Create UDP and TCP applications

Download, configure and use EAA Client for UDP or TCP applications.

These steps are completed by both an Enterprise Application Access (EAA) administrator and the users. First you enable the client in the identity provider (IdP). Next, you can add and configure a TCP-type or Tunnel-type client-access applications.

To install the EAA Client, users or you can download and install it from the Login Portal. By default, the Login Portal presents a download option that is specific to the user's operating system. A user completes the steps in this procedure. You can also download the client from the Login Portal to distribute it to users across their organization. Depending on the operating system, download and install the client:

  1. Install the EAA Client.

  2. Configure EAA Client.

  3. Connect to TCP and UDP applications.

Enable EAA Client in an identity provider

The setting to enable EAA Client is done in an ​Akamai​ or third-party identity provider (IdP) configuration in Enterprise Application Access. By default, the setting to enable EAA Client is disabled. You must enable before you configure a TCP-type or Tunnel-type client-access application.

📘

You can only enable the EAA Client on one identity provider.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Identity > Identity providers.

  3. On the identity provider card, click SETTINGS.

  4. Select Akamai Cloud Zone. The cloud zone should be a geographic location closest to the data center where your application resides.

  5. Click Advanced Settings.

  6. Select Enable EAA Client.

  7. Click Save and go to Deployment.

  8. Deploy the identity provider.

Add a TCP-type client-access application

Add a TCP-type client-access application to EAA Client and configure it's parameters.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. Click Add Application.

  4. In Add custom, select Client-Access App. In Mode select TCP mode (single port, port mapping, load-balancing options).

  5. Enter application name and optional description.

  6. Click Create App and Configure.

  7. In App Settings > Settings configure the following:

    • Application Host. Enter the hostname of the client access application. This is the hostname that the native client uses to communicate with the application or application server. For example, if you are configuring a client like Outlook, this would be the hostname that is associated with Outlook accounts in your organization such as mail.mydomain.com and is used to communicate with Microsoft Exchange.

    • Port. Specify the same port number, as you are going to add for the application App Server IP/FQDN. The EAA Client listens for traffic on this port from the user's computer.

    • Endpoint Host. Enter the external host of your application. This is the cloud endpoint for all communications between the client access application and Enterprise Application Access. Additionally, choose one of the following:

    • Use your domain. If you use your own custom domain, you must provide a certificate configured as a complete bundle with all the subordinates (having the full chain of trust), otherwise you will see a web-socket error. To use an uploaded certificate, select Use uploaded certificates and select the previously uploaded certificate.

    • Use Akamai domain. If you use an ​Akamai​ domain no certificate is needed. For example, Akamai domain.

    The cloud zone should be a geographic location that is closest to the data center where your application server resides. It is in the Client-*form, for example Client-US-East, Client-US-West. Enter closest location to the application in the data center.

  8. Optionally, you can add an application category for the app.

  9. Click Save.

  10. To add connectors to the application click Add or remove connector.

    📘

    More than one connector is recommended for high-availability and load balancing.

  11. Click Done.

    📘

    The connector should run to deploy the application.

  12. Optionally, to add Application Server IP/FQDN to the application configure the following:

    • Server IP/FQDN. Enter the IP address or fully qualified domain name (FQDN).

    • Port. Specify the port of the TCP application. It should be the same port number as you entered in previous steps.

  13. Click Save and go to Authentication.

  14. Click Assign identity provider.
    The identity providers that are enabled for the EAA Client appear.

  15. Select the identity provider which has the directories and groups that access this application.

  16. Click Save and go to Services.
    The Service tab opens to let you configure these optional services.

  17. Click Save and go to Advanced settings, and configure the optional Advanced Settings.
    See Set up advanced settings for an application.
    To provide selective access to an application to certain users, groups or specific time periods, see Add access control rules.

    📘

    For a client-access application, the Enable websocket support option is enabled by default. This option is required to establish a tunnel from the client to the EAA Cloud.

  18. Click Save and go to Deployment.

  19. In Deployment, click Deploy Application.
    This option is only available if all the required fields are completed for the application.

Add a tunnel-type client-access application

Add a tunnel-type client-access application to EAA Client and configure its parameters.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. Click Add Application.

  4. In Type select Client-Access App. In Mode select Tunnel mode (multiple ports, UDP and TCP).

  5. Enter application name and optional description.

  6. Click Create app and configure.

  7. Optionally, click Add icon and select an icon for your application from the gallery.

  8. In GENERAL > Application Identity, configure Destination based on your use case.
    You can configure different traffic types (TCP, UDP or both), different domains (wildcard or specific) or IP based access (with or without subnets), port ranges or specific ports or combinations of both. To add more destinations, click Add Destination and configure the next destination, Destination 2 and so on.

    📘

    If a route for a particular destination already exists, EAA Client does not add the IP address to the routing table, but issues an IP route collision alert.

  9. Configure the following:

    • Endpoint Host. Enter the external host of your application.
      This is the cloud endpoint for all communications between the client access application and Enterprise Application Access. Additionally, choose one of these domains:

    • Use your domain. If you use your own custom domain, you must provide a certificate configured as a complete bundle with all the subordinates (having the full chain of trust), otherwise you get a web-socket error.
      To use an uploaded certificate, select Use uploaded certificates and select the previously uploaded certificate.

    • Use Akamai domain. If you use an Akamai domain no certificate is needed.

    • Akamai Cloud Zone. The cloud zone should be a geographic location closest to the data center where your application resides.

  10. To add connectors to the application, click Add or remove connector, and select a connector from the dialog.

    📘

    More than one connector is recommended for high-availability and load balancing.

  11. Click Done.

    📘

    The connector should run to deploy the application.

  12. Click Save and go to Authentication.

  13. Click Assign Identity Provider, and select an identity provider from the list.

  14. Click Save and go to Services.
    Service opens to let you configure any optional settings.

  15. Click Save and go to Advanced settings, and configure the optional Advanced Settings.
    See Set up advanced settings for an application.
    To provide selective access to an application to certain users, groups or specific time periods, see Add access control rules.
    If you are see performance issues for TCP applications in tunnel mode, click TCP Optimization, for higher throughput.

    📘

    For a client-access application, the Enable websocket support option is enabled by default. This option is required to establish a tunnel from the client to the EAA Cloud.

  16. Click Save and go to Deployment.

  17. In Deployment, click Deploy Application.
    This option is only available if all the required fields are completed for the application.

Limitations of tunnel-type 2.0 client-access applications

Limitations of using multiple destinations with tunnel-type 2.0 client-access applications:

  • You cannot configure the same parameters for two destinations inside a tunnel-type client access application. For example, if you have Destination 1 and Destination 2 with the same parameters for traffic type, IP address host name, and same port you get a warning message.

  • You cannot configure two different tunnel-type client-access applications with the same destination parameters and be associated with the same identity provider. You get a warning message when you deploy the application.

Connect to TCP and UDP applications

Connect EAA Client to your TCP and UDP applications.

  1. Launch your TCP or UDP applications. If EAA Client is stuck in Connecting see Troubleshoot stuck in connecting state.

  2. Log out from your TCP or UDP application.

Customize the download URL for EAA Client

You can customize the download URL for the EAA Client in the user portal to enable validation, and also control the release of the Enterprise Application Access software version. If you do not specify any URL, the default is the ​Akamai​ download location.

You might want to control the version of the Enterprise Application Access software that's distributed to the users, or they might want to test the new version before rolling it into their production environment. You can download the Enterprise Application Access software package on a separate web server and use a customizable download URL location to point to the web server. You can provide this URL to your organization. Employees download the version of the Enterprise Application Access software that you tested and qualified, rather than the latest version of Enterprise Application Access software available on the default ​Akamai​ download location.

  1. Download the EAA Client binaries and upload to your web server.

  2. Update EAA Management Portal with the custom download URL.

Download the EAA Client binaries and upload to your web server

  1. Download the latest version of the EAA Client installation binaries.
https://eaaclientdownloads.akamai-access.com/eaaclientdistro/EAAClient-<version_number>-osx-installer.app.zip

https://eaaclientdownloads.akamai-access.com/eaaclientdistro/EAAClient-<version_number>-osx-installer.dmg

https://eaaclientdownloads.akamai-access.com/eaaclientdistro/EAAClient-<version_number>-x64-windows-installer.exe

https://eaaclientdownloads.akamai-access.com/eaaclientdistro/EAAClient-<version_number>-x86-windows-installer.exe

<version_number> is a string representing the version of the file. With EAA Client 2.4.0, the <version_number> string is composed of Major, Minor, Patch, Release_Code_identifier elements. If the executable is, for example, EAAClient-1.3.0.c8e634ee-windows-installer.exe, the version number is 1.3.0.c8e634ee, where Major = 1, Minor = 3, and Patch = 0, and Release_Code_identifier = c8e634ee.

  • With a new patch release, Patch and Release_Code_identifier change.

  • With a new minor release, Minor, Patch, and Release_Code_identifier change.

  • With a new major release, Major, Minor, Patch, and Release_Code_identifier change.

For example, the downloaded files will change as following:

https://eaaclientdownloads.akamai-access.com/eaaclientdistro/EAAClient-3.0.c8e634ee-osx-installer.app.zip

https://eaaclientdownloads.akamai-access.com/eaaclientdistro/EAAClient-3.0.c8e634ee-osx-installer.dmg

https://eaaclientdownloads.akamai-access.com/eaaclientdistro/EAAClient-3.0.c8e634ee-x64-windows-installer.exe

https://eaaclientdownloads.akamai-access.com/eaaclientdistro/EAAClient-3.0.c8e634ee-x86-windows-installer.exe
  1. Create a folder on your local web server. For example, create a eaaclient_distribution folder:
https://eaaclientdownloads.yourcompany.com/eaaclient_distribution/
  1. Upload the EAA Client installation packages to the folder.

  2. Create a symbolic link to point to the latest EAA Client packages to EAAClient-i386.exe, EAAClient-x64.exe, and EAAClient.dmg. Use the ln command:

ln -s EAAClient-<version_number>-x86-windows-installer.exe EAAClient-i386.exe

ln -s EAAClient-<version_number>-x64-windows-installer.exe EAAClient-x64.exe

ln -s EAAClient-<version_number>-osx-installer.dmg EAAClient.dmg

For future releases, upload the new release packages to the same folder. Update the symbolic links to EAAClient-i386.exe, EAAClient-x64.exe, and EAAClient.dmg, when you want to distribute to users of your organization.

For example, do the following:

ln -s EAAClient-1.3.0.c8e634ee-x86-windows-installer.exe EAAClient-i386.exe

ln -s EAAClient-1.3.0.c8e634ee-x64-windows-installer.exe EAAClient-x64.exe

ln -s EAAClient-1.3.0.c8e634ee-osx-installer.dmg EAAClient.dmg

Update EAA Management Portal with custom download URL

Update EAA Management Portal >> with the custom download URL for your organization.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Identity > Identity providers.

  3. On the identity provider card, click Settings, and select CUSTOMIZATION.

  4. In EAA Client download URL enter the directory URL where the files are located. For example https://eaaclientdownloads.yourcompany.com/eaaclient_distribution/.

  5. Click Save and go to MultiFactor, and Advanced Settings fo any other changes needed.

  6. Click Save and go to Deployment.

  7. Deploy the identity provider.