Transcription

TECHNICALDESCRIPTION: SNOWINVENTORYVERSION 5Document date2020-11-19SNOWSOFTWARE.COM

CONTENTS1 Introduction . 31.1 What’s new? . 32 Platform overview . 42.1 Architecture . 42.2 Snow Integration Connectors . 52.3 Communication . 52.4 Security . 53 Discovery . 63.1 Non-inventoried devices . 63.2 Network devices . 63.3 Unreachable devices . 64 Deployment . 74.1 Admin console . 74.2 Third-party tools . 74.3 Scripting . 75 Inventory & metering . 85.1 Identity . 85.2 Virtualization . 85.3 Datacenter . 85.4 Snow Inventory Oracle Scanner . 85.5 Cloud application discovery and metering . 96 Configuration . 106.1 Server configuration . 106.2 Agent configuration . 107 Update . 127.1 Server updates . 127.2 Agent updates . 12Page 2 of 13SNOWSOFTWARE.COM

1INTRODUCTIONSnow Inventory discovers all computers in the IT environment, and presents the discoveryresult in the Snow Inventory Admin Console. Computers that are not yet inventoried canbe easily identified using the built-in discovery views in the console. Also, all connectednetwork equipment and mobile devices are discovered and displayed as discovereddevices in the console.Snow Inventory 5 provides the customers with the ability to keep their Snow InventoryAgents up to date with the latest product releases. Updates with new agent version(s)and/or new configuration settings for the different supported operating systems can becentrally managed using the Snow Inventory Admin Console.For existing installations of Snow Inventory 3.x, the Snow Inventory Data Exporter is usedfor migration to Snow Inventory 5, see User guide, Snow Inventory Data Exporter.1.1WHAT’S NEW?The following sections outline the key changes compared to Snow Inventory 3.x.1.1.1ADMIN CONSOLEThe Admin Console of Snow Inventory 5 is now accessed via the administration tool SnowManagement and Configuration Center (SnowMACC) – a familiar user interface foradministrators of Snow products.1.1.2SNOW INVENTORY AGENTSAll Snow Inventory Agents have the same configuration format, regardless of whatplatform/operating system they are designed for, and they all have the same configurationuser interface (XML).1.1.3RECEIVING AND PROCESSING INVENTORY DATAThe functionalities of the Inventory Data Receiver (IDR), Inventory Data Provider (IDP),and Active Directory Discovery (AD Discovery) are now included as out-of-the-boxmodules in the Snow Inventory 5 infrastructure.Page 3 of 13SNOWSOFTWARE.COM

2PLATFORM OVERVIEWThe Snow Inventory infrastructure consists of one or more Inventory databases andMaster Server instances, and Inventory Agents for one or several platforms. In morecomplex IT environments Service Gateway instances can be implemented for both loadbalancing and scalability purposes. This makes it possible to have the Inventory Agentsconfigured with multiple Service Gateways when sending and receiving data, to havefallback options if one of the Service Gateways is unavailable.2.1ARCHITECTURESnowInventoryAgentSnow Inventory Agents are responsible for collecting softwareinformation, software usage (metering), hardware specifications, and userinformation from the computers and mobile devices within theorganization. Each agent sends its inventory result to an Inventory MasterServer instance for processing, either directly or via a Service Gatewayinstance.SnowIntegrationManagerInventory information can be collected from third-party inventory toolsand virtualization technologies via Snow Integration Manager using eitherpurpose-built integration connectors or the universal connector(SnowXML) that enables discovery and inventory data to be importedfrom any source.ServiceGatewayTo ensure high availability of Inventory Server, Service Gateway instancescan be configured for load-balancing. Service Gateway instances couldalso serve as proxies in segmented networks or remote business units.Page 4 of 13SNOWSOFTWARE.COM

