Reference Guide
Parameter Description
Service=vncd disable={no, yes}
[servers=server_list]
[HttpPort=_http_port_]
[TcpPort=_tcp_port_]
Service=vncd disable—Yes/no option to disable the vncd service, same as
MaxVncd={0, 1}.
Default is no.
servers—Use the servers option to limit the valid vncd client site to the IP
addresses in the server_list parameter, which contains IPv4 IP or IP range
addresses, such as 192.168.1.0/24; 192.168.2.48.
If this option is not set, all IP addresses are displayed as valid.
The service vncd supports both http and tcp connections. The option HttpPort
enables you to set the http port for vncd service. The default port is 5800.
The option TcpPort enables you to set the tcp port for vncd service. The default
port is 5900.
Service=<port number> disable={no, yes}
Default is no.
Yes/no option to disable the service with this port number.
SecurityPolicy={full, warning, low}
[SecuredNetworkProtocol={yes, no}]
[DNSFileServerDiscover={yes, no}]
[TLSCheckCN=[yes, no]]
[TLSDisableCipher={ cipher_name_list }]
Specifies the global security mode for SSL connection. If application SecurityMode
is default, application applies the setting.
If set to full, the SSL connection needs to verify server certificate. If it is untrusted,
connection is dropped.If set to warning, the SSL connection needs to verify server
certificate. If it is untrusted, it is up to you to continue or drop the connection. If set
to low, the server certificate is not checked.
The value is persistent, and the default value is warning. For those SSL
connections with their own security policy, this does not impact. For example, File
server, VMware View and AWS broker follows the global SecurityPolicy. Citrix
broker, RDS broker and SECUREMATRIX are forced to high security mode.
If the optional SecuredNetworkProtocol is set to yes, the unsecure protocols
including ftp, http and tftp are disabled. The value is persistent, and the default
value is no.
In classic mode, if the global INI file in remote file server and local cache cannot be
loaded, a DNS name wyseftpfbc4tc is resolved to discover the file server. If the
optional DNSFileServerDiscover is set to no, the function is disabled. The value is
persistent, and the default value is yes.
TLSCheckCN—This option enables you to check the server certificate common
name for SSL connection in full security mode.
This option does not impact SSL connections of VMware View, Amazon
WorkSpaces and VPN. These connections continually check server certificate
common name. The default value is changed to Yes from build version 8.5_106.
NOTE:
Use NetBIOS or FQDN values to define a SSL—Https—
connection when enabling TLSCheckCN option, as enabling
TLSCheckCN results in SSL connection failure when an IP address is
defined.
TLSDisableCipher—This parameter confines the TLS client to stop using the
listed cipher suites.
In this release, DES and 3DES can be disabled. For example, to disable both DES and
3DES, use TLSDisableCipher=DES;3DES.
SetNetiDLicense=(yes, no)
[Name=License name]
[Company=License company]
[Value=License value]
[trace=NetiD driver log path and name]
The SetNetiDLicense parameter enables or disables the usage of SecMaker NetiD
smart card pkcs11 drivers.
The parameters Name, Company, and Value specify the license name, license
company, and the license value respectively.
The trace parameter enables you to set the driver log path and file name. For
example, trace=/tmp/secmaker.log.
36 Parameters for wnos INI files only