IGEL Zero RFX Manual IGEL Technology GmbH IGEL Zero RFX 21.02.
About this Manual All illustrations and descriptions in this manual relate to Version 5.02.100 of the IGEL Linux firmware.
Important Information Please note some important information before reading this documentation. Copyright This publication is protected under international copyright laws. All rights reserved.
Contents 1. Quick Installation ...............................................................................................................................................8 1.1. 2. Boot Procedure ................................................................................................................................................11 2.1. 2.2. 2.3. 3. Time and Date ..............................................................................................................................
7.6. 7.7. 7.8. 7.9. 8. Sessions..........................................................................................................................................................51 8.1. 8.2. 8.3. 8.4. 8.5. 8.6. 8.7. 8.8. 8.9. 9. ICA Connection Center .................................................................................................................67 Local Terminal ........................................................................................................................
11.3. AD/Kerberos Configuration..........................................................................................................86 12. Firmware Customization ..................................................................................................................................88 12.1. 12.2. 12.3. 12.4. 12.5. 13. Custom Application ......................................................................................................................88 Custom Commands ...................
Introduction IGEL Thin Clients comprise the very latest hardware and an embedded operating system. Depending on the product concerned, this operating system may be based on IGEL Linux or Microsoft Windows Embedded Standard®. We have done our utmost to provide you with an excellent overall solution and promise to provide the very same level of quality service and support.
1. Quick Installation If you follow the procedure below, you can install the thin client within your network environment in just a few minutes: 1. Connect the thin client to a monitor (VGA, DVI, DisplayPort), an AT-compatible keyboard with a PS/2 or USB connection, a USB mouse and the LAN using an RJ45 connector. 2. Connect the thin client to the power supply. 3. Start the thin client and wait until the graphical user interface has loaded. 4.
1.1. The IGEL Linux Desktop After the system starts, you will see the IGEL Linux desktop. Figure 1: IGEL Linux desktop The following components can be found in the taskbar at the bottom edge of the screen: • • • Start menu (also IGEL menu) Quick launch bar with symbols for the Application Launcher, setup and sessions Info area with symbols for the volume, network, time and desktop (show/hide window) 9 IGEL Technology GmbH IGEL Zero RFX 5.02.
The Start menu offers the following areas and functions: • • • • • Application area for launching sessions System area for access to system programs Info area (About) for displaying all relevant system information Search for finding functions in the Start menu Buttons for shutting down and restarting the system Figure 2: IGEL Start menu with application and system area 10 IGEL Technology GmbH IGEL Zero RFX 5.02.
2. Boot Procedure The quick installation procedure is complete. Restart the system in order to start the boot procedure. 2.1. Boot Menu During the boot procedure, press the ESC key in the Secondstage Loader when the Loading Kernel message is shown on the screen.
2.1.3. Emergency Boot Emergency Boot is a setup with default parameters. If you select Emergency Boot, the Secondstage Loader looks for a bootable system in the flash memory and then resumes the boot procedure as in the other boot modes. Essentially speaking, the X-Server is started without network drivers and with a resolution of 1024 x 768 60 Hz during an Emergency Boot. The Setup menu is then opened directly.
2.2. Network Integration Is the kernel loaded? If it is, the next step is the network configuration. There are three possible ways of integrating the terminal into the network environment. Depending on the terminal's settings, you can choose between DHCP, BOOTP or a manually configured IP address. 2.3. X-Server The final step in the boot procedure involves starting the X-Server and the local window manager. 13 IGEL Technology GmbH IGEL Zero RFX 5.02.
3. Application Launcher To launch the tool, click on the Application Launcher symbol in the quick launch bar or in the Start menu. The various Launcher sub-areas allow access to configured sessions/system programs or show information relating to licenses, the system and network connections. Figure 3: Application Launcher Because the setup program is the central configuration tool for all thin client settings, a setup session is already pre-defined under Sessions and System.
