Jul 10, 2020. Prior versions of the Jump clients leave unnecessary leftovers on the client computer. Occasionally we will have to uninstall the Jump Client to clean up the customers system and reinstall. Reasons for Choosing Bomgar. Price, the ability to host the platform in our data centers and that Beyond Trust platform has never been breached. Jump Client Installation. To install a Jump Client in preparation for using smart card support, you must set certain options as described below. From the /login interface of your Secure Remote Access Appliance, go to Jump Jump Clients. Configure the Jump Client settings as needed. The connection type can be either active or passive. Apr 18, 2017.
Bomgar|KACE Integration 101<--------Click to Download PDF*Updated* 9/26/2012
This is a comprehensive guide on how to easily integrate your Bomgar appliance with your K1000. This guide is for Admins who have purchased the Bomgar appliance and NOT a setup guide for a hosted account that comes with the two free licenses.
What is Bomgar?
Answer= A secure remote desktop control option for every computer in your organization. It is a physical appliance or a Virtual Machine. Licenses are based on techs logged into accounts that are created on the Bomgar Appliance.
After implementing the steps in this guide you will be able to launch the Bomgar Jump Client via a Machine Action or allow their Users to request a Bomgar Session via a KACE HelpDesk ticket that will show up in the Bomgar Queue.
System Requirements
Bomgar version 11.1 or greater
Dell KACE K1000 Management Appliance server version 5.2.38773; other versions may work but this is the tested version Network / Firewall configured to allow: HTTP/HTTPS connectivity from the Bomgar Appliance to the web server HTTP/HTTPS connectivity from the web server to Bomgar Appliance
(Note: I had success integrating with KBOX version 5.3.53053)
Configure Dell KACE
In order to use the Bomgar Integration for the Dell KACE K1000 service desk capability, you must modify the ticket form and configure the ticket rules within the appropriate service desk queue as follows:
1. From the administrator KACE Management Center > Service Desk > Configuration, select Queues from the listed options. 2. Select your Service Desk queue by clicking on the name (e.g. Bomgar IT Help Desk, in this example). 3. Select Customize Fields and Layout. This will allow you to add the Bomgar Session Request field to the Ticket Form. 4. Scroll down to the Ticket Layout section, configure a custom field and label the new field, Bomgar Session. Choose the appropriate CUSTOM_# that is available in your environment. Set permissions to Owners Only - Hidden from Users. (Note: Jot down the CUSTOM_#. You will need this information in the future) 5. Once you save the custom field scroll down on the same page, change the Field Type of the custom field to Single Select, and change the Select Values option to Send Request. Leave the Default option blank. Scroll to the bottom and select Save. (Note: The CUSTOM_#âs should correspond) 6. Once your changes are saved, you will be directed back to the Service Desk > Configuration page. From here, select Customize from the Custom Ticket Rules section. Select the Add Ticket Rule Action. 7. Define any criteria to create a dummy, or temporary Ticket Rule (which will later be changed in the SQL query) and select Next. (Note: As a placeholder, you can use Approval - contains â Approved)
8. Similar to step 7, define the next items required with Define Ticket Rule, setting Priority and the Value, and select Done.
(Note: As a placeholder, you can use Priority - change value to â High) 9. Once you complete step 8, you will be directed to the Queue Rule : Edit Detail page. Now you should customize the queries and actions. In this example, the Custom Ticket Rule, Bomgar Session Request, is shown. Now you can customize the rule.
a. First, change the Title to Bomgar Session Request. Next, change the Frequency drop-down to on Ticket Save.
b. SQL Query Enable is enabled and enable Results are tickets, add a comment to each one. Insert the following text in the Comments: Bomgar session has been requested via email.
c. Enable Owners Only.
