About the IAG Socket Forwarding component

Applies To: Intelligent Application Gateway (IAG)

Socket forwarding activation modes

The Whale Communications Intelligent Application Gateway (IAG) 2007 Socket Forwarding component comprises two modules: Winsock2 Layered Service Provider (LSP) and Name Service Provider (NSP). When an application uses Winsock, Windows will load either the NSP module (when the application performs a name resolution) or the LSP module (when the application uses sockets to connect to a remote server).

The NSP and LSP modules intercept every networking activity performed by the application. Though this interception should not pose any problem and is completely transparent to the application, there is a slight possibility that the application will not function correctly because of the NSP or LSP interception.

To minimize the risk of potential problems, certain applications are included in the LSP and NSP modules' block list. Based on this list, the NSP and LSP modules can completely disable themselves and stop intercepting network activities when they detect that the application within which they run is on their block list. When disabled in this manner, the LSP and NSP modules do not enable access from this application to the corporate network.

The LSP and NSP modules contain two inherent application lists:

• A block list—Containing applications that are known to be problematic. Access to these applications from within the corporate network is always blocked, regardless of the selected socket forwarding activation mode.

• An allow list—Containing applications for which the LSP and NSP will always be active, regardless of the selected socket forwarding activation mode.

Blocking of additional applications depends on the following socket forwarding activation mode, defined during application configuration:

• Basic—In this mode, none of applications that load the LSP or NSP modules are enabled access to configured corporate resources, unless the IAG SSL Wrapper component is running and at least one tunnel is open. In this mode, Windows services (non-interactive applications) are not allowed access to configured corporate resources, regardless of whether the SSL Wrapper component is running or not.

• Extended—This mode is identical to the Basic mode, except that Windows services are enabled access to configured corporate resources.

• virtual private network (VPN)—In this mode, the LSP and NSP modules are always active in all applications, that is, access is enabled to configured corporate resources, except for the applications listed in the block list.

Basic mode will enable most applications to work via IAG and is the recommended socket forwarding mode. For some applications, however, extended mode or VPN mode is required.

You select the Socket Forwarding activation mode for an application when you configure the application. For more information, see Managing client endpoints during an IAG session.

Installing the Socket Forwarding component

The conditions for the installation of the Socket Forwarding client component on the endpoint computer are described in IAG client endpoint system requirements.

After the initial installation of the Socket Forwarding component, users are required to restart their browser and might be required to restart the client endpoint. Once the component is installed, however, users do not require any privileges in order to use the application. A message is displayed when a browser restart is required. If a user selects the Don't show me this message again check box, this message will not be displayed again, even when a restart is required. In order to receive the message when applicable, instruct the user to restore the default settings of the client components. For more information, see Restoring IAG client endpoint component default settings.

During the installation of the Socket Forwarding component, the IAG client component manager checks whether the Socket Forwarding LSP module conflicts with other LSP modules that are installed on the client endpoint.

If the Socket Forwarding component is not installed on the client endpoint but the SSL Wrapper component is, applications that are configured to work in socket forwarding mode will still function. However, the additional capabilities enabled by the Socket Forwarding component will not apply to the application in this setup.

LSP conflict detection

If, during the installation of the Socket Forwarding component on the client endpoint, the IAG Component Manager detects a conflict between the Socket Forwarding LSP module and other LSP modules installed on the computer, it removes the Socket Forwarding component. In this case, the user is notified that a conflict has been detected and that the Socket Forwarding component will be removed from the client endpoint.

The following procedure describes how you can re-enable the installation of the Socket Forwarding component on the endpoint computer after a conflict is detected.

To re-enable the installation of the Socket Forwarding component:

1. Do one of the following in order to determine which components conflict with the Socket Forwarding component:

   • In the message box that is displayed when the conflict is detected, click Details to display the list of conflicting components.

   • Access the following file: %temp%\SFConflictInfo.txt

2. In order to remove conflicting components, contact technical support.

3. Once the conflicting components are removed, use the System Information window, which you access from the Whale toolbar on the portal homepage, to re-enable the installation of the Socket Forwarding component.

4. Access and run an application that requires the Socket Forwarding component, for example, the application you tried to run when the conflict was detected.

   The Socket Forwarding component is installed on the computer.

   Note

   The installation of the component may require a restart of the browser or of the computer. Users are notified accordingly.