1.1.1 Identifying all devices used in your organization

(1) Searching for devices registered in Active Directory

This approach is one way of searching for devices used in your organization. Using the Getting Started wizard, you can search for devices registered in Active Directory.

The Getting Started wizard allows you to set the domain information and search schedule for the Active Directory you want to search. When the wizard is complete, the search begins according to the set schedule.

To search for devices registered in Active Directory:

1. In the top of the view, select the Go menu, and then Getting Started Wizard.

2. In the What is this Wizard? view, check the settings for managing devices, and then click the Next button.

3. Select Discover Nodes, and then click the Next button.

4. Select Discovery from Active Directory, and then click the Next button.

5. Set the domain information of the Active Directory you want to access, and then click the Next button.

   To make sure that you can access the set Active Directory, click the Test button.

6. Set the search schedule, and then click the Next button.

7. Set whether to automatically include the discovered devices as management targets and whether to automatically deploy agents to them, and then click the Next button.

8. If you want to inform yourself (administrator) of completion of the search by email, specify the notification destination and the mail server information, and then click the Next button.

9. In the Confirm Content and Finish Settings view, check the settings, and then click the Complete button.

10. In the displayed Discovery Settings Configured view, click the Close button.

The search is performed according to the set search schedule.

To view the search results, in the Settings module, select Discovery, Last Discovery Log, and then Active Directory to display the Active Directory view.

Tip

The settings specified in the wizard are applied to the Active Directory view. To display the Active Directory view, in the Settings module, select Discovery, Configurations, and then Active Directory. You can also start a search by specifying search conditions in this view.

Related Topics:

• 15.2.2 Specifying search conditions (searching Active Directory)

• 15.2.4 Checking the device discovery status

To Page Top

(2) Searching for devices connected to the network

This approach is one way of searching for devices used in your organization. Using the Getting Started wizard, you can search for devices connected to the network.

The Getting Started wizard allows you to set the range of IP addresses to be searched and the authentication information to be used during the search. When the wizard is complete, the search begins according to the set schedule.

To search for devices connected to the network:

1. In the top of the view, select the Go menu, and then Getting Started Wizard.

2. In the What is this Wizard? view, check the method used to specify the settings for managing devices, and then click the Next button.

3. Select Discover Nodes, and then click the Next button.

4. Select Discovery from IP Address Range, and then click the Next button.

5. Set the range of IP addresses to be searched, and then click the Next button.

   By default, Management Server is set as the IP address range. Management Server is a network segment that contains a management server.

   Important note

   If you want to specify a period of time to intensively search, specify settings so that the number of IP addresses that are contained in the IP address range is 50,000 or lower. If the number of IP addresses exceeds 50,000, the network search might stop.

6. Set the authentication information to be used during the search, and then click the Next button.

7. Set the authentication information to be used for each IP address range, and then click the Next button.

   Important note

   If an IP address range includes devices that are configured to lock the account after a specific number of failed logon attempts, assign specific authentication information for each IP address range. If you select Any, all authentication information items are used in an attempt to access devices, which can lead to some users unexpectedly getting locked out of their accounts.

   Important note

   If you select Any, each authentication information item is used in an attempt to access devices. The high network access frequency imposes a heavy load on the network. Select this option only after carefully considering the possible network load.

8. Set the search schedule, and then click the Next button.

   Important note

   If you select the Intensive Discovery check box, the search is repeated one after another during the specified period of time. During this time, the network is placed under heavy load. Select this option only after carefully considering the possible network load.

9. Set whether to automatically include the discovered devices as management targets and whether to automatically deploy agents to them, and then click the Next button.

10. If you want to inform yourself (administrator) of completion of the search by email, specify the notification destination and the mail server information, and then click the Next button.

11. In the Confirm Content and Finish Settings view, check the settings, and then click the Complete button.

12. In the displayed Discovery Settings Configured view, click the Close button.

The search is performed according to the set search schedule.

To view the search results, in the Settings module, select Discovery, Last Discovery Log, and then IP Address Range to display the IP Address Range view.

Tip

The settings specified in the wizard are applied to the IP Address Range view. To display the IP Address Range view, in the Settings module, select Discovery, Configurations, and then IP Address Range. You can also start a search by specifying search conditions in this view.

Related Topics:

• 15.2.1 Specifying search conditions (discovery from IP address)

• 15.2.4 Checking the device discovery status

To Page Top

(3) Detecting devices by using the network monitoring function

You can detect a new device attempting to access the network by enabling the network monitor for the network segment groups displayed in the Network List view. To display the Network List view, in the Device module, select Device Inventory and then Network List. A network search is automatically performed for the detected device. If the device is discovered, its access to the network is controlled according to the network monitor settings.

Important note

Before using the network monitoring function, make sure that you are fully aware of the devices to which network access is granted and those to which network access is denied. If network access control is applied incorrectly, network access control can cause unexpected business interruptions, for example, by disabling network access for devices used for business operations.

