A new global security policy has been defined
for ThinOS and this policy is applied to all secure connections (https/SSL
connections) with a few exceptions.
Purpose—To improve the security level by default
and add the global configuration. This security policy integrates
security setting for each application.
Full—SSL connection need to verify server
certificate. If it is untrusted, cancel the connection.
Warning (default)—SSL connection need to verify
server certificate. If it is untrusted, the user can continue or cancel
the connection.
Low: Server certificate is
not verified– this is the value set for a few applications.
After firmware is updated, the default value is set to
warning for all applicable applications immediately.
There is one exception for file server and WDM.
The old ini SecurityLevel | SecureProtocol from Privilege segment
is deleted.
All applications running on the default SSL security
mode follow the global mode. In the global mode, the default value
is Warning. The affected applications include VMware View, Amazon
Workspaces (AWS), File Server, WDMService, Caradigm Server, and OneSign
Server.
For more information about the security mode INI parameters,
see Dell Wyse ThinOS INI Guide.
The following are the exceptions:
File Server and WDM in factory reset
state: Before loading any INI parameter, the SSL security mode is
set to Low, and after loading the INI parameter, the value is changed
to follow the global mode value. For example, the default value is
set to Warning, if the value is not changed by the INI parameter.
System with previous settings (default value is set
to Low) follows the global mode after the unit is upgraded. For
example, the default value is set to Warning, if the value is not
changed by the INI parameter.
VMware View and AWS brokers include
own security settings (GUI and INI). From ThinOS 8.3 release, an additional
option is added to follow the global mode as its new default value.
The security mode GUI context is updated for better understanding.
Wyse Management Suite, Microsoft RDS broker, Citrix
broker, and SecureMatrix are always Full.
File Server default protocol is retained as FTP without
any setting from WDM/DHCP/INI and always displays the full address
with protocol prefix. For example, ftp://.
New firmware/client deploy information
Dell recommends you to define the Security Policy before
upgrading to version 8.3 and later. If not, you may get warning messages
that require intervention to proceed.
Before upgrading to version 8.3 and later, it is
recommended to define the desired SSL security level and add the required
Security Policy parameters/options to global INI file.
For SecurityPolicy=Fullor warning, you are required to add certificates from the respective
File, View, AWS, WDM, Wyse Management Suite, OneSign, and/or Caradigm server(s) to the ThinOS
client before updating the firmware.
The default protocol of File Server is still FTP
and ftp prefix is added automatically, if the protocol is not provided.
Improved user friendly messages are displayed for
errors and warnings
The UI is not changed and only the message is modified
for security errors/warnings.
In full security mode, the following warning message
is displayed:
For warning security mode, the following warning messages
are displayed:
The server address does not convert to http, if WDM
server is set as https.
In the previous scenario, If WDM server
is configured without HTTPS, and local WDM server address is specified
in HTTPS, then the system converts it to HTTP address.
In the current scenario, the system
does not convert the WDM server address to HTTP.
Manual discovery is removed from WDM. In the WDA tab, the Manual discovery method option is removed.
Данные для раздела недоступны
Поставьте оценку (1–5 звезд).
Поставьте оценку (1–5 звезд).
Поставьте оценку (1–5 звезд).
Выберите ответ на вопрос, была ли статья полезной.
Комментарии не должны содержать следующие специальные символы: <>()\