OTbase Discovery is a product component that is installed independently from the OTbase Inventory. Whereas OTbase Inventory usually sits in the Enterprise network, OTbase Discovery is usually placed in the process networks. Its purpose is to automatically discover the identity and configuration of your OT and IT devices.
We refer to an individual instance of OTbase Discovery as a discovery node.
OTbase Discovery can discover and monitor multiple networks both locally and remote, however more than one OTbase Inventory node is usually installed. For example, different sites may (and should) all report to one central OTbase Inventory. The number of OTbase Inventory nodes that you install completely depends on practicality and has no impact on license fees. In multi-site deployments, it is not rare to see several hundred OTbase Discovery nodes working in concert -- like a discovery swarm.
OTbase Inventory will never try to connect to OTbase Discovery, which makes it easy to keep your process networks protected from the Enterprise network -- for example by using firewalls, data diodes, and DMZs. All data traffic between OTbase Discovery and OTbase Inventory is upstream only, originating from OTbase Discovery.
OTbase Discovery variants
OTbase Discovery is available in different variants, allowing you to pick the best choice for a particular scenario.
- The standard Discovery variant is a Windows service that discovers devices via the network.
- This service is also available for Linux (both Intel and ARM architectures), and for Docker.
- For situations where remote discovery is not desired, you can use the OTbase Discovery Agent that is installed on a host machine. The Agent doesn't perform network discovery, it only discovers the local configuration of its host. It is available both for Windows and Linux.
- Finally there's a Discovery Executable that you can run from a USB stick. It doesn't require installation and saves asset information on that same USB stick. Just like the Agent, it doesn't do network discovery but only discovers the system that it is running on.
The Discovery Software architecture
With the exception of the Agent and Executable variants, OTbase Discovery comprises two components:
- A service that runs in the background and periodically performs network probing, and
- A Windows front-end application for configuring the service.
The service implementation makes sure that OTbase Discovery continues running even when nobody is logged on to the computer on which the software executes. This is important because automatic transfer of asset data usually takes place at night.
The Configuration Front-end
The discovery service does nothing on its own before it is configured. This is usually done using the configuration client. The configuration client lets you fine-tune probing options for various networks and devices, and it also provides immediate feedback if your probing is configured properly, because it will show a subset of discovery results right away.
Centralized Management Application
If you are running dozens or hundreds of OTbase Discovery nodes, managing each node individually by RDP'ing to the node's configuration client is not an option. This is where OTbase Discovery Manager comes in, the centralized management application for OTbase Discovery.
REST API for Programmatic Orchestration
Besides OTbase Discovery Manager there is another means of changing the configuration of OTbase Discovery nodes. You can do configuration changes programmatically via a REST API, which means that no admin has to sit in front of a computer screen and has to type in every single configuration change.
Comments
0 comments
Please sign in to leave a comment.