Datei: Entry-Readme.html
Produkt: Secure Entry Client
Manufacturer: NCP Engineering GmbH, Nuremberg, Germany

Product Description, Installation and Licensing


Universal IPSec Client

The IPSec client can be used in any VPN environment. The client communicates on the basis of the IPsec standard with the gateways provided by a wide variety of vendors* and is the alternative to the uniform IPsec client technology offered on the market. The client software emulates an ethernet LAN adapter. The client has additional features that introduce the user into a holistic remote access VPN solution.

The IPSec client offers:
- Support of all major operating systems
- Dial-in over all transmission networks
- Compatibility with VPN gateways from a wide variety of vendors*
- Integrated personal firewall for more security
- Dialer protection (no misuse by third parties)
- Higher speed in the ISDN (channel-bundling)
- Saving telephone charges (charges and connection management)
- Convenient operation (graphic interface)
- Central management**
*) Compatibility list available on the NCP website www.ncp-e.com
**) optional

Performance range

The IPSec client supports all major 32/64 bits operating systems (Windows 2000, XP, Vista). Connecting to the corporate network is media-type independent, e.g. in addition to ISDN, PSTN analog telephone network, GSM, GPRS, and xDSL, LAN technologies such as WLAN (on the corporate campus and hotspots) or local area networks (branch office network) are also supported. A possible scenario: an employee must access the corporate network from various locations with one and the same end device:
- in the branch office via WLAN
- in the corporate headquarters via LAN
- on the road at hotspots and at customer sites via WLAN or GPRS
- in the home office via xDSL, cable, or ISDN


Notes for Installation


A Setup program performs the installation of the Client Software quickly and smoothly. The installation procedures for all versions of NCP Client Software are the same. The following text describes the procedures for installing the Client Software under Windows 2000/XP and Vista.

Prior to executing setup be sure that the following prerequisites are fulfilled.

Starting with version 8.31 the Client will be installed in the program directory of the operating system (programs\NCP\SecureClient) for a new installation.

Old path: %Windows%\ncple
New path: %Programs%\NCP\SecureClient

For an update in addition the path is used that was entered for the last installation.

Uninstall

If you uninstalled the client, then you have the option to keep the configuration and profile settings in the client directory. If at a later date, a newer client version is installed in the same directory, then all personal data can be used again. If you want to delete the personal data in the client then you will have to confirm this specifically. In such a case all data and directories of the client are removed irretrievably.

Registry repair (RegRep)

The setup program checks the registry entries for each new installation of the client, i.e. even when an older version was uninstalled. If problematic entries are found then they will be adjusted. The setup programme will generate a message to request a restart of the PC.


Prerequisites for Installation


System Requirements

In order to be able to communicate with the Client Software it is essential to have either Microsoft Windows 2000, Windows XP or Windows Vista installed on your PC (min. 128 MB RAM). During the installation you are asked to have your or disks ready, as these will be needed for updating your PC's driver database files. Please insert these when prompted to do so.

Remote Destination

In order to communicate with the remote destination it must support one of the following media types: ISDN, PSTN (analog modem), GSM, GPRS/UMTS, LAN over IP, WLAN or PPP over Ethernet (PPPoE).

Local System

One of the following communication devices must be properly installed:

ISDN adapter (ISDN)
The device (e.g. adapter internal or external) must support the ISDN CAPI 2.0 standard. When using PPP Multilink the software can bundle up to 8 ISDN B-Channels. Any ISDN device supporting the ISDN CAPI 2.0 can be used. Please check your device to be sure that such a driver is available. The Client Software does not support TAPI based ISDN devices.

Analog Modem (Modem)
The Client Software can communicate with any industry standard analogue PC Modem, provided that it and the modem drivers have been properly installed and the Modem Init. String and the COM-Port definition for the modem is correct. The modem has to support Hayes AT commands.
Mobile telephones can also be used for data communication, after the associated software has been installed that presents itself to the client precisely as if it were an analog modem. The serial interface, IR (infrared) interface, or Bluetooth can be used as interface between mobile phone and PC. The opposite side must have the appropriate dial-in platform depending on the transfer rate (GSM, v.110, GPRS or HSCSD). The initialization string in the Secure Client modem configuration must be obtained from the ISP or the manufacturer of the mobile phone.

