ALTIRIS Network Discovery 6.0 SP4 Help
Notice Altiris Network Discovery 6.0 SP4 2005-2006 Altiris, Inc. All rights reserved. Document Date: January 17, 2007 Protected by one or more of the following U.S. Patents: 5764593, 6144992, 5978805, 5778395, 5907672, 4701745, 5016009, 5126739, 5146221, 5414425, 5463390, 5506580. Other patents pending. Due to the inherently complex nature of computer software, Altiris does not warrant that the Altiris software is error-free, will operate without interruption, is compatible with all equipment and software configurations, or will otherwise meet your needs. The content of this documentation is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Altiris. Altiris, Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in this documentation. For the latest documentation, visit our Web site at www.altiris.com. Altiris, the Altiris logo, BootWorks, Eality, ImageBlaster, Inventory Solution, PC Transplant, RapiDeploy, RapidInstall, and Vision are registered trademarks of Altiris, Inc. in the United States. Altiris, the Altiris Logo, and ManageFusion are registered trademarks of Altiris, Inc. in other countries. Altiris Connector, Altiris express, Altiris Protect, Application Management Solution, Application Metering Solution, Asset Control Solution, Asset Management Suite, Carbon Copy, Client Management Suite, Compliance Toolkit, Connector Solution, Contract Management Solution, Deployment Server, Deployment Solution, Energy Saver Toolkit, Education Management Suite, FSLogic, Handheld Management Suite, Helpdesk Solution, Lab Management Suite, ManageFusion, Migration Toolkit, Mobile Client for SMS, Monitor Solution, Network Discovery, Notification Server, Package Importer, Patch Management Solution, Problem Management Suite, Recovery Solution, Security Solution, Server Management Suite, Site Monitor Solution, Software Delivery Solution, SNMP Management, Software Delivery Suite, TCO Management Solution, UNIX Client for SMS, Web Administrator, Web Reports, and other product names are trademarks of Altiris, Inc. in the United States and other countries. AuditExpress, Scan on Detect, and SecurityExpressions are trademarks of Pedestal Software Inc. in the United States. Audit on Connect and Audit on Detect are trademarks of Pedestal Software inc. in the United States and other countries. WebLens and Guaranteeing Your Net Works are registered trademarks of Tonic Software Inc. in the United States. WebInsight and RUM are a trademarks of Tonic Software Inc. in the United States. Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks of Microsoft Corporation in the United States and/or other countries. HP and Compaq are registered trademarks of the Hewlett-Packard Corporation. Dell is a registered trademark of Dell Inc. Macintosh is a registered trademark of the Apple Computer Corporation. Palm OS is a registered trademark of Palm Computing, Inc. BlackBerry is a service mark and a trademark of Research In Motion Limited Corporation. RIM is a service mark and trademark of Research In Motion (RIM). Other company names, brands, or product names are or may be trademarks of their respective owners. Altiris Network Discovery Reference 2
Contents Chapter 1: Introduction to Altiris Network Discovery......................... 4 Chapter 2: Getting Started with Network Discovery............................. 6 Step 1: Adding Device Classifications............................................. 6 Step 2: Adding Community Strings............................................... 7 Step 3: Creating Scan Group Policies............................................. 7 Step 4: Viewing a Network Discovery in Progress..................................... 8 Step 5: Enabling Discovered IP Devices........................................... 8 Step 6: Classifying Unknown Discovered IP Devices................................... 9 Step 7: Verifying Discovered Device Information.................................... 10 Chapter 3: Network Discovery Help........................................ 11 Discovering IP Devices...................................................... 11 Configuring Scan Group Policies................................................ 12 Method.............................................................. 12 Schedule............................................................. 13 Include.............................................................. 13 Exclude.............................................................. 13 Port Scan............................................................ 14 SNMP/ICMP........................................................... 14 Advanced............................................................ 16 Adding Device Classifications.................................................. 18 Network Device Classification............................................... 18 Discovered Devices......................................................... 19 Classify an IP device..................................................... 20 Network Discovery Settings................................................... 20 Viewing Network Device Collections............................................. 20 Running Reports........................................................... 21 Chapter 4: Network Discovery Reference.................................... 22 Inventory Gathered on AMT Enabled Computers.................................... 22 Inventory Gathered on ASF Enabled Computers..................................... 24 Index................................................................ 26 Altiris Network Discovery Reference 3
