Introduction
This document describes how to perform mass deployment of Secure Client and roaming client via standardized images.
Prepare the Umbrella Roaming Client for Inclusion in a Disk Image
When the Umbrella client is installed on a new computer, a unique Device ID is created during the registration process.
If you prepare a disk image after the client registration process has completed, the unique Device ID is also cloned, and all the Umbrella clients using that Device ID receive the same policy and report as the same identity. Therefore it is essential to follow the procedure in order to properly create the disk image and avoid duplicate Device IDs.
Procedure
Secure Client / AnyConnect / Standalone Roaming Client
The methodology for creating the disk image is the same for all Umbrella clients*. You install the client while ensuring that the workstation is offline, thereby preventing the source computer from registering.
- Ensure you have the latest version of the Umbrella client
- Remove the computer from the network
- Prepare your image as normal, including the Umbrella client in the image. Do not reconnect to the network
- Create the image whilst the computer is offline
- When endpoints are first created from the image and connected to the network, the Umbrella software detects that registration has not completed and registers with the Dashboard.
AnyConnect and Standalone Roaming Client are now superseded by Secure Client. Do not deploy them for new installations. The instructions are provided for these clients for posterity.
De-register an Umbrella Installation
If you are working on a source computer that is already registered with Umbrella, the client must be de-registered before preparing the image. This is an alternative to disconnecting the source computer from the network.
Delete these files and folders prior to creating the disk image. This can require you to stop Cisco services to delete the files:
Secure Client (Windows):
%PROGRAMDATA%\Cisco\Cisco Secure Client\Umbrella\OrgInfo.json
%PROGRAMDATA%\Cisco\Cisco Secure Client\Umbrella\data\ (folder)
Secure Client (OSX):
/opt/cisco/secureclient/umbrella/OrgInfo.json
/opt/cisco/secureclient/umbrella/data/ (folder)
AnyConnect:
%PROGRAMDATA%\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella\data\
%PROGRAMDATA%\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella\OrgInfo.json
Anyconnect (OSX):
/opt/cisco/anyconnect/umbrella/OrgInfo.json
/opt/cisco/anyconnect/umbrella/data/ (folder)
Roaming Client (Windows):
%PROGRAMDATA%\OpenDNS\ERC\RoamingProfile.json
%PROGRAMDATA%\OpenDNS\ERC\OrgInfo.json
Roaming Client (OSX):
The client must be re-installed. Uninstall the client and remove this file before you re-install.
/Library/Application Support/OpenDNS Roaming Client/ (folder)
All Clients:
Delete the Roaming Computer identity of the source computer from the Umbrella Dashboard.
Hostnames
Important: The hostname of the computer must be unique in your network in order to register properly! A unique hostname must be provisioned before the computer is connected to the network.
Hostname changed? If the computer hostname does change after registration then the old name can be manually deleted from the Umbrella Dashboard. The new name appears in the dashboard at the next time the client's service starts.
Troubleshoot Duplicate Identities
If these steps are not followed correctly, this can result in 'duplicate' registrations where multiple computers are reporting using the same hostname. Symptoms of the problem include:
- List of computers in 'Deployments > Roaming Computers' does not accurately reflect the number of deployed clients
- All traffic in reporting is being attributed to the same device
To resolve this problem:
- Ensure the client software is updated to the latest version
- Ensure all computers have been given a unique hostname
- Delete the client(s) from 'Deployments > Roaming Computers'
- Recent versions of Umbrella clients re-register automatically when the computer or service is restarted.
Feedback