pinremote Manual Version 4.0

Similar documents
pinbox Manual Version 1.2

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Parallels Remote Application Server

VMware Horizon Client for Chrome OS User Guide. 04 JAN 2018 VMware Horizon Client for Chrome OS 4.7

Remote Access Application Viewer User Guide. Version 2.3

Unified-E App Manager

FAQ. General Information: Online Support:

VMware Horizon Client for Windows 10 UWP User Guide. Modified on 21 SEP 2017 VMware Horizon Client for Windows 10 UWP 4.6

Parallels Remote Application Server

Remote Access Application Viewer User Guide. Version 2.5

PROXY Pro Master v10.0. User Guide October 2017

NetExtender for SSL-VPN

KYOCERA Net Admin User Guide

InSite Prepress Portal Quick Start Guide IPP 9.0

Installing and Configuring hopto Work. System Requirements Be sure you have these system requirements to install and use hopto Work.

Link Platform Manual. Version 5.0 Release Jan 2017

User Guide AppAnywhere

ASSA ABLOY. CLIQ Connect PC Application User Manual

PRACTICE-LABS User Guide

SurePassID ServicePass User Guide. SurePassID Authentication Server 2017

Parallels Remote Application Server

Web-Banking for corporate clients User manual

Release Notes. Dell SonicWALL SRA Release Notes

Web Push Notification

ApplicationServer XG Version 11. Last updated:

Receiver for BlackBerry 2.2

Remote Access Resources

Early Data Analyzer Web User Guide

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Password Memory 7 User s Guide

PRACTICE-LABS User Guide

Remote Desktop Services

Solution Composer. User's Guide

WINDOWS HOST GUIDE. Remote Support & Management PC Mac Tablet Smartphone Embedded device. WiseMo Host module on your PC or Server

Deployment User Guide

Touch Dynamic Quest II 7 - Tablet Staging Setup

SurePassID Local Agent Guide SurePassID Authentication Server 2016

CTIMUX for Panasonic TSP

User Guide. Cloud Connect App Board

ThinRDP Server. HTML5 Remote Desktop Client Administrator's guide

BEC. NetScaler Unmanaged VPN. Installation Guide. and. User Guide. Version

VMware Horizon Client for Windows 10 UWP User Guide. 06 SEP 2018 VMware Horizon Client for Windows 10 UWP 4.9

Android User Guide. for version 5.3

VMware Horizon Client for Windows 10 UWP Installation and Setup Guide. Modified on 21 SEP 2017 VMware Horizon Client for Windows 10 UWP 4.

SIGNATUS USER MANUAL VERSION 2.5

Client Type Windows Linux Mac ios Android

Covene Cohesion Server Installation Guide A Modular Platform for Pexip Infinity Management October 25, 2016 Version 3.3 Revision 1.

Sync User Guide. Powered by Axient Anchor

Multi-Sponsor Environment. SAS Clinical Trial Data Transparency User Guide

Cisco Unified Serviceability

Practice Labs User Guide

WA2592 Applied Data Science and Big Data Analytics. Classroom Setup Guide. Web Age Solutions Inc. Copyright Web Age Solutions Inc.

PROXY Pro Web Console Operations v10.0. User Guide October 2017

Anchor User Guide. Presented by: Last Revised: August 07, 2017

VII. Corente Services SSL Client

GRS Enterprise Synchronization Tool

Checklist. Version 2.0 October 2015

Remote Process Explorer

Computer Password Remote

EveryonePrint. Mobile Gateway 4.2. Installation Guide. EveryonePrint Mobile Gateway Installation Guide Page 1 of 30

Calendar & Buttons Dashboard Menu Features My Profile My Favorites Watch List Adding a New Request...

Install and upgrade Qlik Sense. Qlik Sense 3.2 Copyright QlikTech International AB. All rights reserved.

WebConnect Through the Internet

Parallels Remote Application Server 15 Beta Beta Guide

Choiceclouds User Guide. Administration & Configuration for Choiceclouds Remote Desktop Software

SafeConsole On-Prem Install Guide

User Guide for Client Remote Access. Version 1.2

Perceptive Matching Engine

Scout Enterprise Dashboard

Configuring Remote Access using the RDS Gateway

Service Partner Access (SPA)

visionapp Remote Desktop (vrd)

TIBCO LiveView Web Getting Started Guide

User's Guide Applied Functions

CLIENT DASHBOARD. With Cloud Communication Solution (C.C.S).