LAN adapter (LAN over IP)
When the Link Type LAN has been defined the Client Software may be used as a VPN Client in a LAN that communicates across a LAN Network and associated Router to a central site VPN Gateway. When defined as a LAN Client, the Client Software can also be used as a VPN or VPN/PKI Plug-in for Microsoft's RAS (Dial-Up Network) client. Adapters for a wireless LAN (WLAN adapter) are handled exactly like normal LAN adapters.

Broadband Device (xDSL (PPPoE))
Cable Modems, Splitters (e.g. for ADSL), etc. can be used in conjunction with PPP over Ethernet (PPPoE), which is supported by the Client Software. This may be useful for xDSL or other broadband services that employ time based charges.

xDSL (AVM - PPP over CAPI)
The link type "xDSL (AVM - PPP over CAPI)" has been added in the "Basic Settings" configuration field in the telephone book. If an AVM Fritz DSL card is to be used then this link type may be selected . AVM specific init strings may be entered in the field "Destination Phone Number" ("Dial-Up Network" group) for the connection. It is recommended to use the standard setting "xDSL (PPPoE)" with Windows operating systems as this provides direct communication over the network interfaces. No additional network card is necessary with the AVM Fritz! DSL card.

Multifunction card (GRPS / UMTS / HSDPA / HSUPA)
If you are using a multi-function card, special features of the mobile computing can be used depending on the card characteristics. Due to the direct support of the multi-function card for UMTS/GPRS/WLAN through the Secure Client, installation of management software from the card implemented, is not necessary. For currently supported multi-function cards see:
http://www.ncp-e.com/en/service-support/compatiblity/mobile-connect-cards.html

WLAN adapter (WLAN)
The WLAN adapter can be operated with the link type "WLAN". In the monitor menu the special "WLAN settings" menu item is displayed where the access data for the wireless network can be saved in a profile. If this "WLAN configuration" is activated, then the management tool of the WLAN card, or the Microsoft tool must be deactivated. (Alternatively the management tool of the WLAN card or the Microsoft tool can be used as well.)
If the link type WLAN is set for the destination system in the phonebook, then under the graphic field of the Client Monitor an additional area is shown where the field strength and the WLAN network are displayed.
Please note for configuring the WLAN settings the description Mobile Computing.

Automatic Media Detection
If various link types could be used, the client detects automatically which link type actally can be used und selects the fastest one.
On the basis of a pre-configured destination system, those link types that are currently available for the Client PC are detected and implemented, and if multiple alternative transmission paths are available, the fastest will be selected automatically. The link type priority is specified in the following sequence in a search routine: 1. LAN, 2. WLAN, 3. DSL, 4. UMTS/GPRS, 5. ISDN, 6. MODEM.
The configuration is executed in the phonebook with the link type "Automatic media detection" under "Destination system". If desired, all destination systems for the VPN gateway that are pre-configured for this Client PC can be assigned to this automatic media detection. This renders manual selection of a medium (WLAN, UMTS, LAN, DSL, ISDN, MODEM) from the phonebook entries superfluous. Input data for the connection to the ISP are transferred from the available phonebook entries in a manner that is transparent for the user.


