Avaya Endpoint Access Control Agent User Manual
  1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Software
  5. Endpoint Access Control Agent
  6. User manual
Avaya Endpoint Access Control Agent User Manual

Avaya Endpoint Access Control Agent User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Avaya Endpoint Access Control Agent
User's Guide
5.0
NN47230-501, 03.02
May 2011

Advertisement

Table of Contents
loading

Related Manuals for Avaya Endpoint Access Control Agent

Summary of Contents for Avaya Endpoint Access Control Agent

  • Page 1 Avaya Endpoint Access Control Agent User’s Guide NN47230-501, 03.02 May 2011...
  • Page 2 Avaya or the applicable third party. Avaya does not guarantee that these links will work all the time and has no control over the availability of the linked pages.

  • Page 3: Table Of Contents

    Getting product training..........................9 Getting help from a distributor or reseller....................9 Getting technical support from the Avaya Web site.................. 9 Chapter 2: Installing the Avaya Endpoint Access Control Agent ........Navigation..............................11 Avaya EAC Agent............................. 11 Avaya EAC Agent icons..........................12 Supported platforms..........................
  • Page 4 Configuring the Avaya Endpoint Access Control Agent ..............42 Variable definition..........................43 Index............................. Avaya Endpoint Access Control Agent User’s Guide May 2011...

  • Page 5: Chapter 1: Introduction

    Configuring the Avaya Endpoint Access Control Agent on page 31 This guide is intended for network managers who are installing Avaya EAC Agent software. This guide assumes that you have experience with Graphical User Interfaces (GUIs), Windows operating systems, and familiarity with network management.
  • Page 6 Example: Protocols > IP identifies the IP command on the Protocols menu. vertical line ( | ) Options for command keywords and arguments. Enter only one of the options. Do not type the vertical line when you enter the command. Avaya Endpoint Access Control Agent User’s Guide May 2011...

  • Page 7: Acronyms

    Network Access Protection Network Policy Server Related publications For more information about Avaya VPN Gateway (AVG), see the following publications: • User Guide - Avaya VPN Gateway • Administrator Guide - Avaya VPN Gateway Avaya Endpoint Access Control Agent User’s Guide...

  • Page 8: Customer Service

    To download Adobe Reader, see http://www.adobe.com Customer Service Visit the Avaya Web site to access the complete range of services and support that Avaya provides. See www.avaya.com or see one of the pages listed in the following sections.

  • Page 9: Getting Product Training

    The Training contacts link is located on the left-hand navigation pane. Getting help from a distributor or reseller If you purchased a service contract for your Avaya product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance.
  • Page 10 Introduction Avaya Endpoint Access Control Agent User’s Guide May 2011...

  • Page 11: Chapter 2: Installing The Avaya Endpoint Access Control Agent

    Chapter 2: Installing the Avaya Endpoint Access Control Agent Avaya Endpoint Access Control (EAC) Agent enables you to impose a security policy on the client PC when it is connected to the corporate network through the Avaya VPN Router (AVR), Avaya VPN Gateway (AVG), or Secure Network Access Switch (SNAS), .

  • Page 12: Avaya Eac Agent Icons

    Avaya VPN Gateway. Avaya EAC Agent icons There is an icon defined for each of the three Avaya Endpoint Access Control (EAC) Agent states. The following table describes the color and state of each icon. Table 1: Avaya EAC Agent icons...

  • Page 13: Supported Platforms

    Avaya EAC Agent installation allows you to install bundled VM (which is 1.6.0_24) with Avaya EAC Agent. The VM is installed under the <AEACA install dir>\ jre directory. This JRE is local to the Avaya EAC Agent and is only used by Avaya EAC Agent. Web browsers are not affected by it.

  • Page 14: Standard Installation Kit

    • EacaCstVm_5.4.0_006.msi which bundles JRE 1.6.0_24; • EacaCstNoVm_5.4.0_006.msi without JRE. To install the Avaya EAC Agent customizable kits on Windows Vista or Windows 7 the user must run the installer using administrators privileges. Extra steps are needed to gain administrator privileges. You can open a DOS command console with the “Run as administrator”...