MyQ 6 Basic Installation Guide

SonicWALL SSL VPN 2.5 Early Field Trial

IFS TOUCH APPS SERVER INSTALLATION GUIDE

Reference for Off-Campus Remote Desktop Connection ipad Edition

Biz Storage File Share User s Manual

SecurEnvoy Microsoft Server Agent

Two factor authentication for Microsoft Remote Desktop Web Access

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

INSTALLATION INSTRUCTIONS

DSS User Guide. End User Guide. - i -

VMware Horizon Client for Windows User Guide. Modified on 03 OCT 2017 VMware Horizon Client for Windows 4.6 VMware Horizon Client for Windows 4.6.

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Contents Overview... 2 Part I Connecting to the VPN via Windows OS Accessing the Site with the View Client Installing...

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

Secret Server Demo Outline

Sophos Mobile SaaS startup guide. Product version: 7.1

User Manual for Orbweb Virtual Desktop (OVD)

Partner Integration Portal (PIP) Installation Guide

Sophos Mobile Control Administrator guide. Product version: 5.1

EasyMorph Server Administrator Guide

The Cisco HCM-F Administrative Interface

CLIQ Web Manager. User Manual. The global leader in door opening solutions V 6.1

Barracuda Firewall Release Notes 6.5.x

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Barracuda Web Application Firewall Foundation - WAF01. Lab Guide

Transcription:

pinremote Manual Version 4.0 Page 1

Table of content 1 Introduction... 4 2 Setup... 5 2.1 Requirements server... 5 2.2 Requirements client... 5 2.3 Setup process... 6 2.3.1 Single Server... 8 2.3.2 Cluster... 8 2.4 Services... 11 3 Quick start... 12 3.1 pinremote Portal... 12 4 pinremote Portal... 13 4.1 First steps... 14 4.2 Login modes... 17 4.2.1 Local user... 17 4.2.2 With domain and user name... 17 4.2.3 With predefined domain... 17 4.2.4 AD and local user... 17 4.2.5 Use portal credentials as Windows credentials... 17 4.3 Portal Administrator... 18 4.3.1 Dashboard... 18 4.3.2 Gateways... 20 4.3.3 Profiles... 22 4.3.4 Users... 24 4.3.5 Groups... 28 4.3.6 Active Directory... 31 4.3.7 Settings... 33 4.3.8 Direct access... 35 4.3.9 System Test... 36 4.3.10 Change Password... 37 4.3.11 Style... 37 4.3.12 Events... 37 4.4 Portal User... 38 4.4.1 Accessing Desktops... 38 4.4.2 Accessing Applications... 40 4.4.3 Accessing Office applications... 41 4.4.4 Join Session... 41 4.4.5 Direct Access... 42 4.4.6 Settings... 42 4.4.7 Change Password... 43 4.5 Read Only Mode... 45 5 pinremote Admin... 46 5.1 Gateway tab... 46 5.1.1 Gateway Push Mode... 47 5.2 RDP Broker... 48 5.3 Profiles tab... 49 5.3.1 Authentication via pinremote... 50 5.3.2 Authentication via Radius... 50 5.3.4 2-Factor authentication... 52 5.4 System tab... 59 5.5 Test tab... 60 5.6 Settings tab... 61 5.7 SSL tab... 62 Page 2

5.8 Printing tab... 63 5.9 Notification tab... 64 5.10 SMS tab... 65 5.11 Statistics tab... 66 5.12 Reporting tab... 67 5.13 Backup... 68 5.14 Licensing tab... 69 6 Remote Support... 70 7 Hints using pinremote... 71 7.1 Accessing desktops... 71 7.2 Accessing applications... 71 7.3 Firewall... 71 7.4 Security... 71 7.5 Using Active Directory... 71 7.6 Using Google Authenticator... 71 7.7 Using Wake on LAN... 73 7.8 Usage on mobile devices... 73 7.9 Mobile Keyboard... 75 7.10 Using pinremote SDK... 76 8 Production... 77 8.1 Setup secure connection with SSL... 78 8.2 Running portal and gateway on same port... 81 Page 3

1 Introduction pinremote is an easy to use HTML5 solution that allows access to your desktops and applications from all HTML5 compliant browsers and mobile devices. pinremote can bring any of the following applications to HTML5: Any desktop application like.net, Java, others Web applications that do not support all browsers or only old browser versions Web applications that use Java Applets Web applications that use ActiveX pinremote can bring any of the following features to HTML5: Use real word processing in your web application Bring any desktop functionality to the web Page 4

