Amulet Hotkey DXZ4-A Скачать руководство пользователя

Страница: 31 / 44

www.amulethotkey.com | Page 31

ecurity

6. Deployment security

This section describes how to improve security for your DXZ4-A

and DXZ4-AM zero clients.

Important!

Some of the security measures described below

recommend disabling the Administrative Web Interface

(AWI). However, do not disable the AWI on your zero clients

until after you have made all the security-based configuration

changes in this chapter.

The National Cyber Security Centre (NCSC) document,

“Security.

Procedures:.Amulet.Hotkey.Zero.Client.DXZ4,.DXZ2.and.DXZC”

(available at

https://www.ncsc.gov.uk/products/amulet-hotkey-

zero-client-dxz4-dxz2-and-dxzc

) describes in detail the secure

usage procedures for compliance with the NCSC rating.
See this document for a full description of the security

considerations for your network, some of which are presented in

this chapter.

This chapter tells you how to:

•

Check the anti-tamper seals

;

•

Restrict access to the management tools

;

•

Set up the control of allowed USB devices

;

•

Disable the audio (optional)

;

•

Use event logs

;

•

Dispose of zero clients securely

6.1

Check the anti-tamper seals

We recommend that you store and use DXZ4 security edition

zero clients in an appropriately secure environment to reduce

the potential for the device to be physically compromised.
DXZ4 security edition zero clients are fitted with anti-tamper

seals on the underside of the enclosure, see

Figure 24

. Inspect

these seals when you receive the zero client and thereafter at

regular intervals after deploying the zero client.
If you find any signs of interference or physical damage, you

must immediately report this to the site security administrator

and stop using the zero client.

Quarantine the zero client until the reason for interference or

damage is fully understood and appropriate precautions have

been taken.

Anti-tamper labels

Figure 24:

Location.of.the.anti-tamper.seals

6.2 Restrict access to the management tools

For additional security, we recommend that you disable the AWI

and PCoIP Management Console interface on your zero clients

before you deploy the zero clients to end-users.

With these interfaces disabled, you can only configure a zero

client through its local On Screen Display (OSD). This security

measure prevents malicious third parties from configuring your

zero clients remotely.

6.2.1

Disable the AWI and PCoIP Management Console

Important!

Remember to complete the configuration

procedures in this chapter before disabling the AWI.

To disable the AWI and Management Console interface and

restrict configuration changes to the zero client’s OSD:

From the

OSD Options

menu, choose

Configuration >

Access

Select both of the following check boxes:

•

Disable Administrative Web Interface;

• Disable Management Console Interface.

Содержание DXZ4-A

Страница 1: ... DXZ4 security edition zero client User manual DXZ4 A and DXZ4 AM HB DXZ4 A001 Revision 1 2 July 2018 ...

Страница 2: ...ts reserved The information contained in this document represents the current view of Amulet Hotkey as of the date of publication Because Amulet Hotkey must respond to changing market conditions it should not be interpreted to be a commitment on the part of Amulet Hotkey and Amulet Hotkey cannot guarantee the accuracy of any information presented after the date of publication Sections of this docu...

Страница 3: ...ion This device has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause har...

Страница 4: ... 3 On Screen Display OSD 12 1 13 Cooling considerations 12 1 13 1 Recommended enclosure size 13 1 13 2 Use a spacer to stack units 13 2 Your zero client 15 2 1 Front panel features 15 2 2 Rear panel features 16 2 3 Front panel status LEDs 17 2 3 1 Key 17 2 3 2 SWITCHES active status LED 17 2 3 3 PCoIP status LED 17 2 3 4 Power switch status LED 17 2 4 Rear panel status LEDs 17 2 4 1 Network LINK a...

Страница 5: ...Check the anti tamper seals 31 6 2 Restrict access to the management tools 31 6 2 1 Disable the AWI and PCoIP Management Console 31 6 3 Set up the control of allowed USB devices 32 6 3 1 Specify permissions for attached USB devices 32 6 4 Disable the audio optional 32 6 5 Use event logs 32 6 5 1 Enable event logs 32 6 5 2 Check the event logs from the OSD 32 6 6 Dispose of zero clients securely 32...

