Network Discovery
Get full infrastructure visibility across segmented, hybrid environments
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.The article describes Network Discovery, an add-on to BlueCat Integrity’s DDI platform that delivers secure, segment-safe infrastructure visibility across distributed, virtualized, and hybrid environments. It addresses the real-world problem of fragmented networks and discovery blind spots caused by centralized scanning and limited protocol coverage by using localized BDDS probes, multi-method data collection (SNMP, ICMP, SSH, vendor APIs), VMware hypervisor support, and a controlled reconciliation process. The result is more accurate, authoritative IPAM data that reduces operational risk, strengthens security posture, and improves automation and IT service management outcomes.
How does Network Discovery avoid creating additional firewall risk while discovering assets across segmented networks?
Network Discovery uses localized probes embedded in BlueCat DNS/DHCP Servers (BDDSes) that operate within each network segment. Because probes run inside the segment, they collect device and configuration data locally rather than relying on centralized scanning that requires broad firewall exceptions. Findings are then securely published to Integrity for centralized review and reconciliation, preserving segmentation and minimizing exposure while still enabling complete asset visibility.
What discovery methods does Network Discovery use to build richer asset intelligence than legacy tools?
Network Discovery employs a multi-method approach including SNMP polling, ICMP scanning, SSH access, and vendor-specific APIs to gather information. This layered methodology captures both device presence and deeper configuration and operational attributes—such as roles, versions, and metadata—providing context that single-protocol scanners typically miss. VMware hypervisor API integration further extends this capability into virtualized estates, revealing relationships between physical and virtual infrastructure.
How does the reconciliation process ensure the IPAM remains accurate and trustworthy?
Discovered items are routed through a controlled reconciliation engine where operators can validate, accept, or ignore findings before they are written into BlueCat Address Manager. This human-in-the-loop validation prevents duplication, stale records, and unauthorized updates, ensuring the IPAM remains a clean, authoritative source of truth. By enforcing operator oversight and controlled updates, organizations can rely on accurate discovery data to support automation, IT service management, and security operations.
The solution: Network Discovery
Network Discovery, an add-on to Integrity, BlueCat’s DNS, DHCP, and IP address management (together known as DDI) solution for enterprises, delivers a modern approach to network infrastructure visibility. Using localized probes in BlueCat DNS/DHCP Servers (BDDSes) that operate within each network segment, it eliminates the need for risky firewall exceptions or centralized scanning architectures.
Network Discovery gathers device and configuration data via SNMP, ICMP scanning, SSH access, and vendor APIs, providing a richer and more accurate representation of the environment than legacy discovery tools. VMware support enables visibility into virtualized estates, while a reconciliation process ensures that only validated and authorized data is written into BlueCat Address Manager, Integrity’s IP address management (IPAM) tool.
With controlled reconciliation and multi-method discovery, Network Discovery enables teams to maintain a current, authoritative view of their network, supporting improved security, automation, and IT service management practices.
Features
Per-network BDDS probe
Each BDDS acts as a localized discovery probe, operating within its own network segment to collect device and configuration details without requiring broad firewall access. This approach preserves segmentation, reduces exposure, and enables accurate discovery in distributed or restricted environments. Probes publish findings securely to Integrity for centralized review, ensuring teams maintain visibility without compromising security architecture.
VMware Hypervisor discovery
Support for VMware environments delivers visibility into virtualized network components, including hosts, virtual switches, and associated metadata. By integrating API-based discovery with traditional methods, Network Discovery helps teams understand relationships between physical and virtual infrastructure. This capability improves accuracy in environments where virtualization abstracts devices that traditional scanning often overlooks.
Controlled reconciliation
A reconciliation engine allows teams to validate, accept, or ignore discovered items before they become authoritative records. This controlled process prevents duplication, stale entries, and ungoverned updates to IPAM. With operator oversight, organizations maintain a clean and trustworthy source of truth that supports automation, IT service management processes, and security operations.
Multi-method discovery
Network Discovery gathers information via SNMP, ICMP scanning, SSH access, and vendor-specific APIs, allowing it to capture both high-level device presence and deeper configuration attributes. This multi-layered approach overcomes limitations of single-protocol tools and provides more complete insight into device roles, versions, and operational states. The result is a richer and more actionable asset inventory across hybrid environments.
BlueCat’s Intelligent Network Operations (NetOps)
BlueCat’s Intelligent NetOps solutions provide the analytics and intelligence needed to enable, optimize, and secure the network to achieve business goals. With an Intelligent NetOps suite, organizations can more easily change and modernize the network as business requirements demand.