2 Setup pinremote can be installed on the following systems: Windows 2016 Windows 2012 Windows 2008 2.1 Requirements server pinremote requires the following software packages:.net framework 3.5/4.0 Please install Net 3.5/4.0 with your system setup. IIS For the pinremote portal IIS is required including special IIS features: Please install by using Windows control panel or server manager. Java 1.8 pinremote requires Java 1.8 which is included in the pinremote setup, so no download is necessary. RDP Server (Terminal Services or others) You can use the Remote Desktop Services on a Windows server system. For test purposes the Session Host is sufficient. Firewall As the portal and the gateway are installed on the same system by default you have to enable the ports in your firewall when accessing remotely. Windows 2008 The.Net framework 4 needs to be downloaded separately. Please make sure that ASP.Net is correctly configured in IIS. 2.2 Requirements client On the client you need a HTML5 compliant browser like Internet Explorer 10+ Firefox Chrome Safari on a PC or on mobile devices. Page 5

2.3 Setup process Setups starts with a hint to install all of the required features before continuing with pinremote setup: Please make sure that all required software modules are installed before you continue. If you want to use Windows Remote Desktops services then install them now. If not you can use the enclosed demo RDP server. Page 6

pinremote setup copies all of the required files to given destination folder. Page 7

After this the pinremote configurator is started to configure the system. 2.3.1 Single Server The Single Server option is used when the Gateway and the RDP Broker are on one physical machine. This is the default. 2.3.2 Cluster A cluster consists of a gateway instance and several RDP brokers. Multiple clusters can be addressed by the client. Use Cluster Gateway if you want to install the gateway part of the cluster or if you want to use named Windows users for login to the RDP server. Use Cluster RDP Broker if you want to install the RDP broker as part of a cluster. The details of configuration are made with pinremote Administrator after installation. Please find more details in the pinremote load balancing and fail over guide. Page 8

Press the install button to run installation. As next step you are asked for Java setup. Please follow the steps to install Java. You normally don t have to make any changes in settings. After Java is installed the configurator is activated again. The setup tries to use port 8080 as standard port. Otherwise setup will use another port between 8080 and 8089. The RDP Broker is installed on a port between 8090 and 8099. The setup now configures the system and makes some final tests. Page 9

Finally there is a hint that you need a RDP (Terminal)-Server for running all of the demo features. Hint: If there is no RDP server installed the app demos do not work correctly. Page 10

After setup the pinremote portal should be display in browser: 2.4 Services The pinremote setup installs 2 windows services. Pintexx Cloud Gateway Service Pintexx Cloud RDP Broker Service The gateway service provides the HTML5 logic and is always required. The RDP Broker manages the RDP connections when using applications. If you access only desktops you do not need this service. Page 11

3 Quick start Shortcuts are created on desktop for: - pinremote Administrator - pinremote Portal - pinremote Manual You will find a PDF version of the manual in installation folder. 3.1 pinremote Portal After setup the browser should be opened pointing to the pinremote portal. You can login as user with testuser or as administrator with administrator. The initial password is 12345678. Page 12

4 pinremote Portal The pinremote portal is the central access for all configured resources for the user. You can open the portal by using shortcut or point to http://<ip-address>/pinremote-portal The initial credentials are: Demo user Login: testuser Password: 12345678 Administrator Login: administrator Password: 12345678 You can change password after login. Page 13

4.1 First steps After setup the portal should be automatically started in browser. Please login with test user and test credentials that are displayed. Connect to the server s desktop by pressing Connect. Page 14

Start the default application (MS Paint) by pressing Open. Page 15

If Office is available you can run the Office applications as well. Page 16

4.2 Login modes There are different login modes which can be used for the portal. 4.2.1 Local user If you create users in admin area you can login with the user s credentials as local user. In that case you can individually specify all user settings. 4.2.2 With domain and user name If you login to the portal with a domain and user name, then the system tries to authenticate via Active Directory. In that case no local user settings are used, but the global settings in admin area. 4.2.3 With predefined domain If you have specified an AD domain in admin settings then this domain is always used to authenticate versus AD. In that case you do not have to enter the domain. 4.2.4 AD and local user If you use AD to authenticate and if you have a local user with the same login then you can individually specify user s settings. 4.2.5 Use portal credentials as Windows credentials If you have enabled the option Use portal credentials as Windows login for a user then same credentials are used for the RDP connection. Page 17