Tip

To detect devices, enable the network monitor for a single computer on which an agent is installed per network segment. By installing an agent on and enabling the network monitor for a computer capable of accessing multiple networks using multiple network cards, you can monitor multiple network segments using just one computer. Set an appropriate IP address range for the network segment and assign the corresponding authentication information. If a detected device has a network address that is outside the IP address range, a search is performed without using the authentication information. In this case, only the MAC address and IP address information is acquired from that device.

The following figure shows how a device connected to the network is detected and registered inJP1/IT Desktop Management:

1. The computer on which an agent is installed and for which the network monitor is enabled detects a device attempting to access the network.

2. The computer on which an agent is installed and for which the network monitor is enabled notifies the management server that a device has been detected.

3. Based on the received information, the management server searches the network for the detected device.

   Tip

   If you want to perform agentless authentication when the device is discovered, you need to set the IP address range that includes the IP addresses monitored by the network monitor as well as the corresponding authentication information in advance.

4. If the device is discovered during the search, it is automatically included as the management target or an agent is automatically deployed to it, depending on the search conditions.

Important note

The network monitoring function cannot detect devices in the network segments that cannot be accessed directly from the management server, such as networks through NAT.

Important note

If you have enabled the setting for automatically deploying an agent to a device discovered during network search, an agent is deployed to a discovered computer even when that computer is denied network access.

Under this circumstance, an agent is installed on a computer that is denied network access. Depending on the network control setting specified in the security policy and the result of a security check performed for that computer, the computer might be able to access the network.

Important note

If you remove a device that has been discovered by the network monitoring function, that device cannot be rediscovered until you disconnect from the network and then reconnect to it. If the time interval between network disconnection and reconnection is too short, the device might not be rediscovered.

Tip

Regardless of whether Permit or Not Permit is specified in the network monitor settings, devices accessing the network can be discovered. If the network monitor discovers a device, a network search is automatically performed for that device. If you have enabled the Auto-Manage Discovered Nodes or Auto-Install Agent setting for the network search, the device discovered by the network monitor is automatically included as a management target or an agent is automatically deployed to the device. The device then becomes a management target, and a product license is used for that device.

If you do not want to automatically include a discovered device as a management target, clear the Auto-Manage Discovered Nodes and Auto-Install Agent check boxes in Configurations so that you can manually select management targets.

The network monitoring function monitors the following networks:

• IPv4 networks. The IPv6 networks are not supported.

• The network monitoring function monitors computers running the OSs listed below. Computers running other OSs can be included as management targets only if such computers use standard TCP/IP network protocols.

  • Windows 95

  • Windows 98

  • Windows Me

  • Windows XP

  • Windows NT 3.51 and 4.0

  • Windows 2000

  • Windows Server 2003

  • Windows Vista

  • Windows Server 2008

  • Windows 7

  • Windows Server 2012

  • Windows 8

• The network monitoring function monitors TCP/IP network protocols. Protocols such as NetBEUI and IPX are not supported.

• To control devices accessing a wireless LAN, make sure that the access point relays MAC address information. If the access point does not relay MAC address information, network control cannot be performed.

To Page Top

(4) Planning the installation of agents

After identifying all the devices used in your organization, determine which computers in your organization need to have agents installed, and how to install the agents.

Computers on which to install agents

Of the computers used in your organization, select the ones to which you want to apply security control and distribute software by using JP1/IT Desktop Management, and then install agents on them.

Computers with agents installed automatically become the management target of JP1/IT Desktop Management. A JP1/IT Desktop Management license is used for each computer that becomes a management target. Therefore, we recommend that you consider the number of available licenses when determining the computers on which to install agents.

Tip

If you want to apply security control to the management server, install an agent on the security server in the same way as you install an agent on a user's computer.

How to install agents

You can install agents on computers either manually or automatically.

You might prefer one approach over another in terms of installation conditions that are important to you. Check each approach and use the one that is appropriate for your environment.

Manually installing agents on computers

First, create an installation set. Then, using the installation set, install agents on computers. You can manually install agents on computers in one of the following seven ways:

• Upload an agent to a Web server.

• Upload an agent to a file server.

• Distribute the agent installation media (CD-R or USB memory) to users.

• Distribute agents to users as a file attached to an email.

• Install an agent on the computer by using a logon script.

• Install an agent on the computer by using the disk copy feature.

• Install an agent on the computer from the provided medium.

Automatically installing agents on computers

From the management server, automatically deploy agents to the individual computers. You can automatically install agents on computers in one of the following two ways:

• Automatically deploy agents to every computer discovered during the search.

• Deploy agents to selected groups of computers on which agents have not yet been installed.

Related Topics:

• 1.1.2 Manually installing agents on computers

• 1.1.3 Automatically installing agents on computers

To Page Top