Chapter 1 Introduction to Altiris Network Discovery Altiris Network Discovery is the cornerstone of all Altiris network management tools because it gathers basic inventory on network devices used by other Altiris products to manage those devices. Network Discovery integrates with the Altiris Infrastructure, which provides users the ability to create multiple discovery policies, schedule discovery to run when it best meets your needs, and update categories and class identifications so that new devices added to the network can be identified during discovery. Network Discovery can discover routers, switches, hubs, network printers, Novell Netware servers, Windows, UNIX, and Macintosh computers. It can also identify computers running operating systems not currently supported by the Altiris Agent, SNMP-enabled devices, and some non-snmp-enabled devices. Because network infrastructures vary in configuration, Network Discovery lets you select the method of discovery. These options include Internet Control Message Protocol (ICMP) ping sweep, Simple Network Management Protocol (SNMP), service port polling, circular Domain Name System resolution, and NetBIOS name and domain queries. Network Discovery uses Scan Group policies to define what area of the network you want to discover. You can choose between two discovery methods: seed device (which reads the Address Resolution Protocol (ARP) table), or an IP address range. You can also set advanced options to further define your discovery, such as: Including or excluding IP addresses for a particular subnet Testing the device with a ping before it is discovered Altiris Network Discovery Reference 4
Setting which ports to scan on each device Setting multiple schedules for how often you want to discover devices. See Discovering IP Devices (page 11) for more information. After all network devices are discovered, they must be enabled before you can use any of the other Altiris Network Devices managing products. See Discovered Devices (page 19) for more information. You cannot enable devices that are listed as Unknown, but you can update category and class identifications through the Device Classifications page. The next time you run a discovery, the Unknown devices will be identified at that time. See Network Discovery Settings (page 20). Network Discovery also gathers a simple inventory from each device that it discovers. There are two types of data collected: the initial network discovery data and SNMP Management Information Base (MIB) II basic information. You can view or print the information you discovered by selecting one of the reports provided by Network Discovery. Initial network discovery data IP address MAC address Host name NetBIOS name (if available) NetBIOS domain (if available) category class SNMP MIB II basic information device name device description user contact device location SNMP object ID Altiris Network Discovery Reference 5
Chapter 2 Getting Started with Network Discovery The Getting Started Guide helps you go through the necessary configuration and setup tasks to start using Network Discovery. Getting Started tasks Step 1: Adding Device Classifications (page 6) Step 2: Adding Community Strings (page 7) Step 3: Creating Scan Group Policies (page 7) Step 4: Viewing a Network Discovery in Progress (page 8) Step 5: Enabling Discovered IP Devices (page 8) Step 6: Classifying Unknown Discovered IP Devices (page 9) Step 7: Verifying Discovered Device Information (page 10) Prerequisites for Getting Started tasks Notification Server 6.0 SP2 or later Network Discovery 6.0 SP3 If you are performing AMT discovery, you will need the following Intel Active Management Technology (AMT) provisioned IP devices (only to utilize the AMT feature) Trusted certificates installed to the Notification Server for each AMT device that is provisioned in Enterprise Mode Step 1: Adding Device Classifications The Device Classifications page lists out-of-the-box classifications commonly used by manufacturers, such as Class, Category, and sysobjectid. If the sysobjectid that is discovered matches an item from this list, the Class, Category, and sysobjectid will populate the Discovered Devices (page 19). When Scan Group policies run, IP devices that are discovered can only be classified if a sysobjectid can be identified. Before you Step 3: Creating Scan Group Policies (page 7), review the manufacturer list to see if the Device Classifications have all the products you run on your network. If you find the list incomplete, use the Add or Remove buttons to customize this list for your network environment. The next time Scan Group policies run, SNMP-enabled IP devices will use this list to be classified. Altiris Network Discovery Reference 6
