NopeSight Scanner Agent Deployment
The NopeSight Scanner is a Windows-based network discovery agent that automatically scans your infrastructure, collects system information, and integrates with the NopeSight platform. It provides comprehensive visibility into your network through automated scanning and real-time communication with the NopeSight backend.
Overview
The NopeSight Scanner operates as a standalone Windows application with two modes:
- GUI Mode: Interactive desktop application for manual scanning and configuration
- Service Mode: Windows service for scheduled automated scanning
Agent Architecture
How NopeSight Scanner Works
Scanner Components
Network Scanner: Discovers devices on your network, identifies open ports, and determines which scanning protocols to use.
Protocol Scanners: Collect detailed information using the appropriate protocol:
- WMI Scanner: Gathers comprehensive data from Windows systems (hardware, software, network connections, users)
- SSH Scanner: Collects information from Linux/Unix systems (packages, processes, network state)
- SNMP Scanner: Discovers network devices and their configurations
- vCenter Scanner: Integrates with VMware infrastructure to discover virtual machines and hosts
WebSocket Client: Maintains a persistent connection to NopeSight for real-time control and status updates.
System Requirements
Minimum Requirements
| Component | Requirement |
|---|---|
| Operating System | Windows 10/11 or Windows Server 2016+ (64-bit) |
| Processor | Multi-core processor (recommended for large network scans) |
| Memory | 2 GB RAM minimum, 4 GB+ recommended |
| Disk Space | 1 GB free space (for application, logs, and scan results) |
| Privileges | Administrative privileges required for service mode |
Network Port Requirements
The NopeSight Scanner requires specific network ports for communication and scanning operations.
Outbound Connections (Scanner → NopeSight Platform)
| Port | Protocol | Purpose |
|---|---|---|
| 443 | HTTPS/WSS | API communication and WebSocket connection to api.nopesight.com |
Scanning Ports (Scanner → Target Devices)
Windows Systems (WMI Scanning)
| Port | Protocol | Purpose | Notes |
|---|---|---|---|
| 135 | TCP | RPC Endpoint Mapper | Required for WMI |
| 445 | TCP | SMB/CIFS | Required for both WMI and fallback mode |
| 49152-65535 | TCP | Dynamic RPC | Used by WMI (configurable range) |
If RPC ports are blocked, the scanner automatically falls back to PAExec mode, which only requires port 445 (SMB). This is useful in restrictive firewall environments.
Linux/Unix Systems (SSH Scanning)
| Port | Protocol | Purpose |
|---|---|---|
| 22 | TCP | SSH |
Network Devices (SNMP Scanning)
| Port | Protocol | Purpose |
|---|---|---|
| 161 | UDP | SNMP Queries |
VMware vCenter
| Port | Protocol | Purpose |
|---|---|---|
| 443 | HTTPS | vCenter API |
Deployment Process
Step 1: Download the Scanner
Download the NopeSight Scanner portable version from your NopeSight platform:
- Log in to your NopeSight instance
- Navigate to Discovery → Agents
- Click Download Agent button
- Extract the ZIP file to your desired location
Step 2: Initial Setup
- Launch the Application: Run
NopesightScanner.exefrom the extracted folder - Configure Integration:
- Navigate to the Integrations tab
- Enter your NopeSight API URL (e.g.,
https://api.nopesight.com) - Enter your Discovery API Key (generated from the NopeSight platform)
- Test the connection
Step 3: Configure Credentials
For the scanner to collect information from target systems, you need to provide appropriate credentials:
Windows Systems:
- Navigate to the Credentials tab
- Add domain or local administrator credentials
- Format:
domain\usernameorusername@domain.com
Linux/Unix Systems:
- Add SSH credentials (username/password or SSH keys)
- Root or sudo access recommended for complete inventory
VMware vCenter:
- Add vCenter administrator or read-only credentials
All credentials are encrypted using Fernet (AES-128-CBC) with a local key file and stored locally. Credentials are never sent to the NopeSight platform.
Step 4: Configure Scanning
- Navigate to the Scan tab
- Enter your network ranges (supports CIDR notation:
192.168.1.0/24) - Select protocols to use (WMI, SSH, SNMP, vCenter)
- Click Start Scan to perform a manual scan
Step 5: Set Up Scheduled Scanning (Optional)
For automated scanning:
- Navigate to the Scheduler tab
- Add scan configurations with:
- Network ranges to scan
- Schedule (daily, weekly, custom time)
- Enable/disable individual schedules
- Navigate to the Service tab
- Install and start the Windows service
Once the service is running, scans will execute automatically according to your schedule.
