Dell Wyse Management Suite Version 2.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction................................................................................................................................. 5 2 Getting started with Wyse Management Suite................................................................................ 6 Log in to Wyse Management Suite on public cloud.......................................................................................................... 6 Prerequisites to deploy Wyse Management Suite on the private cloud........
H Registering Windows Embedded Standard device manually............................................................51 I Register ThinOS 8.x device manually............................................................................................ 52 J Register ThinOS 9.x device manually............................................................................................53 K Registering Linux device manually..............................................................................................
1 Introduction Wyse Management Suite is the next generation management solution that lets you centrally configure, monitor, manage, and optimize your Dell Wyse thin clients. The new Suite makes it easier to deploy and manage thin clients with high functionality and performance, and ease of use. It also offers advanced feature options such as cloud versus on-premises deployment, manage-from-anywhere using a mobile application, enhanced security such as BIOS configuration and port lockdown.
2 Getting started with Wyse Management Suite This section provides information about the general features to help you get started as an administrator and manage thin clients from the Wyse Management Suite software. Topics: • • Log in to Wyse Management Suite on public cloud Prerequisites to deploy Wyse Management Suite on the private cloud Log in to Wyse Management Suite on public cloud To log in to the Wyse Management Suite console, you must have a supported web browser that is installed on your system.
Prerequisites to deploy Wyse Management Suite on the private cloud Table 1.
3 Installing Wyse Management Suite on private cloud To set up the Wyse Management Suite on a private cloud, the following requirements must be met: • • • • • • Obtain and configure all the required hardware and software. You can download the Wyse Management Suite software from downloads.dell.com/wyse/wms. Install a supported server operating system on one or more server machines. Ensure that the systems are up-to-date with current Microsoft service packs, patches, and updates.
The installer takes approximately 4–5 minutes to complete the installation. However, it may take longer if dependent components such as VC-runtime are not installed on the system. 9. Click Launch to open the Wyse Management Suite web console. 10. On the web console, click Get Started. Figure 1. Welcome page 11. Select your preferred license. • • If you select the license type as Standard, and then click Next to proceed with the standard Wyse Management Suite installation.
Figure 3. License information To export a license key from the Wyse Management Suite cloud portal, do the following: a. Log in to the Wyse Management Suite cloud portal by using one of the following links: • US data center—us1.wysemanagementsuite.com/ccm-web • EU data center—eu1.wysemanagementsuite.com/ccm-web b. Go to Portal Administration > Subscription.
Figure 4. Portal administration c. Enter the number of thin client seats. d. Click Export. NOTE: To export the license, select , WMS 1.1 or WMS 1.0 from the drop-down list. The summary page shows the details of the license after the license is successfully imported. 12. Enter your SMTP server information, and click Save. NOTE: You can skip this screen and make changes later in the console.
Figure 5. Email alert NOTE: You must enter valid SMTP server information to receive email notifications from the Wyse Management Suite. 13. Import your SSL certificate to secure communications with the Wyse Management Suite server. Enter the public, private, and apache certificate and click the Import button. Importing the certificate takes three minutes to configure and restart Tomcat services.
Figure 7. PKCS-12 14. In the Device page, you can enable Enrollment Validation to enable administrators to control the manual and auto registration of thin clients to a group. Figure 8. Enrollment validation 15. Click Save and then click Next. 16. Click Sign in to WMS. The Dell Management Portal login page is displayed.
Figure 9. Sign in page Figure 10. Dell Management Portal NOTE: Licenses can be upgraded or extended at a later point from the Portal Administration page.
• • • • Functional areas of management console Configuring and managing thin clients Creating policy group and updating configuration Registering new thin client Logging in to Wyse Management Suite To log in to the management console, do the following: 1. If you are using Internet Explorer, disable the Internet Explorer Enhanced Security and the Compatibility View settings. 2.
After a configuration is published and propagated to the devices, the settings are not sent again to the devices until the administrator makes a change. New devices that are registered, receive the configuration policy that is effective for the group to which it was registered. This includes the parameters inherited from the global group and intermediate level groups. Configuration policies are published immediately, and cannot be scheduled for a later time.
