1. Field of the Invention
The present invention relates generally to enterprise infrastructure discovery and in particular to secure enterprise infrastructure discovery.
2. Background Information
Automated discovery of enterprise computing infrastructure poses major concerns in terms of scalability and security. In this context the phrase “enterprise infrastructure discovery” is used to identify discovering not only the infrastructure topology (what server is running where), but also the type and configuration of applications that are running on those servers. A server may include back-end server computers or any network-connected device.
In order to be effective, an enterprise infrastructure discovery must not rely on an agent on the server that is the target of the discovery. Agent-less discovery does not require network topology knowledge in advance, and is useful with those systems where an agent is not deployed.
Once a new server has been added to the list of machines to be discovered in a system, the discovery process must gain access to the system and perform application configuration retrieval. Such application configuration retrieval requires the discovery process to rely on application specific users accounts.
Agent-less discovery requires remote system user credentials. A centralized discovery process requires remote system user credentials, wherein the manner of collecting, storing and managing such credentials poses severe concerns in terms of security and usability. In addition, if the enterprise is properly managed, the passwords expire over a period of time, therefore requiring a tremendous overhead in credentials management. An example of an enterprise infrastructure discovery product is the IBM Tivoli Application Dependency Discovery Manager (TADDM) product. TADDM performs Application configuration discovery in the enterprise for DB2, Oracle BeaLogic and other middleware. In order to perform this task, the TADDM requires valid credentials (username and password) for each machine and for each instance of Middleware installed on it; such credentials are stored inside the discovery product itself. This approach to credentials management may pose concerns, depending on security policies of the target enterprise environment.