PowerTerm® WebConnect Sample Links

Legal NoticeThis manual is subject to the following conditions and restrictions:This Administrator‘s Manual provides documentation for PowerTerm ®WebConnect. Your specific product might include only a portion of thefeatures documented in this manual.The proprietary information belonging to Ericom ® Software is supplied solelyfor the purpose of assisting explicitly and property authorized users ofPowerTerm ® WebConnect.No part of its contents may be used for any purpose, disclosed to any personor firm, or reproduced by any means, electronic and mechanical, without theprior expressed written permission of Ericom ® Software.The text and graphics are for the purpose of illustration and reference only.The specifications on which they are based are subject to change withoutnotice.The software described in this document is furnished under a licenseagreement. The software may be used or copied only in accordance with theterms of that agreement.Information in this document is subject to change without notice. Corporateand individual names, and data used in examples herein are fictitious unlessotherwise noted.Copyright © 1999-2010 Ericom ® Software.Ericom ® and PowerTerm ® are registered trademarks of Ericom ® Software.Other company brands, products and service names, are trademarks orregistered trademarks of their respective holders.2

Table of ContentsLEGAL NOTICE ................................................................................................... 2ABOUT THIS DOCUMENT .................................................................................. 71. INTRODUCTION ......................................................................................... 82. POWERTERM WEBCONNECT SERVER ................................................. 11Installing PowerTerm WebConnect Server ................................................................................ 11Activating the Server .................................................................................................................. 14Starting and Stopping the PowerTerm WebConnect Windows Server ..................................... 15PowerTerm WebConnect Ports ................................................................................................. 163. HIGH AVAILABILITY ................................................................................ 18Using Failover Mode .................................................................................................................. 20Using Cluster Mode ................................................................................................................... 21High Availability Limitations ....................................................................................................... 22Local Server Mode and the Shadow Database ......................................................................... 234. POWERTERM WEBCONNECT CLIENT .................................................. 25Windows User Interface ............................................................................................................. 25Mac OS X User Interface ........................................................................................................... 29Linux User Interface ................................................................................................................... 305. CLIENT DEPLOYMENT OVERVIEW ........................................................ 31The Downloader ......................................................................................................................... 32MSI Installation........................................................................................................................... 37PtStart Downloader .................................................................................................................... 386. CUSTOM CLIENT PARAMETERS ........................................................... 43General Client Command Line Parameters ............................................................................... 437. POWERTERM WEBCONNECT APPLICATION PORTAL ....................... 51Application Portal Configuration................................................................................................. 518. ADMINISTRATION TOOL ......................................................................... 60Launching the Administration Tool............................................................................................. 60Administration Console Interface ............................................................................................... 61Modifying the View Pane ........................................................................................................... 62Useful Functions ........................................................................................................................ 64Administration Console Parameters .......................................................................................... 663

9. DIRECTORY SERVICES ........................................................................... 67Administration Console Connection Process ............................................................................. 67Connection to a Directory Services............................................................................................ 6810. UNDERSTANDING USERS, GROUPS, AND CONNECTIONS ................ 73PowerTerm User Object Properties ........................................................................................... 76Connection Object ..................................................................................................................... 82Group Objects ............................................................................................................................ 82Implementing Access Policy ...................................................................................................... 9011. DEPLOYING APPLICATIONS AND DESKTOPS WITH TERMINALSERVICES .......................................................................................................... 92Overview .................................................................................................................................... 92Publishing ................................................................................................................................... 97Microsoft App-V Integration ..................................................................................................... 11212. CONFIGURING POWERTERM LOAD BALANCER ............................... 119PowerTerm Load Balancer Server ........................................................................................... 120PowerTerm Load Balancer Agent ............................................................................................ 124PowerTerm Load Balancer Administration Tool ...................................................................... 124Optimizing the Load Balancer .................................................................................................. 12913. DEPLOYING DESKTOPS WITH VDI ...................................................... 133Definitions ................................................................................................................................ 133Getting Started with VDI .......................................................................................................... 134Installation ................................................................................................................................ 135Ericom Tools ............................................................................................................................ 135Connection Broker Administration Tool ................................................................................... 140Using Pools .............................................................................................................................. 155Auto Resizing Pools ................................................................................................................. 158Virtual Desktop Assignment Options ....................................................................................... 159Creating a Simple VDI Implementation .................................................................................... 160Creating a Remote PC Access Solution .................................................................................. 16114. CREATING A PC-OVER-IP BROKER .................................................... 163Administering PCoIP Devices .................................................................................................. 16815. ENHANCEMENTS FOR TS AND VDI ..................................................... 171Ericom Blaze ............................................................................................................................ 171Single Sign-on from Workstation ............................................................................................. 173Unified Desktop ........................................................................................................................ 173True Multimedia Experience/Reverse Seamless ..................................................................... 17416. UNIVERSAL PRINTING .......................................................................... 177Introduction .............................................................................................................................. 177Using Net2Printer with PowerTerm WebConnect .................................................................... 178Using triCerat ScrewDrivers with PowerTerm WebConnect ................................................... 1814