To add device classifications 1. From the Altiris Console, click the Configuration tab. 2. Select Solutions Settings > Network Discovery > Device Classifications. 3. Click Add and enter the Class, Category, and sysobjectid in the fields of the table. 4. Click Apply. See also: Discovered Devices (page 19). Step 2: Adding Community Strings SNMP community strings are defined in network devices connected to the network. Configuring SNMP community strings is necessary if you want Network Discovery to have access to the read-only data on SNMP-enabled devices when Scan Group policies run. IP devices must be running the SNMP service and configured with a Read-only security setting. If you do not set up a client device to run the SNMP service, or add community strings through Network Discovery, SNMP data will not be collected. To add community strings 1. From the Altiris Console, click the Configuration tab. 2. Select Solutions Settings > Network Discovery > Scan Groups > (Scan Group). 3. In the right pane, click the SNMP/ICMP tab. 4. Below Community String, click Add and enter the name of the community string set on the client device that was set through SNMP services. See also: Network Discovery Settings (page 20), and Community String (page 15). Step 3: Creating Scan Group Policies Network Discovery uses scan group policies to discover and identify IP devices across the network. The Altiris Agent does not have to be installed on client devices before they can be discovered. We recommend creating several scan group policies to limit the scopes of the discovery process. Example: create different policies to discover servers, routers, switches, computers, notebooks, and so forth. Use the Default Scan Group policy as an example when creating your own scan group policies. When SNMP-enabled devices get discovered and enabled, a basic inventory is sent to the Notification Database. However, you can capture a more detailed inventory by using Altiris Inventory Solution for Network Devices to manage all IP devices across the network (this only works when the SNMP-enabled devices are enabled). Altiris Network Discovery Reference 7
To create scan group policies 1. From the Altiris Console, click the Configuration tab. 2. Select Solutions Settings > Network Discovery > Scan Groups. 3. Right-click on a scan group. 4. Select Clone. 5. Name the cloned scan group. 6. In the new scan group, enter or select the property settings for each tab on the page. 7. Click Apply. 8. Click Discover Now to run the policy immediately. See also: Discovering IP Devices (page 11) and Step 4: Viewing a Network Discovery in Progress (page 8). Step 4: Viewing a Network Discovery in Progress You can view the network discovery process on the Discovered Devices page. The progress bar at the top of the page lets you know that a discovery (Scan Group policy) is running. When all steps of the discovery are complete, a list of discovered devices appear. If there are no devices discovered but you saw the progress bar displaying the discovery process, revalidate that the IP address you entered for a seed device or the IP address is in the correct range. To view a network discovery 1. From the Altiris Console, click the Configuration tab. 2. Select Solutions Settings > Network Discovery > Discovered Devices. After the discovery is complete, if unknown devices appear in the table, go to Step 6: Classifying Unknown Discovered IP Devices (page 9). Step 5: Enabling Discovered IP Devices If one or more Resource Creation Settings groups are selected on the Network Discovery Settings page (see Network Discovery Settings on page 20), any time a device in the selected group is discovered, a resource is created. These resources are unmanaged resources. You can also enable an IP device to create a resource in the Notification Database for that device. Resources created this way are called managed resources. Each enabled IP device becomes a member of one or more collections found on the Resources tab (some of these collections are found in the Network Device Collections folder). Altiris Network Discovery Reference 8
Certain IP devices are enabled by default. These include all AMT enabled devices. All NetBIOS devices are added as unmanaged resources to various collections found under the Agent Rollout option on the Configuration tab. This is to facilitate installation of the agent to these devices. To enable discovered devices 1. From the Altiris Console, click the Configuration tab. 2. Select Solutions Settings > Network Discovery > Discovered Devices. 3. Select an IP device from the list, and click Enable. Use the Windows standard Shift and Ctrl keys to select and deselect items in the list. You can remove items from the list. This will only remove them from the Discovered Devices list. It will not remove the resource data. You can also click Classify to add a new device classification. See Step 1: Adding Device Classifications (page 6). You can delete resources by right-clicking on the resource in the Resources tab and selecting the Delete option. This will remove the resource from the database. See also: Discovering IP Devices (page 11) and Viewing Network Device Collections (page 20). Step 6: Classifying Unknown Discovered IP Devices This step is only necessary if the Scan Group policies you ran returned the value of unknown in the Category or Class fields on the Discovered Devices page. If the sysobjectid field has an unknown value, then the Scan Group policy discovered an IP device, but there was no SNMP data available. You can classify unknown devices only if there is a sysobjectid. When the fields have an unknown value, they remain unknown when you click the Classify button on the Discovered Devices page. Enter the classification data that you want the device to be known as. When the fields have a known value, clicking the Classify button automatically populates the fields with known data for the device you selected. If you add a new classification from the Discovered Devices page, it only affects the unknown devices that have already been discovered. When you add a classification from the Discovered Devices page, it automatically gets added to the Device Classifications page. See Step 1: Adding Device Classifications (page 6). Go to Step 5: Enabling Discovered IP Devices (page 8) to create a resource in the Notification Database. Then, go to Step 7: Verifying Discovered Device Information (page 10). To classify unknown devices 1. From the Altiris Console, click the Configuration tab. 2. In the left pane, select Solutions Settings > Network Discovery > Discovered Devices. Altiris Network Discovery Reference 9
