AutoDiscovery is an additional ASMS component, layered over AppViz, which enables you to discover business service flows directly from your network and import them into AppViz.
AutoDiscovery is managed, licensed, and installed separately from ASMS. To use AutoDiscovery, ensure that your ASMS license includes support for AutoDiscovery.
AutoDiscovery server architecture
The following image shows how to the AutoDiscovery sensor captures network traffic between computers across the network and sends traffic data to the AutoDiscovery server.
- The AutoDiscovery sensor collects traffic from your network, including statistical data using NetFlow/SFlow methods, simulated/mirrored packets, or direct traffic. For more details, see Traffic collection options.
- The AutoDiscovery server creates business service maps, hosts the AutoDiscovery web client, and communicates with ASMS.
Note: Each AutoDiscovery installation provides a server and a single sensor, which usually supports statistical data collection or simulated/mirrored packet collection.
To collect traffic directly, you may need to deploy additional sensors throughout your network. For more details, see Install AutoDiscovery sensors.
Deploy the AutoDiscovery server
The AutoDiscovery server is available as a CentOS-based virtual appliance in OVF format. This procedure describes how a system administrator can deploy a AutoDiscovery server.
The server installation provides an Apache Tomcat server, a PostgreSQL database, and a single sensor.
Do the following:
-
Verify that your AutoDiscovery machine complies with the system requirements. For details, see AutoDiscovery system requirements.
Note: Your AutoDiscovery machine is a separate machine from your main ASMS or AFA machine, and has different specifications and requirements.
- On the AlgoSec portal, navigate to Downloads > Software > AlgoSecAutoDiscovery.
-
Do one of the following:
New installation- Select New Installation - Select Deployment Type > VMWare.
- Select A30.10 to install the AutoDiscovery version relevant for ASMS A30.10.
-
Click Next, and then click the Download button next to the AutoDiscovery Server - OVF (VMWare) option.
Save the AAD-ServerOvf.zip on the AutoDiscovery server.
-
Extract the downloaded file, and deploy the virtual appliance to a virtual Linux machine.
Upgrade- Select Upgrade (All Deployments).
-
Select A30.10 to upgrade to AutoDiscovery A30.10.
-
Click Next, and then click the Download button next to the AutoDiscovery Upgrade - RPM (VMWare) option.
Save the downloaded .rpm file on your virtual Linux machine.
-
Use the downloaded .rpm file to upgrade the server installation. For example:
rpm -U AutoDiscoveryServer-A30.10.x86_64.rpm
Each server installation or upgrade comes with a local sensor.
-
After completing the installation, configure traffic collection from your network. For example, do the following:
- Configure NetFlow collection in VMware VSphere.
-
Direct the NetFlow output to the AutoDiscovery server, which has a local sensor installed.
Tip: You may have other traffic collection methods planned, using additionally installed sensors. For more details, see Traffic collection options and Install AutoDiscovery sensors.
AutoDiscovery system requirements
The AutoDiscovery default and recommended installation provides both an AutoDiscovery server and sensor.
The AutoDiscovery server must be deployed to a Linux VMWare server with the following specifications:
| VMWare version |
AutoDiscovery can be deployed on virtual machines that use VMWare ESX versions 5.5 and higher. |
| Minimum hardware requirements |
Minimum hardware requirements for the AutoDiscovery server include:
Note: These specifications are appropriate for PoC installations and environments with low traffic levels only. |
| Recommended hardware requirements |
Recommended hardware requirements for the AutoDiscovery server include:
Note: These specifications are appropriate for production environments with a rate of up to 2000 transactions per minute. |
| Networking requirements |
|
If you are deploying additional sensors, system requirements for the sensor installations may depend on the traffic collection method. For more details, see Traffic collection options and Install AutoDiscovery sensors.
Tip: If you have issues decoding HTTP(s) because the certificate is unavailable, we also recommend using the sensor installed together with the AutoDiscovery server instead of installation additional sensors.
AutoDiscovery required ports
The following image shows the traffic between the AutoDiscovery components.
Traffic between AutoDiscovery components uses the following ports:
- TCP/9545. From the AutoDiscovery to each sensor configured.
- TCP/9543. From AppViz on the ASMS machine to the AutoDiscovery server.
- TCP/9443. From the AutoDiscovery web client component to the AutoDiscovery server.
Traffic collection options
AutoDiscovery can collect traffic using statistical capture with NetFlow/SFlow methods or full capture.
Tip: You can also configure AutoDiscovery to use multiple methods, with or without direct collection, to create the collection methods that work best for each part of your network.
We recommend using statistical capture with NetFlow/SFlow methods for high traffic systems. System requirements for the AutoDiscovery sensor may differ depending on the traffic collection options you configure.
| Statistical capture |
Statistical capture is quicker as it passes a summary of the traffic instead of the full content. Additionally, statistical capture usually does not need additional sensor installations other than the default sensor installed with your AutoDiscovery server. Note: AutoDiscovery supports NetFlow/SFlow using the VSphere Enterprise Plus edition. For more details, see NetFlow system configuration requirements. |
| Full capture |
Full capture collects more details about your traffic, and may require additional sensor installations. For more details, see Install AutoDiscovery sensors. |
For more details, see Statistical vs. Full Capture.
Note: Regardless of your configuration, configure a physical router or switch, or a Virtual Distributed Switch, to direct traffic to your sensor. For more details, see the documentation for your router or ESX or NetFlow/SFlow packet broker.
The following table compares the traffic collection features available for statistical capture using NetFlow/SFlow or full capture:
|
Feature |
NetFlow/SFlow |
Full Capture |
|---|---|---|
|
Discovery of business service maps based on a server/port entry point |
Yes |
Yes |
|
Change detection and change alerts |
Yes |
Yes |
|
Business service dependencies |
Yes |
Yes |
|
Subnet dependencies |
Yes |
Yes |
|
Activity monitoring |
Yes |
Yes |
|
Topology view |
Yes |
Yes |
|
Identification of SSL certificate expiration dates |
No |
Yes |
|
Identification of database (schema) names |
No |
Yes |
|
Identification of URLs |
SFlow only |
Yes |
|
Monitoring of failed connections in business services |
No |
Yes |
|
Identification of web server type |
No |
Yes |
|
DNS name resolution using captured traffic, without the need to access a DNS Server from AutoDiscovery Server. |
No |
Yes |
|
Large scale deployments |
Yes |
More complicated |
|
Support for ESX inner traffic |
Only for enterprise plus edition |
Promiscuous mode |
When using NetFlow:
| NetFlow version support |
|
| Traffic ports |
|
| Separate server and sensor |
|
Yes 
No 