Страница 6: ... Technology 43 9 3 3 Environment 44 9 3 4 PCoIP ports 44 7 Update the BSM firmware on an individual zero client 33 7 1 Update the BSM firmware for Teradici firmware version 5 2 0 and later 33 7 1 1 Find the current version of the BSM firmware optional 33 7 1 2 Get the BSM firmware update file 33 7 1 3 Transfer the firmware package to the target BSM 34 7 1 4 Confirm that the firmware has updated 34...

Страница 7: ...Zero Client Control Panel 18 Figure 12 Front panel connections 19 Figure 13 Rear panel connections 20 Figure 14 Power on the unit 20 Figure 15 The zero client OSD discovers and lists the first 10 available PCoIP hosts discovered 21 Figure 16 Typical PCoIP set up 23 Figure 17 Session selection drop down list 27 Figure 18 Direct to Host connection type 27 Figure 19 The zero client OSD discovers and ...

Страница 8: ...0 TFTP utility client settings 37 Table 11 Video technology and network specifications 43 Table 12 Environmental specifications 44 Table 13 About PCoIP ports 44 Figure 25 BSM network enable option selected 34 Figure 26 TFTP utility client settings window 34 Figure 27 Enable Wake on USB option selected 36 Figure 28 Finding the IP address using the DHCP console 36 Figure 29 TFTP utility client setti...

Страница 9: ...with the product 1 4 SFP modules Amulet Hotkey can provide a range of suitable SFP modules including 1Gbps and 100Mbps fiber SFP modules for single or multi mode fiber and copper SFP modules with RJ45 connectors See the Amulet Hotkey SFP Modules Datasheet for details of currently available modules Be aware that SFP modules have differing specifications and the distances over which they can drive a...

Страница 10: ...lock icon in the address bar of your browser After you download the file 1 Confirm the file has not been modified by comparing its SHA 256 hash with the SHA 256 hash value listed next to the download link on the Amulet Hotkey website Note Use the hash calculator of your choice to independently calculate the SHA 256 hash for the downloaded file 1 7 IP and MAC addresses Before you set up a zero clie...

Страница 11: ...r by group For example you can create device groups based on location or department In particular you can assign configuration profiles to PCoIP devices and update device firmware for the Teradici processor 1 10 Dual redundant network connections Important Both main and auxiliary network ports see Figure 13 Rear panel connections on page 20 are connected to an internal unmanaged network switch The...

Страница 12: ...ectly installed and properly ventilated Note DXZ4 A and DXZ4 AM zero clients are passively cooled It is a feature of these products that they run hot Certain components inside the zero client use the metal case as a heat sink so the unit often feels warm or possibly hot to the touch This is normal In particular always allow sufficient space around the zero client enclosure for cool air to enter th...

Страница 13: ...om temperature is 25 C and the enclosure is fully open front and back for cable and switch access 1 13 2 Use a spacer to stack units If you need to stack zero clients on top of each other we recommend that you separate the stacked units with spacers where S 25mm Figure 5 Use of spacers with two zero client Without these spacers airflow is restricted and can cause higher than usual temperatures in ...

Страница 14: ...DXZ4 security edition zero client Page 14 ...

Страница 15: ...IP LED Shows the PCoIP network status See 2 3 3 for details 5 Function Switch Use in combination with other switches to set other operational modes See 2 5 for details 6 POWER switch Turns the unit on and off and also gives indications of the network state See 2 3 4 for details 7 Menu switch Displays the On Screen Display OSD First press displays the menu further presses cycle through available me...

Страница 16: ... LEDs 3 Video outputs 1 to 4 DisplayPort connectors By default the On Screen Display OSD displays on the monitor connected to video output 1 You can specify a different video output as the OSD default by changing the configuration in the Display Topology screen 4 Rear panel USB ports Use these two ports to connect any USB devices including keyboard and mouse 5 Audio socket Stereo line out or speak...

Страница 17: ...module is not recognized or no SFP module inserted Table 5 Power switch status LED activity 2 4 Rear panel status LEDs 2 4 1 Network LINK and SPEED status LEDs The zero client has two network LEDs LINK and SPEED see Figure 10 on the rear panel that operate as follows Figure 10 Network LEDs on the rear panel 2 3 Front panel status LEDs There are two status LEDs on the front panel the SWITCHES activ...

Страница 18: ...asive Computing Platform Presing the menu button again will allow you to reconnect 1 LINK status LED Status Meaning Off No network connection Green Network connection no traffic Green blink Network connection full duplex traffic detected Amber Host is in sleep mode Red Fault with Teradici PCoIP Table 6 LINK status LED indication 2 SPEED status LED Status Meaning Off No network connection Amber 100...