Using Microsoft Easy Print with PowerTerm WebConnect ...................................................... 18317. TERMINAL EMULATION WITH HOSTVIEW .......................................... 184Introduction .............................................................................................................................. 184Configuring Legacy Connections ............................................................................................. 184PowerTerm WebConnect HostView Settings .......................................................................... 187LPD Printing with PrintView ..................................................................................................... 19219. REMOTE SHADOWING WITH QUICKVNC ............................................ 19920. REMOTE ASSISTANCE WITH SUPPORTVIEW .................................... 202Requesting a SupportView Session......................................................................................... 204Remote Attach using Administration Tool ................................................................................ 20521. MESSAGING ........................................................................................... 20722. OPTIMIZING PERFORMANCE ............................................................... 209Using a Dedicated Server ........................................................................................................ 209Memory Resources .................................................................................................................. 209Alternate Connection Points .................................................................................................... 210PowerTerm WebConnect Server's Process Priority ................................................................ 210Best Practices for a Healthy Environment ............................................................................... 21123. IMPLEMENTING ACCESS SECURITY .................................................. 212Encrypting with SSL ................................................................................................................. 212Enabling FIPS Compliancy in RDP .......................................................................................... 21524. RADIUS AND RSA ® AUTHENTICATION ............................................... 217RSA SecurID ............................................................................................................................ 217Radius ...................................................................................................................................... 219User Access ............................................................................................................................. 220RADIUS for PCoIP Devices ..................................................................................................... 22225. JUNIPER ® SSL VPN INTEGRATION ...................................................... 224SSL VPN Configuration ........................................................................................................... 224WSAM Configuration ............................................................................................................... 224JSAM Configuration ................................................................................................................. 226Portal Configuration ................................................................................................................. 227Configuring Single Sign-On ..................................................................................................... 228Additional Useful Policies ......................................................................................................... 22926. MONITORING AND AUDIT TRAILS ....................................................... 230Monitoring Online Activity ........................................................................................................ 23027. RECONNECT FEATURES ...................................................................... 2375

Application Zone Reconnect .................................................................................................... 237Session Reconnect .................................................................................................................. 238Blaze Reconnect ...................................................................................................................... 239Network Reconnect .................................................................................................................. 23928. UPGRADE INSTRUCTIONS ................................................................... 243Updating Ericom and Terminal Servers ................................................................................... 24529. APPENDIX A – ENVIRONMENT VARIABLES ....................................... 24730. APPENDIX B – ADMINISTRATION CONSOLE ..................................... 254Information Panes .................................................................................................................... 259Properties Dialogs .................................................................................................................... 26831. APPENDIX C – TECHNICAL SUPPORT ................................................ 285About Ericom ............................................................................................................................ 2886

