Use extended device discovery (with ARP and WAP)

Extended device discovery (XDD) works outside the normal scan-based UDD discovery methods. The XDD agent can be configured and deployed to managed devices to use the ARP and/or WAP discovery methods. This section describes both discovery methods.

ARP discovery method

Managed devices configured with the XDD discovery agent for ARP discovery listen for ARP (Address Resolution Protocol) broadcasts and maintain a cache (both in memory and in a file on the local drive) of devices that make them. Networked devices use ARP to associate a TCP/IP address with a specific device network hardware MAC address. This communication happens at a very low level and doesn't rely on devices responding to pings or agent communication on specific network ports. Even heavily firewalled devices rely on ARP. Because of this, extended device discovery can help you find devices that normal discovery scans won't find.

When a new ARP broadcast is recognized by a device configured with the extended device discovery agent, the agents that heard the ARP broadcast wait two minutes for the detected device to boot and then each agent waits a random amount of time. The agent with the shortest random wait time pings the new device first, checking for Ivanti agents, and then the agent sends a UDP broadcast to the subnet to let the other agents know that it took care of the ping for that new discovered device. If you have multiple extended device discovery agents installed, this prevents devices from generating excess traffic by all pinging at the same time.

The ARP tables stored by the extended device discovery agent timeout after 48 hours by default. This means that every network device will be pinged once per timeout period. Even devices that generate a lot of ARP traffic are only pinged once per timeout period.

Devices with Ivanti agents on them are assumed to be managed and aren't reported to the core server. Devices without Ivanti agents are reported to the core server as unmanaged devices. These devices appear in the Unmanaged device discovery window's Computers list. ARP-discovered devices show True in the ARP Discovered column. For ARP discovered unmanaged devices, XDD reports back the following information in the list view columns:

  • IP Address
  • MAC address
  • First scanned
  • Last scanned
  • Times scanned

WAP discovery method

You can also configure managed devices to listen for wireless access point (WAP) devices on your network, and add any discovered WAP devices to the Wireless Access Points group in the Unmanaged device discovery tool.

For discovered WAP devices, XDD reports back the following information in the list view columns:

  • Device name
  • MAC address
  • First scanned
  • Last scanned
  • Times scanned
  • WAP status (Allowed, Rogue, Active exception)
  • Signal strength (use to determine the approximate location of the WAP device)
  • Encryption level (the encryption scheme used by the WAP device)
  • Manufacturer

NOTE: Reporting the MAC address
XDD uses the wireless detection API on devices running Windows 7 and later to obtain the device MAC address and display it in the list view.

Configuring devices to use extended device discovery (ARP and WAP)

XDD uses self-electing subnet services (SESS) for extended device discovery. Once SESS is enabled on a subnet, devices will:

  • Self-organize on the same subnet to provide services, allowing automatic fail-over and avoiding duplication of services.
  • Use a smart election process that ranks available devices by configuration and ability to provide the service.
  • Trust each other if they report to the same core server.
  • Use signed messages for SESS security purposes (to avoid impersonation).
  • Use the same client certificates used for CSA access.

For more information, see Self-electing subnet services.

You can use the Agent settings tool and the Self-electing subnet services tool to enable ARP and WAP discovery. ARP discovery is enabled by default on managed Windows devices.

Note that for SESS to function, both the deployed SESS agent setting and the desired network state in the Self-electing subnet services tool must both be enabled. If you don't enable the SESS service you want in the deployed agent settings, enabling SESS for that service in the Self-Electing subnet services tool won't have an effect because there won't be electable devices on the subnet.

To deploy the extended device discovery agent for ARP and/or WAP discovery
  1. Click Tools > Configuration > Agent settings.
  2. In the Agent settings tree, click My agent settings > Client connectivity.
  3. Click the New toolbar button.
  4. Enter a configuration Name.
  5. On the Self-electing subnet services page, make sure Enable self-electing subnet services is selected.
  6. On the Extended device discovery page, configure the options you want.
  7. Deploy the agent setting to all devices on each subnet. SESS will manage which devices do discovery.
  8. Click Tools > Configuration > Self-electing subnet services.
  9. Under the Self-electing subnet services tree, click Extended device discovery (ARP). Right-click the subnets you want to enable and click Enable.
  10. If you want WAP discovery, repeat step 9 for Extended device discovery (WAP).