Prerequisites for using Certificates

Supported interfaces and formats

The secure client can be used in public key infrastructures as of X.509. V.3 standard and supports the following interfaces/formats:
- Smartcards, USB-Tokens: PKCS#11, TCOS 1.2 and 2.0, CSP
- Soft Certificates: PKCS#12-file
- PC/SC conform chip card reader: The client software supports all chip card readers which conform with PC/SC. The chip card readers are included in a list of the client once the reader is connected and the corresponding driver software has been installed.
- Automatic recognition of connected PC/SC readers: If the use of a PC/SC chip card reader is configured on the client for the PKI environment, the client recognizes and automatically uses the connected one.
This feature can only be used in connection with smartcards which can be addressed directly without interface software such as NetKey chip cards (Telesec).
- PKCS#11 module: Drivers in form of a PKCS#11 library (DLL) are supplied with the software for smartcards or tokens. This driver software has to be installed initially. Then the relevant PKSC#11 module can be selected via an assistant.

CA Certificates

The administrator of the company network determines which certificate issuers can be trusted. This happens by applying the CA certificate of his choice into the installation directory under . The application can happen automatically during software distribution if the issuer certificates are located in the directory during software installation from a data carrier.
Retrospectively, issuer certificates can be distributed automatically via the Secure Management Server (only to Enterprise Clients) or the user can save them himself as long as he has the relevant write permissions in the relevant directory.
Currently the formats *.pem and *.crt are supported for issuer certificates. They can be viewed in the monitor under the main menu item "Connection / Certificates / Display CA certificates".
If the secure client receives the certificate of a remote station, then the NCP client will determine the issuer by searching the issuer certificate initially on smartcard or USB token or in the PKCS#12 file and finally in the installation directory under . If the issuer certificate cannot be found then the connection will not be successful. If no issuer certificates are available, then no connection is allowed.
If Soft Certificates are created with the PKI plug-in of the management server then the issuer certificate is saved in the PKCS#12 file.

Use of a Revocation List (CRL)

The secure client can have access to the corresponding CRL (certificate revocation list) for each issuer certificate. It is applied to the installation directory under . If a CRL is available, then the secure client checks incoming certificates against the CRL. The client downloads the corresponding CRL automatically if the incoming server user certificate includes the certificate extension CDP. If black lists are used, then usually there is no notification if the client has no saved black list for incoming certificates. If a notification is required in such cases then the file NCPPKI.CONF needs to be edited. It is saved in the installation directory. The standard entry in the section [General] is:
Enablecrlinfo = 0
This means that no notifications are displayed if, on the client at the remote station, no black list was found for the certificate. If a notification has to be displayed, then this setting has to be changed to:
Enablecrlinfo = 1


Installing the Client Software


The actual version and later versions of the Client will be tested by the quality assurance only according to the operation systems Windows 2000, Windows XP and Windows Vista. Full functionality cannot be garanteed when using the client under Windows NT, Windows 98 or older Windows versions.

You can obtain the software as EXE file by downloading it from the website under:www.ncp-e.com. The following text describes the procedures for installing the client software under Windows 2000/XP/Vista.

Please note that there are some differences when installing from a hard disk, CD or diskettes.

Installation and Licensing

First the NCP Secure Entry Client is installed as a test version. If you posess a license, you can enter the license data after a reboot of the software by selecting the monitor menu option "License Info and Activation". The test version is valid for 30 days. Without software activation or licensing it will no longer be possible to setup a connection after this 30-day period expires. When 10-days validity remain, a message box will be displayed to remind you that the software has not yet been licensed. For licensing the software please refer to the chapter "Licensing" in the handbook.

Installing from CD

After inserting the CD in the drive of your PC, the welcome window appears on the monitor. Click on "Install Products" and then select the client software version to be installed. All further installation procedures are identical with the installation procedures for installing from removeable disk, from the window "Choose Setup Language".
Default Installation

Installing the client software first you copy the ZIP file you have got with a download or with the CD onto the hard disk of your PC. The filename of the ZIP file displays the number of the verion and build number of the software, e. g.: NCP_EntryCl_Win32_9_10_048.ZIP
Copy the directory out of the ZIP file onto the harddisk. To install the client software select in the windows main menu: Start / Settings / Control Panel. Select "Add/Remove Programs" in the control panel and then click on the "Install" button. Click on "Next" when the window appears which requests the installation CD. When the following window appears click on "Browse" to select the SETUP.EXE file and click on "Finish".

