manualshive.com logo in svg

Amulet Hotkey DXZC-AM, User Manual, Page: 13 / 25

Share
Download
Amulet Hotkey DXZC-AM User Manual Download Page 13

www.amulethotkey.com |

13

3. Deployment security

This section describes how to harden security for your DXZC-AM
zero clients and how to configure event logging. It also covers
secure disposal of DXZC-AM devices.

3.1 Physical inspection of the DXZC-AM enclosure

We recommend that you store and use the zero clients in an
appropriately secure environment to reduce the potential for
the device to be physically compromised.

DXZC-AM and DXZC-AMC zero clients are fitted with anti-tamper
seals on the underside of the enclosure. Inspect these seals
when you receive the zero client and thereafter at regular
intervals after deploying the zero client.

If you find any signs of interference or physical damage, you
must immediately report this to the site security administrator
and stop using the zero client. Quarantine the zero client until
the reason for interference or damage is fully understood and
appropriate precautions have been taken.

3.2 Controlling the use of USB devices

Note:

You must make these configuration changes using

the Administrative Web Interface (AWI), which we
recommend that you disable before deploying zero clients
to end-users (see

section 2.9.4

). Therefore, you must make

the configuration changes described below on each zero
client unit before you deploy it to end-users.

The DXZC-AM zero client supports access control of peripheral
USB and audio devices. We advise that you limit the USB devices
accepted by the zero client to only include those devices that
are critical for zero client usage.

To specify or deny permissions for attached USB devices:

1 Launch the AWI for the zero client that you want to

configure.

2 From the  home screen, choose

Permissions > USB

.

3 Specify lists of authorized and unauthorized USB devices.

You can identify devices by ID (vendor or device) or by class
(for example, ‘Mass Storage’ or ‘Wireless’).

First, add a ‘white list’ of any authorized USB devices. Then
add a ’black list’ of unauthorized USB devices.

In both cases, you can use wildcards (* and ?) to define
general device types that you want to allow or block.

Note:

A list of hexadecimal vendor IDs and USB device

IDs is available at:

www.linux-usb.org/usb.ids

We also recommended that you disable the zero client audio
inputs and outputs if they are not critical to the deployment
operation. To disable audio:

1 Launch the AWI for the zero client that you want to

configure.

2 From the  home screen, choose

Permissions > Audio

.

3 Clear the

Enable HD Audio

check box.

3

Anti-tamper seals on underside of the DXZC-AMC enclosure.

Summary of Contents for DXZC-AM

Page 1: ...Revision 2 4 June 2016 HB DXZC 0003 DXZC MANUAL SECURITY EDITION DXZC AM DXZC AMC PCoIP Zero Clients...

Page 2: ...e SFP module emits invisible radiation which can cause harm if installed or serviced incorrectly Follow the guidelines below Warning Class 1 laser product Warning Invisible laser radiation can be emit...

Page 3: ...lar installation If this device does cause harmful interference to radio or television reception which can be determined by turning the device off and on the user is encouraged to try to correct the i...

Page 4: ...re 13 3 2 Controlling the use of USB devices 13 3 3 Event logs 14 3 4 Secure disposal of DXZC AM and DXZC AMC devices 14 4 DXZC AM DXZC AMC zero client features 15 4 1 Front panel 15 4 2 Rear panel 16...

Page 5: ...aintenance increased security and cost savings See section 1 3 for details 3 1 4 LAN WAN Copper Fibre 2 1 Example PCoIP system with DXZC AM zero client 1 DXZC AM zero client dual video head 2 Monitors...

Page 6: ...ore general information about PCoIP zero clients visit www teradici com Note Other remote computing protocols use client rendering To render an image on the client each command from the host and each...

Page 7: ...tal video audio and USB data generated by the PC and compresses and encrypts this data It then transmits this data in real time over an IP network to the user s PCoIP zero client Amulet Hotkey PCoIP h...

Page 8: ...we strongly recommend that you implement a robust and secure password policy Where possible use a machine generated password of eight or more characters We also recommend that you provide your DXZC A...

Page 9: ...only With no USB or audio data PCoIP uses approximately 32Kbit s per pair of monitors General office use that is writing documents consumes between 300 500Kbit s PCoIP only sends display changes so a...

Page 10: ...ministrator Guide available to download from the Teradici website 2 9 1 PCoIP Management Console The PCoIP Management Console has a web interface that allows you to manage multiple devices PCoIP zero...

Page 11: ...owing check boxes Disable Administrative Web Interface Disable Management Console Interface If you keep the AWI and CMI enabled so that zero client administration is not restricted to the local On Scr...

Page 12: ...DXZC AMC Manual Security Edition www amulethotkey com 12 Without these spacers airflow is restricted and can cause higher than usual temperatures in some units Important Do not stack units without us...

Page 13: ...ction 2 9 4 Therefore you must make the configuration changes described below on each zero client unit before you deploy it to end users The DXZC AM zero client supports access control of peripheral U...

Page 14: ...your zero clients You can also enable enhanced logging for a single category of log entries such as USB entries or Smartcard entries 3 From the home screen choose Configuration Time Configure the Net...

Page 15: ...00 Level 1 and is compatible with 5V 3V and 1 8V smart cards For an overview of smart card authentication see section 6 4 4 DXZC AM front panel 7 1 2 3 4 5 6 DXZC AMC front panel 7 1 2 3 4 5 6 8 4 1 F...

Page 16: ...1 DisplayPort connector Video output 2 DisplayPort connector By default the On Screen Display OSD displays on the monitor connected to video output 1 Alternatively you can specify video output 2 as th...

Page 17: ...tively you can connect USB audio devices to any USB socket on the front or rear panel 5 2 Connect to a PCoIP host The DXZC AM connects to a remote PCoIP host via the network port DXZC AM zero clients...

Page 18: ...mainly used for testing and evaluation purposes Note See section 5 4 for more information about using the SLP Discovery connection method Using a connection broker A third party connection broker is...

Page 19: ...their monitors There is a pause while the zero client acquires the host IP address the PCoIP On Screen Display OSD briefly shows a connection progress screen see below on the monitor attached to vide...

Page 20: ...support pre session smart card authentication 15134 299 Teradici Knowledge Base articles are available to registered users at techsupport teradici com In session authentication The smart card is used...

Page 21: ...ble solution is to implement fix 1 7 This section describes how to resolve a display problem that can affect PCoIP systems that use TERA2 hosts and zero clients Note For other known TERA2 display issu...

Page 22: ...sking environment the most reliable solution is to implement fix 1 We do not recommend fix 2 if the physical monitor arrangements are likely to differ for each zero client Repeat these steps on each z...

Page 23: ...gy to the Windows operating system 1 On the host PC right click the PCoIP icon in the notification area of the Windows taskbar Then click Open Properties 5 Disconnect then reconnect the PCoIP session...

Page 24: ...e on request USB connections DXZC AM 4 x USB 2 0 Type A including keyboard and mouse ports DXZC AMC 3 x USB 2 0 Type A including keyboard and mouse ports Note USB 2 0 devices are supported but not in...

Page 25: ...er DXZC AMC Standards ISO 7816 EMV 2000 Level 1 GSA FIPS 201 approved product list Protocols T 0 T 1 2 wire SLE 4432 42 S 10 3 wire SLE 4418 28 S 9 I2C S 8 Supported card types 5V 3V and 1 8V smart ca...

Reviews:

No comments