Installing Ziti Desktop Edge on Windows PC or Server 2012/2016

To allow a user utilizing a device with Windows10 or Windows Server 2012/2016 to connect to resources in the NetFoundry network it will be necessary to install and register the NetFoundry Desktop Edge software package onto that device.  These instructions apply to Windows operating systems only.

From the NetFoundry Dashboard with web console click the in the Endpoints tile and then the + in the upper right corner to add a new Endpoint.

 

windows1.jpg

 

windows2.jpg

 

Fill out the CREATE A NEW ENDPOINT form with the ENDPOINT NAME and click CREATE

 

windows3.jpg

 

User is presented the “Your Endpoint has been created” screen.  In this example we will be using the Windows Desktop Edge so the user should download the Registration Key.   This is a .jwt (JSON Web Token) file.  Then click on the SELECT AN INSTALLER to be directed to the endpoints downloads page.  NOTE: The QR code is provided only for NetFoundry Mobile Edge endpoints.

 

windows4.jpg

 

In this example choose Windows Ziti Desktop Edge and click DOWNLOAD.

 

windows5.jpg

 

This brings the user to the NetFoundry Ziti GitHub repository.  There are a list of releases, select the top release and the .exe package from the list of files.

 

window6.jpg

 

Typical windows user will now have 2 files in the downloads folder (unless you chose to download to another location) the .jwt file and the desktop edge .exe.  NOTE: Installer requires elevated permissions. Right click on  Ziti.Desktop Edge Client installer file and select Run as Administrator.

 

Windows7.png

 

This will launch the installation on the user Windows Machine.  Click Next>

 

Windows8.png

 

Keep the default file location unless you have a reason to move to another location.  Select Next>

 

Windows9.png

 

Click Install to execute the installation of the Windows Desktop Edge.  Select to install WinTun driver if prompted. Select YES when prompted in the next screen to allow the application to make changes.

 

Windows10.png

 

Click Run Ziti Desktop Edge when installation completes.

 

Windows11.png

 

 

The Windows Desktop Edge will display and the user will need to click ADD IDENTITY.

 

windows12.jpg

 

You will be brought to your file manager and should navigate to the directory where you saved the .jwt file that was downloaded in the previous steps. Click Open

 

Windows13.png

 

Once the identity has been enrolled and registered you will see any services you have been granted from the AppWAN definitions. Status = Active and the IP/Hostname/Port of rendered services.

 

windows13.jpg

 

windows14.jpg

Impact of Antivirus and Windows Defender

The Ziti Desktop Edge for Windows provides a local DNS server in order to provide the ability to resolve DNS names that are not recognized outside of Ziti. This is powerful functionality and is how the Ziti Desktop Edge for Windows provides a seamless user experience. If this functionality fails it can be a disruptive experience for those who are not well-versed in DNS and Windows networking in general. In order to rule out external issues to the Ziti Desktop Edge for Windows please consider the following:

  • If any anti-virus (AV) software is running - disable it. After the Ziti Desktop Edge is working properly re-enable the AV software and see if your network connectivity is impacted. If it is - disable the AV again and verify the network works again. You will need to figure out what and how the AV is getting in the way and update the AV to allow the Ziti Desktop Edge for Windows functionality to function properly.

  • Check Windows Defender and ensure it is not blocking port 53 on your TUN IP. There is no easy way to do this at this time but you can perform the following steps:

    • open a command window as administrator (if possible)
    • ensure the correct services are started by running: net start. At the end of the list you should see these two services listed: "Ziti Desktop Edge Service" and "Ziti Desktop Monitor Service".
      • If they are not listed start them by typing net start ziti and net start ziti-montitor (if you could not run as administrator this command will likely result in an error response)
  • find the DNS server by typing ipconfig /all and finding the "DNS Servers". You should see a section similar to this:

mceclip0.png

  • Use the FIRST ip address listed (shown above as: 100.64.0.1) and run nslookup to probe the DNS: nslookup github.com 100.64.0.1 you should see a response that looks like this:

mceclip1.png

  • If you do not see this or you get an error response - stop the Ziti data service by issuing: net stop ziti (again this command will fail if you are not administrator)

If you still have a problem please open a ticket with support@netfoundry.io.

 

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.