Your IT documentation should be based on a sound and current data basis. For this reason, you first need suitable inventory and configuration data for your IT systems that must have a sufficient quality. This data will be stored in a so-called CMDB. Without a software program that supports you in this task, it would be hard to gather all this data because it requires more than just documenting a serial number and the associated device name. The information to be inventoried includes the exact configuration of your system, a precise summary of the installed software and patches, the configured users and security groups. If you are dealing with just a handful of computers, you might be able to gather all this data manually. But how can you make sure that the data is up-to-date? Because after all, this is what counts. A documentation has little or no value if the information it contains is obsolete or wrong.
For this reason, you need software support. In fact, there are different software manufacturers who provide this functionality. Docusnap excels, however, because it allows you to further process the scanned inventory data. Documentation is not just about collecting data, but focuses on relating and evaluating them.
For nearly every networked device, it is possible to query configuration and status information via the network. Standard procedures and protocols exist for this purpose, and depending on the product to be inventoried, different procedures are used. Thus, Microsoft use their WMI functionality to perform extensive queries of the operating system. Of course, this is only possible if the required authentication data is available. Another protocols is for example SNMP which is available in different versions. Always remember to enable these features in your devices and to configure them properly. For safety reasons, these features might have been disabled by default. What we want to avoid is that you create security gaps in your network only because you are documenting your IT landscape with our product. It must be mentioned, however, that a somewhat secure operation is only possible with SNMP v3.
You will find that the inventory scans query much more data than you would be able to see in the corresponding consoles. For instance, an Active Directory database contains much more information (that Docusnap will query) than you can view by default via the management console.
Inventory of isolated systems
Does your IT landscape comprise systems that are not connected to the network? Well, these devices should not be omitted from the documentation. These are indeed especially important because security aspects are often the reason why they have been isolated from the network. Systems that are not or only insufficiently connected to the network can be scanned with Docusnap by using a special script. This script runs on the very system and returns an xml file with the scan results. This file must then be imported into the Docusnap database. This procedure will ensure that you are really documenting all devices as comprehensively as possible.
And in case a device cannot be scanned at all, you can still create a manual entry for it in Docusnap. While this entry will not be as comprehensive as when produced by a scan, it can still be included in the IT documentation like all the others and will not fall into oblivion. You will hardly find a server cabinet or air conditioning device that has a network connection.