Autodiscovery of machines

The discovery of machines functionality allows you to do the following:

• Automate the process of protection agent installation and machine registration, by automatically detecting machines in your Active Directory (AD) domain or local network.
• Install and update the protection agent on a batch of machines.
• Use synchronization with Active Directory, to lower the efforts and overhead for resource provisioning and machine management in a large AD environment.

After adding machines to the service console, they are categorized as follows:

• Discovered – machines that were discovered, but the protection agent is not installed on them.
• Managed – machines on which the protection agent is installed.
• Unprotected – machines to which the protection plan is not applied. Unprotected machines include both discovered and managed machines with no protection plan applied.
• Protected – machines to which the protection plan is applied.

How it works

During the local network scanning, the discovery agent uses the following technologies: NetBIOS discovery, Web Service Discovery (WSD), and the Address Resolution Protocol (ARP) table. The agent tries to get the following parameters of each machine:

• Name (short/NetBIOS hostname)
• FQDN
• Domain/workgroup
• IPv4/IPv6 addresses
• MAC addresses
• Operating system (name/version/family)
• Machine category (workstation/server/domain controller)

When AD scanning is performed, the agent tries to get almost the same parameters of each machines as listed above. The difference is that it will additionally get the Organizational Unit (OU) parameter, more full information about the name and operating system, and it won't get IP address and MAC address information.

Prerequisites

Before discovering machines, you must install the protection agent on at least one machine in your local network to use it as a discovery agent.

If you are planning to discover machines in the Active Directory domain, you must install the agent on at least one machine in the AD domain. This agent will be used as a discovery agent during scanning of AD.

Machine discovery process

In the following scheme, you can see the main steps of the machine discovery process:

Generally, the whole autodiscovery process consists of the following steps:

1. Select the method of machine discovery:

   • By scanning Active Directory
   • By scanning the local network
   • Manual – adding a machine by IP address or hostname, or importing a list of machines from a file

   The first two methods filter results automatically to exclude machines that have agents installed.

   The manual method performs upgrade and re-registration for the existing agents. When you run autodiscovery by using the same account, it means that the agent will just be updated to the latest version if necessary. If you use another account, the agent will be updated and re-registred under the tenant to which the account belongs.

2. Select machines to be added from the list received as a result of the previous step.

3. Select how the machines will be added:

   • The protection agent and additional components will be installed on the machines, and they will also be registered in the service console.
   • The machines will be registered in the service console (if they already have the installed agent).
   • The machines will be added as Unmanaged machines to the service console, without any agent or component installation.

   If you selected one of the first two methods to add a machine, you can also select the protection plan from the existing ones and apply to machines.

4. Provide the credentials of the user who has the administrator rights for managing the machines.
5. Verify connectivity to machines by using the provided credentials.

In the next topics, you will get more detailed information about the discovery procedure.