Ivanti Connect Secure Overview

As you plan your Ivanti Secure Access Client configuration, be sure you know how you want to deploy Ivanti Secure Access Client software. You can use one or more of the following deployment options:

•Use the defaults or make changes to the Ivanti Connect Secure default component set and default connection set, and then download and distribute Ivanti Secure Access Client by having users log in to the Ivanti server’s user Web portal and be assigned to a role. After the installation is complete, users have all the connections they need to access network resources.

•Create the connections that an endpoint needs for connectivity and services, download the settings file (.pulsepreconfig), and download default Ivanti Secure Access Client installation program. For Windows endpoints you run the Ivanti Secure Access Client installation program by using an msiexec command with the settings file as an option. For OS X endpoints, you run the default installer and then import the .pulsepreconfig file using a separate command.

•Distribute Ivanti Secure Access Client with no preconfiguration. You can download the default Ivanti Secure Access Client installation file (.msi format for Windows; .dmg format for Mac) from Ivanti Connect Secure, and then distribute the file to endpoints using your organization’s standard software distribution methods. Because the installer does not contain preconfigured connections, users must define network connections manually. Or you can create dynamic connections on each Ivanti Connect Secure. These connections are automatically downloaded to the installed Ivanti Secure Access Client when users provide their login credentials to the Ivanti server’s user Web portal, and then starts Ivanti Secure Access Client through the Web portal interface. Dynamic connections are created as manual rather than automatic connections, which means that they are run only when the user initiates the connection or the user browses to a Ivanti Connect Secure and launches Ivanti Secure Access Client from the server’s Web interface.

For a Windows installation (.msi) that uses an automated distribution mechanism and where the users do not have administrator privileges, you should ensure that the installation is run in the proper context, typically the USER context. To install in USER context, first advertise the .msi while in the SYSTEM context.

The advertisement allows the installation to be run in USER context even if the user is a restricted (non-admin) user. The location where the advertisement is run and where the actual installation is run must be the same. If the installation is an upgrade, you must advertise the upgrade version before running it.

It is much easier to upgrade Ivanti Secure Access Client by not disabling the automatic upgrade feature on Ivanti Connect Secure.

After the installation is run by the user, Ivanti Secure Access Client will use the correct user certificate and context.

The following tasks summarize how to configure Ivanti Connect Secure

•Create and assign user roles to control who can access different resources and applications on the network. If you are converting your access environment from agentless or a Network Connect environment, you should create new roles that are specific for Ivanti Secure Access Client.

•Define security restrictions for endpoints with Host Checker policies.

•Define user realms to establish authentication domains. If you are converting your access environment from agentless or a NC environment, typically you can use your existing realms.

•Associate the roles with appropriate realms to define your access control hierarchy using role mapping.

•Define Ivanti Secure Access Client component sets, connection sets, and connections.

•Deploy Ivanti Secure Access Client to endpoints.

Ivanti Secure Access Client and IVS

Ivanti Connect Secure and Ivanti Secure Access Client do not support Instant Virtual System (IVS) feature anymore.