OTbase Discovery is the asset discovery component of OTbase. It is clearly separated from OTbase Inventory, the central database where all the asset information is consolidated.
Check out the following product architecture diagram:
When used in conjuction with the OTbase Snapshot service, you don't have access to OTbase Inventory. Instead, your discovery results will be processed by a robot OTbase Inventory which then provides asset information as an Excel table for download.
In any case, OTbase Discovery is a software application/service that you use locally on your computers.
OTbase Discovery variants
OTbase Discovery comes in different flavors to accommodate different use cases. For example, there are Discovery versions for different operating systems. And then there are different architecture variants, again in the interest to accommodate the use case at hand. The following table lists the different architectures:
| Variant | Installs? | Discovery Technology | Typical Use Case |
|---|---|---|---|
| OTbase Network Discovery | ✅ Yes | Network probe | Always‑on discovery of one or many subnets |
| OTbase Discovery Agent | ✅ Yes | Host-based | When remote network scans are disallowed (secure zones) |
| OTbase Discovery Executable | 🚫 No (no install) |
Host-based | Ad‑hoc audits or air‑gapped assets |
| OTbase Mobile Discovery (USB) | 🚫 No (no install) |
Host-based | Like the Executable, but with a user interface for easier operation |
All variants work with all OTbase product alternatives (Enterprise, Cloud, Snapshot). Since variants other than OTbase Network Discovery use host-based discovery, they can only be used on computers.
OTbase Network Discovery
OTbase Network Discovery is the workhorse of OTbase Discovery products because it discovers many different device types via the network. And while other Discovery variants are limited to discovering just one device (the one they are hosted on), OTbase Network Discovery can and does discover thousands of devices, spread over dozens of networks, from a single instance.
OTbase Network Discovery is a client/server application, where the "real" logic runs as a server process behind the scenes. In production use, the server process executes automatically every 24 hours, without user intervention, and uploads discovery results to a central OTbase Inentory. This way you will be able to track configuration changes and the appearance of new devices on the network seamlessly.
The client application for OTbase Network discovery comes in two flavors: The classic user interface, and the modern user interface. The modern user interface makes it easier for new users to figure out OTbase Network Discovery, and the details of their OT infrastructure. The classic user interface is intended for users who have gotten familiar with it over the years. The following screenshots will give you an idea of the differences. The left screenshot is the modern user interface, the right screenshot the classic user interface.
Switching Between Interfaces
OTbase Network Discovery allows you to toggle between the classic and modern UI views.
OTbase Discovery Agent vs. OTbase Mobile Discovery
Both of these products do host-based discovery of Windows computers. The difference is that the Discovery Agent is a service that must be installed, whereas OTbase Mobile Discovery can be executed from a USB stick without the need for installation.
The advantage of the Discovery Agent is that:
- It can automatically send asset information to your OTbase Inventory every 24 hours,
- And it also collects data flow.
OTbase Discovery Manager: Discovery Orchestration
When you are running dozens or hundreds of OTbase Discovery installations, you want a means for orchestration. This is what OTbase Discovery Manager is for. In case you wonder why this functionality is not provided by OTbase Inventory, check the product architecture diagram at the top of this article again. OTbase Inventory typically sits in the enterprise network. You do not want it to be able to directly talk to your process networks, where OTbase Discovery resides. Therefore, all communication between OTbase Discovery and OTbase Inventory is unidirectional, from bottom to top.
Placing the orchestration functionality in the enterprise network would be a serious security breach. For this reason, orchestration is accomplished by a separate software -- OTbase Discovery Manager -- that is placed in the lower, better protected networks.
Comments
0 comments
Please sign in to leave a comment.