fdffdfd

Technical Support See the Support Website for technical updates, additional warranty information and documentation, and software revisions:

Web: http://www.clearcube.com/support/ Email: support@clearcube.com

Phone: (512) 652-3400

(866) 652-3400

ClearCube Technology, Inc. 1505 Volta Drive, Suite 100

Cedar Park, TX 78641

E-mail info@clearcube.com Phone: (512) 652-3500 or call toll free (866) 652-3500

Alternatively, contact your local ClearCube Reseller or Authorized Service Provider.

Copyrights © 2018 ClearCube Technology, Inc. All rights reserved. Under copyright laws, this publication may not be reproduced or

transmitted in any form, electronic or mechanical, including photocopying, recording, storing in an information retrieval

system, or translating, in whole or in part, without the prior written consent of ClearCube Technology, Inc.

This information is subject to change without notice and ClearCube shall not be liable for any direct, indirect, special, incidental

or consequential damages in connection with the use of this material.

Trademarks ClearCube® and EPM are trademarks or registered trademarks of ClearCube Technology, Inc.

Adobe PDF is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries. Catalyst, Cisco, and Cisco Nexus are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain

other countries. Intel, Intel Core, Pentium, and Xeon are trademarks of Intel Corporation in the U.S. and/or other countries.

Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Microsoft, Windows, and Windows Vista are

registered trademarks of Microsoft Corporation in the United States and/or other countries. Oracle and Java are registered

trademarks of Oracle and/or its affiliates. PCIE and PCIe are registered trademarks and/or service marks of PCI-SIG. PC-over-IP and PCoIP are registered trademarks of Teradici Corporation in the United States and/or other countries. Raspberry Pi is a

trademark of the Raspberry Pi Foundation. Realtek is a trademark of Realtek Semiconductor Corporation. Red Hat, Red Hat

Enterprise Linux, the Shadowman logo and JBoss are registered trademarks of Red Hat, Inc. in the U.S. and other countries.

Ubuntu and Canonical are registered trademarks of Canonical Ltd. VMware and VMware View are trademarks or registered

trademarks of VMware, Inc. in the United States and/or other jurisdictions. Other product and company names mentioned

herein are trademarks or trade names of their respective companies.

Patents The ClearCube Architecture and its components described in this user manual are protected by numerous granted and pending

U.S. and international patents. Granted patents include US05926172, US05966056, US05994952, US06012101, US06020839,

US06037884, US06038616, US06119146, US06148182, US06167241, US06385666, US06421393, US06426970, US06633934,

US06708247, US06735658, and US06886055.

Patents pending include: US S/N 09/755378, US S/N 10/279475, US S/N 10/198719, US S/N 10/198650, US S/N 10/409219,

US S/N 09/728667, US S/N 09/728669, US S/N 10/411804, US S/N 10/411908, US S/N 10/458853, US S/N 10/364584, US S/N

10/301536, US S/N 60/411066, US S/N 10/662933, US S/N 10/662889, US S/N 10/662932, US S/N 10/662968, US S/N

10/301563, US S/N 10/662936, US S/N 10/301518, US S/N 10/662955 and US S/N 10/662954.

Direct all inquiries about patented technology to ClearCube Corporate Headquarters.

http://www.clearcube.com/support/http://www.clearcube.com/support/http://www.clearcube.com/support/mailto:support@clearcube.commailto:info@clearcube.com

Contents

1. Introduction 9

2. Minimum Requirements and Support 9

3. Installation Prerequisites 10

4. Overview 10

4.1: EPM Appliance Setup 10

4.1.1: Deploy EPM Appliance Files 10

4.1.2: Configure Appliance Disk Storage 11

4.1.2.1: CIFS network share 11

4.1.2.2: NFS network share 12

4.1.2.3: Local disk storage 13

4.1.3 Configure Appliance Network (Hypervisor) 15

4.2: Device Discovery 15

4.3: Manual IP configuration (Appliance) 16

4.4: Setting up Guacamole Server 17

5: Accessing EPM Server 17

6: Using the EPM Administrator Account 17

7: Dashboard 18

8: Configuring EPM 19

8.1: Configuration Options 20

8.2: FTP Configurations 21

8.2: Server WAN Configuration 22

8.3: EndPoint Manager License 22

8.3.1: Applying the License Key 23

8.4: Kernel 24

8.5 Remote Access 25

8.6: User Management 25

8.4.1: Change Password 25

8.4.2: Add New User 26

8.4.3: Edit User 28

8.4.4: Delete User 28

8.5: Roles Management 29

8.5.1: Add New Role 29

8.5.2: Delete Role 30

9: Unmanaged Devices 31

10: EPM Firmware Configurations 31

10.1: Manual Server Discovery 31

10.2: Wi-fi Configuration 32

10.3: Static IP Configuration (Endpoint) 32

10.4: Server IP Configuration 32

11: TLS in EPM 33

11.1: Generating Self Signed Certificates 33

11.2: Generating Certificate Fingerprint 34

11.3: Configuring DNS 34

11.4: Adding Certificate to EPM Appliance 35

12: Basic Operations 35

12.6: Server Backups 35

12.7: Certificates 35

13: Device Discovery 37

14: Search Options 38

15: Configuring Endpoints Using Client Profiles 38

15.1: About Client Profiles 38

15.2: Auto-start settings in Profiles 41

15.2.1: VMware Settings 41

15.2.2: RDS Settings 43

15.2.3: ClearCube Sentral Settings 47

15.2.4: Citrix Settings 47

15.3: Default Profile 49

15.4: Create a New Profile 49

15.5: Apply a Profile to a Group 49

15.6: Deleting a Profile 50

16: Groups (Required for all Management tasks) 51

16.1: Creating a new Group 53

16.2: Default Group (add group types) 54

16.3: Deleting a Group 54

16.4: Edit Groups 55

16.5: Change Image 55

16.6: Shutdown Group 55

16.7: Restart Group 56

16.8: Update Firmware 56

16.9: Update Windows 56

Change Permissions 57

Wake On LAN 57

17: Managing an Endpoint in Group 58

17.1: Firmware Operations 58

17.1.1: Image Backups 58

Thin Client Image Backup 58

Workstation Image Backup 60

17.1.2: Change Image 62

Thin Client Image Change 62

Workstation Image Change 63

17.1.3: Update Firmware 65

17.1.4: Change Permissions 66

17.1.5: Update Kernel 66

17.2: Power 66

17.2.1: AMT Power Operations 66

17.2.2: Restart Endpoint 67

17.2.3: Shutdown Endpoint 67

17.2.4: Wake on LAN 68

17.3: Utilities 68

17.3.1: Take Screenshot 68

17.3.2: Change Hostname 68

17.3.3: Update Windows 69

17.3.4: Update HomePage 69

17.3.5: System Preparation 70

17.3.6: System Preparation with Audit Mode: 71

17.3.7: Install Application(s) 72

17.3.8: Uninstall Applications 73

17.10: Application Shortcuts 74

17.10.1: Create Shortcut 74

17.10.2: Delete Shortcut 74

17.10.3: Firmware Logs/Guest OS Logs 75

17.4: Other 75

17.4.1: Desktop View 75

17.4.2: Change Group 76

17.4.3: Delete Endpoint 77

17.5: View Hardware Specifications 77

18: View All Endpoints 78

19: Tasks 80

19.1: All Tasks 80

19.2: Current Tasks 81

20: Images 82

20.1: Add Image 82

20.2: Delete Image 84

20.3: Update Image 84

20.4: Revert Image 84

20.5: Download Image 84

21: Export Backup 84

20.1: Create Backup 85

21.2: Restore Backup 85

This Page Is Intentionally Blank

1. Introduction Endpoint Manager (EPM) provides IT administrators one dashboard to monitor and control their entire

deployment of local and remote computing assets: Thin Clients and Workstations. Designed to scale

from small businesses to large enterprises, ClearCube EPM gives IT departments total control by:

● Allowing endpoints to connect with the server. ● Applying customized and default profiles to endpoints. ● Backup and apply OS images to endpoints.

2. Minimum Requirements and Support The table below shows the minimum requirements for EPM components and supported operating

systems.

Table 1. Minimum requirements for EPM components and supported software

Component Minimum Requirements and Supported Items

Recommended or Comments

EPM Server 2.4 GHz processor Intel Core™ i7 1st generation or higher Xeon® 3400 series (4 cores) or higher

3GB RAM 8 GB RAM or higher

4GB free space Free space according to the amount of images to be stored

Separate FTP server for backups

Free space according to the amount of backups to be stored

EPM client 64 bit processor Intel Core™ i7 1st generation or higher Xeon® 3400 series (4 cores) or higher

2 GB RAM 8 GB RAM or higher

2.4 GB free space for firmware + Space according to GuestOS

8 GB free space or higher

Hypervisor VMware ESXi version 6.0.0 VMware ESXi version 6.5 or greater

Operating systems

Ubuntu 18.04 Supported on EPM server

Windows 10 IoT Supported on Thin Clients and Workstations

Windows 10 Pro Supported on Thin Clients and Workstations

Table 2. Ports used by EPM Appliance

PID Program Name

3306 mysqld

53 systemd-resolve

22 sshd

9191 java

8080 java

22 sshd

3. Installation Prerequisites The sections below give an overview of installation prerequisites and show important items to

remember when deploying the server appliance.

