Deploy Jump Clients from the Administrative Interface

Jump Clients can be pre-installed on remote computers in anticipation of the need for remote access. This method of installation may be applied to one system or multiple systems simultaneously. You can easily automate the mass deployment of your Jump Client network by allowing customization during installation. The Jump Client command line installer has switches which allow a script to modify a variety of Jump Client parameters when executed. This allows you to create custom mass deployment scripts to pull in variables from other sources and use the variables to modify the Jump Client parameters at install time.

  1. From the /login administrative interface, go to Jump > Jump Clients.

Jump > Jump Clients

Jump Client Mass Deployment Wizard

  1. From the dropdown, select whether to pin the Jump Client to your personal list of Jump Items or to a Jump Group shared by other users. Pinning to your personal list of Jump Items means that only you can access this remote computer through this Jump Client. Pinning to a shared Jump Group makes this Jump Client available to all members of that Jump Group.
  1. You may choose a Session Policy to assign to this Jump Client. Session policies are configured on the Users & Security > Session Policies page. A session policy assigned to this Jump Client has the highest priority when setting session permissions.
  1. You may apply a Jump Policy to this Jump Client. Jump Policies are configured on the Jump > Jump Policies page and determine the times during which a user can access this Jump Client. A Jump Policy can also send a notification when it is accessed or can require approval to be accessed. If no Jump Policy is applied, this Jump Client can be accessed without restriction.
  2. Adding a Tag helps to organize your Jump Clients into categories within the access console.
  3. Set the Connection Type to Active or Passive for the Jump Clients being deployed. An active Jump Client maintains a persistent connection to the appliance, while a passive Jump Client instead listens for connection requests. For more information on active versus passive Jump Clients, see Active vs. Passive Jump Clients.
  4. If you have one or more Jumpoints set up as proxies, you can select a Jumpoint to proxy these Jump Client connections. That way, if these Jump Clients are installed on computers without native internet connections, they can use the Jumpoint to connect back to your Bomgar Appliance. The Jump Clients must be installed on the same network as the Jumpoint selected to proxy the connections.
  5. Add Comments, which can be helpful in searching for and identifying remote computers. Note that all Jump Clients deployed via this installer have the same comments set initially, unless you check Allow Override During Installation and use the available parameters to modify the installer for individual installations.
  6. The installer remains usable only as long as specified by the This Installer is Valid For dropdown. Be sure to leave adequate time for installation. If someone should attempt to run the Jump Client installer after this time, installation fails, and a new Jump Client installer must be created. Additionally, if the installer is run within the allotted time but the Jump Client is unable to connect to the appliance within that time, the Jump Client uninstalls, and a new installer must be deployed. The validity time can be set for anywhere from 10 minutes to 1 year. This time does NOT affect how long the Jump Client remains active.

    In addition to expiring after the period given by the This Installer is Valid For option, Jump Client mass deployment packages invalidate when their Bomgar Appliance is upgraded. The only exception to this rule is live updates which change the license count or license expiration date. Any other updates, even if they do not change the version number of the appliance, invalidate the Jump Client installers from before the upgrade. If these installers are MSI packages, they can still be used to uninstall Jump Clients if necessary.

    Once a Jump Client has been installed, it remains online and active until it is uninstalled from the local system either by a logged-in admin user, by a Bomgar user from the access console's Jump interface, or by an uninstall script. A Bomgar user cannot remove a Jump Client unless the user is given appropriate permissions by their admin from the /login interface.

  7. If Attempt an Elevated Install if the Client Supports It is selected, the installer attempts to run with administrative rights, installing the Jump Client as a system service. If the elevated installation attempt is unsuccessful or if this option is deselected, the installer runs with user rights, installing the Jump Client as an application. This option applies only to Windows and Mac operating systems.

    Note: A Jump Client pinned in user mode is available only when that user is logged in. In contrast, a Jump Client pinned in service mode, with elevated rights, allows that system to always be available, regardless of which user is logged in.

    Note: This option does not apply to headless Linux Jump Clients.

  8. If Prompt for Elevation Credentials if Needed is selected, the installer prompts the user to enter administrative credentials if the system requires that these credentials be independently provided; otherwise, it installs the Jump Client with user rights. This applies only if an elevated install is being attempted.
  9. Note: This option does not apply to headless Linux Jump Clients.

Jump Client Mass Deployment Wizard

  1. Once you click Create, you can download the Jump Client installer immediately if you plan to distribute it using a systems management tool or if you are at the computer that you need to later access. You can also email the installer to one or more remote users. Multiple recipients can install the client from the same link. The Platform option defaults to the appropriate installer for your operating system. You can select a different platform if you plan to deploy the Jump Client on a different operating system.
  2. Note: Once the installer has run, the Jump Client attempts to connect to the appliance. When it succeeds, the Jump Client appears in the Jump interface of the access console. If the Jump Client cannot immediately reach the appliance, then it continues to reattempt connection until it succeeds. If it cannot connect within the time designated by This Installer Is Valid For, then the Jump Client uninstalls from the remote system and must be redeployed.

Installation on Windows, Linux, or Mac Systems

Note: To install a Jump Client in service mode on a Linux system, the Jump Client must be installed as root. This will NOT cause the Jump Client to run as root. A service mode Jump Client allows the user to start a session even if no remote user is logged on, as well as to log off the current remote user and log on with different credentials. A Linux Jump Client installed in user mode cannot be elevated within a session.