"Choose Setup Language". A window appears where you can select the language to be used for the installation and then click "OK". The "Install Shield Assistant" is now started. It will guide you through the installation.

Read the terms of the Welcome window carefully and click on "Next".

Note the following message und deactivate any VPN Client and Personal Firwall of another manufacturer to avoid data loss.

The next window displayes the software licensed agreement. In order to proceed with the installation of the licensed version click on "Yes". Clicking "No" will stop the installation process.

Default directory for installation is: Programs\ncp\SecureClient. (Under Windows Vista it could also be:Program Files\Funkwerk Secure IPSec Client).

Undependently of "Typical" or "Custom" installation you can select any folder for the software installation by clicking on "Browse". This is particularly important if the user should have no rights on the system root directory.

If you select "Standard Installation"in this window the installation will continue automatically and the setup is finished.

Selecting the "Custom" Installation you can define settings according to your requirements.

In the following window of the "Custom" Installation you define the programmfolder for the client software. (Default setting: "NCP Secure Client"). In the next window you can define whether the Program Icon should be displayed on the desktop or not. Please contact your system administrator or your internet service provider for additional information about your communication gateway. Communication with DHCP (Dynamic Host Control Protocol) means that a temporary IP Address will be assigned automatically for each communication session. If required, click on "Obtain an IP Address from DHCP Server". If you "Specify an IP Address", enter the IP address in this window. Default Gateway: If a network adapter with a Default Gateway is already installed, you will have to delete this Default Gateway Address. It is not possible to have more than one network adapter with a Default Gateway. DNS Address: You should only enter a DNS Address if you have been assigned one from your system administrator or ISP.

Thereafter you can define whether a logon to a remote domain should occur after establishing a connection to the remote destination's NAS, which may necessitate entering the PIN for your certificate and/or your Password (if not already stored in the Client Software). After establishing a connection to the remote destination's NAS, you can logon to the remote domain. This logon will be encrypted.

Please note: Activate this option before the Windows logon, thus the NCP Gina will also be automatically installed. The logon options can also be used only if the NCP Gina is installed after the Windows Gina - which is possible in this setup window. These logon options can be set via the Monitor menu of the Client under "Configuration".

If the logon option is not activated here, and if it will be used at a later point in time, then the NCP Gina can be permanently installed after this setup using the command
rwscmd /ginainstall
See the description "Secure Client Services" in this regard, in the appendix of the manual.

The data will now be copied from the installation CD or removeable disk. The associated network components will now be installed.

This completes the installation of the Client Software. Click the "Finish" button. Before using the Client Software it is necessary to reboot your PC. Click on "Yes, I want to restart my computer now" and then click on "Finish" to reboot your PC.

Assistant for first Configuration

Once you have installed the Client Software and rebooted your PC, the Client Monitor will be automatically displayed on your PC. The "Assistant for first Configuration" will also be displayed, provided that you have installed the Client Software for the first time on your PC and that no previous Phonebook exists from an earlier Client Software. It is located in the installation directory.

If you do not use the assistant for creating such test destinations, then no entries will be added to the phonebook. In this case you will have to create your own phonebook entries, as described in the chapter "Client Monitor" under "New Entry / Destination".

If you use the assistant, click on "Next". If selected then an IPSec test destination will be added to the client's phonebook and the assistant will guide you through the definition of generic parameters. The following access data are created automatically: VPN protocol is IPSec, the Tunnel Endpoint of the VPN gateway is: vpntest.ncp-e.com, XAUTH userID and Password is "ncpipsecnative". The IP address of the DNS server is 172.16.12.100. The link type is LAN.

If a connection via an ISP should be established, the parameters for dial-up must be configured in the profil settings. Setting up the variant with strong security you can use a test certificate.

The PIN of the test certificate is "1234" and must be entered wenn establishing the connection. Once you have saved the test configuration, you can set up immediately a test connection (in LAN mode) by clicking the "Test" button.

