Dell Wyse ThinOS Version 8.5.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction....................................................................................................................................................7 About this guide..................................................................................................................................................................7 Technical support..............................................................................................................................................
Configuring the visual settings................................................................................................................................. 38 Configuring the general options...............................................................................................................................40 Configuring the authentication settings..................................................................................................................
Configuring the printer settings..............................................................................................................................135 Reset features.................................................................................................................................................................140 Resetting to factory defaults using G-Key reset..................................................................................................
Firmware installation using Dell Wyse USB Imaging Tool...........................................................................................
1 Introduction Thin clients running Dell Wyse ThinOS firmware are designed solely for optimal thin client security and performance. These efficient purpose-built thin clients are virus and malware resistant and offer ultrafast access to applications, files and network resources within Citrix, Microsoft, VMware and Dell vWorkspace environments, and other leading infrastructures.
What is new in this release The following are the updates or new features in the ThinOS 8.5_115 release: • Updated the VMware Horizon package on ThinOS to version 4.6.51718 to resolve the user trap issue on Blast protocol. • UI enhancement that allows you to restart the client immediately or delay the restart when Wyse Management Suite policy changes need to be applied to ThinOS. See, Configuring the WDA settings.
2 Getting started Use the following information to quickly learn the basics and get started using your thin client: • Configuring ThinOS using the first boot wizard • Connecting to a remote server • Using your desktop • Configuring thin client settings and connection settings • Connecting to a printer • Connecting to a monitor • Locking the thin client • Signing off and shutting down • Additional getting started details NOTE: ThinOS is centrally managed and configured using INI files to aut
Figure 1.
Figure 2.
To configure the First Boot Wizard: 1 Connect a new thin client or existing thin client to the Ethernet using a wired connection. The existing thin client must be reset to factory default settings to enter the First Boot Wizard. 2 Turn on your thin client. The thin client checks for a wired network connection. If the network connection is successful, a welcome screen with the model name of your thin client is displayed. The thin client validates the IP address from DHCP.
• Locale—Select a language to start ThinOS in the regional specific language. • Keyboard Layout—Select a keyboard layout to set the keyboard layout in the regional specific language. • Time Zone—Select a time zone to set the time zone for your thin client. • Time Server—Displays the IP addresses or host names with optional port number of time servers. • Advanced—Click Advanced to configure settings, such as daylight saving, time format, date format, and time servers.
• Click Define a wireless connection. From the list, select a wireless network, and click Connect. NOTE: – The option to define a wireless connection is not available on thin clients without a WLAN module. – To exit the Attach the Ethernet cable screen, and load the ThinOS system desktop, click Exit. After the connection is established, the thin client validates the IP address from DHCP.
• • • • • Citrix—The broker allows you to connect to full desktops using XenDesktop or individual applications using XenApp from a centralized host through Citrix Receiver Client. – Server Address—Enter the host name or IP address of the broker connection. – Enable theme: ThinOS Lite—Select this check box to boot the thin client in ThinOS Lite mode. – StoreFront style—Select this check box to enable the Citrix StoreFront based layout of published applications and desktops on the thin client.
If you must initially connect to central configuration through wireless, use the Wireless tab in the Network Setup dialog box to enter the SSID and encryption configurations required or set up by the network administrator. For more information, see Configuring the Network Settings.
• Users with a Zero Desktop—will see the Zero Desktop with the Zero Toolbar showing the assigned list of connections from which to select. This option is recommended for VDI and any full-screen only connections. For more information on using the Zero Desktop, see Zero Desktop Features. In any desktop case, you can select the desktop option you want (Classic Desktop or Zero Desktop) and create the connections you need using the Visual Experience tab on the Remote Connections dialog box.
Signing off and shutting down Use the Shutdown dialog box to select the available option you want: • Classic Desktop — Click Shutdown in the Connect Manager or Desktop Menu. • Zero Desktop — Click the Shutdown icon on the Zero Toolbar. NOTE: You can also configure automatic behavior after all desktop sessions are closed by using the Remote Connections dialog box, see Central configuration: Automating updates and configurations.
NOTE: • You can copy and paste between application sessions and between sessions and the desktop, however, this function depends on session server configurations. • In addition to the standard two-button mouse, the thin client supports a Microsoft Wheel Mouse used for scrolling. Other similar types of a wheel mouse may or may not work. To switch the left and right buttons, use the Peripherals dialog box, see Configuring the peripherals settings.
Option What It Does NOTE: The Close icon is grayed out for connections that are not open. Edit icon Opens the Connection Settings dialog box to change the connection options. NOTE: Depending on user privilege level, editing options may not be available for use. Add Connection Allows you to configure or add new connections.
• Right-clicking on the desktop provides a shortcut menu, see Using the shortcut menu. • Clicking the User Name or clicking on the desktop, opens the desktop menu, see Using the desktop menu. NOTE: • User Name is the user who is logged-on and is located at the lower-left pane of the task bar.
• b c d e f Printer—Allows configuration of network printers and local printers that are connected to the thin client. For more information, see Configuring the printer settings. System Information—Provides thin client system information. See Accessing system information. System Tools—Provides information about devices, certificates, packages, global INI, user INI, wdm or ccm.ini. See System tools.
f g Select a Virtual connection from the list, and click Reset VM to reset a selected virtual connection. Click Global Connection Settings tab to open and use the Global Connection Settings dialog box to configure settings that affect all the connections in the list. For more information on the Global Connection Settings dialog box, see Global connection settings. Login dialog box features While the Login dialog box allows you to log on to the server, it also allows you to: • Obtain system information.
• Status tab—Displays status information about TCP performance-related parameters, UDP performance-related parameters, CPU Busy, System Up Time, Wyse Management Suite status, Free Memory, Active sessions, and WDM status. • IPv6 tab—Displays IPv6 information such as Link-local Address, IPv6 Address, and IPv6 Default Gateway. NOTE: This tab is displayed when IPv6 is enabled in the General tab of the Network Setup dialog box, see Configuring the network settings.
3 Global Connection settings If you do not use INI files to provide central configuration (global connection settings) to users, you can use the Global Connection Settings dialog box to configure settings that affect all of the connections in your list of connections: • Zero desktop—Click Global Connection Settings in the list of connections. • Classic desktop—Click Global Connection Settings in the Connect Manager.
a Select the Enable H264 check box. This option allows H.264 decoding in Horizon Client. To validate the H.264 decoding, do the following: b • Configure the INI parameter BlastDebugClientH264=yes. • Launch a VMware Blast session. • On the upper-left corner of the screen, verify if the H264 basic watermark is displayed. NOTE: A performance tracker is introduced by VMware for performance evaluation and data collection.
4 Configuring connectivity This chapter helps you to understand various configuration settings for a secure connection. Connectivity menu includes: • Configuring the network settings. • Configuring the remote connections. • Configuring the central configurations. • Configuring the VPN manager. NOTE: To configure the settings on Classic desktop, click System Setup from the desktop menu, and use the configuration tabs.
The Network Setup dialog box is displayed. 2 Click the General tab, and use the following guidelines: a To set the default gateway, select the type of network interface from the available options. 1 Single Network support—Either wireless or wired network is connected. • ENET—Click this option, if you want set up the Ethernet Wired Network Connection. • WLAN—Click this option, if you want set up the Wireless Network Connection.
connection, it is used to make the connection. These entries can be supplied through DHCP, if DHCP is used. DNS and WINS provide essentially the same function, name resolution. If both DNS and WINS are available, the thin client attempts to resolve the name using DNS first and then WINS. c 3 You can enter two WINS Server addresses (primary and secondary), separated by a semicolon, comma, or space.
a b To set the default gateway, select the type of network interface from the following options: • ENET0— Enables you to set up the first Ethernet Wired Network connection. • ENET1—Enables you to set up the second Ethernet Wired Network connection. NOTE: You can connect your thin client to two wired network connections at the same time. The default gateway is determined by the UI settings. However, UI will not be changed automatically.
a b c d 3 DHCP Option IDs — Enter the supported DHCP options. Each value can only be used once and must be between 128 and 254. For information about DHCP options, see DHCP options. Interpret DHCP Vendor-Specific Info — Select this check box for automatic interpretation of the vendor information. DHCP Vendor ID — Shows the DHCP Vendor ID when the dynamically allocated over DHCP/BOOTP option is selected.
