Applies To:
Show Versions
BIG-IP APM
- 11.4.1, 11.4.0
About installation choices for BIG-IP Edge Client on Windows
The BIG-IP® Access Policy Manager® includes automatic installation support for Windows clients. Access Policy Manager (APM®) downloads components to the end user's computer at initial login. These downloaded client components enable the various features of the Access Policy Manager functionality.
This download occurs automatically for those systems that support software installation. For clients that do not support automatic software installation, you can configure and distribute the BIG-IP Edge Client®, configured to meet the needs of the client systems you support.
The requirements for automatic installation differ depending on whether the Windows client initiates a session from a browser, or instead starts a network access tunnel.
- To automatically install a control from a browser session, the controls require certain
conditions:
- The user must have ActiveX enabled if the browser is Internet Explorer.
- If the browser is not Internet Explorer, the user must allow software installation.
- If the client starts a network access tunnel, one of the following must be true:
- The client has Administrator privileges on the client system.
- The client control is already installed on the system.
- The Component Installer Package for Windows has been installed on the system.
Access policy sessions other than network access tunnels do not require administrative access. All client-side checks and actions, except the Windows group policy action, can run without administrative rights.
Overview: Configuring APM for BIG-IP Edge Client for Windows
To use the BIG-IP® Edge Client® for Windows, you must configure settings for the BIG-IP Edge Client for Windows in a connectivity profile on Access Policy Manager® (APM). The connectivity profile for Windows includes Win/Mac Edge Client settings including:
- The list of servers to display on the BIG-IP Edge Client
- DNS settings for location-awareness for mobile clients, such as laptops that roam.
Task Summary
About location awareness
The BIG-IP® Edge Client™ provides a location awareness feature. Using location awareness, the client connects automatically only when it is not on a specified network. You can specify the networks that are considered in-network by adding DNS suffixes to the connectivity profile.
Customizing a connectivity profile for BIG-IP Edge Clients for Windows
Customizing the Windows client package for BIG-IP Edge Client
Downloading the Windows client package for BIG-IP Edge Client
Overview: Downloading the Component Installer
Installing and running a BIG-IP® APM® component on Windows-based systems require certain user rights. Pre-installing components provides a seamless upgrade for clients after you upgrade the BIG-IP® Access Policy Manager®.
You can also use the Component Installer feature to provide completely transparent installation and upgrading of components, regardless of the rights you are running under. Your security policy may prohibit granting users the power-user rights needed to install ActiveX components, or your browser security policy may prohibit downloading active elements. For these reasons, you might prefer to pre-install components on your users Windows systems.
You can use the Clients Download screen to download the Component Installer Package containing the Windows components needed for the various Access Policy Manager functions. You can use the Component Installer service to install and upgrade client-side Access Policy Manager components for all kinds of user accounts, regardless of the rights under which the user is working.
This component is especially useful for installing and upgrading client-side components when the user has insufficient rights to install or upgrade the components directly. For information about configuring the MSI installer to run with elevated privileges, see the documentation for your operating system. You must use an account that has administrative rights to initially install the Component Installer on the client computer as a part of Client Components Package (MSI). Once installed and running, the Component Installer automatically installs and upgrades client-side Access Policy Manager components. It can also update itself. The Component Installer requires that the installation or upgrade packages be signed using the F5 Networks certificate or another trusted certificate. By default, F5 Networks signs all components using the F5 Networks certificate.
Downloading the Component Installer package
- On the Main screen, click the F5® logo to display the Welcome page.
- In the Downloads section, click the Component Installer Package for Windows link.
User rights requirements for endpoint security checks
This table lists user rights required to use endpoint security components on Windows clients from a network access tunnel.
Access Policy Manager plugin | Guest rights | User rights | Power User rights | Administrator rights |
---|---|---|---|---|
Antivirus | No supported | Supported | Supported | Supported |
Firewall | No supported | Supported | Supported | Supported |
Windows File | No supported | Supported | Supported | Supported |
Machine Cert | No supported | Supported | Supported | Supported |
Windows information | No supported | Supported | Supported | Supported |
Windows Process | No supported | Supported | Supported | Supported |
Registry | No supported | Supported | Supported | Supported |
UI mode | Supported | Supported | Supported | Supported |
Client-Side Capability | Supported | Supported | Supported | Supported |
Client OS | Supported | Supported | Supported | Supported |
Landing URI | Supported | Supported | Supported | Supported |
Logging action | Supported | Supported | Supported | Supported |
Anti-Spyware | Supported | Supported | Supported | Supported |
Hard Disk Encryption | Supported | Supported | Supported | Supported |
Patch Management | Supported | Supported | Supported | Supported |
Peer-to-peer | Supported | Supported | Supported | Supported |
Windows Cache and Session Control | Supported | Supported | Supported | Supported |
User rights requirements for access policy actions
This table lists user rights required on Windows clients to use actions other than endpoint security client checks from a network access tunnel.
Access Policy Manager component | User rights | Power User rights | Admin rights |
---|---|---|---|
Client Cert Inspection | Supported | Supported | Supported |
On-Demand Cert Auth | Supported | Supported | Supported |
Active Directory (auth or query) | Supported | Supported | Supported |
HTTP Auth | Supported | Supported | Supported |
LDAP (auth or query) | Supported | Supported | Supported |
RADIUS (auth or accounting) | Supported | Supported | Supported |
RSA SecurID | Supported | Supported | Supported |
Overview: Downloading FullArmor GPAnywhere for VPN
This download enables the FullArmor GPAnywhere management tool for VPN integration with Windows clients. You can use this tool to create Group Policy templates, which you can then use to apply Group Policy to computers outside of an Active Directory domain. With VPN, you can distribute Group Policy Object templates through SSL VPN.
Downloading FullArmor GPAnywhere for VPN
- On the Main screen, click the F5 logo to display the welcome page.
- In the Downloads section, click the FullArmor GPAnywhere for VPN or the FullArmor GPAnywhere for VPN (x64 edition) link.
Overview: Installing and using the client troubleshooting utility
Access Policy Manager® provides a client troubleshooting utility for BIG-IP® Edge Client® on Windows. Clients can use the client troubleshooting utility on Windows systems to check the availability and version information for Windows client components, and run Network Access diagnostic tests.
Task Summary
Downloading the client troubleshooting utility
- On the main screen, click the F5 logo to display the Welcome page.
- In the Downloads section, click the Client Troubleshooting Utility for Windows link.