Manual Chapter : Hosting a BIG-IP Edge Client Download with Access Policy Manager

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 14.0.1, 14.0.0
Manual Chapter

Hosting a BIG-IP Edge Client Download with Access Policy Manager

About hosting a BIG-IP Edge Client file on Access Policy Manager

You can host files on BIG-IP Access Policy Manager (APM) so clients can download them.

When you host a file on Access Policy Manager, you can provide the link to the file in a number of ways. In this example, the BIG-IP Edge Client for Mac link is provided as a link on the user's webtop. The user connects through the web client, then clicks a link on the webtop to download the client file. To provide the BIG-IP Edge Client for Mac, first you must create a connectivity profile. Then, you can download the Mac client file as a ZIP file.

Task summary for adding the BIG-IP Edge Client for Mac file to APM

To add the BIG-IP Edge Client for Mac file to the hosted content repository on Access Policy Manager, so clients can download it, complete these tasks.

Task list

Configuring a connectivity profile for Edge Client for Mac

Update the connectivity profile in your Network Access configuration to configure security settings, servers, and location-awareness for BIG-IP Edge Client for Mac.
  1. On the Main tab, click Access > Connectivity / VPN > Connectivity > Profiles .
    A list of connectivity profiles displays.
  2. Select the connectivity profile that you want to update and click Edit Profile.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  3. From the left pane of the popup screen, select Win/Mac Edge Client.
    Edge Client settings for Mac and Windows-based systems display in the right pane.
  4. Retain the default (selected) or clear the Save Servers Upon Exit check box.
    Specifies whether Edge Client maintains a list of recently used user-entered APM servers. Edge Client always lists the servers that are defined in the connectivity profile, and sorts them by most recent access, whether this option is selected or not.
  5. To support automatic reconnection without the need to provide credentials again, allow password caching.
    1. Select the Allow Password Caching check box.
      This check box is cleared by default.
      The remaining settings on the screen become available.
    2. To require device authentication to unlock the saved password, select Require Device Authentication.
      This option links the option to use a saved password to a device authentication method. Supported device authentication methods include PIN, passphrase, and biometric (fingerprint) authentication on iOS and Android. Android devices also support pattern unlocking.
    3. From the Save Password Method list, select disk or memory.
      If you select disk, Edge Client caches the user's password (in encrypted form) securely on the disk where it is persisted even after the system is restarted or Edge Client is restarted.
      If you select memory,  Edge Client caches the user's password within the BIG-IP Edge Client application for automatic reconnection purposes.
      If you select memory, the Password Cache Expiration (minutes) field displays with a default value of 240.
    4. If the Password Cache Expiration (minutes) field displays, retain the default value or type the number of minutes to save the password in memory.
  6. To enable automatic download and update of client packages, from the Component Update list, select yes (default).
    If you select yes, APM updates Edge Client software automatically on the client system when newer versions are available.
  7. Specify the list of APM servers to provide when the client connects.
    The servers you add here display as connection options in the BIG-IP Edge Client.
    Note: Users can select from these servers or they can type a hostname.
    1. From the left pane of the popup screen, select Server List.
      A table displays in the right pane.
    2. Click Add.
      A table row becomes available for update.
    3. You must type a host name in the Host Name field.
      Typing an alias in the Alias field is optional.
    4. Click Update.
      The new row is added at the top of the table.
    5. Continue to add servers, and when you are done, click OK.
  8. Specify DNS suffixes that are considered to be in the local network.
    Providing a list of DNS suffixes for the download package enables Edge Client to support the autoconnect option. With Auto-Connect selected, Edge Client uses the DNS suffixes to automatically connect when a client is not on the local network (not on the list) and automatically disconnect when the client is on the local network.
    1. From the left pane of the popup screen, select Location DNS List.
      Location DNS list information is displayed in the right pane.
    2. Click Add.
      An update row becomes available.
    3. Type a name and click Update.
      Type a DNS suffix that conforms to the rules specified for the local network.
      The new row displays at the top of the table.
    4. Continue to add DNS names and when you are done, click OK.
  9. Click OK.
    The popup screen closes, and the Connectivity Profile List displays.

Downloading the ZIP file for Edge Client for Mac

You can download a Mac Client package and distribute it to clients.
  1. On the Main tab, click Access > Connectivity / VPN > Connectivity > Profiles .
    A list of connectivity profiles displays.
  2. Select a connectivity profile.
  3. Click the arrow on the Customize Package button and select Mac.
    The Customize Mac Client Package screen displays.
  4. Click Download.
    The screen closes and the package, BIGIPMacEdgeClient.zip, downloads.
The ZIP file includes a Mac installer package (PKG) file and configuration settings.
Distribute the entire ZIP file to your users.

