When you select OPSWAT as the endpoint compliance check provider, there are certain settings that must be configured for Unified Access Gateway to integrate with OPSWAT. For example, you can configure the time interval at which periodic compliance checks can occur, upload the on-demand agent executable file to Unified Access Gateway, and so on.

When OPSWAT is selected as the endpoint compliance check provider on the Horizon Settings page, Unified Access Gateway performs a Horizon Client endpoint device check with OPSWAT. This check is performed so that users with non-compliant endpoints are denied access to Horizon desktops and applications.

Prerequisites

  1. Sign up for an OPSWAT account and register your applications on the OPSWAT site. See https://go.opswat.com/communityRegistration.
  2. Note down the client key and client secret key. You need the keys to configure OPSWAT in Unified Access Gateway.
  3. Log in to the OPSWAT site and configure the compliance policies for your endpoints.

    See the relevant OPSWAT documentation.

Procedure

  1. Log in to Admin UI and go to Advance Settings > Endpoint Compliance Check Provider Settings.
  2. Click Add.
  3. Select OPSWAT as the Endpoint Compliance Check Provider.
  4. Enter Client Key and Client Secret.
  5. Enter the desired value in Compliance Check Interval (mins).
    • Valid values (in minutes) - 5 to 1440
    • Default value - 0

      0 indicates Compliance Check Interval (mins) is disabled.

    For more information about periodic compliance checks and Compliance Check Interval (mins), see Time Interval for Periodic Endpoint Compliance Checks.

  6. Enter the desired value in Compliance Check Fast Interval (mins).
    Important: To configure Compliance Check Fast Interval (mins), ensure that Compliance Check Interval (mins) is configured and not 0.
    • Valid values (in minutes) - 1 to 1440
    • Default value - 0

      0 indicates Compliance Check Fast Interval (mins) is disabled.

    For more information about periodic compliance checks and Compliance Check Fast Interval (mins), see Time Interval for Periodic Endpoint Compliance Checks.

  7. To change the default value of the statuses and allow endpoints to be launched, click Show Allowed Status Codes.
    The following status codes are supported: In compliance, Not in compliance, Out of license usage, Assessment pending, Endpoint unknown, and Others.
  8. For the desired Status Code, click to change from DENY to ALLOW.

    The default value of In Compliance status code is ALLOW. Only compliant endpoints are allowed to be launched.

    The default value of all other status codes is DENY.

  9. To upload the OPSWAT MetaAccess on-demand agent executable file for the Windows and macOS platform to Unified Access Gateway, click Show OPSWAT On-demand Agent Settings and configure the required settings.
    See Upload OPSWAT MetaAccess on-demand agent Software on Unified Access Gateway.
  10. Click Save.

What to do next

  1. Navigate to Horizon settings, locate Endpoint compliance check provider text box, and select OPSWAT from the drop-down menu.
  2. Click Save.