3.1. General System Information Within the Application Launcher you will find the Information page with important system data such as the firmware version, licensed services and hardware specifications. Figure 4: Application Launcher - system information Details of the current network configuration with the IP address and device name are also given here. 3.2. Sessions All sessions created are shown in a list of applications if they are enabled for the main session page.
3.3. System Tools On the System page, you can run various tools including the firmware updating tool with the pre-set update information. Figure 5: Application Launcher - system tools 16 IGEL Technology GmbH IGEL Zero RFX 5.02.
The following tools are available: Identify monitors Shows the screen's number and manufacturer details. Firmware update Carries out the update with the settings made during the setup. Disk utility Shows information regarding connected USB drives. Upgrade license Reads a new license file from the USB stick and modifies the functions of the firmware accordingly.
3.6. Shutdown and Restart Within the Application Launcher you will find two buttons for starting or shutting down the device. Both actions can be disabled for the user and will then be available to the administrator only. You can change the standard action when shutting down the device using the button on the screen or the on/off button on the device itself in the setup under System → Energy → Shut Down. 18 IGEL Technology GmbH IGEL Zero RFX 5.02.
4. Setup Application With the help of the setup, you can change the system configuration and session settings. Any changes you have made in the UMS take precedence and may no longer be able to be changed. A lock symbol before a setting indicates that it cannot be changed. Starting the setup (page 19) Completing the setup (page 19) Setup areas (page 19) Setup search (page 22) 4.1.
4.3. Setup Areas The setup application comprises the following main areas: Figure 7: Setup areas Sessions Allows you to configure application sessions such as ICA, RDP, PowerTerm, browser and others Accessories Allows you to configure various local tools - setup pages for the local shell (Terminal), sound mixer, screen keyboard (for touchscreen monitors), options for the Application Launcher and the setup application itself.
4.3.1. Enable Setup Pages for Users If a password was set up for the administrator, the IGEL Setup can only be opened with administrator rights, i.e. after entering the password (see Password (page 82)). However, individual areas of the setup can be enabled for the user, e.g. to allow them to change the system language or configure a left-handed mouse. 1. Under Security → Password, enable the password for the administrator and the setup user. 2.
4.3.2. Quick Settings If a password was set up for the administrator, the IGEL Setup can only be opened with administrator rights, i.e. after entering the password (see Password (page 82)). However, individual areas of the setup can be enabled for the user, e.g. to allow them to change the system language or configure a left-handed mouse. 1. Under Security → Password, enable the password for the administrator.
4.4. Setup Search The Search function enables you to find parameter fields or values within the setup. 1. To start a search, click on the button below the tree structure. 2. Enter the text you wish to search for. 3. Specify the details for your search – narrow it down to field headers for example. 4. Select one of the hits. 5. Click on Show Result and you will be taken to the relevant setup page. The parameter or value found will be highlighted as shown below.
5. System Settings As previously explained under Quick installation (page 8), various basic system settings can be configured in the sub-structure. Date and time (page 24) Update (page 25) Remote management (page 25) VNC (mirroring) (page 26) Remote access (SSH / RSH) (page 27) Energy (page 27) Firmware configuration (page 27) IGEL System Registry (page 28) 5.1. Time and Date 1. Click on Time and Date to open this dialog page. Figure 11: Set time and date 2. Make the required changes. 3.
5.2. Update On the Update page, a simple dialog for updating your thin client firmware is displayed. The normal procedure for updating your thin client is as follows: 1. Go to www.myigel.biz and download the desired firmware image from the IGEL server. 2. Unzip the ZIP file (the usual format in which updates are provided). 3. Save all files in the directory provided either on your local FTP/HTTP server or on a drive which is accessible from the client (e.g. a USB stick, NFS share etc.). 4.
5.3. Remote Management If the thin client is registered by an IGEL UMS server, the server address and the port number will be shown under Remote Management. You can also enter these data manually if the client is to be managed by a specific server. Uncheck the Allow Remote Management check box in order to disable the remote management service. Click on Transfer the setup.ini Configuration File to load the configuration needed for the thin client directly via DHCP. The setup.
5.5. Remote Access (SSH / RSH) In order to allow central administration, the thin client can be configured in such a way that it can be accessed via the WAN. Remote access to the local setup is permitted by default. However, you can restrict remote access to a specific user from a specific host. To enable restriction, give the full name of the host (e.g. xterm.igel.de) and the permitted user. 5.6.
5.8. IGEL System Registry You can change virtually every firmware parameter in the Registry. You will find information on the individual items in the tool tips. However, changes to the thin client configuration via the Registry should only be made by experienced administrators. Incorrect parameter settings can easily destroy the configuration and cause the system to crash.
6. User Interface Configure the user interface exactly as you want it: • • • Set the system language (page 33). Define your entry options (page 34). Expand the character sets (page 37). 6.1. General Display Settings Figure 13: Screen settings Color depth Allows you to select the desktop color depth. The following options are available: • • 16 bits per pixel (High Color / 65,000 colors) 24 bits per pixel (True Color / 16.
DDC Allows you to activate the Display Data Channel in order to share information between the system and the screen. If screen problems should occur, enable and disable the DDC setting in the Options by way of a test. DDC is enabled by default and the native resolution supported by the screen is determined automatically. Screen configuration Every screen connected to the IGEL UD device can be configured independently. The position of the individual screens can be determined in relation to Screen 1.
Connection type Allows you to select the appropriate connection type. If you select broadcast, the graphical login from the first XDMCP server that responds to a broadcast query will be provided. If you choose the connection type indirect via local host, a list of XDMCP hosts will be shown during the startup procedure. Select from this list the host that provides the graphical login. Name or IP of the server This field is enabled if you select the connection type direct or indirect.
General settings Allows you to configure the look of the desktop by changing desktop themes, fonts or the size of desktop symbols and the display and delay time for tool tips. Background image Here you can set up the desktop background image with pre-defined IGEL backgrounds, a fill color or a color gradient. You can also use a background image of your own. You can set up a separate background image for each monitor that is connected to the thin client.
Taskbar Allows you to enable/disable and configure the taskbar Pager Allows you to enable/disable the use of several "virtual desktops" The Pager is a tool with "virtual desktops" which can be used as an easy way of switching between open applications. This window is shown at the right of the taskbar. It can contain either a single "virtual desktop" or several "virtual desktops". If you use a Pager, you can switch between full-screen applications at the click of a mouse.
6.3. Input These setup pages allow you to set the keyboard layout and other entry options. The following parameters can be configured: • • • Keyboard (page 34) Mouse (page 35) Touchscreen (page 35) 6.3.1. Keyboard and additional Keyboard Keyboard layout Determines the keyboard layout. The selected layout applies for all parts of the system including emulations, window sessions and X applications. Keyboard type Determines the keyboard type.
6.3.2. Mouse Mouse type and mouse connection Determines the type of mouse used and how it is connected Left-handed mode Changes the orientation of the mouse by switching the mouse buttons to left-handed mode. 3-button mouse emulation (no support for serial mouse) Enables/disables emulation of the third (middle) mouse button for mice with only two physical buttons. This third button is emulated by pressing both buttons at the same time.
Touchscreen is already calibrated If you enable the touchscreen function, the touchscreen must be calibrated first. If this option was not enabled, calibration will begin automatically after each system boot. Swap X and Y values Enable this option if the mouse pointer moves vertically when you move your finger in a horizontal direction. Minimum/maximum X value/Y value These values are determined by the calibration tool. However, you can also change them manually.
6.3.5. Signature Pad Enable use of the SOFTPRO Virtual Serial SignPad (VSSP) signature pad in sessions (COM port mapping). USB signature pads are made available in the sessions via COM port mapping. 1. To do this, enable support under User Interface → Entry → Signature Pad. 2. Apply this change by selecting Apply or OK. 3. Enable COM port mapping for the device /dev/ttyVSSP0 in the session configuration. 6.4.
Click on Enable XC Font Service in order to enable the following entry fields. XC font server Give the name of the server on which the XC font service operates. Port number Give the number of the port used by the font service for reception purposes - the default setting is port number 710. Favor local fonts Enable this option if local fonts are to be used before a request is sent to the font server. 6.5.2. NFS Font Service Using the NFS font service is another way to import additional fonts.
7. Network LAN interfaces (page 39) DHCP options (page 43) VPN (page 43) SCEP (page 46) Routing (page 47) Hosts (page 48) Network drives (page 48) 7.1. LAN Interfaces Click on Network → LAN Interfaces in the client setup. Choose between automatic network setup with the protocols DHCP and BOOTP or manual network configuration in order to set the thin client for each network interface. Figure 16: LAN Interfaces 39 IGEL Technology GmbH IGEL Zero RFX 5.02.
DHCP Via the Dynamic Host Configuration Protocol, the thin client receives its IP address, network mask, DNS, gateway and other network configurations from a DHCP server. DHCP is enabled by default for LAN 1 (internal). DHCP options can be enabled in the DHCP Client menu. A list of standard options is available. However, you can also define your own options.
EAP type Selects the authentication method: • PEAP for EAP-PEAP/MSCHAPv2 and EAP-PEAP/TLS • TLS for EAP-TLS Check server certificate Checks the authentication server CA root certificate Path name of the file with root certificate(s) for server authentication. The file may be in PEM or DER format. PEAP/Auth method Select the Phase 2 authentication method • MSCHAPv2 for EAP-PEAP/MSCHAPv2 • TLS for EAP-PEAP/TLS.
7.1.2. Wake-on-LAN Select the packages or messages with which the thin client can be started via the network. Figure 17: Wake-on-LAN options 7.2. Wireless (WiFi) If you use the optional IGEL WLAN modules or have installed a wireless LAN card (USB, PCI) of your own, you can configure the Wireless LAN interface in this dialog field. In the Wireless sub-section of the Authentication page, you can change the encryption settings. Various parameters are available depending on your preferred encryption type.
7.3. DHCP Options Configure the client's use of DHCP options - a number of standard options are already set out in a list and can be enabled. User-defined options can be set up in a list of your own and managed there. 7.4. Virtual Private Network - VPN Remote users securely access company networks via virtual private network protocols (VPN). You can set up your client accordingly for this purpose. 7.4.1.
GeNUCard The GeNUCard offers a choice of pre-configured Internet and VPN connections. The selection window opens as soon as the GeNUCard session is launched. The available options for launching the session can be defined under Desktop Integration in the session configuration. Figure 19: GeNUCard configuration A valid combination of connection and user data can be pre-populated in the IGEL setup: Network→VPN→GeNUCard→Options.
The GeNUCard is configured and administered centrally via the genucenter management station. Further information is available from www.genua.de. Optionally, an administrator session allowing the GeNUCard Internet connection to be configured can be set up: 1. Click on Add Instance under System→Registry→genucard%. The GeNUCard icon will appear on the desktop. 2. Click on the GeNUCard icon. The GeNUCard login window will open. 3. Enter a user name and password. 4. Click on Login.
7.5. Simple Certificate Enrollment Protocol - SCEP The SCEP allows the automatic provision of client certificates via an SCEP server and a certification authority. This type of certificate is automatically renewed before it expires and can be used for purposes such as network authentication (e.g. IEEE 802.1x). A Microsoft Windows 2008 Server (MSCEP, NDES) for example can serve as a queried counterpart (SCEP server and certification authority). More information can be found at Microsoft, e.g.
Example: A certificate is valid until 31.12 in any one year. The period for renewal is 10 days. This means that a new certificate will first be requested on 21.12 of the same year. Because of the need to enter a fingerprint (root certificate of the certification authority) and the query password (SCEP server), the configuration process is somewhat awkward. Ideally, it should be set up in the UMS as a profile and distributed to the clients.
