Ten things you didn’t know about the Umbrella roaming client.

You may already know that the Umbrella roaming client is a small endpoint agent that provides on and off-network protection for Windows and Mac laptops. Here are ten other things you probably didn’t know!

1. It handles most internal domains automatically.

The roaming client automatically sends internal domains to the local DNS server, not to Umbrella—usually eliminating the need to manually input internal domains in your dashboard.

The roaming client does this automatically for all domains on the DNS search list, all .local domains, all reverse DNS for private IP addresses, and anything added manually to the endpoint’s network settings.

Additionally, the roaming client will try the local DNS server after receiving NXDOMAIN from Umbrella in a response, just in case. Learn more about managing internal domains.

2. IP Layer enforcement continues to work even when you are on-network.

IP layer enforcement remains enabled by design when DNS layer enforcement backs-off. This happens on protected networks or when an Umbrella virtual appliance is present on the network.

The roaming client does this to make sure that direct-to-IP traffic is always protected, not just when the roaming client is responsible for DNS protection. You can go to our test page to easily verify. Learn how to enable IP layer enforcement if you aren’t using it already.

3. Intelligent proxy and SSL decryption features don’t need the roaming client.

The Intelligent Proxy and related features, like SSL decryption, are entirely powered by the Umbrella Cloud. We use DNS to redirect ‘graylisted’ traffic when deeper inspection is needed. The roaming client doesn’t know and doesn’t need to!

4. DNS responses are always authenticated.

The roaming client authenticates DNS requests, even in ‘unencrypted mode’.

The DNS protocol was not built with security in mind, and so is vulnerable to several types of attacks. OpenDNS protects against these attacks with technologies like DNSCrypt and DNSCurve.

The roaming client always tries to encrypt DNS traffic with DNSCrypt, but there are some networks where that isn’t possible (port 443 is blocked for example). In these cases, the client transitions to ‘unencrypted mode’. Even when in unencrypted mode, the roaming client enhances DNS security by authenticating that only Umbrella resolvers are answering queries. This prevents an attack known as DNS hijacking (a 3rd party server answering DNS queries).

5. Captive portals and hotspots don’t pose a problem.

The roaming client works with captive portals (click-through pages for public WiFi hotspots) automatically.

In most cases, the roaming client will not interfere with captive portals at all. In the worst case you’ll see a six second long delay before the splash page appears.

6. You can prevent removal by local administrators.

In addition to hiding the roaming client in ‘Add/Remove Programs’, you can use Group Policy to prevent local administrators from directly disabling the roaming client Windows service. See instructions here.

7. Automatic upgrades happen in waves.

Automatic updates for the roaming client are released in waves, staggering each release over days, weeks or months. Once picked up by the upgrade wave, your roaming clients will update over several hours.

This allows early adopters to get features faster, and more conservative organizations to get updates only after they’ve been in use for a while. The Umbrella dashboard and our cloud infrastructure roll out new features in a very similar way.

8. There’s no added DNS caching.

The roaming client is a real-time DNS forwarder which does not do any on-client caching. The roaming client will not interfere with any DNS caching by the OS, browser, or local DNS server.

This reduces the complexity of the roaming client, allowing you to install it without worrying about compatibility issues or stale entries in the DNS cache.

9. It will enforce your proprietary threat intelligence.

The roaming client can automatically block domains reported as malicious by a third-party sandbox or any threat intelligence source.

The Enforcement API provides a force-multiplier by extending your on-premises security to your roaming clients, no matter where they are. See our documented integrations or build your own.

10. It is really small!

It’s tiny! With an installed footprint of just 5MB, and low CPU and memory use too, you won’t even notice it. 

We designed the roaming client to be as thin and unobtrusive as possible. Our cloud infrastructure does the heavy lifting, not on your endpoint, so you won’t ever see slowdowns or sluggishness caused by the roaming client.

Additionally it doesn’t require a reboot for installation or upgrades. You can have it up and running in less than a minute!

This post is categorized in: