Service Management Blog

Introduction To IT Discovery

Introduction To IT Discovery
5 minute read
Joseph Mathenge

Today’s IT organizations continue to grapple with the twin challenges of evolving to keep up with changing customer and technology needs while maintaining stability on existing services in the face of disruptions and risks.

For this reason, visibility into IT components. including their interconnections and dependencies, has become a key differentiator in successful service management practices. Without visibility, there is a real risk of business loss and dissatisfaction in the services you deliver to customers.

While IT discovery may seem like a piece of cake for smaller organizations, larger enterprises are finding this to be a challenge. This has been exacerbated by the following drivers:

What is IT discovery?

IT discovery is the process of identifying and collecting data on existing IT components within a network.

This involves carrying out a sweep across the network using IT tools to find all the IT assets within the specified environment including hardware, software, virtual instances, cloud components, and smart devices, among others.

The kind of information that can be gathered during a discovery includes:

  • Device name, device type, network address
  • Device configuration: hardware/software/firmware versions
  • Device status, capacity, and performance information

Why do we need IT discovery?

Discovery allows us to take a snapshot of IT components or environment—their current state. This facilitates capturing of baseline information that can be used to support other ITSM practices, including:

IT discovery

Asset & Configuration management

Discovery is an important tool during audits of IT assets. You might unearth discrepancies between asset records held by Finance and those maintained by IT, especially where the status information is inconsistent e.g. devices that are not in use, lost, or out of service.

Discovery can also unearth devices that are using unlicensed software or incorrectly configured, which can cost the organization from a cost or effectiveness perspective.

(Learn more about asset management & configuration management.)

Change management

Technical teams reviewing changes to determine potential impact on other services and components can leverage insights provided by IT discovery data. Such insights can:

  • Prevent unplanned incidents
  • Identify dependencies that will require involvement of other stakeholders in making the change successful

(Know types & levels of change management.)

Release & deployment

Discovery can aid in planning of releases, as visibility into whether dependencies such as libraries and OS versions can be determined in advance and validated before installation of new or updated software components in the IT environment.

Discovery can also be employed during post-verification checks after deployment activities.

(Compare deployment to release.)

Incident management

Investigations into incident causes can be aided by discovery information, as information on service and component configuration, status, and dependency can be very valuable for technical teams involved in resolution efforts.

(See how incident management should work.)

Information security

Discovery can be useful in mobile device management particularly in identifying and managing BYOD where data breach risks abound from personal owned devices accessing business and customer information.

Discovery is also a key capability used for identifying access points when enumerating a network for purposes of penetration testing.

(Explore information security, which starts with asset discovery.)

Disaster Recovery

Following a major disruption that might require an organization to restore its services in a different IT environment, information from discovery can prove an invaluable resource in rebuilding IT services and components from scratch.

(Plan for disaster with these best practices.)

How does IT Discovery work?

At the most basic level, discovery of active IT devices on a network can take place through Address Resolution Protocol (ARP) commands. The ARP cache contains one or more tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical addresses. ARP works for IPv4, but has since been replaced by Neighbor Discovery (ND) for IPv6 devices, which works in a similar fashion.

Beyond ARP, SNMP (Simple Network Management Protocol) is the next level of discovery. Devices that are configured for SNMP can respond to messages called protocol data units (PDUs) from devices within the same network segment. The discovery tool will send an SNMP GET message requesting for information from other devices that are SNMP enabled. The information is stored in Management Information Bases (MIBs) that contain configuration and status information.

Other approaches for IT discovery include:

  • Common Information Model (CIM). This open standard provides a common definition of management information for systems, networks, applications, and services, and allows for vendor extensions. It is a modeling schema that describes managed system, hardware, and software objects.
  • Windows Management Infrastructure (MI). Based on CIM, MI is an evolution of Windows Management Instrumentation (WMI), a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows computing systems.
  • Cloud discovery. This approach involves use of APIs to enumerate cloud instances and gather information on cloud configuration.

Specialized IT discovery tools are able to process the information in MIBs and create topologies of network architecture as well as display status of various network elements. These tools can be triggered via manual action or configured to automatically search and update asset information. A common distinction in how these tools work is the agent vs agentless approach:

  • Agent-based approach. Here a small piece of software is installed in each component within the network to collect and send back information to the central discovery tool on availability and performance metrics. Agent-based discovery provides greater visibility as the level of detail better supports monitoring and troubleshooting efforts. However, it comes with the overhead of installation, updating and management, which can be automated but still requires significant administration effort.
  • Agentless approach. Unlike the former, here no installation is done on components to be discovered. The discovery tool uses the previously mentioned protocols to discover status and performance of IT assets, with reduced administrative overhead. The amount of detailed information from the discovery process is obviously less than agent-based discovery.

IT discovery isn’t about the tooling

IT discovery shouldn’t be treated as just an exercise to turn on a tool, let it gather data, and that’s it. It is critical that you define a discovery process that ensures collected information is both:

  • Analyzed to make sense of it.
  • Availed to the right people to act on it.

Value can only be generated from IT discovery if it supports the ITSM practices mentioned earlier, leading to better managed services, cost effectiveness, and overall business success.

Related reading

New strategies for modern service assurance

86% of global IT leaders in a recent IDG survey find it very, or extremely, challenging to optimize their IT resources to meet changing business demands.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing

Business, Faster than Humanly Possible

BMC works with 86% of the Forbes Global 50 and customers and partners around the world to create their future. With our history of innovation, industry-leading automation, operations, and service management solutions, combined with unmatched flexibility, we help organizations free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead.
Learn more about BMC ›

About the author

Joseph Mathenge

Joseph is a global best practice trainer and consultant with over 14 years corporate experience. His passion is partnering with organizations around the world through training, development, adaptation, streamlining and benchmarking their strategic and operational policies and processes in line with best practice frameworks and international standards. His specialties are IT Service Management, Business Process Reengineering, Cyber Resilience and Project Management.