Autodiscovery of machines

By using autodiscovery, you can:

  • Automate the installation of protection agents and the registration of machines by detecting the machines in your Active Directory domain or local network.
  • Install and update protection agents on multiple machines.
  • Use synchronization with Active Directory, in order to reduce the efforts for provisioning resources and managing machines in a large Active Directory domain.

Prerequisites

  • At least one machine with an installed protection agent in your local network or Active directory domain must be available. This agent will be used as a discovery agent.

  • You must be assigned one of the following roles for the Cyber Protection service: Cyber administrator or Administrator.

Only agents that are installed on Windows machines can be discovery agents. If there are no discovery agents in your environment, you will not be able to use the Multiple devices option in the Add devices panel.

Remote installation of agents is supported only for machines running Windows (Windows XP is not supported). For remote installation on a machine running Windows Server 2012 R2, you must have Windows update KB2999226 installed on this machine.

How autodiscovery works

During a local network discovery, the discovery agent collects the following information for each machine in the network, by using NetBIOS discovery, Web Service Discovery (WSD), and the Address Resolution Protocol (ARP) table:

  • Name (short/NetBIOS hostname)
  • Fully qualified domain name (FQDN)
  • Domain/workgroup
  • IPv4/IPv6 addresses
  • MAC addresses
  • Operating system (name/version/family)
  • Machine category (workstation/server/domain controller)

During an Active Directory discovery, the discovery agent, in addition to the list above, collects information about the Organizational Unit (OU) of the machines and detailed information about their names and operating systems. However, the IP and MAC addresses are not collected.

The following diagram summarizes the autodiscovery process.

  1. Select the discovery method:

    • Active Directory discovery

    • Local network discovery

    • Manual discovery – By using a machine IP address or host name, or by importing a list of machines from a file

    The results of an Active directory discovery or a local network discovery exclude machines with installed protection agents.

    During a manual discovery, the existing protection agents are updated and re-registered. If you perform autodiscovery by using the same account under which an agent is registered, the agent will only be updated to the latest version. If you perform autodiscovery by using another account, the agent will be updated to the latest version and re-registered under the tenant to which the account belongs.

  2. Select the machines that you want to add to your tenant.

  3. Select how to add these machines:

    • Install a protection agent and additional components on the machines, and register them in the Cyber Protect console.

    • Register the machines in the Cyber Protect console (if a protection agent was already installed).

    • Add the machines to the Cyber Protect console as Unmanaged machines, without installing a protection agent.

    You can also apply an existing protection plan to the machines on which you install a protection agent or which you register in the Cyber Protect console.

  4. Provide administrator credentials for the selected machines.

  5. Verify that you can connect to the machines by using the provided credentials.

The machines that are shown in the Cyber Protect console, fall into the following categories:

  • Discovered – Machines that are discovered, but a protection agent is not installed on them.
  • Managed – Machines on which a protection agent is installed.
  • Unprotected – Machines to which a protection plan is not applied. Unprotected machines include both discovered machines and managed machines with no protection plan applied.
  • Protected – Machines to which a protection plan is applied.

How remote installation of agents works

  1. The discovery agent connects to the target machines by using the host name, IP address, and administrator credentials specified in the discovery wizard, and then uploads the web_installer.exe file to these machines.
  2. The web_installer.exe file runs on the target machines in the unattended mode.

  3. The web installer retrieves additional installation packages from the cloud, and then installs them to the target machines via the msiexec command.

  4. After the installation completes, the components are registered in the cloud.
Remote installation of agents is not supported for Domain Controllers due to the additional permissions required for the agent service to run.