Ivanti Neurons for Discovery

Ivanti Neurons for Discovery can accurately and quickly determine which devices are in your corporate network. Using the passive discovery feature all devices that come online are detected, the data captured, normalized and sent to Ivanti Neurons Platform. The technology uses a self-election process to ensure that discovery is always on and always listening, that no devices go undetected and that there is no delay in receiving the data. It also ensures there are no scalability issues, no duplication and no failover concerns because it uses smart technology to self-organize and elect which device will listen and send the data back. If the elected device goes offline, the self-organizing process identifies a replacement self-elected device, so discovery is uninterrupted.

Benefits

  • Rapid discovery of devices connected to your corporate network.
  • Flexible policy control.
  • Infinite scalability.
  • Analyze and normalize to produce a single accurate record of each asset.

Getting started with Ivanti Neurons for Discovery

Follow these easy steps to get started with Discovery.

Workflow:

  1. Target a device on your network, download and install the Ivanti Neurons for Discovery agent (Discovery download page)
  2. Enable and configure Self-Election Process to start passive discovery (Global Network Settings)
  3. Data is gathered, normalized and reconciled providing a single unified view of device details (Discovered Devices)
  4. Create, assign and deploy agent policy to devices (Policy Groups)

Discovery install methods

There are two install options for Neurons for Discovery:

Before installing check the prerequisites in Agent management.

Components:

Ivanti Neurons Agent: An executable file to install the Ivanti Neurons Agent. This can be done manually, or automatically deployed by Neurons for Discovery or via a 3rd party deployment tool.

Options File: A settings file used to configure the agent, this file will differ depending on whether you are doing a Default install or a Discovery install.

Deployment Representative Policy: Policy configuration applied to the agent.

Deployment Representative: A device that has the Discovery Agent installed.

Passive Discovery: Enabled on agent install, always on and immediately discovers any device that comes online in your corporate network.

Default agent

Use Case: If you already have a list of devices or imported them from a connector, and want to install the agent manually using a 3rd party deployment system such as Microsoft SCCM.

The Ivanti Default Agent has the following capabilities:

  • Discovery: Self-Election Process, Passive Discovery
  • Inventory
  • Automation
  • Edge Intelligence
  • Remote Control (optional)

To install the Default Agent you must download:

  • IvantiCloudAgent.exe
  • IvantiCloudAgent.exe.Options

Both of these files must exist within the same folder.

The Agent is installed with the Default Policy, go to the Default Policy section for more information.

Discovery agent

Use case: You want to discover all devices on your corporate network and automatically deploy agents to save time from having to manually install.

When the Discovery Agent is installed on a device, that device becomes a Deployment Representative. The Deployment Representative is the only device that can be used for the capabilities that require credentials; deployment and agentless inventory.

The Discovery Agent has the same capabilities as the default agent, together with:

  • Discovery: Self-Election Process, Passive Discovery, Agentless Inventory
  • Deployment
  • Inventory
  • Automation (optional)
  • Edge Intelligence (optional)
  • Remote Control (optional)

To install the Discovery Agent you must download:

  • IvantiCloudAgent.exe
  • IvantiCloudAgent.exe.Options

If more than one executable or Options file is downloaded they are saved with a numerical suffix e.g. (1), (2).

Deployment representatives

A Deployment Representative is a device in your network that has the Discovery agent installed on it. The Discovery agent should be installed on one device per subnet within your environment. The Deployment Representative is the only device that can be used for the capabilities that require credentials; deployment and agentless inventory.

The Deployment Representatives view lists all of the devices with an agent installed, the subnet that it belongs to, the device name and the date the agent was installed.

You can search on subnet or deployment representative and can sort by any of the columns. Click on any Deployment Representative to view the Deployment Representative Details.

From here you have access to:

  • Manage Policy Groups: Create and edit policy groups and devices that they are assigned to. Policies are used to assign capabilities to agents.
  • Global Network Device Settings: Select the configuration settings for Passive Discovery and Agentless Inventory. Here you can enable Client Self-Electing Services which is needed for passive discovery to run. See Global network device settings for more information.

Global network device settings

The global network device settings cover the configuration for the self-election process for passive discovery and also the credentials required for agentless inventory.

Self-election process

Enable self-election process: The use of client self-electing services ensures that discovery is always on and always listening. A VPN check is initially carried out by detecting connected client VPN adapters, using case sensitive keywords. If a device is found to be connected to a VPN then the device does not take part in the self-election process, only devices on the corporate network are to be discovered. If devices can communicate with the corporate network they self-organize and use a smart election process to elect which device listens and sends data back to the Ivanti Neurons, if the devices can communicate with the elected device, they all trust each other. If the elected device goes offline, the self-organizing process identifies and elects a replacement device, so discovery is uninterrupted. The smart election process ranks available devices by configuration and ability to provide service, for example, more CPU cores or more free disk space.

flow diagram showing the CSEP decision process

Device Name: Enter the name of a device on your corporate network. The self-elected device will contact this device to verify it is on your corporate network, so choose a device that will always be online and is only available in your corporate network, e.g. a domain controller.

Device IP: Enter the IP address of the device. The device is validated by confirming a ping on the device name that matches the IP address.

Passive Discovery: Select to enable passive discovery. Only available if the self-election process is enabled.

Agentless Inventory

Agentless Inventory: Select to enable Inventory. An inventory scan is a deep hardware and software scan discovering details on disk, such as; space used, space remaining, memory, CPU, processes running and software installed. Once enabled, an inventory scan will commence 24 hours after the last inventory scan on the device.

Credentials: From the drop down list select the credentials to be used by the engine to access the agentless device that is to be scanned, click Add to add the credentials to the field below, select and add more credentials to continue to build up the list, as required. If the first set of credentials fail, the next will be attempted, and so on, in order of the list.
If you need to set up credentials go to the Neurons Platform > Admin > Credentials, create credentials for a Device.

Starting to discover devices

Ivanti Discovery uses Passive Discovery to detect all network devices in your network.

Passive Discovery

Passive Discovery detects all devices on your corporate network. Passive discovery is enabled by default and starts immediately once the self-election process has been enabled in the Global Network Device Settings. It listens for any devices that come online, once an ARP request is detected, it captures the device details. Name resolution for discovered devices is carried out using NetBIOS and reverse DNS queries. The Operating System for the device is also discovered using OS Fingerprinting technology.

Discovered Devices

The results are reported back to the Discovered Devices view and include:

Device Name: Name of the device.

IP or MAC Address: IP or MAC address of the device.

OS: Operating System version, e.g. Microsoft Windows.

OS Group: Operating System group, e.g. Windows, macOS.

Agent: Agent if one has been installed on the device.

Policy Group: Policy group if one has been applied to the device.

Subnet: Subnet IP that the device belongs to.

Agentless Inventory

For all devices that have an agent installed, known as managed devices, inventory data is automatically received. However, in cases where you don't want an agent on a device but still want the deep hardware and software information the agentless inventory capability provides that.

An agentless inventory scan detects all device software and hardware data such as space used, space remaining, memory, CPU, and processes running. You enable the scan in Global Network Device Settings and must provide domain access credentials. The scan is run every 24 hours on all Windows discovered devices that do not have an Ivanti Neurons Agent installed.

The results are reported back to the Detailed View tab in the Neurons Platform > Devices > Device Details

You may need to exclude AgentlessMonitor.exe and Ldiscan.exe from your anti-virus software, as these files are downloaded and executed on the target devices that are going to be inventory scanned.

Related topics

Credentials

Agent management