How to limit the Discovery Scope
a question that comes up very often is how to limit the discovery scope. JDisc Discovery has been designed to find as many devices as possible. A while ago, we have created a blog entry which discusses what the scope of a discovery actually is. Refer to this blog entry for a quick review. In essence, it is important to understand, that the devices being scanned can be outside the configured ping ranges.
Actually, JDisc Discovery has several ways to find devices indirectly by scanning other devices. Some of them are related to virtualization, but some of them also to dependencies or pyhsical or logical connections. And of course, those indirectly connected devices can virtually be anywhere on the LAN.
- we get information about all ESX servers, all VMs when scanning a VMware VCenter installation
- we get information about client computers connected via RDP to a server which is being scanned
- we get information about actual servers which are part of a blade center when scanning the blade chassis
- we gather information about devices connected via TCP/IP ports to the scanned server
- we can get IP addresses of devices when reading the ARP caches from routers
- and possibly more options being added over time…
While that might be great, if you would like to scan as much as possible, you might have issues when you would like to scan only a well defined network. Unfortunately, the options to disable scanning devices out of the configured ping ranges are spread over different configuration screens. We have ideas on how to improve that and we’ll definitely implement some help on that in the future.
But as for now, you have to disable the options within the following panels:
The general settings tab includes some options about how to deal with domain or dns servers found when scanning a device. Disable the marked options in order to disable scanning DNS server or domain controllers as they are identified when scanning a server.
Data Collection Settings
There are several options within the data collection tab which are used to identify related devices. Disable the selected options:
Disable the marked options in order to avoid scanning related devices. The Dependency Mapping section is only available if the Dependency Mapping Add-On is installed.
Data Collection – Virtualization
The virtualization tab has many settings about how to scan virtual environments. Remember, that we can get information about all ESX servers and virtual machines when scanning the VCenter installation. The ESX servers or virtual machines might be outside the configured networks. And also keep in mind, that you will not get the relationships between the VCenter, the ESX servers and the VMs when you disable this option!
If you would like to gather those relationships, then you’d need leave the options enabled and define a IP filter which excludes devices outside your scope.
Use the Filters tab and create an IP based filter in order to exclude IP ranges not in scope!
Hope that helps to answer some of the questions you might have regarding the scope.