  • Page 15: Custom Installation

    The Avaya EAC Agent displays an icon in the Windows system tray. The icon indicates Avaya EAC Agent status. This icon also appears in the About dialog box of the Avaya EAC Agent. Avaya Endpoint Access Control Agent User’s Guide...
  • Page 16 Modify the MSI files to replace the files under [INSTALLDIR]\resources\*.ico with these icon files. [*] To change the icons for the Avaya EAC Agent, use the following naming conventions: • iconGray.ico: Avaya EAC Agent inactive; normally gray • iconNormal.ico: Avaya EAC Agent user compliant; normally green •...
  • Page 17 1. Create an 170x350 BMP graphic named AboutImage.bmp. 2. Place the graphic in the directory named as %INSTALL_DIR%\resources\. Customizing Connection dialog box icon To customize the Connection dialog box icon, use the following steps: Avaya Endpoint Access Control Agent User’s Guide May 2011...

  • Page 18: Custom Install Options

    EAC Agent Tray Monitor includes an icon in the system tray and provides pop-ups for failures and menu options. If you are using Avaya EAC Agent with SNAS, then you must install the EAC Agent Tray Monitor component. The custom install options provide the following options to the end user: •...
  • Page 19 Avaya EAC Agent status log — The Avaya EAC Agent logs are an optional feature with Windows Installer. By default, logging is enabled for standard install. To view the Avaya EAC Agent Status log, right-click the Avaya EAC Agent icon in the system tray and select the Status menu option.

  • Page 20: Recovery From Initial Check Failure

    Installing the Avaya Endpoint Access Control Agent tray, even when Avaya EAC Tray Monitor is installed and running on the system. This feature works on registry settings on desktop PCs, so you can modify the registry settings to change the behavior.

  • Page 21: Nap Interoperability

    NAP interoperability The Multi-OS support allows the Avaya EAC Agent to identify Linux operating system or Macintosh operating system users and collect the necessary information. The Avaya EAC Agent does not perform additional compliance checks for those operating systems. The following types of Linux operating system are supported: •...
  • Page 22 Installing the Avaya Endpoint Access Control Agent Avaya Endpoint Access Control Agent User’s Guide May 2011...

  • Page 23: Chapter 3: Using The Avaya Endpoint Access Control Agent

    Monitor reports the health status of the computer to the user. SRS Rule Check Avaya EAC Agent waits for a user to connect to a VPN gateway. Before connecting, the Avaya EAC Agent state is set to Inactive and the tray icon is gray.
  • Page 24 New Error Occurred and the icon to green with red color X. If an SRS rule fails the user is notified by the Avaya EAC Agent. The rule message shown can be standard or custom, defined when the rule is created.

  • Page 25: Avaya Nap Enforcement Client

    VPN gateway. Note: Avaya EAC Agent can be configured to operate in Run Once mode. This options enables client SRS rule checks only one time and the resulting access is provided until a session logout. The run once mode is applicable only for portal and SPO clients. It also prevents session exit due to heartbeat timeout and rechecks.
  • Page 26 SRS rule is checked. Viewing the Avaya NAP Enforcement Client Status After the user establishes a VPN connection the Avaya EAC Agent checks the SRS rule. If the rule check fails then the Avaya NAP Enforcement Client automatically pops-up a system tray balloon and notifies the user.
  • Page 27 • access Network and Sharing Center (Control Panel > Network and Internet > Network and Sharing Center) and click View Status in the Network Access Protection panel. The Network Access Protection dialog shows the security state of the computer. Avaya Endpoint Access Control Agent User’s Guide May 2011...

  • Page 28: Viewing The Avaya Eac Agent Status

    5. Click OK to close the Avaya EAC Agent Status Logs dialog box. Using the Avaya EAC Agent Applet The Avaya EAC Agent Applet is a web browser Java applet that can run on Windows and non- Windows operating systems.
  • Page 29 5. If Avaya EAC Agent Applet SRS rule check fails and the gateway tears down the tunnel, the user redirects to the login web page. The login status shows the last rule message.
  • Page 30 Using the Avaya Endpoint Access Control Agent 6. If the SRS rule is successfully checked, the user gains access to the portal. Periodically, Avaya EAC Agent Applet checks the SRS rule to determine if the user’s computer meets the security policy configured on the gateway.

