How We Collect

This section outlines the process the RISC Networks RN150 virtual appliance follows once a customer has deployed the appliance and begun the first scan.

The RN150 collects data in three distinct stages: Discovery, Inventory, and Performance. The details of each of these stages are below.

Collection Process for Virtual Appliances

The details on the collection process are listed in the following table:

Collection Process for Virtual Appliance Details



Discovery Stage

The virtual appliance performs network discovery using standard network mapping software. The virtual appliance will only scan the subnets that are provided into the RN150 virtual appliance by the Customer and/or Partner. This stage of the Analytics engagement is designed to introduce minimal amounts of traffic onto the network and is therefore rate limited. A class B subnet typically takes about 2.5 hours to scan.

During this stage, the appliance will perform an ICMP sweep on the input subnets and then will perform a select port scan on those IPs that respond to ping. If a device is found to have an open port corresponding to one of our credential types we will then attempt to access the device given the provided credentials.

The RN150 will cycle through relevant credentials until it makes a successful match or fails entirely. All devices that respond to ping and are successfully accessed via the credentials are considering “Interesting Devices.” This ends the discovery stage.

Inventory Stage

During this stage the appliance revisits those “Interesting Devices” determined during the Discovery Stage using the matched credentials to gather workload specific data. All workload specific data is then compressed, encrypted, and uploaded via a secure SSL connection to the RISC Networks’ SCE. At the end of the inventory phase a populated asset report and licensing page will be available in the RISC Networks portal. The user can then select devices within the licensing page that will move on to the Performance Stage. This ends the Inventory Stage.

Performance Phase

Once devices have been licensed within the portal performance collection occurs via any matched credential type. Performance statistics are accessed at an interval of no greater than 1 sampling every 5 minute interval. During this stage the RN150 virtual appliance sends regular uploads to the RISC Networks’ SCE for processing and access within the portal. The upload frequency and size is determined algorithmically to limit impact on the host network. The performance stage continues as long as the partner/customer has an active subscription and has devices licensed.

Note:For information on what data is collected at each stage, see What We Collect.

Collection Specifics

More detailed technical descriptions of some of our collection methods can be found in the following sections:

Windows Collection Module
SSH Collection Module
Database Module
Load Balancers
Performance Counter Disambiguation
ServiceNow Configuration and User Guide
Configuration Items in ServiceNow