Planning for IAG client endpoint deployment

Applies To: Intelligent Application Gateway (IAG)

Remote access to internal applications published by the Whale Communication Intelligent Application Gateway (IAG) 2007 server occurs from a variety of client endpoints, including company-owned laptops, home computers, and public Internet kiosks. IAG is equipped with technology that identifies the security level of the endpoint computer and can allow or deny access accordingly.

Client endpoint components

IAG installs client components on client endpoints in order to enable IAG remote access features. To determine whether a client endpoint complies with client endpoint policies, IAG attempts to determine which security components are installed and running on the endpoint computer as soon as the client endpoints attempts to access an IAG site. Detection is performed by the IAG Endpoint Detection ActiveX component that is installed on the client endpoint. The Endpoint Detection component verifies the identity of IAG site against the site’s server certificate and checks whether the site is on the client endpoint Trusted Sites list; only if the site is trusted will the component run on the client endpoint and collect the data that identifies which security components are installed and running on the computer. For more information, see About IAG client endpoint components.

Client endpoint policies

You use client endpoint policies to create tiers of access by determining whether or not endpoint computers are allowed to access internal sites and applications, depending on their security settings. For more information, see Planning for IAG client endpoint policies.

Certified client endpoints

A certified client endpoint is an endpoint that has been certified by the organization by using a client certificate. You can then create client endpoint policies that allow access to sites and applications for certified client endpoints only. For more information, see About IAG certified client endpoints.