Master ServerThe Master Server instance receives the inventory data reported by theagents, processes the data and writes it into the Inventory database.Also, it processes and writes Discovery data to the database. The MasterServer instance must have a direct connection to the Inventory database.DatabaseThe Snow Inventory database is used for storing the inventory datareported by the Snow Inventory Agents. It is a Microsoft SQL Serverdatabase and there can only be one database per Master Server.2.2SNOW INTEGRATION CONNECTORSSnow Integration Connectors can automatically consolidate data from multiple inventorytools into a single view of all software and hardware assets from across the network andbeyond. All data imported through a Snow Integration Connector is automaticallyprocessed through the Software Recognition Service to ensure the accuracy of softwaretitles, versions, and more.2.3COMMUNICATIONThe Snow Inventory 5 infrastructure is backwards compatible. All the clients prior to theSnow Inventory Agents (i.e. Snow Inventory Clients) that can communicate with theInventory Data Receiver (IDR) can continue doing so with the new Inventory 5infrastructure. Also, the file forwarding features of Snow Integration Manager iscompatible with the Inventory 5 Server receiving interface.2.4SECURITYThe Snow Inventory Agents encrypt the inventory data files (AES 128-bit encryption)before they are sent to the server infrastructure. The files are normally sent over HTTP,but can be configured to be sent over an encrypted HTTPS channel using any X.509certificate for authentication.All communication to and from the Snow Inventory servers can be secured usingcertificates. Server-side certificates are used to authenticate and identify the server,whereas client-side certificates are used to authenticate the client. The server-to-servercommunication can also be secured using certificates.Page 5 of 13SNOWSOFTWARE.COM

3DISCOVERYComputers and devices can be discovered using LDAP lookups in an Active Directory, or byusing the following technologies for network discovery on specific IP address ranges: SNMPSSHWinRPC/WMIICMP (“ping”)TCP/IP fingerprintingDNS lookupNIC manufacturer lookupAll discovery technologies are turned off by default when installing Snow Inventory Server.Each technology can be turned on individually and be configured for specific ports and IPranges as needed to enable full asset discovery3.1NON-INVENTORIED DEVICESComputers that are not inventoried add uncertainty to what is installed and used in theenvironment, and what impact that could have on the license compliance of theorganization.With Snow Inventory, all computers and mobile devices in the IT environment arediscovered. Any devices that are not yet inventoried, either by Snow Inventory Agents orusing a Snow Integration Connector, are presented in the Snow Inventory Admin Console.3.2NETWORK DEVICESIn addition to computers and mobile devices, connected network equipment is alsodiscovered and presented in the Snow Inventory Admin Console. The networkmanagement protocol SNMP is used for discovery of equipment like printers, routers, andswitches.Using the Snow Integration Connector for Discovery data from any source, data fromalready existing discovery tools can be integrated.3.3UNREACHABLE DEVICESIn order to mitigate the gap between discovered and inventoried devices, it is essential tobe able to reach the device from an Inventory server (Master Server or Service Gateway).The Snow Inventory Admin Console has built-in views for presenting any device that isunreachable but exists in the Active Directory or third-party discovery tools. By using thisinformation, Service Gateways can be set up to cover the entire estate.Page 6 of 13SNOWSOFTWARE.COM

4DEPLOYMENTThe Snow Inventory Agents can be deployed via the Snow Inventory Admin Console(Windows Agent only), via an existing deployment infrastructure, or by using scripts.4.1ADMIN CONSOLECentralized deployment of Snow Inventory Agent for Windows can be performed from theSnow Inventory Admin Console. A Service Gateway or Master Server with network accessto the target computer will perform the deployment, using specified credentials (typically adomain administrator account).4.2THIRD-PARTY TOOLSFor centralized deployment, installation packages (msi, pkg, deb, rpm) and shell scripts(sh) can be prepared by and ordered from Snow Support. The packages can then bedeployed to the target computers using a deployment infrastructure of choice, for exampleMicrosoft SCCM.4.3SCRIPTINGAs an alternative to the two deployment technologies mentioned above, it is also possibleto deploy the Inventory Agent to the target computers using scripts. For details of how todo this, see the Snow Inventory Agent User Guide for each platform.Page 7 of 13SNOWSOFTWARE.COM

