Dell Wyse ThinOS Lite Release 2.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction....................................................................................................................................................6 About this Guide.................................................................................................................................................................6 Technical Support...............................................................................................................................................
Configuring the authentication settings..................................................................................................................43 Configuring the central configurations..........................................................................................................................65 Configuring the general central configurations .....................................................................................................
Transport Layer Security—TLS.................................................................................................................................... 175 Smart cards and smart card readers............................................................................................................................175 A Creating and Using xen.ini Files..................................................................................................................
1 Introduction The Dell Wyse ThinOS Lite family of products are zero clients built for Citrix Virtual Apps and Desktops (formerly Citrix XenDesktop) and Citrix Virtual Apps (formerly XenApp) environments. These products represent an entirely new approach in delivering virtual desktops. ThinOS Lite zero clients deliver a Citrix HDX experience with zero delays, zero management, zero security risks, and almost zero energy use.
– UI enhancement to configure the IPv4 settings for a wireless connection. See, Configure the WLAN settings. – UI enhancement to allow user to connect to a remote host or device using the Telnet client. See, Using the troubleshooting options. – UI enhancement to verify the version of the installed packages and generate logs. See, Accessing system information. – UI enhancement on the Wyse Device Manager console to display the device details of peripheral devices connected to the ThinOS client.
2 Before working on ThinOS Lite This section contains information about firmware upgrade and system configuration that you need to know before using ThinOS Lite version 2.6. Firmware upgrade Firmware upgrade is the process of updating your existing ThinOS Lite firmware version to the latest version.
Firmware upgrade using FTP server Ensure that you have set up a Windows PC or Server with Microsoft Internet Information Services (IIS) and FTP services installed. If you do not have the FTP server installed, then refer to the article about how to setup an FTP server at support.microsoft.com. Installing the Windows IIS creates the directory C:\inetpub\ftproot, which is known as the FTP root. In the ftproot directory, create a folder wyse and a sub folder xen. The directory structure must read as C:\inetpub\
Ensure that the web server can identify the file types used by ThinOS Lite. Create two MIME types under IIS. The MIME's option needs to be configured on a per site basis. On a default IIS, install: 1 Launch the IIS admin console. 2 Browse to the default website, right-click and select Properties. 3 Click the HTTP Headers tab, and in the MIME Map section, select File types > New Type. 4 Add the two MIME types. Use .INI and . for the associated extension fields.
5 Click Add Firmware File. The Add File dialog box is displayed. 6 Browse and select the downloaded firmware file. Enter an appropriate description. 7 Click Upload. The ThinOS Lite firmware file is uploaded, and the firmware file is listed on the Apps & Data - ThinOS Lite OS Image Repository page. 8 9 Select the check box that corresponds to your ThinOS Lite firmware file. On the Groups & Configs page, select a custom group, and click Edit Policies > ThinOS.
– Option ID—200 – Name—WDM_Fingerprint – Type—String • If you want to use the DNS TXT record, enter the name as WDM_Fingerprint, and provide the fingerprint string value. NOTE: If the DNS TXT record for fingerprint cannot be retrieved, the device fetches the values from the DHCP scope option. If the fingerprint certificate is already available, the device checks in to the WDM server. If the connection fails, the failure logs are registered on the zero client.
3 Getting started Use the following information to quickly learn the basics and get started using your zero client: • Connecting to a Remote Server • Using Your Desktop • Configuring Zero Client Settings and Connection Settings • Connecting to a Monitor • Connecting to a Printer • Locking the Zero Client • Signing Off and Shutting Down • Additional Getting Started Details ThinOS Lite supports the headless mode that enables you to boot the operating system without a monitor.
Figure 1.
Figure 2.
1 Connect a new zero client or existing zero client to the Ethernet using a wired connection. The existing zero client must be reset to factory default settings to enter First Boot Wizard. 2 Turn on your zero client. The zero client checks for a wired network connection. If the network connection is successful, a welcome screen with the model name of your zero client is displayed. The zero client validates the IP address from DHCP.
Figure 4. System preferences configuration • Locale—Select a language to start ThinOS Lite in the regional specific language. • Keyboard Layout—Select a keyboard layout to set the keyboard layout in the regional specific language. Time Zone—Select a time zone to set the time zone for your zero client. • Time Server—Displays the IP addresses or host names with optional port number of time servers.
NOTE: – The option to define a wireless connection is not available on zero clients without a WLAN module. – To exit the Attach the Ethernet cable screen, and load the ThinOS Lite system desktop, click Exit. Figure 5. Ethernet cable After the connection is established, the zero client validates the IP address from DHCP. If the DHCP contains the file server or Wyse Device Manager or Wyse Management Suite configurations, then the ThinOS Lite system desktop is loaded.
Figure 6. Management configuration • File Server—Enter the file server details to apply configurations including INI files from a file server. • WMS—Enter the group registration key and the Wyse Management Suite server URL to register the zero client to the Wyse Management Suite. • WDM—Enter the IP addresses or host names. • Disable SSL warning—Select this check box to disable the SSL (Secure Sockets Layer) connection warnings.
Connecting to a remote server On your initial connection to central configuration, we recommended that you connect using a wired connection plug in the networkconnected Ethernet cable to your zero client before starting the zero client to obtain the configurations desired by the administrator. This wired connection will also provide any wireless configurations provided by the administrator through INI files.
Configuring zero client settings and connection settings While the use of INI files is recommended to configure zero client settings and connection settings available to users. You can use the dialog box on a zero client to: • Set up your zero client hardware, look and feel, and system settings. • Configure connection settings. Connecting to a printer To connect a local printer to your zero client, be sure you obtain and use the correct adapter cables which are not included.
Additional getting started details This section includes additional details, such as Zero desktop features, Login dialog box features, System setting menu, and System information. Zero desktop features This section includes information on: • Zero Interactive Desktop Guidelines • Zero Toolbar • List of Connections Zero interactive desktop guidelines The Zero Desktop has a default background with the Zero Toolbar at the left of the screen.
Zero toolbar The Zero Toolbar usually appears at the left corner of the Zero Desktop. However, depending on administrator configurations, the toolbar can be removed or hidden. It is shown only when a user moves the mouse pointer over the left edge of the desktop screen. Table 5. Toolbar icons Icon What It Does Home Opens the list of available connections. System Information Displays zero client system information.
Option What It Does NOTE: The Close icon is grayed out for connections that are not open. Edit icon Opens the Connection Settings dialog box, see Advanced Details on Configuring ICA Connections to change the connection options. NOTE: Depending on user privilege level, editing options may not be available for use.
This process assumes that the security questions and answers have been pre-registered by the user inside of their Windows environment. Users must use HTTPS (not HTTP) for an account self-service server address such as https://IPAddress, in the Broker Setup tab.After answering the security questions, your new password will be set or your account will be unlocked. Using the system setup menu To access the system setup menu: 1 Click System Setup from Zero Toolbar. The System Setup Menu is displayed.
• About tab—Displays information about ThinOS Lite operating system. The following attributes are listed: – Platform name – Operating system type – Build name – Build version – BIOS name – BIOS version – Citrix Broker or Receiver version—This represents ICA revisions between the ThinOS Lite versions.
4 Global connection settings If you do not use INI files to provide central configuration (global connection settings) to users, you can use the Global Connection Settings dialog box to configure settings that affect all of the connections in your list of connections: To Configure the Global Connection Settings: 1 From the floating bar menu, click the Home icon, and then click Global Connection Settings. The Global Connection Settings dialog box is displayed.
NOTE: ICA sessions always have automatic connection to attached smart card readers. NOTE: USB devices redirection— By default, audio, video and printer devices will not use HDX USB for redirection. You can make selections for USB device redirection on the Session tab of the Global Connection Settings dialog box. 3 Click ICA tab to select the check boxes you want for the options that are available to all ICA sessions. Select the audio quality optimized for your connection.
5 Configuring the connectivity This chapter helps you to understand various configuration settings for a secure connection. Connectivity menu includes: • Configuring the Network Settings. • Configuring the Remote Connections. • Configuring the Central Configurations. • Configuring the Caradigm Vault Server. • Configuring objects on Imprivata Server. • Configuring the VPN Manager.
Figure 7. Network setup 2 Click the General tab and use the following guidelines: a To set the default gateway, select the type of network interface from the available options. 1 Single Network support— Either wireless or wired network is connected. • • • • 2 b c ENET — Click this option, if you want set up the Ethernet Wired Network Connection. WLAN — Click this option, if you want set up the Wireless Network Connection.
is used to make the connection. These entries can be supplied through DHCP, if DHCP is used. DNS and WINS provide essentially the same function, name resolution. If both DNS and WINS are available, the zero client attempts to resolve the name using DNS first and then WINS. e 3 You can enter two WINS Server addresses (primary and secondary), separated by a semicolon, comma, or space. Enter the digit multiplier of 30 seconds in the TCP Timeout box to set the timeout value of a TCP connection.
b c d 3 Interpret DHCP Vendor-Specific Info — Select this check box for automatic interpretation of the vendor information. DHCP Vendor ID — Shows the DHCP Vendor ID when the dynamically allocated over DHCP/ BOOTP option is selected. DHCP UserClass ID — Shows the DHCP UserClass ID when the dynamically allocated over DHCP/BOOTP option is selected. Click OK to save the settings.
• Dynamically allocated over DHCP/BOOTP — Selecting this option enables your thin client to automatically receive information from the DHCP server. The network administrator must configure the DHCP server using DHCP options to provide information. Any value provided by the DHCP server replaces any value entered locally on the Options tab, however, locally entered values are used if the DHCP server fails to provide replacement values.
EAP Type — If you have enabled the Enable IEEEE 802.1x authentication check box, select the EAP Type option you want (TLS, LEAP, PEAP or FAST). • TLS — If you select the TLS option, click Properties to open and configure the Authentication Properties dialog box. – Select the Validate Server Certificate check box because it is mandatory to validate your server certificate. NOTE: The CA certificate must be installed on the thin client.
When EAP-MSCHAPV2 is selected as EAP type in the Authentication Properties dialog box for PEAP or FAST authentication, a check box to enable Single Sign-On feature is available for selection. 3 Click OK to save the settings. Configuring the WLAN settings 1 From the floating bar menu, click System Setup, and then click Network Setup. The Network Setup dialog box is displayed. 2 Click the WLAN tab, and use the following guidelines: Figure 10.
