Add Umbrella roaming agent on Mac devices

Stephania
expand collapsive

Is there any possibility for a silent installation of Umbrella roaming agent on my Mac roaming computers? Performed a manual installation on half the devices. Alas! Doing a same on the rest of the devices will definitely burn me out.

All Replies

  • Avatar

    Catherine George

    Hexnode

    Catherine George

    Moderator

    Indeed, you can install the Umbrella Roaming client on the macOS devices silently from the Hexnode console. The automatic installation is straightforward, where you can distribute it like any other enterprise app.

    It involves a series of steps:

    1. Push the configurations for the roaming client using scripts.
    2. Upload the PKG file for the roaming client to the Hexnode app inventory.
    3. Install the application on the target macOS devices.
    4. Distribute root certificate to the devices.

    Let’s discuss each of the steps in detail.

    1. Push the configurations for the roaming client using scripts.

    Initially, you have to download the roaming client zip file for Mac OS X from the Cisco Umbrella dashboard.

    1. Go to Deployments > Core Identities > Roaming Computers.
    2. Select Roaming Client.
    3. Click on Download.
    4. Choose Download macOS Client.
    5. Next, extract the .zip file.

    Since you have begun the installation manually on some devices, you may omit the above step to download the roaming client zip file. However, for users who are about to install the roaming client on a macOS device for the first time, they will have to download and extract the Umbrella roaming client onto it.

    For mass deployments, you can push specific configuration settings unique to your organizational environment. The configuration file (OrgInfo.plist) downloaded along with the roaming client zip file contains the necessary configuration settings. You can make use of these configurations to create a custom shell script.

    For instance,

    #/bin/bash 
    
      
    
    ####Push the configurations#### 
    
     
    
    ###1. creating a folder on the device 
    
      
    
    mkdir "/Library/Application Support/OpenDNS Roaming Client/" 
    
     
    
    ###2. Adding the OrgInfo.plist to the above location 
    
     
    
    cat <<EOF > "/Library/Application Support/OpenDNS Roaming Client/OrgInfo.plist" 
    
     
    
    <?xml version="1.0" encoding="UTF-8"?> 
    
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
    
    <plist version="1.0"> 
    
    <dict> 
    
    	<key>APIFingerprint</key> 
    
    	<string>xxxxxx</string> 
    
    	<key>APIOrganizationID</key> 
    
    	<string>xxxxxx</string> 
    
    	<key>APIUserID</key> 
    
    	<string>xxxxxxx</string> 
    
    	<key>InstallMenubar</key> 
    
            <false/> 
    
    </dict> 
    
    </plist> 
    
    EOF 
    
    

    The following parameters, APIFingerprint, APIOrganizationID, and the APIUserID, will be auto-populated with the relevant data in the OrgInfo.plist file. While you create a custom script, retrieve these values directly from the plist file. After customizing the shell script, you can push the configurations to the macOS device directly from the Hexnode console using the Execute Custom Script action.

    2. Uploading the app to the app inventory

    Next, add the PKG file for the roaming client to the Hexnode app inventory. The zip file includes the PKG file for the Umbrella roaming client already.

    1. Log in to the Hexnode console.
    2. Navigate to the Apps tab.
    3. Go to +Add Apps > Enterprise App.
    4. Choose the app platform as macOS
    5. Provide a suitable App Name.
    6. Specify a Category and Description for the app.
    7. Choose the PKG file.
    8. Click on Add.

    3. Install the application on the target devices.

    After uploading the app to the Hexnode app inventory, you can distribute it to the devices by configuring a Mandatory Apps policy. It automatically installs the roaming client on the macOS endpoints.

    1. From the Hexnode console, go to the Policies tab.
    2. Provide a Policy name and Description.
    3. Navigate to macOS > App Management > Mandatory Apps.
    4. Click on Configure.
    5. Move to the +Add drop-down displayed on top.
    6. Select Add App.
    7. Choose the app which was uploaded and click Done.
    8. Now, navigate to the Policy Targets tab.
    9. Select Device Groups and add the macOS device group if you want to associate the policy with a group of macOS devices. You may also associate the policy with devices separately.
    10. Save the policy.

    4. Distribute root certificate to the devices.

    The advanced Cisco Umbrella features such as Block Page, Block Page Bypass, etc., require the installation of Cisco Umbrella root certificates on the devices. To distribute the root certificate:

    1. Log in to Cisco Umbrella.
    2. Navigate to Deployments > Configuration > Root Certificate and click Download Certificate.
    3. Next, log in to the Hexnode portal.
    4. Move to Policies > New Policy. Specify a policy name and description. You may also use the same Mandatory Apps policy configured for the app installation.
    5. Go to macOS > Security > Certificates.
    6. Click on Add Certificate.
    7. Upload the certificate obtained in step 2.
    8. Add Policy Targets.
    9. Save the policy.

    The root certificates installed on the devices avoid specific certificate warnings or related error pages. Though the error pages are expected during browsing, the messages might be ambiguous if the certificate is not installed.

    I hope this helps you,

    Catherine George,
    Hexnode UEM

  • Stephania

    Stephania

    Participant

    Stephania

    Participant

    Thanks so much.

  • Elian

    Elian

    Participant

    Elian

    Participant

    only mandatory apps possible? can I push the roaming client instantaneously?

  • Avatar

    Catherine George

    Hexnode

    Catherine George

    Moderator

    Certainly! You may also distribute the Cisco Umbrella roaming agent with Install Application remote action.

  • Avatar

    ninaaaa

    Participant

    ninaaaa

    Participant

    I already installed the roaming agent on a device. But, I’m unaware of this mass deployment. Would like to know why should the configuration file be pushed explicitly?

  • Avatar

    Catherine George

    Hexnode

    Catherine George

    Moderator

    Well, the parameters specified on the configuration file play a significant role in determining the behavior and appearance of the roaming client. For example, the parameter InstallMenubar specifies whether to hide the Umbrella roaming client’s tray icon from displaying on the device’s system tray or menu bar. If it is set to false (as above), the roaming client icon will not be displayed on the desktop tray. Or otherwise, choosing the true option adds visibility to the end-user by showing the tray icon. Similarly, you can customize the configurations by modifying the shell script and executing it on the devices.

  • Avatar

    ninaaaa

    Participant

    ninaaaa

    Participant

    I pushed the updated script from Hexnode. Doesn’t seem to work out. the tray icon is still displayed.

  • Avatar

    Catherine George

    Hexnode

    Catherine George

    Moderator

    Concerning an already installed roaming client, you will have to uninstall it, perform a device re-start and re-install the roaming client before executing the modified script.

  • Avatar

    ninaaaa

    Participant

    ninaaaa

    Participant

    This time, it works fine.