d. The Select Query area should contain: // ------------------ COPY BETWEEN THESE LINES ------------------------- select HD_TICKET.*, owner.EMAIL as OWNER_EMAIL, if ((LENGTH(owner.FULL_NAME) = 0), owner.USER_NAME, owner.FULL_NAME) as OWNER_NAME, submitter.EMAIL as SUBMITTER_EMAIL from HD_TICKET left outer join USER owner on owner.ID = HD_TICKET.OWNER_ID left outer join USER submitter on submitter.ID = HD_TICKET.SUBMITTER_ID where LENGTH(HD_TICKET.CUSTOM_FIELD_VALUE3) > 0 // ------------------ COPY BETWEEN THESE LINES -------------------------
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Important Note: {HD_TICKET.CUSTOM_FIELD_VALUE3, where 3 is calculated from: CUSTOM_4 â 1 = 3 This is because the custom fields in the ticket layout start with the number 1, while the query variables start with the number 0.} ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
e. Enable the checkbox Send an email for each result row and modify the text to include:
· Subject contains Remote Support Invitation from YourServiceDeskName - [TICK:$id] : $title
· Email Column contains SUBMITTER_EMAIL · Email Body should contain: $owner_name would like to start a support session with you. To do so, please click on the link below and follow the online instructions. https://YourBomgarURL.com/api/start_session.ns?issue_menu=1&customer_name=$submitter_email&external_key=TICK:$id Bomgar enables a support representative to view your screen in order to assist you. Session traffic is fully encrypted to protect your system's data. Once a session has begun, you will be able to end it at any time. f. Within the Send an email for each result row section, make sure that:
· Subject contains Remote Support Invitation from Bomgar IT - [TICK:$id] : $title
· Email body contains:
$owner_name would like to start a support session with you. To do so, please click on the link below and follow the online instructions.
https://YourBomgarURL.com/api/start_session.ns?issue_menu=1&customer_name=$submitter_email&external_key=TICK:$id
Bomgar enables a support representative to view your screen in order to assist you. Session traffic is fully encrypted to protect your system's data. Once a session has begun, you will be able to end it at any time.
g. Enable Run an update query, using the results from the one above. The update query should contain:
update HD_TICKET as T
set T.CUSTOM_FIELD_VALUE3 = ' where (T.ID in (<TICKET_IDS>))
(Note: Be sure to use the correct CUSTOM_FIELD_VALUE identified in the earlier steps.)
10. Now you need to customize the email notifications. Scroll down to the Email on Events: [Customize Emails] section from the queue edit page. The emails you are to customize are Ticket Closed and New Ticket via Email. Select Customize Emails. Scroll down to the Ticket Closed Notification and modify it, as shown below. Change the https://kboxdemo.bomgar.com to https://YourBomgarURL.com.
11. Also, change the Email Ticket Creation Acknowledgement. Change the https://kboxdemo.bomgar.com to https://YourBomgarURL.com.
Congratulations! You have configured your help desk to send the user a link via email to request a session after their ticket has been created!! Letâs test it! End User Initiated Request
1. Ensure a representative is logged into the Bomgar Representative Console to receive the incoming Bomgar Support Session request.
2. As the end user, send an email request to the address of your Dell KACE service desk (e.g. [email protected]).
3. Look for the confirmation email indicating that your ticket has been created. Open this email, and select the link to start a Bomgar Remote Support Session.
4. Download and run the resulting Bomgar Customer Client executable.
(Note: If Click-to-chat is configured, the session will start instantly in Chat Mode in your web browser.)
5. The representative should see the incoming support session request in the Bomgar Representative Console. Double-click to accept the session.
(Note: Configure Bomgar Equilibrium settings for the General queue if you wish to automatically distribute incoming sessions to the next available representative (Bomgar Enterprise licenses only).)
a. While in the session, click on the Summary tab and verify that the External_Key field was automatically populated with the ticket number. b. Enter a couple chat messages. c. Submit some session notes on the Summary tab. d. If you configured the Representative Custom Link, select the Custom Link icon on the tool bar, in the Representative Console, to reference the corresponding ticket in the service desk. e. End the session and close the tab from the Bomgar Representative Console to formally close out the session. 6. Refresh the ticket view to see the updated Bomgar session information. Make sure your email processor is set to process ticket update emails frequently.
Was it a success? If no email was generated for the submitter, check the syntax on your Custom Ticket Rule! :)
Also give the K1000 about 2 minutes to generate the email. Unattended Support (Machine Action)
This section describes how to configure your Dell KACE environment to use âMachine Actionsâ to start a Bomgar unattended remote support session from the Dell KACE K1000 inventory feature. This will allow you to have fast, secure access to servers and desktops using Bomgarâs Jump technology. This patent-pending Jump technology is cross-platform and allows secure remote access to any supported system, even on remote networks. For more details about Jump technology, please see www.bomgar.com/docs.
