Uploading an Endpoint Security Assessment Plug-In Package

The Endpoint Security Assessment Plug-in (ESAP) is required by both Pulse Connect Secure and Pulse Policy Secure appliances. The ESAP package is used by the appliance to check third-party applications on endpoints for compliance with the predefined rules configured in a Host Checker policy.

Pulse Secure frequently adds enhancements, bug fixes, and support for new third-party applications to the plug-in. New plug-in package releases are available independently and more frequently than new releases of the system software package. If necessary, you can upload (and optionally activate) an ESAP package independently of upgrading the system software package.

To upload (and optionally activate) an ESAP package from Pulse One, you must perform the following tasks:

•Download the required ESAP package to local storage, see Downloading an ESAP Package.

•Upload the ESAP package to Pulse One, see Uploading an ESAP Package to Pulse One.

•Upload (and optionally activate) the ESAP package to individual appliances or appliance groups, see Uploading ESAP Packages onto Appliances and Appliance Groups.

Downloading an ESAP Package

Download the Endpoint Security Assessment Plug-in from the Pulse Secure Global Support Center (PSGSC) Center to your computer:

1.Open the following page: https://success.ivanti.com/community_contactsupport

2.Click the Software tab.

3.Navigate to the ESAP release you want, and click the link to download the package file to accessible local storage.

After you have downloaded the ESAP package, you can upload it to Pulse One, see Uploading an ESAP Package to Pulse One.

Uploading an ESAP Package to Pulse One

The process of uploading an ESAP package to Pulse One is similar to the upload of system software to Pulse One, see Uploading an Appliance Software Package to Pulse One.

You can upload up to three ESAP packages to Pulse One.

To upload an ESAP package to Pulse One:

1.Log into Pulse One as an administrator.

2.Click the Appliances menu and then the Software tab.

The Software tab lists all Available Software packages present on Pulse One.

3.Click Add Software.

The Upload Software dialog appears.

4.In the Upload Software dialog:

•For Software Type, select ESAP Package.

•Enter a Version number and a Description for the software package.

•Enter the MD5 Hash value for the software package.

•For Select Software, click Browse and locate the ESAP package file.

5.Click Upload.

The upload may take several minutes.

After the upload completes, the new ESAP package is added to the Available Software list on Pulse One. For example:

6.(Optional) If required, you can edit the details for an uploaded ESAP package.

To do this, click the Actions icon for the ESAP package, and then click Edit Software.

7.(Optional) If required, you can delete an uploaded ESAP package from Pulse One.

To do this, click the Actions icon for the ESAP package, and then click Delete Software.

After you have uploaded the ESAP package to Pulse One, you can upload (and optionally activate) individual appliances and appliance groups, see Uploading ESAP Packages onto Appliances and Appliance Groups.

Uploading ESAP Packages onto Appliances and Appliance Groups

After you have uploaded the ESAP package to Pulse One, you can:

•Upload (and optionally activate) ESAP on a single appliance, see Uploading an ESAP Package onto an Appliance.

•Upload (and optionally activate) on all appliances in an appliance group, see Uploading an ESAP Package onto all Target Appliances in a Group.

•Upload (and optionally activate) ESAP on both appliances in a cluster, see Uploading an ESAP Package onto all Appliances in a Cluster.

If you do not activate an uploaded ESAP package, you can activate it later. Please refer to the specific appliance product documentation for details of this procedure.

ESAP uploads from Pulse One are supported on PCS/PPS appliances at version 9.1R1 or later.

Uploading an ESAP Package onto an Appliance

You can upload (and optionally activate) an ESAP package on any registered appliance at version 9.1R1 or later.

Before you can perform an ESAP upload to an appliance, you must upload the required ESAP package onto Pulse One, see Uploading an ESAP Package to Pulse One.

The appliance will continue to operate during the upload, and will not reboot.

To upload (and optionally activate) an ESAP package on a single appliance:

1.Log into Pulse One as an administrator.

2.Click the Appliances menu and then the Appliances tab.

The Appliances tab lists all appliances on Pulse One.

3.Click the Actions icon for the required appliance, and then click Upload ESAP Package.

The Upload ESAP Package dialog appears.

4.For Select Software, choose the required ESAP package.

Full details for the selected package are displayed.

5.(Optional) To automatically activate an uploaded package, select the Activate package check box. For example:

If you do not select the Activate package check box, the package is uploaded but not activated. You can activate it later in the UI for the appliance. Please refer to the specific appliance product documentation for details of this procedure.

6.To start the upload/activation, click Upload.

The Task Status of the appliance updates to show that the upload of the appliance is pending. For example:

The Task Status changes as the process continues, including activation if selected.

The upload (and optional activation) may take several minutes. No reboot is performed.

After this operation completes, the ESAP package upload is complete.

Uploading an ESAP Package onto all Target Appliances in a Group

You can upload (and optionally activate) an ESAP package on the master appliance in an appliance group. When an ESAP package is activated, the other appliances in the group are then updated automatically.

The appliances must be at version 9.1R1 or later.

To perform an ESAP upload on all members of an appliance group:

1.Log into Pulse One as an administrator.

2.Click the Appliances menu and then the Config Groups tab.

The Appliance Configuration Groups tab lists all appliance groups on Pulse One.

3.Click the Actions button for the required appliance group, and then click Upload ESAP Package.

The Upload ESAP Package dialog appears.

4.For Select Software, choose the required ESAP package for the upload.

Full details for the selected package are displayed.

5.(Optional) To automatically activate an uploaded ESAP package, select the Activate package check box. For example:

If you do not select the Activate package check box, the package is uploaded but not activated. You can activate it later in the UI for the Master appliance. Please refer to the specific appliance product documentation for details of this procedure.

6.To start the upload/activation, click Upload.

7.Click the Appliances tab.

The Task Status of each appliance updates to show that the upload is pending.

The Task Status of each appliance changes as the process continues.

Each upload (and optional activation) may take several minutes. No reboots are performed.

After the ESAP package has been uploaded (and optionally activated) on all members of the group (master and target appliances), the ESAP package upload to the group is complete.

Uploading an ESAP Package onto all Appliances in a Cluster

Uploading (and optionally activating) an ESAP package on all appliances in a cluster is similar to the ESAP upload of a single appliance, see Uploading an ESAP Package onto an Appliance.

The appliances must be at version 9.1R1 or later.

You can perform an immediate ESAP upload (and optional activation) on one of the appliances in a cluster, as follows:

•For Active/Active clusters, you can only upload (and optionally activate) an ESAP package on the Leader node. When the ESAP package is activated, all other nodes update automatically.

•For Active/Passive clusters, you can only upload (and optionally activate) the Passive node. When the ESAP package is activated, the Active node updates automatically.

In both cases, no reboot is required.