I’ve not been able to find a good list of what are active, and what are passive discovery methods. It should seem obvious, but I have a recollection of an example question about it on someone’s website that confused the matter.
One of my confusion points is that the only definition I can find on the matter from VMware talks specifically about “application discovery and dependency mapping” via network discovery:
Effective application discovery and dependency mapping requires three primary methods:
• Active discovery—This method uses common network protocols to remotely query servers in the managed network and obtain supplementary CI data about network hosts. However, using just active discovery can place an unnecessary burden on the network. In addition, large segments of CI data don’t change all that often, making repeated realtime active discovery unnecessary for many. Furthermore, although active discovery uncovers detailed CI data about hosts and services, it doesn’t easily or directly provide information about how they relate to others. But active discovery doesn’t require agents, and delivers a wealth of solid CI data.
• Passive discovery—This method provides more of that relationship data. By connecting to core span or mirror ports on network switches and sampling network traffic, passive discovery can identify network hosts and
servers, their communications and connections, and what services and protocols are being exchanged at what time. Although another rich source of data, you need some additional capabilities to assemble this raw data
into actionable information.
• Discovery analytics—This third element complements the first two with the ability to perform deep-packet analysis of observed traffic, and to help establish the relationships between passively and actively discovered
entities. Analytics with rich data provides little benefit; the same holds true for active and passive discovery.
Together, active discovery, passive discovery, and discovery analytics deliver a hybrid approach to application discovery and dependency mapping—provides the most complete approach
My view on it (and am happy to be corrected if I’m wrong in this regard) is that Active discovery is where you go out an get information from the target systems directly, passive is where you collect it without you having to talk to the target systems yourself.
If something is already being collected to a separate database, then querying it is passive (as long as that querying is not going to affect the target system)
- Port mirroring on a switch
- VCenter performance stats database
- Config management database
- Project documentation
- Any statistics already collected by an IT Management Framework
(eg HP Openview)
- Network probing
- Windows Perfmon
- VMware Capacity Planner