Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 5040 AIO Thin Client

161

162

163

164

165

166

167

168

169

170

Security

A new global security policy has been dened for ThinOS and this policy is applied to all secure connections (https/SSL connections) with

a few exceptions.

Purpose—To improve the security level by default and add the global conguration. This security policy integrates security setting for each

application.

Table 25. INI parameter

INI parameter Description

SecurityPolicy={full | warning (default) |

low}

SecuredNetworkProtocol={yes | no (default)}

TLSMinVersion={1 (default), 2, 3}

TLSMaxVesion={1, 2, 3 (default)}

Full—SSL connection must verify the server certicate. If it is

untrusted, cancel the connection.

Warning (default)—SSL connection must verify the server

certicate. If it is untrusted, you can continue or cancel the

connection.

Low—Server certicate is not veried. tThis value is set for a few

applications.

After rmware is updated, the default value is set to warning for all

applicable applications immediately.

There is an exception for le server and WDM.

The old ini SecurityLevel | SecureProtocol from Privilege segment is

deleted.

All applications running on the default SSL security mode follow the global mode. In the global mode, the default value is Warning. The

aected applications include VMware View, Amazon WorkSpaces (AWS), le server, WDM Service, Caradigm Server, and OneSign Server.

For more information about the security mode INI parameters, see Dell Wyse ThinOS INI Guide.

The following are the exceptions:

• File server and WDM in factory reset state—Before you load any INI parameter, the SSL security mode is set to Low, and after loading

the INI parameter, the value is changed to follow the global mode value. For example, the default value is set to warning, if the value is

not changed by the INI parameter.

System with previous settings (default value is set to Low) follows the global mode after the unit is upgraded. For example, the default

value is set to Warning, if the value is not changed by the INI parameter.

• VMware View and AWS brokers include own security settings (GUI and INI). From ThinOS 8.3 release, an additional option is added to

follow the global mode as its new default value. The security mode GUI context is updated for better understanding.

• Wyse Management Suite, Microsoft RDS broker, Citrix broker, and SecureMatrix are always Full.

File server default protocol is retained as FTP without any setting from WDM/DHCP/INI and always displays the full address with protocol

prex. For example, ftp://.

New rmware/client deploy information

• Dell recommends that you dene the Security Policy before upgrading to version 8.3 and later. If not, you may get warning messages

that require intervention to proceed.

• Before you upgrade to version 8.3 and later, Dell recommends that you dene the desired SSL security level and add the required

Security Policy parameters/options to the global INI le.

164 Security