Figure 4. ENET tab a b c Ethernet Select—Allows you to select the wired network connection. For Wyse 5070 thin client without SFP or RJ-45 module, the ENET0 option is selected by default. For Wyse 5070 thin client with SFP or RJ-45 module, select either ENET0 or ENET1 based on your network preference. Ethernet Speed—The default value is Auto-Detect.
d – Default gateway—Use of gateways is optional. Gateways are used to interconnect multiple networks—routing or delivering IP packets between them. The default gateway is used for accessing the Internet or an Intranet with multiple subnets. If no gateway is specified, the thin client can only address other systems on the same subnet. Enter the address of the router that connects the thin client to the Internet.
NOTE: Using only the FQDN, that is, company.dell.com does not work. Use one of the options, for example servername.dell.com (*.dell.com is the most common option as multiple authentication servers may exist). • LEAP—Select this option, and click Properties to configure the Authentication Properties dialog box. Be sure to use the correct username and password for authentication. The maximum length for the username or the password is 31 characters.
a Add—Use this option to add and configure a new SSID connection. You can configure the SSID connection from the available security type options. After you configure the SSID connection, the added SSID connection is listed on the page of the WLAN tab.
b c d Remove—Use this option if you want to remove a SSID connection by selecting the SSID connection from the list. Properties—Use this option to view and configure the authentication properties of a SSID connection that is displayed in the list. Select the Disable Wireless Device check box, if you want to disable a wireless device. • 3 Always—Click this radio button if you want to disable the wireless device at all times.
a Enter the HTTP proxy port number or HTTPS proxy port number, User name and Password in the respective fields. However, credential pass through ($UN/$PW) is not recommended because it starts before user sign on. Wyse Management Suite uses both HTTP/HTTPS and MQTT protocols to communicate with the WMS/MQTT server. However, the HTTP proxy cannot redirect TCP packages to the MQTT server which requires a SOCKS5 proxy server.
Configuring the remote connections Use the Remote Connections dialog box to configure thin client remote connections including ICA, RDP, Citrix XenDesktop, Microsoft, VMware View, Dell vWorkspace, and other broker server connections. This dialog box also enables you to configure visual options, and general connection settings.
NOTE: The Visual Experience tab is grayed out, if the StoreFront Style check box is selected for a Citrix Broker Server entered in the Broker Setup tab. a b Classic Desktop — Displays the full taskbar, desktop and Connect Manager familiar to ThinOS users. This option is recommended for terminal server environments and for backward compatibility with ThinOS 6.x versions. Zero Launchpad — Displays the new launch pad style GUI designed for VDI use.
Configuring the general options To configure the general options: 1 From the desktop menu, click System Setup, and then click Remote Connections. The Remote Connections dialog box is displayed. 2 Click the General Options tab, and use the following guidelines: a Click the available options to select the action after you exit all open desktops. The available options are None, Sign-off automatically, Shut down the system automatically and Restart the system automatically.
2 Click the Authentication tab, and select the authentication type. The following authentication options are displayed: • • • • 3 Imprivata— Configuring Imprivata OneSign server. Caradigm—Configuring Caradigm server. SECUREMATRIX— Configuring SECUREMATRIX. HealthCast—Introduction to HealthCast. After configuring your preferred authentication, click OK to save the settings.
The following OneSign features or actions are supported: • Client and Broker authentication – Citrix XenApp – Citrix XenDesktop – VMware View • Kiosk Mode • Fast User Switching • Non-OneSign user VDI access • Hotkey Disconnect • Proximity card reader redirection • Guided Question and Answer login • Authenticate w/Password • Authenticate w/Password + Password Change • Authenticate w/Password + Password Change | New Password is Invalid • Authenticate w/Proximity Card + Password • Authen
– If you enable this feature by selecting the check box, the shutdown and restart icon is shown in ThinOS login and locked windows. – If you clear the check box, the shutdown and restart icon is grayed out. • FailedOneSignAuth Allow—Only yes or no options are supported. Non-OneSign user can log in to the Broker by clicking No radio button. • Logging Allow – OneSign logs could output on ThinOS with this feature. An INI configuration is needed correspondingly. – Loglevel=0/1/2/3. The default value is 0.
• 3 Suspend action—The server configuration controls this feature on ThinOS. Therefore a new INI is added— SuspendAction=0/1; 0 means lock, 1 means signoff. Configuring the SSPR Configuration Object The SSPR configuration object controls the Self-Service Password Reset behavior for a user. The enabled attribute specifies whether the user is allowed to reset their password as part of emergency access. The mandatory attribute specifies whether the user must reset their password as part of emergency access.
8 Password Self-Services force enrollment feature Selecting this check box allows you to reset the primary authentication password. INI configuration for Imprivata OneSign Server A new INI parameter AutoAccess=command is added. The new value is AutoAccess=Local. When AutoAccessis set to local, the ThinOS ignores the brokers that are set on the Imprivata OneSign Appliance and starts the broker/connections which are defined in wnos.ini or local defined on the client.
1 Tap the proximity card. The card enrollment page is displayed. 2 Enter the credentials and then click OK. Proximity card is enrolled successfully.
Imprivata Bio-metric Single Sign-On Fingerprint identification feature is highly reliable, and cannot be easily replicated, altered, or misappropriated. The prerequisites of OneSign server are: • Imprivata v4.9 or later appliance version is needed that supports the WebAPI v5 and later versions. • Fingerprint identification license is required. NOTE: • Supported protocols are RDP, ICA, and PCoIP.
2 Unlocking the Virtual Desktop using Fingerprint Authentication. • Enable the Imprivata Virtual Channel from ThinOS Global Connection Settings. • When you lock the virtual desktop in the session, the Fingerprint window is displayed automatically.
3 Managing Fingerprints on virtual desktop. • Legend Fingerprint Management is supported. • Fingerprint management with Imprivata Confirm ID enabled is not supported. This requires both supervisor and user to finish the enrollment and it is recommended to use Windows platform to perform this action. To manage fingerprints, do the following: a Right-click the OneSign agent icon in System tray.
Configuring the Caradigm server Caradigm Single Sign-on and Context Management (SSO & CM) is the product of the Caradigm Company which provides Single Sign-on and Context Management Services. Caradigm solution has been integrated since ThinOS 8.1. To configure the Caradigm integration on ThinOS, do the following: 1 From the desktop menu, click System Setup, and then click Remote Connections. The Remote Connections dialog box is displayed. 2 Click the Authentication tab, and then click Caradigm.
a b c SSO & CM Server—Enter the IP addresses of the Single Sign-On (SSO) and Context Management (CM) Servers. Default Group Name—Type the name of the default group in the Default Group Name box. Enable logoff remote desktop • 3 Select the check box to log off the current user from the session before system sign-off. • Clear the selection to disconnect from the session. Click OK to save the settings.
4 Click SSO&CM > Advanced Configurations , and use the following guidelines: a b 5 Ensure that the Enable Proximity Support check box is selected. Ensure that the Enable way2care check box is selected. To prepare a certificate to the Caradigm Vault Server, use the following guidelines: The Caradigm Vault Server uses the certificate to validate the connection between the Tap Server and the thin client.
Use the Thin Client Certificates page to add certificates for the thin client devices. The certificate must be a text in PEM format, that is, a text-based Base64-encoded DER file. • Open the DER cert file on Notepad. • Log in to the Vault Server Admin Console, and then click Appliance > Thin Client Certificates.
b Click the Authentication tab, and then click HealthCast. c Enter the HealthCast server details in the box provided.
d To import the client certificate, click Browse, and select the appropriate certificate you want to use. e Click OK to save the settings. INI configuration To configure using INI parameters, add the following INI parameters to your wnos.ini file: HealthCastServer— The server address and options needed for the client to connect to the HealthCast Web API Server.
can follow the easy registration process. This is a one-time event after which you can use the card wherever HealthCast is installed. • Manual login and lock/unlock terminal—If you do not have a card, or choose not to use your card, then you can manually log in using your user name and password. Administrators can disable manual login, if they wish, so that users can sign on with their proximity cards. You can also lock or unlock the terminal, if you have signed on with a manual login.
• Proximity card login and lock/unlock terminal—After the proximity card is registered, tap the card at a terminal to login. You can lock the session to secure it, but leave the remote session connected for fast access when you return. To do this, tap the proximity card and the session is locked. To resume the session, tap the card again. • • Walk away—Terminals can be configured to lock or log off sessions that have been left open.
• Forgotten card—If you forget your card at home, you can receive a temporary card and register it for the day using the same easy registration process mentioned in this section. • Lost or stolen card—If you report a card as lost or stolen, an administrator can immediately disable the card using the convenient web administration application. This prevents anyone else from using it.
File Servers/Path, Username and Password — Enter the IP address or host name of the file server that provides the system software and update images. The address can be supplied through DHCP, if DHCP is used. a b c 3 File Servers/Path — Allows maximum of 127 characters for file server, and maximum of 127 characters for root path. The data specifies part of the path to be used when the server is accessed. Multiple file servers/paths may be named, as long as all data fits in the length limitation.
By default, the WMS option is selected. Wyse Management Suite service automatically runs after the client boot up. If the first discovery, for example, the Wyse Management Suite service is not successful, it seeks for the next priority, for example, WDM service. This continues until a discovery is successful. If all discoveries fail, then it is started again automatically after a fixed time —24 hours.
# Group Token DNS Record Type: DNS Text Record Name: _WMS_GROUPTOKEN. Value Returned: Group Token (as String) Example: _WMS_GROUPTOKEN .WDADEV.com # CA Validation DNS Record Type: DNS Text Record Name: _WMS_CAVALIDATION. Value Returned: TRUE or FALSE (as String) c d Example: _WMS_CAVALIDATION.WDADEV.com Group Registration Key—Enter the Group Registration Key as configured by your Wyse Management Suite administrator for the desired group. To verify the key, click Validate Key.
1 2 Click WDM, and use the following guidelines: a WDM Servers—Enter the IP addresses or host names, if WDM is used. Locations can also be supplied through user profiles, if user INI profiles are used. b DNS Name Record—(Dynamic Discovery) Allows devices to use the DNS hostname lookup method to discover a WDM server. c DHCP Inform—(Dynamic Discovery) Allows devices to use DHCP Inform to discover a WDM server.
3 Click New to create a new session. a b c d e f g Session Name (up to 21 characters)—Enter the name of the Session Name. This is not a mandatory option. If the field is left blank, the VPN server name will be used as the session name. VPN server (up to 63 characters)—Enter the IP address of the VPN Server. This is defined as either an IP address or a host name. This is a mandatory option. Login Username (up to 31 characters)—Enter the Login Username. This is a mandatory option.
When the connections are created, the description column lists the session name and the Auto column shows which connection is automatically connected when the unit restarts. Only one session can be set to auto-connect. 4 Click Connect. The connection status is displayed.
5 Configuring the connection brokers In a Virtual Desktop Infrastructure (VDI) environment, a connection broker is a software entity that allows you to connect to an available desktop. The connection broker facilitates the VDI environment to securely and efficiently manage the centrally hosted desktop environments. NOTE: • Linux hosted desktop in Citrix, VMware, and Dell vWorkspace brokers are supported. • Windows 10 desktop in multiple brokers is supported.
Citrix HDX RealTime Multimedia Engine or RealTime Optimization Pack HDX RealTime Optimization Pack (RTOP) provides a scalable solution to deliver audio-video conferencing and Voice over Internet Protocol (VoIP) enterprise telecommunication by using Microsoft Skype for Business. The Optimization Pack supports XenDesktop and XenApp environments to users on ThinOS devices. For more information about HDX RealTime Optimization Pack, see Citrix documentation.
Setting up the RealTime Multimedia Engine connector This section describes how to install and use Lync or Skype for Business (SFB) on a Citrix desktop. 1 Install Citrix HDX RealTime Connector on Citrix desktop VDA/Server. HDX RealTime Multimedia Engine (RTME) is the package installed on ThinOS. It is HDX RealTime Connector that needs to be installed or upgraded on the remote server and VDA. NOTE: The following are applicable to RTME 1.8 only: 2 • The Upgrade option from 1.7 to 1.8 is discussed at docs.
To view the Citrix HDX RealTime Connector for Microsoft Lync 2013 dialog box: 1 Do any of the following to view the Citrix HDX RealTime Connector for Microsoft Lync 2013 dialog box: • Click the RTME icon in the lower-left corner of the Lync application window, and click Audio Video Settings. • Click the Lync menu icon in the upper-right corner of the Lync application window, and click Tools > Audio Video Settings. The Citrix HDX RealTime Connector for Microsoft Lync 2013 dialog box is displayed.
• Turn off call forwarding • Forward any call to a specific number • Simultaneously ring NOTE: The latest call forwarding settings configured by you are displayed in the lower pane of the dialog box. For more information about trouble shooting, go to docs.citrix.com/en-us/hdx-optimization/1-8/hdx-realtime-optimization-packtroubleshooting.html. Known Issues with RTME 1.8 feature • RTME operation system on ThinOS is displayed as Linux. • The RTME 1.
In the Call Statistics window, Video Codec = H.264-UC (CAM)) is displayed for P2P RTME video call in the Sent column. For group calls with standard SFB, the call statistics displays Video Codec = H.264-UC (CAM) in the Sent column. This improves video call quality/resolution compared to Video Codec H.264 (SW); for example: P2P video call resolution upgrade from 480 x 270 to 640 x 360. Known issues or Limitations • The video sent from client in call is decided by capabilities of both endpoints in the call.
3 For MultiFarm (StoreFront or PNAgent servers) or Multilogon (StoreFront or PNAgent servers), select a single server to refresh or click Refresh All to refresh all servers. NOTE: Warning message is displayed when you open or edit or remove applications when you refresh the applications. 4 Refresh scope covers the aspects such as, application removed, added, duplicated, disabled, enabled, icon/title change, and on/off desktop. Active sessions that are started are not affected by application refresh.
Using multiple audio in Citrix session ThinOS supports multiple audio device utilizations in the XenDesktop or XenApp version 7.6 and later. You can connect or disconnect the audio devices anytime during the session, but the behavior is similar to a local desktop. With multiple device support, you can connect multiple audio devices and select a specific device for a specific application. The Audio Plug N Play policy must be enabled on the Citrix Remote Desktop Session (RDS) desktop.
3 Click OK. If the authentication is successful, then you are logged into the Citrix session.
Configuring ICA connections To configure the ICA connections: 1 From the desktop menu, click System Setup, and then click Remote Connections. The Remote Connections dialog box is displayed. 2 In the Broker Setup tab, from the drop-down list, select the Broker type as None. 3 Click ICA connection protocol, and click Configure. The Default ICA dialog box is displayed. NOTE: Default ICA is always used for direct connection to a published application and not for StoreFront or PNAgent.
Figure 6. Default ICA a b c d Server or Published Application—Select the type of connection to which the settings apply. Connection Description—Enter the descriptive name that is to appear in the connection list (38 characters maximum). Browser Servers—Enter a delimited (comma or semicolon) list of IP addresses or DNS-registered names of ICA servers that contains the master browsers list, or that could refer to another server that contains the list.
e NOTE: The Host Name may be resolved using one of three mechanisms: ICA master browser, DNS or WINS. Master browser is the only mechanism that can resolve a published application unless manual entry is made in DNS for the application. DNS uses the default domain name in the network control panel to attempt to construct an FQDN but will also try to resolve the name without using the default.
