Intel® Unite™ Solution Plugin Guide for Protected Guest Access Nov 2016
Legal Disclaimers & Copyrights All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com.
Table of Contents 1. 2. Introduction ...................................................................................................................... 4 1.1 Audience ................................................................................................................ 4 1.2 Overview ................................................................................................................ 4 1.3 Recommended Security Controls..........................................................
1. Introduction This document explains how to install and use the Intel® Unite™ plugin for Protected Guest Access on the Intel Unite Solution. 1.1 Audience This document is designed for use by IT professionals within a corporate environment responsible for installing the Intel Unite software and adding optional features to the application, such as enabling Guest Access for their business. 1.
1.3 Recommended Security Controls It is recommended that IT personnel follow the recommended security controls mentioned below: Turn off network bridging on the hub that is running Guest Access. In an Active Directory environment, set Group Policy Object on the hub which limits applications and users (GPO policies). Deploy a firewall between Guest Access machines and corporate connections in order to limit unauthorized traffic. Ensure there is a firewall on unused ports.
2. Plugin Installation and Components 2.1 Plugin Components The following components are part of the Protected Guest Access plugin: Guest Access Client Plugin (dll) o This is the plugin that is loaded by the hub. It implements the functionality defined in the CFCPlugin.dll. Guest Access Service (Windows service) o This is a windows service that is in charge of the creation and configuration of the ad-hoc/hosted network (access point), the GuestAccessClientPlugin.
2.2.1 Enterprise version 1. Run the Intel Unite Plugin for Protected Guest Access installer (Windows Installer Package). 2. Go to the plugins folder, located on Program Files(x86) \Intel\Intel Unite\Hub\Plugins, where the GuestAccessClient Plugin.dll has been installed. 3. The next step is to obtain the Certificate Hash value (key value) for the Guest Access Client Plugin.
6. In the Certificate window, select the Details tab and scroll down until you see Thumbprint. 7. Select Thumbprint. Once the value is displayed, copy and paste it into a notepad or a text file, remove the spaces and save it. Copy and paste the value into a notepad or a text file, remove the spaces and save. itit.and save it. 8. This information will be used when you create the Profile for your plugin on the Admin Web Portal.
2. Create a Key for the Guest Access Plugin Certificate Hash by clicking on Create, and when the Profile Properties window opens, enter the following: Key:PluginCertificateHash_GuestAccessPlugin (The format is PluginCertificateHash_XXXX, where X is the name you are giving the plugin) Data Type: Text Value: Paste the value saved in the notepad or text file mentioned in section - Obtaining the Certificate Hash Value - (Thumbprint value). This data can also be entered after creating the key. 3.
Registry Keys for the Protected Guest Access Plugin Data defined in the Registry Keys: a. HKEY_CURRENT_USER\software\Intel\Unite\GuestAccess\SSID b. HKEY_CURRENT_USER\software\Intel\Unite\GuestAccess\PSK IMPORTANT: If a password is specified, the password must be at least 8 characters; if less than 8 characters Guest Access may not start. c. HKEY_CURRENT_USER\software\Intel\Unite\GuestAccess\Download 2.2.
3. Protected Guest Access Plugin Flow A client device starts a session in the Intel Unite application by entering PIN displayed on monitor and starts Guest Access. In the Hub, the plugin and the service installed is started. Guest Access service starts the hosted network. SSID, Password and download link are displayed on the monitor. Guests (Users) connect to the SSID with associated Password and join or download the application. Intel® Unite™ Solution – Plugin Guide for Protected Guest Access v1.
4. How to enable Guest Access with your Client device The user will require a client machine locally connected to the Hub (in-room participant) using the PIN displayed on the monitor or display where the Guest Access Client will be able to connect. On the Client machine allowing Guest Access: 1. Connect to the Intel Unite application using the PIN shown on the Hub. 2. Once connected, click on the Guest Access icon displayed on the window. 3. The Guest Access window will be displayed.
4. The Hub -this is your monitor or display in the room- will show: Guest Access SSID “unique network name” Password to use Guest Access Download link On the Client machine connecting through Guest Access (Session Guest): 1. Connect to the Guest Access SSID and enter the Password shown on the Hub. 2. In your browser, go to the Guest Access Download link shown on the monitor. Use the displayed format http:///guest. Intel® Unite™ Solution – Plugin Guide for Protected Guest Access v1.
3. The following Web page will be displayed: 4. Select according to the following 3 options: Do you have the Intel Unite application v3.0 installed? o Use this option when your client machine has the Intel Unite application already installed, just click on Guest Join to connect (requires v3.0) Don’t have the Intel Unite application v3.0? Get it here: o Use this option when your client machine does not have the Intel Unite app installed.
6. After finishing the installation the Client machine will display the Connect to window, the guest will be able to enter the PIN and connect to the session. 7. On the Guest Access window, you will be able to see guests that are connected to the session when the Show info icon is displayed. When clicking on the Show info icon, the monitor (Hub) will display a toast message with the Guest Access information used by guests. 8.
Appendix A. Firewall exceptions Please verify and validate that the Intel Unite application and the GuestAccessService is added to the Allowed Apps list in your Firewall settings. The following boxes need to be checked as shown in the example below. 1. Internet Information Service (IIS) 2. Manager and World Wide Web (HTTP) 3. GuestAccessService Intel® Unite™ Solution – Plugin Guide for Protected Guest Access v1.
Appendix B. Troubleshooting You can also consult the Windows* event log for additional information. Guest Access is not starting (or not showing up) Verify that Certificate hashes preventing the plugin to work are not entered in the admin portal. Your organization GPO Policies (Group Policy Object) might not allow virtual hosted networks, please consult with your system Administrator.