ABOUT THIS DOCUMENTThis guide assumes that the PowerTerm WebConnect administrator will befamiliar with:PowerTerm ® WebConnect Getting Started Guide (read this first).Microsoft ® Terminal Server or Citrix ® XenApp managementknowledgeIntermediate networking knowledgeBasic web server administration knowledgeSome features documented in this guide may not be available in the versionof PowerTerm WebConnect you are using. There is no index provided in thisdocument. The most effective method to find specific content is to use thefind or search feature of the viewer that is being used to browse thisdocument. Enter relevant keyword(s) into the search function and browsethrough the results.Certain chapters will have pertinent configuration information for 64-bit (x64)operating systems. If x64 operating systems will be used, be sure to searchthrough this document using the keyword x64 to find all relevant information.Important terminology used in this document:Terminal Server – a system that can receive RDP requests. Thiscan be a Microsoft Terminal Server or a workstation OS such asWindows XP ProfessionalHost – a remote system performing the computing (i.e., MicrosoftWindows Terminal Server)VDI – Virtual Desktop InfrastructureRDP – Remote Desktop ProtocolPTWC – PowerTerm WebConnectRemoteView – Component used to access Windows basedapplications and desktops7

1. INTRODUCTIONWhat is PowerTerm ® WebConnect?Ericom‗s PowerTerm WebConnect is a powerful Connection Broker formanaging access for various types of hosting platforms. Such platformsinclude Remote Desktop Session Hosts (Terminal Services), Virtual DesktopInfrastructure (VDI) and Legacy Systems. PowerTerm WebConnect enables ITadministrators to get the most out of their Terminal Servers and VDIenvironments with minimal effort, while reducing complexity in managingaccess to applications, desktops and documents. Users can utilize PowerTermWebConnect to connect to applications, desktops and documents from a widerange of client devices including Windows®, Linux, and Mac OS X, and variousthin-client devices. In addition, PowerTerm WebConnect provides secure,encrypted connections for both internal and external access.Application PublishingPowerTerm WebConnect enables remote access to applications and content byany authorized user. These are viewed as seamless windows, where theremote applications are fully integrated into the local desktop; thus local andremote applications look and behave similarly. PowerTerm WebConnectsupports both Microsoft RemoteApp and Ericom True Seamless Windowsseamless windows mechanisms.The Administrator configures the published application‘s set of owners, thepublished application‘s location (locally on the client‘s machine or remotely onthe Terminal server), and the location of the published application‘s icon(Desktop, Application Zone, and/or Start menu).End-User Client ComponentsOne major benefit of PowerTerm WebConnect is that end-users do not needto manually download and install different client software to access varioustypes of resources. Instead, users utilize a single interface that provides thatappropriate view of resources based on their type and the host they arelocated on.PowerTerm WebConnect includes several clients that are used automaticallyfor the appropriate back-end system:RemoteView for accessing Windows based applications anddesktops.8

HostView for accessing character-based applications running onlegacy systems such as IBM Mainframe, UNIX, Linux, etc.SupportView for remote desktop support.PrintView for managing remote LPD based print.QuickVNC for remote desktop connectivity.PowerTerm WebConnect for Thin ClientsIn general, a basic system or thin client is the sufficient to run the PowerTermclient components. By using a repurposed PC or thin client device, additionalcost savings can be achieved with a PowerTerm WebConnect solution.Central managementPowerTerm WebConnect includes an administration console that can be usedto monitor and modify sessions, and to tailor usage for different types of endusers.All settings are saved onto a central and redundant platform for robustapplication and desktop delivery.What is New in 5.7Ericom Blaze RDP WAN AccelerationEricom Blaze provides end-users with an enhanced remote computingexperience on most networks: WAN, LAN, Broadband, and air cards. This isachieved by significantly accelerating and compressing Microsoft RemoteDesktop Protocol (RDP). The results are higher frame rates, improvedresponse times, and smoother screen updates.Enhanced Connection Broker for VDIPowerTerm WebConnect DeskView Connection Broker is enhanced to provideadditional functionality:Linked Cloning reduces virtual desktop storage requirements.Auto-sizing Pools ensures that an optimal amount of virtualdesktops are running. New virtual desktops are created based onuser demand. Extra virtual machines are deleted automaticallymaking better use of server resources.Availability Restriction Control limits access to virtual desktops onpre-determined times of the day.Desktop Image Templates expedites the creation of new desktopsby using existing configuration templates.PCoIP Desktop Selection from Pool allows the end-user to select aspecific PCoIP hardware host from a pool.9