For further configuration of a profil refer the description under "Client Monitor, Profil settings" and "Configuration Parameters, IPSec settings".

Tests with the Entry Client

After the test connection and the tunnel to the VPN gateway has been established you can execute the following tests.

Testing with Ping
Enter the following command at the DOS prompt:
C:\>ping 172.16.12.100 ()

Upon successful pinging your reply will look something like this:

Reply from 172.16.12.100: bytes=32 time=109ms TTL=128
Reply from 172.16.12.100: bytes=32 time=96ms TTL=128
Reply from 172.16.12.100: bytes=32 time=82ms TTL=128
Reply from 172.16.12.100: bytes=32 time=69ms TTL=128

The monitor displays the amount of data sent (Tx) and received (Rx) Bytes.
Testing FTP Access
Your access data :
IP Address : 172.16.12.100
User : anonymus

Proceed by the entering the following command at the DOS prompt:
C:\>ftp 172.16.12.100
Connection with 172.16.12.100
220 (vsFTPd 2.0.4)
User (172.16.12.100:(none)): anonymus
230 Login successful
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
SecEntryCl_Linux_de.pdf
SecEntryCl_WinCe_de.pdf
SecEntryCl_WinCe_en.pdf
SecEntryCl_Win_de.pdf
SecEntryCl_Win_en.pdf
226 Directory send OK.
FTP: 64d Bytes received in 0,00 Secounds 407000,00KB/s
ftp> close
ftp> quit
Testing Web Browser functionality
You can also make a test connection to the Web via the existing VPN tunnel link by entering 172.16.12.100 in your Web Browser (or alternatively www.ncp.de. This should connect you to NCP's Web Site.

Licensing

In the "Help" Monitor menu, under the menu option "License Data and Activation", the software version implemented, and possibly the licensed version with serial number, are shown.

The client software is always installed as a test version. If the client software has not yet been installed, or if there is a previously installed older version, then the software has not yet been activated. This also applies if anolder version has already been licensed - then this older version will be reset to the status of a test version, and the license data must be re-entered within 30 days using the activation dialog.

The time remaining until software activation, i.e. the validity period of the test version, is displayed in the message bar of the monitor next to the activation button.

In order to use a full version with no time limitations the software must be released in the activation dialog with the license key and the serial number that you have received. With activation you accept the license conditions that you can view in the activation dialog after clicking on the appropriate button.

The activation dialog can be opened using the activation button in the message bar of the monitor, as well as using the the monitor menu "Help / License Data and Activation". The license data can be entered either online or offline using a wizard.

In the offline variant, a file that is generated after entering the license key and serial number must be sent to the NCP authentication server, and the activation key that will be displayed on the website must be noted. This activation key can be entered in the licensing window of the Monitor menu at a later point in time.

In the online variant, an assistant forwards the licensing data to the web server immediately after entry and thus allowing the software to immediately be released.

Test Version Validity Period

The test version is valid for 30 days. Without software activation or licensing it will no longer be possible to setup a connection after this 30-day period expires.

After installation, each time the software is started the validity period will be shown in the popup window. Moreover in a footer of the Monitor the system will display how long the test version can still be used, and when 10-days validity remain, a message box will be displayed to remind you that the software has not yet been licensed. This message box will appear once a day.

When the trial period has expired, then only those connections to destination systems can be setup with the Entry Client software that are used for software activation/licensing. Thus one of the profiles of the Entry Client can be used to set-up an Internet connection for licensing purposes. Or a connection to the NCP Secure Enterprise Management can be established in order to download a licensed version of the software.

Important:

You must have at least a version 9.0 to activate the Client software under Windows Vista. This is the prerequisite. If a no-charge update to version 9.0 is available to you, then you will receive the associated license key when the software is activated. Otherwise, updates to version 9.0 can be purchased in the NCP e-store or purchased from your NCP dealer.


Software Activation

When the test phase has expired the software must be either activated or de-installed. To activate, select the menu option "License data and activation" in the monitor menu "Help".

