Thursday, July 12, 2012

SCOM 2012 Network Monitoring - Explicit or Recursive Discoveries?

In System Center 2012 Operations Manager (SCOM / OpsMgr 2012), the Network Monitoring feature has been taken to another level when we compare it to it's predecessor SCOM 2007 R2. A while back, I wrote a blog post explaining the steps required to get up and running with SCOM 2012 Network Monitoring and it's a good starting point if you're looking to explore this new feature. Check out the original post here:

SCOM 2012 - Network Monitoring Magic!

In the steps outlined in that post, when setting up your network monitoring, you have the option to choose from two types of network discovery rules - Explicit and Recursive. The screenshot below shows the option for selecting either of these two rules

Since April, I've been responsible for a LOT of SCOM 2012 deployments for our customers and often get asked to explain the difference between these two network discovery options. This post will aim to give you a better insight into each of them and will offer some advice on when to use each one.

In SCOM 2012, when configuring your network monitoring, you need to create a discovery rule on a Management Server that will run the network discovery either on an automatic schedule or manual on-demand basis. A discovery rule has some restrictions so to speak though:

  • Only one discovery rule can be configured per Management Server.
  • A discovery rule can only perform one or the other of an explicit or recursive discovery and cannot perform a combination of them.
With these points in mind, let's explain what each discovery does:

Explicit Discovery

This type of discovery rule is similar to what we had to work with in SCOM 2007 and it only attempts to discover devices that you have explicitly specified in the wizard by their IP address or FQDN.

Unlike SCOM 2007 though, if you have a large number of network devices that you want to explicitly add all at once, then instead of having to do them one by one or by network subnet (familiar anyone?), you now have the option to specify a text (*.txt) file with a list of all the device names or IP addresses that can be imported into SCOM.  This is a massive time saver and a welcome addition to the discovery process.

Recursive Discovery

This discovery is completely new to SCOM and is a 'party piece' of the EMC Smarts (Ionix) technology that forms the basis for network monitoring in the 2012 release.

When you select this discovery option and work through the wizard, you will come to the exact same 'Specify Devices' dialog box (shown in the screenshot below) that you would have encountered when configuring an Explicit discovery and this can initially be a little confusing.

Recursive discovery functions by performing a network scan and attempting to initially discover devices that you have explicitly specified in the above dialog box. Similar to the Explicit discovery rule, Recursive discovery can also be configured to discover and access devices using ICMP, SNMP or both. You could also use an IPv6 addresses however; the initial device that is discovered must use an IPv4 address.That's where the comparison with Explicit discovery ends though.

Recursive discovery will then try to discover any other network devices it knows about through its Address Routing Protocol (ARP) table, its IP address table, or the topology Management Information Block (MIB) to grow the network map and present all applicable devices to you for monitoring.

You can also filter out devices that you don't want to be discovered by using properties such as the device type, name, and object identifier (OID). This is a handy option if you wanted to quickly discover all the network devices in your network except, a small number or some with a specific criteria.

In really large networks with a lot of network devices, keep in mind that there is a default limit of 1500 network devices that can be discovered recursively. You can of course tweak this limit to suit your environment if you wish, but for most people, this won't be needed.

Great, but which is the best discovery rule to use?

This is a tough question as every network environment is different and there's no right or wrong answer here.

Explicit Discovery Pro's

I find that using the Explicit discovery option is the easiest way to control what gets monitored while carrying out new SCOM deployments. It's most likely that you will already know all of the network devices that you will want to have discovered if it's your own network, or if you're out on a customer site deploying SCOM, then the customer will have handed you a list of network devices to start monitoring. This method is useful also for controlling alerts and ensuring that your tuning and noise reduction process is confined to a certain number of network devices initally.

Explicit Discovery Con's

You need to have a list of all of the network devices that you want to monitor with SCOM 2012 and this can be cumbersome trying to put together or a lot of the time, if you arrive onsite with a customer to configure this, they might not have an up-to-date list of their devices and there's always a chance that you've missed something important.

Recursive Discovery Pro's

The Recursive discovery is definitely the 'sexier' of the two rules and you'll get a buzz from seeing all of the network devices getting discovered automatically in a relatively short space of time with very little input from you required. If you don't have a list of all the network devices on your network, then use this option to probe the ARP cache and discover everything for you.
You can also create a schedule to run your recursive discovery rule a number of times a day/week/month etc. and for this reason it's very useful if you have a high turnover of network devices spread across your environment.

Recursive Discovery Con's

The downside to Recursive discovery scheduling though is that, it can put unnecessary load on your management servers in large network environments by discovering devices that ordinarily you have no requirement to monitor and manage. It's also not recommended to run this more than twice a week in large environments that don't have a high turnover of network devices.


So that's it! Hopefully this post has gone some way to helping you understand what the difference is between the Explicit and Recursive discovery rules in SCOM 2012. If you want to learn more about SCOM 2012 Network Monitoring and the difference between Certified and Generic devices, take a look at this post:

SCOM 2012 Network Monitoring - Dude, Where's My Network Device Components?


  1. Hey Kevin, when using recursive discovery, does it find any SNMP enabled device on which those credentials work, or does it only find network devices on the HCL? Thanks much!

  2. Hi Kevin,
    In the Network Management, in Discovery rules, Am using Explicit Discovery method while trying to add multiple devices at a time using "IMPORT" option via text file as mentioned, am getting error as duplicate entry.
    Kindly help me in this. Thanks in advance.