Uploading BIG-IP Edge Client to hosted content on Access Policy Manager

Upload the client file to the Access Policy Manager hosted content repository so you can provide it to clients through a download link.
  1. On the Main tab, click Access > Webtops > Hosted Content > Manage Files .
    The Manage Files screen opens.
  2. Click the Upload button.
    The Create New File popup screen opens.
  3. For the Select File setting, click the Browse button. Browse and select the BIGIPMacEdgeClient.zip file that you previously downloaded.
    The Select File and File Name fields are populated with the file name.
  4. From the File Action list, select Upload Only.
  5. In the File Destination Folder field, specify the folder path in which to place the file. For purposes of this example, the folder /client is specified.
  6. Click OK.
    The file appears in the hosted content list.
You must associate any access profiles that will access hosted content with the hosted content repository.

Associating hosted content with access profiles

A user can access hosted content that is associated with that user's access profile. Each access profile that requires hosted content access must be associated with the entire hosted content repository.
  1. On the Main tab, click Access > Webtops > Hosted Content > Manage Files .
    The Manage Files screen opens.
  2. On the Upload button, click the right-side arrow to select Manage Access from the list.
    The Access Settings popup screen opens.
  3. Select the access profiles to associate with hosted content, then click OK.
    A user must belong to an associated access profile to access hosted content.
View the hosted content list, and verify that the access policy association was successful.

Creating a webtop link for the client installer

You can create and customize links that you can assign to full webtops. In this context, links are defined applications and web sites that appear on a webtop, and can be clicked to open a web page or application. You can customize these links with descriptions and icons.
  1. On the Main tab, click Access > Webtops > Webtop Links .
  2. Click Create.
    The New Webtop Link screen opens.
  3. In the Name field, type a name for the webtop.
  4. From the Link Type list, select Hosted Content.
  5. From the Hosted File link, select public/share/client/BIGIPMacEdgeClient.zip.
  6. In the Caption field, type a descriptive caption.
    The Caption field is pre-populated with the text from the Name field. Type the link text that you want to appear on the web link.
  7. If you want to add a detailed description, type it in the Detailed Description field.
  8. To specify an icon image for the item on the webtop, click in the Image field and choose an image, or click the Browse button.
    Click the View/Hide link to show or hide the currently selected image.
  9. Click Finished.
The webtop link is now configured, and appears in the list, and on a full webtop assigned with the same action. You can edit the webtop link further, or assign it to an access policy.
Before you can use this webtop link, it must be assigned to an access policy with a full webtop, using either an advanced resource assign action or a webtop,links and sections assign action.

Adding a webtop, links, and sections to an access policy

You must have an access profile set up before you can add a webtop, links, and sections to an access policy.
You can add an action to an access policy to add a webtop, webtop links, and webtop sections to an access policy branch. Webtop links and webtop sections are displayed on a full webtop.
Important: Do not assign a webtop for a portal access connection configured for minimal patching mode; this configuration does not work.
  1. On the Main tab, click Access > Profiles / Policies .
    The Access Profiles (Per-Session Policies) screen opens.
  2. Click the name of the access profile for which you want to edit the access policy.
    The properties screen opens for the profile you want to edit.
  3. On the menu bar, click Access Policy.
  4. In the General Properties area, click the Edit Access Policy for Profile profile_name link.
    The visual policy editor opens the access policy in a separate screen.
  5. On a policy branch, click the (+) icon to add an item to the policy.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  6. On the Assignment tab, select the Webtop, Links and Sections Assign agent and click Add Item.
    The Webtop, Links and Sections Assignment screen opens.
  7. In the Name field, type a name for the policy item.
    This name is displayed in the action field for the policy.
  8. For each type of resource that you want assign:
    1. Click the Add/Delete link next to the resource type (Webtop Links, Webtop Sections, or Webtop).
      Available resources are listed.
    2. Select from the list of available resources.
      Select only one webtop.
    3. Click Save.
  9. Click the Save button to save changes to the access policy item.
You can now configure further actions on the successful and fallback rule branches of this access policy item.
Click the Apply Access Policy link to apply and activate your changes to this access policy.
Note: To ensure that logging is configured to meet your requirements, verify the log settings for the access profile.

Implementation result

As a result of these implementation tasks, you have added the client file to a webtop link.