Discovery Requirements
This guide outlines the requirements for the different discovery methods used by Tripl-i to find and map your IT infrastructure.
Discovery Methods Overview
Tripl-i utilizes a hybrid approach to discovery, combining agent-based and agentless methods to ensure complete and accurate infrastructure visibility.
Agent-Based Discovery
This method uses a dedicated Tripl-i Scanner Agent deployed on a Windows host within your network. It provides deep system information, enables real-time updates, and can securely scan devices behind firewalls with minimal network impact.
Agentless Discovery
This method involves the Tripl-i Scanner Agent scanning target devices over the network using standard management protocols like WMI, SSH, and SNMP. It does not require any software to be installed on the target devices.
Hybrid Discovery
For the most comprehensive results, Tripl-i uses a hybrid model where the Scanner Agent performs agentless scans, combining the depth of agent-based collection with the breadth of agentless scanning.
Agent-Based Discovery Requirements
This section details the requirements for the Windows machine that will host the Tripl-i Scanner Agent.
System Requirements
| Component | Requirement |
|---|---|
| Operating System | Windows 10/11 or Windows Server 2016+ (64-bit) |
| Processor | Multi-core processor (recommended for large networks) |
| Memory | 2 GB RAM minimum, 4 GB+ recommended |
| Disk Space | 1 GB free space (for the application, logs, and scan results) |
| Privileges | Administrative privileges are required to install and run the agent in Service Mode. |
Outbound Network Requirements
The machine running the scanner agent requires outbound internet access to the Tripl-i platform.
| Destination | Port | Protocol | Purpose |
|---|---|---|---|
api.tripl-i.com | 443 | HTTPS/WSS | For API communication and real-time WebSocket control. |
Agentless Discovery Requirements
This section details the requirements for the target devices that you intend to scan. The Tripl-i Scanner Agent must be able to reach these devices over the network.
Windows Systems (WMI)
For scanning Windows servers and workstations.
| Port | Protocol | Purpose | Notes |
|---|---|---|---|
| 135 | TCP | RPC Endpoint Mapper | Required for initial WMI connection. |
| 445 | TCP | SMB/CIFS | Required for WMI and the PAExec fallback mode. |
| 49152-65535 | TCP | Dynamic RPC Range | Used by WMI for communication. |
Firewall Tip: If opening the dynamic RPC port range is not feasible, the scanner can use a PAExec fallback mode which only requires port 445 (SMB) to be open.
Credentials: A user account with local administrator privileges on the target machines. A domain administrator account is recommended for ease of management.
Linux/Unix Systems (SSH)
For scanning servers running Linux or other Unix-like operating systems.
| Port | Protocol | Purpose |
|---|---|---|
| 22 | TCP | SSH |
Credentials: An SSH user with sudo or root access is recommended to gather a complete inventory. Password-based and key-based authentication are both supported.
Network Devices (SNMP)
For discovering and scanning switches, routers, firewalls, and other network hardware.
| Port | Protocol | Purpose |
|---|---|---|
| 161 | UDP | SNMP Queries |
Credentials: A valid SNMP community string (for v1/v2c) or user credentials (for v3).
VMware vCenter
For discovering vSphere environments, including ESXi hosts and virtual machines.
| Port | Protocol | Purpose |
|---|---|---|
| 443 | HTTPS | vCenter API |
Credentials: A vCenter user account with at least read-only privileges.
SQL Server Database Discovery
SQL Server database discovery is automatically triggered during Windows WMI scans when SQL Server is detected on the target system. No additional network configuration is required.
How It Works:
- The scanner detects SQL Server by checking the Windows registry
- Database queries are executed locally on the target server using SQLCMD
- All communication uses the existing WMI connection (ports 135, 445)
Requirements on Target Server:
| Requirement | Description |
|---|---|
| SQL Server Command Line Utilities | SQLCMD must be installed on the target server |
| SQL Server Login | The WMI scanning account must have a SQL Server login |
| Windows Authentication | The scanner uses Windows Authentication (no separate SQL password needed) |
SQL Server Permissions: The scanning account needs specific SQL Server permissions to collect full database information. See the Credentials Requirements for detailed permission setup.
What Gets Discovered:
- SQL Server instances (default and named)
- Instance configuration (version, edition, memory, authentication mode)
- All databases with sizes, backup status, and encryption status
- Active database connections
- Linked servers
For detailed information, see the SQL Server Database Discovery Reference.