Overview of Automated Device Onboarding
  • 18 Jul 2023
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Overview of Automated Device Onboarding

  • Dark
    Light
  • PDF

Article summary

This article outlines the requirements and general process flow for devices being automatically onboarded to Netreo for monitoring. (For manual addition of devices see Manually Add Devices to Netreo.)

Devices that have completed the onboarding process (whether automatic or manual) are considered managed devices.

The Onboarding Process

The Device Management dashboard provides a centralized location from which to monitor the automatic onboarding of devices. From there, you can quickly determine the number of devices currently in each step of the onboarding process.

Step 1. Discovery

Netreo has several mechanisms available to automatically detect devices in your environment. New devices can be detected from the following sources:

  • Subnet (IP) scanning
  • CMDB (ServiceNow)
  • SDWAN (Meraki, VeloCloud)
  • Cloud services (AWS, Azure, Meraki, Google)
  • Wireless LAN (Cisco, Aruba)
  • Virtualization (VMware, Microsoft Hyper-V)
  • Traffic flows (NetFlow, sFlow, IPFIX)
  • Logs (Syslog)

These sources must be properly configured to work with Netreo for devices to be discovered. (For example, cloud service provider account information must be added to Netreo's Cloud Monitoring Administration page, while devices that send log and traffic flow data must be properly configured to send that data to either Netreo or one of its connected service engines.)

A check mark next to a source in the Device Management dashboard's Discovery list means that at least one device has been added from that source since the Netreo VM has been started.

Several of the items in the Discovery list are hyperlinks. Select them to open the administration or configuration page for that source type.

For more information on how to work with this list see Device Management Dashboard.

Step 2. Interrogation

Once a device is discovered through one of the sources above, an entry for it is created in an internal table within Netreo, called the candidate table. This table contains the following information for each discovered device:

  • Device name
  • IP address
  • Discovery source
  • Timestamp added
  • Timestamp updated
  • Status (within the candidate table)

The Device Management dashboard's Interrogation list shows how many devices in the candidate table are currently in each onboarding status.

All of the items in the Interrogation list are hyperlinks. Select one to open the Interrogation page of the Device Management dashboard.

For more information on how to work with this list and what the various statuses mean see Device Management Dashboard.

Once a device is in the candidate table, it is interrogated to determine if Netreo is able to monitor that device.

For a device to be eligible for monitoring, it must meet two criteria:

  1. The IP address of the device must be reachable from either the main Netreo deployment or one of its connected service engines.
  2. The device must respond to either sysUptime (for SNMP devices) or Win32_OperatingSystem (for WMI/WinRM devices).

When checking for this criteria, Netreo will cycle through all of the sets of authentication credentials it has available (typically configured in device templates) until a working set is found for a given device.

The interrogation process runs approximately every five minutes and is configured to process up to thirty devices within that time. Each time the process runs, Netreo checks the candidate table entries for devices with a status of "New" and attempts to process the next thirty devices in the table, beginning with the device with the oldest "timestamp added" value and working forward.

Step 3. Auto-configuration and Device Template Application

Auto-configuration Rules

Devices that pass the interrogation step have their onboarding status set to "Added" and proceed to the auto-configuration phase of step 3. Auto-configuration rules are used to set certain Netreo-specific administration options for each device based on device attributes learned during the interrogation process.

The following administration options may be set for a device using auto-configuration rules:

The above options may be set based on matches to the following device attributes:

  • Device name
  • Device system description
  • Device system location
  • Device BGP
  • Device type
  • Device subtype
  • TCP open port
  • UDP open port
  • Auto-started Windows service
  • Subnet
  • Device attribute (not this list - see Administration View: Documentation tab of the Device Dashboard for more information)

When creating an auto-configuration rule, flexibility can be achieved by including multiple attributes from the list above and qualifying them using the "Any" or "All" flag for the rule.

 For more information about working with auto-configuration rule sets see Auto-Configuration.

Device Templates

After being processed by the auto-configuration rules, each device then has all applicable device templates applied to it. Device templates are used to set certain Netreo-specific administration options for each device based on options set during the auto-configuration phase.

After all device template settings have been applied to a device it is run through the auto-configuration rules a second time (which also includes a second pass through the device template step), in case any changes made by a device template now cause the device to qualify for an auto-configuration rule that it previously didn't.

 For more information about working with device templates see Device Templates.

Step 4. Non-Validated Device Staging

If, as part of your organization's onboarding policy, you would like Netreo to automatically onboard new devices for management, but not actually report on them until those devices have been manually reviewed, you may create an auto-configuration rule to set the onboarding status of new devices to "not validated." Non-validated devices are fully managed and monitored by Netreo, but do not show up in any monitoring dashboards or in reports (and no alerts will be sent if they fail or if performance is degraded), until they have been manually validated on the New Device Validation page of the Device Management dashboard.

Devices that are "not validated" still consume a device license, however, since they are still monitored. So, you may choose to go a step further and create an auto-configuration rule that also sets the monitoring and polling status of new devices to Disabled, preventing them from consuming a device license until you are ready.

The Device Management dashboard's Not Validated list shows how many onboarded devices are awaiting validation. The list is separated into devices that have had their monitoring and polling options enabled (Devices monitored) and those that have had those options disabled (Device disabled).

Each item in the Not Validated list is a hyperlink. Select one to open the appropriate page of the Device Management dashboard where those devices may be worked with.

For more information on how to work with this list see Device Management Dashboard.

Step 5. Devices Under Management

Devices that have completed the auto-configuration and device template phases of onboarding, and have their onboarding status set to validated, are now fully monitored by Netreo.

The Device Management dashboard's Under Management list shows how many onboarded devices have been validated and added to Netreo as managed devices. The list is separated into devices that are currently being monitored and those that have had their monitoring and polling options disabled - typically due to being down for too long (automatically disabled) or being manually disabled.

Each item in the Under Management list is a hyperlink. Select one to open the appropriate page of the Device Management dashboard where those devices may be worked with.

For more information on how to work with this list see Device Management Dashboard.


Was this article helpful?