Service Manager

Working with Gateways

Gateways are part of Discovery and allow you to use a single point from which to manage your assets and other discovery tasks. You can install more than one gateway but if so, one gateway must be designated as a central gateway. There are two types of gateways: the standard gateway and a data center edition gateway. Both gateways allow you to do the following:

•Enter default administrator credentials to run tasks for computers on the network.

•Deploy client agents to computers on the network.

•Create and run specific tasks such as running active directory scans.

•Assign client tasks to the gateway based on the client IP and subnets that are specified on subnet entries on the Client Task Subnets tab.

•Deploy settings to the gateway.

You can do the following with a data center edition gateway:

•Create new IP ranges to use with NetScan.

•Enter Netscan SNMP protocols to run SNMP queries.

•Create new VMHA (virtual machine host auditor) configurations.

•Use a proxy server to relay messages to the server.

If you are migrating from Discovery Release 9.x to Discovery, we recommend that you install a gateway before you run the migration tool. If you create a gateway after running the migration tool, you may need to rerun the migration tool or manually relink the data to the gateway.

Before starting the installation, you can specify a default organizational unit to associate with your gateway. All clients deployed by the gateway are associated with that organizational unit by default, although this can be changed later.

When you specify a default organizational unit during installation, ensure that the computer you are using to install the gateway does not already have a configuration item record in Service Manager. If it does, you can delete it before you begin.

After installation, the gateway runs the Discovery client to generate a unique client ID. A registration message is then sent to the Service Manager server.

When the registration message has been received and processed by the server, the gateway computer appears in the Gateway workspace.

Gateways process messages sent to them by the client agents. Administrators can access the Integration Queue and Message Queue Journal workspaces to view and track messages.

For clients and gateways, the Service Manager gateway communicates via HTTPS to the client data web service. The data is in turn processed by Discovery processors, that populate the configuration management database with inventory information. Inventory data is also gathered by SCCM and other external sources, which communicate directly with the Discovery processors and other adapters. In case of a gateway proxy, the client sends messages to the proxy which in turn forwards the messages to the server. Gateway proxy is usually used in environments where there is limited network access.

The Service Manager gateway must be installed on one or more computers (or servers) or on a proxy server in your network in order to use discovery methods (such as ADScan, Deploy Agent, NetScan etc.). To install a gateway, see Installer Downloads. For information on gateway settings, see Gateway Workspace Settings.

If you are using the Service Manager gateway to deploy agents to other client machines, you must have full administrator rights and privileges on those client machines.

•To manage computers that are currently not audited, deploy a client agent to the computers. This agent allows the subsequent inventory process to discover all network computers. You can also install agents on remote computers. See Deploying Agents to Other Computers.

•When the gateway has been installed, it can deploy client agents to other computers. When a client agent has been installed on a computer, it automatically performs an initial full audit (see Running an Active Directory Scan). You can also use the gateway computer to do a remote audit on the client computers without the need to install client agents (see About Agentless Audits).

•If it is not feasible to install a client agent on a networked computer, you can remotely audit the machine by using Microsoft WMI infrastructure (Windows Management Instrumentation), which allows the gateway to audit computers remotely. Agentless auditing is done by a gateway machine running WMI queries against the target computers. See Running an Agentless Audit.

•When data is gathered for inventory either by the agent audit or by remote auditing from the agent or the gateway, the audit data is sent to the Service Manager data center web service via a secure HTTPS protocol. The received data is processed in two steps: the raw Discovery agent data and is processed into a generic format (for example, the names of publishers and hardware are normalized); then the normalized data is populated into the configuration management database.

The Service Manager agent and the Service Manager gateway also communicate with the message processor to determine if there are tasks to process. The message processor is a component on the Service Manager server, which provides tasks for the gateways and for the clients through a web service. A task for a gateway can be, for example, "install Service Manager client on machine X" or "update configuration." A task for a client can be, for example, "update configuration" or "audit computer now."

The following diagrams show how data flows from the audited computer to the data center without a proxy and then with a proxy:

Data Flow Without a Proxy

Data Flow With a Proxy