How to use traffic based discovery in ServiceNow
In ServiceMapping (part of ServiceNow), I am often asked if one should use traffic based discovery or not. The answer is simple. Traffic based discovery should only be used in an incomplete map when you are testing.
If your patterns are complete and working, the whole map is displayed without using traffic based discovery. If you turn traffic based off and the map is incomplete, something is wrong with your patterns (provided the server is discovered, credentials are working etc.).
When I am working on a map, I often turn traffic based discovery on and off. Turning on provides a good overview of the CI’s I might be missing. Yes, this is something the application owner should know, but sometimes this information is beneficial for that person too. This can also initiate a discussion on which CIs should be in the map.
When enabling traffic based discovery, all related CI’s found using netstat will be displayed on the map. If I see that I am missing a CI, I return to my pattern to include that CI. Once I have updated my pattern, I turn off traffic based discovery to make sure the new CI is displayed without using it.
I have created a very simple pattern for my SCOM installation. The below map shows the differences between turning traffic based discovery on and off.
The CIs inside the green lines is the pattern based, while the CIs inside the blue lines are traffic based. This lets us know what the servers inside the green lines connects to network-wise. Based on whether these CIs should be in the map, the pattern will be updated. If not, I will simply turn off traffic based discovery and consider my map complete.