Only automatic PAC provisioning is supported from 2.3 release. The user/machine PAC provisioning generated with Cisco EAPFAST utility is not supported. If you select EAP type as EAP-Fast, then EAP-MSCHAPV2 and EAP-GTC options are listed in the EAP type drop-down list in the Authentication Properties dialog box (2nd authentication method supports MSCHAPv2/GTC only for EAP-FAST).
c Select the Disable Wireless Device check box, if you want to disable a wireless device. • d 3 Always: Click this radio button if you want to disable the wireless device at all times. • EnetUp: Click this radio button if you want to disable the wireless device whenever the wired network is connected. Click IPConfig to configure the IPv4 settings for the wireless connection. To set the IPv4 connection to use DHCP or the specified static IP address, do the following: 1 Click Properties.
Figure 11. Network Setup Supported Protocols • For HDX FR, HTTP and HTTPS protocols are supported. – If both are configured, the HDX FR works with HTTPS proxy. – User credential pass through is possible with $UN/$PW. • For WMS, HTTP, HTTPS and Socks5 (recommended) protocols are supported. • For RTME, HTTP and HTTPS protocols are supported. 1 From the desktop menu, click System Setup, and then click Network Setup. The Network Setup dialog box is displayed.
3 b Select the Use the first proxy server for all protocols check box to allow all the protocols to use the same server in HTTP Proxy fields. Both HTTP and HTTPS proxy use the same host and port, and Socks5 proxy agent uses HTTP host with default Socks 5 port (1080). c If SOCKS5 proxy is configured, then Wyse Management Suite proxy uses the SOCKS5 only. If SOCKS5 is not configured, then Wyse Management Suite proxy searches for alternative protocols, for example, HTTP in the configuration.
Figure 12. Broker setup 2 Select the StoreFront Style check box to enable the StoreFront style. 3 Broker Server— Enter the IP address / Hostname / FQDN of the broker server. 4 Select the Enable automatic reconnection at logon check box to enable automatic re-connection at logon. NOTE: If you enable the automatic re-connection, you are able to select from the re-connection options. Click either of the options where you can connect to disconnected sessions only or both active and disconnected sessions.
NOTE: The Visual Experience tab is grayed out, if the StoreFront Style check box is selected for a Citrix Broker Server entered in the Broker Setup tab. a Select the check box to enable Zero Toolbar activation in left pane. • b c d 3 Select the button if you want to enable Zero Toolbar activation in left pane when you pause a mouse on the screen. • Select the button if you want to enable Zero Toolbar activation in left pane only after clicking. Select the check box to disable hotkey to show toolbar.
Figure 13. General options 2 Click General Options and use the following guidelines: a b c d Click the available options to select the action after you exit all open desktops. The available options are None, Sign-off automatically, Shut down the system automatically and Restart the system automatically. NOTE: By default, None is selected and the zero client automatically returns to the terminal desktop. Default Sign-on Username— Enter the Default user name.
Configuring the authentication settings To configure the authentication settings: 1 From the floating bar menu, click the System Setup, and then click Remote Connections. The Remote Connections dialog box is displayed. Figure 14. Authentication settings 2 Click the Authentication tab, and use the following guidelines: a Authentication type— Click the button to select the Authentication type.
To configure the OneSign Server, enter either https://ip or https://FQDN values, reboot the client to display the logon dialog box, and then enter credentials to open the VDI broker dialog box for logon use. You can also set this feature in your INI file, see Parameters for a xen.ini File in this guide.
with a PIN, if configured by the organization. The HealthCast SSO solution also supports user self-service password reset so that you can reset your own passwords without the need to call the help desk. • 3 OneSign Server— Enter the IP Address of the OneSign Server. Click OK to save the settings. Configuring objects on Imprivata server This version of ThinOS Lite supports Imprivata WebAPI version 5. This version supports Configuration objects to control different aspects of client behavior.
Figure 15. Imprivata – If you clear the check box, the shutdown and restart icon is grayed out. • FailedOneSignAuth Allow— Only yes or no options are supported. Non-OneSign user can log in to the Broker by clicking No radio button. • Logging Allow – OneSign logs could output on ThinOS Lite with this feature. An INI configuration is needed correspondingly. – Loglevel=0/1/2/3. The default value is 0. If set to 0, logs are not displayed.
◦ Screensaver— Hide the display contents before the workstation locks. • Warning message— The message can be customized. • Lock Screen type —Only obscure type is supported.
Figure 17. Login screen appearance Logo image impacts all the dialog boxes in ThinOS Lite with raw logo. 7 Configuring the SSPR Customization Configuration object • The text displayed in sign-on UI and lock window can be customized. • The largest size supported by ThinOS Lite is 17 characters. ThinOS Lite UI: Figure 18.
Selecting this check box allows you to reset the primary authentication password. Figure 19. Security question INI configuration for Imprivata OneSign Server A new INI parameter is added to the OneSignServer=AutoAccess=command. The new value is AutoAccess=Local. When AutoAccessis set to local, the ThinOS Lite ignores the brokers that are set on the Imprivata OneSign Appliance and starts the broker/ connections which are defined in xen.ini or local defined on the client.
Figure 21. Confirm identity Proximity card is enrolled successfully. Figure 22. Proximity card success message Imprivata bio-metric single sign-on Imprivata WebAPI is updated to version 5. The key feature of this version is the Fingerprint identification feature. This feature is highly reliable, and cannot be easily replicated, altered, or misappropriated. The prerequisites of OneSign server are: • Imprivata v4.9 or later appliance version is needed that supports the WebAPI v5 and later versions.
Figure 23. Licensed options • Figure 24. Desktop access authentication Fingerprint authentication must be enabled in OneSign user policy Following are the features of Imprivata Bio-metric Single Sign-On: 1 Supported protocol is ICA. 2 Required Fingerprint reader devices are: a b ET710 (PID 147e VID 2016) ET700 (PID 147e VID 3001) 3 Fingerprint authentication to sign-on/unlock for ThinOS Lite devices.
Primary Factors Secondary Factors Imprivata PIN Proximity Card Fingerprint Fingerprint or Password Fingerprint or Imprivata PIN Signing in or unlocking ThinOS Lite devices using fingerprint authentication To sign-on/unlock the ThinOS Lite devices using fingerprint authentication, do the following: 1 Configure the OneSign server on ThinOS Lite, and then plug-in the fingerprint reader device. The ThinOS Lite Fingerprint window is displayed automatically after OneSign server is initialized. Figure 25.
Figure 26. Verifying administrator Unlocking virtual desktop using fingerprint authentication To unlock the virtual desktop using fingerprint authentication, do the following: 1 Enable the Imprivata Virtual Channel.
Figure 27.
Figure 28. Verifying administrator 3 You can manage Fingerprints on virtual desktop. This requires OneSign agent v4.9. To manage Fingerprints, do the following: a b Right-click the OneSign agent icon in System tray. Click Manage Fingerprints, and enter the correct credentials in the displayed window to manage your Fingerprints.
Figure 29. Manage fingerprints Configuring the Caradigm Vault server To configure the Caradigm Vault server on ThinOS Lite, do the following: 1 From the floating bar menu, click the System Setup , and then click Remote Connections. The Remote Connections dialog box is displayed. 2 Click the Authentication tab, enter the IP address of the SSO & CM Server and then click OK.
Figure 30. Remote Connections 3 On the Caradigm Vault Server, use the following guidelines: • Ensure that the Enroll unenrolled badges option is checked. • Make sure that all Badge ID mapping entries are deleted.
Figure 31. Tap server 4 Click SSO&CM > Advanced Configurations , and use the following guidelines: Figure 32. Enable proximity server a b 5 Ensure that the Enable Proximity Support check box is selected. Ensure that the Enable way2care check box is selected. To prepare a certificate to the Caradigm Vault Server, use the following guidelines: The Caradigm Vault Server uses the certificate to validate the connection between the Tap Server and the zero client.
Figure 33. Thin client certificates Use the zero client Certificates page to add certificates for the zero client devices. The certificate must be a text in PEM format, that is, a text-based Base64-encoded DER file. • Open the DER cert file on Notepad. • Log in to the Vault Server Admin Console, and then click Appliance > zero client Certificates.
NOTE: HealthCast SSO Solution on ThinOS Lite is a client-server solution. ThinOS Lite provides the client-side functionality, but you must also install and configure the HealthCast Server components on a server system in order for the solution to work properly. Contact HealthCast on HealthCast website for one or more server installation executables, server requirements, and configuration information.
Figure 34. Remote connections c Enter the HealthCast server details in the box provided. d To import the client certificate, click Browse, and select the appropriate certificate you want to use.
Figure 35. Certificates browser e Click OK to save the settings. INI configuration To configure using INI parameters, add the following INI parameters to your wnos.ini file: • HealthCastServer— The server address and options needed for the client to connect to the HealthCast Web API Server. HealthCastServer= SecurityMode= ClientCertificate= For example: HealthCastServer=https://server1.example.
Figure 36. Proximity card enrollment • Manual login and lock/unlock terminal – If you do not have a card, or choose not to use your card, then you can manually log in using your user name and password. Administrators can disable manual login, if they wish, so that users can sign on with their proximity cards. You can also lock or unlock the terminal, if you have signed on with a manual login. Figure 37.
Figure 38. Login You can lock the session to secure it, but leave the remote session connected for fast access when you return. To do this, tap the proximity card and the session is locked. Figure 39. Lock terminal To resume the session, tap the card again.
• Walk away – Terminals can be configured to lock or log off sessions that have been left open. The time that will elapse before automatic lock or log off can be set by an administrator using the convenient web administration application. • Tap-Over – If a session is locked or left open, a second user can tap their own proximity card and this will disconnect the first session and log the second user into their own unique session.
Configuring the general central configurations To configure the General Central Configurations: 1 From the floating bar menu, click the System Setup , and then click Central Configuration. The Central Configuration dialog box is displayed. Figure 41. Central configuration 2 Click General tab and use the following guidelines: File Servers/Path, Username and Password — IP address or host name of the file server that provides the system software and update images.
Configuring the Wyse Device Agent settings Use this tab to configure the Wyse Device Manager (WDA) and Wyse Management Suite settings. ThinOS Lite supports all the Wyse Management Suite Group Policy settings. To configure the Wyse Management Suite settings, do the following: 1 From the desktop menu, click System Setup, and then click Central Configuration. The Central Configuration dialog box is displayed. 2 Click WDA > WMS, and use the following guidelines: Figure 42.
