Wyse C10LE, R10L, S10, V10L Dual DVI, V10LE Administrator's Manual

Download

Page 1

Administrators Guide

Wyse ThinOSTM

Products: C10LE, R10L, S10, V10L Dual DVI, V10LE

Issue: 092910 PN: 883682-08 Rev. U

Page 2

transcribe, store in a retrieval system, or translate into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, any part of this publication without express written permission.

End User License Agreement (“License”)

A copy of the Wyse Technology End User License Agreement is included in the software and provided for your reference only. The License at http://www.wyse.com/license agreement. By copying, using, or installing the software or the product, you agree to be bound by those terms.

Trademarks

The Wyse logo and Wyse are trademarks of Wyse Technology Inc. Other product names mentioned herein are for identification purposes only and may be trademarks and/or registered trademarks of their respective companies. Specifications subject to change without notice.

Patents

This product and/or associated software are protected by copyright, international treaties, and various patents, including the following U.S. patents: 6,836,885 and 5,918,039.

Restricted Rights Legend

You acknowledge that the Software is of U.S. origin. You agree to comply with all applicable international and national laws that apply to the Software, including the U.S. Export Administration Regulations, as well as end-user, end-use and country destination restrictions issued by U.S. and other governments. For additional information on exporting the Software, see http://www.microsoft.com/exporting

as of the purchase date is the controlling licensing

Ordering Information

For availability, pricing, and ordering information in the United States and Canada, call 1-800-GET-WYSE (1-800-438-9973) or visit us at http://www.wyse.com

FCC Statement

This equipment has been tested and found to comply with the limits for either Class A or Class B digital devices, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Shielded interconnect cables and shielded AC power cable must be employed with this equipment to insure compliance with the pertinent RF emission limits governing this device. Changes or modifications not expressly approved by the system’s manufacturer could void the user’s authority to operate the equipment.

Caution

Modifications made to the product, unless expressly approved by Wyse Technology, could void the user’s authority to operate the equipment.

. In all other countries, contact your sales representative.

Page 3

Regulatory Compliance for Thin Clients

Basic EMC and Safety Requirements

Wyse thin clients are compliant with the regulatory requirements in the regions listed below. U.S.A. - FCC Part 15 (class B), cUL 60950 Canada - IC ICES-003, CAN/CSA-C22 No. 60950 Europe - EN 55022 (class B), EN 55024

Canadian DOC Notices

Class A - This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus

set out in the Radio Interference Regulations of the Canadian Department of Communications. Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le Réglement sur le brouillage radioélectrique édicté par le Ministère des Communications du Canada.

Class B - This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications. Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe B prescrites dans le Réglement sur le brouillage radioélectrique édicté par le Ministère des Communications du Canada.

Device Power Supply

Use only the external power supply that comes with your thin client. For power and voltage ratings, see the serial number label or regulatory label on your device. For power adapter replacement, contact your Wyse Service Representative. For proper replacement compare the labels on both mobile thin client and power adapter to ensure that their voltages match.

Warning

Use of any other power adapter may damage your mobile thin client or the power adapter. The damage caused by an improper power adapter is not covered by warranty.

Battery Information

Models Cx0, Rx0L, and VX0 contain an internal button cell battery replaceable by Wyse or one of our Authorized Service Centers. For service, visit http://www.wyse.com/serviceandsupport/service/service.asp

Warning

There is a risk of explosion if the battery is replaced by an incorrect type. Always dispose of used batteries according to the instructions accompanying the battery.

Perchlorate Materials - Special Handling May Be Required under California Code of Regulations, title 22. (Only required within the U.S.A.)

Page 4

This page intentionally blank.

Page 5

Content s

1 Introduction 1

About this Guide 1

Finding the Information You Need in this Guide 1

Wyse Technical Support 1

Related Documentation and Services 1 Wyse Online Community 2

2 Getting Started 3

Connecting to a Remote Server 3

Manual Connection Procedures 4 Using Your Desktop 5 Locking the Thin Client 6 Signing Off and Shutting Down 6

3 Notable Wyse ThinOS Features 9

Login Dialog Box Features 9 Accessing System Information 10 Manually Configuring Global Connection Settings 10 Additional Wyse Zero Desktop Features 12

Wyse Zero Interactive Desktop Guidelines 12

Wyse Zero Toolbar 13

List of Connections 14 Additional Classic Desktop Features 15

Classic Interactive Desktop Guidelines 15

Shortcut Menu 16

Desktop Menu 16

Connect Manager 17

4 Configuring Connectivity Options 19

Network Setup 20 Remote Connections 25 Central Configuration 27 Advanced Details on Configuring ICA and RDP Connections 28

Configuring ICA Connections 28

Configuring RDP Connections 32

5 Configuring Local Settings Options 35

System Preferences 36 Display 38 Peripherals 40 Printers 43

Configuring LPD Services 46

Setting Up Windows NT4 Servers 46 Setting Up Windows 2003/2008 Servers 47

Page 6

vi Contents

6 Performing Diagnostics 49

System Tools 50 Network Tools 50

Using Ping 50

Using Trace Route 51

A Central Configuration: Automating Updates and Configurations 53

Understanding How to Configure Your Network Services 53

DHCP and FTP Servers Available 54

FTP Server Available (DHCP Server Unavailable) 55

DHCP and Virtual Desktop Servers Available 56

Virtual Desktop Server Available (DHCP Server Unavailable) 57

FTP and Virtual Desktop Servers Unavailable (Stand-alone User or PNAgent/

PNLite-only User) 58 Configuring Network Services 58

Configuring FTP Servers 59

Configuring Virtual Desktop Infrastructure Servers 62

Configuring XenDesktop Support 62

Configuring DHCP (DHCP Options) 62

Configuring DNS 67

Configuring WINS 67

Configuring Wyse Device Manager Servers 67

Configuring Wireless Access 67

Configuring for Transport Layer Security (TLS) Connections Ove r a LAN 68 Configuring Session Services 70

About Wyse TCX Software 71

About Wyse Virtual Desktop Accelerator Software 71

Configuring ICA Session Services 72

Configuring RDP Session Services 73

PNAgent/PNLite Installation Guidelines 72

B Remote System Administration 75

Using Wyse Device Manager Software For Remote Administration 75 Updating Software 75 Managing Icons and Logos 77 Understanding and Using System Lockdown Operations 77 Configuring Virtual Access Suite Support 78

Installing the VAS Hotfix 78

Enabling HTTP and HTTPS Support on the Connection Brokers (VAS Support) 79

Installing Connection Broker Web Server Certificates (VAS Support) 79

Configuring the Connection Broker HTTP and HTTPS Ports (VAS Support) 79 Configuring {username}.ini Files and RDP Connection Parameters (VAS Support) 79 Updating the Wyse ThinOS Firmware (VAS Support) 80

C Local System Administration 81

Resetting to Factory Defaults Using G-Key Reset 81 Resetting to Factory Defaults Using Shutdown Reset 81 Resetting Display Settings Using V-Key Reset 82 Accessing Thin Client BIOS Settings 82 Enabling a Disabled Network Setup Dialog Box 82 Configuring ThinPrint 83

Tables 85

Page 7

1 Introduction

Wyse® thin clients running Wyse ThinOS™ are highly optimized thin clients that provide ultra-fast access to applications, files, and network resources available on machines hosted by Citrix, Microsoft, VMware, or other leading infrastructures. Wyse Th in OS us es the new Wyse Zero engine to provide a secure, near-zero management core that requires no local antivirus software or firewall to protect against viruses or malware.

Session and networks services available on enterprise networks may be accessed on enterprise networks, a direct intranet connection, or from a remote location using a secu re gateway from Citrix or VMware.

About this Guide

This guide is intended for administrators of Wyse thin clients running Wyse ThinOS. It provides information and detailed system configurations to help you design and manage a Wyse ThinOS environment.

Finding the Information You Need in this Guide

You can use either the Search window or Find toolbar to locate a word, serie s of words, o r partial word in an active PDF document. For detailed information on using these features, refer to the Help in your PDF reader.

Wyse Technical Support

To access Wyse technical resources, visit http://www.wyse.com/support. If you still have questions, you can submit your questions using the Wyse Self-Service Center Wyse.com home page, go to Support > Knowledge Base > Home tab) or call Customer Support at 1-800-800-WYSE (toll free in U.S. and Canada). Hours of operation are from 6:00 A.M. to 5:00 P.M. Pacific Time, Monday through Friday.

To access international support, visit http://www.wyse.com/global

Related Documentation and Services

Wyse thin client features can be found in the Fact Sheet for your specific thin client model. Fact Sheets are available on the Wyse Web site. Go to http://www.wyse.com/products click the Wyse Thin Clients link, click the link for your thin client, and then click the Fact Sheet link.

Sample User INI files are intended for administrators of Wyse thin clients running Wyse ThinOS. These files are available from the Wyse Web site (go to

http://www.wyse.com/manuals

then click the sample ini link to open and use the file download dialo g bo x to save the compressed file to a folder you want). These sample files are annotated to allow you to

(on the

, search for sample.ini, click the reference guide link, and

Page 8

2 Chapter 1

use them as a “starter set” (that you can modify for your users needs) to quickly get your file server up and running. For information on using the sample files, refer to the

Reference Guide: Wyse ThinOS Reference Guide: Wyse ThinOS

clients running Wyse ThinOS. It provides the detailed information you need to help you understand and use the Wyse ThinOS INI files. It contains information on the different Wyse ThinOS INI files you can use and the rules for constructing the files. It also provides the parameter details you need (with working examples) to get the most out of your Wyse ThinOS INI files. In addition, this guide also includes an appendix that contains all of the supported connect options you can use for ICA and RDP connections. It is available at:

http://www.wyse.com/manuals

Getting Started Guide: Wyse ThinOS

system. It provides a setup and configuration overview of the entire Wyse ThinOS system to help you get your Wyse ThinOS environment up and running quickly and easily. It is available at: http://www.wyse.com/manuals

Wyse Thin Computing Software is available on the Wyse Web site at:

http://www.wyse.com/products/software

Note: Users Guide: Wyse ThinOS Administrators Guide.

INI Files.

INI Files is intended for administrators of Wyse thin

is intended for administrato rs of the Wyse ThinOS

has been discontinued and incorporated into this

Wyse Online Community

Wyse maintains an online community where users of our products can see k and exchange information on user forums. Visit the Wyse Online Community forums at:

http://community.wyse.com/forum

Page 9

2 Getting St arted

While it can be used in environments without central configuration for basic connectivity needs, Wyse ThinOS is designed to be centrally managed and configured using INI files. In general, it is recommended that you use central configuration to enable you to automatically push updates and any desired default configuration to all thin clients in your Wyse ThinOS environment.

This chapter includes:

• "Connecting to a Remote Server"

• "Using Your Desktop"

• "Locking the Thin Client"

• "Signing Off and Shutting Down"

Connecting to a Remote Server

Central Configuration - If you are set up for automatic detection (using INI files - see

Reference Guide: Wyse ThinOS

connect to the configured remote services during the boot-up process. Simply press the power button to turn on your thin client to see the Login dialog box. Enter your User name, Password, and Domain, and then click Login. After authentication is successful, your available connections are presented for use. Although the thin client will default to the Classic Desktop for INI backward compatibility, you can configure the thin client to display the Wyse Zero Desktop by using the SysMode=VDI parameter in the INI files or by selecting the desktop option in a dialog box (see "Using Your Desktop").

Manual Connection - If you are not yet set up for central configuration, you will see the Wyse Zero Toolbar, where you can configure the initial server connection you want using the Remote Connections dialog box before you can log in. See "Manual Connection Procedures."

INI Files), your thin client will automatically detect and

You only need to complete this manual configuration once (or after reboot to factory defaults). After the thin client “knows” the location of your server, it automatically connects to the server for login when you start the thin client in the future. After you confirm your environment is ready for deployment, you can create INI files for central configuration.

Page 10

4 Chapter 2

Manual Connection Procedures

1. Click the System Settings icon on the Wyse Zero

Toolbar to open the System Settings menu, and then click Remote Connections to open the Remote

Connections dialog box.

2. Use the Broker Setup tab of the Remote Connections

dialog box to configure one of the following connections:

• ICA or RDP connection (select None, select ICA or RDP, click Configure Connection, and then follow the wizard).

• A specific broker server connection (select Ot Citrix Xen, or VMware View, and then enter the IP Address for the server in the Broker Server box).

Note: For more details, see "Remote Connections."

3. Click

OK, and then restart the thin client (click the Shutdown icon on the Wyse Zero Toolbar to open and use the Shutdown dialog box to restart the thin client).

her,

(If Y

ou Configured an ICA or RDP Connection) After thin client restart, click the Home icon on the Wyse Zero Toolbar to open the list of available connections, click the

ICA or RDP connection you created, and then log in.

ou Configured a Specific Broker Server Connection)

(If Y After thin client restart, the Login dialog box appears for your server.

Enter the User name, Password, and Domain and click Login.

After authentication is successful, your Wyse Zero Toolbar is presented with your assigned connections defined by the broker server.

Page 11

Getting Started 5

Using Your Desktop

What you see after logging on to the server depends on the administrator configuration s.

Users with a Classic Desktop - will see the classic Wyse ThinOS desktop with full taskbar, desktop, and Connect Manager familiar to Wyse ThinOS users. This option is recommended for terminal server environments with published applications and for backward compatibility with Wyse ThinOS 6.x versions.

For more information on using the Classic Desktop, see "Additional Classic Desktop Features."

Users with a Wyse Zero Desktop - will see the Wyse Zero Desktop with the Wyse Zero Toolbar showing the assigned

list of connections from which to select. This option is recommended for VDI and any full-screen only connections.

For more information on using the Wyse Zero Desktop, see "Additional Wyse Zero Desktop Features."

In any desktop case, you can select the desktop option you want (Classic Desktop or

Wyse Zero Desktop) and create the connections you need using the Remote Connections dialog box (see "Remote Connections").

To open the Remote Connections dialog box, do one of the following:

• Classic Desktop - Click User Name (User Name is the user who is logged-on and is located at the bottom-left side of the taskbar), and then select System Setup > Remote Connections.

• Wyse Zero Desktop - Click the System Settings icon on the Wyse Zero Toolbar, and then select Remote Connections.

Page 12

6 Chapter 2

Locking the Thin Client

To help ensure that no one else can access your private information without permission, Wyse ThinOS allows you to lock your thin client so that credentials are required to unlock and use the thin client after you do one of the following:

• Unplug a signed-on smart card - If an administrator has set SCRemovalBehavior=1 for the Signing parameter in the INI files and you unplug the smart card that you used to sign on to the thin client, then the thin client will lock. To unlock the think client for use, you must use the same smart card and your correct PIN. Note that removing a signed-on smart card can also cause the thin client to log-off, if an administrator has set the INI files to do so (in this case you must sign-on as usual to use the thin client).

• Use LockTerminal from the Shortcut Menu and Shutdown dialog box - On the Classic Desktop, click on the desktop and select Lock Terminal, or use the Shutdown dialog box (see use the Shutdown dialog box (see "Signing Of f and Shutting Down"). To open the thin client for use, you must use your correct password.

• Use the screen saver - If an administrator has set LockTerminal=2 for the ScreenSaver parameter in the INI files and you use the screen saver, then the thin client will lock. To open the thin client for use, you must use your correct password.

"Additional Classic Desktop Features"). On the Wyse Zero Desktop,

Signing Off and Shutting Down

Use the Shutdown dialog box (Classic Desktop - click Shutdown in the Connect Manager or Desktop Menu; Wyse Zero Desktop - click the Shutdown icon on the Wyse Zero Toolbar) to select the available option you want.

Tip

You can also configure automatic behavior after all desktop sessions are closed by using the Remote Connections dialog box (see "Remote Connections") or the AutoSignoff parameter in a wnos.ini file (see "Central Configuration: Automating Updates and Configurations").

Page 13

Getting Started 7

Use the following guidelines (depending on user privilege, some options may not be available for use):

Table 1 Shutdown dialog box options

Option What It Does Sign-off from account Allows you to sign off from the current open account (the

Login dialog box appears and is ready for another user). Lock Terminal Locks the thin client from use until you log in again. Shutdown the system Turns off the thin client. Restart the system Logs off the user account (the Login dialog box appears

after the thin client restarts).

Reset the system setting to factory default

Appears for high-privileged users/administrators only. This

option allows you to reset the thin client to factory defaults

(see "Resetting to Factory Defaults Using Shutdown

Reset").

Page 14

8 Chapter 2

This page intentionally blank.

Page 15

3 Not able Wy se ThinOS Features

This chapter includes:

• "Login Dialog Box Features"

• "Accessing System Information"

• "Manually Configuring Global Connection Settings"

• "Additional Wyse Zero Desktop Features"

• "Additional Classic Desktop Features"

While the Login dialog box allows you to log in to the server, it also allows you to obtain system information, configure thin client settings, and shut down the thin client.

Use the following guidelines

• Sys Info - Click the Sys Info button to open the System Information dialog box and view the thin client system information such as System Version, IP Address, information on devices connected to your thin client, event logs, and so on (see "Accessing System Information").

