Deploying IAG components on client endpoints

Updated: February 10, 2010

Applies To: Intelligent Application Gateway (IAG)

Whale Communications Intelligent Application Gateway (IAG) 2007 client components are installed on client endpoints in order to enable IAG features and functionality. For more information about client components, see About IAG client endpoint components.

Before installing client components, ensure that client endpoints meet IAG prerequisites. For more information, see IAG client endpoint system requirements.

Client components can be installed as follows:

After deploying client components, client endpoints must be configured to trust IAG sites to which they connect. For more information, see Configuring client endpoints to trust IAG sites.

When client endpoints connect to an IAG site and a session is established, you can specify how client endpoints should be managed during the session. For more information, see Managing client endpoints during an IAG session.

Client endpoints connecting to IAG sites can reset their client component settings to default values. For more information, see Restoring IAG client endpoint component default settings. Users can check whether client components are installed by connecting to a portal and opening the System Information window.

For information about uninstalling client endpoint components, see Uninstalling IAG client endpoint components.

Client endpoint access using a proxy server

For client endpoints accessing IAG by using a proxy server, IAG SP2 includes changes introduced in IAG Service Pack 1, Update 1. For more information about this update, see Microsoft article 948280: Description of Update 1 for e-Gap Appliance 3.6 and for Microsoft Intelligent Application Gateway 2007.

When validating the identity of a proxy server, IAG client components check the certificate revocation list (CRL). If for some reason the CRL check fails, IAG client components notify the user that the CRL cannot be checked and disable client-side functionality.

Update 1 allows IAG to verify the CRL clients do not have a proxy server set explicitly (for example, the client uses automatic discovery with Web Proxy Automatic Discovery (WPAD) or a configuration script). CRL check behavior is now as follows:

  • The initial CRL check using WinHTTP is now compliant with the WPAD method of automatic discovery.

  • If the CRL check using WinHTTP fails, components revert to using WinInet checking.

  • If browser settings are not configured to check the CRL, client components do not check it.

  • If the CRL check fails, the user is prompted to continue without checking the URL.

Note that if the CRL check confirms that the certificate is revoked, the end user is notified, and client-side functionality is disabled.

The change in CRL checking behavior does not apply to offline installation of the client components. If customers want to use offline installation, they must install the offline client components in e-Gap Appliance 3.6 Service Pack 1 or in Intelligent Application Gateway 2007 Service Pack 1. The first time that the user accesses the computer that has this update installed, the client components will upgrade automatically.

Windows Management Instrumentation (WMI) detection on client endpoints

In IAG Service Pack 2, a detection center feature has been added to support Windows Management Instrumentation (WMI) detection on client computers. IAG can detect client security applications by using the WMI interface in addition to the existing detection mechanism. This update was first added in IAG Service Pack 1, Update 4.