- Notes, cautions, and warnings
- Introduction
- Getting started
- Configuring ThinOS using the First Boot Wizard
- Connecting to a remote server
- Using your desktop
- Configuring thin client settings and connection settings
- Connecting to a printer
- Connecting to a monitor
- Locking the thin client
- Signing off and shutting down
- Additional getting started details
- Classic desktop features
- Login dialog box features
- Accessing system information
- Global Connection settings
- Configuring the connectivity
- Configuring the network settings
- Configuring the remote connections
- Configuring the central configurations
- Configuring the VPN Manager
- Configuring the connection brokers
- Configuring Citrix
- Citrix HDX RealTime Multimedia Engine or RealTime Optimization Pack
- Citrix Cloud services
- Citrix icon refresh
- Using multiple audio in Citrix session
- Using Citrix NetScaler with CensorNet MFA authentication
- Configuring ICA connections
- ICA Self Service Password Reset
- QUMU or ICA Multimedia URL Redirection
- HTML5 Video Redirection
- ICA SuperCodec
- Anonymous logon
- Configuring the Citrix UPD printer
- Introduction to Flash Redirection
- Configuring VMware
- Configuring Microsoft Remote Desktop
- Configuring Dell vWorkspace
- Configuring Amazon Web Services or WorkSpaces
- Configuring Citrix
- Configuring thin client settings
- TCX Suite
- Performing diagnostics
- BIOS management on ThinOS
- Security
- Automating updates and settings using central configuration
- Examples of common printing configurations
- Important notes
- Troubleshooting
- Firmware upgrade
- Frequently asked questions
Dell Wyse ThinOS Version 8.5 Hotfix Administrator’s Guide
Security
A new global security policy has been defined for ThinOS and this policy is applied to all secure connections (https/SSL connections) with a few exceptions.
Purpose—To improve the security level by default and add the global configuration. This security policy integrates security setting for each application.
| INI parameter | Description |
|---|---|
SecurityPolicy={full | warning (default) | low}
SecuredNetworkProtocol={yes | no (default)}
TLSMinVersion={1 (default), 2, 3}
TLSMaxVesion={1, 2, 3 (default)} |
Full—SSL connection must verify the server
certificate. If it is untrusted, cancel the connection. Warning (default)—SSL connection must verify the server certificate. If it is untrusted, you can continue or cancel the connection. Low—Server certificate is not verified. tThis value is set for a few applications. After firmware is updated, the default value is set to warning for all applicable applications immediately. There is an exception for file server and WDM. The old ini SecurityLevel | SecureProtocol from Privilege segment is deleted. |
All applications running on the default SSL security mode follow the global mode. In the global mode, the default value is Warning. The affected applications include VMware View, Amazon WorkSpaces (AWS), file server, WDM Service, Caradigm Server, and OneSign Server.
For more information about the security mode INI parameters, see Dell Wyse ThinOS INI Guide.
The following are the exceptions:
- File server and WDM in factory reset
state—Before you load any INI parameter, the SSL security mode is
set to Low, and after loading the INI parameter, the value is changed
to follow the global mode value. For example, the default value is
set to warning, if the value is not changed by the INI parameter.
System with previous settings (default value is set to Low) follows the global mode after the unit is upgraded. For example, the default value is set to Warning, if the value is not changed by the INI parameter.
- VMware View and AWS brokers include own security settings (GUI and INI). From ThinOS 8.3 release, an additional option is added to follow the global mode as its new default value. The security mode GUI context is updated for better understanding.
- Wyse Management Suite, Microsoft RDS broker, Citrix broker, and SecureMatrix are always Full.
File server default protocol is retained as FTP without any setting from WDM/DHCP/INI and always displays the full address with protocol prefix. For example, ftp://.
New firmware/client deploy information
- Dell recommends that you define the Security Policy before upgrading to version 8.3 and later. If not, you may get warning messages that require intervention to proceed.
- Before you upgrade to version 8.3 and later, Dell recommends that you define the desired SSL security level and add the required Security Policy parameters/options to the global INI file.
- For SecurityPolicy=Fullor warning, add certificates from the respective File, View, AWS, WDM, Wyse Management Suite, OneSign, and/or Caradigm servers to the ThinOS client before updating the firmware.
- The default protocol of file server is still FTP and ftp prefix is added automatically if the protocol is not provided.
- Earlier when the connection to https file server fails in full security mode, a dialog box is displayed which prompts you to click OK. From ThinOS 8.5 HF2 release, the feature is updated to display a tooltip at the bottom-right of the screen.
- Improved user-friendly messages are displayed for errors and warnings.
NOTE:
If the WDM server is set as https, the server address does not convert to http.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\