PCoIP Radius Support provides two-factor authentication fromPCoIP clients.Enhanced Load Balancer for Terminal ServersThe PowerTerm WebConnect Load Balancer has been redesigned as an easyto use MMC snap-in module. The new administrative interface allows foreasier management and monitoring of configured Terminal Servers.Ericom Application CenterThe Ericom Application Center is a new end-user component to accesspublished applications and desktops. The Application Center interface isbased on Windows Explorer and will display multiple PowerTerm WebConnectenvironments into one access point for the end user.Support for 2008 R2 Remote Desktop ServicesPowerTerm WebConnect 5.7 is designed for use with Microsoft Windows 2008R2 in addition to previously supported platforms (Windows 2003 and 2008).Support for Windows 7Windows 7 is supported as a client and a managed (virtual) desktop.Full integration with Microsoft RDP version 7Automatically deploy RDP7 to compatible clients (does not replace existingsystem components). 5.7 supports new RDP7 features: 32-bit color sessions,enhanced multi-monitor support, and bi-directional audio.Unified DesktopMerge the remote session Start bar with the local desktop Start bar for easierremote application usage.Reverse Seamless (True Multimedia Experience)Run certain applications, and open specific documents or URLs, using clientresources via the remote session. The local application windows areseamlessly integrated into the remote desktop session. Using reverseseamless applications leads to improved application performance, reducedserver load, and reduced network overhead.10

2. POWERTERM WEBCONNECT SERVERInstalling PowerTerm WebConnect ServerPowerTerm WebConnect and its components are installed under C:\ProgramFiles\Ericom Software\WebConnect X.x (where X.x is the version number) bydefault. The installation path can be specified during the installation process.Double-click on the installation file to begin.NOTE PowerTerm WebConnect can be installed on the following platforms:Windows 2003 (all versions), Windows 2008 (all versions), Windows2008R2, Windows 7, Windows XPServer PrerequisitesBefore installing PowerTerm WebConnect, the following features should beactive on the target server:.Net Framework 3.5 SP1 (version 4 is not supported). This can bedownloaded for free on the Microsoft website.IIS web server role (may also be installed on a separate system)ASP.NET and IIS 6 Scripting ToolsHINTPowerShell script to enable requirements on a Windows 2008 R2 server:# Run the following command first to allow you to run scripts:# Set-ExecutionPolicy RemoteSigned# Import the Server Manager Powershell modulesImport-Module servermanager# Install ".Net Framework 3.5" Feature and "IIS" Role with "ASP.NET"and "IIS 6Scritping Tools"Add-WindowsFeature Net-Framework, Web-WebServer, Web-Windows-Auth, Web-Asp-Net, Web-Lgcy-Scripting –restartStep 1 - Specify local folder for installation filesWhen prompted, specify the local directory to extract the installation files to.11

Step 2 – Evaluation ModeWhen prompted, enter the serial number or click Evaluate to installPowerTerm as a 30-day trial. Entering the serial number does not activatethe product; go to the Activation section for more information.NOTE The evaluation package of PowerTerm WebConnect runs in Enterprisemode. Once activated, the purchased PowerTerm WebConnect edition willbe enabled.Step 3- Select the Setup TypeAt the Setup Type selection screen choose one of the following options:The Full Installation is used for most installations.NOTE If PowerTerm WebConnect is already installed on the server, selecting adifferent Setup type will overwrite the existing type - resulting inunselected components being removed from the serverStep 4 – Local Directory for PowerTerm WebConnectSpecify the local directory for the installation of PowerTerm WebConnect.12

