Level 1 Versus Level 2 Discovery
This page helps illustrate some of the key differences between a level 1 and level 2 discovery. The target environment for this illustration is 2 host servers, one running a DB2 server and one running TADDM, which consists of a number of Java servers and a WebSphere Liberty server.
Level 1 discovery was run against the two targets hosts. Level 1 scanning is done external to the targets. There is no log on or access to the host attempted and the information is gained from scanning ports on the target hosts. The ports scanned and subsequent components created are configurable (see TADDM documentation for more details). A business application was defined with the discovered software servers.
Notice that there are "custom" (denoted by the C) servers components created where established ports were detected. The scan was able to determine that julie is a Linux box, but unable to determine the platform type for kristina. No software server to software server logical connections or dependencies are discovered.
The details for the components discovered are very shallow. For the host julie, no detailed configurations are discovered. Only basic IP information and possibly MAC addresses are populated.
For the database, only details about the port running are discovered.
Using the same target hosts, credentials have been entered to allow for successful level 2 discovery. Credentials specific to the software (e.g. DB2 account) are needed for level 3 and not level 2 so are not necessary at this time. We are taking advantage of the custom server discovery to discover shallow software servers without running more advanced level 3 sensors. The follow is the same topology as before but with level 2 discovered components instead of level 1.
Notice that the topology contains much more rich detail and more dependency information. Specifically, dependency between the Java servers and the database are detected.
From a hardware perspective, more deep detail is discovered about the components. Not all the tabs are shown here, but there is now IP, filesystem, CPU, and other hardware details discovered for the Linux target host.
For the software running (DB2), there is slightly more detail than discovered using level 1, but still only basic information that is used to identify that the server exists. No advanced details about the software are discovered. Those details are discovered using level 3. Notice that runtime process information is now discovered, shown in the Process Pools and Ports information.
Conclusion
The difference in detail discovered between level 1 and level 2 discovery is great. The labor effort involved between the two can also be great, as level 2 requires credentials and authorization configuration on the target hosts. Level 1 discovery is often used in tactical engagements, where TADDM is not needed long term. An example might be light-weight scanning before a data migration occurs. Level 2 discovery is more strategic, where discovered data is seen as a trusted source and possibly used to populate a CMDB. Level 2 discovery supersedes level 1 discovery, so it is not necessary or advisable to spend time and effort with level 1 discovery if level 2 discovery is desired.