Страница 19: ... ports or to the USB ports at the rear See Figure 12 You can use any USB sockets on the front or rear panel for the keyboard and mouse 2 Connect audio devices if used See Figure 12 Use the front panel audio and mic sockets to connect either a a compatible headset with two jacks or b headphones and a separate microphone You may connect speakers to the rear panel audio output socket See Figure 13 Yo...

Страница 20: ...4 A and DXZ4 AM support up to four monitors 3 Optional Install the SFP modules if required 4 Connect the network cables to the network ports RJ45 or SFP See Figure 13 5 Connect the PSU See Figure 13 Important Use only the PSU supplied with the zero client USB Ports Video Port 1 Power Supply Unit LAN WAN connection PSU Network Ports SFP model 1 2 3 4 5 3 3 STEP 3 Power on the unit 1 Press the POWER...

Страница 21: ...scovery Important This is one method you can use to quickly connect your zero client to a host For a detailed description of all connection methods see 5 Set up a PCoIP session If the zero clients and PCoIP hosts reside on the same subnet you can use the Direct to Host SLP session connection type to discover available PCoIP hosts on the subnet You must know the IP address or MAC address of the PCo...

Страница 22: ...DXZ4 security edition zero client Page 22 ...

Страница 23: ...ance This may be in a geographically remote location if necessary There are three essential features of PCoIP Host rendering Multi codec display processing Dynamically adapts to network conditions 4 1 1 Host rendering PCoIP renders display images on the host PC or virtual machine Host rendering preserves the PC environment so applications perform as they should After an image is rendered on the ho...

Страница 24: ...splay includes different types of image elements text graphics icons video Using the same codec to encode all these elements would use excessive network bandwidth Instead PCoIP continuously analyses and decomposes image elements using the right codec for each pixel PCoIP s intelligent image decomposition and encoding results in efficient transmission and decoding This saves bandwidth while deliver...

Страница 25: ...kes digital video audio and USB data generated by the PC and compresses and encrypts this data It then transmits this data in real time over an IP network to the user s PCoIP zero client 4 4 2 Host types Amulet Hotkey PCoIP hosts are available in various form factors Some install inside a PC while others are located near to a PC and connect to video USB and audio ports using standard cables Amulet...

Страница 26: ...DXZ4 security edition zero client Page 26 ...

Страница 27: ...ahkdante Figure 17 Session selection drop down list The following connection methods are available Auto Detect Connect directly to a specified host Connect to a choice of hosts using SLP Discovery PCoIP Connection Manager PCoIP Connection Manager Auto Logon Connect using VMware View Connect using a connection broker Note For full details about each connection method refer to the Session Connection...

Страница 28: ...he same subnet you can use the Direct to Host SLP session connection type to discover available PCoIP hosts on the subnet You must know the IP address or MAC address of the PCoIP host that you want to connect to Important Use this connection method mainly for testing and evaluation purposes 1 Select the Direct to Host SLP Host Discovery session connection type from the drop down list Figure 19 The...

Страница 29: ... host or virtual desktop when the end user logs on With this setup there is minimal impact on the end user Once set up at the end of the day the user 1 Logs out of Windows 2 Powers off their monitors 3 Presses the power switch on the zero client to put it in standby In the morning the user 1 Presses the power switch on the zero client to bring it out of standby 2 Turns on their monitors There is a...

Страница 30: ...DXZ4 security edition zero client Page 30 ...

Страница 31: ...Z4 security edition zero clients are fitted with anti tamper seals on the underside of the enclosure see Figure 24 Inspect these seals when you receive the zero client and thereafter at regular intervals after deploying the zero client If you find any signs of interference or physical damage you must immediately report this to the site security administrator and stop using the zero client Quaranti...

Страница 32: ...ure 2 From the home screen choose Permissions Audio 3 Clear the Enable HD Audio check box 6 5 Use event logs Important Make configuration changes using the AWI on each zero client and then disable the AWI before you deploy the unit to end users see 6 2 The DXZ4 A and DXZ4 AM zero clients record a log of device activity and performance The zero client supports Syslog and Network Time Protocol NTP t...

Страница 33: ...re before performing an update do the steps that follow 1 Make sure that the zero client is powered on 2 Browse to the IP address of the zero client and log on to the Administrative Web Interface AWI 3 Select Network from the Configuration tab 4 Find the current version of the BSM firmware This displays next to BSM Firmware Version 7 1 2 Get the BSM firmware update file 1 Download the BSM firmware...

Страница 34: ...alue Host Enter the BSM IP address Port Set to port 69 Note that port 69 on the BSM is used to initiate the transfer The actual port used during the transfer is randomly assigned Local File Browse to the bsm file containing the firmware update You can retrieve this file from anywhere accessible on your network Remote File Leave this setting blank Block Size Set to 512 bytes Table 8 TFTP utility cl...

Страница 35: ... Amulet Hotkey website lists the SHA 256 hash values for the firmware file After downloading the file use your preferred checksum tool to re generate and verify the hash values and confirm there were no errors during the download 7 2 2 Find the current version of the BSM firmware optional If you want to know the current version of the BSM firmware before performing an update do the steps that foll...

Страница 36: ...00 17 FD 50 12 34 00 17 FD B0 12 34 Table 9 MAC address conversions Tip All Amulet Hotkey products have a MAC address starting with 00 17 FD xx xx xx The fourth octet in the MAC address identifies the product type In the examples above 50 identifies the product as a standard DXZ4 A unit while 51 identifies a modular DXZ4 AM unit You can now use the BSM s MAC address to look up its IP address 7 2 4...

Страница 37: ...rface imme diately The BSM firmware update is now complete 7 2 8 Upgrading multiple units If you are upgrading the firmware on multiple units you can automate this process Example You can use a script to discover Amulet Hotkey BSMs on your network querying the Address Resolution Protocol ARP cache for known MAC address patterns Amulet Hotkey Technical Support can offer guidance on this The ARP cac...

Страница 38: ...DXZ4 security edition zero client Page 38 ...

Страница 39: ...nts In particular the package includes the PCoIP Host Software Settings dialog The Use client topology settings check box is selected in the PCoIP Host Software Settings dialog This check box determines whether or not the zero client display topology gets reported to the Windows operating system An incorrect display topology is specified and enabled on the zero client The On Screen Display OSD for...

Страница 40: ...the zero client OSD Repeat these steps on each zero client used by the user 1 Launch the zero client On Screen Display OSD 2 From the Options menu choose User Settings Display Topology 3 In the Display Topology tab configure the monitor topology used by the zero client a Select the Enable Configuration check box b Specify the display layout such as monitors arranged in a horizontal row the positio...

Страница 41: ... port recognizes the hub as a non HID device and blocks the attempted connection before the actual HID device can be detected Note The USB Permissions feature is available for PCoIP host and zero client devices It allows administrators to define lists of authorized and unauthorized USB devices This feature is configured in the PCoIP Management Console or the AWI For more details see the Teradici P...

Страница 42: ... or UEFI would need to use OHCI to service these devices which could cause problems For example many BIOS and UEFI interfaces do not support OHCI so an administrator might be unable to press F12 or equivalent keys to enter BIOS Setup during a PCoIP session Note EHCI Enhanced Host Controller Interface was created to support only high speed data rates for USB 2 0 OHCI Open Host Controller Interface ...

Страница 43: ... Stereo headset headphones stereo line out stereo mic All 3 5mm jacks USB connections 4 x USB SDP 2 0 Type A up to 0 5A charging current including keyboard and mouse ports Network connections DXZ4 A Dual redundant RJ45 network ports 10 100 1000BaseT DXZ4 AM Dual redundant SFP modules Fiber or copper up to 1 Gbps Note Available modules are listed in the SFP Modules Datasheet VDI Compatible with VMw...

Страница 44: ...5 F Humidity 10 to 90 non condensing Compliance All models conform to the relevant parts of EN55024 EN55032 CE and FCC Part 15 Table 12 Environmental specifications 9 3 4 PCoIP ports About PCoIP ports PCoIP uses an IPSec datastream ESP with a TCP control channel This channel uses port 4172 Depending on the type of deployment other ports may be required including TCP port 50000 for a connection bro...

Результаты поиска

Содержание DXZ4-A

Отзывы:

Похожие инструкции для DXZ4-A

Бренды по названию

Популярные бренды

Amulet Hotkey DXZ4-A, Руководство пользователя

Результаты поиска

Содержание DXZ4-A

Отзывы:

Похожие инструкции для DXZ4-A

Бренды по названию

Популярные бренды