¶ RMM - Device Based Client Activation
SASE architecture allow IT to deliver networking and security to all locations, applications and users. This happens through tight integration of networking and security delivered through a single cloud platform. But one of the fundamental elements of SASE is its identity-based policy framework.
The identity of users and devices is the foundation of how SASE delivers its policy-driven access. Exium' SASE solution offers both user identity and device identity based access and policies. In the case of the Device Based Client Authentication deployment, described below, the security policies can only be applied at the device or endpoint level. If you desire to apply user level policies, see other methods of deployments here.
For Device Based Deployment, follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Admin console in the left menu bar
- Click on “Users and Devices” → “RMM Deployment” as shown in the screenshot below
- Select your device type (Windows, Mac etc.)
- Copy the script and push it to the user's device (or run locally on the machine for early testing)
Note the script you copy this way already has TOKEN and Workspace name. You do not need to modify the script as it is complete for deployment.
¶ Activate the Client Locally on a Machine for Early Testing
When you like to run the script locally on a Windows machine,
- Click Start (Windows sign on the bottom-left),
- type PowerShell,
- right-click Windows PowerShell, and then
- click Run as administrator.
A PowerShell window will open up where you will paste and run the script you copied earlier.
¶ Fully Automated Deployment
When deploying to hundreds or thousands of devices, the same single push button RMM script can be pushed in one shot with fully automated deployment requiring no further action form the MSP IT admin. All hundreds or thousands of devices will be activated and secured with SASE security in a single-click within minutes.
See, example below where after pushing the above script to a device via RMM, the device registered with the SASE platform and connected with its device name as the “User Name” and the logged in user as the “Full Name”. Note that a workspace can have a combination of device level and user level authentication and policy as you see in the example below. The email field in the case of device-based deployment is not valid as it is not linked to a user. A “dummy” email ID with the device name and workspace name that uniquely identified the device is shown in the admin console.
See below the activity of the device on the dashboards.
¶ Device-Based Activation using CW Automate
Please follow the instructions for Device-Based Activation using ConnectWise Automate.
¶ Device Identity used in the Deployment
The below information is for your information only. Exium's deployment script automatically takes care of getting the device ID and logged in user information during the deployment. The device identity used in the SASE platform is obtained as below.
C:\Users\Farooq Khan>hostname
DESKTOP-OA26B3UIn Exium's admin console, this information is shown in the “User Name” column.
Moreover, we also link the logged in user to the device with the information below, for example for a Windows system. In Exium's admin console, this information ("Farooq Khan" in example below) is shown in the “Full Name” column.
PS C:\WINDOWS\system32> (Get-WMIObject -ClassName Win32_ComputerSystem).Username
DESKTOP-OA26B3U\Farooq Khan¶ Uninstalling Exium Client
To uninstall Exium client, follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Admin console in the left menu bar
- Click on “Users and Devices” → “RMM Deployment” as shown in the screenshot below
- Select your device type (Windows, Mac etc.)
- Copy the script and push it to the user's device (or run locally on the machine for early testing)
- Copy the script under Uninstall and run locally or via RMM
To learn more about implementing SASE for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration. If you are ready to get started, check out our testing and onboarding process.