Step 5 –Start Menu location for PowerTerm WebConnectStep 6 – Web server ASP configurationWhen prompted, enable ASP if the same server will act as the web server forPowerTerm WebConnect‘s web based components (i.e., Application Portal andon-demand installations).Step 7 – Upgrade MessageIf this is an upgrade install, the previous configuration will be imported at theend of the installation. See chapter on Upgrade Instructions for more details.Step 8 – Set the WebConnect Cluster NameWhen using more than one PowerTerm WebConnect server within the sameenvironment (i.e., for redundancy purposes) a cluster name must be used to13

identify the environment the server is a member of. A PowerTermWebConnect server can only be a member of one cluster.Step 9 – Terminal Server AgentIf PowerTerm WebConnect is being installed on one of the Terminal Servers,click Yes to install the Ericom Terminal Server agent.Step 10 – Complete InstallationAfter the parameters are set, the PowerTerm WebConnect installation willbegin. The process takes approximately 10 minutes.At the end of the installation, click Exit and Run to launch the AdministrationTool. The PowerTerm WebConnect Server service will start automatically.Activating the ServerWhen PowerTerm WebConnect is first installed it will be started in Evaluationmode. The server can be extended to continue an evaluation or activated14

once the product is purchased. To extend or activate go to Start | Programs |Ericom Software | PowerTerm WebConnect | PowerTerm WebConnect ServerLicense Update.To activate PowerTerm WebConnect once it is purchased:Contact Ericom Support and send the serial number and ―Key to send‖.An activation key will be returned, enter this under ―Key received fromEricom‖.The ―Number of Licenses‖ will be updated.To extend PowerTerm WebConnect to continue an evaluation:Contact Ericom Sales and send the ―Key to send‖ with the number ofadditional days to needed to continue evaluation.An extension key will be returned, enter this under ―Key received fromEricom‖.The duration will be updated.To apply the license either restart the PowerTerm WebConnect Server serviceor reload the license using the Administration Console (Server menu).NOTE License errors may appear when hardware components are changed in theserver running PowerTerm WebConnect Server. Changing the system timeor copying the license file from one server to another will result in a licenseerror as well. Please contact Ericom Technical Support to obtain a newlicense key in the event of an error.Activating Blaze Server with WebConnectCertain editions of PowerTerm WebConnect include Blaze RDP Accelerationsupport. Blaze is activated along with PowerTerm WebConnect. If the PTWCserver is successfully activated, when the user connects using a WebConnectinterface (Application Zone or Applications Portal) it disregards the licensingstate of the Blaze Server. For example, as long as PTWC is activated, even ifBlaze Server is expired, the connection will still work. Blaze Server licenseonly takes effect when using Blaze standalone client to connect to the host.Starting and Stopping the PowerTermWebConnect Windows ServerPowerTerm WebConnect is installed as a series of Microsoft Windows services.The Server must be running in order for clients to connect to it and establishconnections to the host systems. A web server must be installed/availableand running in order for end users to download the client components. Bydefault, the PowerTerm WebConnect Windows server is installed as a serverservice, with the Automatic startup type. This means that during system15

startup, the service control manager automatically starts PowerTermWebConnect Server.Starting and Stopping the PowerTerm WebConnect serviceTo start/stop the server service1. Open Start | Settings | Control Panel | Services2. Right click on PowerTerm WebConnect Server3. Click Start or Stop.Starting the PowerTerm WebConnect service from command lineRun the PtServer.exe with the /start parameter.Starting the PowerTerm WebConnect service as a programRun PtServer.exe with the parameter /run.PowerTerm WebConnect PortsMost PowerTerm WebConnect components (server, starter, AdministrationTool, and clients) use port 4000 (by default). This port can be changed toavoid conflicts with other applications, as well as with firewalls or proxies.Modifying the PowerTerm WebConnect Ports1. Open the Administration Console and go to File | Configuration |Main.2. Set the entry [ConnectionPoint=] PortNo=new-portnumber3. Update all HTML files with the custom port. (:). When no port number is defined, thedefault 4000 is used.4. Update the comportal.ini with the new port number (Address andCustomAddress) settings.Ports commonly used by PowerTerm WebConnectPort #Used by4000 Default PowerTerm WebConnect components4001 PowerTerm WebConnect Administration Tool16

4080 Broadcast port for Automatic Server Discovery3389 Microsoft RDP3399 Ericom Blaze Accelerated RDP80 Web services23 Telnet22 SSH389 LDAP443 SSL515 LPD/LPR1812 RSA SecurID or Radius two-factor-authenticationprotocol17

