Autodiscovery of machines

Using autodiscovery, you can:

  • Automate the installation of protection agents and the registration of machines to the management server by detecting the machines in your Active Directory domain or local network.
  • Install and update protection agents on multiple machines.
  • Use synchronization with Active Directory, in order to reduce the efforts for provisioning resources and managing machines in a large Active Directory domain.

Prerequisites

To perform autodiscovery, you need at least one machine with an installed protection agent in your local network or Active directory domain. This agent is used as a discovery agent.

Only agents that are installed on Windows machines can be discovery agents. If there are no discovery agents in your environment, you will not be able to use the Multiple devices option in the Add devices panel.

Remote installation of agents is supported only for machines running Windows (Windows XP is not supported). For remote installation on a machine running Windows Server 2012 R2, you must have Windows update KB2999226 installed on this machine.

How autodiscovery works

During a local network discovery, the discovery agent collects the following information for each machine in the network, by using NetBIOS discovery, Web Service Discovery (WSD), and the Address Resolution Protocol (ARP) table:

  • Name (short/NetBIOS host name)
  • Fully qualified domain name (FQDN)
  • Domain/workgroup
  • IPv4/IPv6 addresses
  • MAC addresses
  • Operating system (name/version/family)
  • Machine category (workstation/server/domain controller)

During an Active Directory discovery, the discovery agent, in addition to the list above, collects information about the Organizational Unit (OU) of the machines and detailed information about their names and operating systems. However, the IP and MAC addresses are not collected.

The following diagram summarizes the autodiscovery process.

  1. Select the discovery method:

    • Active Directory discovery
    • Local network discovery
    • Manual discovery – By using a machine IP address or host name, or by importing a list of machines from a file

    The results of an Active directory discovery or a local network discovery exclude machines with installed protection agents.

    During a manual discovery, the existing protection agents are updated and re-registered. If you perform autodiscovery by using the same account under which an agent is registered, the agent will only be updated to the latest version. If you perform autodiscovery by using another account, the agent will be updated to the latest version and re-registered under the tenant to which the account belongs.

  2. Select the machines that you want to add to your tenant.

  3. Select how to add these machines:

    • Install a protection agent and additional components on the machines, and register them in the web console.
    • Register the machines in the web console (if a protection agent was already installed).
    • Add the machines to the web console as Unmanaged machines, without installing a protection agent.

    You can also apply an existing protection plan to the machines on which you install a protection agent or which you register in the web console.

  4. Provide administrator credentials for the selected machines.

  1. Select the name or the IP address of the management server that the agent will use to access that server.

    By default, the server name is selected. You may need to select the IP address instead if your management server has more than one network interface or if you are facing DNS issues that cause the agent registration to fail.

  1. Verify that you can connect to the machines by using the provided credentials.

The machines that are shown in the Cyber Protect web console, fall into the following categories:

  • Discovered – Machines that are discovered, but a protection agent is not installed on them.
  • Managed – Machines on which a protection agent is installed.
  • Unprotected – Machines to which a protection plan is not applied. Unprotected machines include both discovered machines and managed machines with no protection plan applied.
  • Protected – Machines to which a protection plan is applied.