For the Horizon edge service, you can configure the endpoint compliance check provider settings on the Unified Access Gateway Admin UI.
If Endpoint Compliance Check Provider settings are configured on the Horizon Settings page, Unified Access Gateway performs a Horizon Client endpoint device check with the compliance check provider. This check is performed so that users with non-compliant endpoints are denied access to Horizon desktops and applications.
Prerequisites
The endpoint compliance check provider currently supported on
Unified Access Gateway is
OPSWAT. For this provider, you must perform the following tasks before configuring the settings on the
Unified Access Gateway Admin UI:
- Sign up for an OPSWAT account and register your applications on the OPSWAT site. See https://go.opswat.com/communityRegistration.
- Note down the client key and client secret key. You need the keys to configure OPSWAT in Unified Access Gateway.
- Log in to the OPSWAT site and configure the compliance policies for your endpoints.
See the relevant OPSWAT documentation.
Procedure
- Log in to Admin UI and go to .
- Click Add .
The
Endpoint Compliance Check Provider and
Hostname text boxes are already filled.
- Enter Client Key and Client Secret.
- Enter the desired value in Compliance Check Interval (mins).
- Enter the desired value in Compliance Check Fast Interval (mins).
Important: To configure
Compliance Check Fast Interval (mins), ensure that
Compliance Check Interval (mins) is configured and not
0
.
For more information about periodic compliance checks and Compliance Check Fast Interval (mins), see Time Interval for Periodic Endpoint Compliance Checks.
- To change the default value of the statuses and allow endpoints to be launched, click Show Allowed Status Codes.
The following status codes are supported:
In compliance
,
Not in compliance
,
Out of license usage
,
Assessment pending
,
Endpoint unknown
, and
Others
.
- For the desired Status Code, click to change from DENY to ALLOW.
The default value of In Compliance status code is ALLOW
. Only compliant endpoints are allowed to be launched.
The default value of all other status codes is DENY
.
- To upload the OPSWAT MetaAccess on-demand agent executable file for the Windows and macOS platform to Unified Access Gateway, click Show OPSWAT On-demand Agent Settings and configure the required settings.
- Click Save.
What to do next
- Navigate to Horizon settings, locate Endpoint compliance check provider text box, and select
OPSWAT
from the drop-down menu.
- Click Save.