Administration Guide for Cisco Virtualization Experience Client 2111/2211 PCoIP Firmware Release 4.0.2
Uploads to the Device
Downloads: This chapterpdf (PDF - 1.29MB) The complete bookPDF (PDF - 7.06MB) | Feedback

Uploads to the Device

Uploads to the Device

You can use the options in this menu to upload new firmware or an OSD logo to a device or to manage your certificates. These options are not available through the OSD.

Firmware upload

The Firmware web page allows you to upload a new firmware build to the client.

Figure 1. Firmware Upload Web Page



Table 1 Firmware Upload Parameters
Parameter Description
Firmware build filename

The filename of the firmware image to be uploaded. You can browse to the file using the Browse button. The file must be accessible to the web browser (that is, on a local or accessible network drive). The firmware image must be an .all file.

Upload

Click the Upload button to transfer the specified file to the device. The web interface prompts you to confirm this action to avoid accidental uploads.

Firmware Upload Process Example

Procedure

  1. Ensure the client is disconnected from the virtual machine.
  2. Log in to the client Administrative Web Interface (using a password if enabled).
  3. From the Firmware Upload web page, browse to the firmware .all file (for example, tera1x00_rel1-9-v175.all).
  4. Click Open.
  5. Click Upload.
  6. Click OK to confirm that you want to proceed with the upload. When the firmware upload completes, the message “Success Flash successfully programmed! You must reset the device for the changes to take effect” appears.
  7. Click Reset. The message “The PCoIP processor will reset on the next host system restart; your changes will take effect then. Are you sure you want to proceed?” appears.
  8. Click OK.
  9. If the client does not automatically reset itself, reset the client manually.
  10. Start the PCoIP session as usual.

Logo upload

The OSD Logo page allows you to upload an image to the device. This image is displayed on the Connect window of the local GUI On Screen Display (OSD) logo.

The VMware View Advanced page includes an option “Use OSD Logo for View Banner,” which lets you configure whether the OSD logo appears on the View login screen instead of the View banner. For more information, see Vmware View Connection Configuration.

Figure 2. OSD Logo Upload Web Page



Table 2 OSD Logo Parameters
Parameter Description
OSD logo filename

Specify the filename of the logo image you want to upload. You can browse to the target file using the Browse button. The file must be accessible to the web browser (that is, on a local or accessible network drive).

The 24-bits-per-pixel image must be in BMP format and its dimensions cannot exceed 256 pixels in width and 64 pixels in height. If the file extension is incorrect, an error message appears.

Upload

Click Upload to transfer the specified image file to the client. A message to confirm the upload appears.

OSD Logo Upload Process Example

Procedure

  1. From the OSD Logo web page, click Browse to locate the target logo file.
  2. Click Open.
  3. Click Upload. The message “Are you sure? This will upload a new logo for the local GUI. This operation may take a few minutes” appears.
  4. Click OK.
  5. Wait for the OSD Logo upload to finish. A message appears to advise if the upload was successful.
  6. Reset the client.

Upload the certificate

The Certificate Upload page lets you upload and manage your CA root and client certificates. You can upload up to 16 certificates. As of Firmware Release 3.5, the PCoIP protocol reads just one 802.1X client certificate for 802.1X compliant networks. Make sure you include all the security information for your PCoIP devices in that client certificate.

Figure 3. Certificate Upload page



Table 3 Certificate Upload parameters
Parameter Description
Certificate filename Upload up to a maximum of 16 root and client certificates.
Uploaded Certificates This displays any uploaded certificates. To delete an uploaded certificate, click the Remove button. The deletion process occurs after the device is rebooted. To view the details of a certificate, click the Detail button. These certificates appear as options in the Client Certificate drop-down menu on the Network page.
802.1X Client Certificate This is a read-only field. It is linked to the Client Certificate field on the Network page.

Uploading Certificates for 802.1X Authentication

The following are some general guidelines when using 802.1X authentication. For more information, see certificate management information for PCoIP zero clients on the Teradici support site.

  • 802.1X authentication requires two certificates—an 802.1X client certificate and an 802.1X server CA root certificate.
  • The 802.1X client certificate must be in .pem format and contain a private key that uses RSA encryption. If the certificate is in a different format, you must first convert the certificate, including the private key, to .pem format before uploading it.
  • After uploading the 802.1X client certificate from the Certificate Upload page, you must configure 802.1X authentication from the Network page. This entails enabling 802.1X authentication, entering an identity string for the zero device, selecting the correct 802.1X client certificate from the drop-down list, and then applying your settings. For more information, see Network settings configuration.
  • The 802.1X server CA root certificate must be in .pem format, but should not need to contain a private key. If the certificate is in a different format, you must convert it to .pem format before uploading it. This certificate does not require configuration from the Network page.
  • Both the 802.1X client certificate and the 802.1X server CA root certificate must be less than 6 KB; otherwise, you will not be able to upload them. Some certificate files may contain multiple certificates. If your certificate file is too large and it has multiple certificates within, you can open the file in a text editor, then copy and save each certificate to its own file.

View 5.1 Security Settings

When you connect a zero client to VMware View 5.1, SSL is enabled by default on the View Connection Server (VCS). If the connection from the zero client is not secure, the VCS may allow, warn, or block the user depending on the VCSCertificateCheck Mode setting on the zero client (default setting is: Warn if the connection may be insecure ).

By default the certificate trust store on the zero client is empty (with the exception of PCoIP root CA certificates for management).


Caution


After you upgrade the zero clients to Firmware Release 4.0.x, users can connect to their desktop by accepting the warning and logging in as normal. However, if an IEEE 802.1x certificate has been uploaded to the zero client, but the VCS trusted root certificate has not been uploaded, then the View Connection Server blocks the connection.


To avoid warnings or a blocked connection on the zero client, you must do one of the following:

  • (Preferred) Upload the VCS trusted SSL root certificate to the zero client. You can do so through the Administrative Web Interface. In this case, the zero client can connect without any warnings (in the VCS address field of the connection dialog, HTTPS appears in green).
  • (Not Secure) Set the VCS Certificate Check Mode to: Allow the unverifiable connection. You can set this parameter on the zero client Session page using the OSD or the Administrative Web Interface. In this case, all connections are allowed (in the VCS address field of the connection dialog, HTTPS appears in red strikethrough).

Removing Certificates From the Cisco VXC 2111/2211

To remove previously loaded certificates from the Cisco VXC 2111/2211, and to clear the Trusted View Connection Server list, perform the following steps:

  1. From the Administrative Web Interface, click Upload > Certificates.
  2. From the Uploaded Certificates list, choose a certificate and click Remove. (To remove multiple certificates, repeat this step as required.)
  3. Click Apply.
  4. Click Continue.
  5. From the Administrative Web Interface, choose Configuration > Session.
  6. Under Advanced Options, in the Trusted View Connection Servers field, click Clear.
  7. Click Apply.
  8. Click Continue.