4.3 Portal Administrator There is one administrator in the portal. The administrator can configure all relevant settings. 4.3.1 Dashboard The dashboard gives you an overview over the current system status. All of the current connections are listed as well as the configured gateways. By clicking a gateway you get special information. Page 18

4.3.1.1 User info By pressing the Info button there will appear a new dialog that lists all connected users. By entering a message you can send it directly to the desktop of the user. Page 19

4.3.2 Gateways In the gateway menu you can configure one or multiple gateways. To access information from a gateway a profile with System rights is required. This profile can be created in pinremote Admin. If you want to access the gateway via SSL please activate the SSL checkbox. For more than 1 gateway the Gateway push mode is recommended (see Admin). The first configured gateway is the primary gateway. If there is more than one gateway configured then the system chooses the gateway with the lowest load for the next connection. This includes also a failover scenario as always the best gateway is selected. Page 20

Please add as new gateway by pressing New gateway button and enter the IP or domain of the gateway. Please specify a port number if you use a different port than 443. Do not use http/https at the beginning. Page 21

4.3.3 Profiles To use profiles in the portal you first have to activate them. After setup you will find a profile for desktop, apps and office. The profile name and the configured rights as well as the 2-factor option is displayed. You can delete a profile with the cross button. If you have made changes to the profile (excluding password changes) you can update the profile with update button. If you made changes to password you have to delete and reactivate the profile. Press the Activate Profile button to get a list of available profiles of the primary gateway. Page 22

Select the profile from list and enter the profiles password. Press save to activate the profile. The new profile should be listed afterwards. To assign profiles to users please activate a minimum of one profile in user settings (see Users). Hint: A user cannot access any resources without having at least one activated profile. Page 23

4.3.4 Users In the users menu you can create and edit local users. A search box allows searching for name and login. You can edit a user by pressing edit button or double clicking in a row. You can delete a user by pressing delete button. Create a new user by pressing Create new user. Page 24

In the user dialog the admin can specify user data and configure additional settings. The drop down lists allow to select the global settings (in settings menu) or specify individual settings per user. The info1/2 fields are used for passing additional information to statistical files and reporting system In the profile area all available activated profiles are listed. One or more profiles can be activated here. Please specify a domain name when you want to use Active Directory authentication. If you want to use the portal credentials as login credentials for your desktop or application then the Use portal credentials for login option has to be active. If groups are available then the user can be assigned to a group. The group settings overwrite the global settings. If the Multiple connections option is activated then there can be more than one desktop connection be configured. If the Create PC connections option is activated then the user itself can configure connections. Otherwise the administrator can configure multiple PCs for each user. Page 25

If the Multiple PC is off and a RDP IP is specified, then there is only a Connect button in user area which connects to this IP. Instead of an IP address also a host name can be used. The other options allow setting special RDP parameters. Activate the SmartCard option if you need to access smart cards on your desktop. Use the Load Balance Info when using a RDS server farm. Page 26

Press Save button to save changes. Page 27

4.3.5 Groups Groups can be used to set settings for more than one user. Page 28

A new group can be created by using Create new group button. 4.3.5.1 Using group for AD If you specify the name of an AD security group in field Assigned AD group then the system checks if the logged user is member of this group. In this case all settings of the group overwrite the global settings and are assigned to the user. For using AD authentication for this group you have to enable AD login. 4.3.5.2 Using group for local user In user settings you can assign a user to a group. Then the group settings overwrite the global settings. Page 29

You can overwrite the group settings by user settings. Page 30

4.3.6 Active Directory In the Active Directory menu the admin can specify global AD settings for all users. Those settings can be overridden by specifying individual settings in group or user settings, For using AD you first have to activate it. Is the gateway server part of the AD domain then set connection mode to Domain, otherwise chose IP. You can enable AD login for all users when activating option. If this option is not activated, you can use a group to allow AD usage only for group members. Activate the Use portal option when you want to use the portal credentials for accessing your desktop or app. If a global AD domain is set then users do not have to enter the domain name in login dialog of the portal. If you enter a number (in days) in the expiring warning field then the user gets a warning message when password is expiring. The user can then reset the password by using Change password feature. Page 31

4.3.6.1 Configure user settings via user properties When using AD fields the system can read those values directly from AD. You can use existing AD fields by specifying the AD field name. If the fields do not exist you can create your own ones in AD. That means, that you don t have to create users inside the portal but you can use existing AD accounts. Those fields can be used: - The users email and mobile number (when using 2-factor authentication) Page 32