Jump Clients can be pre-installed on any Bomgar supported client, including Windows, Mac, and Linux. You can either obtain a mass installer Jump Client using /login > Configuration > Jump Clients, or you can install a Jump Client one at a time from the Bomgar Representative Console during a support session. You can also use the push and start Jump function for windows systems; this is also described as a local jump. (Note: The jump client needs to be installed on the machine you are trying to initiate a session with) Using Unattended Support
Either of the following methods can be used with Dell KACE Appliance âMachine Actionsâ to Jump to a remote system.
Determine which Bomgar Jump method you will use (pre-installed Jump Clients, or the Jump-To / Push method).
From the Dell KACE Management Center select Settings > Machine Actions [Edit Mode]
Pre-installed Jump Client Method: To start a support session with a pinned or specific Jump Client, use the following API scripting command: http://YOUR.BOMGAR.SITE/api/client_script.ns?type=rep&operation=generate&action=start_pinned_client_session&search_string=KACE_HOST_NAME
(Note: Only edit 'YOUR.BOMGAR.SITE' in the API scripting command)
Jump-To / Push Method: To push and start a session with a Windows system within a local network, use the following API scripting command:
http://YOUR.BOMGAR.SITE/api/client_script.ns?type=rep&operation=generate&action=push_and_start_local&hostname=KACE_HOST_NAME
When either of these commands is executed a small .bcrs file is downloaded, and the Bomgar Representative Console launches and executes the Jump automatically.
You can use the Machine Actions from the KACE K1000 inventory feature, as shown below. Script to Install the Bomgar Jump Start Client · In the KBox Inventory interface create a Smart Label. You can name this whatever you want but for this example we will use 'Needs Jump Client' · Then make a Smart Label using the following criteria:
o ' Software Title'
o 'Does not contain' o 'Bomgar Jump Client' or 'Bomgar Jump Client [support.example.com]' (where 'support.example.com' is your site name)
· Save the Smart Label and go to the Scripting tab
· Create a new script and set it for 'Online KScript' · Under Dependencies, add your Jump Client Mass Deployment file (If this is an MSI file, be sure you have the KEY_INFO string handy) · Add a Task to 'Launch a program...'
o Directory: C:WindowsSystem32
o File: msiexec.exe (if an MSI file), or the Jump Client installer (if using EXE) o Parameters: /qn /i '$(KACE_DEPENDENCY_DIR)<Jump Client file name>.msi' KEY_INFO=<key info string from download screen>
(Note: Remove the <> from the parameters. The quotes ââ stay and are important for the function of the script )
· Set 'Limit Deployment to selected labels:' for the Smart Label you created
(Note: It is a Best Practice to run the script on a test machine before applying the label)
· Run the script as an Admin User for best results âDomainUsernameâ
· Set a Schedule for the script to run At this point you should have a functioning deployment method for putting Jump Clients on computers that do not currently have Jump Clients installed. The premise being that the computer will check in and if there is no Bomgar Jump Client installed, KBox will apply the Smart Label to that computer. When the Script next runs for all systems with that Smart Label, a Jump Client will be installed thus removing the Smart Label since a Jump Client will be found based on the criteria stated above. Additional Smart Label parameters and other options in the script may be added to further customize the deployment, but these are beyond the scope of this solution. Jump Clients: Manage Settings and Install Jump Clients for Unattended Access
Jump
Jump Clients
Jump Client Mass Deployment Wizard
The Mass Deployment Wizard enables administrators and privileged users to deploy Jump Clients to one or more remote computers for later unattended access.
For more information, please see Remote Support Jump Client Guide: Unattended Access to Systems in Any Network.
Jump Group
From the dropdown, select whether to pin the Jump Client to your personal list of Jump Items or to a Jump Group shared by other users. Pinning to your personal list of Jump Items means that only you can access this remote computer through this Jump Client. Pinning to a shared Jump Group makes this Jump Client available to all members of that Jump Group.
