File:          README.TXT
Product:       Secure Entry Client
Manufacturer:  NCP engineering GmbH Nuremberg, Germany

Product Description, Installation and Licensing
===============================================================================

Universal IPsec Client

The IPsec client can be used in any VPN environment. The client communicates on 
the basis of the IPsec standard with the gateways provided by a wide variety of 
vendors* and is the alternative to the uniform IPsec client technology offered 
on the market. The client software emulates an ethernet LAN adapter. The client 
has additional features that introduce the user to a holistic remote access VPN 
solution.

The IPsec client offers:
- Support of all major operating systems
- Dial-in over all communication media
- Compatibility with VPN gateways from a wide variety of vendors*
- Integrated personal firewall for more security
- Dialer protection (no misuse by third parties)
- Higher speed in the ISDN (channel-bundling)
- Saving telephone charges (charges and connection management)
- Convenient operation (graphic interface)
- Central management**
*) Compatibility list available on the NCP website www.ncp-e.com
**) optional

Performance range

The IPsec client supports all major 32/64 bits operating systems (Windows XP, 
Vista, Windows 7). Connecting to the corporate network is media-type 
independent, e.g. in addition to ISDN, PSTN (analog telephone network), GSM, 
GPRS, and xDSL, LAN technologies such as Wi-Fi (on the corporate campus and hot 
spots) or local area networks (branch office network) are also supported. A 
possible scenario: an employee must access the corporate network from various 
locations with one and the same end device:
- in the branch office via Wi-Fi
- in the corporate headquarters via LAN
- on the road at hot spots and at customer sites via Wi-Fi or GPRS
- in the home office via xDSL or ISDN


Notes for Installation
===============================================================================

A setup program performs the installation of the Client Software quickly and 
smoothly. The installation procedures for all versions of NCP Client Software 
are the same. The following text describes the procedures for installing the 
Client Software under Windows XP, Vista and Windows 7.

Prior to executing installation, make sure that the following prerequisites are 
fulfilled.

Starting with version 8.31 the Client will be installed in the program directory 
of the operating system (programs\NCP\SecureClient) for a new installation.

Old path: %Windows%\ncple 
New path: %Programs%\NCP\SecureClient

For an update the path which was entered for the last installation is continued 
to be used.


Uninstall
---------

If you uninstalled the client, you have the option to keep the configuration and 
profile settings in the client directory. If at a later date, a newer client 
version is installed in the same directory, all personal data can be used again. 
If you want to delete the personal data in the client, you have to confirm this 
specifically. In such a case all data and directories of the client are removed 
irretrievably.


Registry repair (RegRep)
------------------------

The setup program checks the registry entries for each new installation of the 
client, i.e. even when an older version was uninstalled. If problematic entries 
are found, they will be adjusted. The setup program thengenerates a message to 
request a restart of the PC.



Prerequisites for Installation
-------------------------------------------------------------------------------

Operating System:
In order to be able to communicate with the Client Software it is essential to 
have either Microsoft Windows XP, Windows Vista or Windows 7 installed on your 
PC (min. 128 MB RAM). For the duration of the installation, please keep the 
operating system backup disks ready, as these will be needed for updating your 
PC's driver database files. Please insert these disks when prompted to do so.

Remote Destination:
The remote destination has to support one of the following communication media: 
ISDN, PSTN (analog modem), GSM, GPRS/3G, LAN over IP, 
Wi-Fi or PPP over Ethernet (PPPoE).

Local System:
One of the following communication devices must be properly installed

* ISDN adapter (ISDN)
The device (e.g. adapter internal or external) must support the ISDN CAPI 2.0 
standard. When using PPP Multilink the software can bundle up to 8 ISDN B-
Channels. Any ISDN device supporting the ISDN CAPI 2.0 can be used. (Usually 
CAPI is set up automatically during installation of an ISDN adapter.)

* Analog Modem (Modem)
For communication via analog PC Modem, the modem drivers have to be properly 
installed and the Modem Init. String and the COM-Port definition for the modem 
has to be correct. The modem has to support Hayes AT commands.
Cellphones can also be used for data communication, after the associated 
software has been installed; software that presents itself to the client 
precisely as if it were an analog modem. The serial interface, IR (infrared) 
interface, or Bluetooth can be used as interface between cellphone and PC.The 
remote side has to have the appropriate dial-in platform depending on the baud 
rate (GSM, v.110, GPRS or HSCSD). The initialization string in the Secure Client 
modem configuration must be obtained from the ISP or the manufacturer of the 
cellphone.