Record Name: _WMS_MGMT._TCP. Value Returned: WDMNG Server URL Example: _WMS_MGMT._TCP.WDADEV.com # MQTT Server URL DNS Record Type: DNS SRV Record Name: _WMS_MQTT._TCP. Value Returned: WMS Server URL Example: _WMS_MQTT._TCP.WDADEV.com # Group Token DNS Record Type: DNS Text Record Name: _WMS_GROUPTOKEN. Value Returned: Group Token (as String) Example: _WMS_GROUPTOKEN .WDADEV.com # CA Validation DNS Record Type: DNS Text Record Name: _WMS_CAVALIDATION.
Figure 43. Wyse Management Agent: ThinOS Lite restart To configure the WDM settings, do the following: Figure 44. General central configuration 1 Click WDM, and use the following guidelines: 2 WDM Servers—Enter the IP addresses or host names, if WDM is used. Locations can also be supplied through user profiles, if user INI profiles are used. 3 DNS Name Record—(Dynamic Discovery) Allows devices to use the DNS hostname lookup method to discover a WDM Server.
• RapportDisable=yes Configuring the VPN manager The VPN Manager was included in ThinOS Lite to manage VPN connections. ThinOS Lite uses the OpenConnect client that is based on the SSL protocol for connecting to VPN. A virtual private network (VPN) extends a private network across a public network such as the Internet.
Figure 46. OpenConnect property 3 Click Connect to connect to the VPN Manager. 4 Click Edit to edit the to the VPN Manager connections. 5 Click Delete to delete the VPN Manager. Figure 47.
6 Configuring the connection broker In a Virtual Desktop Infrastructure (VDI) environment, a connection broker is a software entity that allows you to connect to an available desktop. The connection broker facilitates the VDI environment to securely and efficiently manage the centrally hosted desktop environments. NOTE: • Linux hosted desktop in the Citrix brokers is supported. • Windows 10 desktop in multiple brokers is supported. – Windows 10 desktop is supported in the Citrix brokers.
Figure 48. Broker setup 2 Select the StoreFront Style check box to enable the StoreFront style. 3 Broker Server— Enter the IP address / Hostname / FQDN of the broker server. 4 Select the Enable automatic reconnection at logon check box to enable automatic re-connection at logon. NOTE: If you enable the automatic re-connection, you are able to select from the re-connection options. Click either of the options where you can connect to disconnected sessions only or both active and disconnected sessions.
2016. This section provides information about supported platforms for RTME, installation of RTME package, Citrix remote Server/Desktop host preparation, configuration on ThinOS Lite, and RTME status check and troubleshooting. • Installing the RTME package on ThinOS Lite. • Setting up the RTME connector. • Verifying the RTME 1.8 status. • Verifying the RTME 2.2 status. Introduction The Citrix HDX RealTime Optimization pack offers high-definition audio and video calls on Lync.
NOTE: • HDX RealTime Multimedia Engine is the package installed on ThinOS Lite ; it is HDX RealTime Connector for Lync that needs to be installed or upgraded on the remote server and VDA. • The upgrade option from 1.7 to 1.8 is discussed at docs.citrix.com/en-us/hdx-optimization/1-8/upgrade-1-7-to-1-8.html. • The Firewall configuration is required on remote server and VDA. For more information, refer to docs.citrix.com/en-us/ hdx-optimization/1-8/hdx-realtime-optimization-pack-configure-firewall.html.
In the Call Statistics window, Video Codec = H.264 (CAM) is displayed for P2P RTME video call in the Sent column. For group calls with standard SFB, the call statistics displays Video Codec = H.264-UC (CAM) in the Sent column. This improves video call quality/ resolution compared to Video Codec H.264 (SW); for example: P2P video call resolution upgrade from 480 x 270 to 640 x 360. Verifying the RTME 1.
3 Click the Audio Device tab to configure the RTME audio settings, such as speakers, microphone, and ringer settings. NOTE: The RTME audio device on ThinOS Lite shows only one device from ThinOS Lite local playback device. It can actually work the way they are configured at ThinOS Lite local playback device and record device. The RTME audio device for ringtone is limited to use ThinOS Lite local playback device. This is a known Issue. 4 Click the Video Device tab to configure the RTME video settings.
7 Verify the audio/video devices from SFB client menus. 8 Establish the video/audio calls. 9 Pick up the calls by either clicking the mouse or using the headset button. 10 Verify the Call Statistics from the RTME connector 2.2 menu. NOTE: RTME 2.2 supports various call scenarios. For more information, refer to Citrix technical overview. In RTME 2.2 version, USB Video Class (UVC) 1.1 and 1.5 Camera hardware encoding / H.264 (CAM) are supported.
Figure 50. PNMenu The following message is displayed in the lower right pane during application refresh. Figure 51. Applications refresh 2 Applications are refreshed in Session bar list, Connect Manager list and App menu list.
Figure 52. Refresh all NOTE: Warning message is displayed when you open or edit or remove applications when you refresh the applications. Figure 53. Warning 4 Refresh scope covers the aspects such as, application removed, added, duplicated, disabled, enabled, icon/title change, and on/off desktop. Active sessions that are started are not affected by application refresh.
Using multiple audio in Citrix session ThinOS Lite supports multiple audio device utilizations in the Citrix Virtual Apps and Desktops version 7.6 and later. You can connect or disconnect the audio devices anytime during the session, but the behavior is similar to a local desktop. With multiple device support, you can connect multiple audio devices and select a specific device for a specific application.
To use the one-time passcode on ThinOS Lite, do the following: 1 Log in to ThinOS Lite, and connect to the NetScalar Gateway URL. 2 Enter your credentials (user ID and password) and press Enter. Figure 54. Credentials Figure 55. CensorNet App The PASSCODE dialog box is displayed. You will receive a push notification from the CensorNet App on your phone with the code. 3 Click OK.
Figure 56. PASSCODE If the authentication is successful, then you are logged into the Citrix session. Okta Integration through Citrix NetScaler Okta provides Single Sign-On (SSO) capability using Remote Authentication Dial-In User Service (RADIUS) for Citrix Virtual Apps and Desktops. ThinOS Lite supports Okta through the Citrix NetScaler Gateway 11.0 or later. The Okta RADIUS Agent is used for user authentication.
NOTE: Set the INI EnableLocal=yes to show the Default ICA icon in connect manager. 1 Go to Home icon > Connect Manager > Default ICA > Edit. 2 Click the Connection tab, and use the following guidelines: Figure 57. Default ICA a b c d 84 Server or Published Application—Select the type of connection to which the settings apply. Connection Description—Enter the descriptive name that is to be displayed in the connection list (38 characters maximum).
If you enter a delimited list of servers, the zero client will attempt to connect to the next server on the list, if the previous server attempt fails. If you use the list and the selected connection fails, the zero client will attempt to connect to the next one on the list. e NOTE: The hostname may be resolved using one of three mechanisms: ICA master browser, DNS, or WINS.
Figure 58. ICA Logon a Logging on area—Enter the username, password, domain name, and logon mode. If the Login username, password, and domain name boxes are not enabled, you can enter the information manually in the ICA server login screen. b • Login Username—Maximum limit is 31 characters. • Password—Maximum limit is 19 characters. • Domain Name—Maximum limit is 31 characters. • Logon Mode—Select User-specified credentials, Smart Card, or Local User.
Figure 59. ICA options a b c d 5 Autoconnect to local devices—Select any options (Printers, Serials, USB, Smart Cards, and Disks) to have the thin client automatically connect to the devices. An ICA session does not automatically connect to a device through a serial port. Allow font smoothing—When selected, enables font smoothing (smooth type).
Figure 60. Warning Advanced details on configuring ICA connections Use the following information when configuring ICA connections. In this information assumes that the zero client does not have a locked down privilege level: • High-privileged user — The additional functionality provided by the Connection Settings dialog box allows testing of connection definitions before they are entered by a network administrator into the user profile files.
Figure 61. Security questions enrollment 2 Enter the appropriate answers to the question set. Figure 62.
Figure 63. Security questions 3 Click OK to register the security questions. Figure 64. Account self-service Using Account Self-Service After the security questions enrollment is complete, when ThinOS Lite is connected to a StoreFront server with Self-Service Password Reset enabled, the Account Self-Service icon is displayed in the sign-on window. NOTE: If you enter wrong password more than four times in the Sign-on window, the client automatically enters the unlock account process.
Figure 65. Account self-service icon NOTE: You need to register the security questions for the users before using unlock account or reset password. 2 Click Unlock account or Reset password based on your choice, and then click OK. Figure 66. Account self-service icon Unlocking account After you register the security questions, do the following to unlock the account: 1 Choose a task (Unlock account) in Account Self-Service window. 2 Enter the user name. The Unlock Account dialog box is displayed.
Figure 67. Unlock account 3 Enter the registered answers to the security questions. Figure 68. Unlock account Figure 69. Unlock account If the provided answers match the registered answers, then the Unlock Account dialog box is displayed.
4 Click OK to successfully unlock your account. Figure 70.
NOTE: • If the provided answers are incorrect, the following error message is displayed. Figure 71. Error message • If you provide the wrong answers more than three times, you can not unlock the account or reset the password, and the following error messages are displayed. Figure 72. Attempts exceeded Figure 73. Account locked out Resetting password After you register the security questions, do the following to reset the password: 1 Choose a task (Reset password) in Account Self-Service window.
2 Enter the user name. The Reset Password dialog box is displayed. Figure 74. Reset password 3 Enter the registered answers to the security questions. Figure 75.
Figure 76. Security questions If the provided answers match the registered answers, then the Reset Password dialog box is displayed. 4 Enter and confirm the new password. Figure 77. Set password 5 Click OK to successfully change the password. Figure 78. Password change successful NOTE: If you provide the wrong answers, you can not reset the password, and an error message is displayed.
QUMU or ICA Multimedia URL Redirection QUMU utilizes ICA Multimedia URL Redirection. You are required to install a browser plug-in for this feature to work. In earlier ThinOS Lite releases, ICA Multimedia URL Redirection was partially supported. In ThinOS Lite 2.4 release, a few enhancements are made to ICA Multimedia URL Redirection for better performance.
Wyse 3010 zero client for Citrix (T00X) (ThinOS Lite 2) Wyse 3020 zero client for Citrix (T00DX) (ThinOS Lite 3) Verifying the working status of the ICA connections • For Wyse 3010 zero client for Citrix (T00X) (ThinOS Lite 2) and Wyse 3020 zero client for Citrix (T00DX) (ThinOS Lite 3) ICA SuperCodec is enabled by default when ThinOS Lite resolution is lesser than or equal to 1920 x 1080.
Figure 80. HDX Monitor 3.3 Figure 81.
