1.1.1 Identifying all devices used in your organization

(1) Searching for devices registered in Active Directory

This approach is one way of searching for devices used in your organization. You can search for devices registered in Active Directory.

In the Settings module, select General, and then Active Directory. In the Active Directory view that appears, specify the domain information for the Active Directory you want to search. Then, in the Settings module, select Discovery, Configuration, and then Active Directory. In the Active Directory view that appears, specify the search condition and other necessary information. When you click the Start Discovery button, the search begins according to the specified schedule.

To search for devices registered in Active Directory:

1. In the Settings module, select General, and then Active Directory to display the Active Directory view.

2. Set the domain information of the Active Directory you want to access.

   To make sure that you can access the set Active Directory, click the Test button.

   Important

   In a multi-server configuration, do not specify the same Active Directory domain information for different management servers. If you do so, you might not be able to manage device information normally because the server that manages the information about a device might be changed unintentionally each time the device is detected.

3. In the Settings module, select Discovery, Configuration, and then Active Directory to display the Active Directory view.

4. In Auto Discovery Schedule, specify the search schedule.

5. In Edit Discovery Option, specify whether to automatically include the discovered devices as management targets and whether to automatically deploy agents to them.

6. To send a notification email to yourself (administrator) after completion of the search, specify the notification destination in Notification of Discovery Completion.

7. Click the Start Discovery button in the upper right corner of the window.

The display changes to the Active Directory view (which is displayed by selecting Discovery, Discovery Log, and then Active Directory in the Settings module), and then the search is performed according to the specified search schedule.

Related Topics:

• 15.2.2 Specifying search conditions (searching Active Directory)

• 15.2.4 Checking the device discovery status

To Page Top

(2) Searching for devices connected to the network

This approach is one way of searching for devices used in your organization. You can search for devices connected to the network.

In the Settings module, select Discovery, Configuration, and then IP Address Range. In the IP Address Range view that appears, set the range of IP addresses to be searched and the authentication information to be used during the search. When you click the Start Discovery button, the search begins according to the specified schedule.

To search for devices connected to the network:

1. In the Settings module, select Discovery, Configuration, and then IP Address Range to display the IP Address Range view.

2. In Search Node Locations, set the range of IP addresses to be searched.

   By default, Management Server is set as the IP address range. Management Server is a network segment that contains a management server.

   Important

   If you want to specify a period of time to intensively search, specify settings so that the number of IP addresses that are contained in the IP address range is 50,000 or lower. If the number of IP addresses exceeds 50,000, the network search might stop.

   If you discover more than 50,000 IP addresses, disable the Intensive Discovery option.

   Important

   In a multi-server configuration, do not specify the same search range for different management servers. If you do so, you might not be able to manage device information normally because the server that manages the information about a device might be changed unintentionally each time the device is detected.

3. In Credentials Used, set the authentication information to be used during the search.

4. In Search Node Locations, set the authentication information to be used for each IP address range.

   Important

   If an IP address range includes devices that are configured to lock the account after a specific number of failed logon attempts, assign specific authentication information for each IP address range. If you select Any, all authentication information items are used in an attempt to access devices, which might cause some users to be unexpectedly locked out of their accounts.

   Important

   If you select Any, each authentication information item is used in an attempt to access devices. The high network access frequency imposes a heavy load on the network. Select this option only after carefully considering the possible network load.

5. In Auto Discovery Schedule, specify the search schedule.

6. In Edit Discovery Option, specify whether to automatically include the discovered devices as management targets and whether to automatically deploy agents to them.

7. To send a notification email to yourself (administrator) after completion of the search, specify the notification destination in Notification of Discovery Completion.

8. Click the Start Discovery button in the upper right corner of the window.

9. In the dialog box that opens, confirm the search settings, and then click the OK button.

   If you select the Intensive Discovery check box, a network search is repeated without a break in the specified period of time. Therefore, we recommend that you select this check box if you want to discover as many devices as possible at the initial stage of operation. For example, if you repeat a search, devices that were turned off and could not be discovered during the first search are more likely to be discovered during the second and subsequent searches.

   Important

   With the Intensive Discovery check box selected, a search that is continuously repeated imposes a heavy load on the network during the specified period of time. Select this check box after due consideration of the load on the network.

The display changes to the IP Address Range view (that is displayed by selecting, Discovery, Discovery Log, and then IP Address Range in the Settings module), and then the search is performed according to the specified search schedule.

Tip

When performing Discovery from IP Address Range to network devices that are in a redundant configuration, a device may be registered as two devices. If you do not want to manage one of devices, set either device to Ignored Node.

Related Topics:

• 15.2.1 Specifying search conditions (discovery from IP address)

• 15.2.4 Checking the device discovery status

To Page Top

(3) Detecting devices by using the network monitoring function

You can detect a new device attempting to access the network by enabling the network monitor for the network segment groups displayed in the Network List view. To display the Network List view, in the Inventory module, select Device Inventory and then Network List. A network search is automatically performed for the detected device. If the device is discovered, its access to the network is controlled according to the network monitor settings.

Important

Before using the network monitoring function, make sure that you are fully aware of the devices to which network access is granted and those to which network access is denied. If network access control is applied incorrectly, network access control can cause unexpected business interruptions, for example, by disabling network access for devices used for business operations.

Important

The network monitoring function is not available for shared VDI-based virtual computers.

Tip

You cannot use network control to disconnect connections with a management server, a relay system, or a computer on which network access control is enabled.