Here you can see which software version you have and how the software is licensed, i.e. you can see that the test version has expired and that the software has not yet been activated/licensed.

Click on the license conditions to display the license agreement text. By activating/ licensing the software you accept the license conditions. Click on the "Activation" button to license the software.

In the window that appears, select wether you wish to activate the client online or offline by selecting "Online Activation" or "Offline Activation" respectively.

In the offline variant, a file that is generated after entering the license key and serial number must be sent to the NCP activation server, and the activation key that is then displayed on the website must be noted. In the online variant, an assistant forwards the licensing data to the web server immediately after entry and thus the software is immediately released.

After selecting the type of activation the license data is to be entered in the appropriate fields. Click on "Next"!

Online Variant

With the online variant the license data will be transmitted to the NCP Activation Server via an Internet connection. This Internet connection can either be established via the Data Communications Dialer, via DSL, or via the Entry Client.

If the Internet connection is not set-up via the Entry Client, then the connection must first be established in order to then start the activation assistant via the Monitor menu option, "Help" / License data and activation".

If the Entry Client is used to set-up the connection on the Internet, then a suitable profile must first be established for the Entry Client. Ensure that port 80 is released (for HTTP) if the firewall is activated. (If a proxy server has been configured in the operating system, then these settings can be transferred.) After the profile has been selected, click on "Next" to continue.

The Internet connection via the Entry Client does not have to be set-up prior to activation. It is set-up automatically after the desired existing profile has been selected in the assistant for software activation, and after clicking on the "Next" button.

The software is activated automatically in the specified sequence.

As soon as the activation server detects that you are entitled to a newer software license and that the license key agrees with the installed software, then with online activation the new license key will be transferred automatically (license update), and thus the new features of the software will be released. Please see the section "Updates" at the end of this section for more information.

After concluding the activation process, in the window for the license data you can see that you now have a correctly activated full version.

The number of the software version and of the licensed version can differ if the licensing is only valid for an older version, otherwise the licenses must be updated with a newer license key. To do this click on the "Licensing" button. For more information see the description at the end of the offline variant.

Offline Variant

The offline variant is executed in two steps. In the first step a file is generated after entering the license key and serial number, and is sent to the NCP activation server. The URL is:
http://www.ncp-e.com/en/service-support/software-activation.html
An activation key will be shown on the web site, and you must note this number in order to enter the license key in the licensing window of the Monitor menu in a second step. (This can also be executed at a later point in time.)

The offline variant can be initiated via the monitor menu "Help / License Data and Activation", and select this variant in the first window of the activation assistant. Click on "Next". In the second window of the activation assistant the two steps of the offline activation process are explained. The first step, creation of the activation file is selected automatically. Click on "Next" to continue. In the following window enter the license data and click on "Next".

Enter name and path for the activation file. The default is the installation directory of the software and the name ActiData.txt (with serial number).

Now the activation file is created and this file must be transferred to the Activation Server. For this the NCP web site must be called:
http://www.ncp-e.com/en/service-support/software-activation.html

There are two ways to transfer the activation file to the Activation Server. Either copy the content of the activation file with Copy & Paste, after you have opened the activation file with the Notepad (ASCII editor), into the window that is open on the web site, or click on the "Browse" button and select the activation file. Click on "Send"!

Then the activation code will be generated and displayed on the web site. Note the activation code and continue the activation process under the menu option "Help" / License data and activation", by executing the second step of the activation in the offline variant.

If the Activation Server detects that you are entitled to a newer software license and that the license key agrees with the installed software, then with the online activation the new license key will be displayed automatically. If you want to activate the new features then note the new license key, conclude the activation process, and then use the new license key.

The second step of the offline variant is triggered via the monitor menu "Help" "License data and activation". After the offline variant has been selected, select the second step. An activation assistant window will open where you can enter the activation code. After you have entered the activation code you can click on "Next".
Offline activation is completed with the following window.