Allow Override During Installation
Some Mass Deployment Wizard settings allow override, enabling you to use the command line to set parameters that are specific to your deployment, prior to installation.
This Installer Is Valid For
The installer remains usable only as long as specified by the This Installer is Valid For dropdown. Be sure to leave adequate time for installation. If someone should attempt to run the Jump Client installer after this time, installation fails, and a new Jump Client installer must be created. Additionally, if the installer is run within the allotted time but the Jump Client is unable to connect to the appliance within that time, the Jump Client uninstalls, and a new installer must be deployed. The validity time can be set for anywhere from 10 minutes to 1 year. This time does NOT affect how long the Jump Client remains active.
In addition to expiring after the period given by the This Installer is Valid For option, Jump Client mass deployment packages invalidate when their Secure Remote Access Appliance is upgraded. The only exception to this rule is live updates which change the license count or license expiration date. Any other updates, even if they do not change the version number of the appliance, invalidate the Jump Client installers from before the upgrade. If these installers are MSI packages, they can still be used to uninstall Jump Clients if necessary.
Once a Jump Client has been installed, it remains online and active until it is uninstalled from the local system either by a logged-in user, by a representative from the representative console's Jump interface, or by an uninstall script. A representative cannot remove a Jump Client unless the representative is given appropriate permissions by their admin from the /login interface.
Public Portal
Select the public portal through which this item should connect for a support session. If a session policy is assigned to this public portal, that policy may affect the permissions allowed in sessions started through this item.
Name
Enter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters.
Comments
Add Comments, which can be helpful in searching for and identifying remote computers. Note that all Jump Clients deployed via this installer have the same comments set initially, unless you check Allow Override During Installation and use the available parameters to modify the installer for individual installations.
Tag
Adding a Tag helps to organize your Jump Clients into categories within the representative console.
Jump Policy
You may apply a Jump Policy to this Jump Client. Jump Policies are configured on the Jump > Jump Policies page and determine the times during which a user can access this Jump Client. If no Jump Policy is applied, this Jump Client can be accessed at any time.
Customer Present Session Policy and Customer Not Present Session Policy
Choose session policies to assign to this Jump Client. Session policies assigned to this Jump Client have the highest priority when setting session permissions. The Customer Present Session Policy applies when the end user is determined to be present. Otherwise, the Customer Not Present Session Policy applies. The way customer presence is determined is set by the Use screen state to detect Customer Presence Jump Client setting. Customer presence is detected when the Jump Client session starts. The session policy used for the session does not change throughout the session, regardless of any changes in the customer's presence while the session is in progress.
Connection Type
This feature is available only to customers who own an on-premises Secure Remote Access Appliance. BeyondTrust Cloud customers do not have access to this feature.
Set the Connection Type to Active or Passive for the Jump Clients being deployed.
Jumpoint Proxy
If you have one or more Jumpoints set up as proxies, you can select a Jumpoint to proxy these Jump Client connections. That way, if these Jump Clients are installed on computers without native internet connections, they can use the Jumpoint to connect back to your Secure Remote Access Appliance. The Jump Clients must be installed on the same network as the Jumpoint selected to proxy the connections.
Attempt an Elevated Install if the Client Supports It
If Attempt an Elevated Install if the Client Supports It is selected, the installer attempts to run with administrative rights, installing the Jump Client as a system service. If the elevated installation attempt is unsuccessful, or if this option is deselected, the installer runs with user rights, installing the Jump Client as an application. This option applies only to Windows and Mac operating systems.
A Jump Client pinned in user mode is available only when that user is logged in. In contrast, a Jump Client pinned in service mode, with elevated rights, allows that system to always be available, regardless of which user is logged in.
Prompt for Elevation Credentials if Needed
If Prompt for Elevation Credentials if Needed is selected, the installer prompts the user to enter administrative credentials if the system requires that these credentials be independently provided; otherwise, it installs the Jump Client with user rights. This applies only if an elevated install is being attempted.
Start Customer Client Minimized When Session Is Started
By selecting Start Customer Client Minimized When Session Is Started, the customer client does not take focus and remains minimized in the taskbar or dock when a session is started through one of these Jump Clients.