4. Overview EndPoint Manager server appliance comes with FTP server and MySQL database. To deploy the server

appliance, upload the appliance Virtual Machine on a VMWare ESXi Hypervisor.

4.1: EPM Appliance Setup The EPM server appliance is a Ubuntu 18.04 virtual machine which comes with the MySQL database.

4.1.1: Deploy EPM Appliance Files To deploy and run the server appliance:

- Login to VMWare ESXi Hypervisor.

- Click Create / Register VM. - In the dialog box, select Deploy a virtual machine from an OVF or OVA file. - Click Next. - Upload the required files (.ovf, .mf, .vmdk and .nvram) and name the Virtual machine e.g. EPM

Server Appliance.

- Select the datastore you want to upload the VM to and click Next. - Select the network on which you want to configure EPM.

- Click Finish.

Result: The EPM server appliance OVA file starts uploading.

- When the uploading process completes, go to the VM console to view IP and other

configurations.

4.1.2: Configure Appliance Disk Storage The EPM server appliance comes with 8GB disk space by default. In order to use the imaging

functionality, you will need additional disk space. To add the extra space you can mount one of the

following network types available in EPM server appliance:

1. CIFS (Network storage)

2. NFS (Network storage)

3. Local disk

NOTE: You cannot login to the server without adding the additional storage. Disk storage must be mounted after setting up the appliance.

4.1.2.1: CIFS network share You can mount a Common Internet File System (CIFS) or Samba network share to EPM appliance. To

mount a CIFS network storage:

1. Go to EPM server appliance console on VMware ESXi hypervisor

2. Click Advanced Menu on the landing screen. Select Configure Storage option

Result: Network share type options menu appears. 3. Press the spacebar to alternate between the network options and click OK to proceed 4. Navigate to cifs option and click OK 5. Enter username, password and network share path of CIFS storage disk. Click OK

Figure 1. CIFS network mount screen

Result: EPM server appliance reboots and cifs storage is mounted on server.

6. You can login to EPM server and see disk space on Dashboard

4.1.2.2: NFS network share You can mount a Network File Storage (NFS) to the EPM appliance. To mount NFS:

1. Go to EPM server appliance console on VMware ESXi hypervisor

2. Click Advanced Menu on the landing screen. Select Configure Storage option

Result: Network share type options menu appears. 3. Press the spacebar to alternate between the network options and click OK to proceed. 4. Navigate to the nfs option and click OK. 5. Enter network share path for network file storage. Click OK.

Figure 2. NFS mount screen

Result: EPM server appliance reboots and nfs disk is mounted on server.

6. You can login to EPM server and see disk space on Dashboard.

4.1.2.3: Local disk storage EPM server allows you to use a local disk for external storage. To mount a local disk:

1. Go to VMWare ESXi Hypervisor, select EPM server appliance and click shut down.

2. Click Edit.

Figure 3. VM Settings Menu

3. Refer to the Hard Disk menu. Add a new hard disk and configure disk space according to your requirements.

4. Now power on the server appliance.

5. Click Advanced Menu on the landing screen. 6. Select Configure Storage.

Result: Network share type options menu appears. 7. Press the spacebar to alternate between the network options and click OK to proceed. 8. Select local disks and from there, you have two choices: Mount Disk and Extend Disk. 9. Using the spacebar, hover over Mount Disk, and click OK.

Figure 4. Local Disks List

10. Disks List popup will appear. 11. If partition is enabled, EPM will direct you to select sdb otherwise it will create one. 12. Press OK and you will be prompted to reboot your computer to apply the changes.

Result: EPM server appliance reboots and nfs disk is mounted on server.

13. You can login to the EPM server and see disk space on Dashboard.

4.1.3 Configure Appliance Network (Hypervisor)

You can reconfigure EPM appliance network settings from VMWare ESXi Hypervisor. To change

appliance network:

- Go to VMWare ESXi Hypervisor, select EPM server appliance, and click Edit. - Go to the Network tab. - In the dropdown menu, select the network.

- Click Save. - Reboot the appliance.

Result: EPM appliance network is updated. New IP can be viewed on the appliance console screen.

NOTE: EPM server appliance has to be restarted after network configuration

4.2: Device Discovery To discover endpoints, one of the following methods must be configured:

1) DNS: An entry by the name of "epmserver" must be made on the DNS server

2) DHCP: An entry by the name of "epmserver" must be made on the DHCP server

3) Broadcast discovery must be enabled on the network

4) Manually entering the IP onto the client firmware after entering the PIN (See sec: “9.1 Manual Server Discovery”)

4.3: Manual IP configuration (Appliance) Manual IP configurations can be done on the Appliance configuration screen accessible by the console

view of Appliance on VMware vSphere Client.

Figure 4.1. Appliance static IP configuration

Figure 4.2. Appliance network settings

NOTE: EPM server appliance has to be restarted every time after IP configuration

5: Accessing EPM Server To access EPM server, open any browser type:

epmserver:8080

Or, for the full link, click on:

https://192.168.1.2

This will open the EPM server login page.

NOTE: Both machines should be on the same network and be accessible to each other

6: Using the EPM Administrator Account EPM provides a default Administrator account. Use the Administrator account to log in to EPM for the

first time, and configure settings such as password change.

After performing initial configurations, you can change the default settings. The steps below show how

to log in using the default EPM account.

1. Access EPM server and go to the Login page as described in sec 5: “Accessing EPM server”.

2. Enter the default account credentials shown in the table below.

Table 3. The Default EPM account credentials

Login Item Value

Username Administrator

Password Clearcube@1

3. Click Login.

Result: EPM displays the Dashboard.

https://192.168.1.2:9191/

7: Dashboard Dashboard is the landing page of the EPM server. It shows a summary of the following server data:

● Online Endpoints (Number of discovered endpoints that are online) ● Device Alert Status (Number of endpoints that are discovered, online and offline) ● Polls Received by Active Server (Number of polls sent by endpoints to EPM server) ● OS Type (OS types of endpoints currently discovered on EPM server: Windows/Linux) ● Running tasks (List of tasks currently in progress) ● Disk Usage (Amount of hard disk space on EPM server appliance) ● Network Usage ● CPU Usage

Figure 5. Dashboard

8: Configuring EPM The Configurations field provides an overview of the main server configuration options. After logging in,

open the configuration menu by clicking on arrow head on the top right corner. Select

‘Configurations’ in the dropdown menu. You can use the EPM Administrator account to login to EPM to

configure EPM.

Figure 6. Server Configurations menu

8.1: Configuration Options The table below shows the settings for the EPM server. These fields are located in the Configurations of

the top right menu.

Table 4. Configurations fields and options

Field Description

Simultaneous

updates This is the number of clients that can be updated simultaneously. If this limit is reached, the remaining updates are queued to be executed later.

Poll time (sec) Time interval after which clients send polls to the server.

Certificate file This field identifies the EPM server when running the TLS protocol. To provide the SSL certificate for the EPM server, it must be in PKCS12 format.

Keystore password This allows the EPM server to extract the certificate information from the PKCS12 file.

Broadcast delivery This detects and adds running EPM clients to the EPM server without the need for any user interaction.

WAN Configuration This field allows you to customize WAN configurations to connect EPM and endpoints when they are on different networks. This field only accepts an IP or domain name. It is not required to enter the protocol or the port.

8.2: FTP Configurations EPM stores server backup on an external FTP server.

Figure 7. FTP Configurations menu

The table below shows details of FTP server configurations options.

Table 5. FTP Configurations options

Field Description

FTP host Hostname/IP of FTP server. Export backups are saved on FTP server. ClearCube recommends using a static IP address.

FTP protocol This is used to connect to the server that is dedicatedly used to store files.

FTP username This field specifies the user name for the FTP server.

FTP password This field specifies the password for the FTP user. The default password is provided by EPM server appliance. Asterisks appear in place of the characters entered.

FTP port Port of FTP server.

8.2: Server WAN Configuration You can access EPM over the internet by customizing WAN configurations. This setting is used to

configure the endpoints so that they can communicate with the EPM server even when they are not in

the same network as the server. To configure WAN:

- Open Configurations by clicking on on arrow head on the top right corner.

- Enable WAN Configuration toggle button.

- Enter IP or domain name and save Configurations.

- Reboot the endpoint. WAN configurations are pushed with endpoints’ profiles.

Result: Server IP or domain name is updated on endpoint. You can now move the endpoint to a new network.