5INVENTORY & METERING5.1IDENTITYSnow Inventory has a built-in identity logic that it applies to all inventoried computers.The identity is what makes the computer unique and ensures that the computer object inthe database stays the same even if the computer is renamed or reinstalled with a newoperating system. Furthermore, the identity is used to prevent creation of duplicateentries of the same device.5.2VIRTUALIZATIONThere are many good reasons for organizations to adopt virtualization – lower costs, fasterasset deployment, security, flexibility and more. However, virtualization introduces acomplexity which must be addressed by the organization’s Software Asset Managementstrategy.The Snow Inventory Agent for Windows is able to scan and gather inventory data fromenvironments using desktop, session, and application virtualization technologies, such asMicrosoft Virtual Desktop Infrastructure, Citrix Virtual Apps, and VMware ThinApp.The metering capabilities also makes it possible to get remote application usage detailsfrom session virtualization technologies like Microsoft Remote Desktop Services (RDS) andCitrix Virtual Apps.5.3DATACENTERSnow Inventory Server is fully compatible with Snow Integration Manager, which canconnect to multiple hypervisors to obtain correct information on the server environment.This includes obtaining information on datacenter/cluster configurations, physical serversand virtual machines and the relation between the virtual and physical assets. It alsoincludes obtaining information on the different resources, such as processor/core countsand processor model, both from the physical and virtual level.These environments are not static – new virtual machines are introduced, hardwareresources assigned to virtual machines change, and virtual machines move betweendifferent physical servers. If a virtual machine is moved from one physical server toanother, information on the relationship will be automatically updated in Inventory Server.5.4SNOW INVENTORY ORACLE SCANNERThe Oracle Management Option gives organizations control of their Oracle estate thanks toits ability to collect data and report on all server hardware and configuration, databaseproducts and editions, database options and associated usage, management packs andassociated usage, feature usage and named users. It also enables orders to be managedand assigned to specific servers within the Oracle estate.The Snow Inventory Oracle Scanner is a module included in the Snow Inventory Agent. Itis disabled by default, but is easily activated via the Snow Inventory Admin Console andPage 8 of 13SNOWSOFTWARE.COM

configuration update capabilities, or when ordering the Snow Agent installation packagefrom Snow Support.5.5CLOUD APPLICATION DISCOVERY ANDMETERINGThe Snow Inventory Agent for Windows can report discovery of cloud application sitesbased on information from the internet browser installed on the computer. By matchingthe discovered sites to a defined set of rules, the agent can report usage of cloudapplications, also known as Software as a Service (SaaS). The rules are distributed by theData Intelligence Service (DIS) via Snow Update Service (SUS).The option is disabled by default, but can easily be activated in the Snow Inventory AdminConsole.Page 9 of 13SNOWSOFTWARE.COM

6CONFIGURATIONThe configuration files of both Inventory Server and the Snow Inventory Agents are basedon the XML standard format.6.1SERVER CONFIGURATIONThe Snow Inventory Server Configuration Manager provides an administrative interface forconfiguration and installation of Inventory Server.Considering the scalability and load balancing aspects, the Inventory Server can beconfigured as a Master Server or a Service Gateway. Service Gateways forward all theirdata and requests to a Master Server for further processing, either directly or via anotherService Gateway.Snow Inventory Server can be configured to receive incoming requests both on HTTP andHTTPS protocols as per solution requirements.The Snow Inventory Admin Console provides an overview of configuration settings, ServerEndpoints, and Discovery interfaces for any configured Master Server or Service Gateway.The features like Active Directory (AD) Discovery and Network Discovery can be enabled/disabled and configured via the Admin Console.6.2AGENT CONFIGURATIONSnow Inventory Agents are available on Unix, Linux, macOS, and Windows as supportedplatforms. The agent configuration definition is platform independent.6.2.1CENTRALIZED MANAGEMENTAgent configuration for all supported platforms is managed via Snow Inventory AdminConsole. When an agent configuration has been changed and after confirmation by theuser, the update is distributed to all targeted computers and applied automatically.6.2.2SCHEDULINGThe Snow Inventory Agent for Windows runs as a service on the computer and can beconfigured to perform scheduled inventory scan on a daily, weekly, or monthly basis, or atstartup or logon actions. The Snow Inventory Agents for Linux, macOS, and Unix arescheduled using the built-in native scheduling functionality of the operating system, e.g.Cron.6.2.3TUNING THE SCAN RESULTThe Snow Inventory Agent configuration provides the possibilities to fine-tune the scanresult through a number of configuration options. Using the software settingsconfiguration, one can include or exclude variables to tune the scan behavior, like directorypath (include/exclude), file system (include/exclude) and file types (include). Thesevarious configuration options of the agent help to gather the desired data in an easymanner.The scan behavior of the Snow Inventory Agent can be further fine-tuned using systemsettings. It provides a number of options to be enabled or disabled, including setting upPage 10 of 13SNOWSOFTWARE.COM

