Ivanti Neurons for Discovery
Ivanti Neurons for Discovery can accurately and quickly determine which devices are in your corporate network. Using the passive discovery feature all devices that come online are detected, the data captured, normalized and sent to Ivanti Neurons Platform. The technology uses a self-election process to ensure that discovery is always on and always listening, that no devices go undetected and that there is no delay in receiving the data. It also ensures there are no scalability issues, no duplication and no failover concerns because it uses smart technology to self-organize and elect which device will listen and send the data back. If the elected device goes offline, the self-organizing process identifies a replacement self-elected device, so discovery is uninterrupted.
- Rapid discovery of devices connected to your corporate network.
- Flexible policy control.
- Infinite scalability.
- Analyze and normalize to produce a single accurate record of each asset.
Getting started with Ivanti Neurons for Discovery
Follow these easy steps to get started with Discovery.
- Target a device on your network, download and install the Ivanti Neurons for Discovery agent (Discovery download page)
- Enable and configure Self-Election Process to start passive discovery (Global Network Settings)
- Data is gathered, normalized and reconciled providing a single unified view of device details (Discovered Devices)
- Create, assign and deploy agent policy to devices (Policy Groups)
Discovery install methods
There are two install options for Neurons for Discovery:
Before installing check the prerequisites in Agent management.
Ivanti Neurons Agent: An executable file to install the Ivanti Neurons Agent. This can be done manually, or automatically deployed by Neurons for Discovery or via a 3rd party deployment tool.
Options File: A settings file used to configure the agent, this file will differ depending on whether you are doing a Default install or a Discovery install.
Deployment Representative Policy: Policy configuration applied to the agent.
Deployment Representative: A device that has the Discovery Agent installed.
Passive Discovery: Enabled on agent install, always on and immediately discovers any device that comes online in your corporate network.
Use Case: If you already have a list of devices or imported them from a connector, and want to install the agent manually using a 3rd party deployment system such as Microsoft SCCM.
The Ivanti Default Agent has the following capabilities:
- Discovery: Self-Election Process, Passive Discovery
- Edge Intelligence
- Remote Control (optional)
To install the Default Agent you must download:
Both of these files must exist within the same folder.
- In the Neurons Platform navigate to Admin > Discovery.
- On the Welcome page, select DOWNLOAD DEFAULT AGENT to open the download operating system page.
- Go to the appropriate section for your operating system and select DOWNLOAD.
- You have the option to change from the default setting of Interactive to Silent install. Interactive provides you with an install wizard which steps you through the installation. Silent will install automatically requiring no manual interaction, select Copy to copy the code you need to run.
- Once the files have downloaded, make sure they are on the device that you want to install the agent on and that the .exe and the Options files are in the same folder. Run the executable file and follow the on-screen instructions. The Options file instructs the agent on which functionality you can configure, see the capabilities section above. The device with the agent installed becomes the Deployment Representative.
The Agent is installed with the Default Policy, go to the Default Policy section for more information.
Use case: You want to discover all devices on your corporate network and automatically deploy agents to save time from having to manually install.
When the Discovery Agent is installed on a device, that device becomes a Deployment Representative. The Deployment Representative is the only device that can be used for the capabilities that require credentials; deployment and agentless inventory.
The Discovery Agent has the same capabilities as the default agent, together with:
- Discovery: Self-Election Process, Passive Discovery, Agentless Inventory
- Automation (optional)
- Edge Intelligence (optional)
- Remote Control (optional)
To install the Discovery Agent you must download:
- In the Neurons Platform navigate to Admin > Discovery.
- On the Welcome page, select DOWNLOAD DISCOVERY AGENT to open the download operating system page.
- There is currently only a Windows Agent available, so in the Windows operating system section select DOWNLOAD DISCOVERY AGENT.
- A pop-up message asking about your deployment method appears. Select either:
- Yes: If you are using a 3rd party deployment tool to deploy the agent to your devices. Once you have selected Yes, you must then enter the total number of devices the agent will be deployed to, these will become your Deployment Representatives. A date is also required to limit the time a Deployment Representative has to enroll with your Ivanti Neurons tenant. This must be within the next 30 days, you can select the date from the calendar which is capped at 30 days from today's date.
- No: If you are using Neurons for Discovery to deploy the agent to your devices.
- Select DOWNLOAD DISCOVERY AGENT.
