Mass Deployment Overview
Contents
Remote Installation
Cisco Secure Client can be deployed with endpoint management software designed to remotely install applications. This includes tools such as Unified Endpoint Management (UEM) and Remote Management and Monitoring (RMM).
The remote installation options outlined below includes installing both the Cisco Secure Client software and the Umbrella profile (OrgInfo.json), similar to the steps followed in the manual deployment process.
Scripted Installation | • Cisco Secure Client is installed by endpoint management software. • The Umbrella profile information is copied to the endpoint by a post install script or task. |
Mass Deployment Package | • The installation package or source is modified, and the Umbrella configuration profile is bundled with this package or source prior to installation. • The customized package can be installed by endpoint management software with the profile that is already included. |
VPN Headend Deployment | (This option is suitable for customers using Secure Client for VPN.) • The software and profile are uploaded to the VPN headend. • Umbrella is automatically downloaded and installed when the corresponding user connects to the VPN. |
RMM Deployment | (This option is suitable for managed service providers.) Cisco Secure Client can be deployed to multiple end customers using RMM tools. |
Profile Installation
Installing your Umbrella organization profile (OrgInfo.json) is a mandatory step in the deployment process because this file uniquely identifies your Umbrella organization and is required for the Cisco Secure Client to register with Umbrella. The following diagrams show the two main ways in which the Umbrella organization profile can be distributed.
- Bundle Profile – The profile (OrgInfo.json) is bundled with the installation package prior to installation.
- Copy Profile : The profile (OrgInfo.json) is copied to a location in the endpoint (programmatically) after installation. (MDM - Managed Device Manager)
Customization Options
Before performing a mass deployment of Cisco Secure Client, you may consider the following common installation customizations.
- Select Cisco Secure Client Modules
Choose which Cisco Secure Client modules you want to install. For a minimum installation (Umbrella protection only) you must install two modules:
- Core & AnyConnect VPN module
- Umbrella module
Choose the modules using the following methods.
Windows | Using a ‘Pre-Deployment’ package, the modules are provided as individual Microsoft Software Installer (MSIs). Only install the desired .msi files. A minimum of two .msi files must be installed (Core VPN + Umbrella module) |
macOS | Using a ‘Pre-Deployment’ package Cisco Secure Client (and its modules) are installed using a single .dmg image. An ‘install_choices.xml’ file can be provided to the macOS installer to disable unwanted modules. Alternatively, use a ‘Web Deployment’ package, install each Cisco Secure Client module using a separate .dmg image. A minimum of two .dmg image files must be installed (Core VPN + Umbrella module). |
- Disable VPN Functionality
The Core Secure Client VPN module must be installed for the Umbrella module to function. However, the VPN functionality itself is not required and can be disabled ( for macOS and Windows) such that it is not available to users. Each of the installation methods on this page provide options for disabling Cisco Secure Client VPN.
You can disable the VPN functionality using one of these methods:
- During manual installation uncheck the Core & AnyConnect VPN (for Windows and macOS).
- Disable the VPN functionality within a customized .dmg package (macOS).
- Disable the VPN functionality by deploying a special VPN profile (Windows and macOS).
For more information, see How to Disable VPN Functionality in Cisco Secure Client.
- Lockdown Services (Windows)
On Windows, you can customize the installation to prevent users from tampering with Cisco Secure Client. To do this, modify any of the msiexec commands and provide these additional MSI parameters:
- LOCKDOWN=1 : Prevents the service from being stopped.
- ARPSYSTEMCOMPONENT=1 : Hides the program from Programs and Features in Windows.
For more information, see Command Line installation and RMM reference.
Manual Installation of Cisco Secure Client (Windows and macOS) < Mass Deployment Overview > Mass Deployment (Windows)
Updated 3 months ago