2.8.1 Detecting devices by using the network monitoring function
You can detect a new device attempting to access the network by enabling the network monitor for the network segment groups displayed in the Network List view. To display the Network List view, in the Device module, select Device Inventory and then Network List. A network search is automatically performed for the detected device. If the device is discovered, its access to the network is controlled according to the network monitor settings.
- Important note
-
Before using the network monitoring function, make sure that you are fully aware of the devices to which network access is granted and those to which network access is denied. If network access control is applied incorrectly, network access control can cause unexpected business interruptions, for example, by disabling network access for devices used for business operations.
- Tip
-
To detect devices, enable the network monitor for a single computer on which an agent is installed per network segment. By installing an agent on and enabling the network monitor for a computer capable of accessing multiple networks using multiple network cards, you can monitor multiple network segments using just one computer. Set an appropriate IP address range for the network segment and assign the corresponding authentication information. If a detected device has a network address that is outside the IP address range, a search is performed without using the authentication information. In this case, only the MAC address and IP address information is acquired from that device.
The following figure shows how a device connected to the network is detected and registered inJP1/IT Desktop Management:
-
The computer on which an agent is installed and for which the network monitor is enabled detects a device attempting to access the network.
-
The computer on which an agent is installed and for which the network monitor is enabled notifies the management server that a device has been detected.
-
Based on the received information, the management server searches the network for the detected device.
- Tip
-
If you want to perform agentless authentication when the device is discovered, you need to set the IP address range that includes the IP addresses monitored by the network monitor as well as the corresponding authentication information in advance.
-
If the device is discovered during the search, it is automatically included as the management target or an agent is automatically deployed to it, depending on the search conditions.
- Important note
-
The network monitoring function cannot detect devices in the network segments that cannot be accessed directly from the management server, such as networks through NAT.
- Important note
-
If you have enabled the setting for automatically deploying an agent to a device discovered during network search, an agent is deployed to a discovered computer even when that computer is denied network access.
Under this circumstance, an agent is installed on a computer that is denied network access. Depending on the network control setting specified in the security policy and the result of a security check performed for that computer, the computer might be able to access the network.
- Important note
-
If you remove a device that has been discovered by the network monitoring function, that device cannot be rediscovered until you disconnect from the network and then reconnect to it. If the time interval between network disconnection and reconnection is too short, the device might not be rediscovered.
- Tip
-
Regardless of whether Permit or Not Permit is specified in the network monitor settings, devices accessing the network can be discovered. If the network monitor discovers a device, a network search is automatically performed for that device. If you have enabled the Auto-Manage Discovered Nodes or Auto-Install Agent setting for the network search, the device discovered by the network monitor is automatically included as a management target or an agent is automatically deployed to the device. The device then becomes a management target, and a product license is used for that device.
If you do not want to automatically include a discovered device as a management target, clear the Auto-Manage Discovered Nodes and Auto-Install Agent check boxes in Configurations so that you can manually select management targets.
The network monitoring function monitors the following networks:
-
IPv4 networks. The IPv6 networks are not supported.
-
The network monitoring function monitors computers running the OSs listed below. Computers running other OSs can be included as management targets only if such computers use standard TCP/IP network protocols.
-
Windows 95
-
Windows 98
-
Windows Me
-
Windows XP
-
Windows NT 3.51 and 4.0
-
Windows 2000
-
Windows Server 2003
-
Windows Vista
-
Windows Server 2008
-
Windows 7
-
Windows Server 2012
-
Windows 8
-
-
The network monitoring function monitors TCP/IP network protocols. Protocols such as NetBEUI and IPX are not supported.
-
To control devices accessing a wireless LAN, make sure that the access point relays MAC address information. If the access point does not relay MAC address information, network control cannot be performed.