3. In the right pane, select a device. 4. Click Classify. The New Network Device Classification page appears. 5. Select the Category from the drop-down list, and enter a name in the Class field. If you select Other in the Category drop-down list, a new box appears allowing you to enter the name of the category you want to create. 6. Click Apply. The New Network Device Classification page closes. You are now returned to the Discovered Devices window and the device you classified appears with the new category. Other devices sharing the same sysobjectid will also have that category. See also: Network Discovery Settings (page 20). Step 7: Verifying Discovered Device Information After completing Step 5: Enabling Discovered IP Devices (page 8), a resource entry is created and stored in the Notification Database. You can now verify data for an individual IP device through the Resource Manager. To verify discovered device information 1. From the Altiris Console, click the Resources tab. 2. Select Collections and select the collection that the device is in (example: look under Computer Collections or Network Device Collections). 3. Click on one of the collections. 4. Double-click on one of the IP devices in the list. The Resource Summary page appears, displaying basic information about the device. To see SNMP data, click the Summaries tab and select SNMP Summary. See also: Viewing Network Device Collections (page 20). Altiris Network Discovery Reference 10
Chapter 3 Network Discovery Help This section identifies topics, features, and field definitions for Network Discovery. This information can then be used to manage all IP devices across the network when integrating with Altiris Deployment Solution for Network Devices, Altiris Inventory Solution for Network Devices, and Altiris Quarantine Solution. Quick Links Discovering IP Devices (page 11) Configuring Scan Group Policies (page 12) Adding Device Classifications (page 18) Discovered Devices (page 19) Network Discovery Settings (page 20) Viewing Network Device Collections (page 20) Running Reports (page 21) Discovering IP Devices You discover devices through scan group policies. The Default Scan Group policy discovers network resources. The policy discovers IP devices either through a seed device or by a range of IP addresses. If an IP device is discovered, its basic inventory information is sent to the Notification Database. All devices located during the scan are listed on the Discovered Devices (page 19) page. This task is done by network administrators who are familiar with the subnets and VLANs throughout the entire network. It is best to create different scan group policies so that you can discover IP devices by their category. Example: you can set up policies to discover switches, routers, computers, printers, and more. Then, you can schedule the policies to run at regular intervals so new IP devices connected to your network will be discovered and the Notification Database is up to date with the latest information. There are several pages (tabs) for setting up a Scan Group policy. Each page lets you enter specific information about how you want to discover IP devices and the way in which the discovery method will run. If you have a large network, you may want to discover IP devices during off peak business hours so as not to impact your business traffic on the network. If you want to discover devices in multiple domains, you should create additional scan groups. To discover IP devices 1. From the Altiris Console, click the Configuration tab. Altiris Network Discovery Reference 11
2. In the left pane, select Configuration > Solutions Settings > Network Discovery > Scan Groups > (Scan Group). 3. Configure the Scan Group by navigating through the tabs in the right pane. See Configuring Scan Group Policies on page 12. 4. Click Discover Now to run the policy immediately. (The Schedule tab lets you select a scheduled time to run the policy.) Configuring Scan Group Policies To configure Scan Group policies 1. From the Altiris Console, click the Configuration tab. 2. In the left pane, select Configuration > Solutions Settings > Network Discovery > Scan Groups > (Scan Group). 3. Configure the Scan Group by navigating through the tabs in the right pane. Quick Links Method (page 12) Schedule (page 13) Include (page 13) Exclude (page 13) Port Scan (page 14) SNMP/ICMP (page 14) Advanced (page 16) Method This is the method that the Scan Group policy will use to discover IP devices across the network. Field Seed Device Address ranges Select this option to discover IP devices by reading the Address Resolution Protocol (ARP) tables from a seed (starting point of discovery) router. Enter the IP address of a router in the IP address field. Select this option to search the network for resources within a specified range of IP addresses. Click Add, and then enter the IP addresses in the Starting IP Address and Ending IP Address fields. You can add as many rows as needed, but the policy will only discover IP devices if the checkbox for the row defined is selected. When using an address range as the method for the scan, entries in both the Include and Exclude tabs are ignored. The Include and Exclude tabs are only used when a seed device is used as the scan method. Altiris Network Discovery Reference 12
Schedule Schedule scan group policies to run so that your business network traffic will not be affected by the discovery. Field Enable Schedule Select this option to set a time when the network will be scanned for new, moved, or deleted IP devices. By default, the Business Hours option is selected and a description of the hours and days for the scheduled scan is displayed. The time schedule is pre-determined and will change according to the option selected. You can also run a Scan Group policy to discover IP devices by clicking the Discover Now button on the Network Discovery Group page. See Discovering IP Devices (page 11). Include This feature narrows the discovery scope to only include the IP address ranges you specify. Field Include IP addresses and subnets If Seed Device is selected as the method of discovery, this option is used to narrow the discovery scope to only include the IP address ranges you specify. Click Add, and then enter values in the Start Address, End/Netmask, and Category fields. Exclude This feature eliminates specific IP devices from being discovered when the ARP tables of a seed device are used as the discovery method. Field Exclude IP addresses and subnets If Seed Device is selected as the method of discovery, this option is used to change the discovery scope by excluding specific IP address ranges. Click Add, and then enter values in the Start Address, End/Netmask, and Category fields. Altiris Network Discovery Reference 13
Port Scan This feature lets you decide how you want the Scan Group policy to process and discover each IP address across the network. Field Enable port scanning Ping Device Connect timeout (ms) Read timeout (ms) Ports to scan on devices Select this option to scan the ports on each IP device when it is discovered on the network. The port information is stored in the Notification Database and is available to view through the Network Discovery reports. Select this option to gather port information from IP devices that only respond to a ping from the Notification Server. The Enable port scanning option must also be selected. The length of time the Notification Server will try to connect to a port on a IP device before timing out and moving to the next IP address. The length of time the Notification Server will try to read information from an open port on an IP device before timing out and moving to the next open port. Select the checkbox next to each port that you want to scan. The port information is stored in the Notification Database and is available to view or print. See Running Reports (page 21). SNMP/ICMP This feature lets you select SNMP and ICMP information for the group. You can select the following: SNMP support Ping the device You can also enter the SNMP community names to use for this scan group. Altiris Network Discovery Reference 14
Field SNMP Support This option will look for IP devices that are SNMP enabled. SNMP timeout (ms) - How long should the server wait to receive a message from the network device where SNMP is enabled before moving to the next device. SNMP retry count - If the server does not receive a message from the network device where SNMP is enabled, how many times should the server try before moving to discover the next device. Ping device The Notification Server will ping each IP device. Data will be gathered from the IP device only if a response is sent back to the server. Ping timeout (ms) - How long should the server wait for a response from a network device after the server sends a ping message before moving to the next device. Ping retry count - How many times should the server try to send a ping message to a network device before moving to the next device. Community String This feature lets you set up community strings so that when this Scan Group policy runs, discovery can access SNMP data on IP devices. These are the SNMP community strings that are defined in network devices connected to the network. You must have a Read value entry if you want to read data from SNMP network devices. The Read value entry must match the value configured on the device. The SNMP service must be configured to accept packets from the host running Notification Server (or from any host). SNMP only needs to be turned on for computers you want to collect SNMP information from. The server that is performing the discovery does NOT need to be running the SNMP service. Field Community String Enter the name of the community string. This name should match the SNMP security settings configured on each client device. The following Windows security settings let you read or write to SNMP-enabled devices. Read-only Read-write This name does not need to match every device on the network. Network Discovery tries each name on each device until it finds the one that responds. Altiris Network Discovery Reference 15
