Network discovery - Legacy UI

SECURITY  Administrator

NAVIGATION  Legacy UI > Account > Audit > Network radio button

NAVIGATION  Legacy UI > Sites > open a site > Audit > Network radio button

Refer to Network Discovery.

About Network Nodes and network discovery

Adding devices to your Datto RMM account manually can be time-consuming; however, if one of your fully Managed devices is designated as a Network Node device, it can discover devices on the network for you during audit. For information on how often an audit is performed, refer to Frequency of audits.

The discovered devices will be displayed under the Audit > Network radio button, and you can add them as Managed network devices to your account and start monitoring them through the designated Network Node.

By default, Agents in Datto RMM do not interrogate the local network for devices that are capable of being managed. In order to find those devices you’ll need to assign a single device, which has a Managed Agent installed, as a Network Node. It is recommended that this is a device that has a high uptime, for example, a server.

  • Only desktops, servers, and laptops with up-to-date audit information may be nominated as Network Nodes.
  • The following Operating Systems are supported: Windows, macOS, Linux. For more information on the supported versions of these operating systems, refer to Supported operating systems and Agent requirements.

NOTE  Linux Network Nodes are not able to perform network scans. Manual network device enrollment must be used when using exclusively Linux Network Nodes. Refer to Enroll an SNMP-enabled device.

Type of Network Scan Requirement
A Network Node scans its own subnet
  • The device must have a properly configured IP address and MAC address.
  • The device must be able to respond to the Network Node's ping.
A Network Node scans a user-specified additional subnet
  • The device must have a properly configured IP address and MAC address.
  • The device must be able to respond to the Network Node's ping.
  • A TCP connection can be established to any of the following ports on the device:
    • 22 - SSH
    • 80 - HTTP Web Server
    • 8080 - HTTP Web Server
    • 443 - HTTPS Web Server

Windows devices must have their SNMP service configured properly in order to return SNMP information to a Network Node, particularly if the device in question is performing checks against itself (that is, if the Network Node field is set to Localhost on the Device summary - Legacy UI page).

You can configure the SNMP service to specify which devices you want to accept SNMP packets from.

  1. Navigate to Start > Run and enter services.msc.
  2. Right-click SNMP in the list of services and select Properties.
  3. On the Security tab, select one of the following options:
    • Accept SNMP packets from any host
    • Accept SNMP packets from these hosts - You can add any devices that you want to accept SNMP packets from. Ensure that the 127.0.0.1 loopback address is listed here, as this allows the device to poll itself for SNMP data.

NOTE  If a Network Node is awaiting device approval due to an Agent encryption key change request, any associated network devices will appear offline until the Network Node is approved. For more information, refer to Agent Encryption Key Changed in the New UI.

You can assign a Network Node to a single device on the device summary page. Refer to Edit device details.

To assign a Network Node to more than one device, follow these steps:

  1. Click Sites and click one of your Managed sites.
  2. Click Devices.
  3. Select the device(s) to which you want to assign a Network Node.
  4. Click the Network Node Settings icon from the action bar and select the Assign Network Node option.
  1. Assign the device(s) to a Network Node in the list.
  1. Click Save. The assigned Network Node will automatically be used in monitors set up for the device. Refer to Manage monitors - Legacy UI.
  2. The Network Node assigned to a device will be visible on the device summary page.

NOTE  If a Network Node is awaiting device approval due to an Agent encryption key change request, any associated network devices will appear offline until the Network Node is approved. For more information, refer to Agent Encryption Key Changed in the New UI.

The steps below describe the process in the legacy UI; however, you can also nominate a device as a Network Node in the Summary card on the device summary page in the New UI. Refer to Summary.

Follow these steps in the legacy UI:

  1. Click Sites and click one of your Managed sites.
  2. Click Devices.
  3. Select the device that you want to designate as a Network Node.
  4. Click the Network Node Settings icon from the action bar and select the Network Node (with network scanning) option.

NOTE  The Network Node (with network scanning) option allows the device to discover other devices on the network and to monitor network devices, printers, and ESXi devices. The Network Node (without network scanning) option only allows the device to monitor network devices, printers, and ESXi devices.

