PlateSpin Recon has three sequential stages to its data collection.
Domain Discovery: PlateSpin Recon uses Windows Active Directory via LDAP to scan the network for a list of the machines on the specified domain. By default, this includes only online machines, but there is an option to include offline machines as well.
An Organizational Unit (OU) filter can also be specified, narrowing the area of the domain that PlateSpin Recon will poll during discovery. An Organization Unit is a container within a domain where computers can reside for segmentation. For example, if your domain has OU containers setup for each department, you can tell PlateSpin Recon to just look for machines within a specific department within the domain.
PlateSpin Recon only uses OU filters during discovery. Machines discovered in this way are unaffected during inventory and monitoring should machines be moved out of their previous OU containers. For more information on Organization Units and if they are in use in your domains, check with your System Administrator.
Subnet, IP Range Scan: For each machine in the subnet or IP range, PlateSpin Recon pings the machine. If it replies, it is considered a discovered machine.
Another option is to port scan through TCP, UDP or both. PlateSpin Recon tries to connect to ports and records which ports are being used. This option must be used with caution because network security might consider this an attack.
PlateSpin Recon sends the getplatform script, which returns the architecture and glibc version of the machine being inventoried.
Based on getplatform, PlateSpin Recon uses the SCP protocol to transfer a platform-specific inventory binary and libraries to the /tmp directory of the machine being inventoried.
Over ssh, PlateSpin Recon executes the binary, streaming the command file over stdin.
Logs and progress files are streamed back from the inventoried machine to the PlateSpin Recon Server using stderr while the machine XML is streamed over stdout.
PlateSpin Recon runs the executable locally on the PlateSpin Recon Server.
The executable accesses ESX 3.x/4.x, ESXi 5.0, or Virtual Center Web services, which provide the necessary inventory data.
If you are inventorying a Windows machine, you must make sure that WMI is installed and running on the machine. For Widows NT, you must manually install WMI components. For more information on downloading and installing WMI on Windows NT, see Windows Management Instrumentation (WMI) CORE 1.5 (Windows NT 4.0) at the Microsoft Download Center.
To establish connection with the target Windows machine and to run the Inventory executable on the target machine, PlateSpin Recon by default uses WMI. If WMI fails, PlateSpin Recon uses the Remote Service as a failover. You can configure PlateSpin Recon to always use the Remote Service instead of WMI of the target machine:
In PlateSpin Recon Client, click themenu.
Press the Ctrl key and click.
Thepage of the Options dialog box is displayed by default.
In thecategory, click the plus sign (+) next to .
Change the value ofto .
PlateSpin Recon copies the inventory executable to the ADMIN$ share on the target machine.
To understand the PlateSpin Recon Monitoring process, review the following sections:
PlateSpin Recon sends a script (lininfo.sh lininfo.sh, solinfo.sh, aixinfo.sh, or esxinfo.sh) to the machine being inventoried.
The script is run through ssh.
The ssh server must be enabled for monitoring to function.
Logs are streamed back to the PlateSpin Recon Server over stderr.
Performance data is streamed back over stdout.
PlateSpin Recon calls ESX 3.x/4.x, ESXi 5.0, or Virtual Center Web services, which provide the necessary performance data.
PlateSpin Recon uses the Windows Performance Counter API to retrieve performance data. It does not use WMI.
The Remote Registry service must be enabled for Windows monitoring to function.