Advanced An IP device gets discovered in the following ways: Circular DNS resolution NetBIOS name and domain AMT Scan ASF Scan You can select all methods of discovery so that if an IP device exists on the network, it will be discovered regardless of its SNMP status. Intel Active Management Technology (AMT) The Advanced page lets you enable the Intel Active Management Technology (AMT). If there are IP devices across the network that use an Intel motherboard, you can provision IP devices so that when a Scan Group policy runs, additional AMT information is gathered along with SNMP data, regardless if the IP device is powered on or off. See http://www.intel.com/technology/manage/iamt/ for more information about AMT technology and provisioning Intel IP devices. After a network discovery runs, you can view the information collected from each IP device using the Viewing Network Device Collections. The All AMT discovered Machines without an Altiris Agent collection lets you view a list of IP devices that are AMT provisioned but do not have the Altiris Agent installed. Several other inventory tables are available, such as BIOS, computer system (UUID), baseboard BIOS, media devices, memory devices, and more. Because of the way AMT technology works, it is possible to have a completely different IP and MAC address than the computer it currently resides on. The AMT chip on Intel motherboards could produce a different result than Intel NIC interfaces. If this occurs, Network Discovery will try to match the AMT information with a resource already existing in the database using the UUID of the computer. If no match is found, a new resource is created in the Notification Database and you will have two resources for the same IP device. There are two AMT Scan methods to select from when gathering additional AMT data. You must consider the requirements for each method before you select the method that is best for your network environment. You must enable the AMT Scan option to make the AMT fields available. Otherwise, network discovery will not ping IP devices for AMT information. Field Circular DNS resolution NetBIOS name and domain The server will perform a reverse DNS query for the fully quantified domain name (FQDN) of the IP address that is found for the IP device. If DNS returns a name for the IP address, the server will then perform a DNS query on that name to determine if the resulting IP address matches the original. Occasionally, the DNS lookup and reverse DNS look information is not synchronized on the server. This feature helps avoid storing the wrong information for discovered IP devices. This option will check devices for a NetBIOS name and domain, essentially found in devices running the Windows operating system. Altiris Network Discovery Reference 16
Field AMT Scan ASF Scan Maximum threads Log diagnostic information AMT Options Small Business mode Enterprise mode Domain name Select to scan for AMT provisioned IP devices. The additional AMT options that are used for discovering these devices only become available when this option is selected. Select to scan for Alert Standard Format (ASF) provisioned IP devices. If the device is provisioned for ASF, ASF specific resource data is gathered. The number of parallel queries the server will allow for discovering devices. The number you enter can impact the bandwidth of network traffic. Diagnostic information is logged to the default URL address of HTTP://< NS server name>/altiris/ns/ LogView.asp. Select to discover AMT provisioned devices by only requiring a username and password to gain access to the resource. Network communications for these types of devices is through HTTP. Select to discover AMT provisioned devices, by requiring a username, password, and an installed trusted certificate to gain access to the resource. Network communications for these types of devices is through HTTPS. Enter a valid fully qualified domain name. This is the domain name that discovery tries to access to scan for AMT provisioned devices. This is used for name resolution and is not used to authenticate. If you are having difficulty discovering devices configured to use enterprise mode as AMT devices, then you should make sure the Domain name is correct. Login Password Confirm Password Collect AMT Inventory Write first discovery data and time to NVRAM Enter a valid username. The user credentials must be in the Local Users and Groups folder on the IP device. If AMT Scan is enabled, the username and password are used to access the IP device whether or not it is powered on. Enter a password for the username. Re-enter the same password for the username. Select to collect inventory from AMT provisioned IP devices, and store it in the Notification Database. You can view the inventory through Resource Manager or the Network Discovery reports. Select to write the date and time when the IP device was first discovered, and other specific hardware information to NVRAM, a separate storage area on AMT provisioned IP devices. Altiris Network Discovery Reference 17
Adding Device Classifications The Class, Category, and sysobjectid values are assigned to each IP device when it gets discovered. These values populate the information on the Discovered Devices page when the Scan Group policies discover network devices. The Device Classifications page lists out-of-the-box classifications commonly used by manufacturers, such as Class, Category, and sysobjectid. If the sysobjectid that is discovered matches an item from this list, the Class, Category, and sysobjectid will populate the Discovered Devices. See Discovered Devices (page 19). When Scan Group policies run, IP devices that are discovered can only be classified if a sysobjectid can be identified. Before you Step 3: Creating Scan Group Policies (page 7), review the manufacturer list to see if the Device Classifications have all the products you run on your network. If you find the list incomplete, use the Add or Remove buttons to customize this list for your network environment. The next time Scan Group policies run, SNMP-enabled IP devices will use this list to be classified. Field Device classification This is a list of manufacturers, type of network device, and the sysobjectid. Click the Add button to insert a new classification, or select a row and then click Remove to delete the entry from the database. The next time you run any of the Scan Group policies, this table will be used to identify devices discovered on the network. To add device classifications 1. From the Altiris Console, click the Configuration tab. 2. Select Solutions Settings > Network Discovery > Device Classifications. 