IT Documentation - The Blog

Fine-Tuning the Inventory by Using MIBs

December 4, 2014

When performing inventory scan jobs, the Docusnap documentation tool always reads a variety of data from the relevant IT systems. For this purpose, the application has built-in modules that are capable of using standard interfaces to read operating system or application data. However, if you are employing devices that can only be read via the SNMP protocol, only a small quantity of device information can be collected by default. These devices are for example printers, switches, or routers. For a complete IT documentation, however, more comprehensive information would be desirable for these devices, too.

Adding manufacturer-specific information

For this reason, some manufacturers offer proprietary Management Information Base (MIB) files. MIBs allow you to retrieve more manufacturer-related and device-specific information from the IT systems, using the SNMP protocol. The result is a more comprehensive inventory of these devices, and thus a higher quality of your IT documentation.

In Docusnap, it is quite easy to integrate these manufacturer MIB files. Under Management / Inventory, you can import additional MIB files and link them to the desired device categories. For more details on how to do this, please refer to the Docusnap User Manual. Since this feature uses standard network management functionality, you will not have to worry about potential network problems that might be caused by inventory scans. The procedure itself is proven.

A single solution for a variety of network devices

This feature is beneficial for the inventory of many devices in the network. If the manufacturer does not provide specific MIB files, you will have to make do with the inventory of some standard values. In these cases, Docusnap will use the standard out-of-the-box MIB files which are installed with Docusnap. Some manufacturers make their MIB files available for download from the Internet. In addition, there are Internet portals from which you can download MIB bundles across all manufacturers. The corresponding devices can then be integrated with all inventoried properties into IT concepts. Simply drag and drop as usual. The additional information will be added automatically to your datasheets and thus become an integral part of your documentation.

Security – an issue when using SNMP

A major security issue when using SNMP is that IT systems can be queried via SNMP from virtually any computer in the network. This requires no authentication at all, and in some cases, it is even possible to change device settings. For this reason, the use of the SNMP protocol might generally be disabled in some networks, thereby preventing this kind of inventory scan. You can remedy this issue by employing the SNMP v3 protocol. It provides a login feature so that only authorised users can access the device, and data encryption. This is an interesting option, especially for IT systems with high security requirements protected by a firewall. The drawback, however, is that this approach involves tedious configuration and management of the corresponding keys. The use of this version is therefore not exactly widespread.

SNMP versions 1 and 2 use a so-called community string to retrieve the configuration. Very often, the ‘public’ string is used for this purpose. Changing it in the IT systems is not a highly effective protection, but you should do it anyway because this string is transmitted without encryption, so that it can be detected quite easily using a packet sniffer – unless SNMP v3 is used. Depending on the IT system, querying the device to be inventoried might be restricted to specific IP addresses. In this case, you will have to add the dedicated Docusnap inventory computer to the list of permitted IPs. Whether you will be able to benefit from these options depends on the device manufacturer. Unfortunately, not all manufacturers implement these features in their devices.

Leave a Reply