4.3.7 Settings Here all global settings can be specified. Most of the settings are used as default when creating a new user and can be overwritten individually in group or user settings. The portal can be locked so that only the administrator can login. The portal name can be specified as well as an info message that appears on login screen. A register option and the send password option can be enabled and are displayed on login screen. The users menu can be configured by hiding menu entries. For a description of the global settings please have a look at the user settings. Page 33

For notifications you should specify the mail settings so that emails can be send from the portal. Page 34

4.3.8 Direct access The Direct access feature allows creating a link for direct access to desktops and apps. If Direct Access is enabled you have to specify a secret first. This is used to identify the users. If the Show users option is activated then the user gets a new menu entry where the links for direct access is displayed (see portal user description). When using the direct link the first time the user has to enter domain/login/password one time. After the second call the desktop/app is directly displayed. The cookie valid time defines the number in days, the login/password is available on the users machine. Page 35

4.3.9 System Test The system tests help to test all connection between the services. So, a quick detection of firewall issues is possible. Please make sure, that all of the different connections between the browser, gateway and web server work. Page 36

4.3.10 Change Password The password of the administrator can be changed here. 4.3.11 Style The application style can be customized by setting your own logo Url and highlight color. 4.3.12 Events In the events menu all system notifications like errors and warnings are listed. Page 37

4.4 Portal User If you login as portal user, you can access all resources that have been configured from the admin. 4.4.1 Accessing Desktops If a profile with Desktop rights has been activated for the user then the My PC menu is visible. If the RDP IP field in user settings is set than the user can connect to only one desktop. If the user is configured to use more than one desktop: Page 38

If the option Create PC Connections is activated in user settings then the user can configure own desktop connections. Page 39

4.4.2 Accessing Applications If there is a minimum of one profile with Application rights activated for the user then the menu My Application is visible. The applications can be opened by double clicking the row or pressing the Open button. Each application will be started in a new browser window. By closing the Window or closing the application the remote session is terminated. Page 40

4.4.3 Accessing Office applications Office application like MS Word can be opened separately. After running the application in browser local files can be opened, edited and saved afterwards. 4.4.4 Join Session Please have a look at chapter Remote Support. Page 41

4.4.5 Direct Access If Direct Access feature is enabled for user then a link is created for all user resources to access desktops and apps directly. The user can copy the link to clipboard and paste to browser. When accessing the link the first time the user has to enter login/password one time. The credentials are saved encrypted in a cookie. The second time the user can access resources directly. 4.4.6 Settings The user can select the display language and the keyboard. For using mobile devices the user can activate the mobile keyboard and mouse. When using 2-factor authentication the user can specify an email or mobile number. Page 42

4.4.7 Change Password The user can change the password here. Page 43

Page 44

4.5 Read Only Mode As additional security feature there is a ReadOnly mode in the portal. This mode can only be set by editing the web.config in portal root folder. Values: <add key="readonlymode" value="0"/> 0 = Read Only is disabled 1 = No data/settings can be changed 2 = Only user can change data but not the administrator 3 = Only administrator can change data, but not the users Page 45

5 pinremote Admin You can open the pinremote admin via shortcut or directly in <install>\cloudtools\pintexx.cloud.server.administrator.exe The pinremote admin is the tool to configure and maintain the system. 5.1 Gateway tab Depending of your setup mode the gateway tab is enabled. The gateway name is used to identify the gateway server e.g. when sending notification emails. The gateway port is the port under which the gateway is accessed remotely by using web sockets. You can disable this port by unchecking checkbox. The gateway SSL port is the secure connection to the gateway by using secure web sockets. Page 46

You can enable SSL by activating the checkbox. The default port is 443. The system is configured with a self-signed certificate so that encryption works. For using a company certificate please install on Certificate tab. If you have more than one IP address on your system you can bind the gateway to one special IP address by specifying the Bind address field. You can configure the maximum sessions on the gateway. This number depends of your system memory and the number of processor cores. Configure the RDP port of accessing the RDP servers in field RDP port. You can use multiple RDP Brokers with one gateway for load balancing and fail over. You can configure the RDP Brokers with ip and port here. Please press Save button after you made changes. The admin restarts the services automatically. 5.1.1 Gateway Push Mode The gateway push mode is recommended when using more than one gateway. Instead of connecting to all gateways and to figure out load the gateway informs the portal about the current state. This avoids web socket connections and time. A gateway can inform multiple portals about its state. The portal url has to point to the root of the used portal. Page 47

