Windows Embedded Standard 7
IGEL Technology GmbH
Windows Embedded Standard 7
01.08.2016
Wichtige Informationen
Please note some important information before reading this documentation.
Copyright
This publication is protected under international copyright laws. All rights reserved. With the exception of
documentation kept by the purchaser for backup purposes, no part of this manual – including the products
and software described in it – may be reproduced, manipulated, transmitted, transcribed, copied, stored in
a data retrieval system or translated in any form or by any means without the express written permission of
IGEL Technology GmbH.
Copyright © 2016 IGEL Technology GmbH. All rights reserved.
Trademarks
IGEL is a registered trademark of IGEL Technology GmbH.
Any other names or products mentioned in this manual may be registered trademarks of the associated
companies or protected by copyright through these companies. They are mentioned solely for explanatory
or identification purposes, and to the advantage of the owner.
Disclaimer
The specifications and information contained in this manual are intended for information use only, are
subject to change at any time without notice and should not be construed as constituting a commitment or
obligation on the part of IGEL Technology GmbH. IGEL Technology GmbH assumes no responsibility or
liability for any errors or inaccuracies that may appear in this manual, including any pertaining to the
products and software described in it. IGEL Technology GmbH makes no representations or warranties
with respect to the contents thereof and specifically disclaims any implied warranties of merchantability or
fitness for any particular purpose.
IGEL Support and Knowledge Base
If you have any questions regarding an IGEL product and are already an IGEL customer, please contact your
dedicated sales partner first. Er beantwortet gerne Ihre Fragen rund um alle IGEL-Produkte.
If you are currently testing IGEL products or your sales partner is unable to provide the help you need,
please fill in the support form after logging on at the members-area
(https://www.igel.com/en/members-area/login-logout.html).
We will then contact you as soon as possible. It will make things easier for our support staff if you provide
us with all the information that is available. Please see also our notes regarding support and service
information. Pealse visit our IGEL Knowledge Base http://edocs.igel.com/ to find additional Best Practice
and How To documentation as well as FAQ.
2
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Inhaltsverzeichnis
1.
2.
3.
4.
5.
IGEL Universal Desktop Firmware ......................................................................................................................7
Quick installation ...............................................................................................................................................8
Boot options ......................................................................................................................................................9
IGEL device information .....................................................................................................................................9
IGEL setup .......................................................................................................................................................11
5.1.
5.2.
6.
Setup Areas ..................................................................................................................................12
Searching setup pages .................................................................................................................12
Sessions..........................................................................................................................................................13
6.1.
Citrix .............................................................................................................................................13
6.1.1. ICA Global ........................................................................................................................14
6.1.2. ICA Sessions .....................................................................................................................17
6.1.3. Self-Service Plugin............................................................................................................21
6.2.
Remote Desktop Protocol - RDP ..................................................................................................23
6.2.1. RDP (Global Settings) .......................................................................................................23
6.2.2. RDP Sessions ....................................................................................................................27
6.3.
VMware Horizon Client ................................................................................................................31
6.3.1. Horizon Client Global .......................................................................................................32
6.3.2. Horizon Client Sessions ....................................................................................................32
6.4.
6.5.
6.6.
6.7.
6.8.
6.9.
vWorkspace Client / vWorkspace Client AppPortal .....................................................................35
Leostream ....................................................................................................................................35
NX Client.......................................................................................................................................36
PowerTerm WebConnect .............................................................................................................36
PowerTerm Terminal Emulation ..................................................................................................37
Browser Sessions..........................................................................................................................38
6.9.1. Global ...............................................................................................................................38
6.9.2. Advanced .........................................................................................................................38
6.10. Windows Media Player ................................................................................................................39
6.11. VoIP Client ....................................................................................................................................39
7.
Accessories .....................................................................................................................................................40
7.1.
7.2.
7.3.
8.
Setup Session ...............................................................................................................................40
Sound Mixer .................................................................................................................................41
Windows Services ........................................................................................................................41
User interface ..................................................................................................................................................42
8.1.
Screen...........................................................................................................................................42
8.1.1. Options ............................................................................................................................43
8.2.
8.3.
8.4.
8.5.
Language ......................................................................................................................................43
Input .............................................................................................................................................44
Desktop and Start Menu ..............................................................................................................44
Shell ..............................................................................................................................................44
9.
Network ..........................................................................................................................................................45
9.1.
9.2.
9.3.
9.4.
10.
LAN and Wireless .........................................................................................................................45
VPN Connection ...........................................................................................................................45
Routing .........................................................................................................................................45
Network Drives ............................................................................................................................46
Devices ...........................................................................................................................................................47
10.1. Thin Print ......................................................................................................................................47
10.2. USB Devices..................................................................................................................................47
11.
Security ...........................................................................................................................................................48
11.1.
11.2.
11.3.
11.4.
12.
Password ......................................................................................................................................48
Active Directory ...........................................................................................................................49
Network .......................................................................................................................................49
Windows Firewall .........................................................................................................................49
System ............................................................................................................................................................52
12.1. Date and Time ..............................................................................................................................52
12.2. Update 52
12.2.1. Snapshots.........................................................................................................................52
12.2.2. Partial Update ..................................................................................................................55
12.3. Remote Management ..................................................................................................................56
12.4. Shadowing ....................................................................................................................................56
Basic principles and requirements .........................................................................................................57
Shadow clients securely .........................................................................................................................59
VNC logging ............................................................................................................................................60
12.5. File Based Write Filter (Windows Embedded Standard 7)...........................................................61
12.6. Energy Options .............................................................................................................................62
12.7. Firmware configuration ...............................................................................................................63
12.8. Registry ........................................................................................................................................64
12.9. System Restoration ......................................................................................................................65
13.
Index ...............................................................................................................................................................66
About this document
All illustrations and descriptions in this document relate to the IGEL Universal Desktop W7 firmware in
Version 3.12.100.
This manual is divided into the following sections:
•
•
•
•
•
•
•
•
•
•
Quick installation (Seite 8): Setting up the thin client for the first time
Boot options (Seite 9): Information about the client boot process
IGEL device information (Seite 9): Device and setup information
IGEL setup (Seite 11): Configuring, launching and ending setup
Sessions (Seite 13): Creating and configuring application sessions
User interface (Seite 40): Screen, desktop, start menu, language, entry
Network (Seite 45): LAN/WLAN, VPN, routing. Network drives
Devices (Seite 47): ThinPrint, USB
Security (Seite 48): User accounts, password, Active Directory, Password Manager Agent
System (Seite 52): Date/time, remote management, shadowing, energy options, registry, write filters,
update, firmware functions
What is new in 3.12.100?
You will find the release notes for the IGEL Universal Desktop W7 3.12.100 both as a text file next to the
installation programs on our download server (http://myigel.biz) and in our Knowledge Base
(http://edocs.igel.com/).
•
•
•
•
•
•
Automatic detection of screen resolution: The thin client can automatically detect the resolution of the
connected screen. Information regarding configuration can be found under Screen (Seite 42).
Snapshot file can be loaded from any local directory with IGEL WinLinux: From now on, the snapshot
file does not necessarily need to be in the \igel\snapshots directory because IGEL WinLinux
scans the entire USB storage medium. Further information can be found under Download (Seite 53).
The UMS is notified about installed partial updates (Seite 54).
During shadowing (Seite 56), an image file can be shown as a maintenance screen.
Access to the rescue shell is secured with a special password (Seite 48).
The Windows firewall (Seite 49) optionally allows ping requests.
IGEL Universal Desktop W7 3.12.100 requires Language Packs in the new v7 format which are
available for downloading from http://myigel.biz (http://myigel.biz).
Please note the licensing information for Windows Embedded Standard
(http://edocs.igel.com/#10203297.htm), especially when using Microsoft Office 365.
5
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Formatting and Meanings
The following formatting is used in the document:
Hyperlink
Internal or external links
Proprietary names Proprietary names of products, firms etc.
GUI text
Elements of text from the user interface
Menu > Path
Menu paths in systems and programs
Input
Program code or system inputs
Keyboard
Commands that are entered using the keyboard

Checked checkbox

Unchecked checkbox
Version 5.02.100
Firmware version
Reference to other parts of the manual or other eDocs articles.
Note regarding operation
Warning: Important note which must be observed
6
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
1.
IGEL Universal Desktop Firmware
IGEL thin clientscomprise the latest hardware and an embedded operating system. Depending on the
product, this operating system may be based on IGEL Linux or Microsoft Windows Embedded Standard.
The firmware included with every IGEL Universal Desktop product is multifunctional and contains a wide
range of protocols allowing access to server-based services. The IGEL Universal Desktop firmware is
available on the basis of two possible operating systems.
Depending on the operating system, the following options are available:
Options
IGEL Linux
Windows Embedded
Standard 7
Ericom Powerterm terminal
✓
emulation
✓
IGEL Shared Workplace
✓
✓
IGEL Universal MultiDisplay ✓
Codec package
✓
Management software: Universal Management Suite
For optimum management of your IGEL thin clients, the IGEL Universal Management Suite (UMS)is
available on our download page
(http://myigel.biz/index.php?dir=IGEL_UNIVERSAL_MANAGEMENT_SUITE/).
With the IGEL Universal Management Suite, you can configure thin clients in the same way as
in the devices' local setup.
7
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
2.
Quick installation
By following the procedure below, you can install the end device in your network environment in just a few
minutes:
1. Connect the end device to a VGA or DVI monitor, an AT-compatible keyboard with a PS/2 or USB
connection, a USB mouse and the LAN using an RJ45 connector.
2. Connect the end device to the power supply.
3. Switch on the end device and wait until the graphic desktop is launched.
You are now logged on as a user with the name user (password is user).
To log on as an administrator, proceed as follows:
1. Select Start > Log Off.
- with W7, holding down the Shift key 2. Hold down the Shift key and click on Log Off.
3. Hold down the Shift key until the logon window is shown.
4. Log on as an administrator user with the password administrator.
Change the administrator password after logging on for the first time!
A yellow IGEL symbol is shown in the Windows taskbar:
Figure 1: IGEL symbol in the taskbar
You can configure basic system settings here.
1. Right-click the IGEL symbol.
A pop-up menu opens.
2. Change the
-
Network settings
Display settings
Keyboard settings
3. Click OK to save your changes.
The device will now restart and will use the new settings thereafter.
These basic settings can also be configured in the IGEL setup application. A handy tool tip is available for
virtually every setting. If you would like to know more about a setting or option, simply move your mouse
pointer over it and wait a moment.
8
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
3.
Boot options
To select your desired boot options, proceed as follows:
1. Wait until the message > Booting, please wait < appears during the boot process.
2. Press the Esc key.
A selection menu opens.
3. Select one of the three boot options:
-
-
4.
