Asset Inventory

Service Requirements and Dependencies

  • Secure Tunnel from your Internet Gateway to ANMS VPC.
  • DNS Conditional Forwarders configured.
  • SNMPv2c/SNMPv3 supported in all network devices.

Service Overview

Aurora Networks Asset Inventory and Auto-Discovery allows you to know exactly what is on your network, how it is configured and when it changes. At a high level, the information available per asset type is:

  • Network and Security devices: Vendor, Model, IPAM Inventory, MAC Address, serial number, etc.
  • Linux-based servers: know your hardware, software, operating system settings, security settings, services, users & groups, etc.
  • Windows-based servers: know your hardware, software, operating system settings, security settings, active directory configuration, services, users & groups, etc.
  • IP Telephony: Vendor, Model, MAC Address, serial number, etc.
  • Other devices (printers, scanenrs, etc.): Vendor, Model, MAC Address, serial number, etc.

After the inventory has been built and through our customer portal you’ll be able to:

  • Get an instant summary of your Inventory.
  • Get sumamries by main asset category.
  • Check all active IT assets in your inventory.
  • Access all your Inventory data classified by Location.
  • Access your IP Addressing and VLAN Inventory.

This way, you can increase the control over your networked devices and servers and manage the software that’s used on them.

Your IT Inventory will be catalogued and easily accessible by categories: Network Devices, Servers, Workstations/Laptops, IP Telephny and Others (printers, scanners, etc.)

Our Network Inventory Service will scan your network and all your devices automatically. How often these scans are run is entirely up to you, but generally a daily scan is recommended.

Aurora Networks IT Inventory and auto-discovery intelligently scans your network and stores the configurations of the discovered devices.

Inventorying your network devices

Network devices are discovered and included in your inventory using SNMP. If using SNMPv2c, a read only community is required. In the case of SNMPv3, user credentials and encryption password are used and read-only access rights are required. SNMPv3 is preferred, when available, because the data payloads in SNMP datagrams are encrypted and therefore end-point to end-point communications (from our inventory tool to your network devices) are encrypted.

The asset discovery and inventory tools are placed in the private DMZ within ANMS VPC. SNMP polling is scheduled and executed targeting your network devices and the inventory is built after collecting and processing all received data.

At the end of thie SNMP polling process the inventory tool will store all this data in its backend database and all the inventory details is available in the customer portal right after that.

../_images/anms_asset_inventory_snmp.png

All discovered network devices are classified and labelled according to their type, including:

  • Rrouters.
  • Switches.
  • Firewalls.
  • WAPs (Wireless Access Points).
  • Load Balancers.
  • NAS (Network Attached Storage).
  • Network IDS/IPS (Intrusion Detection/Protection Systems).
  • SAN (Storage Area Network).
  • VPN Servers.
  • WAN Accelerators.

Inventorying your servers

Servers Inventory is based on a local script that needs to run in each server. This action can be easily included as a cron job (scheduled task) and, like in the case of the SNMP polling of network devices, its frequency can be adjusted as required. Our recommendation is to include this task as a start-up script that’ll be executed every time the server boots up.

../_images/anms_asset_inventory_servers.png

The script requires read-only access to a bunch of system settings and variables (or registry keys in the case of Windiows ssystems) and it has very little impact (if any) in server performance. On average, it takes around one minute for the script to gather all this system settings and send out the results to our inventory tool. The script will be executed in the background and does not require any user/administratior interaction whatsover.

At the end of this process an XML file is generated and pushed out to the inventory tool via REST API. The inventory tool will store all this data in its backend database and all the inventory details is available in the customer portal right after that.

At a high level, inventorying your servers will allow you to get an instant access to:

  • Server General Settings: Hostname, Operating System and Version, Serial Number, etc.
  • Hardware Inventory: Motherbboard, Bios, HDs, etc.
  • IP Subnets and Network Interface Cards.
  • Static Routes.
  • Active Directory Settings (Windows Only)
  • Windows Domain/Workgroup, Domain Role, Active Directory OU, Shared Drives.
  • System Services and Installed Software
  • System Services and Status. Software Inventory.

Running Audit Script at start-up

As mentioned earlier our recommendation is to include the invenroty script as a startup task.

In the case of windows systems and using group policies this setting can be easily configured for all the servers in your environment:

Open Server Manager and select Tools –> Group Policy Management. Edit desired domain policy. Go to Computer Configuration - Policies - Windows Settings - Scripts (Startup/Shutdown)

../_images/audit_script_1.png

Double click on Startup (right panel):

../_images/audit_script_2.png

Add script:

../_images/audit_script_3.png

Browse files:

../_images/audit_script_4.png

And find your audit script:

../_images/audit_script_5.png

NOTE: By default, scripts are stored and shared in a network path that looks like this:

\mycompany.comsysvolmycompany.comPolicies{31B2F340-016D-11D2-945F-00C04FB984F9}MACHINEScriptsStartup

Inventorying your IP Telephony

This process is similar to the way your network devices are discovered.

Other devices (printers, scanenrs, etc.).

This process is similar to the way your network devices are discovered.

Firewall Rules

Inventorying your IT infra requires bi-directional communication between our VPC in AWS and your own environment. The table below summarises all the required TCP/UDP flows, where “Inbound” means traffic ingressing your premises and “Oubound” means traffic leaving your premisses:

Source Destination Protocol Port Direction
ANMS Inventory Tools Your Network Infra UDP 161 Inbound
ANMS Inventory Tools Your IP Telephony UDP 161 Inbound
ANMS Inventory Tools Other Managed Assets UDP 161 Inbound
Your Servers Infra ANMS Inventory Tools TCP (HTTP) 8080 Outbound
Your WKST/Laptops ANMS Inventory Tools TCP (HTTP) 8080 Outbound

If your perimeter firewall is a NextGen Firewall, application control and specific URL enforcement (for the REST API) can also be added in your rulebase.

Integration in the customer portal

The customer portal delivers a rich and easy to use portal for your IT Inventory.

Interactive dashboards provide instant visibility into the summary of network and systems inventory.

  • Network Infra Summary:
../_images/asset_inventory_network.png
  • Servers Infra Summary:
../_images/asset_inventory_servers.png
  • Run search based on asset type and location:
../_images/asset_inventory_search.png
  • Network device details:
../_images/asset_inventory_network_device.png
  • Server details:
../_images/asset_inventory_server1.png
  • Software Inventory:
../_images/asset_inventory_server2.png