5.2 RDP Broker Depending of your installation mode the RDP Broker tab is enabled. The RDP Broker manages the connections to the RDP server when providing applications. The RDP Broker is not used when accessing desktops. You can configure the port of the local RDP Broker and the maximum RDP sessions here. Multiple RD Brokers can be configured for accessing multiple Terminal Servers. Please press Save button to confirm changes. The required services are automatically restarted. Page 48

5.3 Profiles tab The profiles tab configures the access rights to desktops and applications. By default there are different demo accounts for each access type. You can create a new profile, edit existing ones or delete profiles by pressing the corresponding buttons. In the pinremote portal you can assign those profiles to your users. Hint: Without using profiles there is no access to gateway possible. The system profile is used in portal to be able to get information from gateway. Page 49

To edit a profile open the profile window. You can first enter a display name which will be displayed in portal. Then there are 2 authentication options: 5.3.1 Authentication via pinremote Enter a login and password combination. Those credentials are required for accessing the gateway. The password for the demo profiles are random and are created by setup. Please create your own profiles after setup. 5.3.2 Authentication via Radius When using Radius authentication you have to specify the server, the protocol, the secret and the port. If you also want to use Radius accounting then you have to specify the accounting port. Page 50

Using 2-factor authorization via Radius is also supported. To use it enter user-password={token} in properties field. Page 51

5.3.4 2-Factor authentication In the 2-Factor tab you can enable authentication by - email - SMS Web Service - SMS GSM. - Google Authenticator - Radius Please specify SMS parameters in tab SMS. If you select email please make sure, that the email settings in notification tab have been set. For using Google Authenticator please see chapter Using Google Authenticator. Page 52

The system tab enables system rights. Those rights are required in pinremote portal to allow reading information from gateway. Page 53

To enable desktop access check the checkbox in desktop tab Page 54

To define an application there are 3 different modes. pinremote mode The pinremote mode uses the pinremote RD Broker to dynamically select local users to run the application. This mode does not require to pass credentials as the credentials of predefined users are used. Users can be created with the pinremote application manager tool in CloudTools sub folder. Please enter a display name which is used to display the application in pinremote portal. Then select the executable that shall be run in browser. The applications icon shall be displayed here and in portal. Named user mode In Named user mode there are credentials required for a special user that is used to run the application. The application is executed always with the same user specified by credentials. You have to use the Use portal credentials for Login option in user settings in portal. Then the portal credentials/domain is used as RDP credentials. Page 55

Page 56

Named Users (RemoteApp) mode In Named user (RemoteApps) mode there are credentials required for a special user that is used to run the application. The application is executed always with the same user specified by credentials. You have to use the Use portal credentials for Login option in user settings in portal. Then the portal credentials/domain is used as RDP credentials. You have to specify a display name and the RDP server. The application is not specified by a path but by an Alias. You have to configure RemoteApps in Remote Desktop Services. Page 57

To enable Office application check the options here. The applications have to be installed on the RDP server. Page 58

5.4 System tab The system tab allows restarting all services of pinremote. You can turn on logging by checking the Logging check box. Press Save button to save logging changes. The current log file can be opened by pressing Open button. Page 59

5.5 Test tab The test tab allows testing the gateway and RDP broker services and the RDP server access. The gateway can be tested in http or https mode. In https mode the correct domain name has to be specified. The RDP broker test checks all in Gateway tab configured RDP brokers. The RDP server test uses the given values for testing RDP access. Page 60

5.6 Settings tab In the settings tab global parameters can be configured. Upload/download, clipboard and printing features can be enabled/disabled here for all users. You can also specify the name of the remote drive that is displayed in user s file explorer in a remote session. The RDP session logoff time can also be specified here. It is the time, a disconnected session is logged off. Page 61

5.7 SSL tab To support https/ssl you have to install a certificate. Please enter the certificates password and press Install certificate button. You have to provide a P12 or PFX certificate. For assuring SSL quality the currently used ciphers are listed. You can also directly test SSL quality by entering the domain name. Page 62

5.8 Printing tab To support remote printing a postscript to PDF converter is required. Due to licensing restrictions it is not part of the setup. We recommend using Ghostscript in the latest version (9.10 or later). After Ghostscript setup select the converters executable (gswin64c.exe) as converter path. You can also specify the name of the remote printer that is displayed in a remote session in printer select dialog. Page 63