Figure 82. Event log Click HDX Monitor > Graphics > Thinwire Advanced > Encoder > CompatibilityEncoder; CompatibilityEncoder. From Citrix Virtual Apps and Desktops 7.11, the encoder is changed to Deprecated Figure 83. Status • For Wyse 5010 zero client for Citrix (D00DX) (ThinOS Lite Pro 2) – ICA SuperCodec is always enabled without any limitation. – ThinOS Lite event log displays ICA: SuperCodec enabled. NOTE: For ICA connections, there is no INI parameter.
Anonymous logon Anonymous logon—This feature enables the users to log in to the Storefront server configured with unauthenticated store without Active Directory (AD) user credentials. It allows unauthenticated users to access the applications instead of AD accounts.
Citrix UPD Configuration on Server Use the following guidelines for Citrix UPD configuration on Server: 1 To enable the printer policy in XenApp 6.5: a b c d 2 Go to the DDC Server. Click Start > Citrix AppCenter. Click Citrix Resources > XenApp > Policies > User > Settings > Printing > Client Printers and enable the Auto-create generic universal printer. Click Printing > Drivers, and set the Universal print driver usage to use universal printing only from the drop-down menu available.
3 Restart the client to read File Server and wait till the auto installation of packages is complete. 4 User can view the installed packages in the Packages tab in the System Tools dialog box. 5 Server configuration for Flash redirection To ignore the differences in flash player versions, user must add the FlashPlayerVersionComparisonMaskregistry key on the desktop. If it is XenApp 6.5, IEBrowserMaximumMajorVersion registry key is required to ignore the differences in IE Browser versions.
g Playback with videos that can work with HDX FR on Linux or Windows client: There are a number of videos/websites known as not working with Citrix HDX FR solution such as msn.com, espn.com, movies.yahoo.com, and dell.com. Flash videos simply cannot load with these websites using HDX FR solution. Some of them are working periodically; for example, videos on Dell.
– HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\HdxMediaStreamForFlash\Server\PseudoServer – Add the entry named FlashPlayerVersionComparisonMask with a DWORD value = 00000000 2 – After making the modification you must restart IE on VDA/XenApp. To modify maximum Internet Explorer version that HDX Flash supports: a HDX Flash client side rendering feature does not work with Internet Explorer 11 with HDX Flash redirection enabled on XenApp 6.5 and XenDesktop 5.6 VDA. Figure 87.
Figure 88. Policies 4 To view the list of Flash policies: a Go to Setting tab, and select Flash Redirection category. All the Flash Redirection policies will be listed as shown in the following screenshot. Figure 89. Edit Policy 5 To activate a policy: a 106 After modifying any Citrix policy, run the CMD command ‘gpupdate /force’ in the XenApp/VDA machine, and then reconnect the session. The policy will be updated immediately.
Figure 90. User policy update 6 7 To verify if Flash is getting client rendered OR HDX Flash redirection is working: a Right-click on the Flash Region to view the Flash context menu. If the Flash context menu is same as native Linux menu, the ThinOS Lite built-in Adobe Flash Player version is 11.1. The following screenshot shows that the Flash is getting client rendered. b When flash is client rendered, the event log will display “FR”.
Figure 92. FlashDesktop Citrix HDX Flash Redirection Policies Configurations Policy - Flash default behavior 1 Remove all other active flash related policies in XenApp/XenDesktop server side. Figure 93. Enable Flash acceleration 2 Set Enable Flash acceleration for policy 'Flash default behavior' in XenApp/XenDesktop server side. Then run a web Flash video in ICA session for the client to render the flash video.
Figure 94. Disable Flash acceleration Figure 95. Event viewer 3 Set Block Flashacceleration for the policy Flash default behavior in the XenApp/XenDesktop server side, and then run a web Flash video in ICA session, the flash video will be server rendered and event 55 generates in event viewer > ApplicationsAndServicesLogs > Citrix > Multimedia > Flash > Admin.
4 Set Block flashplayer for policy 'Flash default behavior' in XenApp/XenDesktop server side, and then run a web Flash video in ICA session, the flash instances are blocked and event 63 generates in event viewer > ApplicationsAndServicesLogs > Citrix > Multimedia > Flash > Admin. Figure 96. Block Flash player Figure 97.
Policy - Flash URL compatibility list 1 Edit XenApp/XenDesktop policy 'Flash URL compatibility list', such as new item {Render On Client, *youku.com*, Any}, and then access the website (For example, www.youku.com). All flash instances on the website are client rendered. Figure 98.
Figure 99. Event viewer 2 Edit XenApp/XenDesktop policy 'Flash URL compatibility list', such as new item {Render On Server,*youku.com*, Any}. And then access the website (For example, www.youku.com). All flash instances on the website are server rendered, and Event 59 generates in event viewer. 3 Edit XenApp/XenDesktop policy 'Flash URL compatibility list', such as new item {Block, *youku.com*, Any}. And then access the website (For example, www.youku.com).
Figure 100. Flash background color list 1 Edit the Flash background color list in XenApp/XenDesktoppolicy, such as new item {*FF0000}. 2 Access any web site, for example . www.youku.com to play a flash video through HDX FR, when the flash background color is red. Policy - Flash intelligent fallback 1 Enable the policy 'Flash intelligent fallback' in XenApp/XenDesktop server side. Run some flash websites in ICA session.
Figure 101. Flash intelligent fallback—Enabled Figure 102. Event viewer 2 Disable the policy Flash intelligent fallback in XenApp/XenDesktop server side. Run some flash websites in ICA session. there will be no new event 61 in event viewer > Applications And ServicesLogs > Citrix > Multimedia > Flash > Admin.
Figure 103.
Figure 104. Flash server-side content fetching URL list 2 Set the ThinOS Lite INI using the {SessionConfig=ICA HDXFlashEnableServerSideContentFetching=Enabled} 3 Make sure that the client cannot access your testing Flash website, set an unreal DNS server to break client internet connection. You can try to ping your website domain name for example www.youku.com that request will be timed out. 4 Access any website for example www.youku.com to play a flash video through HDX FR.
Figure 105.
7 Configuring Zero Client Settings You can configure available zero client settings on the zero client using the following. Depending on user privilege level, some dialog boxes and options may not be available for use.
Figure 106. System preference 2 Click the General tab, and use the following guidelines: a b c Screen Saver — Allows you to select the type of screen saver you want. The default is to Turn Off Screen. Other available selections are Flying Bubbles, Moving Image ,Showing Pictures and Playing Video which are screen savers with the monitor remaining on.
• d Lock Terminal, Unlock Password • Terminal is locked, Invalid unlock password Terminal Name — Allows entry of a name for the zero client. The default is a 14-character string composed of the letters WT followed by the zero client Ethernet MAC address. Some DHCP servers use this value to identify the IP address lease in the DHCP Manager display. 3 Click OK to save the settings.
f Each entry with optional port number is specified as Name-or-IP: port, where: port is optional. If not specified, port 80 is used. Locations can be supplied through user profiles if user profiles are used. The Time Servers provide the zero client time based on the settings of time zone and daylight saving information. If DHCP is used, locations can be supplied through DHCP. Change Date and Time — Allows you to change date and time for secure environments requiring a solution to outside server access.
• Configuring the Dual Head Display Settings Configuring the General Display Settings To configure the general display settings. 1 From the floating bar menu, click the System Setup , and then click Display. The Display dialog box is displayed. Figure 109.
1280 x 768 (not on Wyse 3010 zero client for Citrix-T00X) 1280 x 1024 1360 x 768 (not on Wyse 3010 zero client for Citrix (T00X)/ Wyse 3020 zero client for Citrix (T00DX) class) 1366 x 768 1368 x 768 (not on Wyse 3010 zero client for Citrix (T00X)/ Wyse 3020 zero client for Citrix (T00DX)T00X) class) 1400 x 1050 1440 x 900 1600 x 900 1600 x 1200 1680 x 1050 1920 x 1080 1920 x 1200 1920 x 1440 (R00LX (ThinOS Lite Pro) class only) 2560 x 1080 (Single monitor only; R00LX (ThinOS Lite Pro) class and Wyse 5010 Z
Figure 110. Display—Dual Head 2 Click Dual Head tab and use the following guidelines: Supported Dual Monitor Capable Zero Clients Only. a b Dual Head—Select Mirror Mode to have the two monitors work in a matching state, or Span Mode to have the two monitors work separately second is extended from first. Main Screen—Select which of the two monitors you want to be the main screen (Screen1 or Screen2). The other screen is extended from the main screen. c The other screen is extended from the main screen.
Figure 111. Display—Dual Head e Swap dual screens—When you set Main Screen to Screen2, an additional check box is displayed at the bottom of the tab offering to swap dual screens; If the check box is cleared, the Screen1 is usually the left one or the top one in dual display.
When the display settings are changed, the modified settings are applied to the active sessions dynamically. But some of the active sessions disconnect and then reconnect. Dual head user scenario Go to System Setup > Display > Dual Head and change the settings. Go to System Setup > Display > General and do the following: 1 Change resolution from DDC table or User defined display settings. 2 Change rotation setting from User defined display settings.
Figure 112. Peripherals—Keyboard 2 Click the Keyboard tab and set the Character Set, Keyboard Layout, Delay Before Repeat and Repeat Rate parameters. The following table explains the parameters present on the Peripherals page. Table 9. Parameters on the Peripheral page Parameter 3 Description Character Set Specifies the character set. Each character is represented by a number.
Configuring the Mouse Settings To configure the Mouse Settings: 1 From the floating bar Menu, click the System Setup , and then click Peripherals. The Peripherals dialog box is displayed. Figure 113. Peripherals—Mouse 2 Click the Mouse tab to select the mouse speed and mouse orientation. 3 Select the Swap left and right mouse buttons check box to swap mouse buttons for left-handed operations.
Figure 114. Peripherals—Audio 2 Click the Audio tab to select the volume settings for connected devices. a Click the Playback Devices tab to select the type of the audio from the drop-down menu. • b • Select the check box to mute. Click the Recorded Devices tab to select the type of the record from the drop-down menu. • c d e f Use slider to control the volume settings for the playback devices. Use slider to control the volume settings for the record devices. • Select the check box to mute.
Configuring the Camera Settings Use the Camera tab to interface with cameras that are locally connected to the zero client (USB) and supported by a UVC driver. When using the HDX RealTime webcam feature of Citrix Virtual Apps and Desktops, you can control options such as maximum resolution and frames per second (10 FPS is recommended). By default, the format of USB camera is set to RAW. Figure 115.
NOTE: From ThinOS Lite version 2.5, the ELO touch screen does not work in certain scenarios. For more information, see the latest Dell Wyse ThinOS Lite Release Notes. USB support USB Hard disk—You should not plug in USB hard disk with 10 or more drives onto ThinOS Lite, or plug in more than 10 USB keys. ThinOS Lite does not accept USB disk with 10 or more drives.
Both Human Interface Devices (HID) and Headset Bluetooth devices are supported from ThinOS Lite 2.2. – HID Type: ◦ HID include mouse and keyboard. ◦ A maximim of seven HIDs is allowed. – Headset type: ◦ Bluetooth Headset is supported in this release. ◦ The maximum number of Bluetooth headsets that can be connected is one. IMPORTANT: Other types of Bluetooth devices are not scanned and supported. Call level audio quality on Headsets is supported. However, multimedia is still not supported.
Figure 117. Bluetooth devices b Remove— Select a particular Bluetooth device from ThinOS Lite and click Remove to disconnect and remove the device from the list.
Figure 118. Peripherals—Bluetooth c Scan— All Bluetooth devices enter into Page Scan mode. Different Bluetooth devices enter into the Page Scan mode at different instances such as when a specific button is pressed three times or a specific button is pressed and held until the LED turns blue. NOTE: Auto Connect function—The Auto Connect function is designed for HID devices. Prerequisites: • ThinOS Lite has no HID devices connected such as USB or Bluetooth HIDs.
2 The Bluetooth device name displays N/A sometimes. Workaround: Remove this device from the list and rescan. 3 The Bluetooth device status is not refreshed sometimes when wireless chipset 7260 is shut down. Workaround: Close the ThinOS Lite Bluetooth window and re-open it. The status is updated. 4 Only supports volume button and mute button on Bluetooth headset. 5 The performance of Bluetooth feature is low during wireless connection.
Figure 119. Printer setup—Ports 2 Click the Ports tab and use the following guidelines: a Select Port—Select the port you want from the list. LPT1 or LPT2 selects the connection to a direct-connected USB printer. b Printer Name — (Required) Enter name you want displayed in your list of printers. most USB direct-connected printers report/fill in their printer name automatically.
NOTE: If the zero client is to be used as an LPD printer server, DHCP must not be used and a static IP address must be assigned to the client. 3 Click OK. Configuring the LPDs Settings To configure the LPDs Settings: 1 From the floating bar Menu, click the System Setup , and then click Printer. The Printer Setup dialog box is displayed. Figure 120.
e If the printer is attached to another zero client on your network, the entry in the LPD Hosts box is the name or address of that zero client. LPD Queue Name — An LPD host maintains a named queue for each supported printer. Enter the name of the queue associated with the printer to be used. This name can be different for each vendor. This field is required and must be correct so that the network printer accepts incoming print jobs properly.
b c d e f g Printer Name —(Required) Enter name you want displayed in your list of printers. Printer Identification- Enter the type or model of the printer in the exact text of the Windows printer driver name—including capitalizations and spaces. This name must be either the device driver name for the printer under the Microsoft Windows system, or a key to map to the device driver.
Using the Help When you click the Help tab, the following message is displayed in the text box. Printer Identification is supplied by printer device. Change it to a Window’s printer driver name or setup a driver mapping file.
8 Performing Diagnostics Diagnostics include: • System Tools • Using the Trouble Shooting Options System Tools Use the System Tools dialog box to view device details, import certificates, view package details, and Global INI/User INI information. 1 From the floating bar menu, click System Tools. The System Tools dialog box is displayed. 2 Click the Devices tab to display all the locally attached devices, including USB, Serial, and Parallel on applicable platforms.
Figure 123. Peripherals—Audio NOTE: The Mirror File Server tab has been removed from the System Tools dialog box as it can now be viewed in the Devices tab.
Figure 124. System tools—Certificates a b c Import the certificates by selecting either USB Storage or File Server from the drop-down list, and then click Import to import the required certificate. Click Delete to delete the imported certificate. Click View Certificate to view the imported certificate information such as Version, Validity, and Serial number. You can also view the certificate path and certificate status. For more information about certificate details, see About Default Certificates.
Figure 125. System tools—Packages a b Click the Delete button to delete the selected package. Click the Delete all button to delete all the packages. The following packages are available in the package tab: • base.i386.pkg • FR.i386.pkg • RTME.i386.pkg package For information about updating the packages, see Firmware upgrade. You cannot delete the base package separately. If u clickDelete All, all packages are deleted including the base package. The base.i386.pkg is mandatory for all zeo clients.
5 Click the Global INI tab to use to view xen.ini information. Figure 126. System tools—Global INI 6 Click the WDM INI to view the received WCM configurations.
Figure 127. System tools—WDM INI WCM function is supported from WDM for comprehensive client configuration. Without configuration from server, the client loads the cached settings (wdm.ini), if available. Limitation To upgrade or downgrade firmware/image through WCM, you are required to enable WDM file server function by selecting the WTOS INI path upon checkin (FTP/HTTPS/HTTP/CIFS) check box in the WTOS preferences in the WDM configuration manager.
Figure 128. ThinOS or Linux configuration b Select the target devices, and publish configuration settings through the Package Distribution Wizard. Figure 129.
Figure 130.
Figure 131. Package Distribution Wizard For more information about WDM Package Manager and Profile Manager, refer to the WDM Admin Guide. 7 Click OK to save the settings. Simplified Certificate Enrollment Protocol—SCEP Simplified Certificate Enrollment Protocol (SCEP) was designed to be used in a closed network where all end-points are trusted. The goal of SCEP is to support the secure issuance of certificates to network devices in a scalable manner.
Figure 132. Request Certificate 2 Enter the appropriate values in the Request Certificate dialog box, and then click the Request Certificate button. The certificate request is sent to the server and the client receives the response from server and installs both CA certificate and client certificate. 3 Click Ok to save the changes. NOTE: • The CA Certificate Hash type currently supports MD5, SHA1, and SHA256. • The request server URL can be an HTTP or HTTPs link.
About Default Certificates Default certificates embedded in the ThinOS are displayed in the Certificate dialog box. To view the default certificate, set ThinOS to factory default, and on the desktop click System Settings > System Tools > Certificates. The following default certificates are displayed in the cacerts folder, in an expandable tree structure format: • BTCTRoot.crt • Class3PA_G2_v2.crt • Class4PA_G2_v2.crt • Entrust_G2.crt • EquafaxCA1.crt • gd-class2–root.crt • GTECTGlobalRoot.
Certificate field Default value/format C=IE Valid from 2000–05–12 18:46:00 Valid to 2025–05–12 23:59:00 Subject Baltimore CyberTrust Root CN=Baltimore CyberTrust Root OU=CyberTrust O=Baltimore C=IE Public key RSA (2048 bits). Key bits are displayed in the lower pane of the window.
Certificate field Default value/format C=US Public key RSA (1024 bits). Key bits are displayed in the lower pane of the window. Thumbprint algorithm sha1 Thumbprint 85 37 1c a6 e5 50 14 3d ce 28 03 47 1b de 3a 09 e8 f8 77 0f Certificate name—Class4PCA_G2_v2.crt Table 14. Class4PCA_G2_v2.
Table 15. Entrust_G2.crt Certificate details Certificate field Default value/format Version V3 Serial number 4a 53 8c 28 Signature algorithm sha256RSA Issuer Entrust Root Certification Authority CN=Entrust Root Certification Authority—G2 OU=(c) 2009 Entrust, Inc. – For authorized use only OU=See www.entrust.net/legal-terms. O=Entrust, Inc.
Certificate field Default value/format C=US Valid from 1999–06–21 04:00:00 Valid to 2020–06–21 04:00:00 Subject Equifax Secure eBusiness CN=Equifax Secure eBusiness CA-1 0=Equifax Secure Inc. C=US Public key RSA (1024 bits). Key bits are displayed in the lower pane of the window.
Certificate field Default value/format Key usage Digital Signature, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only Subject key ID d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3 Authority Key ID Key bits are displayed in the lower pane of the window.
Certificate field Default value/format Issuer Class 3 Public Primary Certification Authority OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Valid from 1996–01–29 00:00:00 Valid to 2028–08–01 23:59:59 Subject Class 3 Public Primary Certification Authority OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Public key RSA (1024 bits). Key bits are displayed in the lower pane of the window.
Certificate field Default value/format Public key RSA (2048 bits). Key bits are displayed in the lower pane of the window.
Figure 133. Trouble Shooting 2 Click the General tab and use the following guidelines: a b c d e f g h 3 Click either USB or File Server to select your target device you want to use for CMOS management. Extract CMOS — Click this option to extract the CMOS settings to the USB Key or file server based on your target device selection. Restore CMOS — Click this option to write the CMOS settings from the USB Key to the target zero client.
Figure 134. Trace 4 Click the Capture tab to configure the Export Event Log, Network Capture to USB, Wireless Capture to USB, and capture USB packets.
Figure 135. Capture If you want to enable the error messages, use the following guidelines: • Click either One-time or Persistent option to enable logging the unexpected error message. • If you want to check the error messages, under Troubleshooting, turnoff the logging before checking.
Figure 136. Event log • Be sure to enable the EnableTrace option of the Privilege parameter in a xen.ini file. For more information, see Dell Wyse ThinOS Lite INI Guide. • Use the Network capture to USB option to enable the capture of network information, that is, a network trace of all traffic coming in and out of the zero client to a USB drive that is inserted into the zero client. After you login and use the XenDesktop server or network, you will see a /wnos/troubleshoot/[Terminal Name]_[ENET or WS].
Figure 137. Ping a b c d Enter Hostname or IP — Enter the IP address, DNS-registered host name, or WINS-registered host name of the target to be pinged. Data area — Displays ping response messages. The ping command sends one echo request per second, calculates round trip times and packet loss statistics, and displays a brief summary upon completing the calculation. Start — Executes the ping command. If the host is operational and on the network, it responds to the echo request.
NOTE: Ping sends an echo request to a network host. The host parameter is either a valid host name or an IP address. If the host is operational and on the network, it responds to the echo request. Ping sends one echo request per second and calculates round trip times and packet loss statistics. It displays a brief summary upon completion of the calculation. The ping utility can be used to: • Determine the status of the network and various foreign hosts. • Track and isolate hardware and software problems.
Figure 138. Trace Route a b c d Enter Hostname or IP — Enter the IP address, DNS-registered host name, or WINS-registered host name of the target to be traced Data area — Displays round-trip response time and identifying information for each device in the path. Start — Executes the tracert command. Stop — Terminates the tracert command and leaves the Trace Route dialog box open, so you can read the information posted in the data area.
