The following are
best practices for management of Cisco VXC 6215 devices using Cisco VXC
Cisco VXME from the Device
If you have a
device running Cisco VXME, but no longer want to run Cisco VXME after the
upgrade to Release 9.7, you must do one of the following depending on the
Firmware Release currently on the device. If you do not perform the steps
below, the autologin setting will persist on your device after you remove the
Cisco VXME. That is, the device will continue to automatically login at bootup
using thinuser credentials.
from Release 9.3 to Release 9.7
Cisco VXME during the upgrade from Release 9.3 to Release 9.7:
Uninstall the Cisco VXME (vxme-9.3.0-77.sletc11sp2.rpm) and VXME-Pre-Reqs
(vxme-pre-reqs-9.3.0-27.sletc11sp2.rpm) add-ons before
Disable the preserve changes option in the RSP file
(set-preserve-changes no) before the upgrade.
from Release 9.0 to Release 9.7
Cisco VXME during the upgrade from Release 9.0 to Release 9.7, the only option
available is to disable the preserve changes option in the RSP file (set-preserve-changes
no) before the upgrade.
Cisco VXME from devices running Release 9.7:
Uninstall the Cisco VXME and VXME-Pre-Reqs add-ons on the
Release 9.7 devices.
- Re-image the client
using the Release 9.7 base firmware with the preserve changes option in the RSP
file set to no (set-preserve-changes no).
HTTP and HTTPS
with Cisco VXC Manager
Release 9.7, the Cisco VXC 6215 can support Cisco VXC Manager 4.9.1 using HTTP
or HTTPS , but not FTP. Set the Cisco VXC Manager to use HTTP or HTTPS for
server communications (using a custom installation).
communicating with Cisco VXC Manager, Cisco VXC 6215 devices always attempt to
use HTTPS first. If both HTTP and HTTPS are enabled on Cisco VXC Manager, the
HTTP protocol will only be used for communication as a backup option (if a
device does not have a Cisco VXC Manager certificate). After the upgrade, Cisco
VXC 6215 devices lose the Cisco VXC Manager certificates, so the communication
will fallback to HTTP, until the Cisco VXC Manager certificate is re-deployed.
If you enable
only HTTPS and disable HTTP on Cisco VXC Manager, and an upgrade for the Cisco
VXC 6215 fails, Cisco VXC Manager does not fallback to attempting HTTP, unlike
the standard HAgent process. Instead, Cisco VXC Manager returns an error after
three attempts using HTTPS.
configure the software repository, you can check the Secure (HTTPS) check box
to enable HTTPS. However, the Validate Certificate with CA check box has no
effect. Regardless of whether the latter option is enabled, the certificates
are used for encryption only, not authentication, and so they are not validated
against a trusted CA.
To upgrade to
Firmware Release 9.7, you must first ensure HTTPS is disabled on Cisco VXC
Manager. The upgrade process supports HTTP only. After you perform the update
to Firmware Release 9.7, you can then re-enable HTTPS.
Release 9.7, DDC is the recommended method to push packages. Drag-and-Drop may
function but is only recommended in small environments or for test purposes.
Drag-and-Drop will not function at all for thin clients behind a Cisco
The benefits of
using DDC are as follows:
configuration for your thin clients is always available for download
(Drag-and-Drop is available only once, and in case of errors, the thin client
cannot download the same configuration again).
configuration can be applied to multiple machines (all devices or sub-groups).
A brand new
device can download the correct package without the need to specify a new
configuration (all new devices will use the same applied DDC configuration).
that you always deploy only one DDC package containing the base image, all the
add-ons you need, and the required INI file. If you must change anything inside
the package, create a brand new package with a different name.
INI and RSP
Files from Release 8.x Incompatible with Firmware Release 9.x
The INI and RSP
files used in Release 8.6 and 8.7 are incompatible with those used with
Firmware Release 9.0 and later. Do not try to re-use the Release 8.6 or 8.7 RSP
and INI files with Firmware Release 9.x. You must use the appropriate RSP and
INI files for the Release 9.x packages.
Preserve Changes Setting
running 9.0 and later firmware, in order for the hostname on the device to be
retained after a reboot, you must enable the preserve changes option in the RSP
file (set-preserve-changes yes) and in the INI file (Update.Preserve_changes=yes). If these parameters are
not set correctly, your previous configurations will be lost after a reboot and
the hostname on the thin client will revert to the device MAC address.
and RSP Files
Use only a plain
text editor to edit INI and RSP files. Do not use word processing program such
as Word or WordPad to edit these files, otherwise package deployment errors can
In the INI file,
INIFileSource=cache parameter to ensure that devices
use the local cached version of the INI file if they cannot access the INI file
from Cisco VXC Manager. This is particularly important for devices running the
Cisco AnyConnect VPN, so that they have a configuration to reference at bootup
before connecting to the network over VPN.
running the Cisco AnyConnect VPN, before you provide the devices to your remote
employees, you must first push the required configuration to the devices on
your local network first. After you have upgraded the devices with the required
parameters locally, you can then provide the preconfigured devices to remote
users to operate behind the Cisco AnyConnect VPN.
deploy an add-on to the device, include the base image in the DDC package. This
ensures that the devices that apply the add-on are also running the required
base image version. For devices already running the required base image, they
will install the add-on only.
To check which
specific add-ons and RPMs are installed on the thin client, see the Application
Info tab for the device in Cisco VXC Manager (at the bottom of the details pane
in Device Manager).
All Cisco VXC
Manager package names, filenames (including .rsp and .ini), folders, and so on
must be lower-case.
you push a new package, you must use a new name for the package. (You can copy
the package, change the name, make the required changes, and then push the
renamed package.) Do not make changes to an existing package and push it again
with the same name; otherwise, the clients may not apply the latest changes. As
a best practice, add the date to each package you create.
downgrade a Cisco VXC 6215 thin client from a newer Image DDC (for example,
DDC_10) to any older Image DDC (for example, DDC_09), and then try to re-apply
the newer image DDC to the client, the operation fails. To successfully
re-apply the newer image DDC (DDC_10) to the thin client after a downgrade, you
must first rename the newer image DDC using Cisco VXC Manager (for example, to
In the Device
Manager preferences (Configuration Manager > Preferences > Device
Manager), the minimum checkin time must be no less than 5 minutes, otherwise
devices will experience issues. For large deployments, the default value of 1
hour is appropriate.
If you deploy a
package from Cisco VXC Manager and an error message appears in the Schedule
Packages, delete this error. Any errors associated with a specific thin client
prevent future package deployments to the thin client until the errors are
Discovery Using Static Configuration Rather Than DHCP
DHCP is the
Cisco-recommended method for device discovery with Cisco VXC Manager. As an
alternative, you can specify the Cisco VXC Manager address on the thin client
statically in the INI file using the MgmtDiscoveryMethod=STATIC parameter
together with the RapportServer and the RapportSecurePort parameters. For more
Reference Guide for Virtualization Experience Client 6215 Firmware.
In Device Manager,
if you enter a command in the Execute Command dialog box (right-click the
device and choose
Command), always add an ampersand to the end of the command (for
/etc/init.d/sshd start &). Otherwise, the command
can leave the thin client unusable, requiring a manual reboot.
In the Log history
tab (at the bottom of the details pane in Device Manager), if you list the logs
by date, the entries are not listed in chronological order, but rather in