between applications, services, and devices. As a result, teams can use this data to identify the impact of changes and moves, confidently retire or consolidate assets, and determine the impacts of resource bottlenecks.
CMDBs also track changes and configurations, enabling teams to plan maintenance work and upgrades, quickly see which work has been done, and roll back changes in the event of performance issues. A CMDB tracks configuration items (CIs), an ITIL term that means any component an organization needs to manage to deliver an IT service. This broad term covers many items, including personnel; hardware, software, virtualized, and cloud assets; application versions; facilities; and documentation. However, while almost everything is trackable, not all this data should be. IT teams should identify and track configuration items that contribute to organizational decision-making and can be maintained.
Methodologies for Infrastructure Discovery
There are two primary ways to discover infrastructure: agent-based and agentless discovery. Most organizations use a combination of these processes.
- Using agent-based discovery: IT teams identify assets they want to track with this process. Then, they install code on machines that run autonomously, collect inventory information, and transmit it to an infrastructure discovery tool, such as a CMDB. Since the agent is on the machine, it is easy to schedule discovery and keep data up-to-date.
Agent-based discovery methods are less popular than agentless processes because they must be managed and updated and can impact resource performance. However, agent-based discovery processes may be necessary if target network segments are segregated or remote, network connectivity to the discovery tool or device is unavailable or unreliable, or security policies don’t allow remote data collection on key resources. In addition, teams may elect to use agent-based discovery processes if they need to collect in-depth information on an application because of its criticality.
- Relying on agentless discovery: Automated agentless discovery processes use a central management server that connects to remote operating systems. Then, the CMDB collects data using industry-standard protocols, such as SNMP, SSH, and WMI, or manufacturer protocols. The CMDB queries the operating systems and extracts resource information. These tools work in the background to collect data, minimizing impact on network resources, and then populate tools like CMDBs with the data. Agentless discovery processes use various techniques to discover network devices’ physical and logical components, relationships, and interdependencies. However, they provide less information than agent-based processes.
Do a deep dive:
In practice, most IT teams use both agent-based and agentless approaches to discover all infrastructure, using the approach that best meets their needs for depth of information, performance impacts, security, and other considerations. For example, Device42’s CMDB solution uses 12 techniques to discover all customer devices across the hybrid cloud.
Teams can also choose whether to schedule routine or continuous discovery. They may want to schedule agent-based discovery processes to gain more specific data but opt to discover most of their infrastructure using agentless processes that require less management. By using continuous discovery, teams gain a more complete understanding of hybrid cloud infrastructures and identify changes as they are made.
Challenges with Infrastructure Discovery
Tracking infrastructure and changes have become more challenging in recent years. As companies digitize, networks expand from core to cloud to the edge, creating a dynamic and evolving IT environment. While companies may standardize equipment in data centers or at facilities, edge computing sites may defy these efforts. They’re often located far from corporate headquarters, may place compute in areas not set up for technology, and use diverse equipment.
As a result, IT teams are grappling with several issues. They must ensure that discovery processes can scale with business growth, ensure the security of valuable discovery data, and determine that infrastructure data is accurate and complete.
Best Practices for Effective Infrastructure Discovery
By following these best practices, IT teams can ensure that they have set up effective, scalable infrastructure discovery processes and can easily communicate processes and decisions to key stakeholders.
- Conduct regular audits and reviews: IT teams will want to work with other key stakeholders, including IT operations, ITSM, security, and regulatory compliance, to ensure that data is accurate and complete. They can accomplish this goal by regularly auditing data and processes and reviewing planned data improvement programs to ensure they’ve accomplished their goals. Auditing can also detect unauthorized access to — and changes — of discovery data, enabling teams to move rapidly to regain control over data and update it to ensure its integrity.
- Automate discovery processes: To keep pace with infrastructure growth and change, IT teams should automate processes and opt for continuous discovery. They can use this helpful seven-step process to get started with automating discovery using Device42.
- Document and standardize processes: IT teams should meet with key stakeholders to finalize infrastructure discovery data collection, review, and approval processes and determine who can view, access, and change data. They should also standardize processes by determining which discovery processes are used and in which order; how to correct duplicative, incomplete, or inaccurate data; how data is reported; and who receives updates. For example, teams can enforce standard naming conventions, formats, and relationships to make collecting, updating, and comparing data easier.