To connect endpoint via domain name, you are also required to enter the domain name on DNS server

(see sec 10.3: “Configuring DNS”)

NOTE: - To update WAN settings, make sure that both firmware and Guest OS profiles are applied on endpoint.

- When configuring this field, make sure that domain name / IP is reachable

from the local network as well as the external network

8.3: EndPoint Manager License In the EPM, go to Configurations >> License. You can perform two functions:

Requesting a Sentral License Key

Contact ClearCube Support for a Sentral license.

Email: support@clearcube.com

Phone: (866) 652-3400

NOTE: You must apply for a license within 60 days of installing Sentral.

8.3.1: Applying the License Key In the next step, copy the license key from the email you received from ClearCube. Add the license key to the dialog box and the rest of the information will appear.

Figure 8. License Configuration

Table 6. License Configuration options

Field Description

License Key This specifies the license key which the user receives from the email

sent by ClearCube Support.

Current Date This indicates the current date on which the user is running the flow.

Issue Date This is the date on which the license key is issued and will enable user

access to the database in accordance with the EPM’s purchased license

term.

Start Date This specifies the date on which access to the EPM software is intended

to start and the actual date on which access to the software is

provided.

Expiry Date This specifies the day on which the license is expiring after the key has

been initialized/activated.

Allowed Devices This shows the number of allowed devices on the EPM server.

8.4: Kernel EPM server allows you to remotely update Linux Kernel of endpoints’ firmware. To start the process, you

will have to download the updated package from ClearCube’s website. Then upload the .zip package to

the EPM server where it will be extracted. To upload the package:

1. Open Configurations by clicking on on arrow head on the top right corner.

2. Click Kernel. 3. Upload the .zip file. Wait for the file to upload and do not close the tab or browser during the

process.

Figure 8. Kernel Configuration

The uploaded package will be used to update Endpoints’ Kernel. See sec 17.1.5 “Update Kernel” to update endpoint’s kernel.

8.5 Remote Access EPM allows remote access to the endpoint's desktop view by using third party service. You can configure

the Apache Guacamole server with EPM in the Configurations menu.

1. Open Configurations by clicking on on arrow head on the top right corner.

2. Click Remote Access. 3. Enter the IP and port of the Guacamole server that you configured.

4. Click Update.

Result: Guacamole server settings are saved in EPM.

Figure 9. Remote access Configuration

This will allow you to establish remote access with endpoints. See sec 17.4.1 “Desktop View”.

8.6: User Management EPM allows the Administrator to create new users and change the current user’s password. Open the

user management menu by clicking on on arrow head on the top right corner. Select ‘User Management’ in the dropdown menu.

8.4.1: Change Password The Change Password option is present in the User Management menu. The table below shows the settings for changing passwords.

Figure 9. Change Password popup

Table 7. Change password fields

Field Description

Current Password This field specifies the current password of the administrator account.

New Password This field specifies the new password. Enter the new password in this field.

Confirm New Password This field confirms the new password. Enter the same password as the New Password field. Both passwords should match.

8.4.2: Add New User

EPM allows you to add new users from and assign different roles to users. To add a new user:

- Go to User Management and click ‘Add New User’.

Result: ‘Add new user’ form appears. Input fields descriptions are shown in Table 6

Figure 10. Add new user popup

- Add Full Name, Username, Password and Role.

- Click “Add”.

Result: New user is added successfully. It can be viewed in Users table.

Table 8. Add new User fields

Field Description

Full Name This field specifies Full Name of the user. It is displayed on the dashboard at the top right corner.

Username This field specifies the username. This username is required to login to the server.

Password This field specifies the new password. Enter a unique password with at least one lowercase letter, one uppercase letter, one number and one special character in this field.

Confirm Password This field confirms new passwords. Enter the same password as the New Password field. Both passwords should match.

Role

This dropdown shows all the available roles that can be assigned

to users. Select a role from the dropdown menu. Roles are

discussed in sec 8.3: “Roles Management”

8.4.3: Edit User

EPM allows you to edit already created users’ Full Name and Role. To edit a user:

- Go to User Management - Select any user and hover over its Actions menu

- Click Edit User

Result: ‘Edit user’ popup opens

- Edit user information and click Update

Result: User information is edited

NOTE: Username cannot be edited.

8.4.4: Delete User EPM allows you to delete already created users. To delete a user:

- Go to User Management. - Select any user and hover over its Actions menu.

- Click Delete User.

Result: Confirmation popup opens.

- Click OK.

Result: User is deleted.

8.5: Roles Management EPM allows you to manage roles with different privileges and assign them to users. Open the Role

Management menu by clicking on on arrow head on the top right corner. Select Role Management in the dropdown menu.

8.5.1: Add New Role To add a new role:

- Go to Role Management and click ‘Add New Role’.

Result: The ‘Add New Role’ form appears. Input fields descriptions are shown in Table 7.

Figure 11. Add new Role popup

- Add Role name, Description and Privileges.

- Click ‘Add’.

Result: New role is added successfully. It can be viewed in the Roles table.

Table 9. Add New Role fields

Field Description

Role Name This field specifies the name of the role.

Description Enter role description or information in this field. It can be viewed in the Roles table.

Privileges These dropdown menus specify all the features or rights that can be assigned to a role. Only users with certain privileges can perform the actions specified.

8.5.2: Delete Role EPM allows you to delete already created roles. To delete a role:

- Go to Roles Management. - Select any role and hover over its Actions menu.

- Click Delete Role.

Result: Confirmation popup appears.

- Click OK.

Result: Role is deleted.

NOTE: - A role that is assigned to a user cannot be deleted. - ADMIN_ROLE cannot be deleted.

9: Unmanaged Devices Go to Configurations >> License >> Allowed Devices to view the number of allowed devices on the EPM server. When the maximum number of managed/allowed devices set by License is reached, any other

discovered devices will appear in Unmanaged Devices.

Figure 12. Unmanaged devices list

10: EPM Firmware Configurations EPM allows you to perform certain important functions on endpoint firmware. Some of these

functionalities are discussed below.

10.1: Manual Server Discovery Endpoints discover the EPM server when they are on the same network. If server discovery fails, EPM

allows you to manually enter server IP and poll it. To manually enter server IP (when broadcast discovery

fails):

- Access an endpoint when EPM firmware is installed on it. - A popup appears when discovery fails. - Click Enter Server IP and click OK.

Result: ‘Administrator pin’ popup appears.

- Enter the Administrator pin and click OK. It is the same as the Firmware pin in the endpoint’s Profile. (Default pin: 123456)

- Now enter the server IP and click OK.

Result: Endpoint discovers EPM server.

10.2: Wi-fi Configuration EPM allows you to manually configure and connect to Wi-fi on firmware. To connect to a Wi-fi

network:

- Reboot the endpoint.

- Press Ctrl + Alt + W when the EPM firmware blank screen appears. - Select the available network card.

- Click on the Wi-fi network that you want to connect from the list of available Wi-fi

networks.

- Enter Wi-fi Password.

- Click Connect.

Result: Endpoint connects to the selected Wi-fi network.

NOTE: You can disconnect the Wi-fi network and choose another one to connect to.

10.3: Static IP Configuration (Endpoint) EPM firmware allows you to assign a static IP to an endpoint. To assign static IP:

- Reboot the endpoint.

- Press Ctrl + Alt + W when the EPM firmware blank screen appears. - Connect the endpoint to a network via LAN or Wifi

- In Network adaptors dropdown, choose an adaptor to configure static IP - Uncheck Enable DHCP checkbox.

Result: Static IP configuration input fields are enabled.

- Enter IP Address, Default Gateway, Name Server 1 and Name Server 2. - Click Save IP Configuration

Result: Confirmation popup appears. Static IP is assigned to endpoint firmware.

10.4: Server IP Configuration EPM firmware allows you to configure server IP on which an endpoint can be discovered. To save the

server IP in firmware configurations:

- Reboot the endpoint.

- Press Ctrl + Alt + W when the EPM firmware blank screen appears.

Result: The Network Configuration screen opens.

- Click on the WAN Configuration tab. - Enter Server IP or URL in the input field.

- Click Save. - Click OK on the confirmation popup.

Result: Server IP is saved.

Reboot the endpoint and ensure that it is discovered on the EPM server saved in the WAN

Configuration.

NOTE: Endpoint is only discovered on EPM server if both are configured on the same network.

11: TLS in EPM

EPM server facilitates secure communication with endpoints. ClearCube EPM supports SSL security

authentication that is enabled by default. EPM provides a self-signed certificate with the appliance.

