Enumeration is a continuous and automated process that is executed to identify connected devices. The primary purpose of the enumeration is to classify the devices. Mainly, there are two modes of operation: Agent-Less and Agent.
Agent-less is most commonly used and easy to deploy method to identify your devices. No need to change any setting in your environment. NAC System tries to communicate each discovered device one-by-one by using a predefined credential. After successful connection to client devices, the system collects information about the client (hostname, system info e.t.c). Because user-provided credentials are used during the operation, successfully connected devices are enumerated or considered as an unclassifiable device.
There are two steps to activate the agent-less process.
1. Define Enumeration Credential(s): You need to provide credential or username/password information to NAC System for Enumeration.
To define your credential navigate to Settings-->Credential settings and click button. The definition of credential is very straight forward. Sample windows credential definition is given below.
2. Set Credential(s) and Enable Process: You can define a different kind of credential for various functionalities. You need to set which credentials will be used for enumeration. To do this, on management interface navigate to Settings--> Global Settings and edit the setting:
ENUMERATE CLIENT CREDENTIAL NAME
Select the credential from the drop-down list. You can select more than one credential. Once finished, save your settings and proceed to the next setting, which is ENUMERATE CLIENT WITH REMOTE CONNECTION.
These settings activate the enumeration process and system starts to make a connection to unidentified devices by using provided credential(s). The connection is determined based on the credential type that you provided, i.e. Windows Type of credential is used for WMI connection and SSH type of credential used only for ssh connection.
The agent is a small light-weight application which is installed on Client devices. NetCyte NAC provides an agent for Windows, Linux and Mac OS Operating systems. The agent runs as a service on the client devices and updates client status on the NAC system in a configured period (default is 300 second).
Agent installer files can be downloaded from NAC Management platform using Agent Management --> Agent Packages
Any host considered as a known device or enumerated if agent installed on it. Because agent installers created explicitly to each installation. The agent can not communicate with other NetCyte NAC environment
You can view all Agent installations by navigating to Agent Management main menu.