- Ensure cross-functional collaboration: As part of the documentation processes, IT teams should create a stakeholder inventory and determine each group’s requirements vis a vis infrastructure discovery. For example, IT teams may use discovery data for planning, while operations professionals use it to plan and execute changes and configurations. ITSM teams may need on-demand access to all CMDB data to troubleshoot and solve problems. Security will use data to identify gaps and weaknesses and maintain devices with patches and upgrades. Finally, compliance teams want to audit processes to ensure the company meets industry and customer regulatory requirements for data privacy, security, and other requirements.
- Integrate with change management processes: Many organizations use the Information Technology Infrastructure Library (ITIL) framework to organize and streamline change management to improve service quality. The ITIL service value stream process includes six steps: plan, improve, engage, design and transition, obtain and build, deliver, and support.
CMDB infrastructure discovery processes provide invaluable data for these six steps, enabling teams to accurately plan and execute initiatives, roll out changes and configurations, assess their impact, and report progress.
Security Considerations with Infrastructure Discovery
Here are some best practices for securing infrastructure discovery data.
Infrastructure discovery data is worth its weight in gold. It provides a living legend of all the devices a company owns, where they are, what they’re connected to, and all of the changes and configurations performed on them. If they gained access to this information, malicious parties could easily understand the corporate network design, where the vulnerabilities are, and which applications and storage devices use or maintain sensitive data.
- Choose an on-premises solution: SaaS CMDB tools provide the latest software and features. However, customers don’t have data sovereignty and are exposed to provider security risks. With the recent ServiceNow breach, a researcher found that up to 70% of customer accounts were at risk for data extraction.
Device42 is an on-premises solution, enabling users to maintain ownership and control over their data. Companies can better assure data security, protecting valuable infrastructure data from unauthorized access.
- We recommend that Device42 be deployed on private networks that are not viewable or accessible to outside users. IT teams can further obfuscate the main appliance by configuring a proxy for any outbound HTTP/HTTPS connections. The main appliance will still be able to connect to other SaaS solutions via its cloud connector.
- Encrypt and backup discovery data: All discovery data should be encrypted to prevent accidental or malicious discovery. It should also be backed up to be easily recoverable at any point due to data corruption, access issues, or other problems.
- Implementing strong security practices: As they set up their CMDBs, IT teams should immediately change default passwords and set up role-based access controls, determining who can view, access, and change data. IT teams should regularly review roles and remove users who no longer need access or have left their company. These secrets should be stored in a password vault using AES-256-bit encryption with burnt secrets, meaning that passwords can’t be retrieved.
- Monitor and audit discovery tools: IT teams should regularly audit who has accessed CMDB data and security processes. By doing so, they can ensure that only authorized users can view infrastructure discovery data and perform predetermined tasks. In addition, IT teams can identify any security gaps that need to be closed, such as forcing the reset of old or weak passwords.
Future Trends in Infrastructure Discovery
Infrastructure discovery practices are evolving with technology and network advancements. Leading CMDBs leverage AI-powered automation to enable continuous self-discovery of all devices wherever they reside. This capability simplifies end-to-end IT processes, including planning, monitoring, maintaining, and upgrading IT networks and devices.
AI also helps enrich discovered data, reducing the time and effort teams spend correcting and validating CMDB data. This process is anonymous, ensuring customer data is not exposed as it is enriched.
Teams can also use AI to identify patterns in CMDB data, providing valuable insights that IT teams can use to make better decisions and reduce operational costs. For example, Device42’s AI-powered engine discovers all resources and apps, creates a directory, and delivers a cost analysis recommending which apps to move to the cloud. The AI engine further recommends which cloud is best suited for each app.
Building the Infrastructure of the Future
IT teams today are evolving corporate networks to take advantage of new capabilities powered by advanced technology, including AI, automation, and edge computing.
Deploying a next-generation CMDB that offers both agent-based and agentless discovery, mapping network connectivity and dependencies, and moving to a continuous discovery model can increase IT teams’ visibility and control. With new data and insights, IT teams can make the best decisions for their companies, improving scalability, security, and data accuracy.