11.1: Generating Self Signed Certificates The following commands can be used to generate a self signed certificate using openssl.

i. openssl > genrsa -aes256 -out server.key 2048

Above command is used for RSA key generation. The user will be prompted to enter the pass-phrase

for the key. After successful completion of this step, a key file will be generated.

ii. openssl > req -new -key server.key -sha256 -out server.csr

Above command uses the generated key to generate a new csr file. The user will be prompted to

enter the pass-phrase for the key generated above. If the key entered is correct, the user would be

required to enter further information. After successful completion of this step, a csr file will be

generated.

iii. openssl > x509 -req -days 365 -in server.csr -signkey server.key -sha256 -out server.crt

Above The command, use the csr and key generated in step (i) and (ii) to generate -sha256 crt which

has a validity of 365 days. The user will be prompted to enter the pass-phrase for the key. After

successful completion of this step, a crt file will be generated.

iv. openssl > x509 -in server.crt -out server.pem -outform PEM

The above command generates a pem file using the crt file. After successful completion of this step, a

pem file will be generated.

v. openssl > pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -CAfile server.crt -caname root -chain

Above command generates a PKCS12 format p12 file using the crt and key generated above which

has the alias tomcat. This file will be uploaded to the EPM Appliance. The user will be prompted to enter

the pass-phrase for the key. If the key is validated, the user will be asked to enter the export password.

After successful completion of this step, a p12 file will be generated.

NOTE: You need to use the password: clearcube1_ for all of the above commands.

11.2: Generating Certificate Fingerprint You can generate certificate fingerprint by running the following command in openssl:

openssl > x509 -in server.pem -noout -sha256 -fingerprint

Above command is used to get the fingerprint of the certificate generated in Section 9.1.

11.3: Configuring DNS

You are required to manually make an entry by the name of "epmserver" on the DNS server. To add an entry in DNS server:

- Open the DNS server with administrative rights. - In the side menu, click the network name on which EPM server is deployed. - Click Actions in the menu bar and select Other New Record. - Select Resource Record Type as ‘text’ and click Create Record.

Result: The ‘Create New Record’ popup appears.

- Enter ‘epmserver’ in Record name. - Enter EPM certificate fingerprint (generated in Section 9.2) in ‘Text’ field. It should be written in

the following format:

=

- Click Done. - Discover all endpoints from EPM server.

Result: All communication between EPM server and endpoints is secured.

EPM server supports multiple DNS entries. You can add another DNS entry with the Record name of your choice. To connect via that address, enter it in Configurations >> WAN Configuration (see sec: 8.1: ‘Configuration Options’)

NOTE:

- The fingerprint/key entered in the DNS server should match with the one present in the EPM server appliance. If the entries do not match, then a certificate error message shows on endpoints.

- epmserver DNS entry is mandatory. You can add other addresses by your choice.

11.4: Adding Certificate to EPM Appliance EPM allows you to add / update SSL certificates on appliances. To add / update certificate:

- Connect to the Appliance using any FTP client e.g. WinSCP with the appliance IP.

- Enter Appliance IP, port, username and password to connect. - Replace the .p12 file generated as a result of Section 10.1 in the folder. - Reboot the Appliance.

Result: The Appliance certificate is updated.

12: Basic Operations The section shows the basic tasks you can perform after configuring the EPM Server.

12.6: Server Backups EPM allows you to export Server backups and import them on EPM server to restore data. To export

server data, go to Export Backup tab >> Create Backup (as discussed in sec 7.2 Backup/Restore). Choose the backup type you want to export and then click ‘Export’. A disk space confirmation popup may appear. Click OK to start backup.

Server backup progress can be viewed in a popup.

12.7: Certificates EPM server enables secure communication with clients. EPM supports TLS and 802.1x security

authentications. EPM allows the user to upload certificates using the Certificates tab. EPM SSH certificate can be updated and pushed to endpoints from this screen. To upload a certificate perform the

following steps:

1. Upload the Certificate on EPM server by going to Certificates >> Add certificate.

2. On clicking Add Certificate, the following popup appears.

Figure 18. Add Certificate popup

3. Complete the data required in the table below and click Add.

Table 15. Add Certificate fields

Field Description

● Certificate Name Enter a certificate name. This will be referenced while creating profiles.

● Certificate Type This field specifies the type of the certificate. Options include: ● SSH ● 802.1x Authentication

● Public Certification File (.cer)

Select the Location for EPM Server's public SSL certificate (.cer file).

● 802 Username Enter identity string for 802.1x EAP.

● 802 Password Enter password string for 802.1x EAP.

● 802 Domain Enter Domain name for 802.1x EAP.

● 802 Authentication Enter space-separated list of accepted 802.1x EAP methods (MD5, MSCHAPV2, PEAP, TLS)

● 802 Encryption Enter Inner authentication with TLS tunnel (EAP-PEAP, EAP-TTLS)

● 802 CA Select a Certificate file (.cer/.pem/.der/.pfx). You can have one or more trusted CA certificates. If a CA certificate is not included, the server certificate will not be verified. This is not secure and the CA file should always be configured.

● 802 Private Key Select path to client private key file (.cer/.pem/.der/.pfx). In this case, both the private key and certificate will be read from the PKCS#12 file.

● 802 Client Select file path to the client certificate file (PEM/DER).

13: Device Discovery All devices/endpoints must be discovered on your EPM server to perform any management operations.

Broadcast discovery is enabled on EPM server by default. After discovering endpoints, EPM displays

them in groups. All discovered endpoints appear in the Default Group. You can create more groups and

move endpoints in other groups.

Client discovery can be done in the following ways:

1) via DNS (an entry by the name of "epmserver" has to be made on the DNS server)

2) via DHCP

3) Broadcast discovery (it only works if the above two do not work and the clients are on the same

subnet as the server).

4) Manually type server IP onto the client firmware after entering the PIN.

In order to view discovered clients, click on Groups and then select the group that you want to open and view devices.

NOTE: After the first deployment, all discovered endpoints will appear in the Default Group.

14: Search Options EPM enables you to search for devices and relevant data on every screen. It uses wildcard search techniques on every screen to maximize search results. To search data from any screen/tab, go to that

screen and search for data by clicking on Search input field on the top right corner.

Result: Search results will appear in the table.

15: Configuring Endpoints Using Client Profiles The sections below show how to configure EPM endpoints (Thin Clients and Blade agents) using Client

Profiles.

15.1: About Client Profiles Client profiles enable administrators to apply a device-level configuration to groups of endpoints

through a RESTful API call, rather than configuring clients individually. Profiles configuration contains the

following settings:

● Profile name ● Security Settings ● Application settings ● Autostart settings

Figure 19. Add Profile popup

Table 16. Add Profile fields

Field Description

Profile Information Section

Profile Name Type a name for this profile.

Firmware Pin Code Set an administrator pin code for the firmware.

Standalone boot When this property is selected, the endpoint is allowed to boot as a standalone device independent of the server.

MAC Filtering When this property is selected, Mac filtering is enabled. The endpoint needs to be allowed on the server to boot.

UWF (Windows 10 IOT Feature)

When this property is enabled UWF. If supported on the endpoint OS, it is enabled.

Security Settings

Enable SSL Select this option to enable SSL authentication for communication between EPM Server and endpoints.

Enable 802.1x Security Select this option to enable 802.1x encryption.

Applications Enabled

Applications Enabled

This pull-down menu specifies which applications should be enabled on the endpoint. Options include:

● VMware Horizon ● RDS ● ClearCube

Autostart Settings

Select Application

This pull-down menu specifies the application that would initiate automatically on the endpoint upon startup. Options include:

● VMware Horizon ● RDS ● ClearCube ● None

Hostname Configurations

Randomize Hostname Enable this option to randomize the hostname of an endpoint after an image has been deployed. This prevents a device from not communicating over the network due to having a non unique hostname on the network.

Prefix Enter a string here. If the Randomize feature is not enabled, every endpoint`s hostname is changed to a string of the format “Prefix-####”. The number after the ‘-’ is calculated using the below 2 values.

Min Range The minimum value of the hostname string.

Max Range The maximum value of the hostname string.

NOTE: - Hostname configurations in Profiles are applied on the endpoint after the deployment process completes.

- Difference between Min Range and Max Range should be at least 50.

15.2: Auto-start settings in Profiles This section shows settings for applications that can be enabled in Profiles. EPM allows the clients to

automatically start a selected application on reboot. The settings for these applications can be

configured in Profiles. EPM allows the following applications to auto-start remotely:

- VMware

- RDS

- ClearCube Sentral

NOTE: Auto-start settings are only pushed to applications that are selected to auto-start on reboot.

15.2.1: VMware Settings EPM allows you to remotely apply VMware settings to endpoint. To push auto-start settings, VMWare

Horizon Client should be installed on the endpoint. This table shows the VMware Horizon Client Settings.

You can add multiple VMware servers by clicking Add Server in VMware Settings. You can add up to 5 VMware servers.

NOTE: Only one server can be aut-connected when multiple server settings are added.

Table 17. VMware Settings fields

Field Description

SSL verification mode

This pull-down menu specifies the SSL Verification Mode to use. It includes the following options:

● Reject if any verification fails. ● Warn but allow self-signed connections. ● Perform no verification check.