* LAN adapter (LAN over IP)
When the communication medium LAN (over IP) has been defined, no additional 
adapter has to be installed since a LAN adapter (Ethernet) is already on the 
system. The connection of the LAN client to the WAN is set up by any access 
router. The sole prerequisite: An IP connection to the target system has to be 
possible. The VPN functionality is supplied by the Client Software.  
Adapters for a wireless LAN (Wi-Fi adapter) are handled exactly like normal LAN 
adapters.

* Broadband Device (xDSL (PPPoE))
The communication medium PPP via Ethernet requires that an Ethernet card is 
installed and over which a xDSL modem with splitter is connected correctly.  

* xDSL (AVM - PPP over CAPI)
The communication medium "xDSL (AVM - PPP over CAPI)" has to be selected if an 
AVM Fritz DSL card is to be used. AVM specific init strings may be entered in 
the field "Destination Phone Number" ("Dial-Up Network" group) for the 
connection. It is recommended to use the standard setting "xDSL (PPPoE)" with 
Windows operating systems as this provides direct communication over the network 
interfaces. No additional network card is necessary with the AVM Fritz! DSL 
card.

* Multifunction card (GRPS / 3G / HSDPA / HSUPA)
If you are using a multi-function card, special features of mobile computing can 
be used depending on the card characteristics. Due to the direct support of the 
multi-function card for 3G/GPRS/Wi-Fi through the Secure Client, installation of 
management software of the card used, is not necessary.
The Secure Entry Client unites all technological mechanisms in the areas of 
communications and security for economic data communication on the basis of the 
end to end security principle. The Client Monitor features a graphical display 
of field strength, connection status and provider name of the selected network. 
Starting with Version 9.02 Build 5 the Secure Client supports new PCMCIA cards 
after importing file g3detect.dll. For currently supported multifunction cards 
please see the latest compatibility list:
http://www.ncp-e.com/en/support/compatibility/umts-3g-hardware.html

* Wi-Fi adapter (Wi-Fi)
The Wi-Fi adapter can be operated with the communication medium "Wi-Fi". In the 
monitor menu the special "Wi-Fi" menu item is displayed where the access data 
for the wireless network can be saved in a profile. If "enable Wi-Fi 
configuration" is checked, the management tool of the Wi-Fi card has to be 
deactivated. (If alternatively the management tool of the Wi-Fi card or the 
Microsoft tool is to be used, the feature "enable Wi-Fi configuration" has to 
remain unchecked.)
If the communication medium Wi-Fi is set for the profile in the profile setting, 
an additional area is shown under the graphic field of the Client Monitor where 
the field strength and the Wi-Fi network are displayed.
Please note for configuring the Wi-Fi settings the description of Mobile 
Computing.

* Automatic Media Detection
If various communication media are used alternately, the client detects 
automatically which communication media can be used currently und selects the 
fastest one.
On the basis of a pre-configured profile, the communication media that are 
currently available for the Client PC are detected and used. If multiple 
communication media are available, the fastest will be selected automatically. 
The link type priority is specified in the following sequence in a search 
routine: 1. LAN, 2. Wi-Fi, 3. DSL,  4. GPRS/3G, 5. ISDN, 6. MODEM.
The configuration is executed in the profile settings with the communication 
medium "Automatic Media Detection" under "Basic Settings". If desired, all 
profiles for the VPN gateway that are pre-configured for this Client PC can be 
assigned to this automatic media detection. This renders manual selection of a 
communication medium (Wi-Fi, 3G, LAN, DSL, ISDN, MODEM) in a profile 
superfluous. 
Input data for the connection to the ISP are transferred from the available 
profiles in a manner that is transparent for the user. 


Prerequisites for using Certificates
--------------------------------------------------------------------------------

Supported interfaces and formats

The secure client can be used in public key infrastructures as of X.509. V.3 
standard and supports the following interfaces/formats:
- Smartcards, USB-Tokens: PKCS#11, TCOS 1.2 and 2.0, CSP
- Soft Certificates: PKCS#12-file
- PC/SC conform chip card reader: The client software supports all chip card 
readers which conform with PC/SC. The chip card readers are included in a list 
of the client once the reader is connected and the corresponding driver software 
has been installed.
- Automatic recognition of connected PC/SC readers: If the use of a PC/SC chip 
card reader is configured on the client for the PKI environment, the client 
recognizes and automatically uses the connected one.
This feature can only be used in connection with smartcards which can be 
addressed directly without interface software such as NetKey chip cards 
(Telesec).
- PKCS#11 module: Drivers in form of a PKCS#11 library (DLL) are supplied with 
the software for smartcards or tokens. This driver software has to be installed 
initially. Then the relevant PKSC#11 module can be selected via a wizard.

CA Certificates

The administrator of the company network determines which certificate issuers 
can be trusted. This happens by importing the CA certificate of his choice into 
the installation directory under <CACERTS>. The application can be carried out 
automatically during software distribution if the issuer certificates are 
located in the directory <DISK1> during software installation from a data 
carrier. 
Retrospectively, issuer certificates can be distributed automatically via the 
Secure Management Server (only to Enterprise Clients) or the user can save them 
himself as long as he has the appropriate write rights in the respective 
directory.
Currently the formats *.pem and *.crt are supported for issuer certificates. 
They can be viewed in the monitor under the main menu item "Connection / 
Certificates / Display CA Certificates".
If the secure client receives the certificate of a remote station, then the NCP 
client will determine the issuer by searching for the issuer certificate 
initially on smartcard or USB token or in the PKCS#12 file and finally in the 
installation directory under <CACERTS>. If the issuer certificate cannot be 
found, the connection set up will not be successful. If no issuer certificates 
are available, then no connection is allowed. 
If soft certificates are created with the PKI plug-in of the management server, 
the issuer certificate is saved in the PKCS#12 file.

Use of a Revocation List (CRL)

The secure client can have access to the corresponding CRL (certificate 
revocation list) for each issuer certificate. It is applied to the installation 
directory under <CRLS>. If a CRL is available, then the secure client checks 
incoming certificates against the CRL. The client downloads the corresponding 
CRL automatically if the incoming server user certificate includes the 
certificate extension CDP.
If revocation lists are used, then usually there is no notification if the 
client has no revocation list for incoming certificates on his PC. If a 
notification is required in such cases then the file NCPPKI.CONF needs to be 
edited. It is saved in the installation directory. The default entry in the 
section [General] is:
Enablecrlinfo = 0
This means that no notifications are displayed if, on the client at the remote 
station, no revocation list was found for the certificate. If a notification has 
to be displayed, then this setting has to be changed to:
Enablecrlinfo = 1

Installing the Client Software
--------------------------------------------------------------------------------

The current version and later versions of the Client will be tested by the 
quality assurance only according to the operation systems Windows XP, Windows 
Vista and Windows 7. Full functionality cannot be guaranteed when using the 
client under Windows 2000, Windows NT, Windows 98 or older Windows versions.

You can obtain the software as EXE file by downloading it from the website 
under: www.ncp-e.com. The following text describes the procedures for installing 
the client software under Windows XP/Vista/7. 

Please note that there are differences when installing from a hard disk, CD or 
diskettes.

Installation and Licensing

First the NCP Secure Entry Client is always installed as a test version. If you 
possess a license, you can enter the license data after a reboot of the software 
by selecting the monitor menu option "Help/ License Data and Activation". The 
test version is valid for 30 days. Without software activation or licensing it 
will no longer be possible to setup a connection after this 30-day period 
expires. When 10-days validity remain, a message box will be displayed to remind 
you that the software has not yet been licensed. For licensing the software 
please refer to the chapter "License Data and Activation" in the handbook.

Installing from CD

After inserting the CD in the drive of your PC, the welcome window appears on 
the monitor. Click on "Install Products" and then select the client software 
version to be installed. All further installation procedures are identical with 
the installation procedures for installing from removeable disk, from the window 
"Choose Setup Language".

Default Installation
...............................................................................
Save the ZIP file you have downloaded onto your PC. The filename of the ZIP file 
displays the number of the version and the build number of the software, e. g.:
NCP_EntryCl_Win32_9_10_048.ZIP
Copy the directory <Disk1> out of the ZIP file onto the harddisk. To install the 
client software select in the windows main menu: Start / Settings / Control 
Panel. Select "Add/Remove Programs" in the control panel and then click on the 
"Install" button. When the following window appears click on "Browse" to select 
the SETUP.EXE file and click on "Finish".

"Choose Setup Language". Select a language for installation in the following 
window then click "OK". The "Install Shield Wizard" is now started. It will 
guide you through the installation. 

Read the terms of the Welcome window carefully and click on "Next".

The next window displayes the software licensed agreement. In order to proceed 
with the installation of the licensed version click on "Yes". Clicking "No" will 
stop the installation process.

Default directory for installation is: Programs\ncp\SecureClient (Under Windows 
Vista it could also be:Program Files\ncp\SecureClient)

Independent of "Typical" or "Custom" installation you can select any folder for 
the software installation by clicking on "Browse". This is particularly 
important if the user should have no rights on the system root directory.

If you select "Standard Installation" in this window the installation will 
continue automatically and the setup is finished.

Selecting the "Custom" Installation you can define settings according to your 
requirements.

In the following window of the "Custom" Installation you define the program 
folder for the client software. (Default setting: "NCP Secure Client"). In the 
next window you can define whether the program icon should be displayed on the 
desktop or not. 

Please contact your system administrator or your internet service provider for 
additional information about your communication gateway. Communication with DHCP 
(Dynamic Host Control Protocol) means that a temporary IP Address will be 
assigned automatically for each communication session. In this case, click on 
"Obtain an IP Address from DHCP Server". If you "Specify an IP Address", enter 
the IP address in this window. Default Gateway: If a network adapter with a 
Default Gateway is already installed, you will have to delete this Default 
Gateway Address. It is not possible to have more than one network adapter with a 
Default Gateway. DNS Address: You should only enter a DNS Address if you have 
been assigned one from your system administrator or ISP.

Thereafter you can define whether a logon to a remote domain should occur after 
establishing a connection to the VPN gateway. This may necessitate entering the 
PIN for your certificate and your password for the client software (without it 
being saved). After establishing a connection to the remote destination's NAS, 
you can logon to the remote domain. This logon will be encrypted.

Please note: If you activate this option before the Windows logon, the NCP Gina 
will also be automatically installed. The logon options can only be used if the 
NCP Gina is installed after the Windows Gina. This option is available in this 
setup window. These logon options can be set via the Monitor menu of the Client 
under "Configuration".

If the logon option is not activated here, and if the NCP Gina is to be used at 
a later point in time, it can be permanently installed after this setup using 
the command rwscmd /ginainstall.
For further information, please refer to the description "Secure Client 
Services" in the appendix of the manual.

Now the data is copied from the installation CD or removeable disk amd 
associated network components are installed. 

This completes the installation of the Client Software. Click the "Finish" 
button. Before using the Client Software it is necessary to reboot your PC. 
Click on "Yes, I want to restart my computer now" and then click on "Finish" to 
reboot your PC. 


Wizard for First Configuration
--------------------------------------------------------------------------------

Once you have installed the Client Software and rebooted your PC, the Client 
Monitor will be automatically started on your PC. The "Initial Configuration 
Assistant" will also be displayed, provided that you have installed the Client 
Software for the first time on your PC or you have deleted the profile settings. 
They are located in the installation directory.

If you do not use the assistant for creating such a test profile, then no 
entries will be added to the profile list. In this case you will have to create 
your own profiles, as described in the chapter "Client Monitor" under "New Entry 
- Destination".

If you use the assistant, click on "Next". Then an IPsec test profile will be 
added to the client's profiles and the assistant will guide you through the 
definition of generic parameters. The following access data are created 
automatically: VPN protocol is IPsec, the Tunnel Endpoint of the VPN gateway is: 
vpntest.ncp-e.com, XAUTH user ID and password is "ncpIPsecnative". The IP 
address of the DNS server is 172.16.12.100. The communication medium is LAN. 

If a connection via an ISP should be established, the parameters for dial-up 
must be configured in the profil settings of the test connection. Setting up the 
variant with strong security you can use the test certificate enclosed.

The PIN of the test certificate is "1234" and has to be entered when 
establishing the connection. Once you have saved the test configuration, you can 
set up immediately a test connection (in LAN mode) by clicking the "Test" 
button.

For further configuration of a profil refer the description under "Client 
Monitor, Profil Settings" and "Configuration Parameters, IPsec Settings".


Tests with the Entry Client
--------------------------------------------------------------------------------

After the test connection and the tunnel to the VPN gateway has been 
established you can execute the following tests.


Testing with Ping

Enter the following command at the DOS prompt:
C:\>ping 172.16.12.100 (<ENTER>)

Upon successful pinging your reply will look like this:

Reply from 172.16.12.100: bytes=32 time=109ms TTL=128
Reply from 172.16.12.100: bytes=32 time=96ms TTL=128
Reply from 172.16.12.100: bytes=32 time=82ms TTL=128
Reply from 172.16.12.100: bytes=32 time=69ms TTL=128

The monitor displays the amount of Bytes sent (Tx) and received (Rx).

Testing FTP Access 

Your access data :
IP Address       :  172.16.12.100
User             :  anonymus

Proceed by the entering the following command at the DOS prompt:
C:\>ftp 172.16.12.100
Connection with 172.16.12.100 is established
220 (vsFTPd 2.0.4)
User (172.16.12.100:(none)): anonymus
230 Login successful
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
SecEntryCl_Linux_de.pdf
SecEntryCl_WinCe_de.pdf
SecEntryCl_WinCe_en.pdf
SecEntryCl_Win_de.pdf
SecEntryCl_Win_en.pdf
226 Directory send OK.
FTP: 64d Bytes received in 0,00 Seconds 407000,00KB/s
ftp> close
ftp> quit


Testing Web Browser functionality

After establishing a test connection, enter the address 172.16.12.100 in your 
web browser. This should connect you to NCP's web site.



Activation
================================================================================

The "Help" Monitor menu item shows the software version, and possibly the 
licensed version with serial number under the menu option "License Data and 
Activation".

The client software is always installed as a test version if the client software 
has not yet been installed, or if there is a previously installed older version, 
which has not yet been activated. This also applies if an older version has 
already been licensed - then this older version will be reset to the status of a 
test version, and the license data must be re-entered within 30 days using the 
activation dialog.
 
The time remaining until software activation, i.e. the validity period of the 
test version, is displayed in the message bar of the monitor next to the 
activation button.

In order to use a full version with no time limitations the software must be 
released in the activation dialog with the license key and the serial number 
that you have received. With activation you accept the license conditions that 
you can view in the activation dialog after clicking on the appropriate button.

The activation dialog can be opened using the activation button in the message 
bar of the monitor, as well as using the the monitor menu "Help / License Data 
and Activation". The license data can be entered either online or offline using 
a wizard.

In the offline version, a file that is generated after entering the license key 
and serial number has to be sent to the NCP authentication server, and the 
activation key that will be displayed on the web site has to be recorded. This 
activation key can be entered in the licensing window of the Monitor menu at a 
later point in time.

In the online version, a wizard forwards the licensing data to the web server 
immediately after entry and in this way the software is released immediately.


Test Version Validity Period
-------------------------------------------------------------------------------

The test version is valid for 30 days. Without software activation or licensing 
it will no longer be possible to set up a connection after this 30-day period 
expires.

After installation, each time the software is started the validity period will 
be shown in the pop-up window. Moreover in a footer of the monitor the system 
will display how long the test version can still be used, and when 10-days 
validity remain, a message box will be displayed to remind you that the software 
has not yet been licensed. This message box will appear once a day.

When the trial period has expired, only those connections can be setup with the 
Entry Client software that are used for software activation/licensing. Thus one 
of the profiles of the Entry Client can be used to set-up an Internet connection 
for licensing purposes. Or a connection to the NCP Secure Enterprise Management 
can be established in order to download a licensed version of the software.

Important:

Installation under the operating system Windows 7 demands a license key of 
version 9.20. 
In case of an update from Windows Vista to Windows 7, the monitor of a Client 
version 9.2, licensed with a license key 9.1, can only be started in order to 
enter a license key of version 9.2.

Activation of the Client Software under Windows Vista requires a license key of 
version 9.0 at least. If you are entitled to a free-of-charge update to version 
9.0, you receive the affiliated license key when carrying out software 
activation. In order to purchase the update to version 9.0 please contact your 
reseller.


Software Activation
-------------------------------------------------------------------------------

When the test phase has expired the software must be either activated or de-
installed. 

To activate, select the menu option "License data and Activation" in the monitor 
menu "Help".Here you can see which software version you have and how the 
software is licensed, i.e. you can see that the test version has expired and 
that the software has not yet been activated/licensed.

Click on the license conditions to display the license agreement text. By 
activating/ licensing the software you accept the license conditions. Click on 
the "Activation" button to license the software. 

In the window that appears, select whether you wish to activate the client 
online or offline by selecting "Online Activation" or "Offline Activation". 

In the offline version, a file that is generated after entering the license key 
and serial number has to be sent to the NCP activation server, and the 
activation key that is then displayed on the web site must be noted. In the 
online version, a wizard forwards the licensing data to the web server 
immediately after entry and in this way the software is released immediately.

After selecting the type of activation the license data is to be entered in the 
appropriate fields. Click on "Next"!


Online Version

With the online version the license data will be transmitted to the NCP 
Activation Server via an internet connection. This Internet connection can 
either be established via the Data Communications Dialer, via DSL, or via the 
Entry Client.

If the Internet connection is not set up via the Entry Client, the connection 
must first be established in order to then start the activation wizard via the 
Monitor menu option, "Help" / License Data and Activation".

If the Entry Client is used to set up the connection to the internet, a suitable 
profile must first be established for the Entry Client. Ensure that port 80 is 
released (for HTTP) if the firewall is activated. (If a proxy server has been 
configured in the operating system, then these settings can be transferred.) 
After the profile has been selected, click on "Next" to continue.

The internet connection via the Entry Client does not have to be set up prior to 
activation. It is set up automatically after the desired existing profile has 
been selected in the assistant for software activation, and after clicking on 
the "Next" button.The software is activated automatically in the specified 
sequence: 

As soon as the activation server detects that you are entitled to a newer 
software license and that the license key agrees with the installed software, 
then with online activation the new license key will be transferred 
automatically (license update), and in this way the new features of the software 
will be released. Please see the section "Updates" at the end of this section 
for more information.

After concluding the activation process, in the window for the license data you 
can see that you now have a correctly activated full version.

The number of the software version and of the licensed version should not 
differ. If they do, the license has to be updated with a newer license key. To 
do this click on the "Licensing" button. For more information see the 
description at the end of the offline version.


Offline Version

The offline version is executed in two steps. In the first step a file is 
generated after entering the license key and serial number, and is sent to the 
NCP activation server. The URL is:
http://www.ncp-e.com/en/support/software-activation.html

An activation key will be shown on the web site, and you have to write down this 
number in order to enter the license key in the licensing window of the monitor 
menu in a second step. This can also be executed at a later point in time.

The offline version is initiated via the monitor menu "Help / License Data and 
Activation", and this version can be selected in the first window of the 
activation wizard. Click on "Next". In the second window of the activation 
wizard the two steps of the offline activation process are explained. The first 
step, creation of the activation file is selected automatically. Click on "Next" 
to continue. In the following window enter the license data and click on "Next".

Enter name and path for the activation file. As default, the installation 
directory of the software and the name ActiData.txt (with serial number) are 
used.

Now the activation file is created and this file has to be transferred to the 
Activation Server. For this the NCP web site has to be opened:
http://www.ncp-e.com/en/support/software-activation.html

There are two ways to transfer the activation file to the Activation Server. 
Either copy the content of the activation file with Copy & Paste, after you have 
opened the activation file with the Notepad (ASCII editor), into the window that 
is open on the web site, or click on the "Browse" button and select the 
activation file. Click on "Send"!

Then the activation code is generated and displayed on the web site. Write down 
the activation code and continue the activation process under the menu option 
"Help / License Data and Activation", by executing the second step of the 
activation in the offline version.

If the Activation Server detects that you are entitled to a newer software 
license and that the license key agrees with the installed software, then with 
the online activation the new license key will be displayed automatically. If 
you want to activate the new features then write down the new license key, 
conclude the activation process, and then use the new license key.

The second step of the offline version is triggered via the monitor menu "Help" 
"License Data and Activation". After the offline version has been selected, 
select the second step. An activation wizard opens where you can enter the 
activation code. After you have entered the activation code, click on "Next". 
Offline activation is completed with the following window.

After concluding the activation process, you will see that you now have a 
correctly activated full version, in the window for the license data.

The number of the software version and the number of the licensed version can 
differ. If they do, the licensing is only valid for an older version.

If you have received a new license key from the Activation Server during the 
offline activation process (see above in the display of the activation code), 
then enter this license key for a license update, by clicking on the "Licensing" 
button.

In next window of the wizard, enter the new license key and click on "Next". The 
license data will be verified and then transferred. Click on "Finished" when the 
verification has been concluded.

In the window with the license data you will see that the number of the software 
version and the number of the licensed version now agree.


Updates
-------------------------------------------------------------------------------

Under the menu option "Check for Updates" in the Monitor menu under "Help" you 
can check whether a version of the software that is newer than the version you 
have installed is available at NCP. This is also possible if a test installation 
has been installed. If a newer version is available at NCP, then a software 
update is always possible.

The software update has to be purchased if the newer version is a major release, 
which is indicated by the change on the first decimal place. For example: If a 
version 8.26 is installed and the next software version has the number 8.3 then 
a software update from 8.26 to 8.3, as well as use of the new features, has to 
be purchased. The new features can only be used if the new license key was 
activated as described above under software activation. The new license key is 
generated by entering the serial number and the update key that can be purchased 
locally from the reseller, on the following web site:
http://www.ncp-e.com/en/support/update-key.html

The software update always available free of charge if the newer version is a 
service release, which is indicated by the change of the second decimal place. 
For example: If version 8.26 is installed and the next software version has the 
number 8.27, then a software update from 8.26 to 8.27, as well as use of the new 
features, is free of charge. The new features can be used without activation 
with 8.2x license key, as soon as the new software has been installed. A service 
release contains bug fixes, an extension of hardware support and compatibility 
extensions.


Software Updates

After you have selected the menu option "Check for Updates" the software update 
wizard opens, which helps you to search for available updates. You need an 
internet connection in order to do so. If the Entry Client is be used to set up 
the internet connection, ensure that port 80 (for HTTP) is released if the 
firewall is enabled.

If a proxy server is to be configured in the operating system, these settings 
can be transferred. If the proxy settings are correctly configured, click on 
"OK". The wizard now searches for newly available software updates via the 
internet connection.

If a software update is available, it is displayed. (It may well be that the 
versions only differ in regard to the build number.) Click on "Next" if you want 
to use the more current version. This downloads the installation package for the 
latest software.

Click on "Finish" to end the Monitor and start the installation of the software 
update.

After starting the Install Shield Wizard select the installation language (as 
you would for the standard installation), and then confirm the update process 
with "Yes". Then the installation will be executed automatically. It is 
concluded when you reboot the computer.


Updateing and Uninstalling
-------------------------------------------------------------------------------

If you are already using a previous version of the Software it will be detected 
when attempting to install the new Client Software. If this is the case, you 
will be asked if you wish to update your current Client Software to the newer 
version now in your possession. During the update the current profile settings, 
certificate data and call control manager statistics will be applied to the new 
client. (If other programs are still running, they will be stopped.) 

In order to uninstall the Client Software go to: "Start / Settings /Control 
Panel". Select the client from the list of programs and then click on the 
"Add/Remove" button. The Uninstall Shield wizard will now delete the client 
software from your PC.

Important: After the removal of the software components, the profile and 
configuration settings are still stored on the computer and can be restored if a 
newer version of the client is installed. In order to completely delete 
everything, you have to manually remove the files from the installation 
directory.


Upgrade to the Secure Enterprise Client
-------------------------------------------------------------------------------

You upgrade from a Secure Entry Client to a Secure Enterprise Client by 
replacing the licensing and the software. This can be done manually on-site, or 
via an update server.

For a manual upgrade the software is reinstalled from the CD, and "NCP Secure 
Enterprise Client" is entered as the product to be installed. In this process 
the install program recognizes that a software version has already been 
installed and executes an update after appropriate confirmation (see 2.5). Then 
the new activation key with serial number has to be entered in the pop-up menu.

For an upgrade via an update server - the IP address of the Update Server is 
entered in the client's profiles (see -> DNS / WINS). In this case the Secure 
Client software will be downloaded automatically the next time the client dials-
up to the corporate network. At the next dial-up with this new software a CNF 
file (profile settings) with licensing key will be downloaded. This concludes 
the upgrade process.

===============================================================================
NCP engineering GmbH, November 2009