Windows Embedded Standard: The system boots normally.
Download firmware image: The firmware download menu is shown. In order to download a
snapshot file from your server or a connected USB stick, you will need to provide the necessary
connection details.
Start rescue shell: In this case, you access the underlying Linux system, e.g. in order to restore the
system or reset the IGEL setup data.
IGEL device information
The IGEL device information provides a quick overview of the basic properties of your device.
 Double click the yellow IGEL symbol in the Windows taskbar in order to bring up the device
information.
Figure 2: IGEL device information
9
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Information
Details of the product, the firmware version, the IP address and a number of
hardware details such as CPU and RAM are shown.
Licenses
All software licenses contained in the firmware, e.g. the GNU General Public
License are shown. The individual licenses can be brought up by selecting Next and
Back.
Hotfixes
Shows all Microsoft Windows system patches, e.g. security updates.
About
Provides a detailed overview of your thin client hardware and software. In particular,
the licensed functions included in the firmware are shown here.
Network
information
Shows various information regarding the current network as well as the availability
of a UMS server.
10
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
5.
IGEL setup
There are various ways in which you can set up the
•
•
•
•
•
IGEL thin client to meet your needs:
via the Windows Embedded System system management
with the local IGEL setup
with the IGEL Universal Management Suite
via a VNC connection to the device (shadowing)
and/or through combinations of the above ways.
Via MS system management
A separate set of documentation for Windows system management is available from Microsoft
(https://technet.microsoft.com/de-de/library/ee633856%28v=sql.105%29.aspx). We do not
recommend that you configure the thin client via Windows system management because the settings
cannot be saved in a profile and will not be retained during an update with a snapshot.
Via local IGEL setup
If you are logged on as an administrator, you can open the IGEL setup applications from the Windows start
menu. The setup structure is similar to that on the IGEL Linux thin clients and in the IGEL Universal
Management Suite (IGEL UMS). An icon for launching the setup application can be placed on the desktop.
The setup is blocked for user by default. However, parts of the setup can be made available
to the restricted user so that they can for example select the keyboard layout or system
language themselves.
To launch the setup (after logging on as an administrator or if setup pages are available for the user),
proceed as follows:
1. Click on the Setup symbol in the taskbar or
2. Click on the Setup application in the start menu or
3. Place a symbol for the Setup on the desktop (Setup > Accessories > Setup Session > Start Options).
To end the setup, proceed as follows:
1. Click on Apply to save the changes you have made.
2. Click on OK to save your changes and close the application.
3. Click on Cancel to close the application without saving your changes.
11
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
5.1. Setup Areas
The setup application comprises the following main areas:
•
•
•
•
•
•
•
Sessions (Seite 13): In this area, you can create and configure application sessions such as ICA, RDP,
terminal emulation, browser and others.
Accessories (Seite 40): The IGEL setup application can be restricted for users (not the administrator). A
number of Windows services can be enabled or disabled.
User interface (Seite 42): The system language, display settings, entry devices as well as the behavior of
the desktop and start menu can be configured here. These settings apply to all users in a group (user /
administrator).
Network (Seite 45): In this area, you can configure all the network settings for LAN / WLAN interfaces.
Network drives are also configured here.
Devices (Seite 47): The options for using various USB devices (e.g. memory sticks, WLAN or Bluetooth
devices) as well as printers are enabled or configured here.
Security (Seite 48): Passwords for the administrator and the user are set up, a user is specified for the
automatic logon procedure and domain information for a used Active Directory is entered here. The
Windows firewall can also be configured here via the IGEL setup.
System (Seite 52): A number of basic parameters such as time synchronization, firmware update
information, write filter configuration (File Based Write Filter, FBWF) etc. can be specified here.
Individual IGEL services (features) can also be managed (enabled / disabled) here.
To navigate in the setup application:
 Click one of these areas to open up the relevant sub-structure.
 Navigate within the tree structure in order to switch between the setup options.
 Use the arrow buttons to move backwards and forwards between the visited setup pages or to reach
the next level up.
Figure 3: Arrow buttons
5.2. Searching setup pages
To search for parameter fields or parameter values in the setup, proceed as follows:
1. Open the Search area in the left-hand window.
2. Enter the search parameters.
3. Select one of the hits.
4. Click on Show Result and you will be taken to the relevant setup page.
The parameter or value found will be highlighted.
12
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
6.
Sessions
Menu path: Setup > Sessions
The session types which are available for configuration depend on the license for your IGEL thin client. An
overview of the functions included with each license level can be found in the product list on the IGEL
website (http://www.igel.com).
The Sessions > Session Overview area in the IGEL setup lists all sessions already configured.
To add a new session, proceed as follows:
 Click on Add.
or
 Navigate to the desired session type in the structure tree and create a new session there.
Each session configuration contains the point Desktop integration. Here, you can define the session name,
the appearance of the session in the start menu or on the desktop and the start behavior (automatic /
manual).
To edit a session list, proceed as follows:
•
Click on
•
Click on
to remove the session.
•
Click on
to edit the session.
to create a new session.
6.1. Citrix
Menu path: Setup > Sessions > Citrix
•
Use IGEL Setup for configuring Citrix settings
 The IGEL Setup will change the Citrix settings.
 The Citrix settings will be changed in another way.
•
•
Installaton root path for Citrix client: Specify the path to the directory in which the Citrix client is
installed, e.g. C:\Program Files\Citrix\ICA Client
Installaton root path for Citrix Self-Service: Specify the path to the directory in which the Citrix
Self-Service Plugin is installed.
13
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
6.1.1.
ICA Global
Menu path: Setup > Sessions > Citrix > ICA Global
The global settings define default parameters which are used in all sessions or can be overridden in the
relevant session configuration.
Further information regarding the individual parameters can be found in the original
documentation from Citrix: http://docs.citrix.com/
Server Location
Menu path: Setup > Sessions > Citrix > ICA Global > Server Location
In this area, you can specify the master ICA browser. The Citrix ICA client is connected to the network. It
allows you to bring up a list of all Citrix servers and all published applications which are accessible via the
network and use the selected browsing protocol.
The address of the first Citrix server to reply functions as the master ICA browser.
You can specify a separate address list for each network protocol. This can be TCP/IP + HTTP or SSL/TLS +
HTTPS.
You can add a number of addresses to the address list so that the clients can establish a
connection and function even if one or more servers are not available.
•
TCP/IP + HTTP: You can also call up information from the available Citrix servers and published
applications via a firewall.
TCP/IP + HTTP supports the Auto-Locate function.
•
SSL/TLS + HTTPS: Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption offer server
authentication and data stream encryption. They also allow you to check the integrity of messages.
If you try to establish a non-SSL/TLS connection to an SSL/TLS server, you will not be
connected. A Connection Failed message will be shown.
14
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Window
Menu path: Setup > Sessions > Citrix > ICA Global > Window
•
Default number of colors: Specifies the default color depth.
Possible values:
-
•
•
16
256
Thousands
Millions
Default horizontal resolution: Specifies the window width in pixels.
Default vertical resolution: Specifies the window height in pixels.
Keyboard
Menu path: Setup > Sessions > Citrix > ICA Global > Keyboard
These settings can only be configured globally here and cannot be overridden in the sessions.
•
•
Keyboard layout: Default is pre-populated but you can also select a country-specific layout. Default
means that the local keyboard setting will be used in ICA too.
Redirect Ctrl-Alt-Delete to sessions
 The key combination will not be processed by the local thin client. It will be forwarded to the
session instead.
 The key combination will be processed by the thin client.
•
Hotkeys: You can set up the hotkeys for the server system on function keys or key combinations on the
local keyboard.
Firewall
Menu path: Setup > Sessions > Citrix > ICA Global > Firewall
Here, you can configure ICA connections which run via a firewall, a SOCKS proxy server or a Citrix Secure
Gateway (in relay mode).
•
Use alternate address
 This option should be enabled if you use ICA sessions in order to establish a connection to a specific
Citrix server behind a firewall. Generally speaking, the Citrix server's IP address within the local
network is different from the one used outside. Once the alternate address is enabled, the server
must be added to the address list under Server Location (Seite 14).
 The Citrix server has no alternate IP address.
You will find more information on server configuration if you look for the command altaddr in your
Citrix administration manual.
•
SOCKS / secure proxy: Select the default proxy settings here or define the settings yourself.
-
•
Proxy type: Choose between None (direct connection), SOCKS and Secure (HTTPS). Enter the
address for the proxy server and the proxy port, unless you have selected None.
Secure Gateway (relay mode): Enter the Secure Gateway address and port.
15
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Options
Menu path: Setup > Sessions > Citrix > ICA Global > Options
•
Disable Windows Alert Sounds
 The local system's alert sounds will not be used.
 The local system's alert sounds will be used.
•
Deferred screen update mode
 Updates from the local video buffer will be shown on the screen with a delay. The local video buffer
is used if the seamless Windows mode or HDX latency reduction is used.
 Updates from the local video buffer will not be delayed.
If you work with images that are displayed over and over again, you can significantly improve
the performance of your ICA session(s) with the following three settings.
Cache size in kB: Specify the maximum amount of local system memory in kilobytes used for temporary
storage purposes.
Do not make the cache too big otherwise you run the risk of the thin client having too little
memory for its own system and other applications. Ultimately, you may have no alternative but
to equip your thin client with additional RAM.
•
•
•
Minimum Bitmap Size in Bytes: Specify the minimum size of the bitmap files that are to be stored in
the cache.
Persistent Cache Path: Specify the directory where the files are to be stored locally.
Enable Auto Reconnect
 The Citrix client will automatically reconnect if the connection was terminated.
 The Citrix client will not automatically reestablish the connection.
•
•
Maximum retries: Number of reconnection retries
Enable Single Sign-on through ICA file:
 You will only need to log on once.
 "Single sign-on" will not be used.
USB Redirection
Menu path: Setup > Sessions > Citrix > ICA Global > USB Redirection
•
Enable USB Redirection (XenDesktop and Citrix VM hosted):
 You can use the local computer's USB devices in sessions.
•
•
•
•
Default Rule: Choose between Deny and Allow to set a rule for all devices to which no more specific
rule applies.
Automatically redirect all devices via native USB redirection: If the parameter is enabled, all USB
devices with native USB redirection will be forwarded.
Class Rules: Define rules by selecting a Class ID and Subclass ID for USB devices.
Device Rules: Define rules for individual devices by entering a Vendor ID and Product ID.
16
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
To work with rules, proceed as follows:
 To create a rule, click
.
 To remove a rule, click
.
 To change a rule, click
.
HDX
Menu path: Setup > Sessions > Citrix > ICA Global > HDX
•
Flash acceleration/redirection: Specify whether Flash content should Always or Never be redirected or
whether the software should Ask the user..
