A new global security policy has been defined
for ThinOS and this policy is applied to all secure connections (https/SSL
connections) with a few exceptions.
Purpose—To improve the security level by default
and add the global configuration. This security policy integrates
security setting for each application.
Full—SSL connection must verify the server
certificate. If it is untrusted, cancel the connection.
Warning (default)—SSL connection must verify the
server certificate. If it is untrusted, you can continue or cancel
the connection.
Low—Server certificate is
not verified. tThis value is set for a few applications.
After firmware is updated, the default value is set to
warning for all applicable applications immediately.
There is an exception for file server and WDM.
The old ini SecurityLevel | SecureProtocol from Privilege segment
is deleted.
All applications running on the default SSL security
mode follow the global mode. In the global mode, the default value
is Warning. The affected applications include VMware View, Amazon WorkSpaces (AWS), file server, WDM Service, Caradigm Server, and OneSign
Server.
For more information about the security mode INI parameters,
see Dell Wyse ThinOS INI Guide.
The following are the exceptions:
File server and WDM in factory reset
state—Before you load any INI parameter, the SSL security mode is
set to Low, and after loading the INI parameter, the value is changed
to follow the global mode value. For example, the default value is
set to warning, if the value is not changed by the INI parameter.
System with previous settings (default value is set
to Low) follows the global mode after the unit is upgraded. For
example, the default value is set to Warning, if the value is not
changed by the INI parameter.
VMware View and AWS brokers include
own security settings (GUI and INI). From ThinOS 8.3 release, an additional
option is added to follow the global mode as its new default value.
The security mode GUI context is updated for better understanding.
Wyse Management Suite, Microsoft RDS broker, Citrix
broker, and SecureMatrix are always Full.
File server default protocol is retained as FTP without
any setting from WDM/DHCP/INI and always displays the full address
with protocol prefix. For example, ftp://.
New firmware/client deploy information
Dell recommends that you define the Security Policy before
upgrading to version 8.3 and later. If not, you may get warning messages
that require intervention to proceed.
Before you upgrade to version 8.3 and later, Dell
recommends that you define the desired SSL security level and add the required
Security Policy parameters/options to the global INI file.
For SecurityPolicy=Fullor warning, add certificates from the respective
File, View, AWS, WDM, Wyse Management Suite, OneSign, and/or Caradigm servers to the ThinOS
client before updating the firmware.
The default protocol of file server is still FTP
and ftp prefix is added automatically if the protocol is not provided.
Earlier when the connection to https file server fails in full
security mode, a dialog box is displayed which prompts you to click
OK. From ThinOS 8.5 HF2 release, the feature is updated to display a tooltip at
the bottom-right of the screen.
Improved user-friendly messages are displayed for
errors and warnings.
NOTE:
If the WDM
server is set as https, the server address does not convert to http.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\