Skip to main content
  • EN

AD_4nXd0f3Fv7_D12zPLYgFcMFr9KJdjagtwkF2m2vLaa7u546ojpqEfmuMFDms6raVl1wl3-xWZKuZMs-BW4nJDfnJX6g-XKRNuR6hiXgJKpmPTZPEexh_wb7lbA2XhEAv5-jz6eepyWA?key=TxXiB1NATJhjc1jq7rNXtlDz

Netskope Global Technical Success (GTS)

Best Practices for Deploying the Netskope Agent on Non-Persistent Azure VDI

 

Netskope Cloud Version - 122

 

Objective

Provide recommendations for deploying the Netskope agent on non-persistent Azure VDI environments.

 

Prerequisite

NG-SWG is required.

 

Context

Deploying the Netskope agent in non-persistent VDI environments ensures consistent security, visibility, and policy enforcement, even in dynamic virtual environments.

Configuration

General Considerations

 

  • Group Configuration: Systems with multiple users must belong to the same group for steering and client configuration. A mismatch in configurations between groups can lead to issues for users accessing these systems.
  • Multi-User Mode: Deploy the client in multi-user mode to accommodate multiple users on a single system.
  • Settings Specific to VDI Systems:
  • Fail Close: This setting should be disabled for VDI environments (client configuration).
  • Auto-Update: Automatic updates should also be disabled for VDIs to avoid conflicts during machine reboots.
  • Dynamic Steering: Ensure that dynamic steering is disabled for VDI systems.
  • Golden Image Deployment: It is recommended to deploy the NSClient on the golden image of the Non-persistent VDI system. This eliminates the need to reinstall the client every time the machine boots.

 

Authentication and User Parameters

 

  • It is recommended to deploy the NSClient using UPN or IdP:
  • UPN: Automatically recognizes the logged-in user and does not prompt for credentials.
  • IdP: Requires users to log in manually*

 

*VDI and IdP Mode: The user experience varies based on the presence of a roaming profile (e.g., FSLogix). With a roaming profile: NSClient branding is saved after initial authentication, and users are not prompted to log in again. Without a roaming profile: Users must authenticate each time they connect to a non-persistent VDI machine.

 

Deployment Steps

 

  • For UPN Deployment

 

To install NSClient in multi-user mode for domain-joined endpoints (with per-user enrollment at login based on UPN), use the following command:

 

msiexec /I NSClient.msi host=addon-<tenant>t.region].<tenant-domain> token=<Organization ID> mode=peruserconfig autoupdate=off

 

Example:

 

msiexec /I NSClient.msi host=addon-corp.skope.com token=ifxqWJDBVoLFxmAUq36v mode=peruserconfig autoupdate=off

 

For detailed prerequisites and additional information, refer to the official documentation:

https://docs.netskope.com/en/netskope-client-for-windows/ - Also please consider all the recommendations in case you have enabled Secure Enrollment: https://docs.netskope.com/en/secure-enrollment/

 

  • For IdP Deployment

 

When deploying the NSClient via IdP, review the prerequisites here: https://docs.netskope.com/en/deploy-netskope-client-via-idp/

 

The installation command for IdP deployment is as follows:

 

msiexec /I NSClient.msi installmode=IDP mode=peruserconfig tenant=<tenant-name> domain=<domain> autoupdate=off

 

  • Post-Deployment Configuration

 

After deploying the agent, it is essential to review the Steering Bypasses to ensure proper functionality. For detailed steps and additional information specific to Azure VDIs, consult the following resource:

 

https://docs.netskope.com/en/azure-virtual-desktop/

 

IMPORTANT:

 

This article provides guidelines and recommendations for achieving an effective deployment of the Netskope agent in non-persistent Azure VDIs. To ensure that all requirements and recommendations are met, it is highly recommended to contact the Netskope Professional Services team. They are experts in deployments across various scenarios and will thoroughly review the configuration and architecture, providing assistance as needed. To contact the PS team, please reach out to your account team at Netskope.

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
Be the first to reply!

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settings