Deployment Guide
Table Of Contents
- Dell Wyse ThinOS Version 8.5 Hotfix INI Reference Guide
- Introduction
- Getting Started: Learning INI File Basics
- Parameters for wnos INI files only
- Parameters for wnos INI, {username} INI, and $MAC INI files
- Connect Parameter: Options
- TimeZone Parameter: Values
- Best Practices: Troubleshooting and Deployment Examples
Table 6. Connection Settings: wnos.ini files only (continued)
Parameter Description
SecurityPolicy={full, warning, low}
[SecuredNetworkProtocol={yes, no}]
[TLSMinVersion]={1,2,3}]
[TLSMaxVesion={1,2,3}]
[DNSFileServerDiscover={yes, no}]
[TLSCheckCN=[
yes, no]]
Specifies the global security mode for SSL connection. If
application SecurityMode is default, application applies the
setting.
If set to full, the SSL connection needs to verify server
certificate. If it is untrusted, connection is dropped.If set
to warning, the SSL connection needs to verify server
certificate. If it is untrusted, it is up to you to continue or
drop the connection. If set to low, the server certificate is not
checked.
The value is persistent, and the default value is warning. For
those SSL connections with their own security policy, this
does not impact.
For example,
File server, VMware View and AWS broker follows the global
SecurityPolicy. Citrix broker, RDS broker and SECUREMATRIX
are forced to high security mode.
If the optional SecuredNetworkProtocol=yes is set, the
unsecure protocols including ftp, http and tftp are disabled.
The value is persistent, and the default value is no.
TLSMinVersion and TLSMaxVersion allows you to configure
the SSL connection. ThinOS supports SSLs from
TLSMinVersion onwards. TLSMaxversion is the latest version
of SSL supported by ThinOS. TLSMinVersion sets the
minFallbackMinorVersion. Server uses the version equal to
minFallbackMinorVersion or higher to communicate with
the client. TLSMaxVersion sets the advertisedMinorVersion.
Server uses this version equal or above to communicate
with the client. If no value is set for TLSMinVersion then
the default value is set to TLS1.0 and TLSMaxVersion is set
to TLS1.2. The value 1, 2, 3 corresponds to TLS1.0, TLS1.1,
TLS1.2 respectively. These parameters are used by engineers
for internal tests.
In classic mode, a DNS name wyseftpfbc4tc is resolved to
discover the file server, if the global INI file in remote file
server and local cache cannot be loaded. If the optional
DNSFileServerDiscover=no is set, the function is disabled. The
value is persistent, and the default value is yes.
TLSCheckCN—This option enables you to check the server
certificate common name for SSL connection in full security
mode.
This option does not impact SSL connections of VMware
View, Amazon WorkSpaces and VPN. These connections
continually check server certificate common name. The
default value is changed to Yes from build version 8.5_106.
NOTE:
Use NetBIOS or FQDN values to define a SSL—
Https—connection when enabling TLSCheckCN option, as
enabling TLSCheckCN results in SSL connection failure
when an IP address is defined.
SignOn={yes, no, NTLM}
[MaxConnect=max]
[ConnectionManager={maximize,
minimize, hide}]
[EnableOK={no, yes}]
SignOn — Default is yes. Yes/no/NTLM option to enable the
sign-on process. If set to NTLM, a user can be authenticated
with an NTLM protocol.
The user must be a domain user and the same sign-on
user credentials must be available in the ftp://~/wnos/ini/
directory.
36 Parameters for wnos INI files only