Skip to main content

Launch network discovery

Step-by-step

1. The discovery network task can be executed manually or automatically:

1.1. By clicking the "Start now" button, the process will be launched manually at the current moment.

1.2. If the schedule option is enabled, the task will be launched at the schedule defined. You can configure it on the Scheduled task page as well. 

The discovery process is multithread. To discover the host of the network, Soffid launch from 1 to 20 threads, with that configuration Soffid get to optimize the discover process.

Soffid will show the information about the result of the process when it has finished.

Network discovery process

On the Network dicovery page there are two different servers to configure, the first one, the server to connect (located next to the network attributes), the second one, the server to discover (located on the schedule section). 

Communication between these servers is always encrypted with certificates on both sides.

2021-08-24_12-59.png

 

The server to discover

That server is in charge to scan the network to discover the hosts of the network. For each host discovered, the Nmap utility gets the info about the ports and the protocols used. Also, that process gets the IP Address and the operating system.  All the recover information will be saved on Soffid database.

If no server to discover is selected, to execute that process, Soffil will use on of the principal sync servers installed and configured.

The server to connect

When the server to discover discovers a host and gets the info, then the server to connect attempts to connect to the host using the accounts defined on the accounts to probe list.

If the server to connect can not connect to the host, it will attempt with the next host discovered.

If the server to connect gets to connect to the host, then it will create automatically a Soffid agent with the proper attributes and connector parameters, also with the necessary account metadata.

Then, the reconciliation process of the created agent, will be launched and it will try to recover the information about the accounts defined on the host. Also, it will try to recover the information about the account protected services. The recover information will be saved on Soffid database.

The next step will be to create, in the possible cases, a new entry point to the host with the basic attributes, and the proper executions to run it. That entry point will display on the Application access tree page.

If no server to connect is selected, Soffid will use the same sync server used to the discover process.

 


https://en.wikipedia.org/wiki/Nmap