Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 5010 Thin Clients / D10D/D10DP/D90D7

161

162

163

164

165

166

167

168

169

170

• For SecurityPolicy=Fullor warning, add certicates from the respective File, View, AWS, WDM, Wyse Management Suite,

OneSign, and/or Caradigm servers to the ThinOS client before updating the rmware.

• The default protocol of le server is still FTP and ftp prex is added automatically if the protocol is not provided.

• Earlier when the connection to https le server fails in full security mode, a dialog box is displayed which prompts you to click OK. From

ThinOS 8.5 HF2 release, the feature is updated to display a tooltip at the bottom-right of the screen.

• Improved user-friendly messages are displayed for errors and warnings.

NOTE:

If the WDM server is set as https, the server address does not convert to http.

Firmware signature

Firmware signature feature was introduced in ThinOS 8.3.1 for better rmware security. From ThinOS 8.4 release, rmware signature

verication is added to enhance rmware security.

Salient features

• By default, signature verication is required on rmware downgrade/upgrade process.

• Provision to downgrade from 8.4 rmware to 8.3 rmware without signature. For example, earlier to ThinOS 8.3.1 release, the rmware

downgrade is prohibited by default.

• New INI parameter verifysignature=no is introduced to enable user downgrade rmware. For example: autoload=101

verifysignature=no. For more information about using INI parameters, refer to the latest Dell Wyse ThinOS INI Reference guide.

The following scenarios are allowed without need of using INI parameters:

– Upgrade from 8.3.x rmware to 8.4 rmware.

– Upgrade or Downgrade between 8.3.x and/or earlier rmware.

– Upgrade or Downgrade between 8.4 and later rmware.

Transport Layer Security

Transport Layer Security (TLS) is a protocol that provides communication security between the client and server applications.

Upgrade to Transport Layer Security (TLS)— In the ThinOS 8.2 release, the TLS is upgraded from version 1.0 to version 1.2. By default,

the ThinOS client uses TLS 1.2 to secure any communication protocols, connections, or applications upon SSL/ TLS in general and falls

back to the previous SSL/ TLS version when negotiating with the server.

Smart cards and smart card readers

A smart card is a security token that has embedded integrated circuits. Smart cards allow you to store and transact data.

A smart card reader is an input device that reads data from a smart card.

• Gemalto smart card IDPrime MD840—Gemalto smart card IDPrime MD830 and MD840 are supported. IDGo 800 version 1.2.1 - 01 for

the Windows middleware is required for supporting Gemalto smart card IDPrime MD840.

The Secure Messaging feature is supported to enable the usage of latest MD830 Rev B cards.

Known issue for Prime MD 840 smart card: If rst container is used, then Xen broker logon fails.

• OMNIKEY smart card readers—The following OMNIKEY smart card readers are supported:

– Omnikey 5427 CK (0x5427, 0x076b) reader supports iclass15693, 14443a, 125k card

– Omnikey 5326 DFR(0x5326, 0x076b) reader supports iclass15693 card

– Omnikey 5025 CL (0x502a, 0x076b) reader supports 125k card

– Ominkey 5325 CL, 5125 (0x5125, 0x076b) reader supports 125k card

– Omnikey 5321 V2 CLi (0x532a, 0x076b) reader supports 13.56 MHz card

– Omnikey 5021 CL (0x5340, 0x076b) reader supports 13.56 MHZ card

– Omnikey 5321 V2 Cl Sam (0x5341, 0x076b) reader supports 13.56 MHz card

Security

165