Distribute Aurena Agent in a non-internet environment

Hi,

Not today, I think.

The MSI (the aurena agent installer) does several things:

1. Installs the Aurena Agent program locally. This is really “the agent” and registers it with Chrome so that Chrome knows about it (in layman’s terms).
2. Installs the IFS Aurena Extension (a critical part, it is the glue between IFS Aurena and the agent) by adding some registry values. Then Chrome, I think, installs it when it opens the next time or when it notices the extension should be installed (I think it might monitor certain parts of the registry for changes).
3. Locally saves a fingerprint of the environment’s “HTTPS certificate”.

The problem is the last step since the PC must be online, and be able to access the server. This can be changed, in some way, such that the fingerprinting is done at some other time. But it must be done, eventually, otherwise, the agent will refuse to run. Possibly we could change the installer to allow sending in the fingerprint on the command line, but that remains to be tested. And since this is about security it has to be done in the right way.

If you think there is a big need for this, we should discuss this, and see if we can prioritize this to be changed/enhanced.

By the way, the installer can be run from the command line, in case that is not known (I think that is documented, but I am not sure) and there we can enter the URL to the IFS server.

/Mathias

PS. Why do you/they want to do it?

Thanks,

Regarding the third point, do you mean that PC needs access to the application server or google chrome store server? This is a production silo so each PC will have access to the IFS application server (on prem hosting) but no internet connection. Our idea so far is to manually download the CRX file for the agent from Google chrome store and then manually installing it on each client. The customer is using Edge (chromium version).

The application does not have access to the internet due to Export control, they want to use Aurena Agent mainly to handle automatic check-in of document from user folder.

The IFS application server.

You could try that. Chrome (not sure if it always applies to Chromium) is becoming increasingly restrictive to how and from where we can install Chrome extensions. But if there is a Google-supported way of downloading an extension and install it when not on the internet, then it could work.

And I see now that I did not read your post carefully enough. You wrote “non-internet”, not offline. So this changes things, and the fingerprinting should not be a problem. A possible workaround is to allow the clients to be on the internet when the agent is installed. Then “internet can be turned off.”

I'd say you should look at a software distribution platform or MDM like.

Hi, the customer has still not found a satisfactory solution for how to run Aurena Agent. Have received some additional questions from the customer. @Mathias Dahl  do you know the answers or have any idea who I can reach out to?

1. Why is the Aurena Agent extension not made available on the Microsoft Store (for Edge chromium plugins)? The customer has a solution in place for handling extensions from Microsoft but not from Google.
2. Exactly what data is collected and stored by the extension?
3. How often will the extension be updated?

Best regards//Johan Newman

1. There is no reason other than that we have focused on Chrome (and on Windows). When we started developing the Aurena Agent and realized we needed a Chrome extension as part of the solution, I think Edge Chromium was not even available. Later we have done some testing and we have found that it works in Edge too, with one or a few manual steps. If you/they think we need to add it to the Microsoft Store as well, that’s something that needs to be prioritized like everything else. It might not be hard but it is certainly some work.
2. None. We don’t need to. It’s passing messages between the Aurena client and the Aurena Agent (the local executable/program). There is no need to collect or store any data. It passes along cookies from the Aurena client session such that the agent can do server calls, but that’s the only collecting it does.
3. As seldom as possible and hopefully only as we get bugs reported that can only be fixed by changing the extension, or if we need to develop features that require the extension to be changed.

Thanks @Mathias Dahl! 

I will relay this to the customer. If we would like to make a request to have it added to the Microsoft store to whom should that request be directed?

//Johan

We’re in a transition period between Idea Wall and IFS Community for “ideation” right now, so I would think IFS Community is the place to enter ideas, but I am not sure if that section is open yet. @BenVollmer ? 

@Mathias Dahl  - https://community.ifs.com/ideas is currently open to partners and employees.