environment variables, HTTP settings, privacy settings, software metering, hardware andsoftware scans, as per scan requirements.For more details, refer to the Configuration guide for the Snow Agents.6.2.4SOFTWARE DENYTo prevent illegal and prohibited software from running on a computer, deny rules can beset in the Snow Inventory Agent configuration. A deny rule includes the path to the binary,file description, and company name as a signature to identify the process and terminate it.This feature is only available in the Snow Inventory Agent for Windows.6.2.5INVENTORY SCAN REPORTINGThe Snow Inventory Agents support sending the inventory result file to multiple InventoryServers, directly or via proxy, in a fallback manner. If sending the result file to the primaryInventory Server fails, then the agent tries the next server in sequence.6.2.6DROP LOCATIONFor customers that wants to keep a copy of the scan result, the Snow Inventory Agentprovides the drop location option. Every time an agent scans and sends the result file to aserver, it will also copy the result file to a defined drop location folder. A drop location canbe a UNC network location, a directory on a file system, or a web endpoint (directly or viaproxy).6.2.7ORACLE ENVIRONMENTSScan of Oracle environments is performed using the Snow Inventory Oracle Scanner(SIOS) plug-in. The Oracle settings in the Snow Inventory Agent configuration includedefault credentials, and the possibility to include or exclude instances by using SID.Page 11 of 13SNOWSOFTWARE.COM

7UPDATE7.1SERVER UPDATESSnow Update Service (SUS) is used for updating the Snow Inventory infrastructure. SUScan be configured for automatic or manual updates, and will only update the MasterServer.The Service Gateways will frequently check with their target Master Server (or ServiceGateway) for any updates, and then automatically download and apply them. The currentInventory Server versions of both Master Server and Service Gateways are displayed inSnow Inventory Admin Console.7.2AGENT UPDATESOnce the Snow Inventory Agents are deployed to the devices, Snow Inventory providesthe ability to keep the agents up-to-date over time. This is achieved through SnowInventory Admin Console which provides an overview of agent versions, total number ofagent configurations (sites, configurations) and latest agent version available for updatingthe environment.An agent update job takes care of updating the agent version, agent configuration, andthe support files (add or remove) located in the agent installation folder.Page 12 of 13SNOWSOFTWARE.COM

The Agent Repository is a file share where all agents are stored. New agent versions areautomatically downloaded to the Master Server instance via the Snow Update Service(SUS), and made available in the Snow Inventory Admin Console. To install the updateson the agents, the administrator creates an agent update job where the computerstargeted to receive the update are defined.As part of the regular communication between the Snow Agent and the Master Server, theagent contacts the server to check for new instructions. If the computer is target for anupdate job, the agent fetches the update and the appended instruction. The instructiontells when the upgrade is to take place, and if downgrade is allowed.Considering business critical production environments, the agent updates can bescheduled to be performed immediately or defined to be installed within a specified servicemaintenance window.Page 13 of 13SNOWSOFTWARE.COM

The Snow Inventory Agents can be deployed via the Snow Inventory Admin Console (Windows Agent only), via an existing deployment infrastructure, or by using scripts. 4.1 ADMIN CONSOLE. Centralized deployment of Snow Inventory Agent for Windows can be performed from the Snow Inventory Admin Console. A Service Gateway or Master Server with network .