All monitors Selecting this property would hide the host operating system and open the Horizon Client UI in full screen mode on all monitors that are connected when the client is launched.

Auto Connect to server When this property is selected, VMWare Horizon Client would automatically connect to the server used.

URL Horizon Server Sets the URL for Horizon Server.

VMware Server Domain Sets the domain name that Horizon Client uses for all connections and adds it to the Domain Name field in the authentication dialog box.

Allow Send Ctrl+Alt+Del to Local

Selecting this property would send the key combination Ctrl+Alt+Del to the client system rather than opening a dialog box to prompt the user to disconnect from the view desktop.

Allow Send Ctrl+Alt+Del to VM

Selecting this property would send the key combination Ctrl+Alt+Del to the virtual desktop rather than opening a dialog box to prompt the user to disconnect from the view desktop.

Kiosk mode Select this property to authenticate a Horizon client to use kiosk mode account.

Reconnecting VM in case of error

If this property is selected, the Horizon Client would retry connecting in case of an error.

Show Menu Bar Select this property to suppress the Horizon client menu bar when the user is in full screen mode.

15.2.2: RDS Settings This section shows how to configure RDS settings for auto-start mode. These settings will automatically

be applied when a client with this profile reboots. The table below shows each field for RDS settings.

Figure 20. RDS Settings

Table 18. RDS Settings fields

Field Description

Server Alias Allows you to enter Alias for the Server.

Username Specifies the name of the user to log in to the remote device.

Password Specifies the password for the user that logs in to the remote device.

Domain Specifies the Domain to log in to for the session.

Default Resolution Set the default resolution for the remote session.

Bitmap Cache Persistence

Determines if bitmap caching occurs on the local computer (disk-based cache). Bitmap caching can improve the performance of your remote session. 0 – Do not cache bitmaps. 1 – Cache bitmaps.

Redirect Printers

Makes printers configured on the Thin Client available in remote sessions. 0 – The local printers on the Thin Client are not available on the remote host computer. 1 – The local printers on the Thin Client are available on the remote computer.

Redirect COM port

Makes COM ports configured on the Thin Client available in the remote session. 0 – The local COM ports on the Thin Client are not available on the remote host computer. 1 – The local COM ports on the Thin Client are available on the remote computer.

Audio Mode

Determines how audio output is handled when the Thin Client is connected to a remote computer. 0 – Play sounds on the thin client. 1 – Play sounds on the remote computer. 2 – Do not play sounds.

Disable Wallpaper

Determines whether the desktop background is displayed in the remote session. 0 – Display wallpaper. 1 – Do not display wallpaper.

Allow Desktop Composition

Determines whether desktop composition (needed for Aero) is permitted when you log on to the remote computer. 0 – Disable desktop composition in the remote session. 1 – Desktop composition is permitted.

Disable Menu Anims Determines if menu and window animation effects occur in the remote session.

0 – Menu and window animation is permitted. 1 – Menu and window animation is not permitted.

Prompt Credential Once

Determines whether Remote Desktop Connection prompts for credentials when connecting to a remote computer for which credentials were previously saved. 0 – Use the saved credentials and do not prompt for credentials. 1 – Prompt for credentials.

Network Auto detect

Automatically detects network characteristics and optimizes user experience accordingly. 0 – RDP does not detect any network settings. 1 – RDP automatically detects the best network settings.

Color Depth Specifies the color depth of the remote session. Select 15-bit, 16-bit, 24-bit, or 32-bit.

Drives To Redirect

Determines which local thin client disk drives are redirected and available in the remote session. No Drives – Do not redirect any drives * – Redirect all disk drives, including drives connected later. Dynamic Drives – Redirect any drives that are connected later.

Redirect Smard Cards Specifies if smart cards are redirected and available in a remote session. 0 – Smart card on Thin Client is not available in remote session. 1 – Smart card on Thin Client is available in the remote session.

Compression Determines whether the connection should use bulk compression. 0 – Do not use bulk compression. 1 – Use bulk compression.

Use Multimon

Determines whether the session should use true multiple monitor support when connecting to the remote computer. 0 – Do not enable multiple monitor support. 1 – Enable multiple monitor support.

Connection Type

Specifies predefined performance settings for the Remote Desktop session. 1 – Modem (56kbps) 2 – Low-speed broadband (256 kbps – 2 Mbps) 3 – Satellite (2 Mbps – 16 Mbps with high latency) 4 – High-speed broadband (2 Mbps – 10 Mbps) 5 – WAN (10 Mbps or higher with high latency) 6 – LAN (10 Mbps or higher) 7 – Auto detect When selected, this option changes multiple performance-related settings (themes, animation, font smoothing, etc.). This setting is superseded by any changes to the individual settings. See the RPC GUI’s Experience tab for the list of individual settings that are affected.

Allow Font Smoothing

This setting determines whether font smoothing is used in the remote session. 0 – Disable font smoothing in the remote session. 1 – Permit font smoothing.

Disable Full Window Drag

Determines whether window content is displayed when you drag the window to a new location. 0 – Show the contents of the window while dragging. 1 – Show an outline of the window while dragging.

Disable Themes

Determines whether themes are permitted when you log on to the remote computer. 0 – Themes are permitted. 1 – Disable theme in the remote session.

Redirect Clipboard

Determines whether the Thin Client clipboard is redirected and available in the remote session, and the same for the remote computer’s clipboard. 0 – Do not redirect the clipboard. 1 – Redirect the clipboard.

Prompt For Credentials

Determines if Remote Desktop Connection requests credentials when connecting to a remote computer for which the credentials were previously saved. 0 – Use the saved credentials and do not prompt. 1 – Prompt for credentials.

Administrative Session Connect to the administrative session of the remote computer. 0 – Do not use the administrative session. 1 – Connect to the administrative session.

15.2.3: ClearCube Sentral Settings EPM allows you to remotely apply ClearCube Settings to the endpoint. To push auto-start settings,

ClearCube Thin Client Agent should be installed on the endpoint. These settings will automatically be

applied when a client with this profile reboots. EPM Thin Client Agent is connected to Sentral primary

and secondary server.

Figure 21. ClearCube Settings

The table below shows each field for Sentral settings.

Table 19. ClearCube Settings fields

Field Description

Primary Server Enter ClearCube Sentral server’s primary server IP in this field.

Secondary Server Enter ClearCube Sentral server’s secondary server IP in this field.

15.2.4: Citrix Settings EPM allows you to remotely apply Citrix storefront settings to an endpoint. You can push storefront

settings and certificates to connect endpoints to XenDesktop and XenApp. To push auto-start settings,

the Citrix Workspace application should be installed on the endpoint. These settings will automatically

be applied when a client with this profile reboots. The table below shows each field for Citrix settings.

Figure 22. Citrix Settings

Table 20. Citrix Settings fields

Field Description

Store URL

StoreFront authenticates users to sites hosting resources and manages stores of applications and desktops that users access. Specify the URL of Citrix storefront in this field

Store Domain This field specifies the domain address of Citrix storefront

Store DNS Specifies DNS address of Citrix storefront

Store Name Specifies the name of Citrix storefront

Certificates

Upload the required SSLcertificates in this field. For domain-joined computers, you can use Group Policy Object administrative template to distribute and trust CA certificates. For non-domain joined computers, the organization can create a custom install package to distribute and install the CA certificate. Contact your system administrator for assistance.

15.3: Default Profile EPM applies a client profile whenever a new endpoint is discovered. This profile is present in the server

by default and applied to the Default group. You can add a new profile (see sec 14.4: “Create a New Profile” ) and apply it to groups.

NOTE: You cannot edit or delete a default profile.

15.4: Create a New Profile If you have specific configuration requirements for groups of endpoints (for example, clients used in

particular locations, or for types of users), you can create custom profiles for those devices. Create a

new group for these devices, add devices to the group, and then apply a custom profile to the group. It

will be pushed to all of the devices in the group. You can apply a profile to any number of device groups

(multiple groups can use the same profile).

Create a New Profile

1. Go to Profiles > Add Profile.

Result: The Add Profile popup appears.

2. Complete the profile fields and then click Save. See 14.1 “About Client Profiles” above for details about all Profile field descriptions.

Result: A success message appears. Profile has been added.

15.5: Apply a Profile to a Group

This section shows how to apply a profile to an existing group. To apply a profile to a new group (see sec 15.1 “Creating a new group” )

1. From the side menu, click Groups.

2. Select a group and click Edit Group.

Result: The Edit Group popup appears.

Figure 23. Edit New Group popup

3. Click on Applied Profile dropdown.

4. From the applicable profile names in the dropdown, select the name of the name of the profile which you want to apply.

5. Click Update. A success message appears at the bottom of the popup indicating that changes have been saved.

6. Reboot all endpoints in the edited group to apply the profile.

7. In order to verify that the profile has been applied, view Notifications in the top right corner.

NOTE: Profile applies to both Firmware and Guest OS. The notifications appear in the same order.