5.9 Notification tab The system can send notification emails for important situations. You can specify your mail data here and check notification options: If system is overloaded then no further connection will be processed. That happens if the maximum number of configured gateway connections is reached. If the RDP servers are overloaded or not available then also an email is send. This happens if the system workload is higher than 95%. A notification is also sent when the license is expired or if too many connections are used. You can send a test email by pressing Send test mail button. Hint: Please specify those parameters as one of the first steps so that you are informed about system issues. Page 64

5.10 SMS tab In Pro version 2-factor authentication is supported. If SMS mode is configured you can use a 3 rd party web URL or standard GSM modem to send a text message to the user with a token (One Time Password). To specify the URL please use #PHONENUMBER# and #TOKEN# as place holder for the user s phone number and the generated OTP. The check field can contain as value that is checked versus the result of the URL call. The GSM modem needs to have a serial interface with standard settings. Please select here the COM port of your GSM modem. Page 65

5.11 Statistics tab pinremote creates a statistics file for each month. For the current month - the total connections - the maximum concurrent connections - the unique named users are displayed. The statistic files are created in sub folder <CloudStatistics> in XML format. Page 66

5.12 Reporting tab pinremote provides a transparent reporting system when using subscription licensing. Press Register Reporting button and you will be directed to the registration page. After registering you will get a contract id by email. Enter this credentials, activate the checkbox and press Save. Statistical data will be posted to our reporting system one time a day. You can have a look at the reports by pressing the View Reports button. In addition you can specify your own web page, where statistical data are posted as well. A manual post option is also available for testing. Page 67

5.13 Backup During setup an automatic backup of all relevant files will be configured. The backtip files are saved to a dedicated location on the server. To restore a backup one oft he backup files (zip) hast o be selected. Then the servicies are stopped, the files are copied back and the services are started again. Page 68

5.14 Licensing tab The license tab displays the current installed license. After purchase you will get a license file that has to be installed here. Page 69

6 Remote Support If there is an active remote session another user can join this session, watch the user s actions or request control. To join the session of User1, User2 has to select Join session in portal. The access code of User1 is required and has to be entered in the Access code field. The access code can be displayed by pressing Access code button in toolbar: The access code is a number with 9 digits. User1 tells User2 the access code and User2 enters the code into Access code field and presses the Connect button. User1 is informed that User2 wants to join the session. User1 can now accept or refuse the join request. If join is accepted User2 can now see the desktop of User1. By pressing the Request Control button in User2 toolbar User1 gets informed. If User1 accepts the control request then User2 can now control the desktop of User1. User1 can take back control in the same way. Page 70

7 Hints using pinremote 7.1 Accessing desktops You can access desktops by using the portal and specifying the IP address, configure desktops for the user or let the user configure own connections. For accessing desktops you do not need a RDP server. 7.2 Accessing applications For accessing applications you need a RDP server like MS RDS. pinremote is fully compliant with MS RDS including server farms and RD Broker usage. 7.3 Firewall The pinremote system consists of 3 different sub systems, the portal (IIS), the gateway service and the RDP broker service. When using the portal please make sure that the firewall is enabled for accessing the gateway (running on port 8080 by default) from user client (browser). In addition the portal application (IIS) needs also access to the gateway. This is important if the portal is running on a different machine as the gateway. When using the RDP broker on another server as the gateway server then make sure, that the RDP broker port (8090 by default) is enabled in firewall of the gateway server. 7.4 Security Please do NOT use a production system without SSL/Https!! Otherwise credentials are not encrypted and your system can be attacked. If you login to gateway 5 times with wrong credentials or insufficient rights then your IP address is locked for 30 minutes and you cannot access the gateway anymore. The admin is informed by email. 7.5 Using Active Directory pinremote supports direct authentication to AD in portal and to desktop. Please read chapter Login modes to get more information. 7.6 Using Google Authenticator To enable 2-Factor authentication via Google Authenticator you first have to activate that option in your profile in pinremote admin tool at tab 2-Factor. Then go to portal admin to menu profiles and update profile so that Google is displayed in 2-Factor column. Page 71

Edit your user settings and activate the display of the GR code. If the users now logs on in the portal the QR code is displayed. The Google Authenticator App has now to be installed on the user s mobile device. With the app the user can scan the QR code, if not then the code can be entered. The Google Authenticator will now create a code each minute. After pressing Connect button this code has to be entered. Page 72

7.7 Using Wake on LAN pinremote can automatically start a PC via Wake on LAN if this feature is supported. Just enter the IP address and the Mac address in your user s settings and activate Wake on LAN feature. If the user presses Connect button the system will wait until the PC is available and then connect. 7.8 Usage on mobile devices After connecting from a mobile device you can choose different modes how to use surface. In the startup mode the toolbar is displayed at the top by touching somewhere. Control by finger The surface can be controlled by using finger (touch mode). This is the startup mode. By touching the first toolbar button you can switch to the next mode. Page 73

