Background
The Client is at the heart of the Appgate SDP system - and provisions access to protected resources. This section brings together information to help with the deployment, installation, configuration and management in respect of the Clients available in the Appgate SDP system.
The Client family
Client can be deployed in many different forms. The compatibility matrix provides a good summary of what is available and the main differences between all the different versions.
Headless Clients are designed for servers where there will be long term connections with no user interactions. These might typically include up and down traffic.
Always-on combines headless with the normal desktop full client in a flip-flop model. So headless will always be running when the user is not signed-in with the full Client. This would typically allow admin access for patching, updates, etc.
Windows Clients come in a number of flavors including: SSO which allows users to authenticate to the network before logging on to Windows (local account), and multi-user which is designed for use on terminal servers used by multiple users at the same time.
The Linux headless Client is used by AppGate in a number different ways including in the Connector for access from unattended devices (think IoT).
Mobile clients are available for iOS, Android, iPadOS, and ChromeOS.
The k8s service Client is designed to run in a sidecar in k8s pods. It provides egress traffic control allowing only specific workloads to access protected hosts (through Gateways). Ingress traffic can be controlled using the URL access feature.
The Client needs to talk to Controllers for
User authentication: user credentials are passed to the Controller for authentication
Token creation/renewal: the Client provides a number of Claims to the Controller for the claims token; tokens created by the Controller are distributed to Gateways via the Client (not directly peer-to-peer);
The Client connects to Gateways via the secure IP tunnel which is used for
Token passing: Tokens are distributed to Gateways by the Client
Passing all tunneled traffic
App health: if app health is being monitored, Gateways will share app health states back to each connected Client
Device Claims: the Client provides claims information on request from Controller or Gateway
Entitlement user interactions: the Gateway alerts the Client if a user interaction is needed
There is a separate section that covers user access problems - Troubleshooting user/device access.