Redirecting Flash content can improve playback.
•
•
•
•
File access: Specify what access to local client files is allowed.
Microphone and webcam access: Specify what access to local microphones and webcams is allowed.
PDA access: Specify what access to personal digital assistants (PDAs) is allowed.
USB and other devices access: Specify what access to USB devices, scanners, digital cameras and the
like is allowed.
6.1.2.
ICA Sessions
Menu path: Setup > Sessions > ICA > ICA Sessions
Many of the session parameters can be pre-populated through the global settings. However, a number of
them can only be set in the session configuration, e.g. logon data or desktop integration.
How to work with sessions:
 To create a session, click
.
 To remove a session, click
.
 To change a session, click
.
The primary source of further information relating to Citrix connections should always be the relevant
Citrix documentation. This manual merely gives general configuration tips.
17
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Server
Menu path: Setup > Sessions > Citrix > ICA Sessions > [Session Name] > Connections
•
•
Browser Protocol: The protocol that is to be used when searching for servers and published
applications.
Don't use default server location
 The default server location will not be used. Enter one or more HTTP server locations.
 The default server location will be used.
•
•
•
•
•
Citrix Server: The user is connected to the entire desktop as if logging on at the server itself. As a result,
all applications, permissions and settings contained in the user's profile (local server profile) are
available.
Published Application: If you select a published application, the session is opened in a window which
contains just one application. The session is ended if you close this application.
Connections: You can manually enter the IP address or the host name of the server in this field.
Application: If you have entered the server manually, you can specify a published application here.
These fields are automatically filled in if you have selected one of the recognized published
applications.
Working Directory: Details of the path name of the working directory for the application
Logon
Menu path: Setup > Sessions > Citrix > ICA Sessions > [Session Name] > Logon
•
•
•
User Name: Allows you to specify the user name for the session
Password: Allows you to specify the password for the session
Domain: Allows you to specify the domain for the session
If you save a user name, password and domain in the session configuration, the user will no
longer need to give these details at the start of a session. If you leave these fields empty, the
user will have to enter them in a mask before the session start.
•
Do not show Password Protection Window (Ctrl-Alt-Delete) before Logon
 The Windows Password Protection Window will not be shown.
 The Windows Password Protection Window will be shown.
Window
Menu path: Setup > Sessions > Citrix > ICA Sessions > [Session Name] > Window
In this area, you can define the window size and color depth for the session. For published applications, the
seamless window mode can be enabled.
•
•
Number of Colors: The color depth is specified in ICA Global (Seite 14). You can change it for this
session.
Use full-screen mode
 The session will be shown in full-screen mode.
 You can choose between the global default setting and a session-specific setting.
18
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
•
WindowSize: Choose between the pre-defined default size and a range of other sizes.
Enable Seamless Window Mode
 Seamless Window Mode will be used.
Seamless Window Mode can only be used with published applications or with a specified start
program for the server connection.
 Seamless Window Mode will not be used.
Firewall
Menu path: Setup > Sessions > Citrix > ICA Sessions > [Session Name] > Firewall
Here, you can configure ICA connections which run via a firewall, a SOCKS proxy server or a Citrix Secure
Gateway (in relay mode).
•
Use alternate address through firewalls
 This option should be enabled if you use ICA sessions in order to establish a connection to a specific
Citrix server behind a firewall. Generally speaking, the Citrix server's IP address within the local
network is different from the one used outside. Once the alternate address is enabled, the server
must be added to the address list under Server Location.
 No alternate IP address will be used.
You will find more information on server configuration if you look for the command altaddr in your
Citrix administration manual.
•
SOCKS / Secure Proxy: Select the default proxy settings here or define the settings yourself.
-
•
Proxy Type: Choose between None (direct connection), SOCKS and Secure (HTTPS). Enter the
address for the Proxy Server and the Proxy port, unless you have selected None.
Secure Gateway (relay mode): Enter the SSL Proxy Server and SSL Proxy Port.
Wiederverbindung
Menu path: Setup > Sessions > Citrix > ICA Sessions > [Session Name] > Reconnect
•
Enable Auto Reconnect
 The Citrix client will automatically reconnect if the connection was terminated.
 The Citrix client will not automatically reestablish the connection.
•
Maximum Retries: Number of reconnection retries
Options
Menu path: Setup > Sessions > Citrix > ICA Sessions > [Session Name] > Options
•
Compression:
 Data compression reduces the amount of data transferred via the ICA session. This in turn reduces
network traffic to the detriment of CPU performance. Compression should be used when
connecting the server via WAN.
 The data to be transmitted will not be compressed. This setting is suitable when using relatively
low-performance servers and when working in a LAN.
19
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
Persistent Cache Enabled
 The image data will be cached. This makes sense when using a number of ICA sessions if only one or
two sessions are critical with regards to network bandwidth or are used heavily during the day. In
this case, you should reserve the cache space for these sessions.
 The image data will not be cached.
•
Client Drive Mapping
 The local drives will be available in the session.
 The local drives will not be available in the session.
•
•
Encryption Level: Encryption increases the security of your ICA connection. Basic encryption is enabled
by default. You should therefore ensure that the Citrix server supports RC5 encryption before you
select a higher level of encryption.
Client Audio
 System sounds and audio output from your applications will be transferred to the thin client and
played back via the connected loudspeakers. The higher the level of audio quality you select, the
more bandwidth is needed for transferring audio data.
 No system sounds and audio output will be transferred to the thin client.
Speedscreen latency reduction
Improves the performance of high-latency connections by allowing the client to react immediately to
keyboard entries or mouse clicks. This gives users the feeling that they are using a normal PC.
Speedscreen only works if the function was enabled and configured on the Citrix server
beforehand.
•
Mouse click feedback: Visual feedback in response to a mouse click – an hourglass symbol appears
immediately.
-
•
Off
On
Automatic
Local Text Echo: Displays the text entered more quickly. This avoids latencies within the network. Select
a mode from the drop-down list:
-
Off: For faster connections (connection via a LAN)
On: For slower connections (connection via WAN) in order to reduce the delay between the user
entering text and the text being displayed on the screen.
Automatic: If you are not sure how fast the connection is
Desktop Integration
Menu path: Setup > Sessions > Citrix > ICA Sessions > [Session Name] > Desktop Integration
•
•
Session Name: Give the name of the session which is to be shown.
Start Menu
 An entry will be placed in the start menu.
 No entry will be placed in the start menu.
20
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
Desktop
 A start icon will be placed on the desktop.
 No start icon will be placed on the desktop.
•
Autostart
 The session will start automatically after you log on to the device.
 The session will not start automatically.
6.1.3.
Self-Service Plugin
Menu path: Setup > Sessions > Citrix > Self-Service Plugin
With the Self-Service Plugin, the user can find and launch published applications and desktops.
Server
Menu path: Setup > Sessions > Citrix > Self-Service Plugin > Server
•
Use IGEL Setup for Citrix Self-Service Plugin configuration:
 The IGEL setup will configure the Citrix Self-Service plugin.
 The Citrix Self-Service plugin will be configured in another way.
Here, you can set up sessions for
•
•
•
Citrix XenApp 6.x or older
Citrix XenApp/XenDesktop 7.x Store
Citrix XenApp/XenDesktop 7.x Legacy Mode
Logon
Menu path: Setup > Sessions > Citrix > Self-Service Plugin > Logon
•
Allow user to save password:
Possible values:
-
•
Do not allow user saving password
Allow user saving password for https stores only
Allow user saving password for http and https stores
Allow user to add stores:
Possible values:
-
•
Do not allow user to add stores
Allow user to add https stores only
Allow user to add http and https stores
Allow the use of http stores
 The client is allowed to connect to stores without encryption (via HTTP).
 The client is not allowed to connect to stores without encryption.
21
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
Logon mode:
Possible values:
-
Prompt user
Smart card logon
Pass-through authentication
Pass-through with smart card authentication
Appearance
Menu path: Setup > Sessions > Citrix > Self-Service Plugin > Appearance
•
Use categories from published applications as submenu path
 The applications will be sorted according to categories in the start menu.
 The applications will be sorted differently.
•
•
•
Additional submenu in start menu: Here you can specify a directory which contains the applications in
the start menu.
Additional sub-menu on desktop: Here you can specify a directory which contains the applications on
the desktop.
Enable Citrix Receiver Self-Service Mode:
 You will find the applications in a custom Self-Service GUI
 The Self-Service GUI will not be used.
•
Give user the option to add or remove accounts in Non-Self-Service Mode
 If the Self-Service Mode is disabled, the user can edit accounts via the Citrix Receiver context
menu in the system tray.
 The user cannot edit accounts via the Citrix Receiver context menu in the system tray
Desktop Integration
Menu path: Setup > Sessions > Citrix > Self-Service Plugin > Desktop Integration
•
•
Login Session Name: Give the name of the session which is to be shown.
Put shortcuts in Start Menu
 Shortcuts will be set up in the start menu.
 No shortcuts will be set up in the start menu.
•
Put shortcuts on the desktop
 Shortcuts will be set up on the desktop.
 No shortcuts will be set up on the desktop.
•
Autostart
 The session will start automatically after you log on to the device.
 The session will not start automatically.
22
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
6.2. Remote Desktop Protocol - RDP
Menu path: Setup > Sessions > RDP
The Microsoft RDPclient is used for connections via the Remote Desktop Protocol (RDP). The configuration
of the client has been integrated into the IGEL setup.
You will find detailed information regarding Microsoft RDP on the website
http://technet.microsoft.com (http://technet.microsoft.com/ http://technet.microsoft.com/).
•
Use IGEL Setup for configuring Microsoft RDP settings:
 Configure RDP using the IGEL Setup.
 Do not use Setup.
6.2.1.
RDP (Global Settings)
Menu path: Setup > Sessions > RDP > RDP
Global settings specify how the RDP client (mstsc.exe) behaves if it is launched without a specific
session.
•
•
•
•
•
Window: Allows you to set the number of colors, display via several monitors, true multi-monitor
support and the window size
Mapping: Allows you to assign audio, keyboard hotkeys, printers, COM ports, smartcards and drives to
the session
Performance: Performance-relevant settings such as desktop wallpaper, font smoothing, video
redirection, bitmap cache and compression
Options: Allows you to set the application, working directory, authentication options and configuration
for an RD Gateway server
USB Redirection: Allows you to prohibit and allow RemoteFX USB redirection for individual USB devices
Logon
Menu path: Setup > Sessions > RDP > RDP > Logon
•
•
•
•
Server: Address of the server
User name: Allows you to specify the user name
Domain: Allows you to specify the domain
Reconnect:
 The client will automatically reconnect if the connection was terminated.
