TEM offers several ways to identify computers that do not have the TEM Client installed or running:
Client Deploy Tool: A tool that will connect to Active Directory and check if the computers have the TEM Client service running. The Client Deploy Tool comes installed when you install the Installation Generator. The Client Deploy Tool can be used to install the TEM Client if the computers are in the Active Directory domain.
Asset Discovery Fixlet Site: A Fixlet site that allows you to remotely deploy "Scan Points" to periodically scan the remote subnets and then import the data into the TEM Console. Read below for more details.
The Asset Discovery Fixlet site allows you to help find unmanaged computers that do not have the TEM Client installed (or computers that do not have the TEM Client running) that are on the network and additionally help you identify network devices such as routers, printers, and switches that cannot have the TEM Client installed.
TEM Asset Discovery works by allowing you through Fixlet messages and Tasks to deploy "Scan Points", which are NMAP scanners, to specified TEM Clients in your network. You can then use Fixlets and Tasks to periodically run scans. The scan results are automatically shipped to the TEM Server, which imports the data into the database. The scan information can then be viewed in the TEM Console in the "Unmanaged Asset" tab.
Note: To make the link Install BES Client active, copy the folder BESClientDeploy from the BES installer folder on the server to the folder BES Console on the workstation where the BES console is installed.
Here are some pictures illustrating the process.
The designated scan points will scan their local subnets:
The result are then automatically sent to the TEM Server, imported in the database, and available for view in the TEM Console "Unmanaged Assets Tab":
Instructions for using TEM Asset Discovery
Follow these instructions to begin using TEM Asset Discovery:
First, read the warnings below about using the TEM Asset Discovery prior to installation.
Then please see the following guide to configure and manage the TEM Asset Discovery solution: http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_8.2/Asset_Discovery_Users_Guide_PDF.pdf
The warnings below are very important, please read them before installing the Asset Discovery Fixlet site. Check with your network team before scanning the network!
When you designate scan points, you are installing the NMAP scanner application available from http://www.insecure.org/nmap. You must agree to the license agreement for NMAP before designating the scan points.
When you designate scan points, you are installing the packet capture library, WinPCAP 3.1, available at http://www.winpcap.org/install/default.htm will be installed. You must agree to the license agreement for WinPCAP before designating the scan points.
Nmap is distributed in a .zip file. In order to extract it, TEM will temporarily download and use Info-Zip's decompression tool. Info-Zip is an open-source decompression utility. More information on Info-Zip is available athttp://www.info-zip.org/. You must agree to the license agreement for Info-Zip before designating the scan points.
Potential Scanning Issues
Network scans can potentially trigger Intrusion Detection Systems.
Network scans can potentially cause old network devices, such as old printer network devices, to fail if scanned.
Network scans can potentially cause personal firewalls, such as ZoneAlarm or BlackIce, to advise the user that a computer is scanning the local computer.
NMAP is sometimes flagged by virus scanners as a potentially harmful tool (because it can be used for malicious purposes). Check to make sure your virus scanner is not set to block NMAP from running.
If you set NMAP to scan a very large network (such as 10.10.*.*) it will take a very long time and could consume significant bandwidth during the scan. Note that the default scan is the local Class C network, which usually is a fast LAN. TEM does not recommend scanning large networks across the WAN with this tool.
Using NMAP to scan is usually a very safe operation, but there potentially could be issues specific to your organization that could result from scanning computers. Please obtain the appropriate authorization before proceeding.