3. Click Add in the Device Classifications section and enter the Class, Category, and sysobjectid in the fields of the table. 4. Click Apply. See also: Network Device Classification (page 18). Localizing device classifications Device classifications are not translated because they are device specific. However, you can change the name of the Category field by going to the Discovered Devices page, clicking on a device, clicking Classify, and selecting Other in the Category field. You can then change the name as needed. Network Device Classification Adding a new IP device classification updates the information for a specific IP device listed on the Discovered Devices page and adds the device classification to the Adding Altiris Network Discovery Reference 18
Device Classifications page. When future scan group policies run and IP devices are discovered, all fields on the Discovered Devices page will be classified correctly. Field sysobjectid Category A numeric field that identifies the manufacturer and the type of network device. Select the drop-down list to select a network device type. You can create a new category by selecting Other in the Category drop-down list and entering the name in the new box that appears. Only categories that are assigned to devices appear in this drop-down list. Class A character value that typically identifies the manufacturer of the network device. Discovered Devices After each Scan Groups policy runs, the discovered IP devices appear on the Discovered Devices page. If one or more Resource Creation Settings groups are selected on the Network Discovery Settings page (see Network Discovery Settings on page 20), any time a device in the selected group is discovered, a resource is created. You can also enable an IP device to create a resource in the Notification Database for that device (see Step 5: Enabling Discovered IP Devices on page 8). The device, once enabled, can be a part of several different collections including those found under Computer Collections. After the device is added to a collection, a basic inventory is collected. The basic inventory information is used by other Altiris network products to manage IP devices. Altiris Inventory Solution for Network Devices can gather a more detailed inventory, which lets you manage the hardware throughout your company. Enabling an SNMP capable computer makes it available to Altiris solutions and adds it to the All SNMP-enabled Windows Computers collection. Removing a computer removes it from the discovered devices list. All resource data is left intact. Resource Creation AMT: If AMT/ASF Devices is selected on the Network Discovery Settings page, any time an AMT capable computer is discovered, an unmanaged resource is created. This resource can be found in a Network Device collection on the Resources tab. Computer: If NetBIOS Devices is selected on the Network Discovery Settings page, any time a computer is discovered that has a NetBIOS name and a NetBIOS domain, an unmanaged computer resource is created. This resource can be found by selecting Resources > Defaults > Computer on the Resources tab and in the collections dealing with the Agent Rollout on the Configuration tab. Network resource: When a network resource is enabled, a managed resource will be created for it if it is not a computer resource already (a managed computer resource could already be created if the Altiris Agent has been installed on the computer). Altiris Network Discovery Reference 19
See also: Classify an IP device (page 20). Classify an IP device If a network device lists the Category or Class fields as unknown, use the Classify button to add a new device classification. An IP device can only be classified and enabled if the sysobjectid is known during a discovery. After you enable an IP device, it becomes a managed resource in the Notification Database. The Filter field, located at the top of the Discovered Devices page, is used to search the list for more specific types of network devices. It is easier to sort the list by resource type than trying to page through rows of data to enable network devices. See also: Network Device Classification (page 18). Network Discovery Settings The Network Discovery Settings page lets you control whether or not discovered resources get created as Notification Server resources. You can also select to publish Notification Server discovery status messages. Resource Creation Settings The following types of devices are created by default: NetBIOS Devices AMT/ASF Devices Printers Apple/Macintosh Devices If the Other/TCPIP Devices category is selected, then devices that do not fall into the other categories, but have an IP address and host name or MAC address, will have resources created for them. We recommend that you enable network devices to add them to the database instead of selecting Network Devices. Some network devices contain information that cannot be placed in the database without consuming an SNMP license. Notification Server Message Settings By default, network discovery status messages are not published as messages in Notification Server. If you are using an Altiris solution that requires that these messages get published to Notification Server, then select Publish NS Discovery Messages. Viewing Network Device Collections To help you further manage network devices, the Resource Manager on the Altiris Console lets you view summaries and basic inventory for an individual IP device listed in one of the Network Device Collections or any other collection you have created. You can also perform tasks, such as viewing all incidents for a resource, managing power Altiris Network Discovery Reference 20