Operating Modes
GUI Mode
The desktop application provides:
- Interactive Scanning: Manually initiate scans and see real-time progress
- Credential Management: Add, edit, and test credentials for target systems
- Schedule Configuration: Set up automated scanning schedules
- Service Control: Install, start, stop, and monitor the Windows service
- Integration Settings: Configure connection to NopeSight platform
- Status Monitoring: View scan history and WebSocket connection status
Best for:
- Initial setup and configuration
- Ad-hoc scanning operations
- Testing credentials and connectivity
- Troubleshooting scan issues
Service Mode
The Windows service provides:
- Automated Scanning: Executes scheduled scans without user interaction
- Real-time Communication: Maintains WebSocket connection for remote management
- Background Operation: Runs independently of user sessions
- System Startup: Automatically starts when Windows boots
Best for:
- Production environments
- Continuous discovery operations
- Remote-managed scanning
- Unattended operations
Real-Time Communication
WebSocket Connection
The NopeSight Scanner maintains a persistent WebSocket connection to the platform for real-time management and control.
Remote Management Capabilities
Through the WebSocket connection, the NopeSight platform can:
- Monitor Agent Status: Real-time health and connectivity monitoring
- Trigger Scans: Initiate on-demand scans remotely
- Update Schedules: Modify scanning schedules without accessing the agent
- Retrieve Metrics: Get system metrics (CPU, memory, disk usage)
- View Configuration: Check current agent settings and capabilities
System Metrics
The agent reports the following metrics to the platform:
| Metric | Description |
|---|---|
| CPU Usage | Current processor utilization |
| Memory Usage | RAM consumption percentage |
| Disk Space | Available disk space for scan results |
| Local IP | Agent's primary network address |
| Scan Statistics | Number of scans completed, success rate |
Security & Compliance
Authentication & Authorization
API Key Authentication: The scanner uses a discovery API key generated from the NopeSight platform for all communications.
WebSocket Security: All WebSocket connections use WSS (WebSocket Secure) over TLS 1.2+ for encrypted communication.
Credential Protection: Target system credentials are encrypted using Windows DPAPI and stored locally - they never leave the agent system.
Network Security
Firewall Configuration: The scanner only requires outbound HTTPS (port 443) access to the NopeSight platform. No inbound connections are needed.
Data Encryption: All data transmitted to the platform is encrypted in transit using TLS.
SSL Verification: SSL certificate verification is enabled by default and can be configured if using self-signed certificates.
Best Practices
Deployment Security:
- Run the scanner from a dedicated management workstation or server
- Use dedicated service accounts with appropriate permissions
- Implement network segmentation to isolate scanning traffic
- Regularly rotate API keys and credentials
Credential Management:
- Use read-only accounts where possible
- Implement least-privilege access for scanning
- Regularly audit and update stored credentials
- Use domain accounts for Windows scanning when available
Monitoring:
- Review scan logs regularly for failed authentication attempts
- Monitor WebSocket connection status
- Track scan success rates and investigate failures
- Set up alerts for agent disconnections
Scanning Workflow
How Scanning Works
When a scan is initiated (manually or scheduled), the NopeSight Scanner follows this process:
Data Collection
For each discovered device, the scanner collects:
Windows Systems (WMI):
- System information (manufacturer, model, serial number)
- Operating system details and patch level
- Hardware inventory (CPU, memory, disks, network adapters)
- Installed software and applications
- Running services and processes
- Active network connections
- User accounts (with domain detection)
Linux/Unix Systems (SSH):
- System information and kernel version
- Hardware details (CPU, memory, storage)
- Network interfaces and IP configurations
- Installed packages (dpkg/rpm)
- Running processes and services
- Active network connections
- User accounts (non-system only)
VMware Infrastructure (vCenter):
- vCenter server information
- Datacenter and cluster structure
- ESXi host inventory
- Virtual machine details
- Resource allocation and usage
- Relationship mapping between objects
Network Devices (SNMP):
- Device identification
- Interface configurations
- System uptime and performance metrics
Monitoring & Management
Agent Status Monitoring
You can monitor your NopeSight Scanner agents through the platform:
In the NopeSight Platform:
- Navigate to Discovery → Agents
- View all registered agents with their status:
- Online: Agent is connected via WebSocket
- Offline: Agent hasn't reported in recently
- Scanning: Currently performing a scan
- Error: Agent encountered issues
Agent Information Displayed:
- Agent name and unique identifier
- Last connection time
- System metrics (CPU, memory, disk usage)
- Number of scans completed
- Current schedule configuration
- Connection quality
Remote Management
From the NopeSight platform, you can remotely:
Trigger Scans: Initiate an immediate scan without accessing the agent system
- Select target IP ranges
- Choose specific protocols
- Monitor scan progress in real-time
Update Schedules: Modify scanning schedules remotely
- Add or remove scheduled scans
- Change scan frequencies
- Enable or disable specific schedules
Monitor Performance: View agent performance metrics
- CPU and memory usage trends
- Scan duration statistics
- Success and failure rates
- Network bandwidth usage
View Logs: Access agent logs for troubleshooting (if enabled)
Troubleshooting
Common Issues and Solutions
Agent Shows Offline in Platform
Symptoms:
- Agent status shows "Offline" in the platform
- No recent scan data received
- Last check-in timestamp is outdated
Solutions:
- Check if the Windows service is running (Service Mode)
- Verify network connectivity to api.nopesight.com on port 443
- Confirm API key is correct in the Integrations tab
- Check Windows Firewall settings for outbound HTTPS
- Review agent logs for connection errors
Scans Not Starting Automatically
Symptoms:
- Scheduled scans not executing
- Manual scans work but scheduled ones don't
Solutions:
- Verify the Windows service is installed and running
- Check that schedules are enabled in the Scheduler tab
- Confirm schedule times are correct (uses 24-hour format)
- Ensure the service has necessary permissions
- Check service logs for error messages
WMI Scanning Fails
Symptoms:
- Windows systems not being scanned
- "Access Denied" errors in logs
- Incomplete data for Windows servers
Solutions:
- Verify credentials are correct (domain\username format)
- Ensure firewall allows ports 135 and 445 from the scanner
- Check that RPC is enabled on target systems
- Try using domain administrator account for testing
- Enable PAExec fallback if RPC ports are blocked (uses only port 445)
SSH Scanning Issues
Symptoms:
- Linux systems not responding
- Authentication failures
- Empty or incomplete scan data
Solutions:
- Verify SSH credentials are correct
- Ensure port 22 is open on target systems
- Check that SSH service is running
- Confirm user has sufficient privileges (root or sudo recommended)
- Test SSH connection manually first
High CPU or Memory Usage
Symptoms:
- Scanner consuming excessive resources
- System slowdown during scans
- Long scan durations
Solutions:
- Reduce the number of concurrent scan targets
- Increase scan intervals for scheduled scans
- Limit the IP range being scanned
- Close the GUI application when using Service Mode
- Schedule scans during off-peak hours
Scan Results Not Appearing in Platform
Symptoms:
- Scans complete but no data in CMDB
- Upload failures in logs
- Inconsistent data synchronization
Solutions:
- Verify API key has correct permissions
- Check network connectivity during scan upload
- Ensure scan results directory has write permissions
- Review integration logs for upload errors
- Manually retry upload for failed scans
Log Locations
Scanner logs are stored in the logs directory within the application folder:
- agent.log: Main agent activity and WebSocket communication
- service.log: Windows service operations
- scheduler.log: Scheduled scan execution
- integrations.log: Platform upload activity
- app.log: General application logs
To review logs:
- Navigate to the scanner installation directory
- Open the
logsfolder - View recent log files with a text editor
- Look for ERROR or WARNING entries
Best Practices
Deployment Planning
Start Small:
- Begin with a pilot deployment in a test network
- Validate connectivity and credential access
- Verify scan results are accurate before scaling
- Document any firewall or access issues encountered
Network Considerations:
- Deploy the scanner in a network location with access to all target subnets
- Consider network segmentation and routing requirements
- Plan for firewall rule changes with your security team
- Document required ports and protocols
Credential Strategy:
- Use read-only accounts where full access isn't required
- Create dedicated service accounts for scanning
- Use domain accounts for Windows scanning to simplify credential management
- Regularly audit and rotate credentials