7.6. Routing This setup page allows you to specify additional network routes if necessary. In the Interface field, specify "eth0", "eth1" or "wlan0", i.e. Interface 1+2 or Wireless LAN. You can specify up to five additional network routes. 7.7. Hosts If no DNS (Domain Name Service) is used, you can specify a list with hosts in order to allow translation between your IP address, the full qualified host name and the short host name. Click on Add to open the dialog window. 1.
Enabled The NFS mount is enabled by default and is mounted each time the system boots. Disable this entry if the shared file system is not universally needed. Local directory Details of the local directory onto which the shared items are to be mounted on the local thin client file system. Server The name or IP address of the NFS server which provides the shared files. Path name Details of the path name as exported by the NFS server. 7.8.2.
7.9. Proxy Select the communication protocols for which a system-wide proxy is to be used. Figure 22: System-wide proxy 50 IGEL Technology GmbH IGEL Zero RFX 5.02.
8. Sessions Application sessions can be created and configured in the Sessions sub-structure of the IGEL setup application. The Session Overview provides an overview of all available session types and existing sessions. Figure 23: Session overview Click on Add to create a new session. Disabled services are not shown in the drop-down list.
You can also use Local login to freely select the server in the login window of an RDP session. Enable Use local login window to • • Pre-populate user data Freely select the server in the login window of an RDP session. If the user data, e.g. the data from the domain login, are pre-populated, this can save you having to enter the same login data on a number of occasions.
8.1.2. Window The following settings are configured under Window: Standard number of colors Specifies the standard color depth - the default setting is a color depth of 256 colors. Approximate colors Given the differences between the color palettes used by the ICA client and the "thin client" desktop, the screen may flash annoyingly if you switch between windows on a pseudo-color screen.
If you map a locally connected device, use the pre-defined path names available in the drop-down field. The directories in question are those on which the devices are mounted by default during the boot procedure (e.g. /autofs/floppy for an integrated disk drive). Serial (COM) Ports Enable Enable COM Port Mapping in order to perform bidirectional mapping between serial devices connected to the thin client (e.g. scanners, serial printers) and the serial ports of the Citrix server.
Device Support / Virtual Communication Channels Enable virtual RDP channels for communicating with various devices connected to the thin client. These can be card readers (smartcards), dictation machines or even USB storage devices. Channels of this type allow the device to communicate with the relevant server application. DriveLock The virtual DriveLock channel (RDP) is included in the UDLX from Version 5.01.100 and must be installed on the RDP server.
Audio Allows you to enable local audio transmission. 8.1.4. Performance In the event of performance-related problems, disable graphics functions which are not absolutely necessary. In low-bandwidth environments, you should use compression in order to reduce the network traffic. Please note that this uses additional CPU power. RemoteFX Support With the Service Pack 1 for Windows Server 2008 R2, local system functions such as Windows Aero or 3D display can be made available in RDP sessions too.
8.1.5. Options Disable mouse events Instructs the client not to show "unnecessary" cursor movements in order to conserve power. Reset license If you have to remove the MS license from the device, enable this option and restart the device. Client name Give a client name for terminal service identification - the standard setting is the host name of the computer. TLS (SSL from Version 3.
8.2. RDP session The following configuration pages offer you detailed setup options for the session: Server and logon Allows you to specify a server and a start application for the terminal server session. The necessary logon information is configured here. Otherwise, the terminal server logon window for entering the user and the password will be displayed. Window Allows you to specify the size of the session window and the color mode.
Microsoft RemoteApp Figure 25: RemoteApp settings Like the published applications of a Citrix server, MS Windows Server 2008 offers the option of passing on RemoteApps to the thin client. Detailed instructions regarding server configuration can also be found on the Microsoft website: TS RemoteApp Step-by-Step Guide. On the client side, only a few parameters need to be configured after enabling the RemoteApp mode.
