- Notes, cautions, and warnings
- Introduction
- Getting Started:
Quickly Learning the Basics
- Connecting to a Remote Server
- Using Your Desktop
- Configuring Thin Client Settings and Connection Settings
- Connecting to a Printer
- Connecting to a Monitor
- Locking the Thin Client
- Signing Off and Shutting Down
- Additional Getting Started Details
- Classic Desktop Features
- Login Dialog Box Features
- Accessing System Information
- Global Connection Settings
- Configuring the Connectivity
- Configuring Thin Client Settings
- Citrix HDX RealTime Multimedia Engine (RTME)
- Advanced Details on Configuring ICA and RDP Connections
- ICA SuperCodec
- Features of RDP 8.1
- Introduction to Flash Redirection
- Introduction to TCX 7.0 Flash Redirection
- Performing Diagnostics
- Central Configuration: Automating Updates and Configurations
- CMOS Management
- Examples of Common Printing Configurations
- Security Changes
- Transport Layer Security (TLS)
- Important Notes
- Frequently Asked Questions
Bienvenue
Bienvenue dans l’univers Dell
Mon compte
- Passer des commandes rapidement et facilement
- Afficher les commandes et suivre l’état de votre expédition
- Créez et accédez à une liste de vos produits
- Gérer vos sites, vos produits et vos contacts au niveau des produits Dell EMC à l’aide de la rubrique Gestion des informations de l’entreprise.
Dell Wyse ThinOS Release 8.3.1 Administrator’s Guide
Security Changes
A new global security policy has been defined for ThinOS and this policy is applied to all secure connections (https/SSL connections) with a few exceptions.
Purpose: To improve the security level by default and add the global configuration. This security policy integrates security setting for each application.
INI Parameter | Description |
SecurityPolicy={full |
warning (default) | low}
SecuredNetworkProtocol={yes | no (default)}
TLSMinVersion={1 (default), 2, 3}
TLSMaxVesion={1, 2, 3 (default)}
| Full: SSL connection need to verify server certificate. If it is untrusted, cancel the connection. Warning (default): SSL connection need to verify server certificate. If it is untrusted, the user can continue or cancel the connection. Low: Server certificate is not verified– this is the value set for a few applications. After firmware is updated, the default value is set to warning for all applicable applications immediately. There is one exception for file server and WDM. The old ini SecurityLevel |SecureProtocol from Privilege segment is deleted. |
All applications running on the default SSL security mode follow the global mode. In the global mode, the default value is Warning. The affected applications include VMware View, Amazon Workspaces (AWS), File Server, WDMService, Caradigm Server, and OneSign Server.
For more information about the security mode INI parameters, see Dell Wyse ThinOS INI Guide.
The following are the exceptions:
File Server and WDM in factory reset state: Before loading any INI parameter, the SSL security mode is set to Low, and after loading the INI parameter, the value is changed to follow the global mode value. For example, the default value is set to Warning, if the value is not changed by the INI parameter.
System with previous settings (default value is set to Low) follows the global mode after the unit is upgraded. For example, the default value is set to Warning, if the value is not changed by the INI parameter.
VMware View and AWS brokers include own security settings (GUI and INI). From 8.3 release, an additional option is added to follow the global mode as its new default value. The security mode GUI context is updated for better understanding.
CCM, Microsoft RDS broker, Citrix broker, and SecureMatrix are always Full.
File Server default protocol is retained as FTP without any setting from WDM/DHCP/INI and always displays the full address with protocol prefix. For example, ftp://.
New firmware/client deploy information
- Dell recommends you to define the SecurityPolicy before upgrading to version 8.3 and later. If not, you may get warning messages that require intervention to proceed.
- Before upgrading to version 8.3 and later, it is recommended to define the desired SSL security level and add the required Security Policy parameters/options to global INI file.
- For SecurityPolicy=Fullor warning, you are required to add certificates from the respective File, View, AWS, WDM, OneSign, and/or Caradigm server(s) to the ThinOS client before updating the firmware.
- The default protocol of File Server is still FTP and ftp prefix is added automatically, if the protocol is not provided.
Improved user friendly messages are displayed for errors and warnings .
The UI is not changed and only the message is modified for security errors/warnings.
In full security mode, the following warning message
is displayed:
For warning security mode, the following warning messages
are displayed:
The server address does not convert to http, if WDM
server is set as https.
In the previous scenario, If WDM server is configured without HTTPS, and local WDM server address is specified in HTTPS, then the system converts it to HTTP address.
In the current scenario, the system does not convert the WDM server address to HTTP.
Manual discovery is removed from WDM. In the
WDA tab, the Manual discovery method option is removed (Highlighted
in red color in the following screenshot).
Veuillez attribuer une note (1 à 5 étoiles).
Veuillez attribuer une note (1 à 5 étoiles).
Veuillez attribuer une note (1 à 5 étoiles).
Veuillez indiquer si l’article a été utile ou non.
Les commentaires ne doivent pas contenir les caractères spéciaux : <>()\