Dell Hybrid Client Version 1.x Security Configuration Guide April 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Preface........................................................................................................................ 4 Legal disclaimer.................................................................................................................................................................... 4 Scope of document.............................................................................................................................................................
1 Preface Topics: • • • • • • Legal disclaimer Scope of document Document references Security resources Getting help Reporting security vulnerabilities Legal disclaimer THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS-IS." DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
2. In the Enter a Service Tag, Serial Number, Service Request, Model, or Keyword search box, type the product name. For example, OptiPlex 7070 Ultra or Dell Hybrid Client. A list of matching products is displayed. 3. Select your product. 4. Click Documentation. Accessing documents using product selector You can also access documents by selecting your product. 1. 2. 3. 4. 5. Go to www.dell.com/support. Click Browse all products. Click your product category and then click the sub-categories if available.
2 Security quick reference Topics: • • • • • • Supported platforms Security profiles USB device security GRUB password security BIOS password security Application deployment security Supported platforms Dell Hybrid Client version 1.5 is supported on the following platforms: ● ● ● ● ● Wyse 5070 Thin Client—The Dell Hybrid Client software is preloaded and installed on the device. OptiPlex 7070 Ultra—The Dell Hybrid Client software is preloaded with Dell Client Agent-Enabler (DCAE) installed.
Table 1. Security profiles Security feature Low Security Profile Medium Security Profile—This profile is enabled by default. High Security Profile Default Firejail profile for third-party unsigned Debian applications. Disabled Disabled Enabled only if the metadata is provided with high granular settings defined. Firewall support through Uncomplicated Firewall (UFW) Disabled Disabled Enabled Kernel and operating system hardening. Disabled Disabled Enabled Developer tools for browsers.
Application deployment security Dell Hybrid Client enables you to install Dell-signed, custom-signed, and unsigned third-party applications. This feature is applicable only for devices that are powered by Dell Hybrid Client version 1.1. For deploying third-applications securely on devices that are powered by Dell Hybrid Client version 1.5, see Security profiles.
3 Product and subsystem security Topics: • • • • • • • • Product overview Authentication Authorization Network security Data security Cryptography Auditing and logging Code or product integrity Product overview Dell Hybrid Client is a desktop solution by Dell that follows the Software-as-a-Service (SaaS) model of software delivery. It provides a hybrid operating environment that enables end users to access virtual, cloud, or local applications and resources seamlessly.
Authentication Dell Hybrid Client supports the following configuration options for users or processes to authenticate to the product subsystems: ● Account privilege levels—There are two types of user accounts that are enabled for Dell Hybrid Client: ○ Guest user—The guest user account is a low-privilege account. It is available for users who do not have an Active Directory account but need access to Dell Hybrid Client. You can enable or disable the guest user account using Wyse Management Suite.
You can log in to Dell Hybrid Client only if the authentication is successful. However, you can configure the user account lockout for remote Broker agent or domain controller using the AD group policies. ● Security configurations—The following are the security options that can be configured using Wyse Management Suite: ○ Configure the BIOS password for Dell Hybrid Client. ○ Add or modify Group Token for the Device group. ○ Install a certificate on Dell Hybrid Client.
Authentication to external systems The following authentication types are supported on Dell Hybrid Client for accessing the external systems: ● Kerberos-based SSO authentication is supported for Dell RDP and Active Directory. ● Azure and Google Cloud server authentication (with or without SSO) is supported using username or smart card. ● Citrix authentication is supported with or without SSO. A valid certificate is used to validate the server.
Table 3. Network exposure Service name Port Summary SSH 22 Used for Secure Shell (SSH) connections. VNC 5900 Used for VNC connections. ● Communication security settings—Dell Hybrid Client supports the following access methods: ○ Use the Wyse Management Suite server to configure and manage the device settings. ○ Use the VNC connection to remotely control the device. ○ Use the SSH connection to remotely access the device. All access methods must be configured from Wyse Management Suite before use.
3. Click Request Log File. 4. After the log files are uploaded to the Wyse Management Suite server, click the Click here link, and download the logs. Extract log files using Device Settings Prerequisites Ensure that you have enabled the dev mode in Dell Hybrid Client. Steps 1. Log in to Dell Hybrid Client. 2. Connect a USB drive to the device. 3. On Dell Hybrid Client, go to Device Settings, and click Export System Logs. The Export System Logs window is displayed. 4.
4 Contacting Dell Prerequisites NOTE: If you do not have an active internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog. About this task Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell sales, technical support, or customer service issues: Steps 1. Go to www.dell.com/support. 2.