Registering new thin client NOTE: For information on customer security environment, see Wyse Device Agent. A thin client can be registered with Wyse Management Suite manually through the Wyse Device Agent (WDA). You can also register a thin client automatically by configuring appropriate option tags on the DHCP server or configuring appropriate DNS SRV records on the DNS server.
3. Select the Enable Wyse Management Suite check box to enable Wyse Management Suite. 4. Enter the Group Registration Key as configured by your administrator for the desired group. 5. Select the Enable WMS Advanced Settings option, and enter the WMS server or MQTT server details. 6. Enable or disable CA validation based on your license type—public cloud or private cloud. • Public cloud—Select the Enable CA Validation check box if the device is registered with Wyse Management Suite in public cloud.
• The CCM tags for ThinOS version 8.3, 8.4, and 8.5 are different. Registering devices by using DHCP option tags NOTE: • For detailed instructions on how to add DHCP option tags on the Windows server, see Creating and configuring DHCP option tags. For information about customer security environment, see Wyse Device Agent. You can register the devices by using the following DHCP option tags: Table 2.
NOTE: For detailed instructions on how to add DNS SRV records on the Windows server, see Creating and configuring DNS SRV record. The following table lists the valid values for the DNS SRV records: Table 3. Configuring device by using DNS SRV record URL/Tag Description Record Name—_WMS_MGMT This record points to the Wyse Management Suite server URL. For example, wmsserver.acme.com:443, where wmsserver.acme.com is fully qualified domain name of the server where Wyse Management Suite is installed.
4 Deploying applications to thin clients The standard application policy allows you to install a single application package and requires reboot before and after installing each application. Using the advanced application policy, you can install multiple application packages with only two reboots. The advanced application policy also supports execution of pre and post installation scripts that may be needed to install a particular application. For more information, see Appendix B.
6. To allow a delay in execution of the policy, select the Allow delay of policy execution check box. If this option is selected, the following drop-down menus are enabled: • From the Max Hours per Delay drop-down menu, select the maximum hours (1–24 hours) you can delay execution of the policy. • From the Max delays drop-down menu, select the number of times (1–3) you can delay the execution of the policy. 7.
5 Uninstalling Wyse Management Suite To uninstall Wyse Management Suite, do the following: 1. Double-click the WMS icon. The uninstaller wizard is initiated, and the Wyse Management Suite uninstaller screen is displayed. 2. Click Next. By default, the Remove radio button is selected that uninstalls all the Wyse Management Suite installer components.
6 Troubleshooting Wyse Management Suite This section provides troubleshooting information for Wyse Management Suite. Problems with accessing Wyse Management Suite web console • Problem: When you attempt to connect to the Wyse Management Suite console, authentication GUI is not displayed and an HTTP Status 404 page is displayed. Workaround: Stop and start the services in the following order: • 1. Dell WMS: MariaDB 2. Dell WMS: memcached 3. Dell WMS: MongoDB 4. Dell WMS: MQTT broker service 5.
NOTE: By default Wyse Management Suite installs self-signed certificates. CA validation must be disabled for devices to communicate with the Wyse Management Suite server. Error while sending commands to the device Problem: Not able to send commands such as package update, reboot to device and so on. Workaround: • • • Ensure that the Dell WMS: MQTT broker service is running on the Wyse Management Suite server. Check if port 1883 is open.
7 Wyse Device Agent The Wyse Device Agent (WDA) is a unified agent for all thin client management solutions. If you install WDA, you can manage thin clients using Wyse Management Suite. The following three types of customer security environments are supported by the Wyse Device Agent: • Highly secured environments—To mitigate the risk against rouge DHCP or DNS server for new device discovery, administrators must log in to each device individually and configure the Wyse Management Suite server URL.
8 Additional resources For video tutorials about: • • Installing Wyse management suite, see Installation of Wyse Management Suite. Automatic configuration of ThinOS clients using Wyse Management Suite On-Premise with DHCP option tags, see Configuring ThinOS devices using Wyse Management Suite.
