Identity and Policy Control
Reply
Regular Visitor
anand_s
Posts: 9
Registered: ‎01-28-2010
0
Accepted Solution

Deploy OAC

Hello all,

 

I have currently deployed UAC in conjunction with JunOS Enforcer and server frontend deployment scenario. I have deployed OAC to all users who would access the protected server behind the firewall. They can also access it using agentless method by logging to IC and keeping the session open. This has been deployed to access the resources in our Primary Data Centre. We have recently established a backup or secondary or DR data centre with the same architecture as the PDC. I have created an MSI package that includes both ICs in OAC. How should I distribute the new package?

 

1) Do I uninstall the previous package before I install the new MSI package?

2) I tried to run the new MSI package while the previous installation was actively running on the computer. The installation does not seem to finish what it is supposed to do which is basically adding the second IC in the profile.

 

I distributed the first package using SCCM. So, I can redeploy the software to the users. Is there an easier way to add the second IC connection to the existing installation?

 

Looking forward to some inputs.

 

Thanks in advance.

 

Anand

Recognized Expert
Raveen
Posts: 419
Registered: ‎04-15-2010
0

Re: Deploy OAC

Hi,

 

1. You can deploy through SCCM. There shouldn't be an issue. IF you see any problem open up a JTAC case.

2. If IC is configured to dynamicaly push the package, during authentication process, IC would push the client.

You should have EAP-JUAC as inner method. And importantly, it consumes bandwidh and time.

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Regular Visitor
anand_s
Posts: 9
Registered: ‎01-28-2010
0

Re: Deploy OAC

Hello Raveen,

 

Thank you for your prompt reply. As I explained earlier, if I deploy the new package via SCCM, do I uninstall the previous package and then install the new one? If I perform an installation over the existing installation, nothing seems to happen. I just tried this manually before I can start deploying it to my clients.

 

I haven't configured IC to dynamically push the package. Could you please give me pointers on where I can find related documentation?

 

Thanks,

Anand

Contributor
Stanislas P
Posts: 35
Registered: ‎10-18-2010
0

Re: Deploy OAC

hello,

 

when you create the MSI file, you can create an "update package". this package include configuration only.

 

Stanislas

Regular Visitor
anand_s
Posts: 9
Registered: ‎01-28-2010
0

Re: Deploy OAC

Hi Stanislas,

 

I will try that and let you know how I go.

 

Anand

Regular Visitor
anand_s
Posts: 9
Registered: ‎01-28-2010
0

Re: Deploy OAC

Hi Stanislas,

 

That worked perfectly. Thank you for your help.

 

Cheers,

Anand

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.