Reference Guide
Table Of Contents
Authentication to external systems
The following authentication types are supported on Dell Hybrid Client for accessing the external systems:
● Kerberos-based SSO authentication is supported for Dell RDP and Active Directory.
● Azure and Google Cloud server authentication (with or without SSO) is supported using username or smart card.
● Citrix authentication is supported with or without SSO. A valid certificate is used to validate the server. Citrix uses a domain
registered username and password, or a smart card for authentication.
● VMware authentication is supported without SSO. VMware uses a valid username and password, or a smart card for
authentication.
● Wyse Management Suite server authentication is based on Unique ID (UID). A random UID is generated for each device that
is registered to Wyse Management Suite.
Authorization
● Guest user authorization—A guest user is authorized to access all system configurations without SSO. The guest user
needs credential details to access all VDI and cloud infrastructure. The Wyse Management Suite administrator can enable the
guest user account with or without password using the Wyse Management Suite console.
● Domain user authorization—A registered domain user is authorized to access all system configurations with or without
SSO.
● Remote authorization settings—The following are the supported remote authorization options for accessing Dell Hybrid
Client remotely:
○ VNC access—Dell Hybrid Client can be accessed remotely using VNC. As an administrator, you must deploy the VNC
add-on using Wyse Management Suite to enable the VNC access on Dell Hybrid Client.
○ SSH access—Using the SSH protocol, you can connect securely to Dell Hybrid Client from a remote device. As an
administrator, you must deploy the SSH add-on using Wyse Management Suite to enable the SSH access on Dell Hybrid
Client.
● External authorization associations—When you access the VDI resources, user credentials are configured from remote
resource systems, and the authorization is processed on the remote resource systems. Authorization is configured on VDI
Broker agents, gateways, and remote session hosts.
● Dev Mode authorization—Dev Mode (Bremen user) enables you to access the terminal application and export system log
files. The Dev Mode setting is disabled every time when you restart the device. This mode can be enabled again only from
the Grub Menu that is protected with a password.
Network security
● Network exposure—The following table lists the network ports that are used for HTTP and HTTPS communications
between different services.
Table 3. Network exposure
Service
name
Port Summary
DNS Service 50 Used for DNS services
Citrix 80, 443, 8100, 1433,1434,
135, 3389, 389, 2598,
1494, 8008, 16500–16509,
and 9001
Used for connecting to Citrix desktop and published applications
VMware 55000, 4172, 3389, 9427,
32111, 22443, 389, 80, 443,
8443, 48080, 4100, 4101,
8472, and 22389
Used for connecting to VMware desktop and Published applications
RDP 3389 Used for connecting to RDP desktop and published applications
Kerberos 88 and 464 Used for SSO-based authentication
WMS 443 and 1883 Used for connecting to the Wyse Management Suite server.
12 Product and subsystem security