Password/Confirm Password
You can also set a Password for these Jump Clients. If a password is set, this password must be provided to modify or use any one of these Jump Clients.
Mass Deploy Help
For system administrators who need to push out the Jump Client installer to a large number of systems, the Windows, Mac, or Linux executable or the Windows MSI can be used with your systems management tool of choice. You can include a valid custom install directory path where you want the Jump Client to install.
You can also override certain installation parameters specific to your needs. These parameters can be specified for both the MSI and the EXE using a systems administration tool or the command line interface. When you mark specific installation options for override during installation, you can use the following optional parameters to modify the Jump Client installer for individual installations. Note that if a parameter is passed on the command line but not marked for override in the /login administrative interface, the installation fails. If the installation fails, view the operating system event log for installation errors.
When deploying an MSI installer on Windows using an msiexec command, the above parameters can be specified by:
MSI Example:
When deploying an EXE installer, the above parameters can be specified by:
EXE Example:
Other rules to consider:
For more information, please see Mass Deploying BeyondTrust Software to Macs.
Download or Install the Client Now
Platform
Install Bomgar Client
Choose the operating system on which you wish to install this software. This dropdown defaults to the appropriate installer detected for your operating system.
Unlike the representative console, Jump Clients installed from an MSI do auto-update.
To install a Jump Client in service mode on a Linux system, the Jump Client installer must be by run by root, but the Jump Client service should not be run under the root user context. A service mode Jump Client allows the user to start a session even if no remote user is logged on, as well as to log off the current remote user and log on with different credentials. A Linux Jump Client installed in user mode cannot be elevated within a session.
Use the following syntax to add executable permissions to the file, wherein {uid} is a unique identifier consisting of letter and numbers:
Download/Install
You can download the installer immediately if you plan to distribute it using a systems management tool or if you are at the computer to which you need later access.
Once the installer has run, the Jump Client attempts to connect to the appliance. When it succeeds, the Jump Client appears in the Jump interface of the representative console. If the Jump Client cannot immediately reach the appliance, then it continues to reattempt connection until it succeeds. If it cannot connect within the time designated by This Installer Is Valid For, then the Jump Client uninstalls from the remote system and must be redeployed.
Deploy to Email Recipients
Email
You can also email the installer to one or more remote users. Multiple recipients can install the client from the same link.
For more information on the Mass Deployment Wizard, please see Deploy Jump Clients During a Support Session or Prior to Support.
Jump Client Statistics
An administrator can choose which statistics to view for all Jump Clients on a site-wide basis. These statistics are displayed in the representative console and include CPU, console user, disk usage, a thumbnail of the remote screen, and uptime.
Active Jump Client Statistics Update Interval
This feature is available only to customers who own an on-premises Secure Remote Access Appliance. BeyondTrust Cloud customers do not have access to this feature.
The Active Jump Client Statistics Update Interval determines how often these statistics are updated. Managing which statistics are viewed and how often can help to regulate the amount of bandwidth used. The more active Jump Clients you have deployed, the fewer the statistics and the longer the interval may need to be.
Upgrade
Maximum bandwidth of concurrent Jump Client upgrades
This feature is available only to customers who own an on-premises Secure Remote Access Appliance. BeyondTrust Cloud customers do not have access to this feature.
You may further regulate the bandwidth used during upgrades by setting Maximum bandwidth of concurrent Jump Client upgrades. The maximum upgrade bandwidth is 100 MiB/s.
This setting does not affect representative console upgrades or Support Button deployments.
Maximum number of concurrent Jump Client upgrades
This feature is available only to customers who own an on-premises Secure Remote Access Appliance. BeyondTrust Cloud customers do not have access to this feature.
Also set the maximum number of Jump Clients to upgrade at the same time. Note that if you have a large number of Jump Clients deployed, you may need to limit this number to regulate the amount of bandwidth consumed. The maximum number allowed is 500.
This setting does not affect representative console upgrades or Support Button deployments.
Global connection rate for Jump Clients
Global connection rate for Jump Clients determines the maximum rate per second of Jump Clients able to connect to the appliance at the same time during an upgrade or after a major network outage. The default is 50 connections and the maximum allowed is 300.
