Network appliance discovery


Data center relocation engagements rely heavily upon the ability to discover all critical IT components in the old environment first. Not all components are easy to detect with traditional automated network discovery tools. For instance, devices such as firewalls and load balancers are designed to be transparent to network traffic, making them invisible to normal scans. Discovery must be executed in a minimally invasive manner because the IT environment to be migrated is usually in a production state until the relocation is complete. Studying the configuration of host machines that have been discovered can reveal the presence of the network appliances they use, allowing the discovery team to make a shortlist of probable appliance locations, even if those appliances do not themselves respond to traditional network scans.

In this project, we develop heuristic-based analytics for detecting the presence of network devices in data centers with a specific focus on detecting load balancer appliances. Our approach lies in exploiting (1) host-based network data, which comprises information already collected for data center migration engagements, and (2) knowledge of how load balancer appliances and managed servers are conventionally configured in an enterprise network environment.

The results of our work have been submitted to CNSM 2012.