Self-electing subnet services

Ivanti® Endpoint Manager uses a feature called Self-electing subnet services (SESS). With SESS, managed devices:

  • Self-organize on the same subnet to provide services, allowing automatic fail-over and avoiding duplication of services.
  • Use a smart election process that ranks available devices by configuration and ability to provide the service.
  • Trust each other if they report to the same core server.
  • Use signed messages for SESS security purposes (to avoid impersonation).
  • Use the same client certificates used for CSA access.

SESS is used for the following tools and services. Other services will be supported in the future.

  • ARP and WAP extended device discovery
  • Multicast
  • PXE boot
  • Agentless scanner
  • Agent state
  • Network mapping
  • macOS Content Caching control
  • Self-electing subnet service agent state on each subnet, either enabled or disabled.

Here's a brief video introducing SESS.

Self-Electing Subnet Services in Ivanti Management and Security (3:09)

Configuring SESS in agent settings

Manage SESS from the client connectivity agent settings (Tools > Configuration > Agent settings, Client connectivity).

These services are enabled by default:

These services are disabled by default:

Note that for SESS to function, both the deployed SESS agent setting and the desired network state in the Self-electing subnet services tool must both be enabled. If you don't enable the SESS service you want in the deployed agent settings, enabling SESS for that service in the Self-Electing subnet services tool won't have an effect because there won't be electable devices on the subnet.

If for whatever reason you want to make sure a device can't be elected, you can disable SESS in its deployed agent setting.

Managing self-electing subnet services

As elected devices with SESS on them report to the core, the core creates a list of subnets it detected and the status of ARP and WAP device discovery on those subnets. This information is available in the Self-electing subnet services tool (Tools > Configuration > Self-electing subnet services).

Use this tool to:

  • Configure default SESS state for newly discovered networks
  • View detected subnets
  • Enable/Disable SESS on devices or networks
  • View the elected device for each subnet
  • Specify the Windows credentials the agentless scanner service should use
To configure the default SESS state for newly discovered networks
  1. In the Self-electing subnet services tool, click the Set default state of new networks toolbar button .
  2. Enable or disable the state you want for each service.
To change the desired state of an existing network
  • In the Self-electing subnet services tool, right-click the network you want to change and Enable or Disable it.
To specify Windows credentials for the agentless scanner