This bulletin describes the contents of Cisco® Secure Services Client Version 4.1. This is a maintenance upgrade for the 4.0.51 product release and contains feature enhancements and bug fixes identified from the previous product release. The 4.1 release is scheduled to be generally available on March 28, 2007.
New Features
Enterprise Deployment Mechanism
Cisco Secure Services Client Version 4.1 will be the first release of the product to enable large-scale enterprise deployment. This will be accomplished through simplification of the configuration process, which will reduce the time and management required of IT staff to deploy the client, thus lowering the total cost of ownership (TCO) of the client software.
The configuration process has been simplified in the following ways:
The client configuration files have been combined into a unified .xml file, as opposed to the three unique .xml files in earlier versions of the client. This reduces the number of steps for enterprise deployment.
• The unified .xml file will contain:
– Policy Restrictions
– Network Profiles
– Users File
– Trusted Root CA Certificate
– Static WEP Keys
– WPA Pre-Shared Keys
– Trusted Server Validation Rules
– Product License
– PAC
• Any standard XML editor can be used to create or modify the file
• Scripts can be created to create or modify the file
• Automatic generation of configuration files is enabled by running scripts
IT staff can create a .msi file containing the .exe and the .xml, which can be deployed using standard deployment tools, including Microsoft Active Directory GPOs, SMS, Altiris, and Novell Zenworks
Static credentials:
• Cisco Secure Services Client Version 4.1 will include support for configuring static credentials, identity (username), and password, by the administrator for deployment to end-user machines.
Table 1 provides a comparison of the features available in the fully licensed wired/wireless Cisco Secure Services Client and the basic feature set available in the wired-only, non-expiring license.
Table 1. Features Comparison Table
Feature
Wired/Wireless License
Wired-Only (Non-Expiring License)
Enterprise deployment
√
Wi-Fi device compatibility
√
Support for WEP, WPA, WPA2, WPA-enterprise, WPA2-enterprise, Dynamic WEP, WPA-PSK, WPA2-PSK, AES, TKIP
√
Protection of user privacy with EAP "anonymous" access
√
Integration with Cisco Trust Agent
√
Cisco Secure Access Control Server (ACS) compatibility
√
√
Delivers user access policies to any port accessed by a user
√
Centrally deploys Microsoft Active Directory machine or user group policies
√
√
Enables automatic configuration of VLANs
√
√
Comprehensive SSO support for Novell (context and contextless) or Windows login environment
√
√
Interactive user passwords or Windows passwords
√
√
RSA SecureID tokens
√
√
One-time password (OTP) tokens
√
√
Smartcards
√
√
X.509 certificates
√
√
EAP Methods
EAP-MD5
√
EAP-TLS
√
√
EAP-MSCHAPv2
√
√
EAP-GTC
√
√
EAP-TTLS (PAP, CHAP, MSCHAP, MSCHAPv2, EAP-MSCHAPv2, and EAP-MD5)
√
Cisco LEAP
√
EAP-FAST (EAP-MSCHAPv2, EAP-GTC, and EAP-TLS)
√
√
EAP-PEAP (EAP-MSCHAPv2, EAP-TLS, and EAP-GTC
√
Media Support
Wired Ethernet 802.3
√
√
Wi-Fi 802.11a, 802.11b, 802.11g
√
Any 802.1x Wi-Fi access point and wired Ethernet switch
√
Microsoft Internet Authentication Service Compatibility
√
√
Active Directory and user authentication
√
√
Resolved Issues
Table 2 lists issues that have been resolved in Cisco Secure Services Client 4.1.
Table 2. Resolved Issues
Bug or Problem
Resolution
Non-administrative user limitations on managing adapters
Non-administrative users can now properly manage adapters. Having both enabled at the same time results in competition for control of the adapters. When using the Enable/Disable SSC control, Windows Zero Config (WZC) is properly disabled or enabled, respectively.
Smartcard PIN limitations
To prevent the rejection of valid smartcards, the allowed length of the text entry for a PIN is increased to 63 from 8.
Login attempt after cancelled shutdown
Canceling a Windows shutdown no longer causes a fatal Secure Services Client error.
Enabling the Secure Services Client in the presence of a non-authenticated wired connection
An existing, wired, non-authenticating network connection on an unmanaged adapter is no longer broken while enabling the Secure Services Client.
Non-English Windows editions
The Secure Services Client now works with Unicode file names. This means that non-English versions of the supported editions of Windows are capable of properly using files not stored in the default (English-named) folders. Therefore, displaying user-defined text names, such as a network profile name, when associated with these files is corrected.
Clearing credential control
The Clear Stored Credentials control in the Network Configuration Summary dialog for present client or locked network is now supported.
Upgrade Paths
The Cisco Secure Services Client 4.1 is an upgrade to the Cisco Secure Services Client version 4.0.51. To upgrade to the 4.1 version or to download a trial version, please visit http://www.cisco.com/en/US/products/ps7034/index.html
Software Download Options
Table 3 provides detailed information on the available trial versions of the Cisco Secure Services Client.
Table 3. Available Trial Versions
License
Description
90-day trial license
A 90-day trial license is available for the full wired and wireless feature set of the Cisco Secure Services Client. Upon completion of the 90-day period, a valid license key must be purchased. The 90-day trial license key is posted in the download section. This license key must be entered through the activation screen of the client.
Non-expiring wired-only license
A non-expiring license is available for a wired-only version of the client with a limited feature set. (See the New Features section for more information.) This is the default license that comes in the download; it does not require a purchase.
Non-expiring wired and wireless license
A non-expiring license for the full feature set must be purchased using the Cisco standard ordering procedure.
Availability
March 28, 2007
Ordering Information
Table 4. Ordering Information for Cisco Secure Services Client 4.1
