Administrators can upload the on-demand agent executable file on Unified Access Gateway. This provides the option for the Horizon Client to automatically download and run the on-demand agent after the user has successfully authenticated.

For an understanding about the on-demand agent, see About OPSWAT MetaAccess on-demand agent.

Prerequisites

Locate the on-demand agent executable file on the relevant OPSWAT website and download the file to your system.

Alternately, you can also place the executable file in a file server and specify the corresponding file server location URL while configuring the settings on the Admin UI. With this URL reference, Unified Access Gateway can download the file from the configured URL.
Important: For the Unified Access Gateway to successfully download the file, the file server must have the Content-Disposition header with the on-demand agent's file name as the value in the HTTP response.

Procedure

  • For Windows platform, perform the following steps as mentioned.
    1. Select the File Upload Type.
      • If you don't want to upload any file, select None.
      • None is the default value.
    2. Depending on the file upload type selected, enter the required information for uploading the on-demand agent on Unified Access Gateway.
      Option Procedure
      Local
      1. Locate and select the on-demand agent executable file that you have downloaded from OPSWAT.
      2. Enter the following additional information for the on-demand agent: Name and Parameters.
      URL Reference
      1. In the Agent File URL, enter the URL of the file server location from where Unified Access Gateway can download the on-demand agent executable file.
      2. Enter the following additional information for the agent: Name, Parameters, Agent URL ThumbPrints, Trusted Certificates, and Agent File refresh interval (secs)
      The following information helps you understand the settings provided for uploading the on-demand agent to Unified Access Gateway:
      Name
      Name of the on-demand agent executable file.
      Parameters
      Command-line parameters used by the Horizon Client to run the on-demand agent on the endpoint.

      For command-line parameters that can be used in the Parameters text box, see the relevant OPSWAT documentation.

      Flags
      Enter the flag used by the Horizon Client to run the executable on different environments with customized run-time attributes. If more than one flag values are required, separate them by comma or space.
      Examples
      • RUN_AS_USER flag allows to run in the User context.
      • RUN_AS_SYSTEM flag allows to run in the System context. This includes the copy to the program files area.
      Agent URL Thumbprints
      Enter the list of Agent URL thumbprints. If you do not provide a list of thumbprints, ensure that the server certificates are issued by a trusted CA. Enter the hexadecimal thumbprint digits. For example, sha1= C3 89 A2 19 DC 7A 48 2B 85 1C 81 EC 5E 8F 6A 3C 33 F2 95 C3.
      Trusted Certificates

      If the Agent URL server certificate is not issued by a trusted public CA, you can specify that certificate (in PEM format) to be trusted by Unified Access Gateway while communicating to the Agent URL for downloading the OPSWAT agent. This is an alternative to Agent URL Thumbprints.

      To select a certificate in PEM format and add to the trust store, click +. To remove a certificate from the trust store, click -. By default, the alias name is the filename of the PEM certificate. To provide a different name, edit the alias text box.

      Agent File refresh interval (secs)
      The periodic time interval, in seconds, at which the on-demand agent executable file is fetched from the URL, which is specified in the Agent File URL text box.
    3. Click Save.
  • For macOS platform, perform the following steps as mentioned.
    1. Select the File Upload Type.
      If you do not want to upload any file, select None.
    2. Depending on the file upload type selected, enter the required information for uploading the on-demand agent on Unified Access Gateway.
      Option Procedure
      Local
      1. Select the on-demand agent executable file that you have downloaded from OPSWAT.
      2. Enter the following additional information for the on-demand agent: Name and Parameters.
      3. In the Path To Executable text box, enter the location of the on-demand agent executable file.
      URL Reference
      1. In the Agent File URL, enter the URL of the file server location from where Unified Access Gateway can download the on-demand agent.
      2. Enter the following additional information for the agent: Name, Parameters, Agent URL ThumbPrints, Trusted Certificates, and Agent File refresh interval (secs)
      3. In the Path To Executable text box, enter the location of the on-demand agent executable file.
      The following information helps you understand the settings provided for uploading the on-demand agent to Unified Access Gateway:
      Name
      Name of the on-demand agent executable file.
      Parameters
      Command-line parameters used by the Horizon Client to run the on-demand agenton the endpoint.

      For command-line parameters that can be used in the Parameters text box, see the relevant OPSWAT documentation.

      Flags
      Enter the flag used by the Horizon Client to run the executable on different environments with customized run-time attributes. If more than one flag values are required, separate them by comma or space.
      Examples
      • RUN_AS_USER flag allows to run in the User context.
      • RUN_AS_SYSTEM flag allows to run in the System context. This includes the copy to the program files area.
      Agent URL Thumbprints
      Enter the list of Agent URL thumbprints. If you do not provide a list of thumbprints, ensure that the server certificates are issued by a trusted CA. Enter the hexadecimal thumbprint digits. For example, sha1= C3 89 A2 19 DC 7A 48 2B 85 1C 81 EC 5E 8F 6A 3C 33 F2 95 C3.
      Trusted Certificates

      If the Agent URL server certificate is not issued by a trusted public CA, you can specify that certificate (in PEM format) to be trusted by Unified Access Gateway while communicating to the Agent URL for downloading the OPSWAT agent. This is an alternative to Agent URL Thumbprints.

      To select a certificate in PEM format and add to the trust store, click +. To remove a certificate from the trust store, click -. By default, the alias name is the filename of the PEM certificate. To provide a different name, edit the alias text box.

      Agent File refresh interval
      The periodic time interval, in seconds, at which the on-demand agentexecutable file is fetched from the URL, which is specified in the Agent File URL text box.
      Path To Executable
      Location of the on-demand agent executable file.

      For macOS endpoints, the on-demand agent file is bundled as a zip file. The executable file is present in the zip file. Horizon Client unzips the file and runs that executable on the endpoint from the location mentioned in this text box.

    3. Click Save.

What to do next

To finish the next set of tasks, see Configure OPSWAT as the Endpoint Compliance Check Provider for Horizon.