operations on a resource, and launching the Software Delivery Wizard in either simple or advanced mode. Resource Manager is specific to an individual IP device. However, you can find the same device listed in more than one collection. Example: A notebook computer can be a member of the All Computers collection and the All Windows XP collection. Network Device Collections are categories of network IP devices, such as all network devices, routers, switches, and SNMP-enabled computers. Each collection lists the IP devices by Host Name, Device Name, IP Address, and more. Double-click any device listed in a collection to view the Managing Resource page. Discovered IP device information is found in the following tabs: Summaries Inventory Events Tasks Associations To view the Network Device Collections 1. From the Altiris Console, click the Resources tab. 2. Select Collections > Network Device Collections. 3. Click on one of the collections. 4. Double-click on one of the IP devices listed. Running Reports Network Discovery provides several reports that let you view data including reports for AMT and other basic SNMP reports. To run reports 1. From the Altiris Console, click the Reports tab. 2. In the left pane, select Reports > Network Discovery. 3. To run a report, select the report and click Run this report in the right pane. Altiris Network Discovery Reference 21
Chapter 4 Network Discovery Reference Inventory Gathered on AMT Enabled Computers (page 22) Inventory Gathered on ASF Enabled Computers (page 24) Inventory Gathered on AMT Enabled Computers If the computer is AMT enabled, Network Discovery can gather the following inventory. AMT Inventory Table AMT Network Info Inventory class for AMT Network Information Fields IP Address Subnet Mask Default Gateway Primary DNS Secondary DNS Domain Name Host Name Is DHCP Is VLAN Enabled VLAN Tag Is PING Enabled Provisioning Mode AMT BIOS Inventory class for AMT BIOS BIOS Vendor BIOS Version BIOS Release Date AMT Computer System Inventory class for AMT Computer System Manufacturer Name Version Serial Number UUID Altiris Network Discovery Reference 22
AMT Inventory Table Fields AMT Base Board Inventory class for AMT Base Board Manufacturer Product Version Serial Number Asset Tag Replaceable AMT Processor Inventory class for AMT Processor Device ID Maximum Clock Speed Current Clock Speed Status Type Family Upgrade Information Socket Populated Socket Designation Manufacturer Version Row_ID AMT Memory Device Inventory class for AMT Memory Device Size Form Factor Type Type Detail Speed Manufacturer Serial Number Asset Tag Part Number Row_ID Altiris Network Discovery Reference 23
AMT Inventory Table AMT FRU AMT Media Device AMT NV RAM Data Inventory class for AMT Field Replaceable Units Inventory class for AMT Media Device Inventory class for AMT Non-volatile RAM data Fields Vendor ID Device ID Revision ID ProgIf SubClass BaseClass Subvendor ID Subsystem ID Device Location Row_ID Model Number Volume SerialNumber Size Row_ID Discovery Date MAC Address Inventory Gathered on ASF Enabled Computers If the computer is ASF enabled, Network Discovery can gather the following inventory. Altiris Network Discovery Reference 24
ASF Inventory Table ASF Boot Option Fields Lock Power Button Lock Reset Button Lock Keyboard Lock Sleep Button Bypass Password Progress Events Reset Config Data Verbosity Verbose Verbosity Quiet Verbosity Blank Screen ASF Boot Type PXE Hard Drive Hard Drive Safe Mode Diagnostic CD or DVD ASF Network Info IP Address MAC Address IANA Number OEM Capabilities ASFv1 Ping ASFv1 Remote Control ASFv2 Ping ASFv2 Remote Control ASF OEM Capabilities ID Resource ID Capability ASF Remote Control Command Non Secure Power Down Non Secure Power Up Non Secure Warm reset Non Secure Power Reset Secure Power Down Secure Power Up Secure Warm Reset Secure Power Reset Altiris Network Discovery Reference 25
Index A advanced 16 AMT Scan 17 ASF Scan 17 C circular DNS resolution 16 classification, network device 18 classifications, adding device 6 community strings, adding 7 connect timeout (ms) 14 D default scan group policy 7, 11 device classification 18 discovered devices 19 E enable port scanning 14 schedule 13 exclude 13 F filter field 20 G getting started with network discovery 6 groups, scan 11 I include 13 IP device, verify information 10 IP devices, classify unknown 9 IP devices, enabling discovered 8 L localization 18 log diagnostic information 17 M maximum threads 17 method 12 network discovery, getting started 6 P ping device 15 port scan 14 ports to scan on devices 14 progress, network discovery in 8 R read timeout (ms) 14 reports 21 S scan group policies, creating 7 scan groups 11 schedule 13 seed device 12, 13 settings 20 SNMP support 15 step 1 adding device classifications 6 step 2 adding community strings 7 step 3 creating scan group policies 7 step 4 viewing a network discovery in progress 8 step 5 enabling discovered IP devices 8 step 6 classify unknown discovered IP devices 9 step 7 verify discovered IP device information 10 V viewing discovered devices 8, 9 N NetBIOS name and domain 16 network device classification 18 network discovery progress 8 Altiris Network Discovery Reference 26