  • Page 31: Chapter 4: Configuring The Avaya Endpoint Access Control Agent

    The Avaya EAC Agent provides the option of single sign-on log on. The Avaya EAC Agent collects the log on credentials for each user login to the network domain. The Avaya EAC Agent forwards log on credentials to the SNAS server as a part of the log on request.

  • Page 32: Variable Definition

    Variable definition Use the data in the following table to log on. Variable Value Profile Specifies the user profile, which is used to log on to the Avaya EAC Agent. Server Specifies the SNAS domain name. Username Specifies the user name.

  • Page 33: Managing Profiles Navigation

    Creating a user profile Use the following procedure to create a user profile. Procedure steps 1. In the Windows taskbar notification area, right-click the Avaya EAC Agent icon, and select Manage SNAS Profiles. The Manage Profiles dialog box appears. Avaya Endpoint Access Control Agent User’s Guide...
  • Page 34 Specifies that the Avaya EAC Agent obtains windows domain Information username when user log onto the PC. Use Profile Defined User Specifies that the Avaya EAC Agent uses the logon credentials Information that are given for the current profile. Avaya Endpoint Access Control Agent User’s Guide...

  • Page 35: Managing System Profiles

    Use the following procedure to modify a user profile. Procedure steps 1. In the Windows taskbar notification area, right-click the Avaya EAC Agent icon, and select Manage SNAS Profiles. The Manage Profiles dialog box appears. 2. Click the User Profiles tab.
  • Page 36 Use the following procedure to create a system profile. Procedure steps 1. In the Windows taskbar notification area, right-click the Avaya EAC Agent icon, and select Manage SNAS Profiles. The Manage Profiles dialog box appears. Avaya Endpoint Access Control Agent User’s Guide...
  • Page 37 Managing profiles 2. Click the System Profile tab. 3. Specify the name of the server. 4. Click Add. The Add New System Id dialog box appears. Avaya Endpoint Access Control Agent User’s Guide May 2011...
  • Page 38 Use the following procedure to modify a system profile. Procedure steps 1. In the Windows taskbar notification area, right-click the Avaya EAC Agent icon, and select Manage SNAS Profiles. The Manage Profiles dialog box appears. 2. Click the System Profile tab.

  • Page 39: Managing Global User Profiles

    Use the following procedure to create a global user profile. Procedure steps 1. In the Windows taskbar notification area, right-click the Avaya EAC Agent icon, and select Manage SNAS Profiles. The Manage Profiles dialog box appears. Avaya Endpoint Access Control Agent User’s Guide...
  • Page 40 Value Profile Name Specifies the unique name assigned to the user profile. Use Domain User Information Specifies that the Avaya EAC Agent gets the logon credentials from the domain. Use Profile Defined User Specifies that the Avaya EAC Agent uses the logon Information credentials that are given for the current profile.
  • Page 41 Use the following procedure to modify a global user profile. Procedure steps 1. In the Windows taskbar notification area, right-click the Avaya EAC Agent icon, and select Manage SNAS Profiles. The Manage Profiles dialog box appears. 2. Click the Global User Profiles tab.

  • Page 42: Settings Of Avaya Eac Agent

    To use MSCAPI Certificates, Avaya EAC Agent must be installed with a bundled JRE or with JRE 6 or later . For JRE 6, Avaya EAC Agent trusts all the certificates that are present in the ROOT Certificate store on your system. If the Trusted Certificate is not found in the Avaya EAC Agent Keystore or MSCAPI ROOT Truststore on the system with JRE 6, System Profiles cannot log on to SNAS.
  • Page 43 Settings of Avaya EAC Agent Procedure steps 1. In the Windows taskbar notification area, right-click the Avaya EAC Agent icon, and select Configure. The Avaya EAC Agent Configuration dialog box appears. 2. Complete the Avaya EAC Agent configuration details. 3. Click OK to save the details.
  • Page 44 Configuring the Avaya Endpoint Access Control Agent Variable Value Default User Profile Specifies the default user profile. Log All Check Results Check to register all checking results on the Avaya EAC Agent. Enable Single Sign-on Check to enable single sign-on for the Avaya EAC Agent.
  • Page 45 Index conventions, text ............reseller ................. customer service ............distributor ..............text conventions ............documentation .............. training ................. Avaya Endpoint Access Control Agent User’s Guide May 2011...

Table of Contents