Starting in PCS 8.1R12 / PCS 8.2R5 / PPS 5.3R5, Host Checker now supports the V4 version of OPSWAT SDK. By default, OPSWAT V3 SDK will remain enabled until the PCS/PPS administrator is ready to migrate to OPSWAT V4 SDK.
Prerequisites to support OPSWAT V4 SDK
- Standalone Host Checker via browser or Network Connect - None.
- Pulse Secure Desktop client - All endpoints MUST upgrade to Pulse Secure Desktop 5.2R5 before transitioning to OPSWAT SDK V4.
- Confirm all security products are supported in the V4 SDK
If I transition to OPSWAT V4 SDK, what will happen if an end user connects with Pulse Secure Desktop version 5.2R4 and below?
Since Pulse Secure Desktop client 5.2R4 and below does not support the OPSWAT V4 SDK binaries, the Pulse client will be unable to send details to the PCS device and be treated as a failed compliance check. Pulse Secure recommends to upgrade all clients to a compatible version (Pulse Secure Desktop client 5.2R5 and above) before switching to V4 SDK.
After upgrading to Pulse Secure Desktop client 5.2R5, can a end user still connect to an older version of PCS/PPS (prior to 8.1R12 / 8.2R5 / 5.3R5) which uses OPSWAT V3 SDK?
Yes. Pulse Secure Desktop 5.2R5 (and above) is compatible with both OPSWAT V3 and V4 SDK.
How to enable OPSWAT V4 SDK?
- Under Endpoint Security > Host Checker, uncheck the option for Activate Older Opswat SDK in ESAP for Host checker policy evaluation
- Click Activate
After enabling V4 SDK, I am getting prompts stating the product is no longer supported or host checker rules may become empty. What actions are needed before the migration?
During the switch, the administrator may receive prompts due to the following reasons:
- OPSWAT V4 SDK does not support older version of security products (released prior to 2013). If these type of products were configured with using V3 SDK, they will be removed during the switch to V4 SDK. If older version of security products are required, please refer to the Workaround section below.
- Some product and vendor names were changed between V4 and V3 SDK version. For example, "Symantec Corp." in V3 SDK was changed to "Symantec Corporation" in V4 SDK. The administrator should make a note what products or vendors were be affected during the transition and will need to configure the host checker policies with the new names.
If a later version of a security product is not listed and required in your environment, it is recommended to apply the workaround below before completing the V4 migration. Once the migration is complete, host checker will evaluate all existing sessions using the V4 SDK and disconnect any non-compliant sessions or Pulse Secure Desktop client. Additionally, please file a support ticket at https://my.pulsesecure.net
to resolve any issue with V4 SDK.
- Login to the admin console
- Navigate to Authentication > Endpoint Security > Host Checker
- Under Policies, click New
- In the Policy Name field, enter a friendly name
- Select the corresponding operating system the policy applies to
- Under Rule:Settings, select Custom:Process
- Click Add
- In the Rule field, enter a friendly name
- In the Process Name field, enter the required process name for the applicate security product
Follow steps 1 - 9 for each applicable security product.
Once the V4 migration is complete, will only new sessions utilize V4 SDK or does this also impact existing sessions?
Once the migration is complete, Host Checker will evaluate all existing sessions utilizing V4 SDK.
- For administrators who received a prompt about a security product is no longer supported and no applicable product is available, please ensure the workaround is in place before the migration.
- For administrators who did not receive any prompt, existing sessions will evaluate using V4 and will have no impact.