Client-access applications

The EAA Client is software that IT administrators can deploy on user machines. An enterprise can control access to nonbrowser-based applications, running locally on a user's machine. This is done by selecting, Client-access Apps when you add a new application. Based on the level of control and flexibility desired by the IT administrator of your organization, they can add and configure two types of client-access applications:
  • TCP-type client-access application. When the IT administrator wants to provide secure access to a single TCP application using a single hostname, they can add and configure, and deploy a TCP-type client-access application. This is created for each application (perApp) and supports TCP only.
    Note: If you are using more than 200 TCP-type client-access applications on macOS platform, you may want to consider using tunnel-type client-access applications.
  • Tunnel-type 2.0 client-access application. When the IT administrator wants to provide secure access to an application, they can define a destination based on protocol type (TCP or UDP or both), hostnames within the organization’s domain (perDomain) or subdomain, private IPV4 addresses with subnets, and specific ports or port ranges. They can add and configure, and deploy a tunnel-type client-access application with this destination definition. Even multiple destination definitions can be pooled into a single tunnel-type 2.0 client-access application for ease of maintenance. For example, one destination might be a private IP addresses to access local printer server, second destination might access an external web portal, and a third destination may access an internal mail server, for the employees of the organization. The IT administrator might want to give selective access to partners and contractors to certain subdomains with DNS exceptions. The tunnel-type 2.0 client-access application relies on DNS resolution in the connector to find the application server IP.

Both types of client-access applications let the IT administrator set up access control rules or services, like the EAA solution used for secure access for HTTP applications. However, tunnel-type client-access applications have some ACL limitations. Tunnel type client access application allow you to provide an internal hostname with subdomains, or a list of single or multiple local IP addresses. To deny access to certain users, IPs, or other parameters, you can set up access control rules.

If the application you are trying to securely access through the EAA Client solution is hosted on multiple application servers within your data center and you need load balancing, use a TCP-type client-access application. Load-balancing capability is not available in a tunnel-type client-access application.

For more information about the TCP-type client-access application, see TCP-type client-access application workflow

For more information about the tunnel-type client-access application, see Tunnel-type client-access application workflow

The EAA Client also provides additional reporting capabilities for the IT administrator to manage all the clients, get an overview of the most popular applications and discover all the applications used by the employees of your organization.