Pulse Policy Secure and Pulse Connect Secure include a default connection set and a default component set. These defaults enable you to deploy the Pulse client to users without creating new connection sets or component sets. Pulse Secure solutions work with your existing infrastructure, security and access ecosystem to automate access context sharing, enforcement and threat response. Policies can be used to isolate unknown, unmanaged or compromised endpoints and IoT devices, trigger endpoint remediation, limit remote service access, and even wipe remote mobile devices.
Pulse Secure Client Installation Overview
This section describes how to deploy Pulse for Windows and Pulse for macOS client software from Pulse Policy Secure and Pulse Connect Secure platforms.
Pulse Policy Secure and Pulse Connect Secure include a default connection set and a default component set. These defaults enable you to deploy the Pulse client to users without creating new connection sets or component sets. The default settings for the client permit dynamic connections, install only the components required for the connection, and permit an automatic connection to Pulse Connect Secure or Pulse Policy Secure to which the endpoint connects.
In all deployment scenarios, you must have already configured authentication settings, realms, and roles.
You can deploy the Pulse Secure client to endpoints from Pulse Connect Secure and Pulse Policy Secure in the following ways:
- Web install—With al Web install (also called a server-based installation), users log in to the Pulse server’s Web portal and are assigned to a role that supports a Pulse installation. When a user clicks the link to run Pulse Secure client, the default installation program adds Pulse to the endpoint and adds the default component set and the default connection set. If you do not make any changes to the defaults, the endpoint receives a Pulse installation in which a connection to the Pulse server is set to connect automatically. You can edit the default connection set to add connections of other Pulse servers and change the default options.
Note: The exact mechanism used to launch and install a particular Pulse Secure client from a web browser depends on a number of factors, including:
- The Pulse Secure client (Windows/Mac desktop client, Network Connect, Host Checker, WSAM, Windows Terminal Services, Secure Meeting client) being launched/installed.
- The endpoint operating system type and version.
- The web browser type and version.
- The security settings of the endpoint operating system and browser.
Note: A Web install is not compatible with the Pulse rebranding tool, BrandPackager.
- Preconfigured installer—Create the connections that an endpoint needs for connectivity and services, download the settings file (.pulsepreconfig), and download default Pulse installation program. For Windows endpoints you run the Pulse installation program by using an msiexec command with the settings file as an option. For OS X endpoints, you run the default installer and then import the .pulsepreconfigfile using a separate command.
- Default installer—You can download the default Pulse installation program and distribute it to endpoints using your local organization’s standard software distribution method (such as Microsoft SMS/SCCM). The Pulse Secure client software is installed with all components and no connections. After users install a default Pulse installation, they can add new connections manually through the Pulse client user interface or by using a browser to access a Pulse server’s Web portal. For the latter, the Pulse server’s dynamic connection is downloaded automatically and the new connection is added to the Pulse client’s connections list when the user starts Pulse by using the Pulse server’s Web portal interface. Dynamic connections are created as manual rather than automatic connections, which means that they are run only when the user initiates the connection or the user browses to a Pulse Server and launches Pulse from the server’s Web interface.
If the Windows endpoints in your environment do not have admin privileges, you can use the Pulse Secure Installer program, which is available on the admin console System Maintenance Installers page. The Pulse Secure Installer allows users to download, install, upgrade, and run client applications without administrator privileges. In order to perform tasks that require administrator privileges, the Pulse Secure Installer runs under the client’s Local System account (a powerful account with full access to the system) and registers itself with Windows’ Service Control Manager (SCM). An Active-X control or a Java applet running inside the user’s Web browser communicates the details of the installation processes to be performed through a secure channel between the Pulse server and the client system.
- Installing the Pulse Secure Installer MSI package requires administrator rights to install onto your client systems. If you plan to use the EXE version, administrator rights is not needed as long as a previous version of the access service component (deployed through, for example, JIS, Pulse, and so forth) is already present. If policies are defined for your client with the group policy “Run only Allowed Windows Application”, the following files must be allowed to run in the group policy. If not, client applications might not install.
- dsmmf.exe
- PulseCompMgrInstaller.exe
- PulseSetupClient.exe
- PulseSetupClientOCX.exe
- PulseSetupXP.exe
- uninstall.exe
- x86_Microsoft.*.exe
Pulse Secure Setup Client An Unexpected Error Occurred
- You should ensure that the Microsoft Windows Installer exists on the client system prior to installing the Pulse Secure Installer.
- Your end-users’ client systems must contain either a valid and enabled Java Runtime Engine (JRE) or a current Pulse Connect Secure ActiveX control. If the client systems do not contain either of these software components, the users will be unable to connect to the gateway. If there is no JRE on your end-users’ client systems, you should download an appropriate installer package from Maintenance > System > Installers. The service appears in the Windows Services (Local) list as Neoteris Setup Service. The service starts automatically on install and during client system start up.
Pulse Secure Setup Client 64-bit
Related Documentation