8.2.3. Performance and options Specify the performance settings for the session if they differ from the global configuration (page 51). Figure 26: Performance settings 8.3. Web Access for Remote Desktop With Web Access for Remote Desktop (Web Access for RD), users can access RemoteApps and remote desktop connections via a web browser. RemoteApps and remote desktop connections therefore provide a modified view of RemoteApp programs and virtual desktops for users.
Command All necessary entries for creating an executable command to remotely launch the application via SSH User name (remote) Name of the remote user - The selected user must have a user account on the remote host. Computer (remote) Name or IP address of the remote host from which the remote application is launched. Command line Allows you to enter the name of the application program which is to be launched.
Window Allows you to specify the full-screen mode and multi-monitor options as well as the Firefox language / prevent users making changes to the browser / hide the configuration page (about:config) and the printer dialog Symbol bars and toolbar Allows you to hide/show toolbar items or complete toolbars in a session / configure a kiosk mode (browser in full-screen mode, restricted access to toolbars and autostart/restart configuration) Hotkeys Allows you to enable/disable hotkeys used in the Firefox br
8.6. Media Player Set up the Media Player for your multimedia applications here. The following codecs are licensed via either the Fluendo Codec Pack or the MPEG LA Advanced Feature Pack: Supported formats: Supported codecs: AVI MPEG ASF (restricted under Linux) WMA WMV (restricted under Linux) MP3 OGG MP3 WMA stereo WMV 7/8/9 MPEG 1/2 MPEG4 H.264 AC3 is not licensed. 8.6.1. Media Player Global Configure universal settings which will apply by default during all Media Player sessions.
Random mode Plays back the files in a play list in a random order. If you wish, choose the visual effects to be used during audio playback. Visualization type Determines the visualization plug-in. Visualization size Determines the visualization size.
8.6.2. Media Player Sessions You can set up your own personal Media Player sessions here. 1. Click on Add to create a new session. 2. Specify a session name. 3. Specify which possible ways of launching the session you would like. You may choose a number of options here. 4. You may like to select the option of using hotkeys and define them. 5. You can also specify whether autostart (following a system start) and/or restart (after a connection is established) are to be used. 6.
8.9. VNC Viewer Create a VNC Viewer session in order to be able to access remote computers (VNC server) via the thin client. Connection options such as the server address or the full-screen mode can be pre-populated for each session or defined individually when the system starts. If a server address is specified for the session, the connection dialog will not appear when the session starts – the connection will be established immediately. 66 IGEL Technology GmbH IGEL Zero RFX 5.02.
9. Accessories Information on other accessories provided by the Universal Desktop can be found here. 9.1. ICA Connection Center The Citrix ICA Connection Center provides an overview of existing connections to Citrix servers. It also allows the server connection to be terminated/canceled and the connection properties to be displayed, e.g. for support purposes. 9.2. Local Terminal With a terminal session, you can execute local commands via a shell.
9.7. Application Launcher Show the Setup and Application Launcher on the local desktop or in the start menu, or define hotkeys and the autostart option. You can hide various items, e.g. buttons for shutting down or restarting the device, from the user. 9.8. Sound Control Use the sound control to adjust the output volume and the input level as well as the balance between the input and output. Figure 27: Sound control 68 IGEL Technology GmbH IGEL Zero RFX 5.02.
9.9. System Log Viewer All available system logs are updated and displayed. You can add your own log files in the options. The contents of the selected log can be searched in the viewer and also copied (e.g. for support purposes). Figure 28: System logs 9.10. UMS Registration Registration of the thin client in the IGEL Universal Management Suite can also be performed locally. To do this, enter the server address (with port) and the necessary access data.
9.11. Touchscreen Calibration After launching the calibration program, you will see a pattern with calibration points which must be touched one after another. 9.12. Soft Keyboard (On-screen Keyboard) Enable the soft keyboard (on-screen keyboard) for use with a touchscreen, e.g. IGEL UD9. 9.13. Java Control Panel The Java Control Panel is an operating console which is used for various purposes. Specify how Java runs on your computer on the basis of various parameters.
9.16. Network Diagnostics The IGEL Universal Desktop Linux firmware features a number of tools for network analysis. These include: • • • • • Device information (page 71) Ping (page 71) Netstat (page 72) Traceroute (page 72) Look-up (page 72) 9.16.1. Device Information This tool provides information regarding the status of the network device used. This includes: • • • MAC and IP address Link speed Various interface statistics (bytes transferred, errors etc.) 9.16.2.
Enable Program → Signal Tone for Ping to configure the thin client to output an audible signal each time a Ping is sent. 9.16.3. Netstat Netstat provides information on active network services with protocol and port information as well as a routing table and multicast information for your network devices. 9.16.4. Traceroute With Traceroute, you can trace the route to a network address. 9.16.5. Look-up The Look-up tool shows various information regarding your network address.
9.17. System Information The system information provides an overview of all internal and connected thin client hardware components as well as the constituent parts of the Linux system (e.g. kernel modules). The information shown can be copied to the clipboard in order to send it to the IGEL Support department for example. Figure 32: System information 73 IGEL Technology GmbH IGEL Zero RFX 5.02.
9.18. Drive Management Drive management shows all recognized USB drives along with their respective properties (device name, mount point etc.). Figure 33: Drive management 9.19. Firmware Update This session updates the firmware with the settings saved in System → Update → Firmware Update. 74 IGEL Technology GmbH IGEL Zero RFX 5.02.
9.20. Identify Monitors Shows the screen number from the IGEL setup and hardware information on every connected screen. Figure 34: Identify screens 9.21. Upgrade License You can distribute additional firmware functions via the IGEL Universal Management Suite or import licenses locally to a thin client. To do this, an IGEL USB stick with a smartcard or a storage medium containing licenses that have already been produced for this device must be inserted.
10. Devices Click on Hardware Information for an overview of your IGEL thin client device. 10.1. Printers Various printing systems can be used with the thin client. 10.1.1. CUPS - Common UNIX Printing System The Common UNIX Printing SystemTM (or CUPS) is the software which allows you to print from within applications, e.g. from this web browser. CUPS converts the page descriptions produced by the application, e.g. "Insert Paragraph", "Draw Line" etc.
Model: Generic PostScript (Citrix Universal Printer Driver Postscript) In this case, the print data are prepared on the thin client with the help of the printer driver defined above under Printers for the printer model. This requires thin client resources depending on the size of the print job.
10.1.4. ThinPrint ThinPrint allows the bandwidth provided for the transfer of print jobs to be reduced depending on the resources available. The ThinPrint client prints either on printers connected to a local interface (serial, parallel or USB), on an LPD network printer or on a CUPS printer defined on the thin client. The following parameters can be found on the ThinPrint setup page: Port number Specify the port number via which the ThinPrint daemon is to communicate.
10.2. USB Storage Devices USB storage devices can be configured here. 10.2.1. Storage Device Hotplug Specify how USB devices are set up here. The most important details are • • • the number of possible devices, the allocation of drive letters, the access type available to users in ICA sessions (read and/or write access). Newly connected devices are automatically recognized by default.
List of automount devices Overview of the automount devices - The most commonly used devices such as the disk drive, CD-ROM etc. are pre-configured. Edit Opens and enables one of the pre-defined devices Add Manual configuration of devices not pre-defined in the automount device list . Name Name given to a device - This name is also used for the sub-directory created in /autofs/. Device Allows you to select a suitable device synonym - This can also be entered manually.
Example: • • • The set rule prohibits the use of USB devices on the thin client. However, the use of all Human Interface Devices (HID) is permitted. The USB storage device with the UUID 67FC-FDC6 is also permitted. Figure 37: USB access control Other USB storage devices, printers etc. cannot be used on the thin client with this setting. 10.4. PC/SC Interface PC/SC is a service which makes smartcard readers and inserted smartcards available to application programs.
11. Security In order to prevent unauthorized access to the thin client setup which could allow deeper penetration into your network, it is essential that you set up an administrator password following the initial configuration. You can also use an additional user password which offers variable options for permitting restricted configuration by users. 11.1. Password Under Password, set up an administrator password and a user password.
11.2.1. IGEL Smartcard Logging in with IGEL smartcard Enables local login to the thin client with the IGEL smartcard. Sessions stored on the smartcard become available. The thin client is locked without the smartcard and optional password. Enable IGEL smartcard without locking the desktop Enables sessions stored on the smartcard after entering an optional password. The thin client is not locked – even without a smartcard. Company key Shared key for smartcards and thin clients.
Session configurations are stored on the card's IC (integrated circuit) and the session can be used on any IGEL thin client which reads the card. Figure 39: Smartcard personalization Company Key The IGEL smartcard solution also contains a company key. This is an additional code which is written to the card and which must match the code of the terminal used. If the two codes do not match, the smartcard cannot be used on that particular terminal.
If the smartcard is merely used to control access to the terminal, the procedure is as follows: 1. Insert a suitable smartcard. 2. Click on Write to Card in order to write the data to the card. 3. Remove the smartcard once the writing operation is complete. You can now program the next smartcard.
11.2.3. Auto logout Define an Auto Logout action which is carried out when you end the last instance of a session type: 1. Bring up the Security → Login → Auto Logout setup page. 2. Choose a Session Type. 3. Choose a command (Auto Logout Command). 4. Save your settings by clicking on Apply or OK. If the last session instance of the selected type is ended, the system will carry out the set action. The Shutdown command carries out the set action. You can check this under System → Energy → Shutdown.
Realm The name of the realm/the domains where you would like to authenticate yourself. KDC list IP or FQDN list of the key distribution centers (domain controllers) for this realm. An optional port number preceded by a colon can be attached to the host name. 11.3.2. Domain-Realm Mapping Domain-realm mapping offers translation of a host name into the Kerberos realm name for the services provided by this host. Standard domain-realm mapping This should be enabled if the DNS and realm names match.
12. Firmware Customization Configure the firmware to create your own personal workstation. 12.1. Custom Application Applications which were loaded onto a customer partition for example can be launched via the Application Launcher or an icon on the desktop once they have been defined as own applications. In order for this to be possible, a command to call up the application must be entered under Settings. 12.2.
Network Initialization Network authentication successful (802.1x, WPA) No other network settings effective Network DNS Executed after change of IP address or hostname IP address / Nameserver settings effective (e.g. via DHCP) Network Early IP address / Nameserver settings effective (e.g.
12.4. Environment Variables Environment variables allow you to use dynamic parameter content for a number of session types, e.g. so as not to have to enter ICA or RDP servers for every session. Within the IGEL Setup, the variables can be found under: System → Firmware Configuration → Environment Variables Pre-defined variables can also be supplied and distributed via the IGEL UMS. Additional defined variables can only be used locally and may be overwritten by a UMS configuration.
D Desktop .............................................................. 31 13. Index Device Information ............................................ 71 3 3rd Party VPN-Clients .........................................43 Device Support / Virtual Communication Channels ............................................................ 55 A About this Manual ................................................ 2 Devices ............................................................... 76 Access Control ............
IGEL Smartcard ...................................................83 NFS Font Service ................................................ 38 IGEL System Registry ..........................................28 O Options ...................................................57, 64, 65 Important Information ......................................... 3 Input ...................................................................34 Introduction .......................................................... 7 P Password.....
Setup Application ...............................................19 V Verbose Boot ..................................................... 11 Setup Areas.........................................................20 Video .................................................................. 64 Setup Search .......................................................23 Virtual Private Network - VPN ........................... 43 Setup Session ......................................................