Figure 139. Telnet a b Enter the hostname. Click Connect to connect to a remote host or device. The Telnet window is displayed, and the troubleshooting window is closed automatically.
Figure 140. Telnet Window 8 Click OK to save the settings.
9 BIOS Management The BIOS management information is used with the following supported versions: • Wyse 5010 Zero Client for Citrix - D00DX (ThinOS Lite pro) BIOS version 3.0D or later For BIOS configuration, if a password is configured, the password is required to update any settings. For example, the INI parameter to update settings must be same as CurrentPassword={}. This is mandatory for Dell BIOS, and will be implemented as mandatory for Wyse BIOS post this release.
CMOS Central Management—Extracting CMOS Settings to the File Server for Distribution CMOS Central Management allows ThinOS Lite administrators to easily manage CMOS settings for large deployments of zero client devices using central configuration methodologies. The following are the steps for extracting CMOS Settings to the File Server for Distribution for C00 BIOS version 1.0B_SPC001–0407: 1 To prepare a Reference Drive containing BIOS version 1.
a b c 2 To extract the CMOS Settings to a USB Key: a b 3 The Reference Device is a golden image you use to distribute to other zero client devices. To access Reference Drive, enter the BIOS Setup Utility. Press the Delete key, enter the Password — Fireport (case sensitive) and press Enter. Configuring the CMOS settings, includes AutoPower, BootOrder, P-key setting, BiosPassword. Save your CMOS Settings. Restart your zero client device.
10 Security Changes A new global security policy has been defined for ThinOS Lite and this policy is applied to all secure connections (https/SSL connections) with a few exceptions. Purpose – To improve the security level by default and add the global configuration. This security policy integrates security setting for each application.
automatically installs the required certificates. From the second boot up, without these configurations, the warning message is displayed with OK button for you to continue. NOTE: For file server, the continue button is displayed with its own GUI.
Figure 143. File Server The server address does not convert to http, if WDM server is set as https. • In the previous scenario, If WDM server is configured without HTTPS, and local WDM server address is specified in HTTPS, then the system converts it to HTTP address. • In the current scenario, the system does not convert the WDM server address to HTTP. Manual discovery is removed from WDM. In the WDA tab, the Manual discovery method option is removed.
Figure 144. Central Configuration By default, the SNMP is set to disabled. You can enable it by setting the INI parameterCommunity= Security Enhancements—Firmware Signature In ThinOS Lite 2.4 release, firmware signature verification is added to enhance firmware security. By default, signature verification is required on firmware downgrade/upgrade Salient features • By default, signature verification is required on firmware downgrade/upgrade. • Provision to downgrade from 2.4 firmware to 2.
– Upgrade or Downgrade between 2.4 and later firmware. Transport Layer Security—TLS Transport Layer Security (TLS) is a protocol that provides communication security between the client and server applications. Upgrade to Transport Layer Security (TLS)— In the ThinOS 8.2 release, the TLS is upgraded from version 1.0 to version 1.2. By default, the ThinOS client uses TLS 1.
A Creating and Using xen.ini Files In this chapter you will learn how to construct and use a xen.ini file. The xen.ini file you create will provide your zero client with automatic updates and configurations. Downloading and Using Sample INI Files ThinOS Lite Sample INI files are available from Dell and can be modified to suit the individual connection profile needs for your users.
3 Blank Lines Make Files Easy for Humans to Read Using blank lines is recommended for making code easier for you to read. For example: BootOrder=harddisk;usb;pxe SessionConfig=ICA PnliteServer=xxxxx SessionConfig=ICA USBRedirection=HDX AudioQuality=High DomainList="dellwyse.com" Password=PCCOPIDIPKCKPGGC encrypt=yes MaxVNCD=1 VncPassword="NCAOIIBOMPACMOAFMPBJ" Encrypt=yes VncPrompt=No Accept=5 4 Comment by using a # Sign As stated earlier, number signs (#) indicate the start of a comment.
Parameter Description The length of the filename, including the trailing period and the file extension, is limited to 64 characters. This is required when configuring the Citrix Secure Gateway PNAgent Interface (PNAgent/Lite servers) in the Network Setup dialog box. Adding certificates are required if the user CSG environments use certificate agents that are not covered by the built-in certificates. The certificates are used to validate server identities by your zero client. Supported files include .
Parameter Description 102 — Enable upgrade only, but have a popup message that identifies the firmware version, and then prompts with OK and Cancel buttons appearing before the process; completion message appears after process. 201 — Enable a forced firmware upgrade/downgrade process, but have a popup message with OK button appearing before process although process will begin in 20 seconds in any case; completion message appears after process.
Parameter Description When HTTPS is configured to verify client certificate, one window pops up for the user to select the client certificate. If only one client certificate is available, set AutoSelectSingleCert=yes will not prompt the window and automatically select the client certificate. AutoSignoff={yes, no, 2-60} AutoSignoff —This option can be used to automatically sign-off a user when the last opened session is closed. The default value is no. A value ranging from 2 to 60 can be configured.
Parameter Description badge and in active grace period to authenticate with a single badge tap. The default value is no. CCMEnable={yes, no} [CCMServer=[:port]] Default is no. CCMEnable — Yes/no option to enable the Cloud Client Manager [GroupKey=] CCMServer — Specifies a IP address or URL address for the Cloud Client Manager server. Default protocol is HTTPS. If "http://" or "https://" does not exist, default port is 443. Once specified, it is saved in the non-volatile memory.
Parameter Description NOTE: There is an exception in the logic above when the 'override=yes' option is used in INI file. This will make #2 take priority over #1. For example CCMEnable=yes CCMServer=xxx:8080 GroupPrefix=wlab GroupKey=TC-TEST-ENG MQTTServer=xxx:1883 AdvancedConfig=yes Override=yes If IgnoreMqtt=yes is specified, CCM agent will not connect to MQTT server. The default value is no. Community=community [Encrypt={yes, no}] Specifies the SNMP community name.
Parameter Description Layout — Default is stretch. Specifies the arrangement on the desktop background of the bitmap file specified by the Desktop parameter, if auto dial-up is set, Layout is invalid. • For center, the image is placed in the center of the desktop without image size change. • For tile, the image is replicated across the desktop. • For stretch, the image is modified to fill the desktop.
Parameter Description min_cache — Default is 1. This option is for configuring ThinOS audio playback minimum buffering amount in ten millisecond units. This can be used when network bandwidth is not large enough to play audio smoothly. In such cases, set min_cache higher, so that ThinOS will buffer more audio data before playing the audio. 1 – ThinOS will buffer at least 10 ms of audio data when playing audio. 50 – ThinOS will buffer at least 500 ms (0.5s) of audio data when playing audio.
Parameter Description 3 — 1/4 4 — 1/5 5 — 1/6 optimize — Default is no. Yes/ no option to optimize the width, height, and fps at 320 x 240 at 10 fps. That is, if optimize=yes, then 320 x 240 at 10 fps will be used for the local camera settings regardless of the individual settings in width, height, and fps; as long as the camera supports the 320 x 240 at 10 fps. If optimize=yes and the camera does not support the 320 x 240 at 10 fps settings, an error will be present in the Event Log of ThinOS Lite.
Parameter Description After the administrator configures the CMOS on a template unit, the administrator should sign on to "cmos" account on ThinOS Lite to get the CMOS content saved to the cmos file on writable File Server xen directory. Then the xen.ini must be configured with "Device=CMOS action=restore", so all target units will get updated with the same CMOS setting as template unit after reboot.
Parameter Description NOTE: These settings are saved into NVRAM if EnableLocal is set to yes in the xen.ini file. disabledKeys=PrtScn;SysRq—You can use this parameter to disable keys in the keyboard. Use semicolon (;) to separate each key. Currently, only Prtscn and SysRq keys are supported. Device=UsbTrace Specify the ThinOS Lite to trace USB device data to ftp or USB disk.
Parameter Description [WDMPort={128-254}] RapportSecurePort— Specifies the HTTPS port of WDM server. It is in 6.3 to support WDM4.7. [PnliteServer={128-254}] [DomainList={128 -254}] [VDIBroker={128-254}] [RapportSecurePort={128-254}] [Discover={yes, no}] [WDMSecurePort={128-254}] Discover—If Discover=yes, the device fetches Wyse DHCP options from DHCP server, otherwise, it prevents the device from fetching those information. Default value is yes.
Parameter Description WirelessWaitEnet—This option specifies the wait period before the wireless initializes in case of Enet Up. The default value is 5. Device=vusb [ForceRedirect=DeviceID] [ForceLocal=DeviceID] [Type={TCX, HDX}] [InterfaceRedirect={no, yes}] Device — Specifies the ID of a local USB device that is not redirected by default. ForceRedirect — Specifies a forced redirect of the local USB device to the server. This parameter has priority over ForceLocal.
Parameter Description DisableWlan—Used to disable wireless. If DisableWlan=EnetUp, and the ethernet is on while booting, the wireless connection is disabled.
Parameter Description If you set Combined=yes, the DNS server will combine the DNS server configured by DHCP and the static one. The DNS domain will use the value configured by DHCP in case the static DNS domain is empty. DomainList= [disable={yes/no}] A list of domain names that will appear in the Log on dialog box as options to help users in selecting the domain to sign-on to PNAgent/ PNLite servers. Once specified, it is saved in non-volatile memory.
Parameter Description The option SecurityMode specifies these security modes. It is only valid when connected to https fileserver, the details of which are shown below: • Client checks the server certificate in the following phases except in Low mode: – Certificate has to have a Valid Date. – Issuer is valid and correct. – Certificate verification should pass. – CN and SAN on cert match DNS naming.
Parameter Description [eap={yes,no}] If two entries exist in an INI file, one each for wired and wireless, both will take effect; for example IEEE8021X=yes network=wired EAP=yes … IEEE8021X=yes network=wireless access=WPA-ENT … [eaptype={None, EAP-LEAP, EAP-TLS, EAP-PEAP,EAPFAST}] [leapun=] [leappwd=] [leappwdEnc=] [tlsauthtype=] [tlsclntcert=] [tlsclntprikeypwd=
Parameter Description [timeoutretry=] If fastmschaphidedm is set to yes, the domain uses saved EAP_FAST MSCHAP domain name, and the prompts dialog does not include the domain field when you perform ieee8021x authentication.
Parameter Description [Ctrl+Alt+Up={no, yes}] keySequence — Yes/no option to enable the following supported combined keys options [Ctrl+Alt+Down={no, yes}] [Ctrl+Alt+Left={no, yes}] [Ctrl+Alt+Right={no, yes}] [Win+L key={no,yes}] [Alt+Tab={yes,no}] • KeySequence=yes enables all of these options, each having a default of yes that you can change individually to no if desired. • KeySequence=no disables all of these options regardless of the individual settings. Ctrl+Alt+Del — Default is no.
Parameter Description Arabic (Morocco) — Ar_mor Arabic (Tunisia) — Ar_tun Arabic (Oman) — Ar_oma Arabic (Yemen) — Ar_yem Arabic (Syria) — Ar_syr Arabic (Jordan) — Ar_jor Arabic (Lebanon) — Ar_leb Arabic (Kuwait) — Ar_kuw Arabic (U.A.E.
Parameter Description French (Swiss) — fr_sf German — De German (IBM) — de_ibm German (Swiss) — de_sg Greek — el Hungarian — Hu Icelandic – Is Italian — It Italian (Swiss) — it142 Japanese — Jp Japanese — Jp_109a Korean — Ko Korean (MS-IME2002) — ko_ime Latvian (Latvia)-lv_lv Latvian (Qwerty)-lv_lv_q Lithuanian (Standard)-lt_lt Lithuanian (IBM)-lt_lt_i Lithuanian (MS)-lt_lt_m Norwegian — No Polish (214) — Pl Polish Programmers — pl_prog Portuguese — Pt Portuguese (Brazil) — Pt2 Romanian — Ro Slovakian — Sl
Parameter Description Turkish (QWERTY) — turk_q U.S. International — us_int NOTE: Japanese refers to Japanese Input system (MSIME2000), not JP. Russian keyboard is supported for server input; not local input.
Parameter Description Values include: English, us, French, fr, German, de, Chinese Simplified, gb, Chinese Traditional, b5, Japanese, jp, Korean, ko, Latin, la load=yes/no specifies whether or not to load the language file. The language file must end with the locale name and be placed under the folder xen/locale in the file server. For example, if you want to specify French and load the localized messages, you must place a file named French.
Parameter Description NOTE: • If the parameter ManualOverride is set, a warning message is displayed when the users try to reset the device to allow them to retain the personalized settings or revert to default settings. The components set using the INI statements are ignored. For example, ManualOverride=Yes Components="display,timezone" This INI statement allows the user to customize display and timezone settings, and these personalized settings are not overridden by wnos.ini after the device restart.
Parameter Description If DisableHotKey is set to yes, then no action when you press the hotkey defined in Imprivata Server. Only WebAPI 4 and later versions support the hotkey function. Loglevel— While configuring the Imprivata server, user can view the OneSign logs on ThinOS Lite by enabling the Agent Logging feature. An ini configuration is needed correspondingly. Default value is 0. If set to 0, logs are not displayed.
Parameter Description The default option following "SelectServerList={PNA, VDI}" specifies the default server. The value is one of the server description defined. After the user selects different server and signs off, this default server is selected. If there is no default option, the last selected server is selected in the next sign on. The Default option following "SelectServerList={PNA, VDI}" can specify the default server. The value is one of server description defined after that.
Parameter Description The SelectServerList statement is also supported: MultiLogon=yes SelectServerList=pna \ description=store host=http://proper-storefronturl.ctx.com description="Floor 3" host=10.1.1.30 \ description=""Floor 1" host=10.2.2.60 \ description="All Users" host=10.3.3.90 NOTE: The Select Server List takes precedence over PNAgentServer. The PNA server description or name can be displayed on the signon window so that the user knows which and what server is logging on.
Parameter Description https://FQDN DisableBeep — Default is no. Yes/no option to set the Rfideas reader to mute when a card is tapped. KisokMode — Default is no. Yes/no option to allow the OneSign user to share the client desktop. EnableFUS — Default is no. Yes/no option to set the Citrix client to remain running when switch users. TaptoLock — Default is 2. Only active when KioskMode=yes. Specifies tap to lock. If TapToLock=0, then tap a card to lock terminal is disabled.
Parameter Description NOTE: Event log will display new statements stating that FileSystem encryption has been enabled. PnliteServer= [ReconnectAtLogon={0, 1, 2}] [ReconnectFromButton={0, 1, 2}] [AutoConnectList={*/ appname1;appname2; appname3...
Parameter Description Timeout — Specifies the time in seconds where a client will try to establish a connection before reporting that it is unreachable. CAGRSAAuthMethod or CAGAuthMethod — CAGAuthMethod option is used for CAG authentication configuration. NOTE: This option replaces CAGRSAAuthMethod. If CAGAuthMethod=RSA which is same as the prior CAGRSAAuthMethod=RSASecurid, an extra passcode field needs to be input except username/password/domain. If CAGAuthMethod=LDAP, no passcode field is needed.
Parameter Description StoreFront — Default is no. Yes/no option to support Citrix StoreFront Authentication. The value will be saved into NVRAM. HttpUserAgent—The option will replace the default “CitrixReceiver WTOS/1.0” during Netscaler login. If you are using “WTOS/1.0” as Netscaler Session Policy, set this INI parameter to retain your Netscaler policy configuration. CAGSendDomain—This option sends domain as domain\user to external network Netscaler to support Netscaler and DUO passcode authentication.
Parameter Description EnableLPD — Default is no. Yes/no option to enable the LPD service. NOTE: The parameters must be specified in the order shown. Printer={LPD1, LPD2, LPD3, LPD4} Default is LPD1. [LocalName=name] Printer — Specifies the LPD printer to configure. [Host= host] LocalName — Specifies the name of the printer. If LocalName is not specified, the Queue name is used.
Parameter Description Domain — Specifies the domain name of the SMB printer. ** PRIVILEGE=[None, Low, High] Default is high. [LockDown= {no, yes}] Privilege controls operator privileges and access to zero client resources. See also CCMEnable={yes, no}.
Parameter Description HidePN — Default is no. Yes/no option to hide the PNAgent or PNLite icon from view on the taskbar. HideConnectionManager — Default is no. Yes/no option to hide the Connect Manager window from view. NOTE: As stated earlier, although the Connect Manager is disabled by default if Privilege=none, the Connect Manager can be enabled by using HideConnectionManager=no; however, the user cannot create a new connection or edit an existing connection. EnableNetworkTest — Default is no.
Parameter Description DisableChangeDateTime—If the option DisableChangeDateTime is set, the function of changing the date and time locally is disabled. For example, when you right-click the time label in taskbar, nothing is displayed. The Change Date and Time button in System Prefernce is invisible. NOTE: If the optional EnableNetworkSetup=yes is set with Privilege={none, low}, the network setup will be enabled.
Parameter Description option User and Password specify the credentials of this proxy server. The option Encrypt specifies if the password is encrypted or not. The option User and Password can support system variables. Because CCM runs before sign on, it is not appropriate to use $UN and $PW. If Type=Global, the proxy settings are saved into http proxy setting, and the https and socks5 proxy settings use the same setting as http proxy. And the followed proxy settings will be ignored.
Parameter Description needs to verify server certificate. If it is untrusted, drop the connection.If set to warning, the SSL connection needs to verify server certificate. If it is untrusted, it is up to you to continue or drop the connection.If set to low, the server certificate is not checked. The value is persistent, and the default value of the setting is default. If the settings are factory default or if you are upgrading to ThinOS Lite 2.3 for the first time, the value is temporarily set to low.
Parameter 1280X768, 1280X1024, 1360X768, Description 1680X1050, 1920X1080, 1920X1200] NOTE: When using the Wyse Y Cable, DDC will properly work on both monitors by default.
Parameter Description [Sleep={0-180}] LockTerminal— This is an optional parameter and specifies to put the thin client in LOCK state when the screen saver is activated. Default is 0. 0 — Disabled. 1 — Puts the thin client in a LOCK state when the screen saver is activated. The wallpaper is shown and the user is prompted with an unlock dialog box to enter the sign-on password to unlock the thin client. LockTerminal settings are saved into NVRAM if LockTerminal=1and EnableLocal=yes is set in the xen.
Parameter Description If SelectGroup=yes, then the pictures residing in the picture subfolder under the group folder are displayed. For example, /xen/ini/{group_dir}/picture If group pictures do not exist, global pictures are used. Supported formats include JPG, GIF, PNG and BMP. PictureTimer — Specifies the interval to wait in seconds to display another picture. Default value is 6 seconds. PictureOrder — Specifies the order of picture files to display. The default is to use the order of sort from A to Z.
Parameter Description For example, Fileserver follows global security policy. Citrix broker, and SECUREMATRIX are forced to high security mode. If the optional SecuredNetworkProtocol=yes is set, the unsecure protocols including ftp, http and tftp are disabled. The value is persistent, and the default value is no. Option TLSMinVersion and TLSMaxVersion allows you to configure the SSL connection.TLSMinVersion sets the minFallbackMinorVersion.
Parameter Description [WyseVDAServerPort=serverPort] The options VUSB_DISKS, VUSB_AUDIO, VUSB_VIDEO, VUSB_PRINTER are specified, if these USB devices are redirected to the server using TCX Virtual USB or ICA USB redirection when USB redirection is enabled.By default, these devices are handled as local devices.
Parameter Description [mapdisksunderz]: DISCONTINUED. DO NOT USE. desktopmode — Default is fullscreen. Specifies the display mode of an ICA published desktop when using an ICA PNAgent logon; the default is fullscreen mode for a PNA desktop application. [TosIpPrecedence={0–5}] [TosDscp={Default/CS1/CS2/CS3/CS4/CS5/CS6/CS7/ AF11/AF12/AF13/AF22/AF23/AF31/AF32/AF33/AF42/ AF43/EF}] mapdisksunderz — DISCONTINUED. DO NOT USE. [DiskMapTo=a character sequence] TosDscp — Sets IP DSCP in the TOS fields.
Parameter Description is set as ondesktop=*IE*, any application which includes the string IE is displayed. AudioQuality — Default is default. Specifies the audio quality of ICA sessions. NOTE: Medium quality is recommended for Speech scenarios. For example: SessionConfig=ICA AudioQuality=high USBRedirection — Default is ICA|HDX. Option to select the channel of usb devices redirection. This option is recommended to replace the older setting device=vusb type={TCX, HDX}.
Parameter Description DisableReceiverLogo—Hides the CitrixReceiver logo in left top corner in storefront style. The default value is No. MMRClientFetchDisabled — This option disables RAVE client content fetching. The default value is No. SessionConfig=ICA KeyboardTimer=1000 Shutdown={standby, turnoff} This is a Citrix INI. This specifies the amount of time, in milliseconds, the client queues keystrokes before passing them to the server. Default is standby.
Parameter Description [RequireSmartCard ={yes or force, optional, no}] The size of domain\username is limited to 32. If input domain\username size is greater than 32, it will be truncated and then saved into NVRAM. [CitrixSignonStyle={default, xenith, thinos}] [SignonStatusColor=“rrr ggg bbb”] If SaveLastDomainUser=user, only username is saved into NVRAM. If SaveLastDomainUser=domain, only domain name is saved into NVRAM.
Parameter Description If the terminal is locked and unlocked by using password, start counting the sign on expiration time again. If the default value yes is set, then when you unlock the system, the system will refresh PNA list to verify the password. Set the value to no to disable the behavior of refresh. (CIR63666) The optional keyword SCShowCNName is set to yes to forcibly use the CN name of the certificate as the user name when using smartcard sign on.
Parameter Description [Locality= locality] Set InstallCACert—Set this keyword to yes to install the root CA's certificate as trusted certificate after successfully getting a client certificate.
Parameter Description SysinfoOntop=[yes,no] This parameter enables the System Information window to be displayed at the top in the Z-Order and overlaps on the nonmode switched full screen session window. SysMode={classic, vdi, Citrix} SysMode — Specifies the Zero interface optimized for VDI or the Classic interface. This value will be remembered across reboots until changed. If not defined and an INI is present, Classic mode is the default. If no INI is present, VDI mode is the default.
Parameter Description TcpMaxRetransmission= Default is 5. TerminalName= User can set a string up to 15 characters as terminal name. It can be configured as system variable like $MAC, $SN or $IP etc. [reboot={no, yes}] Configures the retransmission of a TCP connection. If reboot is set to yes and the terminal name is changed, the terminal will reboot. If "TerminalName=$DNS" is set, the system will do reverse DNS lookup to configure the terminal name.
Parameter Description IMPORTANT: The Start and End options are in the MMWWDD format, where: MM = Month of the year. Values are 01 to 12 for the months of the year from January to December. For example, 01 = January, 12 = December WW = Week of the Month. Values are 01 to 05 for the week of the month, 05 is the last week. For example, 01 = 1st week, 05 = the last week of the month. DD = Day of the week. Values are 01 to 07 for the day in the week from Monday to Sunday. For example, 01 = Monday, 07 = Sunday.
Parameter Description VPN=openconnect The INI openconnect enables you to connect to Cisco AnyConnect VPN servers, that use standard TLS protocols for data transport. [Description=string_description] [Server=server_ip_or_name] [Username=username_string] [Password=password_string] [Autoconnect={yes,no}] [Username-enc=encrypted_username_string] [Password-enc=encrypted_password_string] Folder=[folder] Description specifies the session name. The length of the string is limited to 21 characters.
Parameter Description disableNotice—If disableNotice=yes, and the configuration from WDM is received, the count down prompt window is not displayed. The default value is no. disableCancel—If disableCancel=yes, there is no possibility to cancel count down prompt for WDM (device is going to reboot). noticeTime—If noticeTime is available, the time of countdown prompt is changed to time set using this parameter. Default value is 20.
Parameter Description WINSServer= Specifies the WINS server address. The WINSserver is an IP list separated by ";" or ",", with a maximum list size of 2. Connect Parameter: Options This topic provides the supported options for the Connect parameter in ICA supported connections. ICA connect options Table shown here contains the supported options used for ICA connections (after you use the Connect=ICA parameter/selection).
Option Description 2 – Medium Quality 3 – Low Quality Autoconnect={0 to 99} Default is 0. Use for automatically starting a session after you sign in, if sign-on is enabled. The value of 0 – 99 is the delay in seconds before auto-starting the session. AppendUsername=1 This enhancement allows user names to display in the title bar of an ICA session at the client side. Browserip=list of browsers List of IP addresses or DNS registered names to specify ICA browsers.
Option Description Encryption={None, Basic, 40, 56, 128, Login-128} Default is Basic. Connection security encryption level. The highest level is 128-bit security (Login-128 option is 128 bit encryption for login only).The lowest is None. NOTE: The server must support the specified level of encryption or the connection will fail. Fullscreen={no, yes} Default is no. Yes/no option to run the session in full screen. If Fullscreen=no then the session runs in a windowed screen.
Option Description The connection description of the Description option is used as the index key into the local connection table. If a match is found, then the entry is updated. Otherwise, a new entry is created. Maximum total of local entries is 16. Logon_mode={local-user, smartcard, user-specified} Default is local-user. Specifies how users authenticate to the selected application set or ICA connection. Lowband={no, yes} Default is no.
Option Description IMPORTANT: The application server password is not encrypted; it is strongly recommended not to specify it. The user will be prompted to enter the password when the connection is made. This application server password directive never starts a line, so it can be distinguished from the thin client user sign-on password which does starts a line. NOTE: The Password option is not written into a {username}.ini file by a user.
Option Description Yes/no option to use a unisession. The connection will launch only once at a time. UnmapClipboard={no, yes} Default is no. Yes/no option to disable clipboard redirection for an ICA session if redirecting the clipboard. UnmapPrinters={no, yes} Default is no. Yes/no option to not auto-connect to local printers when the connection starts. UnmapSerials={no, yes} Default is no. Yes/no option to not auto-connect to local serials when the connection starts.
NOTE: The Start and End options are in the MMWWDD format, where: MM = Month of the year. Values are 01 to 12 for the months of the year from January to December. For example, 01 = January, 12 = December WW = Week of the Month. Values are 01 to 05 for the week of the month, 05 is the last week. For example, 01 = 1st week, 05 = the last week of the month. DD = Day of the week. Values are 01 to 07 for the day in the week from Monday to Sunday. For example, 01 = Monday, 07 = Sunday U.S.
Geographic time zones Time zones name (GMT-05:00) Bogota, Lima, Quito, Rio Branco SA Pacific (GMT-05:00) Chetumal Eastern (Mexico) (GMT-05:00) Eastern Time (US & Canada) Eastern (GMT-05:00) Indiana (East) US Eastern (GMT-04:30) Caracas Venezuela (GMT-04:00) Asuncion Paraguay (GMT-04:00) Atlantic Time (Canada) Atlantic (GMT-04:00) Cuiaba Central Brazilian (GMT-04:00) Georgetown, La Paz, Manaus, San Juan SA Western (GMT-03:30) Newfoundland Newfoundland (GMT-03:00) Brasilia E.
Geographic time zones Time zones name (GMT+01:00) Sarajevo, Skopje, Warsaw, Zagreb Central European (GMT+01:00) West Central Africa W. Central Africa (GMT+01:00) Windhoek Namibia (GMT+02:00) Amman Jordan (GMT+02:00) Athens, Bucharest GTB (GMT+02:00) Beirut Middle East (GMT+02:00) Cairo Egypt (GMT+02:00) Damascus Syria (GMT+02:00) E. Europe E.
Geographic time zones Time zones name (GMT+04:30) Kabul Afghanistan (GMT+05:00) Ashgabat, Tashkent West Asia (GMT+05:00) Ekaterinburg (RTZ 4) Russia TZ 4 (GMT+05:00) Islamabad Karachi Pakistan (GMT+05:30) Chennai, Kolkata, Mumbai, New Delhi India (GMT+05:30) Sri Jayawardenepura Sri Lanka (GMT+05:45) Kathmandu Nepal (GMT+06:00) Astana Central Asia (GMT+06:00) Dhaka Bangladesh (GMT+06:00) Novosibirsk (RTZ 5) Russia TZ 5 (GMT+06:30) Yangon Rangoon Myanmar (GMT+07:00) Bangkok, Hanoi, Jak
Geographic time zones Time zones name (GMT+10:00) Guam, Port Moresby West Pacific (GMT+10:00) Hobart Tasmania (GMT+10:00) Magadan Magadan (GMT+10:00) Vladivostok, Magadan (RTZ 9) Russia TZ 9 (GMT+11:00) Chokurdakh (RTZ 10) Russia TZ 10 (GMT+11:00) Solomon Is.
B Examples of Common Printing Configurations This section provides examples on using the Printer Setup dialog box and ThinOS Lite INI parameters for common printing situations. Use the following guidelines mentioned below in addition to the information provided in Connecting to a Printer. IMPORTANT: Host-based printers are not supported.
c d e 3 Printer Identification — Enter the type or model of the printer in the exact text of the Windows printer driver name — including capitalizations and spaces most USB direct-connected printers display their printer identification automatically. In the above mentioned scenario, enter HP LaserJet 4000 Series PCL. Printer Class — You can leave this as default. Enable the printer device — Enable this option, as it enables the printer device to display on the remote host. Click OK to save the settings.
f g NOTE: If the printer is attached to another zero client on your network, the LPD Queue Name must match the content of the Printer Name box on the zero client with the printer attached. Printer Class — (Optional) You can leave this as default. Enable the printer device — Enable this option, as it enables the printer device to display on the remote host. Using INI Parameters for Non-Windows Network Printers— LPD The INI parameters for Non- Windows Network Printers (LPD) : Printer=LPD1 \ LocalName="HP La
It enables the device so it displays on the remote host. Click Test Print and you will be prompted to enter your Windows credentials, these credentials will be used to access the printer share. This is also the same dialog box that will display for a user when they attempt to print to this printer.
Using Your Zero Client as a Print Server—LPD A ThinOS Lite zero client can be configured as a basic network print server, to share local printers with other zero clients. Using the Printer Setup Dialog Box for Configuring LPD Services A zero client can be configured to provide LPD (Line Printer Daemon) services making the zero client a printer server on the network.
PrinterID="HP LaserJet 4000 Series PCL" \ Enabled=yes \ EnableLPD=yes NOTE: The PrinterID is the exact text of the Windows printer driver name, so if a printer driver is named HP LaserJet 4000 Series PCL in Windows, then it must be exactly the same in the PrinterID field in the INI parameters including capitalizations and spaces. Configuring ThinPrint No ThinPrint specific configuration is available on the zero clients.
C Important Notes VNC RFB version upgrade—Since ThinOS Lite 2.0, the VNC RFB version has been upgraded to 3.8. This version upgrade provides support for applications like DameWare. Thus, an administrator can now remote into a ThinOS Lite device using either DameWare or VNC Viewer. Prior to 2.0, you could only use VNC Viewer.
D Troubleshooting • ThinOS Lite devices allow secure SSL connections—SecurityMode=Full—only after verifying the certificates. In the present scenario, the devices enforce the warning policy after you define a server using a valid IP address. The resolution for the issue will be delivered in the next ThinOS Lite release. The following are the workarounds to avoid the SSL connection issue: – Ensure that the device has a valid certificate and the correct time is selected on the device.