Tip

To detect devices, enable the network monitor for a single computer on which an agent is installed per network segment. By installing an agent on and enabling the network monitor for a computer capable of accessing multiple networks using multiple network cards, you can monitor multiple network segments using just one computer. Set an appropriate IP address range for the network segment and assign the corresponding authentication information. If a detected device has a network address that is outside the IP address range, a search is performed without using the authentication information. In this case, only the MAC address and IP address information is acquired from that device.

The following figure shows how a device connected to the network is detected and registered inJP1/IT Desktop Management 2:

1. The computer on which an agent is installed and for which the network monitor is enabled detects a device attempting to access the network.

2. The computer on which an agent is installed and for which the network monitor is enabled notifies the management server that a device has been detected.

3. Based on the received information, the management server searches the network for the detected device.

   Important

   If a search for devices (network search) is already running, the system waits until the search ends. If the network monitoring function is taking long time to detect devices, implement countermeasures such as narrowing the search range of the device search (network search).

   Tip

   If you want to perform agentless authentication when the device is discovered, you need to set the IP address range that includes the IP addresses monitored by the network monitor as well as the corresponding authentication information in advance.

4. If the device is discovered during the search, it is automatically included as the management target or an agent is automatically deployed to it, depending on the search conditions.

Important

The network monitoring function cannot detect devices in the network segments that cannot be accessed directly from the management server, such as networks through NAT.

To use the network monitoring functions in a network connected via NAT, you must build a multi-server configuration system where a management server is installed for each network segment.

Important

If you have enabled the setting for automatically deploying an agent to a device discovered during network search, an agent is deployed to a discovered computer even when that computer is denied network access.

Under this circumstance, an agent is installed on a computer that is denied network access. Depending on the network control setting specified in the security policy and the result of a security check performed for that computer, the computer might be able to access the network.

Important

If you remove a device that has been discovered by the network monitoring function, that device cannot be rediscovered until you disconnect from the network and then reconnect to it. If the time interval between network disconnection and reconnection is too short, the device might not be rediscovered.

Tip

Regardless of whether Permit or Not Permit is specified in the network monitor settings, devices accessing the network can be discovered. If the network monitor discovers a device, a network search is automatically performed for that device. If you have enabled the Auto-Manage Discovered Nodes or Auto-Install Agent setting for the network search, the device discovered by the network monitor is automatically included as a management target or an agent is automatically deployed to the device. The device then becomes a management target, and a product license is used for that device.

If you do not want to automatically include a discovered device as a management target, clear the Auto-Manage Discovered Nodes and Auto-Install Agent check boxes in Configurations so that you can manually select management targets.

The network monitoring function monitors the following networks:

• IPv4 networks. The IPv6 networks are not supported.

• Only computers that use standard TCP/IP can be monitored.

• The network monitoring function monitors TCP/IP network protocols. Protocols such as NetBEUI and IPX are not supported.

• To control devices accessing a wireless LAN, make sure that the access point relays MAC address information. If the access point does not relay MAC address information, network control cannot be performed.

To Page Top

(4) Planning the installation of agents

After identifying all the devices used in your organization, determine which computers in your organization need to have agents installed, and how to install the agents.

Computers on which to install agents

Of the computers used in your organization, select the ones to which you want to apply security control and distribute software by using JP1/IT Desktop Management 2, and then install agents on them.

Computers with agents installed automatically become the management target of JP1/IT Desktop Management 2. A JP1/IT Desktop Management 2 license is used for each computer that becomes a management target. Therefore, we recommend that you consider the number of available licenses when determining the computers on which to install agents.

Tip

If you want to apply security control to the management server, install an agent on the security server in the same way as you install an agent on a user's computer.

Tip

In JP1/IT Desktop Management 2, the number of licenses held is managed for each OS type (Windows, Linux, or UNIX), but the number of licenses used is managed collectively regardless of the OS types. Note that Mac OS computers use licenses for Windows. (You can assign licenses for Windows to Mac OS computers.) Assigning a license to a Mac OS computer reduces the number of licenses that can be assigned to Windows computers.

For example, assume that a total of 520 licenses are registered as follows:

• Licenses for Windows agents: 500

• Licenses for Linux agents: 10

• Licenses for UNIX agents: 10

If you specify 510 Windows computers as management targets, the limit on the number of licenses held (520) is not exceeded, but the limit on the number of licenses for Windows agents (500) is exceeded. In such as case, you need to take one of the following measures:

• Register 10 or more additional licenses for Windows agents.

• Exclude the excessive (10 or more) Windows computers.

To check whether the maximum number of licenses used is exceeded for each OS, from the Settings module, click Product Licenses and then License Details to display Maximum number of managed nodes. Compare the number displayed with the number of computers managed for each OS displayed in Device List in the Inventory module.

How to install agents

You can install agents on computers either manually or automatically.

You might prefer one approach over another in terms of installation conditions that are important to you. Check each approach and use the one that is appropriate for your environment.

Manually installing agents on computers

First, create an installation set. Then, using the installation set, install agents on computers. You can manually install agents on computers in one of the following seven ways:

• Upload an agent to a Web server.

• Upload an agent to a file server.

• Distribute the agent installation media (CD-R or USB memory) to users.

• Distribute agents to users as a file attached to an email.

• Install an agent on the computer by using a logon script.

• Install an agent on the computer by using the disk copy feature.

• Install an agent on the computer from the provided medium.

Automatically installing agents on computers

From the management server, automatically deploy agents to the individual computers. You can automatically install agents on computers in one of the following two ways:

• Automatically deploy agents to every computer discovered during the search.

• Deploy agents to selected groups of computers on which agents have not yet been installed.

Related Topics:

• 1.1.2 Manually installing agents on computers

• 1.1.3 Automatically installing agents on computers

To Page Top