 The client will not automatically reestablish the connection.
23
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Window
Menu path: Setup > Sessions > RDP > RDP > Window
•
Number of colors: Allows you to specify the default color depth
-
•
8 bit
16 bit
24 bit
32 bit
Span desktop:
 The RDP session will use all available monitors as the desktop.
 No, do not span desktop
•
True Multimonitor support:
 The user can connect to multimonitor configurations.
 No true multimonitor support
•
•
Window size: Choose between full screen and a range of fixed sizes.
Display the Connection bar:
 A symbol bar for minimizing and closing the full-screen session will be shown.
 No, do not show Connection Bar.
Keyboard
Menu path: Setup > Sessions > RDP > RDP > Keyboard
These settings can only be configured globally here and cannot be overridden in the sessions.
•
Enable Clipboard Mapping:
 Content can be shared between the local system and the session via the Clipboard.
 No, do not enable Clipboard Mapping
•
Override local window manager keyboard shortcuts:
 The session hotkeys will override equivalent local ones.
 No, do not override hotkeys.
•
Redirect Ctrl-Alt-Delete to sessions:
 This key combination will not be processed by the local thin client. It will be forwarded to the
session instead.
 No, do not redirect.
24
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Mapping
Menu path: Setup > Sessions > RDP > RDP > Mapping
•
Enable client audio: Select one of the following options:
-
•
On - local
On - remote
Off
Audio Recording Redirection
 The local microphone will be passed on to the RDP session.
 Do not redirect.
•
Override local window manager keyboard shortcuts:
 The session hotkeys will override equivalent local ones.
 Do not override hotkeys.
•
Enable Printer Mapping
 Make local printer available in the RDP session.
 Do not enable.
•
Enable COM Port Mapping:
 Make local COM ports available in the session.
 No mapping of COM ports.
•
Enable Smartcard Mapping:
 Redirect smartcards
 No, do not enable.
•
Enable Clipboard Mapping:
 Content can be shared between the local system and the session via the clipboard.
 Do not enable.
•
Enable Drive Mapping
 Make drives available in the session
 No, do not map drives.
•
Drives
 Make all drives available in the session
 No, do not map all drives.
•
•
Specific drives (select)
Drives that I connect to later
 Automatically map newly connected drives
 Do not map new drives
25
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Performance
Menu path: Setup > Sessions > RDP > RDP > Performance
•
Detect connection quality automatically:
If you disable this option, you can manually configure the following settings for reducing visual effects
in order to conserve resources:
-
•
Disable Wallpaper
Don't show content of window while dragging
Disable Menu and Window animation
Disable Themes
Disable Cursor Settings
Disable Font smoothing
Disable Desktop composition
Video Redirection
 Videos will be played back locally.
 Videos will be played back on the server.
•
Redirect DirectX commands:
 Graphics functions will be executed locally.
 Graphics functions will be executed on the server.
•
Disable Bitmap cache:
 Images will not be cached locally.
 Images will be cached locally.
•
Compression:
-
Default
On
Off
In low-bandwidth environments, you should use Compression in order to reduce network
traffic.
Please note that the use of compression reduces the burden on the network but does use CPU
power.
Options
Menu path: Setup > Sessions > RDP > RDP > Options
•
•
•
Application: Specify a start-up application for the terminal server session.
Working directory: Specify the working directory.
Authentication Options: Select from the following options to check whether the server authenticates
itself correctly:
-
Always connect, even if authentication fails
Do not connect if authentication fails
Warn me if authentication fails
26
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Select from the following options for the RD Gateway:
•
•
•
Automatically detect RD Gateway server settings
Do not use an RD Gateway server: Direct connection to the RDP server
Use these Gateway server settings: If you choose this option, edit the following settings:
-
Server name
Login method: Choose from Allow me tpo select later, Ask for password (NTLM) and Smartcard.
Bypass RD Gateway server for local addresses:
 No gateway will be used for connections in the local network.
 No, do not bypass.
-
Use my RD Gateway credentials for the remote computer
 Pass on logon information on the RD Gateway to the remote computer
 Do not use
USB Redirection
Menu path: Setup > Sessions > RDP > [Session Name] > USB Redirection
•
Enable RemoteFX USB Redirection: If this option is enabled, you can allow or prohibit redirection.
How to work with device rules:
 To create a rule, click
in the Device Rules area.
- Choose between Deny and Allow.
- Specify the Instance ID of the device.
 To remove a rule, click
.
 To change a rule, click
.
6.2.2.
RDP Sessions
Menu path: Setup > Sessions > RDP > RDP Sessions
Many of the session parameters can be pre-populated through the global settings. However, a number of
them can only be set in the session configuration, for example logon data or desktop integration.
How to work with sessions:
 To create a session, click
.
 To remove a session, click
.
 To change a session, click
.
27
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Server
Menu path: Setup > Sessions > RDP > RDP Sessions > [Session Name] > Server
Choose between the following modes:
•
•
Server: If this option is selected, you only need to enter the server.
Enable RemoteApps mode: If this option is selected, fill in the following fields:
-
RemoteApp Server Port: Network port on which the application is offered. The default setting is
3389.
Program to execute
Name for the executed program
Commandline parameters for the executed program
Logon
Menu path: Setup > Sessions > RDP > RDP Sessions > [Session Name] > Logon
•
•
•
User name: Allows you to specify the user name
Domain: Allows you to specify the domain
Enable reconnect:
 The client will automatically reconnect if the connection was terminated.
 The client will not automatically reestablish the connection.
Window
Menu path: Setup > Sessions > RDP > RDP Sessions > [Session Name] > Window
•
•
•
Window size: Choose between full screen and a range of fixed sizes.
Number of colors: Allows you to specify the default color depth
Span desktop
 The session will use all available monitors as the desktop.
 The session will use only one monitor as the desktop.
•
True Multimonitor Support
 You can connect to multi-monitor configurations.
 No true multi-monitor support
•
Display the Connection Bar
 A symbol bar for minimizing and closing a full-screen session will be shown.
 No symbol bar will be shown.
28
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Performance
Menu path: Setup > Sessions > RDP > RDP Sessions > [Session Name] > Performance
•
Detect connection quality automatically
If you disable this option, you can manually configure the following settings which reduce visual effects
in order to conserve resources:
-
•
Disable Wallpaper
Do not show content of window while dragging
Disable Menu and Window animation
Disable Themes
Disable Cursor Settings
Disable Font smoothing
Disable Desktop Composition
Video Redirection
 Videos will be played back locally.
 Videos will be played back on the server.
•
Redirect DirectX Commands
 Graphics functions will be executed locally.
 Graphics functions will be executed on the server.
•
Disable Bitmap cache
 Images will not be cached locally.
 Images will be cached locally.
•
Compression:
-
default
on
off
In low-bandwidth environments, you should use compression in order to reduce network
traffic.
Please note that the use of compression reduces the burden on the network but does use CPU
power.
Mapping
Menu path: Setup > Sessions > RDP > RDP Sessions > [Session Name] > Mapping
•
Enable Client Audio: Select one of the following options:
-
•
On - local
On - remote
Off
Audio Recording Redirection
 The local microphone will be passed on to the RDP session.
 Do not redirect.
29
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
Override local window manager keyboard shortcuts:
 The session hotkeys will override equivalent local ones.
 Do not override hotkeys.
•
Enable Printer Mapping
 Make local printer available in the RDP session.
 Do not enable.
•
Enable COM Port Mapping:
 Make local COM ports available in the session.
 No, no mapping of COM ports.
•
Enable smartcard mapping:
 Redirect smartcards
 No, do not enable.
•
Enable Clipboard mapping:
 Content can be shared between the local system and the session via the clipboard.
 Do not enable.
•
Map all drives
 Make all drives available in the session
 No, do not map all drives.
•
•
Specific drives (select)
Drives that I connect to later
 Automatically map newly connected drives
 Do not map new drives
Options
Menu path: Setup > Sessions > RDP > RDP Sessions > [Session Name] > Options
•
•
•
Application: Specify a start-up application for the terminal server session.
Working Directory: Specify the working directory.
Authentication Options: Select from the following options to check whether the server authenticates
itself correctly:
-
Always connect, even if authentication fails
Do not connect if authentication fails
Warn me if authentication fails
Select from the following options for the RD Gateway:
•
•
•
Automatically detect RD Gateway server settings
Do not use an RD Gateway server: Direct connection to the RDP server
Use these Gateway server settings: If you choose this option, edit the following settings:
-
Server name
Login method: Choose from Allow me to select later, Ask for password (NTLM) and Smartcard.
Bypass RD Gateway server for local addresses:
 No gateway will be used for connections in the local network.
 No, do not bypass.
30
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
-
Use my RD Gateway credentials for the remote computer
 Pass on logon information on the RD Gateway to remote computers
 Do not use
Desktop Integration
Menu path: Setup > Sessions > RDP > RDP Sessions > [Session Name] > Desktop Integration
•
•
Session name:Give the name of the session which is to be shown.
Starting methods for session:
-
Start menu:
 Create an entry in the start menu.
 Do not create an entry.
-
Desktop:
 Create an entry on the desktop.
 Do not create an entry.
-
Autostart:
 The session will start automatically after you log on to the device.
 No autostart
6.3. VMware Horizon Client
Menüpfad: Setup > Sitzungen > Horizon Client
Here you can configure Horizon Client sessions.
•
Use IGEL Setup for configurint VMWare settings
 Yes, use this.
 No, do not use this.
•
Path to "vmware-view.exe": File path to the Horizon executable, for instance
C:\Program Files\VMware\VMware Horizon View Client\vmware-view.exe
You will find a detailed description of the client parameters in the original documentation for Horizon
at http://www.vmware.com/support/pubs/view_pubs.html
(http://www.vmware.com/support/pubs/view_pubs.html http://www.vmware.com/support/pubs/view_pubs.html).
Note regarding the use ot Thin Print (Seite 47) wihin the Horizon session.
31
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
6.3.1.
Horizon Client Global
Menu path: Setup > Sessions > Horizon Client > Horizon Client Global
USB redirection
•
Enable USB redirection
 You can use the local computer's USB devices in sessions.
 No, do not enable
•
•
•
Default Rule: Choose between Deny and Allow to set a rule for all devices to which no more specific
rule applies.
Class Rules: Define rules by selecting a class ID and sub-class ID for USB devices.
Device Rules: Define rules for individual devices by entering a Vendor ID and Product ID.
How to work with rules:
 To create a rule, click
.
 To remove a rule, click
.
 To change a rule, click
.
Keyboard (cannot be overridden in the sessions):
•
Redirect Ctrl-Alt-Delete to sessions:
 The key combination will not be processed by the local thin client. It will be forwarded to the
session instead.
 No, do not redirect.
6.3.2.
Horizon Client Sessions
Menu path: Setup > Sessions > Horizon Client > Horizon Client Sessions
Many of the session parameters can be pre-populated through the global settings. However, a number of
them can only be set in the session configuration, e.g. logon data or desktop integration.
How to work with sessions:
 To create a session, click
.
 To remove a session, click
.
 To change a session, click
.
32
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Verbindungseinstellungen
Menu path: Setup > Sessions > Horizon Client > Horizon Client Sessions > [Session Name] > Connection
Settings
•
•
Server URL: The address of the Horizon server
Use SSL encryption:
 The connection will use TLS/SSL encryption.
 No, do not use this.
•
•
•
•
Username: Username for the Horizon server.
User password: Password for the Horizon server
Domain: The domain for logging on
Session type:
-
•
•
•
Name of the desktop:
For the Application session type: Application name:
Hide client after launch session:
-
•
On: Yes, hide it.
Off: No, do not hide it.
Protocol:
-
•
Desktop: Show the entire desktop of the remote system.
Application: Show only one application window.
Server default
RDP
PCoIP
Log on as current user:
 Use the current user name.
 Do not use the current user name.
•
Kiosk mode
-
•
Single autoconnect
-
•
On: Use the kiosk mode, where the user does not need to log on and has only limited operating
options.
Off: Do not enable kiosk mode.
On: Connect only to a single desktop or a single application.
Off: No single autoconnect
No VMware addins
-
On: Do not use VMware addins.
Off: Use VMware addins.
33
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Window
Menu path: Setup > Sessions > Horizon Client > Horizon Client Sessions > [Session Name] > Window
Here, you can specify how the Horizon session is displayed.
•
Display:
-
Full Screen: The session will fill a monitor.
Multimonitor: The session will fill several monitors.
Window - Large: The session will be shown in a large window.
Window - Small: The session will be shown in a small window.
Mapping
Menu path: Setup > Sessions > Horizon Client > Horizon Client Sessions > [Session Name] > Mapping
Here, you can select whether and when USB devices are made available in the session.
•
Connect USB on insert:
 USB devices will be connected when they are inserted.
 Do not connect upon insert.
•
Connect USB on startup:
 USB devices will be connected when the session starts.
 Do not connect
Desktop Integration
Menu path: Setup > Sessions > Horizon Client > Horizon Client Sessions > [Session Name] > Desktop
Integration
•
•
Session name: Give the name of the session which is to be shown.
Starting methods for session:
-
Start menu:
 Create an entry in the start menu.
 Do not create an entry.
-
Desktop:
 Create an entry on the desktop.
 Do not create an entry.
-
Autostart:
 The session will start automatically after you log on to the device.
 No autostart
34
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
6.4. vWorkspace Client / vWorkspace Client AppPortal
Menu path: Setup > Sessions > vWorkspace Client Sessions /
vWorkspace AppPortal
The Quest vWorkspace Client is based on hypervisors from other providers and is therefore compatible
with VMware vSphere, Microsoft Hyper-V and XenServer.
In the setup, configure settings for:
•
•
•
vWorkspace Client sessions
vWorkspace AppPortal
vWorkspace AppPortal Farms
All configuration parameters for the vWorkspace Client and the vWorkspace AppPortal farm are
described in detail in the original documentation for the relevant client version. See
https://support.software.dell.com/vworkspace/8.0.1.
(https://support.software.dell.com/vworkspace/8.0.1)
In the IGEL setup, parameter settings can be configured for each farm. Alternatively, details of
a configuration file (XML) which is saved at a different location are given there. Direct
configuration of the client outside the IGEL setup is not possible.
6.5. Leostream
Menu path: Setup > Sessions > Leostream
 Specify the server, user and domain for logging on with Leostream Connection Broker and enter
details of the desktop you would like to connect.
If you do not specify a desktop, you will be given a list of available desktops when you log on.
In the administration for the Leostream Connection Broker, you need to configure the connection plan so
that RDP is used on a priority basis for the connection. The three protocols RDP, rdesktop and Ericom
Blaze use the same port 3389. The priority for RDP must therefore be higher than that for the other two
protocols.
35
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
This screenshot shows the use of rdesktop with preference over RDP, e.g. for connecting to IGEL UD
Linux thin clients.
Figure 4: Leostream protocol
More information on the Leostream Connection Broker is available from Leostream by visiting:
http://www.leostream.com/resources/downloads.php
(http://www.leostream.com/resources/downloads.php http://www.leostream.com/resources/downloads.php)
6.6. NX Client
Menu path: Setup > Sessions > NX Client
In this area, you can configure the NX Client remote desktop software.
The configuration parameters available depend on the server setting. Depending on what session type
(Unix, Windows, VNC or Shadow) is being used, the irrelevant setup pages will be grayed out.
Further information regarding configuration details such as server settings, performance, services etc.
can be found in the original documentation from NoMachine at
http://www.nomachine.com/documents (http://www.nomachine.com/documents.php http://www.nomachine.com/documents.php).
6.7. PowerTerm WebConnect
Menu path: Setup > Sessions > PowerTerm WebConnect
With PowerTerm WebConnect, you have both local and remote access to applications on Windows
terminal servers, virtual desktops, hypervisors such as VMware, Microsoft, Xen and Virtual Iron, blade PCs
and legacy hosts.
 Enter the host name of the WebConnect server you would like to establish a connection to.
36
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
The server configuration is described in the WebConnect documentation from Ericom:
http://www.ericom.com/doc/QRG/WebConnectGettingStarted.pdf
(http://www.ericom.com/doc/qrg/webconnectgettingstarted.pdf).
6.8. PowerTerm Terminal Emulation
Menu path: Setup > Sessions > PowerTerm Terminal Emulation
On IGEL thin clients with Windows Embedded Standard, PowerTerm InterConnect software from
ERICOM Software Ltd. is used for interaction with legacy host systems.
To open the PowerTerm Emulation Setup, proceed as follows:
1. Click on Add New Session.
2. Select PowerTerm as the session type.
The PowerTerm Emulation Setup window opens.
Figure 5: PowerTerm Interconnect > Emulation
This setup offers a good overview of the emulation types supported.
The setup pages used here were designed to look as similar as possible to the setup pages described in the
original documentation from ERICOM Software Ltd.
You will find detailed information on configuring the PowerTerm softwareon the Ericom
documentation website http://www.ericom.com/help.asp?cat=support
(http://www.ericom.com/help.asp?cat=support).
37
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
6.9. Browser Sessions
Menu path: Setup > Sessions > Browser Sessions
In this area, you can define basic settings for the browser.
•
Use IGEL Setup for configuring Microsoft Internet Explorer Settings
 The IGEL setup will change the settings for the browser.
 The settings for the browser will be defined in the browser's Internet options.
•
•
•
Session name: Name for the browser session
Global home page: Specifies the URL of the startup page.
IE kiosk mode
 The browser will run in kiosk mode. In the kiosk mode, the browser will appear in full-screen mode;
control bars, tool bars and bookmarks will not be shown.
•
Use a proxy server for your LAN: This setting applies to the LAN only, it does not apply to VPN or
dial-up connections.
 The browser will use the proxy configured under Setup > Sessions > Browser Sessions > Proxy for
websites in the LAN.
 The browser will use a direct connection for websites in the LAN.
•
Do not use proxy server for addresses beginning with: List of URLs for which no proxy is to be used
6.9.1.
Global
Menu path: Setup > Sessions > Browser Sessions > Global
You can define how the URL is displayed.
•
Show full URL
 The address bar shows the full URL, including the protocol prefix, e.g. http://www.igel.com.
 The address bar does not show the protocol, e.g. www.igel.com.
6.9.2.
Advanced
Menu path: Setup > Sessions > Browser Sessions > Advanced
If this area, you can change various settings for the Microsoft Internet Explorer.
•
Show pictures
 Images in websites will be shown.
 Images in websites will not be shown.
•
Play sounds in webpages
 The background sound of websites will be played. Playback will begin as soon as the page is
opened.
 The background sound of websites will not be played.
38
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
Show friendly HTTP error messages
 A user friendly error message without details will be shown in the event of a problem with HTTP
communication.
 A detailed error message which may make troubleshooting easier will be shown in the event of a
problem with HTTP communication.
•
Automatically activate newly installed add-ons
 Newly installed add-ons will be activated automatically.
 A user prompt asking whether the add-on is to be activated will appear the first time the browser
starts following installation.
6.10. Windows Media Player
Menu path: Setup > Sessions > Windows Media Player
Under Windows Media Player, you will find parameters for controlling the Windows Media Player
(Version 12).
Help for using the current Media Player is available from Microsoft:
http://windows.microsoft.com/en-us/windows/music-photos-video-help
(http://windows.microsoft.com/de-de/windows/music-photos-video-help).
6.11. VoIP Client
Menu path: Setup > Sessions > VoIP Client
In the VoIP Client section, you can configure the client for IP telephony. IGEL Universal Desktop provides
the VoIP client Ekiga (http://ekiga.org (http://ekiga.org/ - http://ekiga.org/)). The client allows the use of
SIP and H.323. In addition to local contacts, LDAP address books can be used too.
You will find a detailed description of the configuration options in the original documentation for the
Ekiga client at http://wiki.ekiga.org/index.php/Manual (http://wiki.ekiga.org/index.php/Manual).
39
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
7.
Accessories
Menu path: Setup > Accessories
Information on other accessories provided by the IGEL Universal Desktop can be found here.
7.1. Setup Session
Menu path: Setup > Accessories > Setup Session
If a password was set up for the administrator, the IGEL setup can only be opened with administrator
rights, i.e. after entering the password (see Password (Seite 48)). However, individual areas of the setup can
be enabled for the user, e.g. to allow them to change the system language or configure a left-handed
mouse.
1. Under Security > Password, enable the password for the administrator and the setup user.
2. Under Accessories > Setup Session > Page Permissions, enable those areas to which the user is to have
access.
-
A check in the checkbox indicates that the node is visible in the setup.
A green symbol (open lock) indicates that the user is able to edit the parameters on this setup page.
Figure 6: Restricted access to the setup
If you enable a setup page on the lower levels, the node points required for access will
automatically be marked as visible (but blocked for editing purposes).
40
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
7.2. Sound Mixer
Menu path: Setup > Accessories > Sound Mixer
Here, you can set the system volume or mute the sound.
•
Use IGEL Setup for configuring system audio settings:
 Use IGEL Setup
 Do not use IGEL Setup
•
Mute sound:
 Mute
 Do not mute
•
•
Master volume: Adjust the master volume by moving the volume control or entering a number
between 0 and 100.
Enable display port audio device:
 Switch on
 Do not switch on
7.3. Windows Services
Menüpfad: Setup > Zubehör > Windows Services
Here, you can launch or disable the following Windows services.:
•
•
•
•
•
•
•
.NET runtime optimization
Discovery of UPnP devices
Remote desktop support
IEEE 802.1X authentication for wired Ethernet interfaces
SCCM
BITS
UNIX print
Services for USB redirection:
•
•
•
•
•
USB for remote desktop
Leostream Connect USB redirection
vWorkspace USB redirection
Redhat Spicew USB redirection
VMware Horizon Client USB redirection
41
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
8.
User interface
Menu path: Setup > User Interface
8.1. Screen
Menu path: Setup > User Interface > Display
Here, you can configure the settings for the screens used.
•
Use IGEL Setup for configuring display settings
 The display settings are configured using this setup page.
 The display settings are not configured via the IGEL setup. The deactivation will be effective after a
reboot.
•
•
•
•
•
Number of screens: Number of screens used
Arranges a number of screens in a single row.
Arranges a number of screens in two rows.
Rotates the selected screen anti-clockwise.
Rotates the selected screen clockwise.
•
•
or Selected screen: Selects the screen whose settings are to be changed.
Screen resolution: Specifies the resolution for the selected screen. From Version 3.12.100, the setting is
configured via a slider. If the slider is at the far left, the screen resolution will be detected
automatically.
In order for automatic detection to work, the monitor must supply the correct data.
For details of the maximum resolutions supported by
for the relevant device.
IGEL models, please see the data sheet
For the rotation (pivot), at least 128 MB as video memory must be configured in the thin client's
BIOS.
Advanced
Refresh rate: Specifies the refresh rate for the selected screen.
42
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
8.1.1.
Options
Menu path: Setup > User Interface > Display > Options
Here, you can set the color depth of the screen and the screen saver.
•
Color Depth
Possible values:
-
•
True Color: Up to 16.8 million colors are displayed.
65535 Colors: Up to 65535 colors are displayed.
Use blanking screensaver
You can also set up a screen saver in the Energy options (Seite 62).
 If no user interaction takes place within the period defined under Inactivity timeout for the
blanking of screensaver, the screen saver will start.
 The screen saver will never be started.
•
On resume, password protect
 The user must enter their password in order to end the screen saver and gain access to the screen,
keyboard and mouse again.
 Access to the screen, keyboard and mouse is possible without entering a password.
•
Inactivity timeout for the screen saver: If no user interaction takes place within the number of minutes
specified here, the screen saver will start.
Possible values: 1 to 300
8.2. Language
Menu path: Setup > User Interface > Language
Select the setup language and the keyboard layout, and configure your local settings (format for time,
numbers etc.).
For UD W7 systems, language packages are available as partial updates on the http://myigel.biz
(http://myigel.biz - http://myigel.biz) website. These allow you to change the system language too.
Installing language packages for UD-W7 can take up to 45 mins! Do not cancel the procedure
prematurely as this could result in system inconsistencies!
43
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
8.3. Input
Menu path: Setup > User Interface > Input
In the Input area, you can define the keyboard and mouse specifications such as keyboard layout, left-hand
mode for the mouse or double-click settings. These settings override the Windows system settings.
8.4. Desktop and Start Menu
Menu path: Setup > User Interface > Desktop / Setup > User Interface > Start Menu
Selected options:
•
•
•
•
•
Show recycle bin on the desktop: The recycle bin is hidden as standard.
Set Taskbar Changeable: The taskbar can be changed.
Disable Lock workstation: Disables the option for locking the desktop via Win + L or Ctrl + Alt + Del .
Enable Aero Glass: Enables Aero Glass effects (transparent windows, thumbnails)
Sort Start Menu Item Alphabetically: This allows you to arrange all entries in the start menu in
alphabetical order.
8.5. Shell
Menu path: Setup > User Interface > Shell
In this area, you can specify which configuration dialogs are to be available for users and/or administrators
via the Control Panel.
44
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
9.
Network
Menu path: Setup > Network
Configure the network parameters for each available interface (LAN / WLAN) and connect network drives.
9.1. LAN and Wireless
Menu path: Setup > Network > LAN Interface
Here you will find the configuration parameters for the available LAN and WLAN interfaces.
The internal LAN interface is pre-configured for DHCP as standard.
In the WLAN area, you will find all parameters for the wireless network including the options for encrypting
the connection. Configure hidden networks by entering the WLAN name (SSID).
Please note that the settings for the Windows system are initially active when configuring the
wireless connection. Enable the use of the IGEL setup for WLAN in the setup.
9.2. VPN Connection
Menu path: Setup > Network > VPN
Create a session for using the NCP Secure Enterprise Client. The VPN connection is configured exclusively
via the GUI of the VPN client. NCP provides its own management software for remote administration of the
clients.
Further information regarding configuration and use is available from NCP:
https://www.ncp-e.com/en/resources/library/manuals.html
(http://www.ncp-e.com/de/support/produktunterlagen/handbuecher.html https://www.ncp-e.com/en/resources/library/manuals.html)
Please note that the NCP Secure Enterprise Client must be licensed separately with NCP in order to
be able to use it on a permanent basis.
9.3. Routing
Menu path: Setup > Network > Routing
In order to use a specific network route, define the Gateway for forwarding on this page. Specifying the
network interface is optional. The route affects all network devices used.
45
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
9.4. Network Drives
Menu path: Setup > Network > Network Drives
Under Network Drives, you determine both the drives that are to be connected during booting and the
associated logon data.
You can allocate a drive letter for each drive.
•
•
•
If no letter is entered, the drive will need to be connected manually later on.
If the logon data for the relevant server were saved in the IGEL setup, no further logon data will be
requested.
If the letter allocated is already reserved, only the drive connected first will be shown. An error entry
for the second will appear in the event log.
Figure 7: Add network drives
46
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
10. Devices
Menu path: Setup > Devices
Configure printer or other connected devices.
10.1. Thin Print
Menu path: Setup > Devices > Printer
In this area, you can set up your local printers. Decide whether you would like to configure a printer in the
IGEL Setup or via the configuration file.
Please note our FAQs regarding Thin Print http://edocs.igel.com/index.htm#10203398.htm.
10.2. USB Devices
Menu path: Setup > Devices > Connected Devices > USB Storage Device Hotplug
On this setup page, you can enable or disable the use of various USB device types. A distinction is made
between three types:
•
•
•
USB storage devices
WLAN devices
Bluetooth devices
Write protection can also be enabled for USB devices.
47
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
11. Security
Menu path: Setup > Security
After the initial configuration define an administrator password to avoid unauthorized access to the thin
client setup.
11.1. Password
Menu path: Setup > Security > Password
Here, you can restrict access to various areas of the thin client with a password.
It is strongly recommended that you change the administrator password after starting the thin
client for the first time. Only the administrator can change passwords.
Changes to passwords are only saved if you click on the OK or Apply button.
•
Use IGEL Setup for auto-logon settings:
 The settings for automatic logon are specified in the setup (default).
•
Administrator: Use password:
 Logging on as an administrator is only possible with a password.
To set or change a password, click on Change password and enter the desired password twice.
•
Setup user: Enable user access:
 With this password, the user is given access to selected areas of the setup.
Under Accessories > Setup Session > Page Authorizations (Seite 40), enable those areas to which the
user is to have access.
•
User name: Use password
 You specify a password for the user.
•
Rescue shell user: Use password
 You specify a password for the rescue shell.
 The rescue shell can be launched with the administrator password.
•
Auto Logon: Specify a user who is automatically logged on when the system starts. Auto Logon of the
user user is preset by default.
-
Username: Name of the user
Password: Password of the user
Domain: Only needed for an Active Directory user
48
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
-
Enable auto logon:
 When the system boots (and the Shift key is not pressed), the user will automatically be logged
on.
-
Forces auto logon:
 When the user logs off (and the Shift key is not pressed), they will automatically be logged on
again.
11.2. Active Directory
Menu path: Setup > Security > Active Directory
On this page, you can configure access to your Active Directory domain. Add the necessary domain and the
user information for access to the Active Directory domain.
When taking a snapshot of the system, it often makes sense to leave the domain beforehand. A
corresponding option can be set in the Snapshot menu.
11.3. Network
Menu path: Setup > Security > Network
Deactivate administrative shares here or hide the device by activating Do not show Thin Client in network.
11.4. Windows Firewall
Menu path: Setup > Security > Windows Firewall
Here, you can manage the rules for the Windows Firewall. This local firewall is enabled by default and has
preconfigured rules which allow the use of remote desktop clients and the management of the thin client
via the UMS.
Do not remove any of the preconfigured rules! Otherwise, certain network services such as
logging on to Active Directory, VNC and management of the thin client via UMS will not work.
•
Use IGEL setup for configuring the Windows Firewall:
 The setup manages the firewall settings (default).
•
Disable Windows Firewall:
 The firewall is switched off.
It is recommended that you leave the firewall switched on at all times!
49
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
Allow ICMP ping requests:
 Allow ping requests to be sent to the thin client.
•
Do not allow firewall exceptions:
 No exceptions for blocked programs can be added.
List of program rules:
These rules allow local programs to establish network connections.
To edit the list of rules, proceed as follows:
-
Click
-
Click
to remove the rule.
-
Click
to edit the rule.
-
Click
to copy the rule.
to create a new rule.
In the editing window for a program rule:
-
Enable firewall rule:
 The rule will be used.
-
-
Rule name: A descriptive, recognizable name
Path to the program: The complete path to the executable file beginning with the drive letter and
including the file name and extension. %windir% can be used as a placeholder for the Windows
directory.
Area of validity:
- Any: The rule applies to any connections.
- Local: The rule applies to connections within the local subnet.
- User-defined. Define the area in Defined area of validity.
-
Defined area of validity: Enter IP addresses or subnets, e.g.:
192.168.0.12
192.168.1.0/24
2002:9d3b:1a31:4:208:74ff.fe39:6c43
2002:9d3b:1a31:4:208:74ff.fe39:0/112
50
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
List of port rules:
These rules allow network communication via the ports entered.
In the editing window for a port rule:
-
Enable firewall rule:
 The rule will be used.
-
Rule name: A descriptive, recognizable name
Port: The number of the local network port used
Protocol: TCP or UDP
Area of validity:
- Any: The rule applies to any connections.
- Local: The rule applies to connections within the local subnet.
- User-defined. Define the area in Defined area of validity.
-
Defined area of validity: Enter IP addresses or subnets, e.g.:
192.168.0.12
192.168.1.0/24
2002:9d3b:1a31:4:208:74ff.fe39:6c43
2002:9d3b:1a31:4:208:74ff.fe39:0/112
51
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
12. System
Menu path: Setup > System
In the sub-structure, you can configure a number of basic system settings:
12.1. Date and Time
Menu path: Setup > System > Date and Time
Set the correct time zone for the location of your device. If necessary, enable time synchronization and
select the time server and the update interval.
12.2. Update
Menu path: Setup > System > Update
Two procedures for updating the system are available:
•
•
Snapshots for updating the Windows Embedded System, including the IGEL firmware functions.
Partial updates for adding new functions or language packages.
12.2.1. Snapshots
Menu path: Setup > System > Update > Snapshots
A snapshot is an image of the first partition (drive C:) which contains the Windows Embedded Standard
operating system. You can use this image either for system restoration or for distribution to other IGEL
Windows Embedded devices which are equipped with the same hardware. Firmware updates from IGEL
too are made available as a snapshot file (.snp).
The web server of the IGEL Universal Management Suite can be used to create and install snapshots.
Further information can be found in the IGEL UMS manual.
Upload
Menu path: Setup > System > Update > Snapshots > Upload
Here, you can create a snapshot of the current system.
•
Leave domain before snapshot: Enable this option if the snapshot file is to be ported to another thin
client.
 The thin client will be taken from the domain before the snapshot is created.
52
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
Protocol: Protocol with which the snapshot file is uploaded to a server or saved in a local directory.
Possible values:
-
ftp
http
https
file: The snapshot file will be saved locally, e.g. on a USB storage device.
The storage device must be formatted with the FAT 32 file system;, from IGEL Windows
Embedded Standard 7 Version 3.12.100, NTFS too is supported. At least 4 GB of free space must be
available on the storage device.
Before uploading, create the path \igel\snapshots. To do this, you can use the Prepare
USB Device button. To create the snapshot, specify the file name only.
•
•
•
•
•
•
•
•
•
•
•
Server: Host name or IP address of the server to which the snapshot file will be uploaded
Port: Port of the server to which the snapshot file will be uploaded
Path: Directory path on the server under which the snapshot file is saved
File name: File name for the snapshot file
Name of Firmware for new Snapshot: This name appears in its own field in the IGEL UMS; this is
supported from UMS Version 5.02.100.
Username: User name for the server to which the snapshot file will be uploaded
Password: Password for the server to which the snapshot file will be uploaded
Proxy: Host name or IP address of the proxy
Port: Port of the proxy
Prepare USB device: Deletes all data on the USB device and creates the directory
\igel\snapshots.
New Snapshot: Creates the snapshot file and saves it under the specified path.
Download
Menu path: Setup > System > Update > Snapshots > Download
Here, you can download and install a snapshot.
•
Reset Terminal Settings
 After the reboot, the following data are reset or deleted:
- The configuration parameters are reset to their defaults.
- The UMS registration and the associated client-side certificate are deleted.
- The user's data on drive F are deleted.
The firmware licenses are retained.
 All data are retained.
•
Protocol: Protocol with which the snapshot file is downloaded from a server or obtained from a local
directory.
Possible values:
53
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
-
ftp
http
https
file: The snapshot file will be obtained from a local storage device, e.g. from a USB storage device.
The snapshot file must be in the directory \igel\snapshots.
From Version 3.12.100, snapshot files can be loaded onto the thin client from any directories. To
do this, you will need to launch IGEL WinLinux during the boot procedure and select
Download firmware or Rescue shell.
Further information can be found in the FAQs Updating the firmware using a USB storage
device http://edocs.igel.com/index.htm#10201423.htm and Updating the firmware without
using IGEL Setup or UMS (http://edocs.igel.com/index.htm#10201425.htm).
•
•
•
•
•
•
•
•
•
Server: Host name or IP address of the server from which the snapshot file will be downloaded
Port: Port of the server from which the snapshot file will be downloaded
Path: Directory path on the server from which the snapshot file will be downloaded
File name: File name for the snapshot file
Username: User name for the server from which the snapshot file will be downloaded
Password: Password for the server from which the snapshot file will be downloaded
Proxy: Host name or IP address of the proxy
Port: Port of the proxy
Download Snapshot: Loads the snapshot onto the thin client and begins a reboot.
Warning: Do not interrupt the download or the use of the snapshot. This could result in system
inconsistencies.
To carry out a firmware update with a snapshot file from the IGEL download server, proceed as follows:
1. Download the zipped snapshot file (.snp) from the IGEL download server http://myigel.biz
(http://myigel.biz - http://myigel.biz).
2. Make it available to the thin clients either on your own FTP or HTTP server or locally on a USB storage
device.
3. Execute the function Download Snapshot on each of the thin clients.
Alternatively, you can use the Universal Firmware Update of the UMS.
54
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
12.2.2. Partial Update
Menu path: Setup > System > Update > Partial Update
The IGEL mechanism for partial updates allows you to make changes to IGEL thin clients with Windows
Embedded Standard without transferring the complete system via snapshot. The changes are made with
the help of scripts which are downloaded to the clients and the executed through a scripting engine on the
basis of the script language Lua.
•
Enable partial update
 The service upd-service is launched. Partial updates can be carried out.
 The service upd-service is stopped. Partial updates cannot be carried out.
•
Enable auto-update on boot
 The partial update will be installed automatically the next time that the thin client reboots.
The automatic update when booting function should only be enabled if it is needed.
•
Protocol: Protocol with which the partial update is downloaded from a server or obtained from a local
directory
Possible values:
-
HTTP
In order to provide the partial update, the server must be configured so that it accepts requests
regardless of the MIME type.
-
HTTPS
In order to provide the partial update, the server must be configured so that it accepts requests
regardless of the MIME type.
•
•
•
•
•
•
•
FTP
FILE: The partial update will be obtained from a local storage device, e.g. from a USB storage
device.
Host: Host name or IP address of the server from which the partial update will be downloaded
Port: Port of the server from which the partial update will be downloaded
Path: Directory path on the server from which the partial update will be downloaded
Username: User name for the server from which the partial update will be downloaded
Password: Password for the server from which the partial update will be downloaded
Check for updates: The thin client searches in the selected source for available updates.
Show installed packages: The partial updates already installed are shown.
To install a partial update, proceed as follows:
1. Enable the option Enable partial update.
2. Select the protocol.
3. Under Host and Path, specify the source for the partial update.
4. Click on Apply to save the settings.
5. Click on Check for updates to search the source for updates.
55
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
When the download is complete, the system will reboot. The partial update will be available after the
reboot.
From Version 3.12.100, the thin client notifies the UMS about installed partial updates; this
information is supported from UMS Version 5.3.100.
12.3. Remote Management
Menu path: Setup > System > Remote Management
Here, you can configure settings relating to the remote administration of the client using the Universal
Management Suite (UMS).
•
•
Emable Remote Management: If this option is enabled, you can administer the client using the UMS.
Universal Management Suite Server: If the client is already registered on a UMS, the UMS will be in
this list. Otherwise, enter the host name or IP address and the port number of the UMS on which the
client is to register.
The list can contain more than one UMS instance. If the client cannot contact a UMS under the
host name igelrmserver, and the DHCP option 244 is not set, the client will go through the
entries in the list until it can contact a UMS successfully.
•
•
•
Enable User information: If this option is enabled, a message window will inform the user that the
client is receiving new settings from the UMS or is being shut down.
User Information Message Timeout: Number of seconds for which the message window is shown.
Universal Management Suite Structure Tag: Give a Structure Tag indicating into which directory the
client is automatically sorted in the UMS.
Further information regarding the use of Structure Tags can be found in the "Using Structure Tags" Best
Practice (http://edocs.igel.com/index.htm#10202089.htm)
12.4. Shadowing
Menu path: Setup > System > Shadowing
For helpdesk purposes, you can observe the client through shadowing. This is possible via the IGEL UMS or
another VNC client (e.g. TightVNC).
The user can terminate the VNC connection at any time by clicking on the End shadowing
button.
•
Allow Remote Shadowing:
 Makes desktop contents viewable from remote computers via VNC
You can change the following settings:
•
Enable IGEL secure VNC mode:
 Communication will be secured via SSL/TLS and shadowing will only be possible for UMS
administrators.
56
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Further information regarding secure shadowing can be found in the "Secure Shadowing" best practice
(http://edocs.igel.com/4817_2.htm)
•
Use password:
 The remote user must enter a password before they can begin shadowing.
•
Prompt user to allow remote session:
 The user is asked for permission before shadowing.
In a number of countries, unannounced shadowing is prohibited by law. Do not disable this
option if you are in one of these countries!
•
Allow input from remote:
 The remote user may make keyboard and mouse entries as if they were the local user.
•
Maintenance screen: Show Image to hide Desktop (Windows):
 An image hides what is happening on the desktop during the VNC session
-
Path to image file: Local file path, for example F:\verzeichnis\bild.png
You can transfer the required image file to the thin client using the UMS.
(http://edocs.igel.com/manuals/de/de_ums5/index.htm#2274.htm)
-
Drawing mode for the overlay image: Determines how the image is adapted to the screen size:
- original
- ignore aspect ratio
- keep aspect ratio
- keep aspect ratio by expanding
•
Scale image window (Linux):
 The screen content of the shadowed client is reduced or enlarged by a factor before being
transferred.
Further parameters for the VNC server on the client are accessible in the IGEL registry (Setup >
System > Registry > network.vncserver).
Basic principles and requirements
The Secure Shadowing option can be enabled subject to the following requirements being met:
•
•
•
•
IGEL Universal Desktop Linux or IGEL Universal Desktop OS 2, each from Version 5.03.190 or IGEL
Universal Desktop Windows Embedded Standard 7 from Version 3.09.100
IGEL Universal Management Suite from Version 4.07.100 onwards
The client is registered on the UMS server
The client can communicate with UMS console and UMS server (see below)
57
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Basic technical principles:
Unlike with "normal" shadowing, the connection between the VNC viewer and the VNC server (on the
client) is not established directly during secure shadowing. Instead, it runs via two proxies – one for the
UMS console and one for the VNC server on the client. These proxies communicate via a TLS/SSL-encrypted
channel, while the local communication, e.g. between the VNC viewer application and the UMS proxy,
takes place in the conventional unencrypted manner. As a result, a secure connection can also be
established with external VNC programs that do not support TLS/SSL connections.
The two proxies (UMS console and client) communicate with TLS/SSL encryption via the same port as the
"normal" VNC connection: 5900. As a result, no special rules for firewalls need to be configured in order to
perform secure shadowing.
If secure shadowing is active for a client under Setup > System > Shadowing > Secure Shadowing), the cliet
generates a certificate in accordance with the X.509 standard and transfers it to the UMS Server when the
system is next started. The UMS server checks subsequent requests for a secure VNC connection using the
certificate. The certificate in PEM format can be found in the /wfs/ca-certs/tc_ca.crt directory
on the client. The validity of the certificate can be checked on the (Linux) client using the command:
x11vnc -sslCertInfo /wfs/ca-certs/tc_ca.crt
Figure 8: Thin client certificate for secure shadowing
If a UMS administrator calls up the Shadowing function in the UMS Console for the client, the console
receives a signed request from the UMS Server which is then passed on to the client to be shadowed. This
in turn passes on the request to the UMS server which checks the validity of the request using the original
certificate. If this check is successful, the console reports that the channel for the connection between the
proxies can be established. The UMS proxy on the console connects to the server proxy on the client, and
the server proxy in turn establishes on the client the connection to its VNC server.
Only when these connections have been established does the console call up the VNC viewer which then
connects to the console proxy. The VNC client and VNC server are now connected via the two proxies which
transfer data with TLS/SSL encryption.
58
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Secure shadowing can be enforced independently of the client configuration for all clients that support this
function: UMS Administration > Misc Settings > Activate Global Secure VNC.
Shadow clients securely
In order to shadow a client securely (with encryption), the administrator must log on to the server via the
UMS console. When doing so, it is irrelevant whether a purely local UMS administrator account is used or
the user was adopted via an Active Directory for example. As always, however, the UMS administrator
must have the permission to shadow the object, see Object-related access rights.
The client to be shadowed is called up in the navigation tree and, as usual, can be executed via Shadow in
the context menu. The connection window however differs from the dialog for normal VNC shadowing. The
IP and port of the client to be shadowed cannot be changed, and a password for the connection is not
requested – this is superfluous after logging on to the console beforehand.
Figure 9: Secure shadowing connection dialog
When a VNC connection has been established, the symbol in the connection tab indicates secure
shadowing:
59
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Figure 10: Secure VNC connection
VNC logging
Connections via secure shadowing are always logged in the UMS. Via UMS Administration > Misc Settings >
Secure VNC, you can configure whether the user name of the person shadowing is to be recorded in the log
(the default is inactive).
Figure 11: Options for VNC logging
The VNC log can be called up via the context menu of a client or folder (for several clients, Logging > Secure
VNC Logs). The name, MAC address and IP address of the shadowed client, the time and duration of the
procedure and, if configured accordingly, the user name of the shadowing UMS administrator are logged.
60
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Figure 12: Log entries for secure VNC connections
 To sort the list (e.g. according to user names), click on the relevant column header or filter the content
shown by making entries in the Filter field.
12.5. File Based Write Filter (Windows Embedded
Standard 7)
Menu path: Setup > System > File Based Write Filter
The File Based Write Filter (FBWF) is the system's own write filter for Windows Embedded Standard.
A detailed description of the FBWF function can be found at
http://msdn.microsoft.com/en-us/library/aa940926.aspx
(http://msdn.microsoft.com/en-us/library/aa940926.aspx http://msdn.microsoft.com/en-us/library/aa940926.aspx).
The write filter protects the system against accidental changes or deletions and harmful software. You
should (re)activate the filter after setting up the system, for example after installing your own applications
or making changes to the Windows system outside the IGEL Setup. Changes in the IGEL Setup or via the
IGEL UMS management are not blocked by the write filter.
FBWF status display in the taskbar
•
Red symbol: FBWF disabled
•
Green symbol: FBWF enabled (default setting)
Settings in the
•
IGEL setup
Toggle FBWF
 The write filter is enabled and protects the system against changes.
 The write filter is disabled.
61
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
•
Enable the compression of the overlay
 The write filter's cache will be compressed in order to save storage space.
 The write filter's cache will not be compressed.
•
•
Threshold for FBWF: Figure in MB, max. 1024 MB, the default setting is 64 MB
Excluded directory: The directories in this list are writable, even if the write filter is enabled. This is
suitable for configuration files or the signatures of a virus scanner for example.
Do not change or delete the entries initially present in the list. Otherwise, the system will no
longer run in a stable manner.
If no more FBWF storage space is available, the error message There is not enough disk
space on the disk will be displayed. After this error message, the system may no longer
run in a stable manner and data may be lost.
 Restart the system in order to restore the device.
The FBWF must be enabled during regular system operation! Disable the write filter only
temporarily, for example for administrative duties. IGEL does not support permanent operation
with the write filter disabled. Directory exceptions must be defined as specifically as possible in
order to ensure the greatest possible protection for the system in spite of the exceptions.
12.6. Energy Options
Menu path: Setup > System > Power Management
The usual energy saving options found in Windows have been carried over to the IGEL setup too.
You can set the following parameters on the IGEL thin client:
•
•
•
•
Turn off monitor
System Standby
Prompt for password when compter resumes from standby
Power Button Action
You can configure the system behavior here in order to enable the standby mode for example.
62
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
12.7. Firmware configuration
Menu path: Setup > System > Firmware Configuration
With the help of the list of available features, you can easily enable or disable firmware functions (e.g.
session types).
If a function was disabled, the associated session type will no longer be available when the
system is restarted. Existing sessions of this type will no longer be shown but will not be deleted
either.
List of available features:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Citrix ICA Client
Citrix Online Plugin
Ericom PowerTerm WebConnect Client (VDI, TS, Legacy)
Fabulatech USB Redirection
Leostream Connect
Microsoft Internet Explorer
Microsoft Media Player
Microsoft RDP
NCP Enterprise VPN Client
NoMachine NX Client
Recognizes a WES7 OS
Recognizes a WES7 OS with FBWF
Rotation support
SPICE client
SumatraPDF Reader
ThinPrint
VMware Horizon Client
Voice over IP (Ekiga)
vWorkspace AppPortal
vWorkspace Client
vWorkspace Multimedia Redirection
Disable the ThinPrint function in this list if you want to use ThinPrint within a VMware Horizon
session. The VMware Horizon client features its own ThinPrint component which may be
disturbed by the ThinPrint service running in parallel.
You can also create and configure your own applications. Give details of the start options for an own
application as well as the application to be launched and, where applicable, the parameters to be
transferred.
63
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
12.8. Registry
Menu path: Setup > System > Registry
The IGEL Registry is a structured collection of all configurable parameters, a number of which cannot be
found on setup pages. You can change many firmware parameters in the Registry. You will find information
on the individual items in the tool tips.
However, changes to the thin client configuration via the Registry should only be made by
experienced administrators. Incorrect parameter settings can easily destroy the configuration
and cause the system to crash. In cases like these, the only way to restore the thin client is to
reset it to the original factory defaults via a snapshot.
1. Click on Parameter Search... in order to search for specific parameters in the IGEL Registry.
2. Search for the parameter name wpa if you require WPA encryption settings for securing your WLAN.
The parameter found in the structure is highlighted:
Figure 13: Search Parameter
64
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
12.9. System Restoration
If the system no longer functions correctly, you can simply restore it via the hidden boot menu.
To access the boot menu, proceed as follows:
 Press the ESC key briefly after switching on the device.
 Download a previously created firmware snapshot and set the parameter Reset Terminal Settings to
true in order to reset all system configuration parameters.
The download settings correspond to the above described procedure for the system update (snapshot
mechanism).
If you have set a password to protect the local IGEL setup application, this will affect the boot menu.
Without the setup password, you will not be able to access this restoration tool. System restoration will
then only be possible with the IGEL Universal Management Suite!
Alternative:
 Press the ESC key briefly after switching on the device.
 Select the Rescue Shell.
 Delete the local settings using the command reset_wes.
Important: Data in the User partition (F:) will be retained both when resetting the local settings
and when installing a snapshot. You should therefore delete them separately!
65
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
13. Index
ICA Sessions ....................................................... 17
IGEL device information .......................................9
A
About this document ............................................ 5
Accessories .........................................................39
Active Directory ..................................................48
Advanced ............................................................37
Appearance.........................................................21
B
Basic principles and requirements .....................56
IGEL setup .......................................................... 11
IGEL Universal Desktop Firmware ........................7
Input................................................................... 42
K
Keyboard.......................................................14, 23
L
LAN and Wireless ............................................... 44
Language ............................................................ 42
Boot options ......................................................... 9
Leostream .......................................................... 34
Browser Sessions ................................................36
Logon ................................................ 18, 21, 23, 27
C
Citrix....................................................................13
M
Mapping ..................................................24, 28, 33
D
Date and Time ....................................................51
N
Network ........................................................44, 48
Desktop and Start Menu ....................................42
Network Drives .................................................. 45
Desktop Integration .......................... 20, 22, 30, 33
NX Client ............................................................ 35
Devices................................................................46
Download ...........................................................52
O
Options ....................................... 15, 19, 26, 29, 41
E
Energy Options ...................................................60
P
Partial Update .................................................... 53
F
File Based Write Filter (Windows Embedded
Standard 7) .........................................................59
Password............................................................ 47
Performance .................................................25, 28
PowerTerm Terminal Emulation........................ 35
Firewall ......................................................... 15, 18
PowerTerm WebConnect .................................. 35
Firmware configuration ......................................61
Formatting and Meanings .................................... 5
Q
Quick installation ..................................................8
G
Global..................................................................37
R
RDP (Global Settings) ......................................... 22
H
HDX .....................................................................16
RDP Sessions ...................................................... 26
Horizon Client Global ..........................................31
Remote Desktop Protocol - RDP ........................ 22
Horizon Client Sessions.......................................31
Remote Management ........................................ 54
I
ICA Global ...........................................................13
Routing............................................................... 44
Registry .............................................................. 62
66
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
S
Screen .................................................................41
Window....................................... 14, 18, 23, 27, 33
Searching setup pages ........................................12
Windows Media Player ...................................... 37
Security ...............................................................47
Windows Services .............................................. 40
Windows Firewall .............................................. 48
Self-Service Plugin ..............................................20
Server...................................................... 17, 21, 27
Server Location ...................................................14
Sessions ..............................................................13
Setup Areas.........................................................11
Setup Session ......................................................39
Shadow clients securely .....................................57
Shadowing ..........................................................55
Shell ....................................................................43
Snapshots ...........................................................51
Sound Mixer .......................................................39
System ................................................................51
System Restoration.............................................64
T
Thin Print ............................................................46
U
Update ................................................................51
Upload ................................................................51
USB Devices ........................................................46
USB Redirection ............................................ 16, 26
User interface .....................................................41
V
Verbindungseinstellungen ..................................32
VMware Horizon Client ......................................30
VNC logging ........................................................58
VoIP Client ..........................................................38
VPN Connection ..................................................44
vWorkspace Client / vWorkspace Client AppPortal
............................................................................33
W
What is new in 3.12.100? ..................................... 5
Wichtige Informationen ....................................... 2
Wiederverbindung ..............................................19
67
IGEL Technology GmbH
Windows Embedded Standard 7
3.12.100
Download PDF

advertising