15.6: Deleting a Profile EPM allows you to delete profiles. To delete a profile:

1. Go to Profiles. 2. Select a profile and click Delete Profile. 3. A confirmation popup appears. Click OK.

Result: A success message appears and the selected profile is deleted.

You can also delete multiple profiles by selecting them together.

NOTE: Profile(s) applied on group(s) cannot be deleted.

16: Groups (Required for all Management tasks) In EPM server, endpoints are managed through groups. After discovery, endpoints are added in the

Default Group (see sec 16.2 “Default Group”). Endpoints must be in an EPM group for all management tasks. The list of groups is accessible from the Groups menu.

The table below shows the descriptions of all columns in the Groups screen.

Table 21. Groups Fields Descriptions

Field Description

Hostname This specifies the computer name.

MAC Address This column shows the physical MAC address of the endpoint.

MAC Access This column shows whether an endpoint is allowed to connect to the server or not. Its value can be ‘Allowed’ or ‘Denied’ (see sec 16.2 “Change Permissions”)

Firmware/Client version This column shows the current firmware version of an endpoint.

Guest OS This column shows the current Guest OS type on an endpoint.

IP Address This column shows the current IP address of an endpoint.

Status

This column shows the current status of the endpoint. Status can be: ● Online/Logged In ● Online/Logged Off ● Connecting ● Offline

Last Poll This column shows the Last poll sent by endpoint to the EPM server. To view the Last poll, hover over Details.

Current Image (Version) This column shows the OS image and its version that is currently deployed on endpoint.

Applied Image (Version) This column shows the OS image and its version that is queued to be deployed on endpoint.

Screenshot This column shows current shows last captured screenshot os endpoint (see sec “11.5: Take Screenshot”)

Services This column shows the list of services currently running on an endpoint. Services can only be viewed for Windows Guest OS.

Host Name This column shows the hostname of the endpoint.

Firmware Log This column shows a file containing firmware logs from when it is connected with the EPM server.

Guest OS Log This column shows a file containing logs generated by EPM Guest OS Client

Hardware Specs This column shows an option to view endpoints’ specifications (Hostname, RAM, Processor, Hard Disk and OS)

16.1: Creating a new Group To create a group:

1. Go to Groups. 2. Select Add New Group.

Result: Create New Group popup appears. Add group field descriptions are mentioned below.

Figure 24. Create New Group popup

3. Complete the Group Name, Group Type, Applied profile fields, and then click Add.

Result: Group is added. The selected profile will apply when the endpoint(s) in that group reboot(s).

4. You can also make a group default by checking Mark This Group Default. Refer to sec 15.2 “Default Group”.

Table 22. Add Group fields

Field Description

Group Name This field specifies the group name that you want to choose.

Group Type This field specifies group type according to the endpoint(s) in that group.

Applied Profile This dropdown field specifies the profile that will apply to the group. This list comes from the Profiles tab.

16.2: Default Group (add group types)

The EndPoint Manager supports multiple Thin Client and Workstation groups. EPM displays all endpoints

in groups. Each group type has its own default group.

All discovered endpoints appear in their respective Default Group. The Default Group is already present when the EPM server is deployed. A Default Group cannot be deleted. You can add a new group and make it Default.

To make a group Default:

1. Go to Groups. 2. Select a group and click Edit Group. 3. Select Mark Group As Default. 4. Click Update.

Result: A success message appears and the selected group is marked as Default.

You can also verify this in the Groups list. The value for the Default Group column is True for a default group.

16.3: Deleting a Group

EPM allows you to delete a group. To delete a group:

5. Go to Groups.

6. Select a group, hover over its Actions menu, and click Other >> Delete Group.

7. A confirmation popup appears. Click OK.

Result: A success message appears and the selected group is deleted.

You can also delete multiple groups by selecting them and clicking the Delete button that appears above the table.

NOTE: - When a group is deleted, all its endpoints move to the Default Group. - The Default group cannot be deleted.

16.4: Edit Groups

The EPM allows you to edit already created groups. To edit a group:

1. Go to Groups. 2. Select a group, hover over its Actions men, and click Other >> Edit Group. 3. Edit group information and click Update.

Result: The selected group is edited.

16.5: Change Image

The EPM allows you to deploy an OS image on a Thin Client group. To change OS image of all Thin Clients

in a group:

1. Go to Groups. 2. Select a group, hover over its Actions menu, and click Firmware Operations >> Change Image. 3. Add image change information in the Change Image popup. 4. Click Change Image.

Result: Image deployment on a group is queued in Tasks

NOTE: A single OS image cannot be deployed to a workstation group.

16.6: Shutdown Group

EPM server allows you to remotely shut down all endpoints in a group. To shutdown endpoints in a

group:

1. Go to Groups 2. Select a group, hover over its Actions menu and click Power >> Shutdown Group. 3. This will create a Shutdown task and all devices in the group will shutdown immediately.

NOTE: Only those endpoints can be shut down whose status is ‘Online/Logged in’.

16.7: Restart Group

EPM server allows you to remotely restart/reboot all endpoints in a group. To restart an endpoint:

1. Go to Groups. 2. Select a group, hover over its Actions menu and click Power >> Restart Group. 3. This will create a Restart task and all devices in the group will restart immediately.

NOTE: Only those endpoints can be restarted whose status is ‘Online/Logged in’.

16.8: Update Firmware

EPM server allows you to remotely update firmware of all endpoints in a group. This is done to update

the EPM’s own client software in case of updates and/or feature additions. To update firmware:

1. Go to Groups. 2. Select a group, hover over its Actions menu, and click Firmware Operations >> Update

Firmware (as discussed in sec 11.3 Update Firmware). 3. Upload a firmware [.jar] file in dropdown.

4. Click Add.

Result: Firmware file is queued to be updated on all endpoints in the group.

16.9: Update Windows EPM allows you to remotely initiate the process of downloading and installing updates for Windows

Guest OS of all endpoints in a group. To update Windows of endpoints in a group:

- Go to Groups. - Select any group, hover over its Actions menu, and click Utilities >> Update Windows

Result: Update Windows popup appears

- You can either start the process immediately or schedule for another time.

- To schedule the process, click Schedule, select a date/time and click Update

Result: Endpoints’ Windows will download and install updates at the selected time.

Change Permissions ‘Change permissions’ settings apply on endpoints when MAC filtering is enabled in Profiles (see sec 14.1: “About Client Profiles”). These settings determine on discovery, whether an endpoint is allowed or denied to connect with EPM. To allow/deny endpoints in a group, select the group , hover over its

Actions menu and click Firmware Operations >> Change Permissions. Change the permissions and click Apply.

Result: Permissions apply accordingly.

Wake On LAN EPM allows you to remotely power on endpoints in a group. It powers on a machine without human interaction by sending a magic packet over the network.To use this feature, enable it in endpoint’s BIOS settings. See sec 17.2.7: “Wake on LAN”. To remotely power on and endpoint from EPM server:

1. Go to Groups. 2. Select a group, hover over its Actions menu, and click Power >> Wake on LAN

Result: Endpoints in the group are powered on.

17: Managing an Endpoint in Group All management tasks in the EPM are implemented by adding endpoints in Groups. To access a group, click Groups in the side menu and select a group from the list. Following is a description of tasks that can be performed by adding clients in Groups.

17.1: Firmware Operations These operations are performed at firmware level by the endpoint. To perform these operations, the

endpoint has to go to firmware; this is either done automatically by EPM or manually by the user at the

next reboot.

17.1.1: Image Backups EPM server allows administrators to backup OS images of Endpoints and Workstations. Image Backups

are saved in Images on the server.

I. Thin Client Image Backup The steps below show how to backup an OS image on Thin Clients:

1. Go to Endpoints and click on a client row. It redirects to the Thin Client group.

2. Select any Thin Client and hover over its Actions menu.

3. In the Actions menu, click Firmware Operations >> Backup Image.

Result: The Backup Image popup opens. The image below shows the ‘Backup Image’ popup.

Figure 13. Backup Image popup (Thin Client)

4. Complete the fields in the Backup Image dialog. After completing the fields, click Schedule to schedule an image backup. You can choose to backup immediately by clicking Do Immediately.

NOTE: You will have to restart the client (manually or from EPM server) for the image backup process to start.

The table below shows the description of all fields in the Image Backup popup.

Table 10. Thin Client Backup Image fields

Field Description

MAC Address This field specifies the MAC address of the endpoint selected for image backup.

Image Location Location for the backup image. The image can be saved remotely on the server or locally on the endpoint.

Create New Image This option specifies that image backup will be saved as a new image in inventory. If you select this option, add a name in the Image name field.

Edit Image Edit and overwrite an existing image from image inventory.

Image Name Name of the backup image file.

Schedule Date and time for the backup process to start.

