Administrator Guide
Table Of Contents
- Dell Wyse ThinOS Lite Release 2.6 Administrator’s Guide
- Introduction
- Before working on ThinOS Lite
- Getting started
- Global connection settings
- Configuring the connectivity
- Configuring the network settings
- Configuring the remote connections
- Configuring the Citrix broker setup
- Configuring the visual settings
- Configuring the general options
- Configuring the authentication settings
- Configuring the central configurations
- Configuring the VPN manager
- Configuring the connection broker
- Configuring Citrix
- Configuring the Citrix broker setup
- Citrix HDX RealTime Multimedia Engine—RTME
- Citrix Icon refresh
- Using multiple audio in Citrix session
- Using Citrix NetScaler with CensorNet MFA authentication
- Okta Integration through Citrix NetScaler
- Configuring ICA connections
- ICA Self Service Password Reset—SSPR
- QUMU or ICA Multimedia URL Redirection
- HTML5 Video Redirection
- ICA SuperCodec
- Anonymous logon
- Configuring the Citrix UPD Printer
- Introduction to Flash Redirection
- Configuring Citrix
- Configuring Zero Client Settings
- Performing Diagnostics
- BIOS Management
- Security Changes
- Creating and Using xen.ini Files
- Examples of Common Printing Configurations
- Important Notes
- Troubleshooting
Security Changes
A new global security policy has been defined for ThinOS Lite and this policy is applied to all secure connections (https/SSL
connections) with a few exceptions.
Purpose – To improve the security level by default and add the global configuration. This security policy integrates security
setting for each application.
SecurityPolicy={full, warning (default)|Low}
SecuredNetworkProtocol={yes | no (default)}
TLSMinVersion={1(default),2,3}
TLSMaxVesion={1,2,3 (default)}
The new INI parameter is independent and does not have any dependencies with other parameters. SecurityLevel|
SecureProtocol from the Privilege segment is deleted.
ThinOS Lite supports SSL from TLSMinVersion onwards. TLSMaxVersion is the latest version of SSL supported by ThinOS
Lite.
● If no value is set, then TLSMinVersion is set to TLS1.0 by default, and TLSMaxVersion is set to TLS1.2 by default.
● The values 1, 2, 3 refers to TLS1.0,TLS1.1,TLS1.2 respectively.
All applications running on the default SSL security mode follows the global mode. In the global mode, the default value is
Warning. The affected applications include File Server, WDM, Caradigm, and OneSign. The following are the exceptions:
● File Server and WDM in factory reset state: Before loading any INI parameter, the SSL security mode is set to Low, and
after loading the INI parameter, the value is changed to follow the global mode value. For example, the default value is set to
Warning, if the value is not changed by the INI parameter.
System with previous settings (default value is set to Low) follows the global mode after the unit is upgraded. For example,
the default value is set to Warning, if the value is not changed by the INI parameter.
● Wyse Management Suite, Citrix broker, and SecureMatrix are always Full.
The following new INI parameters are added to support the changes mentioned:
● CaradigmServer=SecurityMode={default,full,warning,none}
● OneSignServer=SecurityMode={default,full,warning,none}
● FileServer=SecurityMode={default,full,warning,none}
● RapportDisable=SecurityMode={default,full,warning,none}
● WDMService=SecurityMode={default,full,warning,none}
File Server default protocol is retained as FTP without any setting from WDM/DHCP/INI and always displays the full address
with protocol prefix. For example, ftp://.
New firmware/client deploy information is as follows:
● In a secured environment, such as file server and WDM using HTTPS, with clients in factory default or factory reset
status, Dell recommends that IT administrator configures the proper file server address in WDM or DHCP, WDM address
in DHCP, and uploads all necessary client certificates to a valid location before turning on the new client or upgrading to
the new firmware with DHCP. This automatically installs the required certificates. From the second boot up, without these
configurations, the warning message is displayed with OK button for you to continue.
NOTE: For file server, the continue button is displayed with its own GUI.
● In a secured environment, such as file server and WDM using HTTPS, with previous clients upgraded to new firmware from
file server, by default, the clients follow the new global SSL security mode, and the default value is set to Warning, if
no value is set using the INI parameter. Dell recommends you to install required certificates on all clients before firmware
10
Security Changes 159