EAA Client requirements

Device hardware

The EAA Client can run on a computer (desktop or laptop). The EAA Client runs on Virtual machines (VM) as well. If your applications run on a VM, an additional setup may be required (it's not a recommended solution).
Make sure the computer has at least 256 MB RAM and 200 MB disk space to run the client applications. If you run multiple client applications, check their respective requirements and make sure your computer can support them.

Device usage

The EAA Client should not be installed on shared devices like lab or kiosk computers or multi-user servers.

Operating system

The EAA Client can run the following computer operating systems:

  • Microsoft Windows 7 Home/Enterprise edition
  • Microsoft Windows 10 Home/Pro/Enterprise edition
  • Microsoft Windows 11 Home/Pro/Enterprise edition
  • Apple macOS
  • Ubuntu 20.04 LTS.

📘

Note

The EAA Client is not supported with ARM processor (ARM64) on Windows.

Also, see Release Notes for the latest EAA Client versions supported on different OS and platforms.

📘

Note

If your computer has any endpoint protection software installed, you need to allow Enterprise Application Access executables based on your operating system. See Configure endpoint protection software for a list of these executables.

Operating system for mobile devices

EAA Client on mobile devices only allows you to check the device posture and does not support tunneling capability. The supported versions are:

  • iOS 11 and above (iPad, iPhone, iPod Touch)
  • Android 6 and above (phones and tablets)

Network

The following IP addresses and ports must be available in your network:

  • 127.50.100.1:9078 (TCP). For control traffic. Sends Enterprise Application Access (EAA) configuration information to EAA Client.

  • 100.64.0.1:53 (TCP/UDP). For DNS interception.

  • TCP port 443. Your testing environment must allow traffic on this port.

Connector installation

The connector used with the EAA Client needs to have the minimum requirements specified in the Connector installation requirements.

FQDNs and IP addresses used by EAA Client

The FQDNs and IP addresses used by both EAA Client and Device Posture.

You may need to configure these FQDN (fully qualified domain names) and IP addresses into your corporate proxy, secure web gateway or similar equipment.

  • Authentication endpoint

    • Local system endpoint: 100.64.0.1

    • Akamai authentication portal endpoints. FQDN is the URL of the ​Akamai​ EAA IdP. IP address depends on where the EAA IdP cloud zone is. To have proper connectivity from Enterprise Application Access Cloud to the connector, you should allow certain IPs. Please contact support for this task.

    • Third-party IdP endpoint. Check with your vendor. For Azure AD, FQDN it is login.microsoftonline.com.

  • EAA Cloud log collector service endpoint

agentsmith.akamai-access.com: 13.57.60.83 and 13.57.46.53

  • Application endpoints

    • External application endpoints. FQDN is the application external hostname as configured in ​Akamai Control Center​.

    • Local FQDN: application internal hostname.

    • Local IP ranges that EAA Client uses to intercept traffic for tunnel applications/wildcard domains: 100.64.0.0/11.

    • Local IP ranges that EAA Client uses to intercept traffic for TCP applications: 127.[10-255].0.0..

  • EAA Client network interface works with 100.64.0.1.

  • Device Posture. Allow the following static URLs if you use Device Posture with EAA Client:

    https://signal.dps.akamai-access.com
    https://signal-t.dps.akamai-access.com
    https://etpcas.akamai.com

Override an existing EAA Client installation

You have the option to override the existing EAA Client version on computer.

  1. Open the file you downloaded when you first installed EAA Client. If you have the package on your system you get the message:
EAAClient is already present. 
Do you want to continue with the install of version 1.3.0.410fc3b-64x?
  1. Click Yes to continue the installation, or click No to keep your existing installation.

  2. If you continue the installation, your IdP page appears when it completes.

  3. Enter your username and password.
    The authentication success message appears.

EAA Client version

To check the EAA Client version open EAA Client and click the diagnostics. Version format is the following: <Major>.<Minor>.<Patch>.xxxxxxxx where xxxxxxxx is a sequential based build-number. In earlier releases the build-number was a non-sequential hash number.

eaa client version

If you’re using EAA Client 1.x.x, please refer to release note, Oct 15, 2020 — Enterprise Application Access, EAA Client for the upgrade to EAA Client 2.1.0 or later version and impact on akamai-device-id.

Configure endpoint protection software to allow EAA Client traffic

The EAA Client software installed on the user's computer needs to communicate with the Enterprise Center. Endpoint protection software can block this communication. If you have any endpoint protection software installed on your computer, like Symantec Cloud Endpoint Protection you need to:

  • Allowlist EAA Client executables.

  • Create bypasses for the firewall.

  • Configure your endpoint protection software.

  • Allow certain IPs to ensure connectivity to EAA connectors.

Allowlist EAA Client executables

If your computer has any endpoint protection software installed, you need to allow these EAA Client executables (based on your operating system):

  • For a Windows 7 or Windows 10 OS, when EAA Client software is installed under C:\Program Files\EAAClient\ directory, then allow:

    • C:\Program Files\EAAClient\EAAClient.exe
    • C:\Program Files\EAAClient\resources\elevate.exe
    • C:\Program Files\EAAClient\wapptunneld.exe
    • C:\Program Files\EAAClient\winhttp.exe
    • C:\Program Files\EAAClient\autoupdate-windows.exe
    • C:\Program Files\EAAClient\uninstall.exe
    • C:\Program Files\EAAClient\wapprun.exe
    • C:\Program Files\EAAClient\wapprestart.bat
    • C:\Program Files\EAAClient\wappdelclientexe.bat
    • C:\Program Files\EAAClient\wapphide.vbs
    • C:\Program Files\EAAClient\wapprun.bat
    • C:\Program Files\EAAClient\wappstart.bat

The path for these executables changes based on your installation directory.

  • For a macOS allow:

    • /opt/wapp/bin/eaacUininstall
    • /opt/wapp/bin/wapptunneld
    • /Applications/EAAClient.app/Contents/MacOS/EAAClient

Create bypass rules for firewall

A firewall can block traffic to and from your computer. You can configure bypass rules to allow communication between the EAA Client and the Enterprise Center. Set up the following rules in your firewall:

Inbound or OutboundSource or DestinationProtocol/Port
Outbound*TCP/443
Outbound*UDP/53
Inbound127.50.100.1TCP/9078
Inbound100.64.0.1UDP/53

Configure Symantec EndPoint Protection

The below table shows an example of the firewall rules setting for Symantec Cloud Endpoint Protection software to let the EAA Client communicate with the Enterprise Center.

ActiveRule NameAllowDirectionProtocolTypes
HTTPS outAllowOutboundTCPAll
DNS outAllowOutboundUDPAll
EAAClientAllowInboundTCPAll

Allow certain service IPs to ensure connectivity to EAA connectors

To have proper connectivity from Enterprise Application Access Cloud to the connector, you should allow certain IPs. Please contact support for this task.