A Remote database A remote or cloud database (DB) is a database that is built for a virtualized environment, such as hybrid cloud, public cloud, or private cloud. In Wyse Management Suite, you can configure either the Mongo database (MongoDB) or the Maria database (MariaDB) or both databases based on your requirement. Topics: • • Configure Mongo database Configure Maria database Configure Mongo database Mongo database (MongoDB) operates on the Transmission Control Protocol (TCP) port number 27017.
{role:"dbOwner",db:"stratus"}] } ) 12. To switch to the stratus database, run the following command: use stratus; 13. To stop the MongoDB services, run the following command: net stop mongoDB 14. Add an authentication permission to the admin DB. Modify the mongod.cfg file to the following: systemLog: destination:file path:c:\data\log\mongod.log storage: dbPath:c:\data\db security: authorization:enabled 15.
B Custom installation In custom installation, you can select a database to set up Wyse Management Suite, and you must know the basic technical working knowledge of Wyse Management Suite. Dell recommends custom installation only for advanced users. 1. Select the Setup Type as Custom, and click Next. Figure 12. Setup type The Mongo Database Server page is displayed. 2. Select either Embedded MongoDB or External MongoDB as the Mongo database server.
• Figure 13. Embedded Mongo Database Server If External MongoDB is selected, then provide user name, password, database server details, and the port details, and click Next. NOTE: The port field populates the default port which can be changed. Figure 14. External MongoDB The MariaDB Database Server page is displayed. 3. Select either Embedded MariaDB or External MariaDB as the MariaDB database server.
• If Embedded MariaDB is selected, provide user name and password, and click Next. • Figure 15. Embedded MariaDB If External MariaDB is selected, provide user name, password, database server details and the port details, and click Next. The port field populates the default port which can be changed. Figure 16. External MariaDB 4.
• • • • • Apache Tomcat MySQL database Mongo database MQTT v3.1 Broker Memcached Figure 17. Port selection NOTE: Wyse Management Suite uses the Maria database and Mongo database for the following: Maria database—Relational database for data that requires well-defined structure and normalization Mongo database—No-SQL database for performance and scalability To complete the installation, follow the steps in the section Installing WMS on-premise and initial setup.
C Wyse Management Suite feature matrix The following table provides information about the features supported for each subscription type: Table 4.
Features Wyse Management Suite Standard Wyse Management Suite Pro-private cloud Wyse Management Suite Procloud edition Two-factor authentication Supported Supported Supported Active directory authentication for role based administration.
D Access Wyse Management Suite file repository File repositories are places where files are stored and organized. Wyse Management Suite has two types of repositories: • • Local Repository—During the Wyse Management Suite private cloud installation, provide the local repository path in the Wyse Management Suite installer. After the installation, go to Portal Admin > File Repository and select the local repository. Click the Edit option to view and edit the repository settings.
E Create and configure DHCP option tags NOTE: For information on customer security environment, see Wyse Device Agent. To create a DHCP option tag, do the following: 1. Open the Server Manager. 2. Go to Tools, and click DHCP option. 3. Go to FQDN > IPv4 and right-click IPv4. Figure 18. DHCP 4. Click Set Predefined Options. The Predefined Options and Values window is displayed. 5. From the Option class drop-down list, select the DHCP Standard Option value.
Figure 19. Predefined Options and Values 6. Click Add. The Option Type window is displayed. Figure 20. Option Type The options must be either added to the server options of the DHCP server or scope options of the DHCP scope. Configuring the DHCP option tags • To create the 165 Wyse Management Suite server URL option tag, do the following: 1. Enter the following values, and click OK. • Name—WMS • Data type—String • Code—165 • Description—WMS_Server 2. Enter the following value, and then click OK.
• Figure 21. 165 Wyse Management Suite server URL option tag To create the 166 MQTT server URL option tag, do the following: 1. Enter the following values, and click OK. • Name—MQTT • Data type—String • Code—166 • Description—MQTT Server 2. Enter the following value, and click OK. String—MQTT FQDN For example, WMSServerName.YourDomain.