Figure 7. Default ICA—Logon a Logging on area—Enter Login User name, Password, Domain name, and Logon Mode. If the Login User name, Password, and Domain name boxes are not populated, you can enter the information manually in the ICA server login screen when the connection is made: b • Login Username—Maximum of 31 characters is allowed. • Password—Maximum of 19 characters is allowed. • Domain Name — Maximum of 31 characters is allowed.
Figure 8. Default ICA—Options a b c d Autoconnect to local devices—Select any options (Printers, Serials, USB, Smart Cards, and Disks) to have the thin client automatically connect to the devices. Allow font smoothing—When selected, enables font smoothing (smooth type). Optimize for low speed link—When selected, allows optimization for low-speed connections, such as reducing audio quality and/or decreasing protocol-specific cache size. Intended for a connection spanning a WAN link or using dialup.
Table 7. Display details Platforms Wyse 5070 Extended thin client Wyse 5070 thin client—Pentium processor Wyse 5070 thin client—Celeron processor Best Display resolution Maximum number of system displays Standard or RDS desktop— Windows 10 /2012 R2/ 2016 HDX 3D Pro desktop— Windows 10 with GRID K1/K2 GPU 1920 x 1080 6 4 2560 x 1440 6 4 3840 x 2160 6 Not supported, due to GRID K1/K2 vGPU profile limitation.
Before resetting password or Unlocking account Before resetting your password or unlocking your account, you must register for the security questions enrollment. To register your answers for the security questions, do the following: 1 From the PNMenu, click the Manage Security Questions option (Classic and StoreFront only). The Security Questions Enrollment window is displayed. 2 Enter the appropriate answers to the question set.
3 Click OK to register the security questions. Using Account Self-Service After the security questions enrollment is complete, when ThinOS is connected to a StoreFront server with Self-Service Password Reset enabled, the Account Self-Service icon is displayed in the sign-on window. NOTE: If you enter wrong password more than four times in the Sign-on window, the client automatically enters the unlock account process. 1 Click the Account Self-Service icon to unlock your account or reset your password.
2 Click Unlock account or Reset password based on your choice, and then click OK. Unlocking account After you register the security questions, do the following to unlock your account: 1 Choose a task (Unlock account) in Account Self-Service window. 2 Enter the user name. The Unlock Account dialog box is displayed. 3 Enter the registered answers to the security questions.
If the provided answers match the registered answers, then the Unlock Account dialog box is displayed. 4 Click OK to successfully unlock your account.
NOTE: • If the provided answers are incorrect, the following error message is displayed. • If you provide the wrong answers more than three times, you cannot unlock the account or reset the password, and the following error messages are displayed. Resetting password After you register the security questions, do the following to reset your password: 1 Choose a task (Reset password) in Account Self-Service window. 2 Enter the user name. The Reset Password dialog box is displayed.
3 Enter the registered answers to the security questions. If the provided answers match the registered answers, then the Reset Password dialog box is displayed.
4 Enter and confirm the new password. 5 Click OK to successfully change the password. If you provide the wrong answers, you cannot reset the password, and an error message is displayed. QUMU or ICA Multimedia URL Redirection QUMU utilizes ICA Multimedia URL Redirection. You are required to install a browser plug-in for this feature to work. In earlier ThinOS releases, ICA Multimedia URL Redirection was partially supported. From ThinOS 8.
Verifying HTML5 Video Redirection—While the video is playing, a noticeable lag or jump in the video window is observed when you move the browser on the screen or scroll the browser. This behavior indicates that the video is being redirected. ThinOS event log for RAVE MMR is also displayed. Reference documents • Citrix sample video—www.citrix.com/virtualization/hdx/html5-redirect.html. • ICA Multimedia policy settings—www.docs.citrix.
Figure 9. Use video codec for compression setting • ThinWire Plus—Equivalent to Do not use video codec option • Fullscreen H.264—Equivalent to For the entire screen option • Selective H.264—Equivalent to For actively changing regions Verifying the working status of the ICA connections • ICA SuperCodec is always enabled without any limitation. • ThinOS event log displays ICA: SuperCodec enabled. NOTE: For ICA connections, there is no INI parameter.
Anonymous logon Anonymous logon feature enables the users to log into the StoreFront server configured with unauthenticated store without Active Directory (AD) user credentials. It allows unauthenticated users to access the applications instead of AD accounts. NOTE: Anonymous logon is not supported with legacy mode of StoreFront server.
Citrix UPD configuration on server a 90 To enable the printer policy, use the following guidelines: 1 To enable the printer policy in XenApp 6.5– Go to the DDC Server, click Start > Citrix AppCenter . 2 Click Citrix Resources > XenApp > Policies > User > Settings > Printing > Client Printers and enable the Auto-create generic universal printer. 3 Click Printing > Drivers and set the Universal print driver usage to Use universal printing only from the drop-down menu available.
4 To enable the printer policy in XenApp/XenDesktop 7.5 and later versions, do the following: a Go to the Citrix DDC Server, 1 Click Citrix studio > policies and add a policy. Enable the Auto-create generic universal printer option. 2 Set the Universal print driver usage to Use universal printing only from the drop-down menu.
b Check registry and make sure the same driver has been installed. 1 Check the drivers in registry of the server or desktop which you want to connect. The server or desktop must have ps, pcl5, pcl4 drivers in the registry and the same driver must be installed on the server or desktop. 2 Go to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\UniversalPrintDrivers\. ThinOS does not support EMF and XPS. NOTE: The supported drivers in the following table are one of the supported drivers for Citrix UPD used in ThinOS.
2 Under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\UniversalPrintDrivers\PCL5c\, change DriverAlias and DriverName HP LaserJet 2200 Series PCL 5. Flash Redirection The Flash Redirection solution is to off-load flash content to the ThinOS client, and locally render and decode the flash playback. The offloading is conducted by Citrix HDX Flash Redirection. The local rendering and decoding process are conducted by customized flash player and other multimedia process that runs locally on ThinOS.
Supported Environment— Supports only Citrix Connections with XenApp 6.5 and later versions and XenDesktop 7.0 and later versions. Required packages User must install the FR.i386.pkg package for the feature to work. Installation of packages To install the required packages, follow the steps mentioned here: 1 Upload packages to directory \wnos\pkg\. 2 Ensure that the INI autoload is not set to 0. Set INI AutoLoad=1 AddPkg=FR in wnos.ini.
For information about basic operations on Citrix HDX flash redirection and policies configurations, see Citrix documentation. Known Issues a Playback flash videos in Internet Explorer browser with normal security settings. b After flash video is loaded it will stay in initial size; for example, resizing browser will not resize the video content. c Only English font is supported; for example, subtitles in other languages will not be properly displayed.
– All Supported—Select this protocol connection to display the desktop in all the available connections, when a desktop pool is configured to allow users to select protocol as yes. If a desktop is configured with default protocol as PCoIP and allow user to select protocol as no, then ThinOS only displays the desktop in the PCoIP connection. – RDP only—Select this protocol connection to display only the desktop in RDP connection.
USB redirection RDS desktop through PCoIP/Blast—This feature is supported. Using unauthenticated access—You can anonymously log in to the VMware session with application remoting. To use the unauthenticated option, do the following: 1 On your AD server, create two anonymous users, for example, anonymous1 and anonymous2. 2 Log in to your View Admin web portal. 3 Navigate to Users and Groups > Unauthenticated Access, and add the two new anonymous users to the View Connection Manager.
Hide Server URL—The server URL can be hidden in the Horizon View broker UI. You can configure this setting using any of the following methods: • Using View Connection Server web portal a Log into your View Connection Server web portal. b Navigate to View Configuration > Global Settings > Edit, select the Hide server information in client user interface check box, and clear the Hide domain list in client user interface check box. c Click OK. d Log in to the VMware Horizon broker.
3 Verify the system audio recording using the VMware virtual microphone. 4 Verify the audio settings in VoIP application.
5 Verify the video settings in VoIP application using the VMware virtual webcam. 6 Start the audio or video calls. Dependencies and known issues • Dependency: RTME.i386.pkg needs to be installed for RTAV video. • The answer call button of the local audio device, supported by HDX RTME, is not supported by RTAV. • RTAV does not support RDS desktop, for example, 2008 R2/ 2012 R2 according to VMware. • Support for PCoIP and Blast protocol only. RDP protocol is not supported according to VMware.
Supporting VMware Blast VMware Blast display protocol can be used for remote applications and for remote desktops that use virtual machines or shared-session desktops on an RDS host. Select this protocol connection to display the desktop with the Blast protocol. NOTE: When you pause the pointer over the connection icons, the corresponding connection protocols are displayed in tooltip. This is designed for RDSH applications. From ThinOS 8.
Blast features Support on ThinOS Comments/ Known issues Copy Paste text Yes See, VMware Horizon server and client configurations/documentation. VPN connect Yes NA AES 128/256 Yes See, ThinOS AES design. Multi-display/ 4K/ 32-bit Yes See, VMware Blast support information. For example, the pre-requisite is Virtual Machine video RAM.
Hardware version Windows version Number of 4K displays supported 11 8, 8.x, and 10 1 • 3D rendering—You can configure 3D graphics rendering for connected desktops. To use the 3D rendering feature, use up to two monitors with a resolution of up to 1920 x 1200. For a resolution of 4K (3840 x 2160), only one monitor is supported. • Blast H.264—The following table describes the performance of H.264 decoder in VMware Horizon sessions that use the VMware Blast display protocol: Table 12. Blast H.
PCoIP Multi-monitor support Wyse 5070 thin client—Pentium Resolution Display layout No. of displays 1920 x 1200 2560 x 1440 3840 x 2160 Two Three Four Five Six Two Three Four Five Six Two Three Four Five Six Horizontal Yes Yes NA NA NA Yes Yes NA NA NA Yes NA NA NA NA Vertical Yes Yes NA NA NA Yes Yes NA NA NA Yes NA NA NA NA Wyse 5070 thin client—Celeron Resolution Display layout No.
Figure 10. Printer Setup d 6 Click Ok to save the configuration. Click the Options tab, and do the following: a Set LPT1: as default printer. b NOTE: Do not select the Enable .print Client check box. Click Ok to save the configuration.
Figure 11. Options 7 Connect to a VMware Blast session. Go to Control Panel > Devices and Printers. The printer that is configured locally in ThinOS is mapped to the session. The mapped printer’s driver is TP PS Driver and the port is TPVM port. The virtual printer allows the ThinOS local printer to be mapped to the VMware Blast session without installing the printer driver in the session.
Configuring the Microsoft Remote Desktop broker connection To configure the Microsoft Remote Desktop broker setup: 1 From the desktop menu, click System Setup, and then click Remote Connections. The Remote Connections dialog box is displayed. 2 3 In the Broker Setup tab, from the drop-down list, select Microsoft, and do the following: • Broker Server—Enter the IP address/Hostname/FQDN of the Broker Server.
a b c d Connection Description—Enter the descriptive name that is to appear in the connection list (38 characters maximum). Host Names—Use the list to select the valid DNS server name or the IP address of the server to which the thin client connection is to be made you can also use Browse next to the box to make the selection you want. For example, a list of WTS servers on the local network from which you can select. NOTE: The server name may be resolved using one of two mechanisms: DNS, and WINS.
You can reset the options on the Connection tab of the Connection Settings (RDP) dialog box. To do so, click the Reset VM command button. This command button is located in the upper-right of the dialog box. It appears only with a VDM broker connection. 5 Click Logon tab, and use the following guidelines: a b c Logging on area —Enter login username, password, and domain name.
NOTE: The user name, password, and domain name fields are optional. If you leave any of these fields blank, interactive login is required and users must enter the information at login time. 6 Click Options tab, and use the following guidelines: a b c d e f g h i j k l 7 Wallpaper—When selected, disables the desktop wallpaper. Menu / Window animation—When selected, disables the menu or window animation. Theme—When selected, disables the desktop themes.
Features of RDP protocol Remote Desktop Protocol (RDP) is a network communications protocol developed by Microsoft that enables you to remotely access virtual desktops and applications. This section describes the functionality of ThinOS over RDP protocol. Support for multi-monitors in RDP session ThinOS supports multiple-monitor display to launch RDP desktops on each monitor. User scenario: 1 Connect multiple monitors to ThinOS device.
Table 16. RDP H.264 decoding matrix Unit type GPU Session Windows 10/Windows Server 2016 Display resolution H.264-AVC444 AMD Wyse 5070 Extended thin client Intel Wyse 5070 thin client—Celeron processor Wyse 5070 thin client—Pentium processor Intel Windows 8.1/Windows Server 2012 R2 Decoding H.
• 4 Prioritize H.264/AVC 444 Graphics mode for Remote Desktop connections • Configure H.264/AVC hardware encoding for Remote Desktop connections Open cmd.exe and run gpupdate /force, or restart the server. VOR codec in RDP session When you are playing video in an RDP session—Windows 8.1, Windows 2012 R2, Windows 10 and Windows 2016—VOR codec is used. The following logs are displayed in the Event Log tab. Figure 12. Event log tab NOTE: • Dependence 1—RDP GFX status, H.
Server operating system TS Gateway II TS Gateway III WebSocket Windows 2016 Support Support Support NOTE: • In TS Gateway II or III connection, the setup uses a two half-duplex communication between Terminal Server (TS) Gateway server and thin client.
Configuring Dell vWorkspace Workspace virtualization delivers a list of applications or desktops together as a single complete virtual workspace. It isolates and centralizes an entire computing workspace. vWorkspace provides flexible, location and platform independent access by delivering virtual workspace from multiple virtualization platforms. This section provides information about how to configure a Dell vWorkspace broker connection on your ThinOS device.
For information about deploying AWS WorkSpaces and AWS EC2 PCM for AWS WorkSpaces, go to www.teradici.com/web-help/ Connecting_ZC_AWS_HTML5/TER1408002_Connecting_ZC_AWS.htm#03_DeployPCM.htm%3FTocPath%3D3. For information about configuring the Broker Server address = “URI (https://) of the PCM”, go to www.teradici.com/web-help/Connecting_ZC_AWS_HTML5/TER1408002_Connecting_ZC_AWS.htm#05_Connect.htm%3FTocPath %3D5.
6 Configuring local settings You can configure available thin client settings on the thin client using the following. Depending on user privilege level, some dialog boxes and options may not be available for use.
a Screen Saver — Allows you to select the type of screen saver you want. The default is to Turn Off Screen. b Other available screen savers are Flying Bubbles, Moving Image, Showing Pictures, and Playing Video. Timer — Select a time after which the screen saver is to be activated; either disable, 1 minute, 3 minutes, 5 minutes, 10 minutes (default), 15 minutes, or 30 minutes. c When the thin client is left idle for the specified idle time, the screen saver is initiated.
Setting the time and date To configure the time and date settings: 1 From the desktop menu, click the System Setup, and then click System Preferences. The System Preference dialog box is displayed. 2 Click the Time/Date tab, and use the following guidelines: a b Time Zone— Select a time zone where the thin client operates from the drop-down list. Default value is Unspecified. Enable Daylight Saving— Allows you to enable the daylight saving settings.
Setting the custom information Use the Custom Info tab to enter configuration strings for use by WDM software. The configuration strings can contain information about the location, user, administrator, and so on. To set the custom information: 1 From the desktop menu, click System Setup, and then click System preferences. The System preference dialog box is displayed. 2 Click the Custom Info tab to enter configuration strings used by WDM software.
Figure 15. Display settings If you clear the Mirror mode check box, the Span Mode is enabled. The following screen represents the span mode configuration.
Figure 16. Display settings Blocks displayed on the screen represent the number of monitor screens connected to the thin client. Each block represents a single monitor screen. Every monitor contains a unique display order number and display configuration. You can move the blocks horizontally or vertically and construct the multi-display layout in mixed directions. To construct a new display layout, move the blocks to your preferred position, and click Apply. A new display layout is created.
• Resolution—From the Resolution drop-down list, select a display resolution supported by your monitor. In Mirror Mode, the resolution list is derived from the intersection of resolutions in all connected monitors. In Span Mode, select a monitor block and change its resolution from the Resolution drop-down list. • 3 Rotation—From the Rotation drop-down list, select an option to rotate the monitor screen in different directions—Left turn 90 degrees or Right turn 90 degrees.
Number of displays Supported display resolution Two displays Yes Yes Three displays No¹ Yes² ¹VGA port does not support 4K display. However, it supports a display with 1080p screen resolution. ²For non-4K displays, screen resolution up to 2560 x 1600 @ 60 Hz is supported on all ports except VGA. VGA port supports only 1080p resolution. Table 20.
NOTE: 4K resolution @ 60 Hz on USB-C type port is tested using the Type-C to HDMI and DP adapters. Dell monitor S2718D with USB type-C port supports up to 2560 x 1440 resolution. Wyse 5070 Extended thin client with AMD GPU Table 23.
Figure 17. Ports on Wyse 5070 Extended thin client Display priority—The following order defines the display priority set on ThinOS for Wyse 5070 Extended thin client: • DP1 > DP2 > DP3 > DP4 > mDP5 > mDP6 • DP1 > USB Type-C > DP3 > DP4 > mDP5 > mDP6 • DP1 > DP2 > VGA > DP4 > mDP5 > mDP6 • DP1 > USB Type-C > VGA > DP4 > mDP5 > mDP6 NOTE: Display cable hot plug—Screen layout settings are changed based on supported display resolution and the port to which the monitor is plugged in.
Configuring the peripherals settings The Peripherals dialog box enables you to configure the settings for the Keyboard, Mouse, Audio, Serial, Camera, Touch Screen, and Bluetooth.
Parameter Description ASCII, but they contain additional characters for European languages. 3 Keyboard Layout Presently the keyboard languages listed in the Keyboard layout drop-down list are supported. The default value is English (United States). Delay Before Repeat Specifies the repeat parameters for held-down key. Select the Delay before repeat value as either 1/5 second, 1/4 second, 1/3 second, 1/2 second, 3/4 second, 1 second, 2 seconds, or No Repeat. The default is 1/3 second.
Configuring the audio settings To configure the audio settings: 1 From the desktop menu, click System Setup, and then click Peripherals. The Peripherals dialog box is displayed. 2 Click the Audio tab to select the volume settings for connected devices. Figure 18. Audio tab a b Click the Playback Devices tab to select the type of the audio from the drop-down menu.
g h Select the Enable DP audio check box to enable the DisplayPort audio function on your thin client. Select the Enable headset popup check box if you want the headset popup dialog box to be displayed when you connect an analog headset to the front headset jack. In the headset popup dialog box, select any one of the following audio devices: • Headset • Headphone • Speaker NOTE: To disable the headset popup dialog box, select the Not show again check box, and click OK.
a b c d e f g h 3 Select Port—Click the button to select the Port. Default is COM 1. Baud Rate—Select the Baud Rate from the drop-down list. Default is 9600. Parity—Click the button to select the Parity. Stop—Click the button to select the stop bits 1, 1.5, 2. Default value is 1. Size—Click the button to select the Character size 5, 6, 7, or 8 bits. Default is 8. Flow Control—Click the button to select Flow Control: Either None, XON/XOFF, CTS/RTS, or Both can be selected. Default is None.
NOTE: You can optimize performance and modify the frame rate per second, if the Optimize for CPU check box is not selected—supported values include 1/1, 1/2, 1/3, 1/4, 1/5, and 1/6– directly from the thin client (if the webcam supports Universal Video Driver). Also, this feature is CPU intensive and is recommended for high performance products. Configuring the touch screen settings Use the Touch Screen tab to configure touch screens that are connected to the thin client.
The Peripherals dialog box is displayed. 2 Click the Bluetooth tab, and use the following guidelines: Bluetooth enabled devices, such as headsets and mouses that are available in the thin client environment are listed in the Bluetooth page. The following attributes are displayed in the list: • Name—Specifies the name of the Bluetooth enabled device. • Type—Specifies the type of the Bluetooth enabled devices, such as headsets, mouses, and keyboards.
Table 27. User scenario User scenario Status Device turned off Disconnected | Paired Device turned on Connected | Paired Device disconnected from ThinOS Disconnected | Not Paired • Scan—All Bluetooth devices enter into Page Scan mode. Different Bluetooth devices enter into the Page Scan mode at different instances such as when a specific button is pressed three times or a specific button is pressed and held until the LED turns blue.
USB support USB port—USB 3.0 is compatible with USB 2.0. When USB 2.0 device is connected to 3.0 ports, the behavior of the device remains unaltered. For USB 3.0 device to connect to 3.0 ports, the device type should be of 5 Gbps. All types of USB devices work when connected to USB 3.0 port. USB hard disk—Do not plug in the USB hard disk with 10 or more drives, or do not plug in more than 10 USB keys into ThinOS client. ThinOS does not detect the USB disk with 10 or more drives.
a b Select Port— Select the port you want from the list. LPT1 or LPT2 selects the connection to a direct-connected USB printer. Printer Name — (Required) Enter name you want displayed in your list of printers. most USB direct-connected printers report/fill in their printer name automatically. c NOTE: If Enable LPD service for the printer is selected, the printer name becomes the queue name for other clients using LPR to print to this printer.
Configuring the LPDs settings To configure the LPDs settings: 1 From the desktop menu, click System Setup, and then click Printer. The Printer Setup dialog box is displayed. 2 Click the LPDs tab, and use the following guidelines when printing to a non-Windows network printer: NOTE: Be sure to check with your vendor that the printer can accept Line Printer Request print requests. a b c d e Select LPD —Select the port you want from the list.
This name can be different for each vendor. This field is required and must be correct so that the network printer accepts incoming print jobs properly. For example, auto can be used for HP LaserJet 4200n PCL6 as per documentation found on the HP Web site. f g 3 NOTE: If the printer is attached to another thin client on your network, the LPD Queue Name must match the content of the Printer Name box on the thin client with the printer attached.
d e f g This name must be either the device driver name for the printer under the Microsoft Windows system, or a key to map to the device driver. If not specified, the name will be defaulted to the printer-supplied identification for standard direct-connected USB printers or Generic / Text for non-USB connected printers upon connection to Windows hosts. The driver name mapping takes place either through a printer-mapping file read by the system as part of the global profile (wnos.
Reset features Reset features include: • Resetting to factory defaults using G-Key reset • Resetting to factory defaults using shutdown reset • Resetting display settings using V-Key reset Resetting to factory defaults using G-Key reset High-privileged or stand-alone users can reset the thin client to factory default settings using the G-key reset feature. To reset the thin client to factory default settings, restart the thin client and continuously tap the G key during the restart process.
7 Performing diagnostics Diagnostics include: • System tools • Using the troubleshooting options System tools Use the System Tools dialog box to view device details, package details and Global INI/User INI information. You can also import certificates using the Certificates tab. 1 From the desktop menu, click System Tools. The System Tools dialog box is displayed. 2 Click the Devices tab to display all the locally attached devices, including USB, Serial, and Parallel on applicable platforms.
3 Click the Certificates tab, and use the following guidelines: a b c d 4 Import the certificates by selecting either USB Storage or File Server from the drop-down list, and then click Import to import the required certificate. Click Delete to delete the imported certificate. Click View Certificate to view the imported certificate information such as Version, Validity, and Serial number. You can also view the certificate path and certificate status.
To install this package, PKG installation INI file needs to be changed to AddPkg=“horizon”. • pcoip.i386.pkg—This package is available only on PCoIP clients. • TCX.i386.pkg—This package is introduced to support TCX. You cannot delete the base package separately. If you click Delete All, all packages are deleted including the base package. When you click Delete All, a message is displayed prompting you to restart the device. The base.i386.pkg is mandatory for all ThinOS clients.
WCM function is supported from WDM for comprehensive client configuration. Without configuration from server, the client loads the cached settings (wdm.ini), if available. Limitation To upgrade or downgrade firmware/image through WCM, you are required to enable WDM file server function by selecting the WTOS INI path upon checkin (FTP/HTTPS/HTTP/CIFS) check box in the WTOS preferences in the WDM configuration manager.
At the end of the transactions defined in this protocol, the network device has a private key and associated certificate that is issued by a CA. Applications on the device may use the key and its associated certificate to interact with other entities on the network. The most common usage of this certificate on a network device is to authenticate the device in an IPSec session. ThinOS is treated as a network device.
NOTE: • CA Certificate Hash type currently supports MD5, SHA1 and SHA256. • Request server URL can be an HTTP or HTTPs link. You can add protocol prefix before URL. Requesting certificate automatically Use INI parameters to automate the request and renew certificate process. Related INI parameters are of global scope and should be used with INI parameter ScepAutoEnroll. For more information about using the INI parameters, refer to the latest Dell Wyse ThinOS INI Reference guide.
Table 28. BTCTRoot.crt Certificate details Certificate field Default value/format Version V3 Serial number 02 00 00 b9 Signature algorithm sha1RSA Issuer Baltimore CyberTrust Root CN=Baltimore CyberTrust Root OU=CyberTrust O=Baltimore C=IE Valid from 2000–05–12 18:46:00 Valid to 2025–05–12 23:59:00 Subject Baltimore CyberTrust Root CN=Baltimore CyberTrust Root OU=CyberTrust O=Baltimore C=IE Public key RSA (2048 bits). Key bits are displayed in the lower pane of the window.
Certificate field Default value/format C=US Valid from 1998–05–18 00:00:00 Valid to 2028–08–12 23:59:59 Subject VeriSign Trust Network OU=VeriSign Trust Network OU=(c) 1998 VeriSign, Inc. – For authorized use only OU=Class 3 Public Primary Certification Authority – G2 O=VeriSign, Inc C=US Public key RSA (1024 bits). Key bits are displayed in the lower pane of the window.
Certificate field Default value/format Key bits are displayed in the lower pane of the window. Thumbprint algorithm sha1 Thumbprint 0b 77 be bb cb 7a a2 47 05 de cc 0f bd 6a 02 fc 7a bd 9b 52 Certificate name—Entrust_G2.crt Table 31. Entrust_G2.crt Certificate details Certificate field Default value/format Version V3 Serial number 4a 53 8c 28 Signature algorithm sha256RSA Issuer Entrust Root Certification Authority CN=Entrust Root Certification Authority—G2 OU=(c) 2009 Entrust, Inc.
Table 32. EquafaxCA1.crt Certificate details Certificate field Default value/format Version V3 Serial number 04 Signature algorithm md5RSA Issuer Equifax Secure eBusiness CN=Equifax Secure eBusiness CA-1 0=Equifax Secure Inc. C=US Valid from 1999–06–21 04:00:00 Valid to 2020–06–21 04:00:00 Subject Equifax Secure eBusiness CN=Equifax Secure eBusiness CA-1 0=Equifax Secure Inc. C=US Public key RSA (1024 bits). Key bits are displayed in the lower pane of the window.
Certificate field Default value/format Valid to 2034–06–29 17:06:20 Subject Go Daddy Class 2 Certification Authority OU=Go Daddy Class 2 Certification Authority O=The Go Daddy Group, Inc. C=US Public key RSA (2048 bits). Key bits are displayed in the lower pane of the window.
Certificate name—Pc32ss_v4.crt Table 35. Pc32ss_v4.crt Certificate details Certificate field Default value/format Version V1 Serial number 70 ba e4 1d 10 d9 29 34 b6 38 ca 7b 03 cc ba bf Signature algorithm md2RSA Issuer Class 3 Public Primary Certification Authority OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc.
Certificate field Default value/format CN=VeriSign Class 3 Public Primary Certification Authority — G5 OU=(c) 2006 VeriSign, Inc. – For authorized use only OU=VeriSign Trust Network O=VeriSign, Inc C=US Public key RSA (2048 bits). Key bits are displayed in the lower pane of the window.
2 Click the General tab, and use the following guidelines: • Click either USB or File Server to select your target device you want to use for CMOS management. • Extract CMOS—Click this option to extract the CMOS settings to the USB Key or file server based on your target device selection. • Restore CMOS—Click this option to write the CMOS settings from the USB Key to the target thin client. • Performance Monitor—Click this option to display your thin client CPU, Memory, and Networking information.
4 Click the Capture tab to configure the Export Event Log, Network Capture to USB, Wireless Capture to USB, and capture USB packets.
If you want to enable the error messages, use the following guidelines: • Click either One-time or Persistent option to enable logging the unexpected error message. • Turn off logging and then check the log file under the folder ftp:/wnos/trouble_shoot. • Be sure to enable the Enable Trace option of the Privilege parameter in a wnos.ini file. For more information, see Dell Wyse ThinOS INI Guide.
After you log in and use the XenDesktop server or network, you will see a /wnos/troubleshoot/[Terminal Name]_[ENET or WS]. [Date_Time].pcap file in the USB drive which you can analyze using software such as a packet analyzer used for network troubleshooting, and analysis. For example, for Ethernet, the file name is yx008064b2bfd7_ENET.20150415_064455.pcap. For wireless, the file name is yx008064b2bfd7_WS.20150415_064455.pcap.
NOTE: Ping sends an echo request to a network host. The host parameter is either a valid host name or an IP address. If the host is operational and on the network, it responds to the echo request. Ping sends one echo request per second and calculates round trip times and packet loss statistics. It displays a brief summary upon completion of the calculation. The ping utility can be used to: • Determine the status of the network and various foreign hosts. • Track and isolate hardware and software problems.
The tracert utility traces the path from your thin client to a network host. The host parameter is either a valid host name or an IP address. The tracert utility sends out a packet of information three times to each device (routers and computers) in the path and displays the round trip response times and identifying information in the message box. 7 Click OK to save the settings.
8 TCX Suite Dell Wyse TCX Suite is a single software solution that provides the benefits of cloud client computing. The supported environments for Dell Wyse TCX Suite are Microsoft Remote Desktop Services, Citrix XenApp, Citrix XenDesktop, Teradici, and VMware Horizon View. The Collaborative Processing Architecture (CPA) used in Dell Wyse TCX divides the workload between the server and Plug-n-Play USB devices.
9 Trusted Platform Module version 2.0 Wyse 5070 thin client supports disk encryption and decryption through Trusted Platform Module (TPM) version 2.0. • Measured boot—SHA1 (Secure Hash Algorithm 1) is used to produce a hash value for ThinOS image, and extend the integrity measurement into Platform Configuration Registers (PCR) inside TPM—TPM_PCR16. This is used to generate disk encryption or decryption key.
– After the disk partition is formatted, some user configurations, such as display settings, user certificates, wireless settings—except the first SSID, as it is saved in NVRAM—cookie, and mirror file server data, are lost. 162 Trusted Platform Module version 2.
10 BIOS management on ThinOS This appendix describes the BIOS management on the ThinOS devices with Dell Standard BIOS. To make BIOS management consistent between Wyse and Dell BIOS, INI parameter Device=DellCmos is introduced for Dell Standard BIOS. For BIOS configuration, if the password is configured, to update any settings, the password is required to be supplied. For example, the INI parameter to update settings must be followed with “CurrentPassword={}”. This is mandatory for Dell BIOS.