Task Description Information about the Task being created.

Do Immediately Immediately start image backup.

5. You can now view the scheduled tasks in the Schedule Screen.

II. Workstation Image Backup EndPoint Manager allows you backup Workstation OS images. The steps below show how to backup an OS image on Thin Clients:

1. Go to Endpoints and click on a workstation row. It redirects to the Workstation group.

2. Select any Workstation and hover over its Actions menu.

3. In the Actions menu, click Firmware Operations >> Backup Image.

Result: Backup image popup opens. The image below shows ‘Backup image’ popup.

Figure 14. Workstation Backup Image popup

In addition to Table 8. Thin Client Backup Image fields Workstation image backup popup has the following input fields.

Table 11. Workstation Backup Image fields

Field Description

Select Disk From all the available disks, select the disk that requires backup.

Image Compression Specify if you want to compress OS image or not.

17.1.2: Change Image EPM server allows administrators to remotely change/update OS images on Thin Clients and

Workstations. You can either redeploy the same image on the client or change an image from the image

inventory. To change an image, go to Groups and select a client. Go to Actions >> Firmware Operations >> Change image.

You can only deploy an image on an endpoint with the same disk size. If image deployment fails on an

endpoint then another deployment process starts as soon as the endpoint connects to the server.

I. Thin Client Image Change The steps below show how to change/update an OS image:

II. Go to Endpoints and click on a client row. It redirects to the Thin Client group.

III. Select any Thin Client and hover over its Actions menu.

IV. In the Actions menu, click Firmware Operations >> Change Image.

Result: The Change Image dialog opens. The image below shows the ‘Change Image’ popup.

Figure 15. Thin Client Change Image popup

V. Complete the fields in the Change Image dialog. After completing the fields, click Change Image to continue.

The table below shows Thin Client Image Change fields.

Table 12. Change Image fields

Field Description

Image Location Location for the backup image. The image can be saved remotely on the server or locally on the endpoint.

Redeploy Image Selecting this property would redeploy an already deployed image.

Change Image Selecting this property would replace the existing image with a different selected image.

Image Name Select the image file to be deployed in place of the existing Image.

Schedule Date and time for the Change Image process to start.

Schedule Description Information about the Schedule being created.

Do Immediately Selecting this property would Immediately start the Image Change process.

Deploy on next reboot If this property is selected, the new image would be deployed on the next device reboot.

VI. Finish the process by clicking Change Image. The Image will change according to the selected schedule and options.

VII. Workstation Image Change The steps below show how to change/update an OS image on a Workstation:

1. Go to Endpoints and click on a client row. It redirects to the Thin Client group. 2. Select any Thin Client and hover over its Actions menu.

3. In the Actions menu, click Firmware Operations >> Change Image.

Result: Change Image dialog opens. The image below shows the ‘Change Image’ popup.

Figure 16. Workstation Change Image popup

4. Complete the fields in the Change Image dialog. After completing the fields, click Change Image to continue.

In addition to Table 10. Thin Client Change, the Workstation image backup popup has the following input field.

Table 13. Workstation Backup Image fields

Field Description

Select Disk From all the available disks, select the disk that requires backup.

NOTE: A separate image can be deployed on the Workstation.

17.1.3: Update Firmware The user can update the firmware of a client from the EPM server. This is done to update the EPM’s own

client software in case of updates and/or feature additions. To update endpoint’s firmware:

1. Go to Endpoints and click on a client row. It redirects to the endpoint group. 2. Select any endpoint and hover over its Actions menu.

3. In the Actions menu, click Firmware Operations >> Update firmware.

Result: Update Firmware dialog opens.

4. Upload firmware (.jar) file and click Add

Result: Endpoints’ firmware updates after reboot

The image below shows the ‘Update firmware ’ popup.

Figure 17. Update Firmware popup

Table 14. Update firmware fields

Field Description

● Firmware File Select the location for the firmware (.jar) file.

● Force Restart Select this option if you want to force restart the endpoint.

17.1.4: Change Permissions ‘Change permissions’ settings apply on an endpoint when MAC filtering is enabled in Profiles (see sec 14.1: “About Client Profiles”). These settings determine on discovery, whether an endpoint is allowed or denied to connect with EPM. To allow/deny an endpoint, select the endpoint and click Change Permissions. Change the permissions and click Apply.

Result: Permissions apply accordingly.

17.1.5: Update Kernel EPM server allows you to remotely update Linux Kernel of endpoints’ firmware. To start the process, the

user will have to download the update package from ClearCube’s website. The user will then upload the

zip package to the EPM server where it will be extracted. The option to upload the package is found in

Configurations. Once the package has been uploaded and extracted, the user can select any endpoint, hover over its Actions menu, and select Firmware Operations > > Update Kernel.

Result: Update Kernel popup appears.

Click OK. Firmware Kernel update task is queued.

17.2: Power

17.2.1: AMT Power Operations When you connect a client to the EPM server, your server will verify if the client has AMT settings

enabled. If AMT is supported, the client’s power operations dropdown button will be enabled with three

options: Power Up, Power Down, and Restart.

1. If the client is off, click Power Up to switch it on. 2. If the client is on, click Power Down to switch it off. 3. The Restart option applies if your client is running.

NOTE: If the client is functional and the user clicks Power Up, the operation will be invalid because the client is already in this state.

AMT supports secure, remote power operations in EPM using INTEL Active Management Technology.

AMT Power Operations will function if the user is provided with their username and password

credentials. Visit the client’s group profile and verify that AMT settings are enabled. This will give you

the username and password options which you need to set for the user to perform the relevant power

operations. To perform AMT operations:

1. Go to Endpoints and click on a row. It redirects to Groups. 2. Select any endpoint, hover over its Actions menu, and click Power >>AMT.

Result: AMT Operations popup appears.

3. Perform any operation and click Apply

17.2.2: Restart Endpoint EPM server allows you to remotely restart/reboot endpoints. To restart an endpoint, go to Groups and select a client. Click ‘Restart’. This will create a Restart task and the device will restart immediately.

NOTE: Only those endpoints can be restarted whose status is ‘Online/Logged in’.

17.2.3: Shutdown Endpoint

17.2.4: Wake on LAN EPM allows you to remotely power on an endpoint. To use this feature, enable it in endpoint’s BIOS

settings:

1. Reboot the endpoint, go to BIOS settings. 2. Go to Power Management or Advanced settings. 3. Enable Wake on LAN and save the settings.

To remotely power on and endpoint from EPM server:

1. Go to Endpoints and click on a row. It redirects to Groups. 2. Select any endpoint, hover over its Actions menu, and click Power >> Wake on LAN.

Result: Endpoint is powered on.

NOTE: - Wake on LAN is a BIOS feature and it depends on uninterrupted power supply and available network connection. It may not be very reliable when these requirements are not met.

- EPM uses the Wake On LAN protocol to power on endpoints. Wake On Lan does not guarantee that it will power on the requested machine.

17.3: Utilities This is a category that lists all the features EPM provides for Windows.

17.3.1: Take Screenshot EPM allows you to remotely capture a screenshot of the current state of an endpoint. Select an

endpoint, scroll to the right, click on the Actions menu, and select Screenshots. This will capture the screenshot which can be viewed by clicking the ‘View’ button in the screenshot column.

NOTE: Screenshots are available for only those clients whose status is ‘Online/Logged in’.

17.3.2: Change Hostname

EndPoint Manager allows you to change the hostnames of Thin Clients and Workstations. To change

hostname:

1. Go to Endpoints and click on a row. It redirects to the group. 2. Select any endpoint, hover over its Actions menu, and click Utilities >> Change Hostname. 3. Add a random or specific hostname and click Done.

Result: Hostaname is assigned to endpoint.

Figure 27. Change Hostname popup

17.3.3: Update Windows EPM allows you to remotely initiate the process of downloading and installing updates for Windows

Guest OS of an endpoint. To update Windows of an endpoint:

1. Go to Endpoints and click on a row. It redirects to the group. 2. Select any endpoint, hover over its Actions menu, and click Utilities >> Update Windows.

Result: Update Windows popup appears

3. You can either start the process immediately or schedule for another time.

4. To schedule the process, click Schedule, select a date/time and click Update

Result: Endpoints’ Windows will download and install updates at the selected time.

17.3.4: Update HomePage You can set the browser startup page for both Internet Explorer and Firefox. The user will need to provide a valid URL for the functionality to work properly. To update browser Homepage of an endpoint:

1. Go to Endpoints and click on a row. It redirects to the group. 2. Select any endpoint, hover over its Actions menu, and click Utilities >> Update Homepage.

Result: Update Windows popup appears

3. Choose the browser and add a valid URL in the URL field. 4. Click Update.

17.3.5: System Preparation EPM allows you to remotely generalize a Windows image and deploy it on different endpoints. Sysprep

generalizes the image by removing computer specific information such as installed drivers and the

Computer Security Identifier (SID). To initiate System Preparation from EPM:

1. Go to Endpoints and click on a row. It redirects to Groups. 2. Select any endpoint, hover over its Actions menu, and click Utilities >> System Preparation.