• Admin Mode - Click the Admin Mode button to configure various settings locally on the thin client (not broker desktop configurations). For example, you can choose to manually configure the Citrix Xen Broker Server URL (or override the URL that is centrally defined by file servers) by using the Remote Connections dialog box as described in

Tip

By default there is no password needed for Admin Mode button use. You can password protect the Admin Mode button (to require login credentials) by using the AdminMode parameter in a wnos.ini file (see Reference Guide:

Wyse ThinOS

• Shutdown - Click the Shutdown button to open and use the Shutdown dialog box to sign-off, shut down, restart, reset the system setting to factory default s, a nd so on (see "Signing Off and Shutting Down").

"Remote Connections."

INI Files).

Page 16

10 Chapter 3

Accessing System Information

Use the System Information dialog box to view the following system information (Classic Desktop - click System Information in the Desktop Menu; Wyse Zero Desktop -click the

System Information icon on the Wyse Zero Toolbar):

• General Tab - Displays general information such as System Version, Serial Number, Boot From, Memory Size (Total and Free), Terminal Name, IP Address, Net Mask, Gateway, and DHCP Lease.

• Devices Tab - Displays information about devices such as the CPU Speed, ROM Size, Monitor, Parallel Ports, Ethernet Speed, Memory Speed, NAND Size, Resolution, Serial Ports, and the thin client MAC Address.

• Copyright/Patents Tab - Displays the software copyright and patent notices.

• Event Log Tab - Displays the thin client start-up steps (normally beginning from System Version to Checking Firmware) or error Messages that are helpful for debugging problems.

• Status Tab - Displays status information about TCP performance-related parameters, CPU Busy , System Up T ime , Wireless performance-related parameters, Fre e Memory, and DHCP lease time remaining.

Manually Configuring Global Connection Settings

If you do not use INI files to provide central configuration (global connection settings) to users, you can click Global Connection Settings (in the Connect Manager for the Classic Desktop; in the List of Connections for the Wyse Zero Desktop) to open and use the Global Connection Settings dialog box to configure settings that affect all of the connections in your list of connections.

Tip

For information on configuring the thin client using INI files (recommended), refer to Reference Guide: Wyse ThinOS configuring the thin client locally using dialog boxes, refer to Connectivity Options" and "Configuring Local Settings Options."

INI Files. For information on

"Configuring

Page 17

Notable Wyse ThinOS Features 11

Use the Session tab to select the check boxes you want for the options that are available to all sessions (the Smart Cards check box specifies the default setting for connecting to a smart card reader at startup).

Tip

ICA sessions always have automatic connection to attached smart card readers. When using the Disks check box for automatic connection to connected USB sticks, use the following guidelines:

- Support is for VF AT File System only, be sure that the USB stick yo u use is formatted to FAT16 or FAT32.

- More than one disk can be used at the same time, however, the maximum number of USB sticks (including different subareas) is 12.

- It recommended that you use Windows XP, Windows Server 2003, or Windows Server 2008 for the server.

- Be sure to save all data and sign off from the se ssion mapping the USB stick before removing the USB stick.

Use the ICA tab to select the check boxes you want for the options that are available to all ICA sessions. Note the following:

Map to - When a drive is entered, maps a disk under the drive. Map all disks under (z:) - When selected, maps all disks under the Z drive.

Use the RDP tab to enable or disable Network Level Authentication (NLA). The NLA authentication method verifies users before they ar e allowed to connect with a full Remo te Desktop connection.

Page 18

12 Chapter 3

Additional Wyse Zero Desktop Features

This section includes information on:

• "Wyse Zero Interactive Desktop Guidelines"

• "Wyse Zero Toolbar"

• "List of Connections"

Wyse Zero Interactive Desktop Guidelines

The Wyse Zero Desktop has a Wyse default background with the Wyse Zero Toolbar at the left of the screen.

Use the following guidelines:

• If configured to display (by an administrator), the current date and time are shown on the Wyse Zero Toolbar.

Tip

The thin client is capable of synchronizing its clock to time provided by a Simple Network Time Protocol (SNTP) server.

• Press CTRL+ALT+UPARROW to display the Wyse Zero Toolbar.

• Press CTRL+AL T+DOWNARROW to open a selection box for toggling between the desktop and currently-active connect i on s.

• Lock the thin client at any time by pressing CTRL+ALT+LEFTARROW or CTRL+ALT+RIGHTARROW.

• Keyboard shortcuts are supporte d. Use the LEFT ALT+UDERLINED LETTER on the keyboard for keyboard shortcuts (the RIGHT ALT+UDERLINED LETTER combination is not currently supported).

•Use the Peripherals dialog box to switch the left and right buttons (see "Peripherals.").

• In addition to the standard two-button mouse, the thin client supports a Microsoft Wheel Mouse (used for scrolling). Other similar types of a wheel mouse may or may not work.

• Press PRINT SCREEN to capture a full desktop or ALT+PRINT SCREEN to capture the active window.

• You can copy and paste between application sessions and between sessions and the desktop, however, this function depends on session server configurations.

Page 19

Notable Wyse ThinOS Features 13

Wyse Zero Toolbar

The Wyse Zero Toolbar usually appears at the left edge of the Wyse Zero Desktop. However, dep ending on administrator configurations, the toolbar can be removed or hidden (shown only when a user moves the mouse pointer over the left edge of the desktop screen).

Table 2 Toolbar icons

Icon What It Does

Home Opens the list of available connections (see "List of

System Information Displays thin client system information (see "Accessing

System Settings Opens the System Settings menu to configure thin client

Connections").

System Information").

system settings and perform diagnostics (see "Configuring Connectivity Options," "Configu ring L ocal Settin gs Op tions ," and "Central Configuration: Automating Updates and Configurations").

Shutdown Terminal Click the Shutdown Terminal icon to use the Shutdown

options available on the thin client (see "Signing Off and Shutting Down"). Note that the Shutdown Terminal icon does not display on the toolbar when using the Admin Mode button to configure system settings.

Tip

Administrators can configure the toolbar settings using either a dialog box (see

"Remote Connections") or the SysMode parameter in the wnos.ini file

(see Reference Guide: Wyse ThinOSTM INI Files).

Page 20

14 Chapter 3

List of Connections

On the Wyse Zero Toolbar, you can click the Home icon to open your list of assigned connections (in some cases the list may contain only default connections).

Use the following guidelines (depending on user privilege level, some options may not be available for use):

Table 3 Connection Options

Option What It Does

Name of the

connection

Restart icon Restarts the connection (useful when a connection is not

Quick Disconnect

icon

Edit icon Opens the Connection Settings dialog box (see "Advanced

Configuring Global

Connection Settings

Opens the connection you want to use (all open connections display a blue icon to the left of the connection name in the list).

functioning properly or you need to reboot the connection).

Closes the connection (the Close icon is grayed out for connections that are not open).

Details on Configuring ICA and RDP Connections") to change the connection options (depending on user privilege level, editing options may not be available for use).

If you do not use INI files to provide global connection settings, you can click Global Connection Settings to open and use the Global Connection Settings dialog box to configure settings that affect all of the connection in the list (see "Manually Configuring Global Connection Settings").

Page 21

Notable Wyse ThinOS Features 15

Additional Classic Desktop Features

This section includes information on:

• "Classic Interactive Desktop Guidelines"

• "Shortcut Menu"

• "Connect Manager"

Classic Interactive Desktop Guidelines

The Classic Desktop has a Wyse default background with a horizontal taskbar at the bottom of the screen. The number of icons that can be displayed o n the deskto p de pends on the desktop resolution and administrator configuration.

Use the following guidelines:

• Icons representing available server connections and published applications are displayed on the background. Hovering the mouse pointer over an icon pops-up information about the connection. Right-clicking (or left-clicking if the mouse buttons are reversed) on an icon opens a Connection Settings dialog box which displays additional information about the connection.

• A server connection/published application can be opened by double- clicking a desktop icon or a user can navigate to the desktop icon they want by using tab key and pressing Enter to initiate the connection.

•The Desktop Menu may be opened by clicking the mouse button on the desktop background or by clicking on the User Name on the taskbar.

• If configured to display (by an administrator), the volume control is displayed in the right corner of the taskbar and the current time and date are shown when the cu rsor is placed on the time.

Tip

The thin client is capable of synchronizing its clock to time provided by a Simple Network Time Protocol (SNTP) server.

• Press CTRL+ALT+UPARROW to toggle between window display modes.

• Press CTRL+AL T+DOWNARROW to open a selection box for toggling between the desktop, Connect Manager, and currently-active connections.

• Lock the thin client at any time by pressing CTRL+ALT+LEFTARROW or CTRL+ALT+RIGHTARROW.

• Keyboard shortcuts are supporte d. Use the LEFT ALT+UDERLINED LETTER on the keyboard for keyboard shortcuts (the RIGHT ALT+UDERLINED LETTER combination is not currently supported).

•Use the System Preference dialog box to switch the left and right buttons (see "System Preferences").

• In addition to the standard two-button mouse, the thin client supports a Microsoft Wheel Mouse (used for scrolling). Other similar types of a wheel mouse may or may not work.

• You can copy and paste between application sessions and between sessions and the desktop, however, this function depends on session server configurations.

Page 22

16 Chapter 3

Shortcut Menu

Right-clicking on the desktop provides a Shortcut Menu with the following options:

• Administrator Mode - Allows administrators to configure various settings locally on thin client.

• Hide all windows - Brings the full desktop to the foreground.

• Copy to clipboard - Copies an image of the full screen, current window, or event log to the clipboard. The clipboard contents can then be pasted to an ICA or an RDP session.

• Purge clipboard - Discards the contents of the clipboard in order to free up memory.

• Group Sessions - Enables you to open more than three ICA or three RDP or three ICA seamless sessions. The sessions will be displayed as a group on the taskbar.

• Lock Terminal - Puts the thin client in a locked state if the user has signed on to the system with a password. The thin client can only be unlocked using the same password.

Desktop Menu

Clicking the User Name (User Name is the user who is logged-on and is located at the bottom-left side of the taskbar), or clicking on the desktop, opens the Desktop Menu with the following options (for High-privileged and Low-privileged users only):

• System Setup - Provides access to the following local system setup dialog boxes:

• Network Setup - Allows selection of DHCP or manual entry of network settings, as

well as entry of locations of servers essential to thin client operation. This menu selection is disabled for Low-privileged users. See

• Remote Connections - Allows you to configure thin client network connections

including ICA, RDP, Citrix Xen, VMware View, and other broker server connections. See

"Remote Connections."

• Central Configuration - Allows you to configure thin client central connection

settings such as file server and optional Wyse Device Manager server settings. See "Central Configuration."

• WAN Setup - Allows you to configure thin client WAN.

• System Preference - Allows user selection of thin client parameters that are a

matter of personal preference. See

• Display - Allows you to configure the monitor resolution and refresh rate. See

"Display."

• Peripherals - Allows you to select the peripherals settings such as keyboard,

mouse, volume, and touch screen settings. See

• Printer - Allows configuration of network printers and local printers that are

connected to the thin client. See

• System Information - Provides thin client system information. See "Accessing System Information."

• Applications - Contains a submenu of all locally configured applications and is populated with published applications when a user is signed on using either PNLite or PNAgent.

"System Preferences."

"Printers."

"Network Setup."

"Peripherals."

Page 23

Notable Wyse ThinOS Features 17

• Network Test - Opens a submenu from which the Ping and T ra ce Route tools can be used to check the integrity of the network connection. See Trace Route."

• View INI Settings - Opens a submenu from which the wnos.ini and user.ini windows can be opened to view the contents of the files. See

• Shutdown - Opens the Sign-off/Shutdown/Shutdown/Restart the System dialog box. See

Connect Manager

Clicking Connect Manager on the taskbar opens the Connect Manager. The Connect Manager has a list of connection entries and a set of command buttons available for use

with the connections.

Tip

Non-privileged users cannot view the Connect Manager.

"Using Ping" and "Using

"System Tools."

"Signing Off and Shutting Down."

The command buttons available depend on the privileges of the user and administrator configuration; the following default examples are typical:

• High-privileged user - Includes Connect, New, Settings, and Sign-off.

• Low-privileged user - Includes Connect, Settings, and Sign-off.

• Stand-alo n e user - Includes Connect, New, Settings, and Delete.

Tip

If set by an administrator (enablelocal=yes in the user.ini/wnos.ini file), High-privileged and Low-privileged users will have the Delete command button available instead of the Sign-off command button).

The use associated with these command buttons also depends on user privilege. For example, Settings allows a High-privileged user to view and edit connection definitions, while it allows a Low-privileged user to only view connection definitions.

Tip

Guest user privileges are determined by an admi n istr at or.

Page 24

18 Chapter 3

The Connect Manager command buttons include:

• Connect - To make a connection, select a connection from the list and click Connect.

• New - Clicking New opens the Connection Settings dialog box either directly or through the Connection Protocol menu selection for creating a new connection definition (for more information on the Connection Settings dialog box, refer to "Advanced Details on Configuring ICA and RDP Connections"). The new locally-defined connections are added to the connection list. Be aware of the follo wing information:

• High-privileged user - Typically, all locally-defined connection definitions are

temporary and are lost when the user logs off and when th e thin client restarts or is shut down. However, if config ured by an administrator (enablelocal=yes), locally-defined connection definitions can be saved in these cases.

• Stand-alo n e user - Locally-defined connections are retained when the thin client

restarts or is shut down (there is no individual log-on). Network configuration settings must be made locally.

• Properties - Clicking Properties opens the Connection Settings dialog box for the selected connection (for more information on the Connection Settings dialog box, refer to the following information:

• High-privileged user - Can view and edit the definitions for the currently-selected

connection. Edits are not permanently retained when the user signs-off.

• Low-privileged user - Cannot create or edit connections, but can view connection

definitions.

• Stand-alo n e user - Can permanently modify the persistent connections (except

when PNAgent/PNLite services are used).

• Sign-off - To sign-off from the thin client, click Sign-off.

• Delete - To delete a connection, select a connection from the list and click Delete.

• Reset VM - To reset a virtual connection, select a virtual connection from the list and click Reset VM.

• Global Connection Settings - If you do not use INI files to provide global connection settings, you can click Global Connection Settings to open and use the Global Connection Settings dialog box to configure settin gs that affect all of the connections in the list (see

"Advanced Details on Configuring ICA and RDP Connections"). Be aware of

"Manually Configuring Global Connection Settings").

Page 25

4 Configuring Connectivity Options

You can configure the following Connectivity options using thin client dialog boxes (depending on user privilege level, some options may not be available for use):

• "Network Setup"

• "Remote Connections"

• "Central Configuration"

Tip

While it is not recommended to use thin client dialog boxes for configuring Connectivity options, they are available in case you want to temporarily override central default configurations or you do not have the option to set up central configuration (smaller environments). In general, it is recommended that you use central configuration to enable you to automatically push updates and any desired default configuration to all thin clients in your Wyse ThinOS environment (see "Central Configuration: Automating Updates and Configurations").

To access Connectivity options:

• Wyse Zero Desktop - click the System Settings icon on the Wyse Zero Toolbar (administrators can also click the Admin Mode button on the Login dialog box).

• Classic Desktop - click User Name (User Name is the user who is logged-on and is located at the bottom-left side of the t askbar), and select System Setup.

Page 26

20 Chapter 4

Network Setup

The Network Setup dialog box allows you to configure thin client network settings .

Tip

If required by the operating environment, the network administrator may disable access to this dialog box. Specifically, it cannot be accessed by Low-privileged and Non-privileged users (and not until after log-on if using PPPoE access).

Use the following guidelines for the General tab:

• Ethernet Speed - Normally the default (Auto-Detect) should be selected, but another selection can be made if automatic negotiation is not supported by your network equipment. Selections include Auto-Detect, 10 Mb Half-Duplex, 10 Mb Full-Duplex,

100 Mb Half-Duplex, 100 Mb Full-Duplex.

Tip

The 10 Mb Full-Duplex option can be selected locally at the device, however, this mode may need to be negotiated through Auto-Detect.

• No local LAN, invoke PPPoE only - Select this option if the thin client will access a network through a PPPoE connection.

• Dynamically allocated over DHCP/BOOTP - Selecting this option enables the thin client to automatically receive information from the DHCP server. The network administrator must configure the DHCP server (using DHCP options) to provide information. Any value provided by the DHCP server will replace any value entered locally on the Options tab, however, locally entered values will be used if the DHCP server fails to provide replacement values.

• Statically specified IP Address - Select this option to manual enter the IP Address, Subnet Mask, and Default Gateway: IP Address - Must be a valid network address in the server environment. The network administrator must provide this information. Subnet Mask - Enter the value of the subnet mask. A subnet mask is used to gain access to machines on other subnets. The subnet mask is used to differentiate the location of other IP addresses with two choices: same subnet or other subnet. If the location is other subnet, messages sent to that address must be sent through the Default Gateway, whether specified through local configuration or through DHCP. The network administrator must provide this value.