• Figure 22. 166 Wyse Management Suite server URL option tag To create the 167 Wyse Management Suite CA Validation server URL option tag, do the following: 1. Enter the following values, and click OK. • Name—CA Validation • Data type—String • Code—167 • Description—CA Validation 2. Enter the following values, and click OK.
Figure 23. 167 Wyse Management Suite server URL option tag • To create the 199 Wyse Management Suite Group Token server URL option tag, do the following: 1. Enter the following values, and click OK. • Name—Group Token • Data type—String • Code—199 • Description—Group Token 2. Enter the following values, and click OK.
Figure 24.
F Create and configure DNS SRV records NOTE: For information on customer security environment, see Wyse Device Agent. To create a DNS SRV record, do the following: 1. Open the Server Manager. 2. Go to Tools, and click DNS option. 3. Go to DNS > DNS Server Host Name > Forward Lookup Zones > Domain > _tcp and right-click the _tcp option. Figure 25. DNS manager 4. Click Other New Records. The Resource Record Type window is displayed. 5.
Figure 26. Resource Record Type a) To create Wyse Management Suite server record, enter the following details and click OK.
Figure 27. _WMS_MGMT service b) To create MQTT server record, enter the following values, and then click ÓK.
Figure 28. _WMS_MQTT service 6. Go to DNS > DNS Server Host Name > Forward Lookup Zones > Domain and right-click the domain. 7. Click Other New Records. 8.
Figure 29. Resource Record Type a) To create Wyse Management Suite Group Token record, enter the following values, and click OK.
Figure 30. _WMS_GROUPTOKEN record name b) To create Wyse Management Suite CA validation record, enter the following values, and then click OK.
Figure 31.
G Creating and deploying advanced application policy to thin clients To deploy an advanced application policy to thin clients, do the following: 1. Copy the application and the pre/post install scripts (if necessary) to deploy to the thin clients in the thinClientApps folder in the local repository or the Wyse Management Suite repository. 2. Go to Apps&Data > AppInventory and select Thin Client to verify if the application is registered. 3. Click Thin Client under App Policies. 4. Click Add Advanced Policy.
H Registering Windows Embedded Standard device manually Windows Embedded Standard devices can be registered manually by launching the WDA UI icon on the taskbar. 1. Select Wyse Management Suite-WMS as the management server. 2. Enter an appropriate tenant and group name. If this field is left blank, devices are registered to an unmanaged group. (Optional) 3. Click Register. Figure 32.
I Register ThinOS 8.x device manually 1. From the desktop menu of the thin client, go to System Setup > Central Configuration. The Central Configuration window is displayed. 2. Enter the Group Registration Key as configured by your administrator for the wanted group. 3. Select the Enable WMS Advanced Settings check box. 4. In the WMS server field, enter the Wyse Management Server URL. 5. Enable or disable CA validation based on your license type. For public cloud, select the Enable CA Validation check box.
J Register ThinOS 9.x device manually 1. From the desktop menu of the thin client, go to System Setup > Central Configuration. The Central Configuration window is displayed. 2. Enter the Group Registration Key as configured by your administrator for the wanted group. 3. Select the Enable WMS Advanced Settings check box. 4. In the WMS server field, enter the Wyse Management Server URL. 5. Enable or disable CA validation based on your license type.
K Registering Linux device manually Linux devices can be registered manually by launching the WDA UI icon from System Settings. 1. Enter the WMS Server details. 2. Enter an appropriate tenant and group name. If this field is left blank, devices are registered to an unmanaged group. (Optional) 3. Click Register. The device is registered to the Wyse Management Suite console. Figure 33.
L Terms and definitions The following table lists the terms used in this document and their definitions: Table 5. Terms and definitions Terminology Definition Private cloud Wyse Management Suite server installed on the cloud that is private to your organization’s datacenter. WDA Wyse Device Agent which resides in the device and acts as an agent for communication between server and client.