What is Network/Cloud Discovery?
Simply put, network discovery is a communication and identification technique that enables organizations to determine which assets are currently connected to their network. In traditional enterprise networks, these assets include on-premise network equipment such as switches, gateways, modems, wireless access points, and routers.
Since many of the aforementioned network devices also host ARP tables that list other devices such as laptops, printers, and VoIP handsets that are connected to the enterprise network, the traditional network discovery solutions also provide an accurate inventory of the regular devices that are connected to an organization’s private networks.
Down the road, it is expected that enterprise networks will expand and diversify to include off-premises assets such as public clouds and computing nodes at the network edges. As virtual extensions to enterprise networks such as Azure VNETs, AWS VPCs, and edge cloud nodes with private 5G become more commonplace, modern API-based cloud discovery mechanisms are quickly becoming a valuable extension to the traditional network discovery methods, and in enabling centralized and secure management of the various network assets.
Discovery Protocols
The discovery process requires network administrators to communicate with active devices and processes, in order to properly identify them. This communication typically occurs through a combination of three standard protocols.
- Simple Network Management Protocol or SNMP provides a mechanism for network devices to exchange information within LAN or WAN environments. It is also known as Internet standard protocol.
- Link Layer Discovery Protocol or LLDP is a standard protocol developed by the Institute of Electrical and Electronics Engineers (IEE) that enables devices to transmit information to nearby or directly connected neighbor devices.
- Ping is a network software utility tool that transmits Internet Control Message Protocol (ICMP) queries to identify network devices. Ping measures the time it takes for data packets to reach a destination device from a local host, and vice-versa.
Besides the traditional network discovery protocols, the cloudification of the enterprise networks has led to increased use of virtual extensions to the enterprise networks. These extensions are typically VPN-connected subnets running in both public and private cloud stacks such as Amazon Web Services, Microsoft Azure, VMware, and various Linux-based systems running at the network edges.
By complementing the traditional network discovery protocols with plug-ins that have been designed to read in network data from these cloud stacks, organizations can enjoy a single pane of glass into all the assets in their hybrid enterprise networks. Collating all the network data into a single Network Source of Truth is also beneficial from the security perspective, as it facilitates the enforcement of unified security policies for all network assets both on- and off-premise.
Benefits of Network/Cloud Discovery
With automation to ensure accurate and fully configured network/cloud discovery, organizations receive a number of benefits:
- Network operations: network/cloud discovery automation will continuously monitor network traffic to identify which components are currently active. Automated workflows can also help establish which devices are using the network most frequently and identify and troubleshoot issues. By locating abandoned IP addresses and removing them, network/cloud discovery automation also helps improve the overall efficiency of the network.
- Security operations: network/cloud discovery automation helps ensure that each IP address is valid and assigned to an authorized network entity. This mitigates the network risk associated with malicious devices or hackers. Moreover, an automated network/discovery solution that offers a single source of truth gives network administrators greater visibility into their network infrastructures.
- Finance: Aside from the operational efficiencies, the largest impact of accurate network inventory is the elimination of operational mistakes that lead to network downtime. These mistakes are often caused by missing and/or incorrect information when planning and effecting network changes. By gathering an accurate inventory of both the on- and off-premise enterprise network assets, organizations are able to eliminate downtime that can cost up to US $ 5,600 per minute for an average enterprise.
Network/Cloud Discovery Automation with FusionLayer
FusionLayer Infinity provides a single source of truth for enterprise networks, coupled with built-in discovery functionality for both traditional and cloud-based subnets in hybrid networks. FusionLayer not only reads host data from the ARP tables, but also other information about connected devices, like the ports they are connected to, used VLANs, and device names. This data gives more detailed network information to network engineers than is available in more traditional IP Address Management (IPAM) solutions that lack the built-in discovery functionality.
Using the built-in tools for network/cloud discovery, FusionLayer can also give host Information (such as IP, MAC, etc.) of devices that are connected to a network device. The FusionLayer system allows host data to be read into the system from existing enterprise DNS, which is very helpful in cross-referencing the hosts in DNS to the devices that have been discovered from the network. This helps network managers see the full picture of their network infrastructure.
To complement the information that has been discovered using the above mechanisms, FusionLayer Infinity can also be integrated with several other technology stacks through the APIs that they provide. These include DNS and DHCP solutions from FusionLayer, Microsoft, and F5; private cloud stacks from VMware and different distributions in the Linux community (Neutron API); as well as populate managed cloud stacks such as Microsoft Azure and AWS.
Thanks to the rich feature set provided by FusionLayer, taking control of your hybrid enterprise network has never been this easy!
Reply a Comment