Page 27

Configuring Connectivity Options 21

Default Gateway - Use of gateways is optional. Gateways are used to interconnect multiple networks (routing or delivering IP packets between them). The default gateway is used for accessing the Internet or an intranet with multiple subnets. If no gateway is specified, the thin client can only address other systems on the same subnet. Enter the address of the router that connects the thin client to the Internet. The address must exist on the same subnet as the thin client as defined by the IP address and the subnet mask. If DHCP is used, the address can be supplied through DHCP.

• DHCP Vendor ID - Shows the DHCP Vendor ID when the Dynamically allocated over DHCP/BOOTP option is selected.

• DHCP UserClass ID - Shows the DHCP UserClass ID when the Dynamically allocated over DHCP/BOOTP option is selected.

Use the following guidelines for the Name Servers tab:

• DNS Domain and DNS Servers - Use of DNS is optional. DNS allows you to specify remote systems by their host names rather than IP addresses. If a specific IP address (instead of a name) is entered for a connection, it rather than DNS will be used to make the connection. Enter the DNS Domain and the network address of an available DNS Server. The function of the DNS Domain entry is to provide a default suffix to be used in name resolution. The values for these two boxes may be supplied by a DHCP server. If the DHCP server supplies these values, they will replace any locally configured values. If the DHCP server does not supply these values, the locally configured values will be used.

Tip

You may enter two DNS Server addresses, separated by a sem ico lo n, comma, or space. The first address is for the primary DNS server and the second is for a backup DNS server.

• WINS Servers - Use of WINS is optional. Enter the network address of an available WINS name server. WINS allows you to specify remote systems by their host names rather than IP addresses. If a specific IP address (instead of a name) is entered for a connection, it rather than WINS will be used to make the connection. These entries can be supplied through DHCP if DHCP is used. DNS and WINS provide essentially the same function, name resolution. If both DNS and WINS are available, the thin client will attempt to resolve the name using DNS first and then WINS.

Tip

You may enter two WINS Server addresses (primary and secondary), separated by a semicolon, comma, or space.

Page 28

22 Chapter 4

Use the following guidelines for the Options tab:

• DHCP Option IDs - Enter the supported DHCP options (each value can only be used once and must be between 128 and 254). For information on DHCP options, refer to "Configuring DHCP (DHCP Options)."

• Show WAN configuration on System Settings - Allows you to show the WAN configuration on the System Settings submenu.

• Tcp Timeout - Enter the number of 30 seconds for the timeout value of a TCP connection. The value must be between 1 and 255 which means the connection timeout value is from 1x30 seconds to 255x30 seconds.

Use the following guidelines for the Security tab:

• Access Type - (For Wireless Option Only) Select the access type option (either None, WPA_Personal, WPA2_Personal, WPA_Enterprise, or WPA2_Enterprise) to be used for this wireless communication link. WPA_Personal and WPA2_Personal - Wi-Fi Protected Access (WPA)_Pre-Shared Key (PSK) encryption can be enabled by selecting one of these options (WPA was designed to improve upon the security features of WEP; WPA2 provides government grade security). WPA_Enterprise and WPA2_Enterprise - Wi-Fi Protected Access (WPA)_Enterprise encryption can be enabled by selecting one of these options (WPA2-Enterprise verifies network users through a server. WPA2 is backward compatible with WPA).

• Enable IEEEE 802.1x authentication - Select this check box to enable this authentication and activate the EAP Type list of options.

Page 29

Configuring Connectivity Options 23

• EAP T ype - If you have enabled the Enable IEEEE 802.1x authentication check box, select the EAP Type option you want (TLS, LEAP, or PEAP).

TLS - If you select the TLS option, click Properties to open and configure the Authentication Properties dialog box (you can use Browse to find and select the

Client Certificate file and Private Key file you want). Note that the CA certificate must be installed on the thin client.

LEAP - If you select the LEAP option, click Properties to open and configure the Authentication Properties dialog box (be sure to use the correct Username and

Password for authentication). Note that the maximum length for the username or the password is 64 characters.

PEAP - If you select the PEAP option, click Properties to open and configure the Authentication Properties dialog box (be sure to select either EAP_GTC or EAP_MSCHAPv2, and then use the correct Username, Password, and Domain, if

necessary, for authentication). To configure EAP-GTC, enter the username only, and the password or PIN will be asked when authenticating. T o configure EAP-MSCHAPv2, enter the username, password, and doma in (domain\username in the username box is supported, but you must leave the domain box blank). Note that the CA certificate must be installed on the thin client (the server certificate is forced to be validated).

• Certificate Management - Opens the Certificates Browser where you can select the

Import From option you want to import a certificate (either USB Storage or File Server). USB Storage - If you select the USB Storage option, click Import to open and us e the Import dialog box to find and select the certificate you want to use. The maximum

importing path is limited to 128 characters and the maximum certificate name is limited to 64 characters.

File Server - If you select the File Server option, click Import to open and use the Import dialog box to enter the detailed p ath to the certificate you want to use in the File

Servers box (if necessary, be sure to use the correct Username and Password). Note that you must enter the absolute path of the certificate. For example: 10.151.121.100/ wnos/cacerts/mycertificate.cer. The maximum importing path is limited to 128 characters and the maximum certificate name is limited to 64 characters.

Use the following guidelines for the Wireless tab:

Tip

While Service Set Identification (SSID) and encryption configurations must be entered in the Wireless tab on the thin client, be sure that the corresponding entries are also be made on th e en te rp ris e access point.

• SSID - Enter the Service Set Identification (name o f the wireless netwo rk) set up by the network administrator for this wireless communication link (maximum is 32 characters).

Page 30

24 Chapter 4

• Security Type and Encryption - Select the encryption option (either None, WPA-Personal, WPA2-Personal, WPA-Enterprise, or WPA2-Enterprise) to be used

for this wireless communication link (If a WPA option is selected, TKIP and CCMP encryption is supported; if a WPA2 option is selected, CCMP encryption is supported).

None - Select None if encryption is not required. WPA-Personal and WPA2-Personal - Wi-Fi Protected Access (WPA and WPA2)

Personal encryption is designed to improve upon the security features of WEP but is still designed for home and small office networks that do not require the complexity of an authentication server (WPA2 provides more security than WPA). WPA-Enterprise and WPA2-Enterprise - Wi-Fi Protected Access (WPA and WPA2) Enterprise encryption is designed to improve upon the security features of WEP but also verifies network users through an authentication server (WPA2 provides more security than WPA; WPA2 is backward compatible with WPA).

• WEP Key or WPA Key - If either box is active (depending on Encryption option), enter the key according to your Encryption selection. The selected key is used to encrypt/ decrypt each frame transmitted from or received by the wireless adapter. The access point must recognize frames encrypted by the same key. Keys can be 5 or 13 characters for the 64 or 128 bit encryption key, or specified as 10 or 26 hex-decimal digits.

• Enable IEEEE 802.1x authentication - Select this check box to enable this authentication and activate the EAP Type list of options.

• EAP T ype - If you have enabled the Enable IEEEE 802.1x authentication check box, select the EAP Type option you want (TLS, LEAP, or PEAP).

TLS - If you select the TLS option, click Properties to open and configure the Authentication Properties dialog box (you can use Browse to find and select the

Client Certificate file and Private Key file you want). Note that the CA certificate must be installed on the thin client.

LEAP - If you select the LEAP option, click Properties to open and configure the Authentication Properties dialog box (be sure to use the correct Username and

Password for authentication). Note that the maximum length for the username or the password is 64 characters.

Page 31

Configuring Connectivity Options 25

Remote Connections

The Remote Connections dialog box allows you to configure thin client remote connections (including ICA, RDP, Citrix XenDesktop, VMware View, and other broker server connections), visual options, and general connection settings.

Tip

In the Classic Desktop option, the Remote Connections dialog box allows you to create default ICA and RDP connections for use. If you want to create several ICA and RDP connections (more than the default connections), use the Connect Manager (see "Connect Manager").

Use the following guidelines for the Broker Setup tab:

Tip

Locations can be supplied through a wnos.ini file if it is used. If DHCP is used, locations can be supplied through DHCP. After creating an entry, be sure to reboot the thin client to have the changes take effect.

• ICA Connection - Select None, select ICA, click Configure Connection, and then follow the wizard (see

• RDP Connection - Select None, select RDP, click Configure Connection, and then follow the wizard (see

• Direct Connection - Select Other, enter the IP Address for the broker server in the Broker Server box, and then click OK.

• Citrix Xen Connection - Select Citrix Xen, enter the IP Address for the server in the Broker Server box, select your options, and then click OK. Use the following guidelines for the Citrix Xen Broker Server: Enter the IP Address or host name for the server in the Broker Server box. Use the Enable automatic reconnection at logon and Enable automatic reconnection from button menu check boxes and options to further configure the connection for automatic reconnection.

• VMware View Connection - Select VMware View, enter the IP Address for the server in the Broker Server box, and then click OK.

"Configuring ICA Connections").

"Configuring RDP Connections").

Tip

The broker supports both http and https, and depends on the broker server support. If http or https is not specified on the broker se rver, then http is used by default. If https is specified, the client side must install a corresponding

Page 32

26 Chapter 4

root certificate locally. For detailed instructions on installing a corresponding root certificate locally , refer to Wyse Knowledge Base Solution #15508 (go to the Wyse Knowledge Base at

http://www.wyse.com/kb and search for 15508).

Use the following guidelines for the Visual Experience tab:

• Classic Desktop - Displays the full taskbar, desktop, and Connect Manager familiar to Wyse ThinOS users. This option is recommended for terminal server environmen ts and for backward compatibility with Wyse ThinOS 6.x versions.

• Zero Launchpad - Displays the new launchpad style GUI designed for VDI use. Functionality is accessed through an always available interface. This option is recommended for VDI and any full-screen only connections.

• Toolbar, hotkey, and connection icon options are also available for configuration.

Use the General Options tab options to select the action after you exit all open desktops (by default, the thin client automatically returns to the Login dialog box and is ready for another user), set the default sign-on username and domain, and to clear locally saved connections.

Page 33

Configuring Connectivity Options 27

Central Configuration

The Central Configuration dialog box allows you to configure thin client central connection settings such as file server and optional Wyse Device Manager server settings.

Use the following guidelines:

• File Servers/Path, Username, and Password - IP address or host name of the file server that provides the system software and update images. The address can be supplied through DHCP if DHCP is used. Use the following guidelines: File Servers/Path - Allows 128 characters maximum. The data specifies part of the path to be used when the server is accessed. Multiple file servers/paths may be named, as long as all data fits in the length limitation.

Username - To log in to the file server. Use 15 characters maximum. Password - To log in to the file server. Use 15 characters maximum.

• WDM Servers - List of IP addresses or host names if Wyse Device Manager is used. Locations can be supplied through user profiles if user profiles are used. If DHCP is used, locations can be supplied through DHCP.

Page 34

28 Chapter 4

Advanced Details on Configuring ICA and RDP Connections

Use the following information when configuring ICA and RDP connections (this information assumes that the thin client does not have a locked down privilege level):

• High-privileged user - The additional functionality provided by the Connection Settings dialog box allows testing of connection definitions before they are ente red (by a network administrator) into the user profile file s.

• Low-privileged user - The settings for the selected connection can be viewed but cannot be edited, and new connections cannot be defined. Connection definitions are controlled by a network administrator and are accessed by the thin client from the use r profiles located on a remote server.

• Stand-alo n e user - The Connect Manager is available to Stand-alone users because connection definitions cannot be accessed from remote user profiles. If user profiles are available on an FTP server but are not accessed because DHCP is not available or is not configured to provide the file server IP address, the file server IP location can be entered manually using the Network Setup dialog box.

Configuring ICA Connections

Use the following guidelines:

If you select the Server option, the Host Names box is displayed. If you select the Published Application option, the Application Name box replaces the Host Names box.

Page 35

Configuring Connectivity Options 29

Use the following guidelines on the Connection tab:

• Server or Published Application - Select the type of connection to which the settings apply.

• Connection Description - Enter the descriptive name that is to appear in the connection list (38 characters maximum) .

• Browser Servers IP - Enter a delimited (comma or semicolon) list of IP addresses or DNS-registered names of ICA servers that contains the master browsers list, or that could refer to another server that contains the list. The master browsers list is generated automatically by a browsing progra m on one of the ICA servers (selected by negotiation between servers). It is used to provide the information displayed in the Server Name or IP box. No entry is needed if the list is on an ICA server in the same network segment as the thin client. No entry is necessary if the connection is to a server, or if the server name or IP contains the IP address of the server.

• Host Name or Application Name (title depends on the Server or Published Application option selected) - You can enter a delimited (semicolon or comma separated) list of server hostnames or IP addresses, or you can select from the list of ICA servers or published applications (depending on Server or Published

Application option selected) obtained from the ICA master browser (you can also use Browse next to the box to make the selection you want). If you enter a delimited list of

servers, the thin client attempts to connect to the next server on the list if the previous server attempt failed. If you use the list and the selected connection fails, the thin client attempts to connect to the next one on the list.

Tip

The Host Name may be resolved using one of three mechanisms: ICA master browser, DNS, or WINS. Master browser is the only mechanism that can resolve a published application (unless manual entry is made in DNS for the application). DNS uses the default domain name in the network control panel to attempt to construct an FQDN but will also try to resolve the name without using the default.

• Encryption Level - Allows you to sele ct the se curity le vel of communications betwe en the thin client and the ICA server. Basic (the default option) is the lowest level of security. Basic allows faster communication between the device and the ICA server because it requires less processing than do the higher levels of encryption.

Caution

The encryption selection applies to the security of communications between the thin client and the ICA server only. It is independent of the security settings of individual applications on the ICA server . For exampl e, most W eb financial transactions require the thin client to use 128-bit encryption. However, transaction information could be exposed to a lower level of security if the thin client encryption is not also set to 128 bits.

• Use HTTP for browsing - When selected, the thin client, by default, uses http when browsing.

• Alternate address via firewall - When selected, the thin client will use an alternate IP address returned from the ICA master browser to get through firewalls. Used for the Windows log-on when the connection is activated.

• Wyse VDA - When selected, the thin client will use Wyse® Virtual Desktop Accelerator software to provide an “accelerated” user experience on remote deskto p sessions with high round-trip delay between the server and client.

Page 36

30 Chapter 4

• Display Resolution - Select the display resolution for this connection (if you select the Published Application option, the Connection Display will allow you to select the Seamless Display Resolution option): Default 640 x 480 800 x 600 1024 x 768 1152 x 864 1280 x 720 1280 x 768 1280 x 1024 1360 x 768 1366 x 768 1368 x 768 1440 x 900 1400 x 1050 1600 x 900 1600 x 1200 1680 x 1050 1920 x 1080 1920 x 1200 Colors - Select the color depth of the ICA session. If High Colors (16bits) or True Colors is selected and the ICA server does not support this color depth, the thin client

renegotiates the color depth to the lower value (for example, 256 Colors [8 bits]).

• Window mode and Full screen mode - Select the initial view of the application in a windowed screen or full screen. You can toggle between viewing modes by using CTRL+ALT+UPARROW.

• Auto-connect on start-up - When selected, automatically connects the session on start-up.

• Re-connect after disconnect - When selected, causes th e thin client to automatically reconnect to a session after a non-operator-initiated disconnect. If selected, the wait interval is that set in the Delay before re-connecting box (enter the number of seconds 1 to 3600) or the user profile for yes (20 seconds) or seconds. The default is 20 seconds if there is no INI file description of this connection, or is a Stand-a lone user, or simply omitted.

Page 37

Configuring Connectivity Options 31

Use the following guidelines on the Logon tab:

• Logging on area - Enter Login Username, Password, Domain name, and Logon Mode (if the Login Username, Password, and Domain name boxes are not populated, you can enter the information manually in the ICA server login screen when the co nnection is made):

• Login Username - 31 characters maximum.

• Password - 19 characters maximum.

• Domain Name - 31 characters maximum.

• Logon Mode - Select User-specified credentials, Smart Card, or Local User.

• Start Command area - (Server Connection Option Only - This area is disabled (grayed) for a Published Application option.)

• Application (127 characters maximum) and Working Directory (63 characters

maximum) - Enter an initialization string and arguments, including an associated working directory, that you want to start automatically on the server when the connection is made.

Use the following guidelines on the Options tab:

• Auto-connect to local devices - Select any options (Printers, Serials, USB, Smart Cards, Sound, and Disks) to have the thin client automatically connect to the devices (an ICA session will not automatically connect to a device through a serial port).

• Turn compression off - When selected, turns compression off (intended for high-speed connections).

• Optimize for low speed link - When selected, allows optimization for low-speed connections, such as reducing audio quality and /or decr easing pr otocol-specific cache size. Intended for a connection spanning a WAN link or using dialu p.

• Map all disks under (z:) - When selected, maps all disks under the Z drive.

• Enable session reliability - When enabled, session reliability allows a user to momentarily lose connection to the server without having to re-authenticate upon regaining a connection. Instead of a user’s connection timing out after X seconds, the session is kept alive on the server and is made available to the client upon regaining connectivity. Session reliability is most relevant for wireless devices.

• Allow font smoothing - When selected, enables font smoothing (smooth type).

• Mouse queue timer - Specifies the default queue timer of a mouse event in an ICA or RDP session (in 1/100 of a second). It can be used to adjust the bandwidth of a network.

Page 38

32 Chapter 4

Configuring RDP Connections

In a Virtual Desktop environment, an RDP connection will be assigned by the Virtual Desktop Broker; you do not need to create an RDP connection manually. The Virtual Desktop Broker virtual machine can be reset from the thin client by opening the Connection Settings dialog box of the virtual machine, and then clicking th e reset button (appears in the top-right of the dialog box).

Use the following guidelines:

Use the following guidelines on the Connection tab:

• Connection Description - Enter the descriptive name that is to appear in the connection list (38 characters maximum) .

• Host Names - Use the list to select the valid DNS server name or the IP address of the server to which the thin client connection is to be made (you can also use Browse next to the box to make the selection you want). For example, a list of WTS servers on the local network from which you can select.

Tip

The server name may be resolved using one of two mechanisms: DNS, and WINS. DNS uses the default domain name in the network control panel to attempt to construct an FQDN but will also try to resolve the name without using the default.

• Console mode - Select to set the RDP connection with Windows Console mode.

• Display Resolution - Select the display resolution for this connection:

Default 640 x 480 800 x 600 1024 x 768 1152 x 864 1280 x 720 1280 x 768 1280 x 1024 1360 x 768 1368 x 768 1440 x 900 1600 x 900

Page 39

Configuring Connectivity Options 33

1600 x 1200 1680 x 1050 1920 x 1080 1920 x 1200 Colors - Select the color depth of the RDP session. If High Colors (16 bits) or True Colors (32 bits) is selected and the RDP server does not support this color depth, the

thin client renegotiates the color depth to the lower value (for example, 256 Colors (8 bits). The highest is 32 bits, if hardware supports it.

Tip

For some thin clients versions, only the 256 Colors (8 bits) selection is available for RDP connections. Also, for older versions of the server sof tware (for example, RDP 4.0) the server only supports 8 bit color. This is not detectable in advance but results in use of 8-bit color when the conn ection is established.

• Window mode and Full screen mode - Select the initial view of the application in a windowed screen or full screen. You can toggle between viewing modes by using CTRL+ALT+UPARROW.

• Auto-connect on start-up - When selected, automatically connects the session on start-up.

Tip

Y ou can re set the options on the Con nection tab of the Connection Settings (RDP) dialog box. To do so, click the Reset VM command button. This

command button is located in the upper-right of the dialog box. It appears only with a VDM broker connection.

Page 40

34 Chapter 4

Use the following guidelines on the Logon tab:

• Logging on area - Enter login username, p assword, and domain nam e. If these boxes are not populated, you can enter the information manually in the RDP server login screen when the connection is made. Use the following guidelines:

• Login Username - 31 characters maximum.

• Password - 19 characters maximum.

• Domain Name - 31 characters maximum.

• Application (127 characters maximum) and Working Directory (63 characters maximum) - Enter an initialization string and arguments, including an associated working directory, that you want to start automatically on the server when the connection is made.

Use the following guidelines on the Options tab:

• Wallpaper - When selected, disables the desktop wallpaper.

• Menu / Window animation - When selected, disables the menu or window animation.

• Theme - When selected, disables the desktop themes.

• Show content when dragging - By default, when you “grab” a Window by the title bar and move it around, the contents of the window will move with it. Select this to disable this content view so that only the outline of the window moves when dragging it, until you drop the window. This option can be beneficial, as it uses less processing power.

• Font smoothing - Converts vector text to bitmap for better display.

• Auto-connect to local devices - Select any options (Printers, Serials, USB, Smart Cards, Sound, and Disks) to have the thin client automatically connect to the devices (USB - Redirects locally attached USB devices on the thin client to a Microsoft Windows terminal server. When the user connects to the terminal server, locally attached USB devices on the thin client are accessible).

• RDP Audio Playback and RDP Audio Recording - Select the audio options you want.

• Turn compression off - When selected, turns compression off (intended for high-speed connections).

• Mouse queue timer - Specifies the default queue timer of a mouse event in an ICA or RDP session (in 1/100 of a second). It can be used to adjust the bandwidth of a network.

Page 41

5 Configuring Local Settings Options

You can configure the following Local Settings options using thin client dialog boxes (depending on user privilege level, some options may not be available for use):

• "System Preferences"

• "Display"

• "Peripherals"

• “Printers”

Tip

While it is not recommended to use thin client dialog boxes for configuring Local Settings options, they are available in case you want to temporarily override central default configurations or you do not have the option to set up central configuration (smaller environments). In general, it is recommended that you use central configuration to enable you to automatically push updates and any desired default configuration to all thin clients in your Wyse ThinOS environment (see "Central Configuration: Automating Updates and Configurations").

To access Local Settings options:

• Wyse Zero Desktop - click the System Settings icon on the Wyse Zero Toolbar (administrators can also click the Admin Mode button on the Login dialog box).

• Classic Desktop - click User Name (User Name is the user who is logged-on and is located at the bottom-left side of the t askbar), and select System Setup.

Page 42

36 Chapter 5

System Preferences

The System Preference dialog box allows you to select personal preferences such as screen saver, time/date, and custom information settings.

Use the following guidelines for the General tab:

• Screen Saver - Allows you to select the type of screen saver you want. The default is to Turn Off Screen. Other selections available include Flying Bubbles and Moving Image (which are screen savers with the monitor remaining on).

• Timer - Select a time after which the screen saver is to be activated (either 1 minute, 5 minutes, 10 minutes or default is 20 minutes). When the thin client is left idle for the specified idle time, the screen saver is initiated.

• Terminal Name - Allows entry of a name for the thin client. The default is a 14-character string composed of the let ters WT followed by the thin client Ethernet MAC address. Some DHCP servers use this value to identify the IP address lease in the DHCP Manager display.

Use the following guidelines for the Time/Date tab:

• Time Zone - Allows you to select a time zone where the thin client operates (default is Unspecified).

• Enable Daylight Saving - Allows you to enable the daylight saving settings. When selected, the six boxes must be properly configured to define the daylight saving starting (month/week/day) and ending (month/week/day) periods. Use the following guidelines:

Month - Specifies the month in the year from January through December. Week - Select 1 through 4 for the week in the month. Week Last denotes the last week

in the month. Day - Specifies the day of the week from Monday through Sunday.

Page 43

Configuring Local Settings Options 37

• Time Format - Allows you to select a 12 or 24 hour time format (default is 24-hour format).

• Date Format - Allows you to select a yyyy/mm/dd (year/month/day) or dd/mm/yyyy (day/month/year) date format (default is yyyy/mm/dd).

• Time Servers - List of IP addresses or host names with optional TCP port number of Time Servers. Each entry with optional port number is specified as Name-or-IP:port, where :port is optional. If not specified, port 80 is used. Locations can be supplied through user profiles if user profiles are used. The Time Servers provide the thin client time based on the settings of time zone and daylight saving information. If DHCP is used, locations can be supplied through DHCP.

Use the Custom Info tab to enter configuration str ings for use by Wyse Device Manager (WDM) software. The configuration strings can contain information about the location, user, administrator, and so on.

Clicking OK transfers the custom field information you enter in the dialog box to the Windows registry. The information is then available to the WDM Client Manager.

For more information on using WDM for remote administration and upgrading thin client software, see "Using Wyse Device Manager Software For Remote Administration."

For details on using Custom Field information, see th e WDM documentation.

Page 44

38 Chapter 5

Display

The Display dialog box allows you to select the re solution and refr esh rate for the monitor used with the thin client. It also allows you to configure the way two monitors display.

Tip

The number of icons that can be displayed on the desktop depends on the desktop resolution and administrator configuration. On thin clients that only support 8 bit color, the 1280 x 1024 resolution will be used to display full screen connections. The 1280 x 1024 resolution will not be used to display the desktop, windowed connections, or sea m les s con ne ct i ons.

Use the following guidelines for the General tab:

• Select best display setting on DDC monitor - If the monitor is VESA DDC2B (Display Data Channel) compatible, selection of this option allows the thin client to automatically select the best resolution and refresh rate. If your monitor is not DDC compatible, a Monitor does not support Plug and Play message is displayed (click OK to acknowledge the message and remove it from the screen).

• DDC table - If the monitor is VESA DDC2B (Display Data Channel) compatible, selection of this option allows you to select the resolution and refresh rate you want from the list.

• User defined display setting - Select this option and select the resolution and refresh rate supported by your monitor (all combinations are allowed):

Resolution list selections include: 640 x 480 800 x 600 1024 x 768 1152 x 864 1280 x 720 1280 x 768 1280 x 1024 1360 x 768 1368 x 768 1440 x 900 1600 x 900 1600 x 1200 1680 x 1050 1920 x 1080 1920 x 1200

Page 45

Configuring Local Settings Options 39

Refresh rate list selections include: 60 Hz (default) 75 Hz 85 Hz

• Rotation - Select a rotation option (either None, Left turn (Experimental), or Right turn (Experimental)). Note that left or right rotations provide a 90 degree rotation.

• Desktop Color - Select the Desktop Color (either 16 bit or 32 bit).

• Usage Help area - Contains brief instructions for using the Display dialog box and running the test. No operator entry can be made in this box. Make note of the instructions in the area regarding v-key reset usage in case of display failure.

Use the following guidelines for the Dual Head tab (Supported Dual Mo nitor Ca p able Thin Clients Only):

• Dual Head - Select Disable to have the two monitors work in a matching state, or Enable to have the two monitors work separately (second is extended from first).

• Main Screen - Select which of the two monitors you want to be the main screen (Screen1 or Screen2). The other screen is extended from the main screen.

• Orientation - Select how you want the two monitors to be oriented to each other (Horizontal where you mouse between the monitors from the left and right of the screens or Vertical where you mouse between the monitors from the top and bottom of the screens).

•(Classic Desktop O nly) Taskbar - Select under which screen you want the Taskbar to appear (Whole Screen or Main Screen).

Page 46

40 Chapter 5

Peripherals

The Peripherals dialog box allows you to select the peripherals settings such as keyboard, mouse, volume, and touch screen settings.

Use the following guidelines for the Keyboard tab:

• Character Set - Select the character set (Each character is represented by a number. The ASCII character set, for example, uses the numbers 0 through 127 to repr esent all English characters as well as special control characters. European ISO character sets are similar to ASCII, but they contain additional characters for European languages).

• Keyboard Language - Currently the following keyboard languages are supported (default is English (United States)).

Table 4 Supported Keyboard Languages

Supported Keyboard Languages

Arabic (Saudi Arabia) Arabic (Iraq) Arabic (Egypt) Arabic (Libya) Arabic (Algeria) Arabic (Morocco) Arabic (Tunisia) Arabic (Oman) Arabic (Yemen) Arabic (Syria) Arabic (Jordan) Arabic (Lebanon) Arabic (Kuwait) Arabic (U.A.E.) Arabic (Bahrain) Arabic (Qatar) Brazilian Canadian (Multilingual) Chinese (Simplified) Chinese (Traditional)

Croatian Czech Danish Dutch Dutch (Belgian) English (Australian) English (3270 Australian) English (New Zealand) English (United Kingdom)

English (United States)

Finnish French (Belgian) French (Canadian) French (France) French (Swiss) German German (IBM) German (Swiss) Greek Hungarian

Italian Italian (Swiss) Japanese Korean Norwegian Polish (214) Polish Programmers Portuguese Portuguese (Brazil) Romanian Slovakian Slovakian (Qwerty) Slovenian Spanish Spanish (Mexican) Swedish Turkish Turkish (QWERTY) U.S. International

Page 47

Configuring Local Settings Options 41

• Delay before repeat - Repeat parameters for held-down key. Select the Delay before repeat (either 1/5 second, 1/4 second, 1/3 second, 1/2 second, 1 second, 2 seconds, or No Repeat). The default is 1/3 second.

• Repeat Rate - Select Slow, Medium, or Fast. The default is Medium.

Use the Mouse tab to select the Mouse Speed and mouse orientation (you can swap mouse buttons for left-handed operation by selecting Swap left and right mouse buttons).

Use the Volume tab to select the volume settings for connected devices.

Use the following guidelines for the Serial tab:

• Select Port - Select the port to which this setup definition applies. Either COM 1, COM

2, COM 3, or COM 4 can be selected (default is Port COM 1). For Models SX0 and VX0, COM 1 or COM 2 selects from either the USB or serial device.

• Baud Rate - Either 1200, 2400, 4800, 9600, 19200, 38400, 57600, or 115200 baud can be selected (default is 9600).

• Parity - Either None, Even, or Odd can be selected (default is None).

• Stop - Either 1, 1.5, or 2 stop bits can be selected (default is 1).

Page 48

42 Chapter 5

• Size - Character size 5, 6, 7, or 8 bits can be selected (default is 8).

• Flow Control - Either None, XON/XOFF, CTS/RTS, or Both can be selected (default is None).

• Serial Touch Screen selections - Select the proper touch screen ELO, MicroTouch or FastPoint from the list.

• Touch Screen on - Select the proper serial port (COM port) or None from the list.

Use the Touch Screen tab to configure touch screens that are connected to the thin client (USB). The tab is available (not grayed out) when the thin client detects that a touch screen is attached through a USB port and the setup (or calibration) has not been performed. The Touch Setup window prompts you to touch two circles on the screen to make the necessary calibration adjustment. Once calibrated, the adjustment values are saved in the local terminal NVRAM until the system is reset to factory default, or another type of touch monitor is connected.

Page 49

Printers

Configuring Local Settings Options 43

The Printer Setup dialog box allows configuration of network printers and local printers that are connected to the thin client. Through its USB ports, a thin client can support multiple printers. If more than one printer is to be used and another p ort is not available on your thin client and the port that is to be used must be shared with a USB modem converter, connect a USB hub to the port.

Tip

If required, USB-to-Parallel converter cables are available from Wyse. Port LPT1 or LPT2 selects the connection to a USB printer or parallel printer through a USB-to-Parallel cable. For ordering information, refer to the Wyse Web site at:

http://www.wyse.com/products/accessories/accessories.asp.

Use the following guidelines for the Ports tab:

• Select Port - Select the port you want from the list.

• Printer Name - This is a required entry. If Enable LPD service for the printer is selected, the printer name becomes the queue name for other clients using LPR to print to this printer.

• Printer Identification - Enter the type or model of the printer. This name should be either the device driver name for the printer under the Microsoft Windows system, or a key to map to the device driver. If not specified, the name will be defaulted to the printer-supplied identification for standard direct-connected USB printers or Generic / Text Only for non-USB connected printers upon connection to Windows hosts. The driver name mapping takes place either through a printer-mapping file read by the system as part of the global profile (wnos.ini) or by MetaFrame servers through the MetaFrame printer configuration file (\winnt\system32\wtsprnt.inf).

Tip

Most USB direct-connected printers or parallel printers connected through USB-to-parallel cable converters do report their printer identifications. Port LPT1 or LPT2 selects the connection to a USB printer or parallel printer through a USB-to-Parallel cable.

• Printer Class - Select the printer class from the list (PCL5, PS, or TXT).

• Enable the printer device - Must be selected to enable the directly-connected printer.

Page 50

44 Chapter 5

• Enable LPD service for the printer - Select this to make the thin client an LPD (Line Printer Daemon) server for LPD printing requests from the network (see LPD Services").

Tip

If the thin client is to be used as an LPD printer server, DHCP must not be used and a static IP address must be assigned to the thin client (see “Network Setup” ).

"Configuring

Use the following guidelines for the LPDs tab:

• Select LPD - Select the port you want from the list.

• Printer Name - Enter the printer name.

• Printer Identification - Enter the type or model of the printer. This name should be either the device driver name for the printer under the Microsoft Windows system, or a key to map to the device driver. If not specified, the name will be defaulted to the printer-supplied identification for standard direct-connected USB printers or Generic / Text for non-USB connected printers upon connection to Windows hosts. The driver name mapping takes place either throug h a pr inter-mapp ing file read by the system as part of the global profile (wnos.ini) or by MetaFrame servers through the MetaFrame printer configuration file (\winnt\system32\wtsprnt.inf).

• LPD Hosts - The DNS or WINS name of the server for the network printe r. An IP address can also be entered.

Tip

If the printer is attached to another thin client on your network, the entry in the LPD Hosts box is the name or address of that thin client.

• LPD Queue Name - An LPD host maintains a named queue for each supported printer. Enter the name of the queue associated with the printer to be used.

Tip

The LPD Queue Name must match the content of the Printer Name box on the thin client with the printer attached.

• Printer Class - Select the printer class from the list.

• Enable the printer device - Must be selected to enable the directly-connected printer.

Page 51

Configuring Local Settings Options 45

Use the following guidelines for the SMBs tab:

• Select SMB - Select the SMB you want from the list.

• Printer Name - Enter the printer name.

• Printer Identification - Enter the type or model of the printer. This name should be either the device driver name for the printer under the Microsoft Windows system, or a key to map to the device driver. If not specified, the name will be defaulted to the printer-supplied identification for standard direct-connected USB printers or Generic / Text for non-USB connected printers upon connection to Windows hosts. The driver name mapping takes place either throug h a pr inter-mapp ing file read by the system as part of the global profile (wnos.ini) or by MetaFrame servers through the MetaFrame printer configuration file (\winnt\system32\wtsprnt.inf).

• \\Host\Printer - Enter the Host\Printer or use Browse next to the box to make the selection you want.

• Printer Class - Select the printer class from the list.

• Enable the printer device - Must be selected to enable the directly-connected printer.

• Enable LPD service - Select this to make the thin client an LPD (Line Printer Daemon) server for LPD printing requests from the network (see

"Configuring LPD Services").

Use the following guidelines for the Options tab:

• Default Printer - Select the printer you want to be the default printer from the list.

• Enable .print Client and Port - If you want to enable .print Client, select Enable .print Client and then enter the Port.

Page 52

46 Chapter 5

The Help tab contains printer help information.

Configuring LPD Services

A thin client can be configured to provide LPD (Line Printer Daemon) services, making the thin client a printer server on the network.

Set-up the thin client that is to provide LPD print services as follows:

1. Open the Network Setup dialog box (Desktop Menu > System Setup > Network) and enter a static IP address for the thin client.

2. Open the Printer Setup dialog box (Desktop Menu > System Setup > Printer) and select any of the listed ports.

3. Name the printer in the Printer Name box.

4. Select Enable LPD service for the printer.

5. Select Enable the Printer Device.

6. Set up the application server as described in either “Setting Up Windows NT4 Serv ers”

or “Setting Up Windows 2003/2008 Servers” .

Setting Up Windows NT4 Servers

1. Navigate to Control Panel > Network > Services and ensure that the Microsoft TCP/

IP Printing service is installed. If it is not, install it using the Microsoft installation instructions.

2. Add the thin client as the LPD printer by completing the following: a. Navigate to Control Panel > Printers > Add Printers > My Computer > Add Port

and double-click LPR PORT (if you do not see LPR Port, ensure that the Microsoft TCP/IP Printing service is installed correctly).

b. Type the thin client IP address or DNS name in the Name or address of host

providing LPD box.

c. Type the printer name (assigned in “Configuring LPD Services” ) in the Name of

printer on that machine box.

d. Click OK, and then click NEXT.

3. After you have selected the printer, you can perform your normal printer setup for the

application server. For example, select the manufacturer printer type and printer name.

Page 53

Configuring Local Settings Options 47

Setting Up Windows 2003/2008 Servers

1. Navigate to Control Panel > Administrative Tools > Services and ensure the

Microsoft TCP/IP Printing service is installed. If it is not, install it using the Microsoft installation instructions.

2. Add the thin client as the LPD printer by completing the following: a. Navigate to Control Panel > Printers > Add Printers > Local Printer > Create a

new port and select LPR PORT.

Tip

If you do not see LPR Port, ensure that the Microsof t TCP/IP Printing service is installed correctly.

b. Type the thin client IP address or DNS name in the Name or address of host

providing LPD box.

c. Type the printer name (assigned in “Configuring LPD Services” ) in the Name of

printer on that machine box.

d. Click OK, and then click NEXT.

3. After you have selected the printer, you can perform your normal printer setup for the

application server. For example, select the manufacturer printer type and printer name.

Page 54

48 Chapter 5

This page intentionally blank.

Page 55

6 Performing Diagnostics

You can use the following diagnostic tools:

• “System Tools”

• “Network Tools”

To access Diagnostics options:

• Wyse Zero Desktop - click the System Settings icon on the Wyse Zero Toolbar (administrators can also click the Admin Mode button on the Login dialog box).

• Classic Desktop - click User Name (User Name is the user who is logged-on and is located at the bottom-left side of the taskbar), and select either Network Test (for network tools Ping and Trace Route) or View INI Settings (for system tools to configure Trace and Event log settings, and to view INI files).

Page 56

50 Chapter 6

System Tools

The System Tools dialog box allows you to configure Trace and Event log settings. It also allows you to view wnos.ini and user.ini cached information for troubleshooting purposes.

Use the Trace and Event log options on the General tab to configure the settings you want.

Network Tools

Using Ping

Use the Global INI tab to view wnos.ini information. Use the user.ini tab to view user.ini information.

The Network Tools dialog box allows you to use Ping (Packet InterNet Groper) and Trace Route for checking the integrity of the network connection (ping also checks the usability of the network configuration and the availability of all equipment required to communicate between the thin client and the ping destination) . Ge ne ra lly, Ping and Trace Route are used for system diagnostics by, or under the direction of, a network administrator.

The Ping dialog box executes the ping diagnostic utility and displays response messages. Ping is a diagnostic tool that sends an echo request to a networ k host. The host pa rameter is either a valid host name or an IP address. If the host is operational and on the network, it responds to the echo request. By default, echo requests are sent until interrupted (by clicking Stop in the Ping dialog box). The ping utility sends one echo request per second and calculates round trip times and packet loss statistics, and then displays a brief summary upon completion of the calculation.

The ping utility can be used to:

• Determine the status of the network and various foreign hosts

• Track and isolate hardware and software problems

• Test, measure, and manage networks

• Determine the IP address of a host if only the hostname is known

Note

Not all network equipment will respond to ping packets, since this is a common mechanism used in denial-of-service attacks. Lack of response

Page 57

Performing Diagnostics 51

does not necessarily indicate that the target of the ping is unusable for other purposes.

Use the following guidelines:

• Enter Hostname or IP - Enter the IP address, DNS-registered host name, or WINS-registered host name of the target to be pinged.

• Data area - Displays ping response messages. The ping command sends one echo request per second, calculates round trip times and packet loss st atistics, and displays a brief summary upon completing the calculation.

• Start - Executes the ping command. If the host is operational and on the network, it responds to the echo request. By default, echo requests are sent until interrupted by clicking Stop.

• Stop - Terminates the ping request and leaves the Ping dialog box open (so you can read the summary posted in the data area).

Using Trace Route

The Trace Route dialog box executes the tracert diagnostic utility and displays response messages. The tracert utility traces the path from your thin client to a network host. The host parameter is either a valid host name or an IP address. The tracert utility sends out a packet of information three times to each device (routers and computers) in the path and displays the round trip response times and identifying information in the message box.

Page 58

52 Chapter 6

Use the following guidelines:

• Enter Hostname or IP - Enter the IP address, DNS-registered host name, or WINS-registered host name of the target to be traced.

• Data area - Displays round-trip response time and identifying information for each device in the path.

• Start - Executes the tracert command.

• Stop - Terminates the tra cert command and leaves the Trace Route dialog box open (so you can read the information posted in the data area).

Page 59

A Central Configuration: Automating

Up dates and Configurations

This appendix contains information on the network architecture and enterprise server environment needed to provide network and se ssion services for Wyse thin clients running Wyse ThinOS. It also includes information to help you address important considerations when configuring the services to be provided by the server environment. Use this chapter in conjunction with the Getting Started Guide: Wyse ThinOS

Wyse ThinOS

It includes:

• "Understanding How to Configure Your Network Services"

• "Configuring Network Services"

• "Configuring Session Services"

INI Files to set up and configure your Wyse ThinOS server environment.

Understanding How to Configure Your Network Services

Network services used by the thin client can include DHCP, FTP file services, Virtual Desktop file services, DNS, and so on. How you configure your network services depends on what you have available in your Wyse ThinOS environment and how you want to design and manage it.

and the Reference Guide:

The following topics in this section provide important overview information on the supported service situations you may have when configuring the network services for your Wyse ThinOS environment (after becoming familiar with your environment requirements, refer to "Configuring Network Services" for detailed instructions):

• "DHCP and FTP Servers Available"

• "FTP Server Available (DHCP Server Unavailable)"

• "DHCP and Virtual Desktop Servers Available"

• "Virtual Desktop Server Available (DHCP Server Unavailable)"

• "FTP and Virtual Desktop Servers Unavailable (Stand-alone User or PNAgent/ PNLite-only User)"

Caution

If a thin client accesses the enterprise intranet through PPPoE or PPTP VPN and the thin client is locked-down, a non-privileged or low-privileged user attempting to reboot to Stand-alone user mode will disable the Network Setup dialog box and system reset capabilities. The user will not be able to re-access the enterprise intranet through this path. If this happens, the thin client must be moved to a location where it can access the enterprise intranet directly (Ethernet cable) and reboot so that an administrator can make any required changes to the thin client operating configurations through the user profiles (for example, set the user profile to unlock the thin client).

Page 60

54 Appendix A

DHCP and FTP Servers Available

As a network administrator in an environment where DHCP and FTP servers are available, you can set up both DHCP and FTP network services and create “global” and “user” INI files as described in the Reference Guide: Wyse ThinOS

Tip

A thin client is initially (new-thin client or reset thin client to default configurations) configured to obtain its IP address and the location of the FTP server from a DHCP server. DHCP can only be used for the Ethernet Direct access and Wireless Direct access configurations. A wnos.ini file contains the “global” parameters you want that will affect all thin clients accessing the file server. A {username}.ini file contains the user-specific or “user profile” parameters you want that will comprise the connection profile for an individual user. For information on constructing these INI files, refer to the Reference Guide: Wyse ThinOS

INI Files.

If Wireless Direct access is used, the Wireless Setup dialog box must also be configured locally (see the Users Guide: Wyse ThinOS

for wireless configuration instructions).

After DHCP and FTP servers are configured and available, simply connect the thin client to the network (either directly through a network cable or through a wireless network device), turn it on, and begin using the thin client. A sign-on name and password may be required for access to the session services. If applications (published by Citrix PNAgent/ PNLite services) are available, a Domain name mu st be ente re d or sele cte d from the list. Connections or applications may start automatically if they are configured to automatically start in the INI files.

Tip

If session connections or published applications are designated to open automatically on start-up, upon accessing the enterprise server environment you will see a session server log-in or server application window instead of the thin client desktop. Use CTRL+ALT+UPARROW to toggle between window display modes. Use CTRL+ALT+DOWNARROW to open a selection box for toggling between the desktop, the Connect Manager, and currently-active connections.

If the thin client accesses the enterprise server environment through a manually initiated Dial-up, PPPoE, and/or PPTP VPN, the automation provided by a DHCP server is not available. In such cases, refer to "FTP Server Available (DHCP Server Unavailable)" and "FTP and Virtual Desktop Servers Unavailable (S t and-alone User or PNAgent/PNLite-only User)" for configuration information.

Tip

If Dial-up, PPPoE, and/or PPTP VPN are automatically started, FTP server services can be accessed through these connections.

Page 61

Central Configuration: Automating Updates and Configurations 55

FTP Server Available (DHCP Server Unavailable)

In an environment where a DHCP server is not available but an FTP server is available, the thin client user must locally enter (using the Network Setup dialog box) network information that would otherwise be supplied by the DHCP server.

If the thin client is configured for DHCP (new-thin client or reset thin client to default configurations) but DHCP is not detected on the network, the Network Setup dialog box automatically opens when the thin client is started. You can also open the Network Setup dialog box manually by clicking on the desktop background, selecting System Setup from the desktop menu, and then clicking Network. In the Network Setup dialog box, select the Statically specified IP Address option and configure the dialog box for the following information (any remaining information will be automatically populated from the INI files when the FTP server is contacted):

• Static IP address of the thin client

• Subnet Mask

• Default Gateway

• DNS Domain Name (not necessary if DNS is not used)

• DNS Server Address (not necessary if DNS is not used)

• File Server IP address or DNS name of the FTP server on which the INI files reside and the FTP path on the server to /wnos.

• PNAgent/PNLite Servers list (If PNAgent/PNLite is deployed on the network environment, enter the IP address or Host name with optional TCP port number of one or more PNAgent/PNLite servers that will provide published applications on the network)

• Ethernet S peed

• WINS Server Address (not necessary if WINS is not used)

• Username and Password for login to the FTP server

• Rapport Server Address (not necessary if Rapport server is not used)

•Time Server

Tip

INI Files.

After the network settings are configured, reboot the thin client before using it. A sign-on name and password may be required for access to the session services. If applications (published by Citrix PNAgent/PNLite services) are available, a Domain name must be entered or selected from the list. Connections or applications may start automatically if they are configured to automatically start in the INI files.

Page 62

56 Appendix A

DHCP and Virtual Desktop Servers Available

As a network administrator in an environment where DHCP and Virtual Desktop servers are available, you can set up both DHCP and Virtual Desktop network services and create “global” and “user” INI files (in the Virtual Desktop Broker) as described in the Reference

Guide: Wyse ThinOS

Tip

A thin client is initially (new-thin client or reset thin client to default configurations) configured to obtain its IP address and the location of the Virtual Desktop server from a DHCP server. DHCP can only be used for the Ethernet Direct access and Wireless Direct access configurations. A wnos.ini file contains the “global” parameters you want that will affect all thin clients accessing the file server. A {username}.ini file contains the user-specific or “user profile” parameters you want that will comprise the connection profile for an individual user. For information on constructing these INI files, refer to the Reference Guide: Wyse ThinOS

INI Files.

If Wireless Direct access is used, the Wireless Setup dialog box must also be configured locally (see the Users Guide: Wyse ThinOS

for wireless configuration instructions).

After DHCP and Virtual Desktop servers are configured and available, simply connect the thin client to the network (either directly through a network cable or through a wireless network device), turn it on, and begin using the thin client. A sign-on name and password may be required for access to the session services. If applications (published by Citrix PNAgent/PNLite services) are available, a Doma in na m e mu st be ente re d or sele cte d from the list. Connections or applications may start automatically if they are configured to automatically start in the INI files.

Tip

If the thin client accesses the enterprise server environment through a manually initiated Dial-up, PPPoE, and/or PPTP VPN, the automation provided by a DHCP server is not available. In such cases, refer to "Virtual Desktop Server Available (DHCP Server Unavailable)" for configuration information.

Tip

If Dial-up, PPPoE, and/or PPTP VPN are automatically started, Virtual Desktop server services can be accessed through these connections.

Page 63

Central Configuration: Automating Updates and Configurations 57

Virtual Desktop Server Available (DHCP Server Unavailable)

In an environment where a DHCP server is not available but an Virtual Desktop server is available, the thin client user must locally enter (using the Network Setup dialog box) network information that would otherwise be supplied by the DHCP server.

• Static IP address of the thin client

• Subnet Mask

• Default Gateway

• DNS Domain Name (not necessary if DNS is not used)

• DNS Server Address (not necessary if DNS is not used)

• Ethernet S peed

• WINS Server Address (not necessary if WINS is not used)

• Username and Password for login to the FTP server

• Rapport Server Address (not necessary if Rapport server is not used)

•Time Server

•VDI Server

Tip

INI Files.

Page 64

58 Appendix A

FTP and Virtual Desktop Servers Unavailable (Stand-alone User or PNAgent/ PNLite-only User)

In an environment where FTP and Virtual Desktop Broker servers are not available (for example, Stand-alone User or PNAgent/PNLite-only User situations), configuration files are not available and network information must be entered locally at the thin client as follows:

• Stand-alone User - This user does not access user profiles or PNAgent/ PNLite-published applications. New and Settings command buttons appear in the Connect Manager for use (if the Connect Manager does not open automatically, open it from Desktop menu). These command buttons are also available to low-privileged and non-privileged users. Locally entered connection defini tions (using these command buttons) are preserved for the next thin client use after the thin client is powered off and restated (automatic software upda tes, however, are not available when the thin client is powered on again).

• PNAgent/PNLite-only User - This user does not access user profiles, but applications (published by Citrix PNAgent/PNLite services) are available (the IP address of a PNAgent/PNLite server and Domain are entered into the Network Setup dialog box or available through DHCP options 181 and 182). A log-on dialog box (similar to the standard log-on dialog box) opens for logging on to the PNAgent/PNLite server. Applications published by PNAgent/PNLite are listed in the Connect Manager (Published applications that add a shortcut to the client desktop will have an icon on the desktop which you can double-click to open). Locally entered connection definitions are not preserved for the next thin client use after the thin client is powered off and restated.

Configuring Network Services

Before you use the information in this section to configure your network services, be sure you have read "Understanding How to Configure Your Network Services" and remember the following important issues:

• Restrictions to Network Services can Exist - Thin client network services reside on the enterprise intranet. When setting up thin client network services, remember that if thin clients are to access the enterprise intranet through Dial-up, PPPoE, or PPTP VPN, restrictions imposed by these access paths must be considered.

• Know How Your Environment Works - Either the FTP server or the Virtual Desktop server (depending on your environment) holds the INI files, while the FTP server (if available) holds the current and upgrade versions of the thin client software.

The thin client software is acquired from either local flash memory or the FTP server. During the boot process, the local image is transferred to RAM and executed far enough for the thin client to check the image and the INI files on the file servers. Under direction of the INI files and the version of the remote image, the image in RAM can be replaced with the remote image; and sep arately , the remote image can update the local flash-memory.

• Functionality Depends on You - The Wyse ThinOS INI files contain the parameters and associated values necessary for the various functionality you want. The INI files (wnos.ini file and {username}.ini file) are constructed and maintained by you and are stored on the file server for use with thin clients running Wyse ThinOS.

Page 65

Central Configuration: Automating Updates and Configurations 59

Tip

The INI files contain connection definitions and thin client settings. These text-based files must be created and maintained by using an ASCII text editor. If the INI files are omitted or they cannot be accessed because a file server is not used, the thin client user must enter connection definitions locally (or for FTP servers, use what is published by PNAgent/PNLite servers residing on the network). Y ou can also de fine connections in the INI files which are to be stored in local NV-RAM and used in case s where the file server fails.

A wnos.ini file contains the “global” parameters you want that will affect all thin clients accessing the file server. A {username}.ini file contains the user-specific or “user profile” parameters you want that will comprise the connection profile for an individual user. The thin client accesses the wnos.ini file upon thin client initialization and accesses any individual {username}.ini file when the user logs on (if user login is required, the {username}.ini file must exist before that user can log in). For information on constructing these INI files, refer to the Reference Guide: Wyse ThinOS

INI Files.

To configure network services, use the information in the following sections:

• "Configuring FTP Servers"

• "Configuring Virtual Desktop Infrastructure Servers"

• "Configuring DHCP (DHCP Options)"

• "Configuring DNS"

• "Configuring WINS"

• "Configuring Wyse Device Manager Servers"

• "Configuring Wireless Access"

Configuring FTP Servers

Before you use the information in this section to configure your FTP server, be sure you understand and use the following guidelines:

• General Guidelines - When the thin client boots, it accesses the software update images and INI files from the FTP server. The FTP server and path to the software update files are available through DHCP vendor options 161 and 162 (see DHCP (DHCP Options)"). If these are not specified, the default FTP server is the DHCP server from which the thin client receives its IP address and the default directory (\wyse\wnos for Windows FTP servers, or /wyse/wnos for Linux FTP servers).

The FTP server and path to the software update files can also be specified locally on the thin client. DHCP options 184 and 185 can be used to provide the User ID and Password for non-anonymous access to the FTP server in Wyse ThinOS version 4.3 and later. For Wyse ThinOS versions earlier than 4.3, the file server must have anonymous login capability and provide at least file read privilege for the anonymous user (it must also provide file write privilege if users are allowed to change their passwords).

• Non-Anonymous Access Guidelines - You must first create a local account (name the account so that you remember it is a non-anonymous account) on the FTP server defined between the DHCP vendor options 161 and 162 (DHCP server). Then, add DHCP options 184 and 185 to provide the User ID and Password for non-anonymous access to the FTP server. Ensure that option 184 is the account User ID and that option 185 is the account Password, and that you keep consistency with FTP server

"Configuring

Page 66

60 Appendix A

DHCP vendor options (for example, ensure that the 184 and 185 options are string parameters). Then provide the non-anonymous account with read-only permissions through the entire FTP server path. Be sure to modify these guidelines according to your specific security environment and configuration.

• Windows FTP Server Guidelines - You can use the FTP tools available on the Windows server. For Wyse ThinOS versions earlier than 4.3, be sure the Windows server supports the anonymous log-in capability. For Wyse ThinOS version 4.3 and later, this suppor t is not necessa ry because of the User Interface ( UI)/DHCP feature to specify the login ID and password.

• Linux FTP Server Guidelines - Be aware of the following:

• The FTP server must be configured to offer FTP services (by adding the following

line or equivalent to the /etc/inetd.conf file, if it is not already present): ftp stream tcp nowait root /usr/sbin/tcpd in.proftpd

• The FTP server must be configured to support anonymous FTP. For most FTP

servers, this requires establishment of an FTP login account by adding the following line or equivalent to the /etc/password file:

ftp:x:17:1:Anonymous FTP directory:/home/ftp:/dev/null/ ftp-shell

The shell file /dev/null/ftp-shell need not exist, but some FTP servers require that it be listed in the /etc/shells file to allow FTP connections on this account.

• Depending on which Linux distribution you are using, additional modifications to a

central configuration file for the FTP daemon may be necessary to enable anonymous FTP. You can try man protftp, man wuftpd, or man ftpd to access information applicable to your particular FTP daemon.

• A Linux server used for FTP must support passive FTP.

• FTP Folder Structure Guidelines - The FTP folder structure that is required by thin clients running Wyse ThinOS is \wyse\wnos and must be placed under the FTP root folder (if DHCP option tag 162 is not used) or under the folder which has been specified by DHCP option 162. For example, if DHCP option tag 162 has been configured with the name ThinClients and DHCP option tag 161 has been configured with IP address 192.168.1.1, then the thin client will check the folder <FTPRoot>\ThinClients\wyse\wnos for a wnos.ini and firmware on the FTP server with the IP address (192.168.1.1). The sub-folder \bitmap must be placed under the \wnos folder and can contain graphical images for icons and background images. The sub-folder \cacerts can be placed under the \wnos folder and can contain you r CA certificates. The sub-folder \inc can be placed under the \wnos folder and can contain the mac.ini files (note that the use of the parameter

mac-address.ini” so that you can use inc in the folder structure and use $MAC.ini).

sub-folder \trace can be placed under the \wnos folder and can contain the trace files that you can capture and play back (be sure to en ab le th e parame te r, EnableTrace=yes). The following figure shows an example of the folder structure of an FTP server for Wyse ThinOS.

Include=$mac.ini will load “/wnos/inc/

The

Page 67

Central Configuration: Automating Updates and Configurations 61

To configure an FTP server, complete the following procedures:

1. Create the following directory structure on your FTP server:

<path from anonymous user FTP root>\wyse\wnos\ <path from anonymous user FTP root>\wyse\wnos\bitmap\ <path from anonymous user FTP root>\wyse\wnos\cacerts\ <path from anonymous user FTP root>\wyse\wnos\inc\ <path from anonymous user FTP root>\wyse\wnos\trace\

Tip

There is a difference between a path obtained from the DHCP server and a path entered in the UI. If the path is obtained from DHCP, /wyse/wnos are appended. If the path is obtained from th e UI, the /wyse portion is not appended; only /wnos is automatically inserted. As written in this first step, the configuration procedure will only work in conjunction with a DHCP server.

2. If you need to upgrade the firmware for your thin client, you must have a Software Maintenance agreement to download the files (for details, go to http://www.wyse.com/

products/software/os/index.asp). Copy the RCA_boot and RCA_wnos (if you have an

S10) or V10L_boot and V10L_WNOS (if you have a V10L) and place it in the wnos subdirectory of your FTP server.

3. Obtain the Sample User INI files (go to http://www.wyse.com/manuals

, search for sample.ini, click the reference guide link, and then click the sample ini link to open and use the file download dialog box to save the compressed file to a folder you want) and unpack them into a directory from which they can be examined and modified using an ASCII text editor. These sample files are annotated to allow you to use them as a starter set on your FTP server and can be modified to suit your needs. The compressed file includes:

• wnos.kiosk - Example wnos.ini file for a kiosk configuration

• wnos.login - Example wnos.ini file to enable multiple user accounts

• user.ini - Template for {username}.ini for individual user profiles

4. Determine whether all the thin clients served by this FTP server will be used as kiosks or will support individual user accounts. You must rename the downloaded files so that there will be one wnos.ini file available to all users globally; and for a multiple user account configuration there will be a unique {username}.ini file for each user. In addition:

• If the kiosk configuration is to be used - Change the name of wnos.kiosk to

wnos.ini. Otherwise, for multiple user accounts, change the name of wnos.login to wnos.ini.

• If the individual user account configuration is to be used - Make a copy of the

user.ini file for each user name as {username}.ini (where {username} is the name of the user) and place the files in the subdirectory ini of wnos. The files must have read permission enabled, and if users are to be allowed to change their passwords, the files also must have write permission enabled (so that the thin clients can write the encrypted user passwords to them). For Linux servers, use the chmod command to set the read/write permissions. For Micro soft se rvers, use the Properties dialog box to set read/write permissions.

5. If desired, you can customize the INI files to match the local environment using the instructions in the Reference Guide: Wyse ThinOS files to include icons and logos, be sure to place the images in the FTP server/wnos/ bitmap subdirectory.

INI Files. If you modify the INI

Page 68

62 Appendix A

Configuring Virtual Desktop Infrastructure Servers

When the thin client boots, it accesses the INI files from a Virtual Desktop Infrastructure (VDI) server. VDI servers are available through DHCP vendor option 188 (see "Configuring DHCP (DHCP Options)").

The thin client communicates with a Virtual Desktop Broker server by the sysinit, signon, signoff, and shutdown commands. When the thin client boots and successfully connects in a Virtual Desktop environment, it sends the sysinit command to the Virtual Desktop Broker, which then sends back the wnos.ini file (if a broker connection cannot be made, the thin client will attempt to connect to an FTP or PNLite server). After the thin client successfully receives the wnos.ini from the Virtual Desktop Broker, a sign-on window displays, prompting the user for username and password credentials. The thin client then sends the signon command to the Virtual Desktop Broker with the username and password as it s parameter. If the sign-on is successful, the Virtual Desktop Broker server will send back the {username}.ini file (if the sign-on is unsuccessful, the user is prompted again for username and password credentials). The

signoff command will be sent when a user disconnects from the connection. The shutdown command will be sent when a user turns off the thin client power.

Configuring XenDesktop Support

XenDesktop is supported in Wyse ThinOS without the need to use a Web br owser. To connect to XenDesktop, do not use the VDI Broker parameter. Instea d, use the same parameter and configuration that is used when connecting to a PNAgent/Lite server.

Configuring DHCP (DHCP Options)

Before you use the information in this section to configure your DHCP server, be sure you understand and use the following guidelines:

• General Guidelines - The DHCP service provides all thin clients on the network with their IP addresses and related network information when the thin clients boot. DHCP also supplies the IP address and directory path to the thin client software images and user profiles located on the file servers.

Use of DHCP is recommended. However, if a DHCP server is not available, fixed IP addresses can be assigned (this does, however, reduce the stateless functionality of the thin clients) and the fixed IP addresses must be entered locally for each device using the thin client Network Setup dialog box as described in (DHCP Server Unavailable)" and "Virtual Desktop Server Available (DHCP Server Unavailable)").

Many DHCP options correspond to places in the network configuration UI where the thin client user can enter information manually. Be aware that wherever there is information in the UI and the thin client receives information about the same function from one or more DHCP options, the information received from the DHCP server will replace the information contained in the UI. Howe ve r, if the thin client does not receive information from the DHCP server about a particular function, the information manually entered in the UI will remain and will be used.

• LPD Print Server Guidelines - If a particular thin client is to function as an LPD print server, it can be assigned a fixed IP add ress. However, you can also guarantee that an LPD server will always have the same IP address by making a reservation for that thin client in the DHCP server. In that way , you can preserve the stateless nature of the thin client and still guarantee a fixed address for the server. In fact, you can assign a

"FTP Server Available

Page 69

Central Configuration: Automating Updates and Configurations 63

symbolic name to the reservation address so that other thin clients can reference the LPD server by name rather than by static IP address (the symbolic name must be registered with a DNS server before other thin clients will be able to locate this LPD server). The thin client does not dynamically register its name and the DNS registration must be manual.

• Wyse Device ManagerTM (WDM) Guidelines - If you use WDM, the thin client uses port 80 as the default to access a WDM server (formerly known as Rapp ort server). If a port other than 80 is used to access a WDM server, use option 187 in the list of DHCP options in

Table 5 (option for a WDM server is option 186 in the list of DHCP options in Table 5). WDM options are the only options used by the thin client that are not in text form.

• PNAgent/PNLite Server Guidelines - If you use a a PNAgent/PNLite server, the thin client uses port 80 as the default to access a PNAgent/PNLite server. If a port other than 80 is used to access a PNAgent/PNLite server , the port number must be specified explicitly with the server location in the form IP:port or name:port (option for a PNAgent/PNLite server is option 181 in the list of DHCP options in

Table 5).

• Windows DHCP Server Guidelines - You can use the DHCP tools available on the Windows server.

• Linux DHCP Server Guidelines - For Linux servers, enter DHCP options 161 an d 162 (described in

Table 5) in /etc/dhcpd.conf (refer to the manual page man dhcpd.conf for more information on DHCP and the syntax of this file). For example, if you want the computer to search ftp://132.237.16.157/pub/

serversoftware/wnos, add the following line to /etc/dhcpd.conf: option option-161 132.237.16.157;option option-162 "pub/ serversoftware$";

As mentioned in Table 5, the /wnos suffix is automatically appended to the FTP path, so you should not specify it explicitly. In this case, the actual directory searched will be pub/serversoftware/wnos.

• DHCP Options Guidelines - Wyse ThinOS uses several DHCP option tags. These option tags must be created, activated within the DHCP scope(s), and then added for the thin clients to use them. The following figure shows the Windows DHCP Server Predefined Options and Values dialog box that is displayed when right-clicking the DHCP server and selecting Set Predefined Options. The most commonly used tags are 161 and 186. Depending on the Terminal Server environment, more options can be added using the Predefined Options and Values dialog box.

Page 70

64 Appendix A

Use the guidelines shown in Table 5 when creating and adding the DHCP option tags you need for your thin clients.

Tip

Ensure that within the DHCP scope these new DHCP option tags you create are activated (this can be done using the Configure Options command), before you add them.

Table 5 DHCP Options

Option Description Notes

1 Subnet Mask Required. However , it is not is not required unless

2 Time Offset Optional. 3 Router Optional, but recommended. It is not required

the thin client must interact with servers on a different subnet (MS DHCP requires a subnet mask and will always send one).

unless the thin client must interact with servers on a different subnet.

6 Doma in Nam e Server

(DNS) 15 Domain Name Optional, but recommended. See Option 6. 28 Broadcast Address Optional. 44 WINS servers IP

Address 51 Lease Time Optional, but recommended. 52 Option Overload Optional. 53 DHCP Message Type Recom m en d ed . 54 DHCP Server IP

Address 55 Parameter Request

List 57 Maximum DHCP

Message Size 58 T1 (renew) Time Optional, but recommended. 59 T2 (rebind) Time Optional, but recommended.

Optional, but recommended.

Optional.

Recommended.

Sent by thin client.

Optional (always sent by thin client).

61 Client identifier Always sent. 161 FTP server list Optional string. Can be either the name or the IP

address of the FTP server. If a name is given, the name must be resolvable by the DNS server(s) specified in Option 6. If the option provided by the server is blank or the server provides no value for the field, the machine on which the DHCP server resides is assumed to also be the FTP server.

Page 71

Central Configuration: Automating Updates and Configurations 65

Table 5 DHCP Options, Continued

Option Description Notes

162 Root path to the FTP

files

Optional string. If the option provided by the server is blank and the server prov ide s no valu e for the field, a null string is used. \wyse\wnos is automatically appended to the search path. For example, if you enter pub\serversoftware, the path searched will be pub\serversoftware\wyse\wnos. Note: You ca n ha ve the \wyse automatic component of the search path omitted by appending a dollar sign ($) to the entered path. For example, if you enter pub\serversoftware$, the path searched will be pub\serversoftware\wnos. Note: The usage or omission of a leading slash (\) on the path is critical on some servers. Some servers limit access to the root path of the user specified at login. For those servers, the usage of the leading slash is optional. Some *NIX servers can be configured to allow the FTP user acce ss to the entire file system. For those servers, specifying a leading slash specifies that access is to start at the root file system. Proper matching of the file specification to the FTP server in use is critical to ensuring proper operation. A secured Windows server requires the slash be specified in order to complete proper access.

181 PNAgent/PNLite server

list

Optional string. The thin client uses the server to authenticate the Windows credentials of the user and to obtain a list of ICA published applications valid for the validated credentials. The user supplies those credentials when logging in to the thin client.

182 NT domain list for

PNAgent/PNLite

Optional string. The thin client creates a pull-down list of domains from the information supplied in option 182. This list is presented at thin client login in the order specified in the DHCP option (for example, the first domain specified becomes the default). The selected domain is the one which must authenticate the user ID and password. Only the selected domain is used in the authentication process. If the domain list is incomplete and the user credentials must be verified against a domain not in the list (assuming that the server in option 181 is capable of authenticating against a domain not in the list), the user has the option of not using any of the domains specified in option 182 and typing a different domain name at the time of login.

184 FTP Username Optional string. Wyse ThinOS version 4.3 and

later only.

185 FTP Password Optional string. Wyse ThinOS version 4.3 and

later only.

Page 72

66 Appendix A

Table 5 DHCP Options, Continued

Option Description Notes

186 Wyse Device Manager

(WDM) server list

(formerly know as

Rapport)

187 WDM server port

(formerly know as

Rapport)

188 Virtual Desktop Broker

port 190 WDM secure port

(formerly know as

Rapport) 192 WDM server port

(formerly know as

Rapport)

Optional binary IP addresses of WDM. This option can specify up to two Wyse Device Manager servers. If two are specified, at boot time the thin client will attempt to check-in to the first server. If it cannot contact the first server it will try to check-in to the second server. Wyse ThinOS version 4.3 and later only.

Optional number. Byte, word, or two-bytes array. NOTE: The value of this option tag, when not embedded in Ve ndor Class Specific Information option, is interpreted in reverse order when it is sent as 2 bytes (for example, the value of 0x0050 was interpreted as 0x5000). This option tag was used by old Wyse ThinOS releases. New Wyse ThinOS releases still accept this option tag for backward compatibility.

Optional string.

Optional number. Word, or two-bytes array. Specifies to use HTTPS to communicate with WDM instead of HTTP.

Optional number. Word, or two-bytes array. NOTE: The value of this option tag represen t s the same information as option tag 187. The difference is that Wyse ThinOS interprets the value of this option tag in correct order (for example, the value of 0x0050 is interpreted as 0x0050). If the DHCP server provides both option tag 192 and 187, option tag 192 takes precedence.

Tip

The thin client conforms to both RFC-compliant DHCP servers (RFC numbers 2131 and 2132) and RFC-noncompliant Microsoft servers (which NULL terminate strings sent to the thin client). The thin clie nt su pp o rts both infinite leases and leases that expire (per RFC 2131 and others).

Tip

Not all options in the range 128-254 are strings. Options 186, 190, and 192 are employed for all Wyse product s that use WDM. Their for mat and conten t are determined by the WDM product.

Page 73

Central Configuration: Automating Updates and Configurations 67

Configuring DNS

Thin clients accept valid DNS names registered on a DNS server available to the enterprise intranet. In most cases, DNS is not required but may be used to allow hosts to be accessed by their registered DNS names rather than their IP addresses. Every Windows DNS server in Windows 2000 and later includes Dynamic DNS (DDNS) and every server registers dynamically with the DNS server. There are also DDNS implementations available for *NIX environments. However, the thin client does not do dynamic registration, and therefore, requires a static or non-variant IP address and manual DNS registration in order to provide LPD support by name (for example, in the case where the thin client is used as an LPD printer server or if DHCP is not available). For DHCP entry of DNS domain and server location information, refer to "Configuring DHCP (DHCP Options)."

Configuring WINS

The thin client does not do dynamic registration and therefore, requires a static or non-variant IP address and manual Windows Internet Naming Service (WINS) registration. Use the network address of an available WINS name server. WINS allows the thin client user to specify remote systems by their host names rather than IP addresses. If a specific IP address (instead of a name) is entered for a connection, it rather than WINS will be used to make the connection. These entries are supplied through DHCP , if DHCP is used.

Tip

You may use two WINS server addresses, separated by a semicolon, comma, or space. The first address is for the primary WINS server and th e second address is for a backup WINS server.

Configuring Wyse Device Manager Servers

Wyse Device ManagerTM (WDM) servers provide network management services to the thin client (complete user-desktop control - with features such as remote shadow, reboot, shutdown, boot, rename, automatic device check-in support, Wake-On-LAN, change device properties, and so on). Use the IP addresses or host names with optional TCP port number for WDM servers. Each entry with optional port number is specified in the form IP:port or name:port, where :port is optional (if not specified, port 80 is used).

Configuring Wireless Access

Thin clients running Wyse ThinOS can support 802.11b/g/n wireless connections. WEP is used as the encryption method in 802.11b wireless access. WEP, WPA-Personal, WPA2-Personal, WP A-Enterprise and WPA2-Enterprise are used as the encryption and authentication methods in 802.11g/n wireless access. For a wireless access point, Cisco, TP-Link, and D-Link products are recommended. For a Radius server used in EAP-TLS, the IAS, FreeRadius and Cisco ACS are recommended.

Tip

Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. As a RADIUS server, IAS performs centralized connection authentication,

Page 74

68 Appendix A

authorization, and accounting for many types of network access; including wireless and virtual private network (VPN) connections. The FreeRADIUS Server is a daemon for unix and unix-like operating systems which allows you to set up a radius protocol server (which can be used for authentication and accounting for various types of network access). Cisco Secure Access Control Server (ACS) for Windows provides a centralized identity networking solution and simplified user management experience across all Cisco devices and security management applications.

Configuring for Transport Layer Security (TLS) Connections Over a LAN

The IEEE 802.1x standard allows a switch port to remain wired or enabled but not permit traffic to traverse the switch until the identity of the client is confirmed. IEEE 802.1x is a security feature. It defines the process of authenticating a wired or wireless client to allow the client to communicate with the network. Wyse ThinOS supports IEEE 802.1x for thin clients to be authenticated to access an Ethernet network. To enable this connection, you must download certificates from a Certificate Authority (CA), and then install and configur e them for the thin client.

To configure the authentication options:

1. Open the Network Setup dialog box (click the desktop to open the menu, select System Setup, and then click Network).

2. Click the Authentication tab.

3. Select either the Wire or Wireless Authentication Mode option (Wire is the default

mode).

4. Select the Enable IEEE802.1x Authentication check box.

5. In the EAP Type drop-down list, select an Extensible Authentication Protocol option (either TLS, LEAP, or PEAP.

Tip

In Wire mode, only the TLS EAP type is available; in Wireless mode, the TLS, LEAP, and PEAP EAP types are available.

6. Use the following guidelines to configure the EAP Type option you selected:

• TLS - If you select the TLS option, click Properties to open and configure the

Authentication Properties dialog box (you can use Browse to find and select the

Client Certificate file and Private Key file you want). Note that the CA certificate must be installed in the device.

• LEAP - If you select the LEAP option, click Properties to open and configure the

Authentication Properties dialog box (be sure to use the correct Username and Password for authentication). Note that the maximum length for the username or the password is 64 characters.

• PEAP - If you select the PEAP option, click Properties to open and configure the

Authentication Properties dialog box (be sure to select either EAP_GTC or EAP_MSCHAPv2, and then use the correct Username, Password, and Domain, if

necessary, for authentication). To configure EAP-GTC, enter the username only, and the password or PIN will be asked when authenticating. To configure EAP-MSCHAPv2, enter the username, password, and domain (domain\username in the username box is supported, but you must leave the domain box blank). Note that the CA certificate must be installed in the device (the server certificate is forced to be validated).

Page 75

Central Configuration: Automating Updates and Configurations 69

7. In the Network Setup dialog box, select an Import From option (either USB Key -the default - or File Server) to configure where a user can import a new certificate, click

Import, and then use the following guidelines to configure the option you selected:

·USB Key: Select a certificate and click OK to import it to local memory.

· File Server: Enter the path to the certificate, and then enter a username and

password.

8. (Wireless Networks Only) Click Wireless Setup to open the Wireless Setup dialog box and use the following guidelines:

Tip

The on-board NIC is “favored” if a valid link is detected, and the USB wireless will not be activated; otherwise, USB wireless becomes the system’s LAN, all configured network settings apply to the wireless network, and the USB wireless controls the NIC and functions such as the local Ethernet. Curr ently, only the Action Tec USB wireless card is supported.

·Mode: Select either the Infrastructure or Ad Hoc option.

Infrastructure - Select Infrastructure for access point wireless networks in which

thin clients connect to access points as they move from place to place (for example, from floor to floor) or require a new access point due to traffic congestion. Ad Hoc - Select Ad Hoc for computer-to-computer wireless networks in which th in clients connect to one another directly.

· SSID: Enter the name of the wireless network to which the thin client will connect

(32 characters maximum).

·Channel: Select a channel number from 1 to 14.

· Encryption: Select one of eight user-defined WEP/WPA keys.

· Algorithms: Select either Open or Shared Key for WEP encryption.

·Key: Depending on which WEP/WPA key you selected, use the following

guidelines:

None - Enter no characters. WEP Key 1-4 - Enter 5 or 13 characters for the 64-bit or 128-bit encryption key, or

10 or 26 hex-decimal digits. WPA_PSK or WPA2_PSK - Enter any value from 8 to 63 characters, or specify the numbers as 128 hex-decimal digits. WPA_Enterprise or WPA2_Enterprise - Enter no characters.

Page 76

70 Appendix A

Configuring Session Services

Before you use the information in this section to configure your ICA and RDP session services, be sure you understand and use the following guidelines:

• General Guidelines - Be aware of the following:

• The Thin-client session services are made available by servers hosting Citrix ICA

and Microsoft RDP software products.

• A browser must be available through one of the session services to access any

on-line help documentation for users.

• There can be more connections than desktop space to display them.

• Connections can be defined in persistent memory (with a statement reading

enablelocal=yes in the wnos.ini file). These connections can be displayed as desktop icons only in Stand-alone mode with a Non-privileged user.

• Only the connections defined in an INI file and containing an icon= clause will be

displayed on the desktop (assuming there is adequate desktop space).

• Connections can be displayed on the desktop without requiring a sign-on (when

you define these connections in a wnos.ini file or whe n th e wno s. i ni file doe s not contain a SignOn=yes statement).

• ICA Guidelines - Independent Computing Architecture (ICA) is a three-tier, server-based computing technology that separates the logic of an application from its user interface. The ICA client software installed on the thin client allows the user to interact with the application GUI, while all of the application processes are executed on the server. ICA connects to NT TSE, Windows Server 2003, or Windows Server 2008 Server hosts that have a Citrix MetaFrame server, Citrix Presentation server, or CDS installed. Load balancing is included. ICA browsing or DNS can be used to resolve the server name. For information on configuring ICA, refer to Services." For detailed information on the supported parameters (in the INI files) that you can use for ICA connections, refer to the Reference Guide: Wyse ThinOSTM INI Files.

"Configuring ICA Session

Tip

The ICA server must be licensed from Citrix Systems, Inc. You must purchase enough client licenses to support the total concurrent thin client load placed on the Citrix server farm. A failure to connect when all client seats are occupied does not represent a failure of Wyse equipment. The ICA client software is installed on the thin client.

• RDP Guidelines - Remote Desktop Protocol (RDP), like ICA, is a network protocol that allows a thin client to communicate with the Terminal Server or Windows 2003/2008 Server with Terminal Services over the network. This protocol is based on the T.120 protocol suite, an international standard multi-channel conferencing protocol. The thin client supports both RDP version 4.x and version 5.x. For information on configuring RDP, refer to supported parameters (in the INI files) that you can use for RDP connections, refer to the Reference Guide: Wyse ThinOS

"Configuring RDP Session Services." For detailed information on the

INI Files.

Page 77

Central Configuration: Automating Updates and Configurations 71

About Wyse TCX Software

Wyse® TCX Software™ provides an enrichment layer above ICA and RDP connections that enable multiple monitor awareness, rich multimedia playback, high quality bidirectional audio capabilities, and seamless USB device access for Wyse thin clients. Wyse ThinOS has built-in support for the following Wyse TCX solutions (a license may be required to activate a feature):

• Wyse® TCX Multi-Display™

• Wyse® TCX Multimedia™

• Wyse® TCX Rich Sound™

• Wyse® TCX USB Virtualizer™

• Wyse® TCX Flash Redirection™

For more information about Wyse TCX software and support platforms, visit

www.wyse.com/tcx

About Wyse Virtual Desktop Accelerator Software

Wyse® Virtual Desktop Accelerator (VDA) is a software product that, when used with Wyse thin clients, provides an “accelerated” user experie nce on remote d esktop sessio ns with high round-trip delay between the server and client. By accelerating the remote desktop protocols by a factor of up to 3 times on certain networks, a Wyse VDA session with a server located thousands of miles from your thin clients “feels” similar to a non-accelerated session with a server located just a few hundred miles from your thin clients.

Built for use on high-bandwidth high-latency networks that are prone to packet loss situations, primary use cases for Wyse VDA include:

• Datacenter Consolidation

• Desktop Cloud Computing

• Remote Off-Shore Desktop Computing

Page 78

72 Appendix A

Configuring ICA Session Services

Before you use the information in this section to configure your ICA session services, be sure you have read "Configuring Session Services."

ICA session services can be made available on the network using either Windows 2003/ 2008 Server with Terminal Services and one of the following installed:

• Citrix MetaFrame XP

• Citrix Presentation Server

Tip

If PNAgent/PNLite-published application services are to be made available to the thin clients, refer to installing Citrix MetaFrame XP.

When using the instructions accompanying these products to install them and make sessions and applications available to the thin clients sharing the server environment, be aware of the following:

• If a Windows 2003/2008 Server is used, a Terminal Services Client Access License (TSCAL) server must also reside somewhere accessible on the network. The server will grant a temporary (120-day) license on an individual device basis. Beyond the temporary (120-day) license, you must purchase TSCALs and install them on the TSCAL server (you will not be able to make a connection without a temporary or permanent license).

• It is recommended that any ICA connection which traverses a Dial-up or WAN connection have Lowband=yes set in the INI files or the Optimize for low speed link option selected in the Connection Settings (ICA) dialog box.

• If an ICA connection is created using the Connect Manager and the Host Names or Application Name text box is left blank, a message appears prompting the user to enter the IP Address or Server Name of the ICA server to which to connect.

• An audio input port is available (Audio can be recorded).

"PNAgent/PNLite Installation Guidelines" when

PNAgent/PNLite Installation Guidelines

PNAgent/PNLite is a component of the Citrix XML publishing service. PNAgent/PNLite is an ICA connection mode that enables the thin client to connect to applications available (published) on an ICA server without having to configure connections for individual published applications.

Use the following guidelines during installation:

• MetaFrame XP - Installing MetaFrame XP supports XML publishing services. During installation, a series of prompts appear for you to follow. When you are prompted to install the XML Publishing Service, be aware that clicking Yes to this option allows you to change the default port (80) used by the service.

• Citrix Presentation Server - Installing Citrix Presentation Server supports XML publishing services. During installation, a series of prompts appear for you to follow.

The port to be used for XML publishing services must be known for making appropriate PNAgent/PNLite server location entries required by the operating mode (for related information, refer to "Configuring DHCP (DHCP Options)," the Users Guide: Wyse

ThinOS

the Reference Guide: Wyse ThinOS default port, but if a port other than 80 is used, the port number must be specified explicitly with the PNAgent/PNLite server location in the form IP:port or name:port, where :port is optional.

(for locally configuring the thin client using the Network Setup dialog box) , and

INI Files). The thin client uses port 80 as the

Page 79

Central Configuration: Automating Updates and Configurations 73

Configuring RDP Session Services

Before you use the information in this section to configure your RDP session services, be sure you have read "Configuring Session Services."

RDP session services can be made available on the network using any of the following:

• Windows 2003/2008 Server with Terminal Services installed

• Windows NT 4.0 Terminal Services (WTS) Edition

• Windows XP

When using the instructions accompanying these products to install them and make sessions and applications available to the thin clients sharing the server environment, be aware of the following:

• If a Windows 2003/2008 Server is used, a Terminal Services Client Access License (TSCAL) server must also reside somewhere accessible on the network. The server will grant a temporary (90-day) license on an individual device basis. Beyond the temporary (90-day) license, you must purchase TSCALs and install them on the TSCAL server (you will not be able to make a connection without a temporary or permanent license).

• It is recommended that any RDP connection which traverses a Dial-up or WAN connection have Lowband=yes set in the INI files or the Optimize for low speed link option selected in the Connection Settings (RDP) dialog box.

• If an RDP connection is created using the Connect Manager and the Host Names or Application Name text box is left blank, a message appears prompting the user to enter the IP Address or Server Name of the RDP server to which to connect.

• Wyse ThinOS version 4.2 and later supports an RDP connection with no encryption (found in older versions of Microsoft NT4-TSE servers).

• Wyse ThinOS version 4.2 and later supports server browsing over Server Message Block (SMB) when defining an RDP connection. SMB browsing restrictions mean that the server desired may not be listed, in which case the user will need to know either the name or IP address of the targ et ser ver and en ter th at infor ma tion in to the te xt b ox ( as it will not appear in the pull-down list).

Page 80

74 Appendix A

This page intentionally blank.

Page 81

B Remote System Administration

This appendix provides remote system administration information to help you perform the routine tasks needed to maintain your Wyse ThinOS environment.

It includes:

• "Using Wyse Device Manager Software For Remote Administration"

• "Updating Software"

• "Managing Icons and Logos"

• "Understanding and Using System Lockdown Operations"

• "Configuring Virtual Access Suite Support"

Using Wyse Device Manager Software For Remote Administration

Wyse Device ManagerTM (WDM) servers provide network management services to the thin client (complete user-desktop control, with features such as remote shadow, reboot, shutdown, boot, rename, automatic device check-in support, Wake-On-LAN, change device properties, and so on). Ordering information for WDM is available on the Wyse Web site at: http://www.wyse.com/products/software/rapport

Updating Software

The software version is embedded in both the RAM and flash memory images. This version information is used to compare the images on the FTP server to the currently-loaded flash image on the thin client. A major revision number supersedes a minor revision number when making the comparison. In turn the minor version number takes precedence over the build number. The image names and date-time stamps determine whether or not the update is newer than the version currently installed on the thin client.

After obtaining software updates from Wyse, you must replace the existing software images in the wnos subdirectory on the FTP server to allow the thin clients to

Tip

The code identifier is split into 4 parts, the major release identifier, the minor release identifier, the build number identifier, and the sub-build number identifier (if the sub-build number is 0, it will not be displayed). Each part is compared against the current code internal identifier in the same format. If the file identifier is greater , the update is performed. If th e file identifier is less, the update is abandoned. If the file identifier is equal, the next term is examined until the build identifiers are found to be equal and the update is abandoned. This comparison process using the build number can be important in cases where you are using a beta release, or in cases where you need to reinstall a release with the same major and minor numbers but with an updated build.

