Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1564
Views
3
Helpful
0
Comments

Deploying ThousandEyes Endpoint Agent using Cisco Secure Client

oatroshc
Cisco Employee
Cisco Employee

on ‎02-20-2024 05:47 AM - edited on ‎08-01-2024 12:37 PM by Cisco Employee

ThousandEyes is a powerful SaaS platform that gives a digital picture of enterprise infrastructure, formed by test views, alerts, dashboards, and other components.

The goal of this article is to show you how to install ThousandEyes Endpoint Agents (EPA) using Cisco Secure Client and connect it with your Cisco Secure Access Platform.

Secure Access is Cisco's cloud-based platform that provides you with multiple levels of defense against internet-based threats. Cisco Secure Access enables you to connect securely to the internet, Software-as-a-Service (SaaS) apps, and your private digital resources, whether you connect from your organization's network or roaming off a network. You can find more info on the Cisco Security Access doc page.

Let’s define the steps we will follow:

  1. Ensure you are operating on Windows 10/Windows 11.
  2. Download the Cisco Secure Access (CSA) Root Certificate and Cisco Secure Access client.
  3. Install the Cisco Secure Access Root Certificate and Cisco Secure Access client.
  4. Register ThousandEyes EPA in the Cisco Secure Access platform.
  5. Verify Cisco Secure Access: check installed EPA at Endpoint Overview and Roaming Devices. 

Step 1. Windows 10/Windows 11 as the platform for EPA deployment.

First, check that you have Windows 10/Windows 11 installed and running. For this article, we are using Windows 10 installed in our lab, but this was also tested with Windows 11.

Step 2. Download the Cisco Secure Access Root Certificate and Cisco Secure Access client.

Cisco Secure Access Root Certificate can be downloaded from the CSA platform with the following steps:

Log into Cisco Secure Access and follow the instructions:

Secure [1] -> Certificates [2]:

oatroshc_0-1708296216195.png

Next, navigate to Internet Destinations [3] -> click on Secure Access root certificate [4] (it will expand) and finally Download the certificate [5]:

oatroshc_1-1708296216196.png

For your convenience, create a new folder named TE_CSA and put the file Cisco_Secure_Access_Root_CA.crt in this directory:

oatroshc_2-1708296215641.png

Now, it's time to download the Cisco Secure Client. You can use:

  • For macOS— cisco-secure-client-macos-5.1.0.136-predeploy-k9.pkg
  • For Windows— cisco-secure-client-win-5.1.0.136-predeploy-k9.msi

The installation will be a .zip file, you can also put it into the same TE_CSA folder as we used before, and unzip it:

oatroshc_3-1708296215641.png
oatroshc_4-1708296215120.png
oatroshc_5-1708296215208.png

Step 3. Installation phase: Cisco Secure Access Root Certificate and Cisco Secure Access client.

Now let's install the Cisco Secure Access Root Certificate. To do this, click on the Cisco_Secure_Access_Root_CA to open the Certificate Import Wizard. As the wizard runs the installation, choose the following options:

Store Location: Local Machine

Place all the certificates in the following store: Trusted Root Certification Authorities.

You can watch this short video (28s) to see the process:

(view in My Videos)

Next, install the Cisco Secure Access client bundle. This short (31s) video shows how to install the bundle:

(view in My Videos)

Step 5. Register ThousandEyes EPA in the Cisco Secure Access platform.

There are two options of how to register ThousandEyes Endpoint Agent on the Cisco Secure Access platform. In both, we will use the CLI command taken from CSA. To see it in the CSA navigate to Experience Insights [1] -> Configure Account [2]:

oatroshc_6-1708296216215.png

Click the Copy link within the highlighted section to copy the needed command in the memory:

oatroshc_7-1708296216212.png

You can select one of two options on how to execute the copied command and register EPA in Cisco SA:

Option 1: open the CMD prompt as an Administrator level account, and paste the copied command from memory into CLI:

oatroshc_8-1708296216245.png
 
oatroshc_9-1708296215646.png

or

Option 2: Open a new text file (for example using Notepad), paste the command into it, and save the file with the .bat extension, so Windows will identify the file as a batch script file:

oatroshc_10-1708296215639.png

You can now just click on te.bat to run the command inside it, and the EPA will be registered on Cisco Secure Access.

To complete the installation and registration process reboot your Windows machine.

Step 5. Verify Cisco Secure Access: check installed EPA at Endpoint Overview and Roaming Devices. 

To make sure the new Endpoint Agent has been registered on CSA, navigate to Experience Insights - > Management,

oatroshc_12-1708296216218.png

and check to make sure the EPA's name is listed under Device Name (in our case this is DESKTOP-POSGPP3):

oatroshc_13-1708296215636.png

You can also verify the EPA DESKTOP-POSGPP3 is also sitting under Resources -> Roaming Devices:

17 Roam.png

And that's it, the Endpoint Agent has been installed and registered on Cisco Secure Access!

If you have any questions or need any help with this, feel free to reach out to the ThousandEyes Support Team. One of the quickest ways to do this is ThousandEyes chat.

Useful links:

 

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents