Home » HP Manuals » Desktops » HP ProLiant xw2x220c » Manual Viewer

HP ProLiant xw2x220c Remote Graphics Software 5.3.0 User Guide - Page 46

RGS security features, authentication uses the Pluggable Authentication Module PAM.

View all HP ProLiant xw2x220c manuals

Add to My Manuals
Save this manual to your list of manuals

Page 46 highlights

2-23 RGS security features Because of the distributed nature of an RGS connection, providing connection security is critically important. RGS implements many features to provide connection security, including: • Authentication: When a local user attempts to connect to a Remote Computer, the user credentials are validated using the native authentication method on the Remote Computer. If the credentials are not authenticated, the connection is closed. On Windows, authentication uses NTLM or Kerberos. On Linux, authentication uses the Pluggable Authentication Module (PAM). • Authorization: Multiple connections to the same Remote Computer are only allowed if the user logged into the desktop of the Remote Computer (primary user) allows the connection. When another user attempts to connect to the Remote Computer, an authorization dialog is displayed on the desktop of the Remote Computer that asks whether the new user should be allowed to connect. • Automatic desktop locking: The desktop of the Sender system locks when the primary user disconnects. This prevents non-primary users from being able to interact with a remote session after the primary user has disconnected. This feature is supported on Windows. On Linux, this feature is supported on the Gnome, KDE, and CDE desktop environments. • Automatic disconnect: On Linux, all Receivers will disconnect when the primary user disconnects. This prevents non-primary users from interaction with a remote session after the primary user disconnects. • Automatic disconnect of non-primary users on Login: All non-primary users are disconnected when a login event occurs. Only the primary user remains connected when the desktop of the remote computer is logged in. • Automatic disconnect on log off: All Receivers are disconnected when the primary user logs off of the remote desktop. This can be disabled by setting the Rgsender.IsDisconnectOnLogoutEnabled Sender property to "0". See the Sender properties for more information. • Connection status: On Windows, a desktop icon in the application tray animates when other users are connected. Likewise, on Linux, the Sender GUI animates. • Collaboration notification: See Section 5-5-2, "Collaboration notification." • Connections are not allowed when an iLO remote console is enabled: If the iLO remote console is enabled on a HP Blade Workstation, connections to the blade using RGS are denied. • Disconnect all: All Receivers can be easily disconnected using the Sender GUI. This is useful when hosting a collaboration session, such as in a classroom environment, and the session ends. On Windows, the Sender GUI is an icon in the system tray. On Linux systems, the GUI is an application on the desktop. Simply rightclick on the GUI and select "Disconnect All Receivers". • Remote Keyboard/Mouse: The Sender GUI can enable or disable mouse and keyboard input for all nonprimary users. • Single user connection: A user, identified by a username, is only allowed one connection to a RGS Sender. If the same username connects more than once to a Sender, the previous connection drops and the new connection continues on. If several users attempt to share a username, only one connection is active at a time. • SSL encryption: SSL securely encrypts all data transmitted between a Receiver and Sender pair. RGS overview 46

Section	Page
1 Introduction to HP Remote Graphics Software	11
1-1 Typical RGS configuration	12
1-2 RGS Sender and Receiver	13
1-3 RGS features	14
1-4 Additional RGS features	14
1-5 Tabloid-size page	15
1-6 Obtaining HP technical support	15
1-6-1 Software Service Strategy for Non-HP Hardware	15
1-6-2 Other RGS Documents	16
2 RGS overview	17
2-1 Supported computers and operating systems	18
2-2 RGS version numbering	19
2-3 RGS licensing	19
2-4 RGS products	20
2-5 Sender and Receiver interoperability	21
2-6 Application support	21
2-7 Networking support	21
2-8 Connection topologies	21
2-8-1 The Remote Computer frame buffer	21
2-8-2 One-to-one connection	22
2-8-3 Many-to-one connection	24
2-8-4 One-to-many connection	24
2-9 Establishing an RGS connection using Standard Login	25
2-10 Single Sign-on and Easy Login	26
2-11 RGS operating modes	27
2-12 Multi-monitor configurations	28
2-13 Remote Computer monitor blanking overview	29
2-14 Video overlay surfaces	29
2-15 Image quality	30
2-16 Remote USB overview	31
2-16-1 USB session switching	31
2-16-2 Isochronous USB support	31
2-16-4 Unique smartcard handling	33
2-16-5 Computers supporting remote USB	35
2-16-6 Supported USB devices	35
2-17 Remote audio overview	35
2-17-1 Remote audio on Windows	36
2-17-2 Remote audio on Linux	38
2-17-3 Support of sound recording devices on Microsoft Windows XP Professional	40
2-17-4 Computers and operating systems which support RGS audio	41
2-18 Remote Clipboard overview	42
2-19 Interoperability of RGS and Microsoft Remote Desktop Connection	44
2-20 Using RGS with desktop virtualization	44
2-21 Remote Computer power saving states	45
2-22 Supported keyboard locales	45
2-23 RGS security features	46
3 Installing RGS	47
3-1 Installing RGS on Windows	47
3-1-1 Installing the Receiver on Windows	47
Manual installation of the Receiver on Windows	47
Automatic installation of the RGS Receiver on Windows	49
Receiver installation log file	51
Uninstalling the RGS Receiver on Windows	51
3-1-2 Installing the Sender on Windows	52
Manual installation of the Sender on Windows	52
Using the RGS Diagnostics Tool on Windows	54
Starting the Sender on Windows	55
The Sender GUI on Windows	56
Manually starting and stopping the Sender on Windows	56
Setting the Windows Sender process priority	57
Setting the Sender process priority using PTF	57
Using the rgadmin tool	58
Installing and enabling Single Sign-on	60
1. Enabling Single Sign-on during installation	60
2. Using the rgadmin tool to enable Single Sign-on	61
3. Manually enabling Single Sign-on	61
Setting the local security policy	62
Disabling Single Sign-on	62
1. Using the rgadmin tool to disable Single Sign-on	62
2. Manually disabling Single Sign-on	62
Installing and Enabling Easy Login	63
1. Enabling Easy Login during installation	63
2. Using the rgadmin tool to enable Easy Login	63
3. Manually enabling Easy Login	63
Chaining custom GINA modules for Easy Login	64
1. Install time specification of the custom GINA module	64
2. Using the rgadmin tool to specify a custom GINA module	64
3. Manually enabling hprgina.dll to load a custom GINA module	64
3-1-2-1 Setting the Local Security Policy	65
Disabling Easy Login	65
1. Using the rgadmin tool to disable Easy Login	65
2. Manually disabling Easy Login	65
Automatic installation of the RGS Sender on Windows	66
Sender installation log file on Windows	67
Uninstalling the RGS Sender on Windows	67
3-2 Installing RGS on Linux	68
3-2-1 Installing the Receiver on Linux	68
3-2-2 Uninstalling the Receiver on Linux	69
3-2-3 Installing audio on the Linux Receiver	69
Audio Requirements	69
System Preparation	69
Customized Audio Installation	69
3-2-4 Installing the Sender on Linux	71
Starting the Sender on Linux	73
Uninstalling the Sender on Linux	73
4 Pre-connection checklist	74
4-1 Local Computer (Receiver) checklist	74
4-2 Remote Computer (Sender) checklist	74
4-3 NIC binding on the Sender	76
4-3-1 Manual NIC reconfiguration	76
4-3-2 NIC reconfiguration using the NIC binding properties	78
4-4 Using RGS through a firewall	79
5 Using RGS	80
5-1 Using RGS in Normal Mode	80
5-1-1 Receiver Control Panel	82
5-1-2 Setup Mode	82
5-1-3 Remote Display Window Toolbar	85
5-1-4 Remote Computer monitor blanking operation	86
5-2 Linux connection considerations	87
5-2-1 Full-screen crosshair cursors	87
5-2-2 Gamma correction on the Receiver	87
5-2-3 Black or blank connection session with the Linux Sender	87
5-3 RGS login methods	88
5-3-1 Standard Login	88
5-3-2 Easy Login	90
5-3-3 Single Sign-on	91
5-4 Changing your password	92
5-5 Collaborating	93
5-5-1 Creating a collaboration session	93
5-5-2 Collaboration notification dialog	94
6 Advanced capabilities	96
6-1 General options	97
6-2 Remote audio operation	98
6-2-1 Configuring audio on the Microsoft Windows XP Professional Sender	98
6-2-2 Calibrating audio on the Microsoft Windows XP Professional Sender	101
6-2-3 Disabling audio on the Sender	103
6-2-4 Using audio	104
6-2-5 Potential audio issues	105
6-3 Remote USB operation	106
6-3-1 Attaching a local USB device to a Remote Computer	107
6-3-2 USB session switching	109
6-3-3 Auto-remoting of USB devices	109
6-3-4 Supported remote USB devices	110
6-3-5 Remote USB Access Control List	111
6-3-6 Determining USB device information	113
Determining USB device information for Windows	113
Determining USB device information for Linux	113
Verifying the USB data	113
6-3-7 Troubleshooting remote USB	114
Computers supporting remote USB	114
Supported USB devices	114
Check USB cable connections	114
Reset the USB device	114
Enable Remote USB	115
HP Remote Virtual USB Driver	116
USB device drivers and program support	117
6-4 Adjusting Network timeout settings	118
Receiver network timeouts	119
Sender network timeout	121
Network timeout issues	122
6-4-2 Dialog timeouts	123
6-5 Hotkeys	124
6-5-1 Changing the Setup Mode hotkey sequence	125
6-6 Remote Clipboard operation	126
6-6-1 Remote Clipboard data transfers	127
6-6-2 Remote Clipboard filtering	129
6-6-3 Using the RGS log to detect clipboard problems	130
6-7 Receiver and Sender logging	133
6-7-1 Receiver logging	133
6-7-2 Sender logging	134
6-8 Statistics	135
7 Using Directory Mode	136
7-1-1 Directory file format	136
7-1-2 Starting the Receiver in Directory Mode	137
7-1-3 Selecting Remote Display Windows while in Directory Mode	138
8 RGS properties	139
8-1 Property syntax	139
8-2 Setting property values in a configuration file	139
8-3 Setting properties on the command line	140
8-4 Authenticator properties	140
8-5 RGS Receiver properties	141
8-5-1 Receiver property hierarchy	141
Properties set using the Receiver Control Panel	141
Receiver command line properties	141
rgreceiverconfig file properties	141
Archive file properties	141
Receiver default properties	141
8-5-2 Receiver property groups	142
8-5-3 Receiver general properties	145
8-5-4 Receiver browser properties	150
8-5-5 Receiver audio properties	151
8-5-6 Receiver microphone property	151
8-5-7 Receiver USB properties	151
8-5-8 Receiver network properties	152
8-5-9 Receiver hotkey properties	152
8-5-10 Receiver Remote Clipboard properties	153
8-5-11 Receiver logging properties	154
8-5-12 Receiver image codec properties	155
8-5-13 Windows placement and size properties	156
8-6 RGS Sender properties	157
Sender command line properties	157
rgsenderconfig file properties	157
Sender default properties	157
8-6-1 Sender property groups	157
8-6-2 Sender general properties	158
8-6-3 Sender microphone property	160
8-6-4 Sender network timeout properties	161
8-6-5 Sender USB access control list properties	161
8-6-6 Sender NIC binding properties	161
8-6-7 Sender clipboard property	162
9 Sender event logging on Windows	163
9-1 The HPRemote log	163
9-2 Usages of the HPRemote log	165
9-3 Additional information on event logging	166
10 Remote Application Termination	167
10-1 RGS connection and user status	167
10-2 HPRemote log format	167
10-3 Sample agent	170
10-4 Agent design issues	173
Desktop session logout	173
Selective environment shutdown	173
Wrapping applications of interest	173
Administrator alerts	174
Anticipating user disconnects and reconnects	174
General agent design guidelines	174
10-5 Additional safeguard features for Windows systems	174
RGS Sender Service Recovery Settings	174
Microsoft Remote Desktop Recovery	175
11 Optimizing RGS performance	176
11-1 Performance tuning for all platforms	176
11-2 Performance tuning for Windows	176
11-3 Troubleshooting graphics performance	177
11-4 Configuring your network for optimal performance	177
12 Troubleshooting RGS	179
12-1 Potential RGS issues and troubleshooting suggestions	179
13 RGS error messages	180
13-1 Receiver error messages	180
Appendix A: Using RGS with HP VDI	183
A-1 VMware ESX networking considerations	184
A-2 Using RGS with static HP VDI	184
A-2-1 Create a new virtual machine	184
A-2-2 Modify the VMware ESX configuration (.vmx file)	185
A-2-3 Installing the RGS Sender on the virtual machine	187
A-3 Using RGS with dynamic HP VDI (based on VMware View)	187
A-3-1 Create a new virtual machine	188
A-3-2 Install the RGS Sender on View Master/Parent VM and modify the configuration file to optimize for VMware View environment	188
A-3-3 Install View Agent on View Master/Parent VM	188
A-3-4 Install the RGS Receiver and View Client on the client computers	188
A-4 Running RGS diagnostics	189
A-5 Disabling the RGS warning popup	189
A-6 RGS operating modes available with VDI	189
A-7 Using HP Session Allocation Manager with HP VDI	189
Appendix B: USB devices supported by RGS	190

Match case Limit results 1 per page

RGS overview 46

2-23 RGS security features

Because of the distributed nature of an RGS connection, providing connection security is critically important. RGS

implements many features to provide connection security, including:

•

Authentication:

When a local user attempts to connect to a Remote Computer, the user credentials are

validated using the native authentication method on the Remote Computer. If the credentials are not

authenticated, the connection is closed. On Windows, authentication uses NTLM or Kerberos. On Linux,

authentication uses the Pluggable Authentication Module (PAM).

•

Authorization:

Multiple connections to the same Remote Computer are only allowed if the user logged into

the desktop of the Remote Computer (primary user) allows the connection. When another user attempts to

connect to the Remote Computer, an authorization dialog is displayed on the desktop of the Remote

Computer that asks whether the new user should be allowed to connect.

•

Automatic desktop locking:

The desktop of the Sender system locks when the primary user disconnects. This

prevents non-primary users from being able to interact with a remote session after the primary user has

disconnected. This feature is supported on Windows. On Linux, this feature is supported on the Gnome,

KDE, and CDE desktop environments.

•

Automatic disconnect:

On Linux, all Receivers will disconnect when the primary user disconnects. This

prevents non-primary users from interaction with a remote session after the primary user disconnects.

•

Automatic disconnect of non-primary users on Login:

All non-primary users are disconnected when a login

event occurs. Only the primary user remains connected when the desktop of the remote computer is logged

in.

•

Automatic disconnect on log off:

All Receivers are disconnected when the primary user logs off of the remote

desktop. This can be disabled by setting the

Rgsender.IsDisconnectOnLogoutEnabled

Sender

property to "0". See the Sender properties for more information.

•

Connection status:

On Windows, a desktop icon in the application tray animates when other users are

connected. Likewise, on Linux, the Sender GUI animates.

•

Collaboration notification:

See Section 5-5-2, “

Collaboration notification

.”

•

Connections are not allowed when an iLO remote console is enabled:

If the iLO remote console is enabled on

a HP Blade Workstation, connections to the blade using RGS are denied.

•

Disconnect all:

All Receivers can be easily disconnected using the Sender GUI. This is useful when hosting a

collaboration session, such as in a classroom environment, and the session ends. On Windows, the Sender

GUI is an icon in the system tray. On Linux systems, the GUI is an application on the desktop. Simply right-

click on the GUI and select "Disconnect All Receivers".

•

Remote Keyboard/Mouse:

The Sender GUI can enable or disable mouse and keyboard input for all non-

primary users.

•

Single user connection:

A user, identified by a username, is only allowed one connection to a RGS Sender. If

the same username connects more than once to a Sender, the previous connection drops and the new

connection continues on. If several users attempt to share a username, only one connection is active at a

time.

•

SSL encryption:

SSL securely encrypts all data transmitted between a Receiver and Sender pair.