- Once the files have downloaded, run the executable file and follow the on-screen instructions. An agent must be installed on a device in each of your subnets throughout your internal network. The device with the agent installed becomes the Deployment Representative.
If more than one executable or Options file is downloaded they are saved with a numerical suffix e.g. (1), (2).
A Deployment Representative is a device in your network that has the Discovery agent installed on it. The Discovery agent should be installed on one device per subnet within your environment. The Deployment Representative is the only device that can be used for the capabilities that require credentials; deployment and agentless inventory.
The Deployment Representatives view lists all of the devices with an agent installed, the subnet that it belongs to, the device name and the date the agent was installed.
You can search on subnet or deployment representative and can sort by any of the columns. Click on any Deployment Representative to view the Deployment Representative Details.
From here you have access to:
- Manage Policy Groups: Create and edit policy groups and devices that they are assigned to. Policies are used to assign capabilities to agents.
- Global Network Device Settings: Select the configuration settings for Passive Discovery and Agentless Inventory. Here you can enable Client Self-Electing Services which is needed for passive discovery to run. See Global network device settings for more information.
The global network device settings cover the configuration for the self-election process for passive discovery and also the credentials required for agentless inventory.
Enable self-election process: The use of client self-electing services ensures that discovery is always on and always listening. A VPN check is initially carried out by detecting connected client VPN adapters, using case sensitive keywords. If a device is found to be connected to a VPN then the device does not take part in the self-election process, only devices on the corporate network are to be discovered. If devices can communicate with the corporate network they self-organize and use a smart election process to elect which device listens and sends data back to the Ivanti Neurons, if the devices can communicate with the elected device, they all trust each other. If the elected device goes offline, the self-organizing process identifies and elects a replacement device, so discovery is uninterrupted. The smart election process ranks available devices by configuration and ability to provide service, for example, more CPU cores or more free disk space.
Device Name: Enter the name of a device on your corporate network. The self-elected device will contact this device to verify it is on your corporate network, so choose a device that will always be online and is only available in your corporate network, e.g. a domain controller.
Device IP: Enter the IP address of the device. The device is validated by confirming a ping on the device name that matches the IP address.
Passive Discovery: Select to enable passive discovery. Only available if the self-election process is enabled.
Agentless Inventory: Select to enable Inventory. An inventory scan is a deep hardware and software scan discovering details on disk, such as; space used, space remaining, memory, CPU, processes running and software installed. Once enabled, an inventory scan will commence 24 hours after the last inventory scan on the device.
Credentials: From the drop down list select the credentials to be used by the engine to access the agentless device that is to be scanned, click Add to add the credentials to the field below, select and add more credentials to continue to build up the list, as required. If the first set of credentials fail, the next will be attempted, and so on, in order of the list.
If you need to set up credentials go to the Neurons Platform > Admin > Credentials, create credentials for a Device.
Starting to discover devices
Ivanti Discovery uses Passive Discovery to detect all network devices in your network.
Passive Discovery detects all devices on your corporate network. Passive discovery is enabled by default and starts immediately once the self-election process has been enabled in the Global Network Device Settings. It listens for any devices that come online, once an ARP request is detected, it captures the device details. Name resolution for discovered devices is carried out using NetBIOS and reverse DNS queries. The Operating System for the device is also discovered using OS Fingerprinting technology.
The results are reported back to the Discovered Devices view and include:
Device Name: Name of the device.
IP or MAC Address: IP or MAC address of the device.
OS: Operating System version, e.g. Microsoft Windows.
OS Group: Operating System group, e.g. Windows, macOS.
Agent: Agent if one has been installed on the device.
Policy Group: Policy group if one has been applied to the device.
Subnet: Subnet IP that the device belongs to.
For all devices that have an agent installed, known as managed devices, inventory data is automatically received. However, in cases where you don't want an agent on a device but still want the deep hardware and software information the agentless inventory capability provides that.
An agentless inventory scan detects all device software and hardware data such as space used, space remaining, memory, CPU, and processes running. You enable the scan in Global Network Device Settings and must provide domain access credentials. The scan is run every 24 hours on all Windows discovered devices that do not have an Ivanti Neurons Agent installed.
The results are reported back to the Detailed View tab in the Neurons Platform > Devices > Device Details
You may need to exclude AgentlessMonitor.exe and Ldiscan.exe from your anti-virus software, as these files are downloaded and executed on the target devices that are going to be inventory scanned.