Major requirement INI parameter for BIOS management Wyse 5070 thin client USB Port management with INI Device=cmos USBController={yes, no} Device=DellCmos USBRearPort={yes, no} USBFrontPort={yes, no} (Rear/Front for Dell BIOS only) Yes Admin lockup management with INI Device=DellCmos AdminLock= {yes, no} Yes Wake on USB support Device=DellCmos WakeOnUSB={yes, Yes no} Wake On LAN Device=cmos WakeOnLan= {yes, no} Device=DellCmos WakeOnLan= {Disable, LAN, PXE} Yes Accessing BIOS settings After st
Parameters Device boot Settings • – Every Day – Weekdays – Select Days Wake-On-USB • • USB boot PXE boot For information about INI parameters and their usage, see the latest Dell Wyse ThinOS INI Reference Guide. The following are examples of INI parameters: • Device=DellCmos newpassword=1234567 or newpasswordenc=encrypted strings—Use this INI parameter to create the admin password when password is not set.
11 Security A new global security policy has been defined for ThinOS and this policy is applied to all secure connections (https/SSL connections) with a few exceptions. Purpose—To improve the security level by default and add the global configuration. This security policy integrates security setting for each application. Table 39.
• Wyse Management Suite, Microsoft RDS broker, Citrix broker, and SecureMatrix are always Full. File Server default protocol is retained as FTP without any setting from WDM/DHCP/INI and always displays the full address with protocol prefix. For example, ftp://.
For warning security mode, the following warning messages are displayed: The server address does not convert to http, if WDM server is set as https. • In the previous scenario, If WDM server is configured without HTTPS, and local WDM server address is specified in HTTPS, then the system converts it to HTTP address. • In the current scenario, the system does not convert the WDM server address to HTTP.
Known issue for Prime MD 840 smart card: If first container is used, then Xen broker logon fails.
A Automating updates and settings using central configuration This appendix describes how to set up your environment to provide your thin clients running ThinOS with automatic updates and configurations in three simple steps. NOTE: Dell Wyse thin clients do not require device management software. They are configured to obtain their IP address, as well as the location of firmware and configuration instructions, from a DHCP server.
Option Description Notes 54 DHCP Server IP Address Recommended. 55 Parameter Request List Sent by thin client. 57 Maximum DHCP Optional (always sent by thin client). Message Size 58 T1 (renew) Time Optional, but recommended. 59 T2 (rebind) Time Optional, but recommended. 61 Client identifier Always sent. 161 File server (ftp/http/https) Optional string. Can be either the name or the IP address of the file server.
Option Description Notes 166 WMS MQTT Server Optional string. Specifies the IP address of the MQTT Server. 167 WMS CA Validation Optional string. 181 PNAgent/ PNLite server list Optional string. The thin client uses the server to authenticate the Windows credentials of the user and to obtain a list of ICA published applications valid for the validated credentials. The user supplies those credentials when logging in to the thin client. 182 NT domain list for PNAgent/ PNLite Optional string.
Option Description Notes 190 WDM secure port Optional number, word or two-bytes array. Specifies to use HTTPS to communicate with WDM instead of HTTP. 192 WDM server port Optional number, word or two-bytes array. NOTE: The value of this option tag represents the same information as option tag 187. The difference is that ThinOS interprets the value of this option tag in correct order (for example, the value of 0x0050 is interpreted as0x0050).
B Examples of common printing configurations This appendix provides examples on using the Printer Setup dialog box and ThinOS INI parameters for common printing situations. Use these general guidelines in addition to the information provided in Configuring the Printer Setup. IMPORTANT: Host-based printers are not supported.
c d e 3 Printer Identification — Enter the type or model of the printer in the exact text of the Windows printer driver name — including capitalizations and spaces most USB direct-connected printers report/fill in their printer identifications automatically. In our example case, enter HP LaserJet 4000 Series PCL. Printer Class — You can leave this as default. Enable the printer device — Must be selected to enable the directly connected printer enables the device so it displays on the remote host.
the network printer accepts incoming print jobs properly. In our case example, auto can be used for HP LaserJet 4200n PCL6 as per documentation found on the HP website. f g NOTE: If the printer is attached to another thin client on your network, the LPD Queue Name must match the content of the Printer Name box on the thin client with the printer attached. Printer Class —You can leave this as default.
d e f Printer Identification — Enter the type or model of the printer in the exact text of the Windows printer driver name—including capitalizations and spaces. In example case, enter HP LaserJet 4100 Series PCL. Printer Class —You can leave this as default. Enable the printer device — Must be selected to enable the printer. It enables the device so it displays on the remote host.
Username=$UN \ Password=$PW \ Domain=$DN Using your thin client as a print server ThinOS thin client can be configured as a basic network print server, to share local printers with other thin clients. Using the Printer Setup dialog box for configuring LPD services From the Classic desktop mode only, a thin client can be configured to provide LPD (Line Printer Daemon) services making the thin client a printer server on the network.
Your INI parameters will look something like the following: Printer=LPT1 \ Name="HP LaserJet 4000" \ PrinterID="HP LaserJet 4000 Series PCL" \ Enabled=yes \ EnableLPD=yes NOTE: The PrinterID is the exact text of the Windows printer driver name, so if a printer driver is named HP LaserJet 4000 Series PCL in Windows, then it must be exactly the same in the PrinterID field in the INI parameters including capitalizations and spaces.
C Important notes VNC RFB version upgrade—Since ThinOS 8.0_214, the VNC RFB version has been upgraded to 3.8. This version upgrade provides support for applications like DameWare. Thus, an administrator can now remote into a ThinOS device using either DameWare or VNC Viewer. Prior to 8.0_214, you could only use VNC Viewer.
D Troubleshooting This section describes some basic troubleshooting that you can implement when you experience any problem. • Firmware/Package update: When the packages fail to update, or cannot function (cannot connect desktop) after update with new version firmware, or if there is further failure, the workaround is to remove all packages and reinstall the packages upon reboot.
E Frequently asked questions Question: How to enable USB Redirection in RDP windows 10 session? Solution—You must change the policy. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Service > Remote Desktop Session Host > Device and Resource Redirection > Do not allow supported Plug and Play device redirection and disable this policy.
F Firmware installation Firmware installation is the process of installing the ThinOS firmware on your thin client. To install the ThinOS firmware, use any of the following methods: • File Transfer Protocol (FTP) Windows server • HTTP/HTTPS Windows server • Dell Wyse Management Suite version 1.2 • Dell Wyse USB Imaging Tool version 3.1.0 Table 41.
To upgrade the ThinOS firmware using FTP server: 1 Go to www.dell.com/support. 2 Download the latest ThinOS firmware and latest ThinOS packages that corresponds to your thin client model. If the firmware and packages are in the form of a compressed self-extracting (.EXE) or zipped file (.ZIP), then extract the files. 3 Place the extracted firmware files in the C:\inetpub\ftproot\WYSE\wnos folder, and the packages to C:\inetpub\ftproot\WYSE\wnos \pkg on your FTP server. 4 Create a wnos.
Installing IIS creates the default directory C:\inetpub\WWWroot, which is known as the WWW root. In the WWWroot directory, create a folder WYSE and a sub folder wnos. The directory structure must read as C:\inetpub\wwwroot\WYSE\wnos. To upgrade the ThinOS firmware using HTTP or HTTPS server: 1 Go to www.dell.com/support. 2 Download the latest ThinOS firmware and latest ThinOS packages that corresponds to your thin client model.
11 In the Device Configuration pane, click Firmware Upgrade, and then click Configure this item. 12 From the Platform type drop-down list, select your thin client model. 13 From the Firmware to auto deploy drop-down list, select the firmware file that corresponds to your thin client model. 14 Click Save & Publish. The thin client restarts, and the firmware version is upgraded. Firmware installation using Dell Wyse USB Imaging Tool Use the Dell Wyse USB Imaging Tool version 3.1.
