2.8.1 Detecting devices by using the network monitoring function

You can detect a new device attempting to access the network by enabling the network monitor for the network segment groups displayed in the Network List view. To display the Network List view, in the Inventory module, select Device Inventory and then Network List. A network search is automatically performed for the detected device. If the device is discovered, its access to the network is controlled according to the network monitor settings.

Important

Before using the network monitoring function, make sure that you are fully aware of the devices to which network access is granted and those to which network access is denied. If network access control is applied incorrectly, network access control can cause unexpected business interruptions, for example, by disabling network access for devices used for business operations.

Important

The network monitoring function is not available for shared VDI-based virtual computers.

Tip

You cannot use network control to disconnect connections with a management server, a relay system, or a computer on which network access control is enabled.

Tip

To detect devices, enable the network monitor for a single computer on which an agent is installed per network segment. By installing an agent on and enabling the network monitor for a computer capable of accessing multiple networks using multiple network cards, you can monitor multiple network segments using just one computer. Set an appropriate IP address range for the network segment and assign the corresponding authentication information. If a detected device has a network address that is outside the IP address range, a search is performed without using the authentication information. In this case, only the MAC address and IP address information is acquired from that device.

The following figure shows how a device connected to the network is detected and registered inJP1/IT Desktop Management 2:

1. The computer on which an agent is installed and for which the network monitor is enabled detects a device attempting to access the network.

2. The computer on which an agent is installed and for which the network monitor is enabled notifies the management server that a device has been detected.

3. Based on the received information, the management server searches the network for the detected device.

   Important

   If a search for devices (network search) is already running, the system waits until the search ends. If the network monitoring function is taking long time to detect devices, implement countermeasures such as narrowing the search range of the device search (network search).

   Tip

   If you want to perform agentless authentication when the device is discovered, you need to set the IP address range that includes the IP addresses monitored by the network monitor as well as the corresponding authentication information in advance.

4. If the device is discovered during the search, it is automatically included as the management target or an agent is automatically deployed to it, depending on the search conditions.

Important

The network monitoring function cannot detect devices in the network segments that cannot be accessed directly from the management server, such as networks through NAT.

To use the network monitoring functions in a network connected via NAT, you must build a multi-server configuration system where a management server is installed for each network segment.

Important

If you have enabled the setting for automatically deploying an agent to a device discovered during network search, an agent is deployed to a discovered computer even when that computer is denied network access.

Under this circumstance, an agent is installed on a computer that is denied network access. Depending on the network control setting specified in the security policy and the result of a security check performed for that computer, the computer might be able to access the network.

Important

If you remove a device that has been discovered by the network monitoring function, that device cannot be rediscovered until you disconnect from the network and then reconnect to it. If the time interval between network disconnection and reconnection is too short, the device might not be rediscovered.

Tip

Regardless of whether Permit or Not Permit is specified in the network monitor settings, devices accessing the network can be discovered. If the network monitor discovers a device, a network search is automatically performed for that device. If you have enabled the Auto-Manage Discovered Nodes or Auto-Install Agent setting for the network search, the device discovered by the network monitor is automatically included as a management target or an agent is automatically deployed to the device. The device then becomes a management target, and a product license is used for that device.

If you do not want to automatically include a discovered device as a management target, clear the Auto-Manage Discovered Nodes and Auto-Install Agent check boxes in Configurations so that you can manually select management targets.

The network monitoring function monitors the following networks:

• IPv4 networks. The IPv6 networks are not supported.

• Only computers that use standard TCP/IP can be monitored.

• The network monitoring function monitors TCP/IP network protocols. Protocols such as NetBEUI and IPX are not supported.

• To control devices accessing a wireless LAN, make sure that the access point relays MAC address information. If the access point does not relay MAC address information, network control cannot be performed.

To Page Top