Result: System Preparation popup appears.

Figure 28. System Preparation popup

3. Upload Sysprep zip file which should contain the "unattend.xml" file along with the files required by the "unattend.xml" file.

4. Click Add.

Result:

- The System Preparation process starts on the endpoint. - The endpoint shuts down. - Two new users are created when the endpoint is powered on. - You can clone this image on the server and deploy it on endpoints. See sec 11.1: “Image

Backups” and sec 11.2: “Change Image” for cloning and deployment processes.

Table 23. System Preparation fields

Field Description

System Preparation Sysprep generalizes a Windows image and deploys it on various endpoints.

Audit The Sysprep is part of the Windows image and administrators use it during audit mode.

Time To Wait This specifies the time needed to execute the System Preparation task.

NOTE: In case of failure, a log file appears on the EPM server after 7 minutes against the Sysprep task row in Tasks.

17.3.6: System Preparation with Audit Mode: To run System Preparation in Audit Mode:

1. Go to Endpoints and click on a row. It redirects to the group. 2. Select any endpoint, hover over its Actions menu, and click System Preparation.

Result: the System Preparation popup opens.

3. Upload Sysprep zip file which should contain the "unattend.xml" file along with files required by the "unattend.xml" file

4. Enable Audit toggle button in System Preparation popup 5. Enter Time to Wait for Audit Mode. This is the time after which the endpoint will automatically

reboot. Click Add.

Result:

- The Endpoint reboots immediately and the System Preparation process starts. - Close the SysPrep GUI that appears on Windows. - The Endpoint shuts down when Time To Wait reaches.

NOTE: If the task is not executed in Wait Time, a log file appears on the EPM server after 7 minutes against the Sysprep task row in Tasks.

17.3.7: Install Application(s) EPM allows you to remotely download and initiate the installation process for desktop applications. You

can upload a file on the EPM server and it is copied and extracted on the endpoint. Downloaded file(s)

can be viewed in C:\Users\username\AppData\Local folder in the endpoint. To install an application from the EPM server:

1. Go to Endpoints and click on a row. It redirects to Groups. 2. Select any endpoint, hover over its Actions menu, and click Application Install Zip.

Result: the Client Application Install popup appears.

Figure 29. Application Install popup

3. Upload a package (.zip) file to install/update on the endpoint. The Package file should have an init.bat file in its root and not inside any folder. Click Add.

Result:

- Uploaded (.zip) file is downloaded and extracted on the endpoint. - Application installation process is initiated on the endpoint.

Table 24. Install Application fields

Field Description

Application File This specifies the (.zip) file to install or update on

an endpoint.

17.3.8: Uninstall Applications EPM allows you to remotely initiate the uninstall process for software applications on endpoints. To

uninstall an application:

1. Go to Endpoints and click on a row. It redirects to Groups. 2. Select any endpoint, hover over its Actions menu, and click Programs Uninstall.

Result: Uninstall program popup appears.

Figure 30. Uninstall programs: Application list

3. Select the applications to uninstall by clicking Uninstall.

Result: Application uninstall process for selected application is initiated on the endpoint.

17.10: Application Shortcuts EPM allows you to remotely Create and Delete application shortcuts on the Endpoints desktop.

Go to the Group Details screen >> Application Shortcuts to create/remove shortcuts.

17.10.1: Create Shortcut To create an application shortcut:

1. Go to the Groups Details screen. 2. Select any endpoint, hover over its Actions menu, and click Create Shortcut.

Figure 31. Create Shortcut popup

17.10.2: Delete Shortcut To create an application shortcut:

1. Go to the Groups Details screen.

2. Select any endpoint, hover over its Actions menu, and click Utilities >> Application Shortcuts.

3. Select an already created shortcut. Hover over its Actions menu and click Delete Shortcut.

Figure 32. Delete Shortcut confirmation popup

17.10.3: Firmware Logs/Guest OS Logs EPM maintains logs for both endpoint firmware and Guest OS. These logs are maintained automatically

and are retrieved from the clients on every reboot. To view endpoint logs on server:

1. Go to the Groups Details screen.

2. Select any endpoint, hover over its Actions menu, and click Utilities >> Firmware Logs.

Result: Endpoint’s firmware logs are downloaded.

To view Guest OS logs repeat the same steps and select Guest OS logs in Utilities.

17.4: Other This group contains the following functionalities:

17.4.1: Desktop View EPM allows you to remotely connect and take control of endpoints connected to the EPM server. You

must setup Apache Guacamole server on a Ubuntu VM and then install VNC on the endpoints that you

want to connect to. To configure Guacamole server with EPM see Sec

To remotely connect to endpoint’s desktop view:

1. Go to the Groups Details screen. 2. Select any endpoint, hover over its Actions menu, and click Other >> Desktop View.

Result: Desktop view connection screen opens.

3. IP and Port input fields are pre-populated. Enter the password of Guacamole server and click Connect.

Result: Selected endpoint’s desktop view opens.

After establishing the connection, you can not remotely control the endpoint. To disconnect, click on the cross sign at top right of the screen.

NOTE: To access endpoint’s Desktop view, VNC must be installed on endpoint.

17.4.2: Change Group You can move an endpoint from one group to another. When an endpoint moves to a new group, the

profile applied to that group is pushed to the endpoint. A new profile applies when the endpoint

reboots. To move an endpoint from one group to another:

1. In the side menu, click Groups. 2. When the side menu expands, select a group.

3. Click on an endpoint in that group and click Change Group.16.3: Delete Client.

Result: The Change Group popup appears.

NOTE: You can only move endpoints to the same group type.

Figure 25. Change Group popup

4. In the Groups dropdown, select the client that you want to move the endpoint to.

5. Click Update.

Result: Success message appears and endpoint moves to new group.

17.4.3: Delete Endpoint You can delete an endpoint from a group. To delete an endpoint, select it and click Delete Client. This will delete the endpoint from that group. However, when the endpoint reboots, it will appear in the

Default group.

Result: The action deletes the endpoint along with all corresponding tasks and images.

17.5: View Hardware Specifications The EPM allows you to view hardware specifications of Thin Clients and Workstations. To view an

endpoint’s hardware specifications:

1. Go to Endpoints and click on a row. It redirects to the group.

2. Select any endpoint and click Check in the Hardware Specifications column.

Result: Hardware Specifications information is displayed.

Figure 26. Workstation Hardware Specifications

18: View All Endpoints EPM allows you to view all discovered endpoints in one screen. To view discovered endpoints click “All Endpoints” from the menu. This shows the list of all the endpoints. When the user clicks on the endpoint row, they are navigated to the endpoints list in the corresponding Group. The selected

endpoint row is highlighted.

Figure 34. All Endpoints screen

19: Tasks Tasks can be viewed by selecting the Tasks tab from the menu. This will display the All Tasks field and from here, users can also choose to view their Current Tasks by clicking on the top left corner.

19.1: All Tasks All Tasks displays all tasks that are queued/scheduled for endpoints along with endpoints’ MAC address and task status. This screen shows all tasks initiated from EPM server. The Tasks screen will show All

Tasks when opened. From here, you can perform multiple tasks by clicking on the Actions menu. The table below shows descriptions of all columns in the All Tasks screen.

Figure 35. All Tasks screen

Table 25. All Task columns

Field Description

Type This column shows the type of the task that is queued.

Scheduled For This column shows the date and time for which task is scheduled to be executed.

Status

This column shows the current status of a task. Status canbe:

● Pending ● Started ● Done ● Failed ● Cancelled

Description This column shows a description for a task. For Image Change and Image Backup, description can be added

(see sec 11.1: “Image Backups” and sec 11.2: “Change Image”)

MAC Address This column shows the MAC address of the endpoint for which the task is scheduled. For the server backup task, this field shows ‘Server’.

19.2: Current Tasks Current Tasks are the tasks currently executing on the EPM server. To view currently running tasks, go to Tasks and click View Current Tasks. This screen shows the progress of each task.

To cancel a running task, hover over its Actions menu and click Cancel Task. The screen shows no data if no task is in progress. The table below shows descriptions of all columns in the Current Tasks screen.

Figure 36. Current Tasks screen

Table 26. Current Task columns

Field Description

MAC Address This column shows the MAC address of the endpoint for which task is scheduled. For the server backup task, this field shows ‘Server’.

Image Name This column shows an image name that is currently being cloned or deployed.

Task Type This column shows the type of the task that is queued.

Progress This column shows the current progress of the task.

20: Images Images displays OS images of all the endpoints in the EPM server. It contains images that can be applied

to clients. All image backups of endpoints are saved here. To view this, click Images from the menu. You can also update and revert OS images. Below is an ima