  1. Click OK on the pop-up window to proceed or click Cancel to stop the action. Once you click OK, the device is configured to act as a Network Node and will carry out scanning of its local subnet and any additional subnets configured in Site Settings. Refer to Additional Subnets for Network Discovery.

NOTE  The icon for the designated Network Node device has now changed to green to indicate that it has been nominated as a Network Node.

NOTE  You can nominate more than one device as a Network Node.

  1. Select your Network Node device again and click the Request device audit(s) icon in the action bar to force an immediate scan of the network the device is part of.
  1. Click OK to confirm the audit or click Cancel to stop the action.

NOTE  Allow 10-15 minutes for the audit results to come through.

  1. Click Sites and click on one of your Managed sites.
  2. Click Devices.
  3. Select the device(s) whose Network Node status you want to remove.
  4. Click the Network Node Settings icon from the action bar and select the Remove as Network Node option.
  1. Click Sites and click on one of your Managed sites.
  2. Click Devices.
  3. Select the check box to select all devices in the list.
  4. Click the Network Node Settings icon from the action bar and select the Assign Network Node option.
  5. Choose the new Network Node from the drop-down menu.
  6. Click Save.

The old Network Node can then be safely removed from the platform.

During audit, the Network Node will attempt to authenticate network devices over SNMP. Network discovery works across subnets. A Network Node is able to scan its own subnet by default; however, additional subnets can also be added for network discovery in Site Settings. Refer to Additional Subnets for Network Discovery. The device discovery limits can be changed in Account Settings - Legacy UI.

Network scan process:

  1. The Network Node will try to authenticate over SNMP v2c using the community string "public".
  2. If it fails, it will check if any site-level SNMP credentials are accepted. To store SNMP credentials at the site level, refer to Site Settings - Legacy UI in the legacy UI and Credentials in the New UI.
  3. If it fails, it will check if any account-level SNMP credentials are accepted. To store SNMP credentials at the account level, refer to Account Settings - Legacy UI in the legacy UI and Credentials in the New UI.
  4. If it fails, the device type will be classified as "Unknown".

The table below discusses the process of how device records are created during network discovery.

Type of Network Scan Process
A Network Node scans its own subnet 1. Ping all hosts in subnet. (Up to Network Scan Limit.)
2. Create device records for hosts that respond to the ping and add MAC address (ARP lookup).
• Try to determine if it's a printer using SNMP.
• Try to determine if it's a Windows or non-Windows device.1
• Try to determine if it's an ESXi device.2
3. Add the following SNMP information to the device record: Private Enterprise Number, Uptime, Contact, Name, Location, Printer Supplies (if printer).
4. Add NETBIOS hostname to the device record.
A Network Node scans a user-specified additional subnet 1. Ping all hosts in subnets obtained from Site Settings > Additional Subnets for Network Discovery. (Up to Network Scan Limit.)
2. Create device records for hosts that respond to the ping and where a TCP connection could be established to any of the following ports: 22, 80, 8080, 443.
• Try to determine if it's a Windows device.1
• Try to determine if it's an ESXi device.2
3. Add NETBIOS hostname to the device record.

NOTE  SNMP scan is disabled for user-specified additional subnets.

1 A Windows device's default TTL (time-to-live) is 128; a non-Windows device's default TTL is 64 or 255.
If TTL is equal to or less than 64 OR equal to or more than 129, a non-Windows device record will be created.
If TTL is more than or equal to 65 AND less than or equal to 128, a Windows device record will be created.
2 ESXi devices need to listen on port 902 so that a Network Node device can list them as ESXi devices.

To avoid duplication in the discovered device records, the following de-duplication logic is applied:

  1. Check if a new device to be added to the discovered devices has a MAC address.
  2. If the new device does have a MAC address, check if there is another discovered or Managed device with the same MAC address in the entire account. If a match is found, reject the new device as a duplicate.
  1. If the new device does not have a MAC address, check if there is another discovered or Managed device with the same IP address in the same site. If a match is found, reject the new device as a duplicate.

NOTE  When the MAC address is available, there can be multiple devices with the same IP address in the same site.
When the MAC address is not available, there can be multiple devices with the same IP address in the account, as long as the devices are in different sites.

NOTE  If your Network Node or nodes have not been able to find any of your SNMP-enabled network devices or printers, network scanning of SNMP devices may have been disabled for your account. For further information, refer to Disable network scanning of SNMP devices.

To enroll the discovered devices as Managed devices, follow these steps:

  1. Navigate to the site in which you have nominated a Network Node device.
  2. Click the Audit tab and stay on the Network radio button.
    You will see various device type groups that list all of the devices discovered by the site's Network Node(s). For more information on what is displayed on this page, refer to Network.
  3. Expand any of the device type groups and select any of the devices. You can select devices of different device types as well.
  1. Click the Manage Devices icon in the action bar.

NOTE  Deployments are limited to 100 devices per operation.

  1. On the next page, the following information will be displayed:
Field Description
Total Devices For more information, refer to Network.
Group by Subnet
IP Address
Hostname
Description
NIC Vendor
Model
SNMP v1/v2 Public
Category Displays the device type as discovered by the Network Node.
Deploy From Select one of the Network Nodes that should manage the device. The drop-down menu lists all of the site's Network Nodes.
Device Type Select a device type for the device. In some cases, the device type is automatically recognized. For more information on device types, refer to Edit device details.
Set Credentials Depending on the device type, select a set of Agent Deployment Credentials / SNMP Credentials / ESXi Credentials.

NOTE  Site credentials will be displayed in addition to the credentials specified in Account Settings unless this option is disabled in Site Settings. For further information refer to the Agent Deployment Credentials, SNMP Credentials, and ESXi Credentials sections in Account Settings - Legacy UI and Site Settings - Legacy UI in the legacy UI. You can also create credentials in the New UI. For more information, refer to Credentials.
In the case of network devices and printers, you can also choose any of the Default SNMP Credentials (v1 and v2c, public) listed here. For more information about SNMP credentials, refer to Edit device details.
  1. Click Confirm to confirm your selections or Back to return to the previous page. If you click Back, your selections will be cleared.

NOTE  Devices will be added as Managed devices and each will use a Managed license. This should be considered when planning for licensing and Agent numbers.

  1. If you clicked Confirm in the previous step, the next page will display the devices you have just added as Managed devices to the site. Deployment to Windows and macOS devices typically takes a few minutes. SNMP and ESXi devices are added instantly, and you can expect audit information to appear after a few minutes.

NOTE  In the Managed Devices section, click the name of the device displayed under the Deploy From column to check for more device details in the New UI. Refer to Device summary.

There may be cases when you do not want the Agents to scan for SNMP-enabled network devices. It is possible to stop network scans; however, by doing so you will only be able to add network devices to your account manually. For information on how to add a network device manually, refer to Managing and monitoring SNMP-enabled network devices and printers - Legacy UI.

In order to disable network scanning, perform the following steps:

  1. Navigate to Setup > Account Settings in the legacy UI or Setup > Global Settings in the New UI.
  2. In the Custom Agent Settings section, select Use alternative settings for Agent.
  3. In the Network Subnet Limit field, set the value to 0 to disable network scanning for the entire account.
  4. Click Save.

Refer to Custom Agent Settings in the legacy UI and Custom Agent Settings in the New UI.

NOTE  You can enable / disable network scanning of SNMP devices for the entire account. It is not possible to do this only at the site level.

Under heavy load, a Network Node may drop offline and become unable to manage and monitor network devices. Unfortunately, there is no one-size-fits-all solution to this problem because there are many variables to consider in each situation.

Therefore, our recommendation is to nominate a device as a Network Node, and then set up both a CPU and a Memory Monitor against it. Refer to Create a monitor.

You can then proceed to add devices and monitors to the Network Node. Keep an eye on the CPU and Memory Monitor metrics until the Network Node's resource utilization begins to breach limits. This can then be treated as a benchmark, and you can provision more Network Nodes in the same manner as necessary.

Datto RMM checks for newly added devices at 00:30 UTC, 08:30 UTC, and 16:30 UTC. If newly added devices are found during these checks, an email notification will be sent to the email addresses configured at the global and site levels. Refer to Email Recipients in Account Settings - Legacy UI and Email Recipients in Site Settings - Legacy UI.