For the Horizon edge service, you can configure the endpoint compliance check provider settings on the Unified Access Gateway Admin UI.

If Endpoint Compliance Check Provider settings are configured on the Horizon Settings page, Unified Access Gateway performs a Horizon Client endpoint device check with the compliance check provider. This check is performed so that users with non-compliant endpoints are denied access to Horizon desktops and applications.

Prerequisites

The endpoint compliance check provider currently supported on Unified Access Gateway is OPSWAT. For this provider, you must perform the following tasks before configuring the settings on the Unified Access Gateway Admin UI:
  1. Sign up for an OPSWAT account and register your applications on the OPSWAT site. See https://go.opswat.com/communityRegistration.
  2. Note down the client key and client secret key. You need the keys to configure OPSWAT in Unified Access Gateway.
  3. Log in to the OPSWAT site and configure the compliance policies for your endpoints.

    See the relevant OPSWAT documentation.

Procedure

  1. Log in to Admin UI and go to Advance Settings > Endpoint Compliance Check Provider Settings.
  2. Click Add .
    The Endpoint Compliance Check Provider and Hostname text boxes are already filled.
  3. Enter Client Key and Client Secret.
  4. Enter the desired value in Compliance Check Interval (mins).
    • Valid values (in minutes) - 5 to 1440
    • Default value - 0

      0 indicates Compliance Check Interval (mins) is disabled.

    For more information about periodic compliance checks and Compliance Check Interval (mins), see Time Interval for Periodic Endpoint Compliance Checks.

  5. Enter the desired value in Compliance Check Fast Interval (mins).
    Important: To configure Compliance Check Fast Interval (mins), ensure that Compliance Check Interval (mins) is configured and not 0.
    • Valid values (in minutes) - 1 to 1440
    • Default value - 0

      0 indicates Compliance Check Fast Interval (mins) is disabled.

    For more information about periodic compliance checks and Compliance Check Fast Interval (mins), see Time Interval for Periodic Endpoint Compliance Checks.

  6. To change the default value of the statuses and allow endpoints to be launched, click Show Allowed Status Codes.
    The following status codes are supported: In compliance, Not in compliance, Out of license usage, Assessment pending, Endpoint unknown, and Others.
  7. For the desired Status Code, click to change from DENY to ALLOW.

    The default value of In Compliance status code is ALLOW. Only compliant endpoints are allowed to be launched.

    The default value of all other status codes is DENY.

  8. To upload the OPSWAT MetaAccess on-demand agent executable file for the Windows and macOS platform to Unified Access Gateway, click Show OPSWAT On-demand Agent Settings and configure the required settings.
    See Upload OPSWAT MetaAccess on-demand agent Software on Unified Access Gateway.
  9. Click Save.

What to do next

  1. Navigate to Horizon settings, locate Endpoint compliance check provider text box, and select OPSWAT from the drop-down menu.
  2. Click Save.