Fortinet Document Library

Version:


Table of Contents

User Guide

21.4.0
Copy Link

Discovery

What does discovery do?

To make device management easier and to automate bulk operations, NCM uses a discovery mechanism.

The discovery mechanism works in stages:

- Detect available connector

All available ports for all enabled connectors are checked.

Secure connectors are always preferred to insecure connectors.
For example, if a device is available over both Telnet and SSH, SSH will be used.

- Detect credentials

Credential discovery works differently depending if the device is set to "Discover" credentials, or has "Bound" credentials.

If credential discovery enabled:
  All credentials configured in the 'Credentials' settings are checked against the device.
  Credentials are checked against the device in random order.

  Whichever credentials work on the device first will be used for any future operations with this device.

When credentials bound to device:
  Only bound credentials are tested against the device
  If bound credentials do not work, the job fails

- Detect device vendor and model

After correct connector and credentials are known, NCM discovers the device.

The Vendor, Type and Model of the device is discovered.

- Detect available CLI modes on the device

After NCM knows exactly which device it's working with, it discovers available CLI modes (enable / configure mode - for example "privileged exec" and "configure" on Cisco).

When is Discovery performed?

- Device addition into the system

The discovery mechanism is what makes only the address of the device required when adding a new device into NCM.
NCM will automatically discovered everything else about the device.

- Import

When 400 devices are imported into NCM, NCM will automatically discover all the necessary details about each of the devices, and start backing them up automatically.
If proper connectors and credentials are configured, no additional steps other than importing the devices are needed.

This saves time for the administrators, and automates the work-flow.

- Scheduled backups

NCM performs a discovery before each scheduled backup.
This is to make sure NCM knows current information about the device (connector, credentials, vendor, model, etc.).

The discovery before backup is necessary to make sure NCM doesn't user wrong commands on the device.
In certain situations (ex. when a device is changed for another device) it's possible commands to generate backups on some vendors can actually cause configuration changes for other vendors.
Due to this (and other edge-cases) NCM does a discovery before every backup.

- Credential changes

Discovery mechanism will also be used if any device operation fails.
For example, if credentials which were previously used on a device are no longer valid on that device, NCM will re-run discovery.

This means that if credentials used on 400 devices need to be changed, the only change needed in NCM is to reconfigure the credentials in 'Credentials' settings.
Discovery mechanism will take care of the rest.

- Device hardware changes

Discovery will automatically be re-run when device hardware change is detected.
For example, when a Cisco device is replaced with a MikroTik, or a HP device with an UBNT device, NCM will handle this automatically.

This means that if devices are changed around the network, NCM will automatically adjust to the situation, without the need for user interaction.

How to find out why device didn't discover?

There are 2 places in NCM where you can see why discovery failed.

  • Dashboard > Latest failed jobs
    You can select the discovery job, and press 'Show log'.

  • Logs
    '/var/log/NCM' or 'C:\ProgramData\NCM\log'

If you can't identify why you device didn't discover properly from either of these, feel free to contact support.
We will always be happy to help with any issues.

Discovery

What does discovery do?

To make device management easier and to automate bulk operations, NCM uses a discovery mechanism.

The discovery mechanism works in stages:

- Detect available connector

All available ports for all enabled connectors are checked.

Secure connectors are always preferred to insecure connectors.
For example, if a device is available over both Telnet and SSH, SSH will be used.

- Detect credentials

Credential discovery works differently depending if the device is set to "Discover" credentials, or has "Bound" credentials.

If credential discovery enabled:
  All credentials configured in the 'Credentials' settings are checked against the device.
  Credentials are checked against the device in random order.

  Whichever credentials work on the device first will be used for any future operations with this device.

When credentials bound to device:
  Only bound credentials are tested against the device
  If bound credentials do not work, the job fails

- Detect device vendor and model

After correct connector and credentials are known, NCM discovers the device.

The Vendor, Type and Model of the device is discovered.

- Detect available CLI modes on the device

After NCM knows exactly which device it's working with, it discovers available CLI modes (enable / configure mode - for example "privileged exec" and "configure" on Cisco).

When is Discovery performed?

- Device addition into the system

The discovery mechanism is what makes only the address of the device required when adding a new device into NCM.
NCM will automatically discovered everything else about the device.

- Import

When 400 devices are imported into NCM, NCM will automatically discover all the necessary details about each of the devices, and start backing them up automatically.
If proper connectors and credentials are configured, no additional steps other than importing the devices are needed.

This saves time for the administrators, and automates the work-flow.

- Scheduled backups

NCM performs a discovery before each scheduled backup.
This is to make sure NCM knows current information about the device (connector, credentials, vendor, model, etc.).

The discovery before backup is necessary to make sure NCM doesn't user wrong commands on the device.
In certain situations (ex. when a device is changed for another device) it's possible commands to generate backups on some vendors can actually cause configuration changes for other vendors.
Due to this (and other edge-cases) NCM does a discovery before every backup.

- Credential changes

Discovery mechanism will also be used if any device operation fails.
For example, if credentials which were previously used on a device are no longer valid on that device, NCM will re-run discovery.

This means that if credentials used on 400 devices need to be changed, the only change needed in NCM is to reconfigure the credentials in 'Credentials' settings.
Discovery mechanism will take care of the rest.

- Device hardware changes

Discovery will automatically be re-run when device hardware change is detected.
For example, when a Cisco device is replaced with a MikroTik, or a HP device with an UBNT device, NCM will handle this automatically.

This means that if devices are changed around the network, NCM will automatically adjust to the situation, without the need for user interaction.

How to find out why device didn't discover?

There are 2 places in NCM where you can see why discovery failed.

  • Dashboard > Latest failed jobs
    You can select the discovery job, and press 'Show log'.

  • Logs
    '/var/log/NCM' or 'C:\ProgramData\NCM\log'

If you can't identify why you device didn't discover properly from either of these, feel free to contact support.
We will always be happy to help with any issues.