Device identification (classic)
To update their database with consistent information, Engines must correctly identify the different devices from which they receive Collector data. Engine is able to distinguish devices from one another thanks to the hardware information and operating system-level data sent by the Collector agents.
Device hardware may get upgraded and the device data stored at the operating system-level data may change with time. Because of this, Engine uses an algorithm to either recognize a device to be the same as a device seen before, despite possible minor changes, or to decide that a new device joined the network. Failing to correctly identify a device may result in a single device being split into two, or in two different devices being merged into one in the Engine database.
To prevent Engines from misidentifying special groups of devices, such as those in virtualized environments, replace the default identification algorithm by an algorithm exclusively based on the name of the device, as seen by the operating system. Apply this name-based recognition method to groups of devices selected by name patterns.
Default algorithm to identify a device
To identify a device, the default algorithm considers the following pieces of information:
The name of the device, as reported by the operating system
A hardware identifier that is derived from:
The BIOS serial number
The chassis serial number
The motherboard serial number
The MAC addresses of the network adapters that are enabled on the device
The Machine SID of the device
Considerations about the data that identifies a device
Devices that have not joined a domain may share the same name. For devices in a domain, the name of the device is unique at a given time within a given domain. Name uniqueness is ensured by the domain controller, but two different devices may have the same name at different points in time.
The list of MAC addresses that are enabled by the operating system changes whenever a network adapter is added or removed.
The derived hardware identifier is usually unique for branded PCs, but it may not be unique for no name or self-assembled PCs. In the case of virtual machines, software like VMWare defines a BIOS serial number that is unique and thus yields a valid hardware id.
The Machine SID of a Windows device is the Security Identifier (SID) of the Windows operating system. The SID is generated during the Windows installation process and is supposed to be globally unique. However, if Windows is installed using a cloned image which has not been carefully crafted using sysprep, the SID may not be unique. Experience shows that SIDs are rarely unique within corporate networks and they appear in bunches of 10 to 50 machines.
How the device identification algorithm works
The exact identification algorithm is quite intricate; therefore, it is not described here in detail, but only sketched out. Basically, when the Collector sends Engine all the pieces of information about one of the devices mentioned above, the device identification algorithm compares this information with the corresponding data of each device that is already present in the Engine database:
If the received information precisely matches that of an existing device, the algorithm concludes that the information belongs to the same device that is already in the database.
If most of the information at least partially matches that of an existing device, in a majority of cases the algorithm still concludes that the information belongs to the same device. Engine updates the existing device with the information received. For instance, if the received hardware id, MAC addresses and SID all match those of an existing device, but the received name is different from the device name recorded in the database, the algorithm determines that it is the same device and updates its name in the database.
If the received information differs significantly from that of any of the existing devices, Engine adds a new device to its database.
Identifying devices solely by their name
It is possible to override the default algorithm to identify devices and instruct Engine to exclusively identify Windows devices with domain membership by their name. This feature supports all devices regardless of their platform (Windows or Mac) and membership type.
Note that the default device identification algorithm should be used in most cases. Use this alternative method only in setups where the default algorithm fails to reliably identify a specific group of devices.
This feature is particularly useful in virtualized environments, where devices are virtual machines (VMs) recreated at every user session. By applying the default algorithm for identifying devices, Engine regards every new instance of a VM as a new device and ends up with multiple devices that share the same name and that succeed each other over time. By identifying devices on the basis of their name only, Engine consistently maps a particular VM to a single device time after time, even when its hardware properties change.
Contact Nexthink Support for more information.
Last updated