Showing results for 
Search instead for 
Did you mean: 

migrating to agentless

Frequent Contributor

migrating to agentless

Hi all,

what is the best way to migrate from the UAC odessy client environment to an agentless one,

i would appriciate any tech advise here on how to accomplish this and how to apply it on the IC machine.

currently all the users have a client installed and they are authenticated after successful windows logon the port on the switch is opened to allow them access to the network each by their assigned role of the AD and respected vlan

i would like to simply the proccess and just authenticate the users and allow them access without that client.

Frequent Contributor

Re: migrating to agentless

If you eliminate the OAC client, you lose the ability to assign users to specific VLANs. If you are ok with this, then you will need to use a Juniper firewall (SRX or Netscreen) to control network access to protected resources.

Assuming you are ok with this and have the necessary firewalls, you would need to set your switches to allow all users on to the production entwork, but all resources would be behind the firewalls.

You need to midify your roles to stop installing the OAC client and then enable Agentless access.

Additionally, once the user attempts to reach a protected resrouce, the firewall should implement the captive portal feature which forces the user to authenticate to the IC BEFORE the traffic is allowed through the firewall.

Now, I would not really suggest this approach for one simple reason. It lowers your security posture on your network. By eliminating the 802.1X piece of the puzzle, you allow a rogue PC / device to attach to the network and gain a foothold. While the firewall IS protecting the resources, it would not stop the attacker from doing other things like launching netowrk attacks and possibly comprimising PCs on the same network.

If you setup OAC to run silently, you should not really have any issues to worry about. If you are experiencing issues such as the inability to run GPOs or login scripts or the ability to maange the PCs whiel the user is not logged in, JTAC can help you configure OAC to overcome these issues.

In the end...its your call.

Hope that helps.

Good luck