After concluding the activation process, you will see that you now have a correctly activated full version, in the window for the license data.

The number of the software version and the number of the licensed version can differ if the licensing is only valid for an older version.

If you have received a new license key from the Activation Server during the offline activation process (see above in the display of the activation code), then enter this license key for a license update, by clicking on the "Licensing" button.

In next window of the assistant, enter the new license key and click on "Next". The license data will be verified and then transferred. Click on "Finished" when the verification has been concluded.

In the window with the license data you will see that the number of the software version and the number of the licensed version now agree.

Searching for new Updates

Under the menu option "Check for updates" in the Monitor menu under "Help" you can check whether a version of the software that is newer than the version you have installed is available at NCP. This is also possible if a test installation has been installed. If a newer version is available at NCP, then a software update is always possible.

The software update always costs money if the newer version is a major release, which is indicated by the change on the first decimal place. For example: If a version 8.26 is installed and the next software version has the number 8.3 then a software update from 8.26 to 8.3, as well as use of the new features, will cost money. The new license key was activated as described above under software activation. The new license key is generated by entering the serial number and the update key that can be purchased locally from the reseller, on the following web site:
http://www.ncp-e.com/en/service-support/update-key.html

The software update always available free of charge if the newer version is a service release, this is indicated by the change of the second decimal place. For example: If a version 8.26 is installed and the next software version has the number 8.27 then a software update from 8.26 to 8.27, as well as use of the new features, will be free of charge. The new features can be used without activation with a new license key, as soon as the new software has been installed. A service release contains bug fixes, an extension of hardware support and compatibility extensions.

Software Updates

After you have selected the menu option "Check for updates" you will see the adjacent window. In order to check for new updates you will need an Internet connection. If the Entry Client will be used to set-up the Internet connection, then ensure that port 80 (for HTTP) is released if the firewall is active.

If a proxy server will be configured in the operating system, then these settings can be transferred. If the proxy settings are correctly configured, then click on "OK". The Assistant will now search for newly available software updates via the Internet connection.

If a software update is available then it is displayed as shown in the next window. (In this case the version is differentiated only via the build number.) Click on "Next" if you want to use the more current version. This downloads the installation package for the newest software.

Click on "Finish" to end the Monitor and start the installation of the software update.

After starting the Install Shield Wizard select the installation language (as you would for the standard installation), and then answer the update query with "Yes". Then the installation will be executed automatically. It is concluded when you reboot the computer.

Updateing and Uninstalling

If you are already using a previous version of the Software it will be detected when attempting to install the new Client Software. If this is the case, then you will be asked if you wish to update your current Client Software to the newer version now in your possession. During the update the current profile settings, certificate data and call control manager statistics will be applied to the new client.

In order to uninstall the Client Software go to: "Start / Settings /Control Panel". Now click on "Add/Remove Software" and then select the client from the list of programs and then click on the "Add/Remove" button. The Uninstall Shield Program will now delete the client software from your PC.

Important: After the removal of the software components, the profile and configuration settings are still saved and can be restored in the event a newer version of the client is installed. In order to completely delete everything; manually remove the installation directory.

Upgrade to the Secure Enterprise Client

You upgrade from a Secure Entry Client to a Secure Enterprise Client by replacing the licensing and the software. This can be done manually on-site, or via an Update Server.

For a manual upgrade the software is reinstalled from the CD, and "NCP Secure Enterprise Client" is entered as the product to be installed. In this process the install program recognizes that a software version has previously been installed and executes an update after appropriate confirmation (see 2.5). Then the new activation key with serial number must be entered in the Pop-up menu.

For an upgrade via an Update Server - the IP address of the Update Server is entered in the client's telephone book (see -> DNS / WINS). In this case the Secure Client software will be downloaded automatically the next time the client dials into the corporate network. At the next dial-in with this new software a CNF file (profile settings) with licensing key will be downloaded. This oncludes the update process.


NCP engineering GmbH, December 2008