Page 82

76 Appendix B

automatically detect and self-install the new software (upon thin client system start). The FTP server address and exact path to these files are specified in DHCP Options 161 and 162 (if DHCP is not used, the path is specified in the Network Setup dialog box on the thin client).

Each time a thin client boots, it checks the software images on the FTP server, and if configured, automatically performs an update if a newer version is detected. Whether or not an update is performed depends on the AutoLoad p arameter setting in the wnos.ini file as described in the Reference Guide: Wyse ThinOS

Be aware that there is a significant distinction between using DHCP and not using DHCP to access the various necessary files as follows:

• If DHCP is used, thin client software automatically inserts the path command /wyse following what it receives from the DHCP server (unless the path is terminated by a $); this is done only if a value is received from DHCP. The dollar sign character ($) acts as a flag that notifies Wyse ThinOS that the absolute path has been given (that is, where it expects to find Wyse ThinOS configuration files inside a “wnos” folder) instead of the relative path (where it expects to find the general “wyse” configuration folder).

• If DHCP is not used and the configuration is done manually, the full path up to the wnos component must be inserted; there is no automatic /wyse insertion and no $ processing.

• For users familiar with Wyse 3 series thin clients, the Wyse 3 series equipment does processing on both DHCP and manual input, as well as $ processing (as $ is a legal meta-character in manually entered strings). Wyse ThinOS software does not recognize a $ terminator as a legal meta-character in a locally entered string.

INI Files.

Tip

Citrix does not supply an ICA client for the Wyse thin client platforms. Citrix ICA Auto-Update does not function for the ICA client installed on the thin client; the ICA client is fully contained in the thin client system and can only be updated by changing that entire system. The RDP client is also not replaceable.

Caution

Interrupting power during the update process can corrupt the FLASH on the thin client. Thin clients with corrupted FLASH must be shipped to Wyse for service.

Tip

Note the following thin client update processes: Model SX0: (Step 1) If called for, the thin client first searches in the wnos directory for RCA_wnos. If this file exists with a different internally encoded version number than the image currently in flash memory, and depending on the wnos.ini file AutoLoad parameter setting, the thin client will load this image into flash and reboot. (Step 2) The thin client will then (regardless of any circumstance in step 1) check for a file named express.rom and begin updates, if appropriate. If an update is done, the thin client will again reboot. Model VX0: (Step 1) If called for, the thin client first searches in the wnos directory for a file named VL10_wnos. If this file exists with a different internally encoded version number than the image curr ently in flash memory, and depending on the wnos.ini file AutoLoad parameter setting, the thin client will load this image into flash and reboot. (Step 2) The thin client will then (regardless of any circumstance in step 1) check for a file named express.rom and begin updates if appropriate. If an update is done, the thin client will again reboot.

Page 83

Remote System Administration 77

Managing Icons and Logos

Icons and logos specified in the INI files must be placed in the file server /wnos/bitmap subdirectory. Icons are specified in the Icon clause of the connection statement and logos are specified in the FormURL statement. Supported image file types include .ico (icon), .bmp (bitmap), .jpg (JPEG), and .gif(GIF). Color depth for logos can be up to 256 colors. Color depth for icons can be 16 colors. It is recommended that .jpg format not be used for desktop icons.

Use the following guidelines:

• Typical desktop icons are 64 x 48 pixels.

• Typical sign-on logos are 100 x 61 pixels, with transparent background.

• Maximum size for sign-on logos is 352 x 80 pixels (if smaller than this, it will be positioned in the upper-left corner).

Understanding and Using System Lockdown Operations

Lockdown status for a thin client is set or removed using the LockDown clause of the Privilege statement in the INI files. Lockdown establishes the default privilege level

following thin client boot and before any privilege statement is read from an INI file. Access to many facilities is affected by the privilege level.

• Non-Lockdown Operation - For normal operation, Low-privileged and Non- privileged users may access the Network Setup dialog box by temporarily disconnecting the Ethernet cable from the thin client and rebooting to Stand-alone user mode. The Network Setup dialog box can also be accessed after resetting the thin client to factory defaults (by a G-key reset to factory default or using the Reset the system setting to factory defaults check box in the Sign-off/Shutdown window of any user with sufficient privilege to the Sign-off/Shutdown window.

• Lockdown Operation - In most cases, access to the resources available when the system is not locked down is desirable; however, network environments requiring maximum security should not permit uncontrolled changes to thin client network access. Most facilities would include a Privilege with LockDown statement in the wnos.ini file and might override the privilege in a {username}.ini file without modifying the lockdown privilege. Thus, an administrator could log into any unit and have sufficient privilege to modify the configuration of that unit without altering the default privilege at the next reboot.

Caution

If the unit is configured for Dial-up access, ther e mu st be an RAS serv er answering the configured telephone number. Otherwise, the unit will require factory attention to recover it.

Page 84

78 Appendix B

Configuring Virtual Access Suite Support

This section explains how to support the Wyse ThinOS with Provision Networks Virtual Access Suite (VAS). To support Wyse ThinOS with VAS, you must do the following:

• Download Wyse ThinOS firmware version 5.3.0_14 or later and store it on all Connection Brokers under the WNOS directory (see Firmware (VAS Support)” ).

• Download hotfix 5 for VAS 5.8 (Release 8) from the Provision Networks Web site and install the hotfix on all Connection Brokers.

Installing the VAS Hotfix

Hotfix 5 for VAS 5.8 (Release 8) includes: PNCONSOLE.EXE (5.8.208.15), PNBRKSVC.EXE (5.8.200.64), and sample INI files. After you download and install the hotfix, set the DHCP server option tags 161 and 188 to the IP address(es) of the Connection Broker(s) using the following syntax (see "Configuring DHCP"):

• protocol: http or https. This parameter is optional. If omitted, http is automatically used.

• iplist: The list of IP addresses corresponding to the Connection Brokers. The specified IP addresses must be separated by commas or semicolons.

• port: The TCP port that the Connection Broker(s) is/are configured to listen on. This parameter is optional. If omitted, ports 80 (http) and 443 (https) are automatically used.

“Updating the Wyse ThinOS

Tip

Option tag 161 is used to specify the servers from which the Wyse ThinOS firmware updates can be downloaded to the thin client, while option tag 188 is used to specify VDI brokers. Because the VAS Connection Brokers are capable of fulfilling both functions, option tags 161 and 188 may be configured identically.

On each Connection Broker, the hotfix creates a directory named WYSE under the VAS installation directory, a directory named WNOS under the WYSE directory, and two directories named bitmap and ini under the WNOS directory., as follows:

• C:\Program Files\Provision Networks\WYSE

• C:\Program Files\Provision Networks\WYSE\WNOS

• C:\Program Files\Provision Networks\WYSE\WNOS\bitmap

• C:\Program Files\Provision Networks\WYSE\WNOS\ini

The bitmap directory is used to store optional bitmap files (such as a corporate logo to be displayed on the thin client desktop) referenced in a wnos.ini file.

The wnos.ini file in the WNOS directory contains various WYSE commands and parameters. It is sent from the Connection Broker to the thin client upon boot-up. For detailed information on wnos.ini files, refer to the Reference Guide: Wyse ThinOS

Files.

INI

Page 85

Remote System Administration 79

Enabling HTTP and HTTPS Support on the Connection Brokers (VAS Support)

The Connection Broker can be configured to accept http and https request s simultaneously. To support https requests, however, you must first obtain a Web server certificate for each Connection Broker.

Installing Connection Broker Web Server Certificates (VAS Support)

For https support, obtain a Web server certificate for each Connection Broker. You can obtain a certificate issued by an external certificate authority (such as Microsoft Certificate Server) or an external certificate authority (such as VeriSign or Entrust). After obtaining the certificates, use the following guidelines to install each certificate:

1. Display the left-hand pane in the Provision Management Console.

2. Expand the Connection Brokers node.

3. Right-click the node corresponding to the Connection Broker.

4. On the General tab, click Configuration, and then click Server Certificate.

5. Select the desired certificate from the list for installation.

Configuring the Connection Broker HTTP and HTTPS Ports (VAS Support)

To configure the Connection Broker http and https ports, use the following guidelines:

1. Display the left-hand pane In the Provision Management Console.

2. Expand the Servers node.

3. Right-click Connection Brokers and select Properties.

4. Select one or both protocol options (http and/or https).

5. Specify the corresponding TCP port numbers.

Warning

If IIS is installed on the same server, be sure to select non-conflicting TCP ports.

Configuring {username}.ini Files and RDP Connection Parameters (VAS Support)

After a user is successfully authenticated, the Connection Broker dynamically ge nerates a user-specific configuration file named {username}.ini and sends it to the thin client. This file is generated entirely in memory and contains a list of RDP connection parameters referencing the authorized published desktop of the user.

The dynamically generated {username}.ini file contains the following list of mandatory RDP connection parameters:

• Application: Name of published desktop

• Description: Description of published desktop

• Icon: The icon displayed on WYSE desktop

• Username: User account name

• Password: User password

• Domainname: Windows domain

Page 86

80 Appendix B

To specify additional RDP connection parameters to the dynamically generated {username}.ini file, you must configure a custom RDP. ini file under the WNOS directory (for a list of optional RDP connection parameters that can be used, refer to the Reference

Guide: Wyse ThinOS

Connection Broker automatically merges its contents into the dynamically generated {username}.ini after authenticating the user. The final {username}.ini file (containing the merged parameters) is then sent to the thin client for use.

Tip

Optionally, additional parameters can be automatically appended to the dynamically generated {username}.ini. To append additional parameters, manually create {username}.ini files under the ini directory. If a manually created {username}.ini file exists in the ini directory, the Connection Broker merges its contents into the dynamically generated {username}.ini after authenticating the user. The final {username}.ini file (containing the merged parameters) is then sent to the thin client for use.

Updating the Wyse ThinOS Firmware (VAS Support)

To update the thin clients to the latest Wyse ThinOS firmware, obtain the latest Wyse ThinOS firmware file (RCA_wnos) and store it in the WNOS directory. Upon rebooting the thin clients, the firmware will be automatically updated, if necessary.

INI Files). If an RDP. ini file exists under the WNOS directory, the

Option tag 161 must already be configured for the firmware update process to work (see "Configuring DHCP").

Page 87

C Local System Administration

This appendix provides local (at the thin client) system administration information to help you perform the routine tasks needed to maintain your Wyse ThinOS envir onment.

It includes:

• "Resetting to Factory Defaults Using G-Key Reset"

• "Resetting to Factory Defaults Using Shutdown Reset"

• "Resetting Display Settings Using V-Key Reset"

• "Accessing Thin Client BIOS Settings"

• "Enabling a Disabled Network Setup Dialog Box"

• "Configuring ThinPrint"

Resetting to Factory Defaults Using G-Key Reset

High-privileged or Stand-alone users can reset the thin client to factory default settings using the G-key reset feature.

To reset the thin client to factory default settings, restart the thin client and continuously tap the G key during the restart process. G-key reset impacts all configuration items, including, but not limited to, both network co nfig u ra tio n an d co nne c tio ns defi ne d in loca l NV-RAM.

Tip

G-key reset is disabled for Low-privileged and Non-privileged users in Lockdown mode.

Resetting to Factory Defaults Using Shutdown Reset

A High-privileged or Stand-alone user can reset the thin client to factory default settings from the Sign-off/Shutdown window as follows:

1. Select either Shutdown and Restart the system or Shutdown the system.

2. Select the Reset the system setting to factory defaults check box.

3. Click OK.

Shutdown reset impacts all configuration items, including, but not limited to, both network configuration and connections defined in local NV-RAM (Terminal name will not change).

Tip

Shutdown reset is disabled for Low-privileged and Non-privileged users, regardless of lockdown state.

Page 88

82 Appendix C

Resetting Display Settings Using V-Key Reset

If the display settings are inappropriate for the particular monitor that is connected, it is possible that the display will not function properly when the thin client restarts. To correct this, power-on the thin client while continuously ta pping th e V key. This will restart the thin client with a display resolution of 640 x 480 pixels and a 60 Hz refresh rate.

Accessing Thin Client BIOS Settings

While starting a Wyse thin client you will see a Wyse logo for a short period of time. During this start-up you can press Del to enter the BIOS of the thin client to make your modifications (enter Fireport as the password).

Enabling a Disabled Network Setup Dialog Box

Although there are privileges and user modes associated with user access to thin client resources, access to network setup (using the Network Setup dialog box) depends upon privilege level. A Stand-alone user either is by default a user with High privilege or has a thin client that is locked down. A Guest user has an implicit privilege of None and all access is governed by that privilege. A PNAgent/PNLite-only user has whatever privilege was set in the wnos.ini file at thin client boot, whatever privilege was locked down at the last access of a wnos.ini file, or High privilege (by default).

If the Privilege parameter is set to Low or None in the INI files, the thin client Network Setup dialog box will be disabled (th e user cannot access i t). In such a case, there may be occasion to access the Network Setup dialog box without wanting to change the INI files. For example, an occasion when you need to change to another FTP or Virtual Desktop file server or add to the PNAgent/PNLite servers list. To access the Network Setup dialog box in such a case, disconnect the network cable and reboot the thin client to Stand-alone user mode. The Network Setup dialog box displays after the thin client initializes and you can then make the required entries (be sure to reconnect the network cable and reboot when finished).

Caution

If a thin client accesses the enterprise intranet through Dial-up, PPPoE, or PPTP VPN and the thin client is locked-down, a Non-privileged or Low-privileged user attempting to reboot to Stand-alone User mode will disable the Network Setup dialog box and System Reset capabilities. The user will then be unable to re-access the enterprise intranet through this path. If this happens, the thin client must be moved to a location where it can access the enterprise intranet directly (Ethernet cable) and reboot so that you as an administrator can make any required changes to the thin client operating configurations (for example, set the INI files to unlock the thin client). If the thin client is configured for Dial-up access, there must be an RAS server answering the configured telephone number. Otherwise, the thin client will require factory attention to recover it.

Page 89

Local System Administration 83

Configuring ThinPrint

No ThinPrint-specific configuration is available on the thin clients. Thus to be able to use ThinPrint, users must first set up their printers according to the user documentation, and then configure ThinPrint on the thin client (by clicking on the desktop background, selecting System Setup from the menu to open the Network Setup dialog box, and then clicking Printer to open and use the printer configurations).

Use the following guidelines:

•Use the Printer Identification field to enter a printer class (you can change the printer name as needed).

• Printer IDs are assigned (depending on the physical port) as follows:

•COM1 = 1

•COM2 = 2

• LPT1 = 3 (USB printers are detected automatically on LPT1)

•LPT2 = 4

• LPD0 = 5 (The LPD Queue name is transmitted as the printer name; the Printer

Identification as class)

• LPD1 = 6 (The LPD Queue name is transmitted as the printer name; the Printer

Identification as class)

• LPD2 = 7 (The LPD Queue name is transmitted as the printer name; the Printer

Identification as class)

• LPD3 = 8 (The LPD Queue name is transmitted as the printer name; the Printer

Identification as class)

• SMB1 = 9 (In the form \\host\printershare)

•SMB2 = 10

•SMB3 = 11

•SMB4 = 12

To install the relevant ThinPrint product on the server use the following guidelines:

• Printer Object(s) Created Manually by the Administrator - After you install .print Engine, create a printer object on the server to use the native driver and ThinPort as a printer port. You can use any protocol (TCP, RDP, or ICA) because Wyse ThinOS has .print clients for all of the protocols. The printer object needs to observe ThinPrint naming conventions (for examp l e, HPLJ5#_:2, in which case print jobs will be sent to the local printer that has ID number .2) by referring to .print client port ID. If no ID number is present, the .print client sends the print job to the printer set as current.

• Printer Object(s) Created Automatically by ThinPrint AutoConnect - When using ThinPrint AutoConnect, the thin client identifies with the thin client ID number 84 (and thus is recognized as a thin client without a local spooler). You can also set up a template on the server that uses a native driver (for example, HPLJ5) and ThinPort, and then name this template as you want in the form _#AnyName. You can then make sure that the rules (on ThinPrint Autoconnect [1]) have been set to assign the desired local printers to use this server template. The assigned printer will then be shown in the user session using the HPLJ5 driver and ThinPort; it will be named automatically according to ThinPrint naming convention with the printer name from the client side included. Alternatively, you can also define a template name according to the client printer name (replace .AnyName. with printer name 4. and 5. above [for example, _#HP Laserjet 5]) so that the local printer object .HP Laserjet 5. will be mapped to this template without any rules defined on the ThinPrint Autoconnect.

Page 90

84 Appendix C

This page intentionally blank.

Page 91

Tables

1 Shutdown dialog box options 7 2 Toolbar icons 13 3 Connection Options 14 4 Supported Keyboard Languages 40 5 DHCP Options 64

Page 92

Administrators Guide

Wyse ThinOSTM Issue: 092910

Written and published by: Wyse Technology Inc., September 2010

Created using FrameMaker® and Acrobat