EAA Client requirements
Device hardware
The EAA Client can run on a computer (desktop or laptop). The EAA Client runs on Virtual machines (VM) as well. If your applications run on a VM, an additional setup may be required (it's not a recommended solution).
Make sure the computer has at least 256 MB RAM and 200 MB disk space to run the client applications. If you run multiple client applications, check their respective requirements and make sure your computer can support them.
Device usage
The EAA Client should not be installed on shared devices like lab or kiosk computers or multi-user servers.
Operating system
The EAA Client can run the following computer operating systems:
- Microsoft Windows 7 Home/Enterprise edition
- Microsoft Windows 10 Home/Pro/Enterprise edition
- Apple macOS
Also, see Release Notes for the latest EAA Client versions supported on different OS and platforms.
If your computer has any endpoint protection software installed, you need to allow Enterprise Application Access executables based on your operating system. See Configure endpoint protection software for a list of these executables.
Operating system for mobile devices
EAA Client on mobile devices only allows you to check the device posture and does not support tunneling capability. The supported versions are:
- iOS 11 and above (iPad, iPhone, iPod Touch)
- Android 6 and above (phones and tablets)
Network
The following IP addresses and ports must be available in your network:
-
127.50.100.1:9078
(TCP). For control traffic. Sends Enterprise Application Access (EAA) configuration information to EAA Client. -
100.64.0.1:53
(TCP/UDP). For DNS interception. -
TCP port
443
. Your testing environment must allow traffic on this port.
Connector installation
The connector used with the EAA Client needs to have the minimum requirements specified in the Connector installation requirements.
FQDNs and IP addresses used by EAA Client
The FQDNs and IP addresses used by both EAA Client and Device Posture.
You may need to configure these FQDN (fully qualified domain names) and IP addresses into your corporate proxy, secure web gateway or similar equipment.
-
Authentication endpoint
-
Local system endpoint:
100.64.0.1
-
Akamai authentication portal endpoints. FQDN is the URL of the Akamai EAA IdP. IP address depends on where the EAA IdP cloud zone is. To have proper connectivity from Enterprise Application Access Cloud to the connector, you should allow certain IPs. Please contact support for this task.
-
Third-party IdP endpoint. Check with your vendor. For Azure AD, FQDN it is
login.microsoftonline.com
.
-
-
EAA Cloud log collector service endpoint
agentsmith.akamai-access.com
: 13.57.60.83
and 13.57.46.53
-
Application endpoints
-
External application endpoints. FQDN is the application external hostname as configured in Akamai Control Center.
-
Local FQDN: application internal hostname.
-
Local IP ranges that EAA Client uses to intercept traffic for tunnel applications/wildcard domains:
100.64.0.0/11
. -
Local IP ranges that EAA Client uses to intercept traffic for TCP applications:
127.[10-255].0.0.
.
-
-
EAA Client network interface works with
100.64.0.1
. -
Device Posture. Allow the following static URLs if you use Device Posture with EAA Client:
https://signal.dps.akamai-access.com
https://signal-t.dps.akamai-access.com
https://etpcas.akamai.com
Override an existing EAA Client installation
You have the option to override the existing EAA Client version on computer.
- Open the file you downloaded when you first installed EAA Client. If you have the package on your system you get the message:
EAAClient is already present.
Do you want to continue with the install of version 1.3.0.410fc3b-64x?
-
Click Yes to continue the installation, or click No to keep your existing installation.
-
If you continue the installation, your IdP page appears when it completes.
-
Enter your username and password.
The authentication success message appears.
EAA Client version
To check the EAA Client version open EAA Client and click the diagnostics. Version format is the following: <Major>.<Minor>.<Patch>.xxxxxxxx
where xxxxxxxx
is a sequential based build-number. In earlier releases the build-number was a non-sequential hash number.
Device ID akamai-device-id
updates and upgrades
akamai-device-id
updates and upgradesSee how your device ID akamai-device-id
changes with EAA Client installations and upgrades.
- EAA Client installation. Installed EAA Client associates each device with a unique identifier called the device ID
akamai-device-id
. With EAA Client 2.1.0 release, a new algorithm is used to generate the device ID for each device. Due to this change, after you install new EAA Client, each device automatically gets a new device ID.
This change is to address an issue with EAA Client used on computers created using a Microsoft Windows image. A problem may occur that results in the EAA Client reporting duplicate device IDs. When creating the source image for use on multiple computers, certain operating system identifiers used by the EAA Client may be duplicated if not properly prepared.
The EAA Client uses these identifiers to generate a unique device ID for each computer. When installed on computers that are not prepared for it, it may result in duplicate device IDs being reported by multiple computers. EAA Client 2.1.0 addresses this issue.
- Upgrade of EAA Client 2.1.0 or later release. The recommended upgrade procedure for the 2.1.0 or later release is to directly upgrade over existing 2.0.x installations. If the user runs a 1.x version of the EAA Client they must uninstall it before installing version 2.1.0.
If the user has an active EAA session at the time of upgrade, they are automatically logged out. After the user logs in again and resumes application access, the device ID is updated and usage may continue as normal.
After the upgrade, if the user is unable to access apps, then they must log out from the identity provider in all of the browsers and log in again. This synchronizes the new device ID throughout Enterprise Application Access. The user should then be able to continue app access as usual.
Updated 12 months ago