I'm new with UAC, I have some questions according to this device
My question is, does we need to install the OAC manually, if we have 3000 clients? Because it is difficult to us if we have to install it one by one....Or is there any solutions that can automatically install the OAC (example AD with GPO)?
And my last question.
What is the requirement if we have to integrate UAC with Windows native agent? (Any manual guide for this)
is there any advantage/disadvantage between the OAC and Windows native agent?
Thanks and Regards,
OAC can be deployed through several means, the most reliable would be to leverage the sign-in page by configuring your Users roles to "Install agent for this role". This setting can be found by browsing to Users -> User Roles -> Agent tab and then check the box for "Install agent for this role" and save the changes.
By doing things this way you would only need to have your users login to the IC's user page to have the client installed automatically. Furthermore, at Users -> User Roles -> General tab, you can check the box for "Odyssey settings for IC access" and then click the link to modify the configuration which will get pushed to the endpoints.
The differences between the Windows Native supplicant and the OAC are vast and numerous. To keep this post short and to the point, OAC can support our proprietary JUAC protocol which allows the endpoints to be "examined" by Host Checker (for antivirus and patch level analysis) and then remediated into other Roles/VLANs. You do not have this functionality with the Windows Native supplicant.
That being said, there is no specific requirement to connecting the Native agent to your IC as it will only perform basic 802.1x authentications.
I hope that this information helps you Husni, if it does, some kudos would be great ! :-)
Thanks for the reply,
Another question, what is the different between OAC (with license key) and UAC Agent?
Thanks and Regards,
You're welcome Husni.
I thought of something else that you should consider as well, if you decide to use the Sign-in page to install the UAC client, beware that you should have the users connect at certain intervals so that the IC does not become overloaded with traffic as the clients are downloaded. 3000 users connecting and downloading the client simultaneously would definitely not be a good thing.
Many of our customers use Microsoft SMS to push the clients as well. If you decide to go this route, I recommend just using the standard install options and do not try to force a reboot at the end of the install as this has been shown to cause issues due to the asynchronous nature of the installer.
To address your question, the only difference between the two products is that OAC requires individual licenses and the UAC client uses a baked-in site license.
Is it possible to deploy UAC Agent preconfigured with GPO, or the only way is to use SMS server to deploy client.
I try with GPO without success, UAC agent is not correctly installed!
You should be able to deploy the installer through either methods. The only thing that I would be weary of is if the tool you are using to deploy the clients is rebooting the endpoints before the install has completed.
There are a series of install logs that you can check to see if any obvious causes for the problem are logged. The files are as follows:
C:\Program Files\Juniper Networks\Odyssey Access Client\install.log
C:\Program Files\Common Files\Juniper Networks - Each of the components will be in a subdirectory and will also have an install log within which may shed light on the issue.
If you cannot find the issue/solution on your own, I would suggest opening a JTAC case.