Maintenance
Number of days before Jump Clients that have not connected are automatically deleted
Bomgar Client Download Windows 10
If a Jump Client goes offline and does not reconnect to the Secure Remote Access Appliance for the number of days specified by the Number of days before Jump Clients that have not connected are automatically deleted setting, it is automatically uninstalled from the target computer and is removed from the Jump interface of the representative console.
This setting is shared with the Jump Client during normal operation so that even if it cannot communicate with the site, it uninstalls itself at the configured time. If this setting is changed after the Jump Client loses connection with the appliance, it uninstalls itself at the previously configured time.
The setting must be configured for 15 days or more.
Number of days before Jump Clients that have not connected are considered lost
If a Jump Client goes offline and does not reconnect to the Secure Remote Access Appliance for the number of days specified by the Number of days before Jump Clients that have not connected are considered lost setting, it is labeled as lost in the representative console. No specific action is taken on the Jump Client at this time. It is labeled as lost only for identification purposes, so that an administrator can diagnose the reason for the lost connection and take action to correct the situation.
To allow you to identify lost Jump Clients before they are automatically deleted, this field should be set to a smaller number than the deletion field above.
The setting must be configured for 15 days or more.
You can set Jump Clients to allow or disallow simultaneous Jumps from the Jump > Jump Items > Jump Settings section. If allowed, multiple users can gain access to the same Jump Client without an invitation to join an active session by another user. If disallowed, only one user can Jump to a Jump Client at a time. Only an invitation by the user who originated the session can allow for a second user to access the session.
For more information, please see Configure Jump Client Settings .
Uninstalled Jump Client Behavior
Uninstalled Jump Client Behavior determines how a Jump Client deleted by an end user is handled by the representative console. Depending on the option made in the dropdown, the deleted item can either be marked as uninstalled and kept in the list or actually be removed from the list of Jump Items in the representative console. If the Jump Client cannot contact the Secure Remote Access Appliance at the time it is uninstalled, the affected item remains in its offline state.
Restrict Local Uninstall/Disable of Jump Clients
Restrict Local Uninstall/Disable of Jump Clients limits the remote userâs ability to uninstall or disable Jump Clients from the right-click context menu, reducing the need to reinstall Jump Clients that should not have been uninstalled. If this option is enabled, only users with appropriate privileges on the target machine may uninstall the Jump Client via the host system's 'uninstall programs' mechanism.
Miscellaneous
Jump Client Default Connection Type
This feature is available only to customers who own an on-premises Secure Remote Access Appliance. BeyondTrust Cloud customers do not have access to this feature.
With Jump Client Default Connection Type, set whether Jump Clients pinned during a customer-initiated session should by default be active or passive.
Passive Jump Client Port
This feature is available only to customers who own an on-premises Secure Remote Access Appliance. BeyondTrust Cloud customers do not have access to this feature.
The Passive Jump Client Port specifies which port a passive Jump Client will use to listen for a 'wake up' command from the appliance. The default port is 5832. Ensure that firewall settings allow inbound traffic on this port for your hosts with passive Jump Clients. Once awake, Jump Clients always connect to the appliance on port 80 or 443 outbound.
Allow Representatives to attempt to wake up Jump Clients
Allow Representatives to attempt to wake up Jump Clients provides a way to wake up a selected Jump Client by broadcasting Wake-on-LAN (WOL) packets through another Jump Client on the same network. Once a WOL is attempted, the option becomes unavailable for 30 seconds before a subsequent attempt can be made. WOL must be enabled on the target computer and its network for this function to work. The default gateway information of the Jump Client is used to determine if other Jump Clients reside on the same network. When sending a WOL packet, the user has an advanced option to provide a password for WOL environments that require a secure WOL password.
Use screen state to detect Customer Presence
Install Bomgar Jump Client
Use screen state to detect Customer Presence sets how customer presence is determined. Customer presence is used when choosing whether to use the Customer Present Session Policy or the Customer Not Present Session Policy. If checked, the customer is determined to be present only if a user is logged in, the screen is not locked, and a screen saver is not running. If unchecked, the customer is considered present if a user is logged in, regardless of screen state.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |