NimbostratusWhen using the Big-IP client, I cannot get the webtop to launch. If I connect from a browser, the webtop will launch. I am using APM version 11.5.1.
Since browser support is going away & we are to use the client - I need this to work.
Also, It looks like you have to specify some sort of network access to run the APM Big-IP client - correct?
CirrocumulusAhh... When you run the bigip client... Are you presumably using network access tunnels? And do you have split tunnelling setup so access to the VS DOES NOT pass via the tunnel?
H
NimbostratusI do have split tunneling set up on the network access tunnel but I do not know what VS is. If I do not have a network access tunnel set - the Big-IP client will not connect. Is that the way it is supposed to work?
CirrocumulusOK...
VS == Virtual Server. The one you use to display the webtop...
Normally if you're using the client, it's to create a VPN so that your remote client looks like it's on the local (Internal network).
The webtop is usually used to display a list of available applications for access via a browser (Clientless config).
You wouldn't normally need a webtop if you're using the full client (Although you can).
NimbostratusThen what are we supposed to do when Firefox stops allowing the plug-ins and IE & Safari start blocking the plug-ins?
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15326
How will we be able to display the webtop for people that only need a few portal or app accesses? We are migrating from the Firepass & since this is a new install - I figured I would set it up to use the client and then I did not have to retrofit anything when the browser support stops.
CirrocumulusWell, the webtop is really just a display (Generated by javascript in the browser)... There's no reason any of that has to stop...
I'd say don't panic and see what develops... For example Chrome has the chromestore... It's possible F5 will just have to submit their chrome plugin for inclusion (Just like they & Citrix/VMWare have to for iPhone/iPad).
Plus the plugins are used for network access and verification. If you only use Citrix or VMWare Horizon, I don't think you'll have an issue... That's just a handler. Not a plugin (i.e. the APM delivers a file... .ica for Citrix) and hands that file to the handler app when it downloads it... In Citrix case it's Citrix Receiver. In VMWare it's Horizon View. [Both of which work stand-alone as well. Without plug-in OR F5 client software].
H
NimbostratusThat is correct for us too. The people that need the network access are people that care for the network and systems and know their way around the network so they will not need a webtop. But the other users that just have a few portal and app tunnels - they need the webtop.
Unfortunately, upper management will not allow me to tell the other people to use IE or FireFox only to access F5 apm - they want the Big-ip client to work as well. So I am back to my issue - I need to be able to use the big-ip client to connect to the F5 apm and be able to launch the webtop.
CirrocumulusCirrocumulusOK...
From memory, I think thick-client includes the ability to auto-start apps. So set your thick client (In VPE) to autostart a browser with the URL for an APM that has a webtop configured on it...
I'm going to see if I can find time to look at this myself... FWIW there's alternatives to the NSAPI in Chrome (e.g. NaCl). It's just a matter of time really before someone chooses a path to follow to replace it...
Whether the sandbox allows the network access of course is another matter :) That could prove the sticking point... Although OS's like Mac OS X include VPN natively... PPTP or IPSec only... But LTM includes IPSec support nowadays (e.g. For Tunnels). So maybe that's an alternative...
H
NimbostratusWe only have the APM with the very limited LTM that is included with it. This is to be our SSLVPN solution that replaces the firepass.
The network access connection has a place to list applications to launch. How can I launch a webtop? if i put in the URL to the apm that holds it - it is going to prompt me to log in again.
CirrocumulusIt might be possible to do something with the authentication... Simplest would be no auth and just popup a web top. But you'll probably want to know who the user is. So you might be able to do something imaginative (With an iRule perhaps, I'm not sure the SSO is designed to do this, but I could be wrong) to scrape that info from the existing session...
H
Edge Client supports Network Access resources only. There is no way to show webtop inside Edge Client, at least now. As I understand your problem, you need to configure split tunnel to your applications and configure SSO. In this case APM will remember user's credentials and substitute them when user tries to access the web application.
