To update their database with consistent information, Engines must correctly identify the different devices from which they receive Collector data. The Engine is able to distinguish devices from one another thanks precisely to the hardware information and operating system-level data sent by the Collectors.
Because device hardware may get upgraded and the device data stored at the operating system-level may change with time, the Engine uses an algorithm to either recognize a device to be the same as a device seen before, despite possible minor changes, or decide that a new device joined the network. Failing to correctly identify a device may result in a single device being split into two or in two different devices being merged into one in the database of the Engine.
To prevent Engines from misidentifying special groups of devices, such as those in virtualized environments, replace the default identification algorithm by an algorithm exclusively based on the name of the device, as seen by the operating system. Apply this name-based recognition method to groups of devices selected by name patterns.
The methods to identify devices described in this article do not apply to mobile devices.
Default algorithm to identify a device
To identify a device, the default algorithm considers the following pieces of information:
- The name of the device, as reported by the operating system.
- A hardware identifier that is derived from:
- The BIOS serial number.
- The chassis serial number.
- The motherboard serial number.
- The MAC addresses of the network adapters that are enabled on the device.
- The Machine SID of the device.
Considerations about the data that identifies a device
Devices that have not joined a domain may share the same name. For devices in a domain, the name of the device is unique at a given time within a given domain. Name uniqueness is ensured by the domain controller, but two different devices may have the same name at different points in time.
The list of MAC addresses that are enabled by the operating system change whenever a network adapter is added or removed.
The derived hardware identifier is usually unique for branded PCs but it may not be unique for no name or self-assembled PC. In the case of devices being virtual machines, VMWare defines a BIOS serial number that is unique and thus yields a valid hardware id.
The Machine SID of a Windows device is the Security Identifier of the Windows operating system. The SID is generated during the Windows installation process and is supposed to be globally unique. However if Windows is installed using a cloned image which has not been carefully crafted using sysprep, the SID may not be unique. Experience shows that SIDs are rarely unique within corporate network and they appear in bunches of 10 to 50 machines.
How the device identification algorithm works
The exact identification algorithm is quite intricate; therefore, it is not described here in detail, but only sketched out. Basically, when the Collector sends to the Engine all the pieces of information about a device mentioned above, the device identification algorithm compares them with the corresponding data of each device that is already present in the database of the Engine:
- If the received information precisely matches that of an existing device, the algorithm concludes that the information belongs to the same device that is already in the database.
- If most of the information at least partially matches that of an existing device, in a majority of cases the algorithm still concludes that the information belongs to the same device. The Engine updates therefore the existing device with the received information. For instance, if the received hardware id, MAC addresses and SID all match those of an existing device, but the received name is different from the name of the device as recorded in the database, the algorithm determines that it is the same device and updates its name in the database.
- If the received information differs significantly from that of any of the existing devices, the Engine adds a new device to its database.
Identifying devices solely by their name
Starting from the Engine release V5.3.3, it is possible to override the default algorithm to identify devices and instruct the Engine to exclusively identify Windows devices with domain membership by their name. From release V6.8 on, the feature has been extended to support all devices regardless of their platform (Windows or Mac) and membership type.
Note that the default device identification algorithm should be preferred in most cases. Use this alternative method only in setups where the default algorithm fails to reliably identify a specific group of devices. A misconfiguration may lead to devices being artificially merged or split, so use the identification of devices by name carefully.
This feature is particularly useful in virtualized environments, where devices are virtual machines (VMs) recreated at every user session. By applying the default algorithm for identifying devices, the Engine regards every new instance of a VM as a new device and ends up with multiple devices that share the same name and that succeed each other over time. By identifying devices on the basis of their name only, the Engine consistently maps a particular VM to a single device time after time, even when its hardware properties change.
The Engine provides a mechanism to apply the name algorithm to a reduced set of devices only. Specify name patterns in the configuration file of the Engine to select those groups of devices that must be identified by their name. For instance, if the name of all your virtual machines begins with vm1-ws or vm2-ws, add the following lines to the configuration file of the Engine (/var/nexthink/engine/01/etc/nxengine.xml):
<config> <engine> <device_identification> <netbios_pattern>vm1-ws*</netbios_pattern> <netbios_pattern>vm2-ws*</netbios_pattern> </device_identification> </engine> </config>
Valid substitution characters in the name patterns (called netbios_pattern for historical reasons) are:
- The asterisk * to substitute for zero or more characters.
- The question mark ? to substitute for one single character.