Scheduling Strategy
Off-Peak Scanning:
- Schedule intensive scans during low-usage periods (nights, weekends)
- Stagger multiple scan schedules to avoid resource contention
- Monitor scan duration and adjust schedules accordingly
Frequency Recommendations:
- Daily: Critical servers and frequently changing environments
- Weekly: Standard infrastructure and workstations
- Monthly: Stable environments and network devices
Scan Scope:
- Group similar systems together (e.g., production vs. development)
- Create separate schedules for different network segments
- Limit scan ranges to avoid unnecessary network traffic
Performance Optimization
Resource Management:
- Close the GUI application when using Service Mode to reduce memory usage
- Monitor scanner system resources (CPU, memory, disk)
- Limit the number of concurrent scans for large networks
- Use dedicated hardware for scanning large environments
Network Optimization:
- Reduce scan scope to only necessary IP ranges
- Use exclude lists for known non-responsive addresses
- Schedule scans during low-traffic periods
- Monitor network bandwidth impact
Security Recommendations
Access Control:
- Run the scanner from a secure, managed system
- Limit administrative access to the scanner system
- Use Windows Firewall to restrict unnecessary inbound connections
- Enable audit logging on the scanner system
Credential Protection:
- Store credentials only on the scanner system (not in documentation)
- Use Windows DPAPI encryption (automatic with NopeSight Scanner)
- Regularly review and update stored credentials
- Remove credentials for decommissioned systems
API Key Management:
- Generate unique API keys per scanner instance
- Rotate API keys periodically
- Revoke keys for decommissioned scanners immediately
- Monitor API key usage in the platform
Maintenance
Regular Updates:
- Keep the scanner application up to date
- Review release notes for new features and fixes
- Test updates in a non-production environment first
- Plan update windows to minimize disruption
Log Management:
- Review logs weekly for errors or warnings
- Clean old scan results periodically to free disk space
- Monitor log file sizes (automatic rotation after 20MB)
- Archive important logs before cleanup
Health Monitoring:
- Check agent status daily in the platform
- Monitor scan success rates
- Investigate repeated scan failures promptly
- Set up alerts for agent disconnections
Firewall Configuration Guide
Scanner System (Outbound Rules)
Required:
- Allow TCP 443 to api.nopesight.com (HTTPS/WebSocket)
- Allow TCP 22, 135, 445 to target networks (scanning)
- Allow UDP 161 to target networks (SNMP)
Optional:
- Allow TCP 443 to vCenter servers (VMware scanning)
Target Systems (Inbound Rules from Scanner)
Windows Systems:
- Allow TCP 135 from scanner IP (RPC)
- Allow TCP 445 from scanner IP (SMB)
- Allow TCP 49152-65535 from scanner IP (Dynamic RPC)
Linux/Unix Systems:
- Allow TCP 22 from scanner IP (SSH)
Network Devices:
- Allow UDP 161 from scanner IP (SNMP)
Frequently Asked Questions
Q: Can I run multiple scanners in my environment? A: Yes! You can deploy multiple scanners in different network segments. Each scanner connects independently to the platform with its own API key.
Q: What happens if the scanner loses connectivity during a scan? A: The scan continues locally, and results are stored on the scanner system. Once connectivity is restored, results are automatically uploaded to the platform.
Q: Can I scan systems in different network segments? A: Yes, as long as the scanner has network routing and firewall access to those segments. You may need multiple scanners for completely isolated networks.
Q: How much bandwidth does scanning consume? A: Bandwidth usage varies by scan scope. A typical device scan uses 1-5 MB of data. Port scanning is low-bandwidth; data collection uses more.
Q: Do I need administrator rights on all target systems? A: For best results, yes. However, read-only credentials may provide sufficient data depending on your needs. SSH scanning works better with root/sudo access.
Q: Can I scan cloud resources (AWS, Azure)? A: The scanner can reach any system accessible over the network. For cloud VMs, ensure network connectivity (VPN, ExpressRoute, Direct Connect) and security group rules allow scanning ports.
Q: What antivirus exceptions are recommended? A: Add the scanner installation directory to your antivirus exclusions. Port scanning behavior may trigger security alerts if not excluded.
Next Steps
After deploying your NopeSight Scanner agent:
- Configure scheduled scans for automated discovery
- Review scan results in the CMDB
- Set up dependency mapping for critical applications
- Explore AI-powered insights and relationship analysis