Control by relative mouse position The mouse cursor can be moved by using the finger. Touching means "left mouse cursor" action. Touching longer means "right mouse cursor" action. The toolbar is displayed in this mode if the mouse cursor is moved to top of the screen. Control by finger and mobile mouse In this mode you can use your finger as well as mouse symbol (mobile mouse). The mouse symbol can be moved with the finger, the left and right mouse key can be activated by touching the corresponding areas. The toolbar is displayed in this mode if the mouse cursor is moved to top of the screen. Virtual mode The administrator can define the minimum desktop size, therefore the virtual desktop can be larger than the screen. In this mode only the mobile mouse can be used. The toolbar is displayed in this mode if the mouse cursor is moved to top of the screen. Mobile Windows keyboard If the mobile keyboard has been activated in user settings the keyboard button is displayed at second position. The mobile Windows keyboard can be turned on/off here. Shows the access code which is required for Remote Support. Request control in Remote Support mode Page 74

7.9 Mobile Keyboard Especially for mobile devices there is a built in Windows keyboard for different keyboard layouts, but it can also be used on desktops. On desktops you can use the mouse to activate buttons, on touch devices you can use the touch interface. On the very right side there are the special buttons: The keyboard layout button. After pressing this button you can select between different keyboard layouts They keyboard resize buttons can resize the height of the keyboard The F button key enables/disables the F keys The special key button enables/disables the specials keys like the cursor keys etc. Hides the keyboard Page 75

7.10 Using pinremote SDK With the pinremote SDK you can integrate all of the pinremote functions in your own web portal. You can also download and use the pinremote.net SDK. The SDK is used in portal to enable easy access to all pinremote functions. protected void Page_Load(object sender, EventArgs e) { if (!this.ispostback) { CloudServers servers = new CloudServers(); servers.add(myserver); if (this.cloudapplication.login(servers, "app1", "app1", "C:\\windows\\system32\\notepad.exe", "")) { this.cloudapplication.keyboard = CloudControl.enKeyboard.German; this.cloudapplication.enableclipboard = true; } } } Please find more information in SDK. Page 76

8 Production For using pinremote in a production system we recommend the following steps: - Please urgently use a certificate to encrypt connections to gateway and portal (use https/ssl only) - Remove all of the demo profiles and create production profiles with secure passwords - Set notification data in pinremote admin and check all options - Use Access only from IP to limit authentication to gateway only from one ip (pinremote portal) - Use 2-factor authentication where possible - Set ReadOnly mode in web.config of portal to 2 when you have finished configuration. This avoids changes to system even when the administrators account has been hacked. - Change administrator login in portal and remove test users. - Backup the portal database in sub folder cloudportal/app_data Page 77

8.1 Setup secure connection with SSL A (sub) domain that points to the gateways ip address is required as well as a valid certificate (pfx or p12 file) with password. Enter the certificates password and press Install Certificate button. Select your pfx or p12 file and press OK. The certificate is now imported.. Now enable the SSL port in Gateway tab and specify the SSL port (default is 443). You can test by calling https://<domain>:<port>/status.html If it works you should some text. Page 78

Make sure that the domain is also known to the portal (IIS). If not, create an entry in Windows hosts file first. Then logon to portal as administrator. In Tab Gateway change the gateway to the domain and the port you specified in admin tool. Now go to System Test page and run the first 2 tests by activating the SSL checkbox. Page 79

If both tests are positive then your SSL connection is setup correctly. Page 80

8.2 Running portal and gateway on same port The portal (IIS) and the gateway are 2 independent services that require a port each. When running on the same port on the same machine (e.g. 443) then 2 ip addresses are required. Configure the 2 ip addresses in the TCP/IP settings first. Then you have to tell IIS, that it listens only to one ip address. // lists all current port bindings Netstat -a -n -o // displays the ip address that IIS is listening netsh http show iplisten // if you already have configured to listen to a dedicated ip address then you first have to delete it netsh http delete iplisten 185.48.117.108 // now add the ip address IIS should listen only netsh http add iplisten 185.48.119.6 The 2 nd ip is used for the gateway. Enter the 2nd ip address in field Bind address in pinremote Admin tool and restart gateway. Page 81

Now you can change port of portal and gateway to 443. Page 82

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback