Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Access Options on an Infranet Controller User Role (NSM Procedure)

    To provide users access to protected resources, you can configure agent and agentless access for a user role.

    To configure access options on a user role:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the Infranet Controller device for which you want to configure the user- role access option.
    3. Click the Configuration tab. In the configuration tree, select Users > User Roles. The corresponding workspace appears.
    4. Add or open a user role. Click either the Agent or Agentless tab. Add or modify settings as specified in Table 1.
    5. Click one:

      • OK — Saves the changes.
      • Cancel — Cancels the modifications.

    Table 1: User Role Access Configuration Details

    Option

    Function

    Your Action

    Agent tab

    Install Agent for this role

    Allows the user to install the agent for this role.

    Select this option to install the agent for this role.

    Install Java Agent for this role

    Allows the user to download and install the lightweight Java agent for Macintosh or Linux platforms.

    Select this option to install Java agent for this role.

    Enable Host Enforcer

    Enables Host Enforcer on the endpoint and sends Host Enforcer policies to Odyssey Access Client for this role (Windows only).

    Select this option to enable the Host Enforcer for this role.

    • By default, after you enable the Host Enforcer option on a role, Odyssey Access Client denies all traffic on the endpoint except for the following allowed types: traffic to and from the Infranet Controller and Infranet Enforcer, WINS, DNS, IPsec, DHCP, ESP, IKE, outgoing TCP traffic, and some ICMP messages (for example, PING from the endpoint to other devices is allowed). Therefore, it’s important that you configure Host Enforcer policies to specify the additional types of traffic you want to allow on each endpoint. For example, you must configure Host Enforcer policies to allow any incoming TCP traffic. See “Configuring Infranet Enforcer Resource Access Policies (NSM Procedure)”.
    • To avoid blocking all traffic on endpoints and preventing users from accessing all network and Internet resources, we recommend that you configure Host Enforcer policies to allow the specific types of traffic on endpoints before you enable the Host Enforcer option on a role.

    Session start script / Session stop script

    Executes the script after the start or stop of the OAC session.

    Specify the location of the session start scripts / session stop script you want to run on Windows endpoints after Odyssey Access Client connects or disconnects with the Infranet Controller. You can specify a fully qualified path. Scripts can be accessed locally or remotely by means of file share or other permanently available local network resource. You can also use environment variables, such as %USERNAME% in the script path name. For example:

    \\abc\users\%USERNAME%\myscript.bat

    odyssey-settings

    Specifies the IC Access and Preconfigured Installer settings

    Click the odyssey-settings button. See “Configuring OAC Settings for a User Role (NSM Procedure)”.

    Agentless tab

    Enable Agentless Access for this role

    Allows users to use agentless access to access protected resources.

    Select this option to allow access to endpoints in addition to using Odyssey Access Client on Windows machines. If you don’t select the agentless option, the Infranet Controller allows access to protected resources by means of Odyssey Access Client only.

    Note: To configure agentless access, you must also configure a permit infranet auth policy on the Infranet Enforcer to allow access for agentless endpoint platforms. For configuration instructions, see “Configuring Infranet Controller Source IP Access Restrictions (NSM Procedure)”.

    Disable use of AJAX for heartbeats

    Disables use of AJAX for heartbeats.

    Select this option to disable use of AJAX for heartbeats.

    Published: 2012-11-28