For system administrators who need to push out the Jump Client installer to a large number of systems, the Windows, Mac, or Linux executable or the Windows MSI can be used with your systems management tool of choice. You can include a valid custom install directory path where you want the Jump Client to install.

You can also override certain installation parameters specific to your needs. These parameters can be specified for both the MSI and the EXE using a systems administration tool or the command line interface. When you mark specific installation options for override during installation, you can use the following optional parameters to modify the Jump Client installer for individual installations. Note that if a parameter is passed on the command line but not marked for override in the /login administrative interface, the installation fails. If the installation fails, view the operating system event log for installation errors.

Command Line Parameter Value Description
--install-dir <directory_path>

Specifies a new writable directory under which to install the Jump Client. This is supported only on Windows and Linux. When defining a custom install directory, ensure that the directory you are creating does not already exist and is in a location that can be written to.

--jc-jump-group

user:<username>
team:<team-code-name>

If override is allowed, this command line parameter overrides the Jump Group specified in the Mass Deployment Wizard.

--jc-session-policy <session-policy-code-name>

If override is allowed, this command line parameter sets the Jump Client's session policy that controls the permission policy during an access session.

--jc-jump-policy <jump-policy-code-name>

If override is allowed, this command line parameter sets the Jump Policy that controls how users are allowed to Jump to the Jump Client.

--jc-tag <tag-name>

If override is allowed, this command line parameter sets the Jump Client's tag.

--jc-comments <comments ... >

If override is allowed, this command line parameter sets the Jump Client's comments.

--silent  

If included, the installer shows no windows, spinners, errors, or other visible alerts.

Note: When deploying an MSI installer on Windows using an msiexec command, the above parameters can be specified by:

  1. Removing leading dashes (--)
  2. Converting remaining dashes to underscores (_)
  3. Assigning a value using an equal sign (=)

Example:

  • msiexec /i bomgar-scc-win32.msi KEY_INFO=w0dc3056g7ff8d1j68ee6wi6dhwzfefggyezh7c40jc90 jc_jump_group=team:server_support jc_tag=servers

There are two exceptions to this rule:

  • installdir has a dash in the EXE version but no dashes in the MSI version.
  • /quiet is used for the MSI version in place of --silent in the EXE version.

Installation on Headless Linux Systems

To install a Jump Client on a remote Linux system with no graphical user interface, be sure you have downloaded the headless Linux Jump Client installer, and then follow these additional steps:

  1. Using your preferred method, push the Jump Client installer file to each headless Linux system you wish to access.
  1. Once the installer file is on the remote system, use a command interface to install the file and specify any desired parameters.
    1. Install the Jump Client in a location to which you have write permission, using --install-dir <path>. You must have permission to write to this location, and the path must not already exist. Any additional parameters must also be specified at this time, as described below.
      • sh ./bomgar-scc-{uid}.bin --install-dir /home/username/jumpclient
    2. If you wish to install under a specific user context, you can pass the --user <username> argument. The user must exist and have rights to the directory where the Jump Client is being installed. If you do not pass this argument, the Jump Client installs under the user context that is currently running.
      • sh ./bomgar-scc-{uid}.bin --install-dir /home/username/jumpclient --user jsmith

      IMPORTANT!

      It is not recommended to install the Jump Client under the root context. If you attempt to install when the current user is root, you receive a warning message and are required to pass --user <username> to explicitly specify the user that the process should run as.

    3. You can also override certain installation parameters specific to your needs. These parameters can be specified for both the MSI and the EXE using a systems administration tool or the command line interface. When you mark specific installation options for override during installation, you can use the following optional parameters to modify the Jump Client installer for individual installations. Note that if a parameter is passed on the command line but not marked for override in the /login administrative interface, the installation fails. If the installation fails, view the operating system event log for installation errors.
      • sh ./bomgar-scc-{uid}.bin --install-dir /home/username/jumpclient --jc-jump-group "Linux Admins" --jc-tag "Headless Linux Systems"

       

      Command Line ParameterValueDescription
      --jc-jump-group

      user:<username>
      team:<team-code-name>

      If override is allowed, this command line parameter overrides the Jump Group specified in the Mass Deployment Wizard.
      --jc-jump-policy<jump-policy-code-name>

      If override is allowed, this command line parameter sets the Jump Policy that controls how users are allowed to Jump to the Jump Client.

      --jc-tag <tag-name>If override is allowed, this command line parameter sets the Jump Client's tag.
      --jc-comments<comments ... >If override is allowed, this command line parameter sets the Jump Client's comments.
  2. After installing the Jump Client, you must start its process. The Jump Client must be started for the first time within the time frame specified by This Installer Is Valid For.
    • /home/username/jumpclient/init-script start

    This init script also accepts the stop, restart, and status arguments. You can use ./init-script status to make sure the Jump Client is running.

    IMPORTANT!

    You must also arrange for init-script start to run at boot in order for the Jump Client to remain available whenever the system restarts.

  3. If you wish to uninstall the Jump Client, you must run its uninstall script.
    • /home/username/jumpclient/uninstall

    Note: Separately and in addition to running the uninstall script, you must remove the Jump Client via the access console. Otherwise, the Jump Client will remain in the access console, though it will not be accessible. Likewise, removing the Jump Client only via the access console prevents it from being accessed but leaves the Jump Client files on the Linux system.