Administrator Guide
Table Of Contents
- Dell Wyse ThinOS Version 8.5 Hotfix Administrator’s Guide
- Introduction
- Getting started
- Configuring ThinOS using the First Boot Wizard
- Connecting to a remote server
- Using your desktop
- Configuring thin client settings and connection settings
- Connecting to a printer
- Connecting to a monitor
- Locking the thin client
- Signing off and shutting down
- Additional getting started details
- Classic desktop features
- Login dialog box features
- Accessing system information
- Global Connection settings
- Configuring the connectivity
- Configuring the network settings
- Configuring the remote connections
- Configuring the central configurations
- Configuring the VPN Manager
- Configuring the connection brokers
- Configuring Citrix
- Configuring the Citrix broker connection
- Citrix HDX RealTime Multimedia Engine or RealTime Optimization Pack
- Citrix Cloud services
- Citrix icon refresh
- Using multiple audio in Citrix session
- Using Citrix NetScaler with CensorNet MFA authentication
- Configuring ICA connections
- ICA Self Service Password Reset
- QUMU or ICA Multimedia URL Redirection
- HTML5 Video Redirection
- ICA SuperCodec
- Anonymous logon
- Configuring the Citrix UPD printer
- Introduction to Flash Redirection
- Configuring VMware
- Configuring Microsoft Remote Desktop
- Configuring Dell vWorkspace
- Configuring Amazon Web Services or WorkSpaces
- Configuring Citrix
- Configuring thin client settings
- TCX Suite
- Performing diagnostics
- BIOS management on ThinOS
- Security
- Automating updates and settings using central configuration
- Examples of common printing configurations
- Important notes
- Troubleshooting
- Firmware upgrade
- Frequently asked questions
● Improved user-friendly messages are displayed for errors and warnings.
NOTE:
If the WDM server is set as https, the server address does not convert to http.
Firmware signature
Firmware signature feature was introduced in ThinOS 8.3.1 for better firmware security. From ThinOS 8.4 release, firmware
signature verification is added to enhance firmware security.
Salient features
● By default, signature verification is required on firmware downgrade/upgrade process.
● Provision to downgrade from 8.4 firmware to 8.3 firmware without signature. For example, earlier to ThinOS 8.3.1 release,
the firmware downgrade is prohibited by default.
● New INI parameter verifysignature=no is introduced to enable user downgrade firmware. For example:
autoload=101 verifysignature=no. For more information about using INI parameters, refer to the latest Dell Wyse
ThinOS INI Reference guide.
The following scenarios are allowed without need of using INI parameters:
○ Upgrade from 8.3.x firmware to 8.4 firmware.
○ Upgrade or Downgrade between 8.3.x and/or earlier firmware.
○ Upgrade or Downgrade between 8.4 and later firmware.
Transport Layer Security
Transport Layer Security (TLS) is a protocol that provides communication security between the client and server applications.
Upgrade to Transport Layer Security (TLS)— In the ThinOS 8.2 release, the TLS is upgraded from version 1.0 to version 1.2.
By default, the ThinOS client uses TLS 1.2 to secure any communication protocols, connections, or applications upon SSL/ TLS
in general and falls back to the previous SSL/ TLS version when negotiating with the server.
Smart cards and smart card readers
A smart card is a security token that has embedded integrated circuits. Smart cards allow you to store and transact data.
A smart card reader is an input device that reads data from a smart card.
● Gemalto smart card IDPrime MD840—Gemalto smart card IDPrime MD830 and MD840 are supported. IDGo 800 version
1.2.1 - 01 for the Windows middleware is required for supporting Gemalto smart card IDPrime MD840.
The Secure Messaging feature is supported to enable the usage of latest MD830 Rev B cards.
Known issue for Prime MD 840 smart card: If first container is used, then Xen broker logon fails.
● OMNIKEY smart card readers—The following OMNIKEY smart card readers are supported:
○ Omnikey 5427 CK (0x5427, 0x076b) reader supports iclass15693, 14443a, 125k card
○ Omnikey 5326 DFR(0x5326, 0x076b) reader supports iclass15693 card
○ Omnikey 5025 CL (0x502a, 0x076b) reader supports 125k card
○ Ominkey 5325 CL, 5125 (0x5125, 0x076b) reader supports 125k card
○ Omnikey 5321 V2 CLi (0x532a, 0x076b) reader supports 13.56 MHz card
○ Omnikey 5021 CL (0x5340, 0x076b) reader supports 13.56 MHZ card
○ Omnikey 5321 V2 Cl Sam (0x5341, 0x076b) reader supports 13.56 MHz card
○ Omnikey 5421 (0x5421, 0x076b), reader supports 13.56 MHz card
○ Omnikey 5321 CR (0x5320, 0x076b)
○ Omnikey 5022 CL
● On-board smart card reader—On-board smart card reader works with regular smart cards. The functionality is similar to
other external USB smart card readers and on-board smart card readers such as Dell KB-813.
For information about the complete list of the tested smart cards and smart card readers, see the latest Release Notes.
Security
157