EAA Client requirements

Device hardware

The EAA Client can run on a computer (desktop or laptop). The EAA Client runs on Virtual machines (VM) as well. If your applications run on a VM, an additional setup may be required (it's not a recommended solution).
Make sure the computer has at least 256 MB RAM and 200 MB disk space to run the client applications. If you run multiple client applications, check their respective requirements and make sure your computer can support them.

Device usage

The EAA Client should not be installed on shared devices like lab or kiosk computers or multi-user servers.

Operating system

The EAA Client can run the following computer operating systems:

  • Microsoft Windows 7 Home/Enterprise edition
  • Microsoft Windows 10 Home/Pro/Enterprise edition
  • Apple macOS

Also, see Release Notes for the latest EAA Client versions supported on different OS and platforms.

📘

If your computer has any endpoint protection software installed, you need to allow Enterprise Application Access executables based on your operating system. See Configure endpoint protection software for a list of these executables.

Operating system for mobile devices

EAA Client on mobile devices only allows you to check the device posture and does not support tunneling capability. The supported versions are:

  • iOS 11 and above (iPad, iPhone, iPod Touch)
  • Android 6 and above (phones and tablets)

Network

The following IP addresses and ports must be available in your network:

  • 127.50.100.1:9078 (TCP). For control traffic. Sends Enterprise Application Access (EAA) configuration information to EAA Client.

  • 100.64.0.1:53 (TCP/UDP). For DNS interception.

  • TCP port 443. Your testing environment must allow traffic on this port.

Connector installation

The connector used with the EAA Client needs to have the minimum requirements specified in the Connector installation requirements.

FQDNs and IP addresses used by EAA Client

The FQDNs and IP addresses used by both EAA Client and Device Posture.

You may need to configure these FQDN (fully qualified domain names) and IP addresses into your corporate proxy, secure web gateway or similar equipment.

  • Authentication endpoint

    • Local system endpoint: 100.64.0.1

    • ​Akamai​ authentication portal endpoints. FQDN is the URL of the ​Akamai​ EAA IdP. IP address depends on where the EAA IdP cloud zone is. To have proper connectivity from Enterprise Application Access Cloud to the connector, you should allow certain IPs. Please contact support for this task.

    • Third-party IdP endpoint. Check with your vendor. For Azure AD, FQDN it is login.microsoftonline.com.

  • EAA Cloud log collector service endpoint

agentsmith.akamai-access.com: 13.57.60.83 and 13.57.46.53

  • Application endpoints

    • External application endpoints. FQDN is the application external hostname as configured in ​Akamai Control Center​.

    • Local FQDN: application internal hostname.

    • Local IP ranges that EAA Client uses to intercept traffic for tunnel applications/wildcard domains: 100.64.0.0/11.

    • Local IP ranges that EAA Client uses to intercept traffic for TCP applications: 127.[10-255].0.0..

  • EAA Client network interface works with 100.64.0.1.

  • Device Posture. Allow the following static URLs if you use Device Posture with EAA Client:

    https://signal.dps.akamai-access.com
    https://signal-t.dps.akamai-access.com
    https://etpcas.akamai.com

Override an existing EAA Client installation

You have the option to override the existing EAA Client version on computer.

  1. Open the file you downloaded when you first installed EAA Client. If you have the package on your system you get the message:
EAAClient is already present. 
Do you want to continue with the install of version 1.3.0.410fc3b-64x?
  1. Click Yes to continue the installation, or click No to keep your existing installation.

  2. If you continue the installation, your IdP page appears when it completes.

  3. Enter your username and password.
    The authentication success message appears.

EAA Client version

To check the EAA Client version open EAA Client and click the diagnostics. Version format is the following: <Major>.<Minor>.<Patch>.xxxxxxxx where xxxxxxxx is a sequential based build-number. In earlier releases the build-number was a non-sequential hash number.

Device ID akamai-device-id updates and upgrades

See how your device ID akamai-device-id changes with EAA Client installations and upgrades.

  • EAA Client installation. Installed EAA Client associates each device with a unique identifier called the device ID akamai-device-id. With EAA Client 2.1.0 release, a new algorithm is used to generate the device ID for each device. Due to this change, after you install new EAA Client, each device automatically gets a new device ID.

This change is to address an issue with EAA Client used on computers created using a Microsoft Windows image. A problem may occur that results in the EAA Client reporting duplicate device IDs. When creating the source image for use on multiple computers, certain operating system identifiers used by the EAA Client may be duplicated if not properly prepared.

The EAA Client uses these identifiers to generate a unique device ID for each computer. When installed on computers that are not prepared for it, it may result in duplicate device IDs being reported by multiple computers. EAA Client 2.1.0 addresses this issue.

  • Upgrade of EAA Client 2.1.0 or later release. The recommended upgrade procedure for the 2.1.0 or later release is to directly upgrade over existing 2.0.x installations. If the user runs a 1.x version of the EAA Client they must uninstall it before installing version 2.1.0.

If the user has an active EAA session at the time of upgrade, they are automatically logged out. After the user logs in again and resumes application access, the device ID is updated and usage may continue as normal.

📘

After the upgrade, if the user is unable to access apps, then they must log out from the identity provider in all of the browsers and log in again. This synchronizes the new device ID throughout Enterprise Application Access. The user should then be able to continue app access as usual.