Introduction to OTbase Discovery

OTbase Discovery is a product component that is installed independently from the OTbase Inventory. Whereas OTbase Inventory usually sits in the Enterprise network, OTbase Discovery is usually placed in the process networks. Its purpose is to automatically discover the identity and configuration of your OT and IT devices.

We refer to an individual instance of OTbase Discovery as a discovery node.

OTbase Discovery can discover and monitor multiple networks both locally and remote, however more than one OTbase Inventory node is usually installed. For example, different sites may (and should) all report to one central OTbase Inventory. The number of OTbase Inventory nodes that you install completely depends on practicality and has no impact on license fees. In multi-site deployments, it is not rare to see several hundred OTbase Inventory nodes working in concert -- like a discovery swarm.

OTbase Inventory will never try to connect to OTbase Discovery, which makes it easy to keep your process networks protected from the Enterprise network -- for example by using firewalls, data diodes, and DMZs. All data traffic between OTbase Discovery and OTbase Inventory is upstream only, originating from OTbase Discovery.

System requirements

OTbase Discovery operates on Windows 7 and above. For Windows 7, ensure the following requirements are met:

• SP1 installed
• KB3033929 installed (Driver signature support for Npcap)
• KB2533623 or monthly KB4457144 installed (Python multiprocessing support)
• Microsoft Visual C++ 2015 Redistributable installed (api-ms-win-crt-runtime-l1-1-0.dll needed).

The amount of memory that is needed mostly depends on the number of devices that are probed by the node. For a few hundred endpoints, you will barely notice OTbase Discovery consuming memory, and the probing will often be completed within a couple of minutes; if not seconds. On the other end of the spectrum, there are installations where one discovery node probes many thousand endpoints, which will then require a dedicated machine with a decent amount of RAM (16+ GB).

The Discovery Software architecture

OTbase Discovery comprises two components:

• A Windows service that performs network probing and
• A Windows front-end application for configuring the service.

The service implementation makes sure that OTbase Discovery continues running even when nobody is logged on to the computer on which the software executes. This is important because automatic transfer of asset data usually takes place at night.

The Configuration Front-end

The discovery service does nothing on its own before it is configured. This is usually done using the configuration client. The configuration client lets you fine-tune probing options for various networks and devices, and it also provides immediate feedback if your probing is configured properly, because it will show a subset of discovery results right away.

Centralized Management Application

If you are running dozens or hundreds of OTbase Discovery nodes, managing each node individually by RDP'ing to the node's configuration client is not an option. This is where OTbase Discovery Manager comes in, the centralized management application for OTbase Discovery.

REST API for Programmatic Orchestration

Besides OTbase Discovery Manager there is another means of changing the configuration of OTbase Discovery nodes. You can do configuration changes programmatically via a REST API, which means that no admin has to sit in front of a computer screen and has to type in every single configuration change.