3. HIGH AVAILABILITYTo maintain high availability of the PowerTerm WebConnect services, multipleservers can be configured to provide redundancy. There are two modes toprovide high availability: Cluster and Failover. In both Cluster and Failovermode there is one Primary server and one or more Monitoring servers; and allservers must be members of the same cluster (use the same cluster name).Any WebConnect server in the cluster group can become the Primary server.The first server that is started is assigned the Primary role. In Cluster mode,the Monitoring servers are active and can process user‘s requests. In Failovermode, there is only one Monitoring server and it is in passive mode (does notaccept user requests). A passive server becomes active when the primaryserver becomes unavailable. Both Cluster and Failover modes require accessto a network directory that will host the shared cluster database.NOTE The PowerTerm WebConnect DeskView VDI connection broker onlysupports Failover mode.Shared Cluster DatabaseA cluster group is comprised of multiple PowerTerm WebConnect servers,sharing one database. The central database must be stored on a secure androbust network location (i.e., a storage area network). To maintain databaseintegrity, only the Primary server can update the central database.NOTE The database is in binary format. (In non-cluster mode, the database maybe store in ASCII format as well)Selecting Cluster or FailoverCluster mode is enabled when the full network path is defined in thePtServer.ptr file, and the license file exists in the local \bin folder.Failover mode is enabled when the full network path is defined in thePtServer.ptr file and the license file exists in the location of the share path.NOTE When changing the location of the central database, remember to updatethe UNC path to the new location in all associated .ptr files.Configuration1. Create a folder on a robust network share and give it a name.18

2. Define the newly created folder as a hidden share; this share mustbe secured such that only PowerTerm WebConnect servers and abackup account may access it.3. Stop the PowerTerm WebConnect Server service.4. Copy the DataBase and Downloads folders from the PrimaryWebConnect Server to the shared foldera. For DeskView users, copy the DeskViewServer |Database.XML file to the shared Database directory.5. For Failover mode only: Copy PTS.LF (and PTS.LFD if it exists)from the Primary WebConnect server‘s bin directory to theDataBase folder contained within the shared folder.6. For HostView client only: Open PtServer_Connections.ini file onthe cluster database and modify the entries login-command-fileand terminal-setup-file to designate their new location on the fileserver. By default, the specified directory is...\DataBase\Connections\ and should be replaced by\\FileServerIP-addressOrName\WebConnect$Configure the Primary Server1. Create a file named PtServer.ptr in the \bin folder of the PrimaryWebConnect Server.2. Edit the PtServer.ptr with a text editor and enter the full UNC pathto the Main Configuration file (PtServer.ini) located on the centralshare (i.e., \\FileServer\WebConnect$\DataBase\PtServer.ini3. Restart the PowerTerm WebConnect Primary server.Configure additional servers1. Copy PtServer.ptr from the \bin folder on the Primary server tothe same folder on the Monitoring server(s). It is also possible tojust create a new PtServer.ptr file in the \bin folder and point it tothe shared PtServer.ini file.2. Restart the PowerTerm WebConnect Monitoring server(s).NOTE Since the PtServer.ptr file is stored in the bin folder, upgrading aWebConnect server will automatically put it into cluster/failover mode.Client ConfigurationOnce the PowerTerm WebConnect servers are configured for either highavailability modes, the user access parameters must be updated as well.19

When using Failover mode, the Server parameter must contain the list ofWebConnect servers separated by semi-colons. Please refer the CustomClient Parameters (Failover Configuration) chapter for detailed instructions.In Cluster Mode, a third-party load balancer (i.e., Microsoft NLB) will berequired to load balance between the clustered WebConnect Servers. Theclient server parameter is then configured with the clustered address (of theload balancer), which will redirect the request to the least loaded PowerTermWebConnect Server in the cluster.Client UsageNOTE Active Application Zones do not failover automatically. Since only oneApplication Zone may run on a single machine, the inactive ApplicationZone must be closed manually.After the failover process is complete, instruct the users to run ApplicationZone again. The failover mechanism n the client will timeout on the primaryserver and connect to the failover server.Using Failover ModeIn the event that the Primary server goes down, the Failover server becomesthe new Primary server.NOTE When the primary server goes down, the transition to the failover serverwill take a few minutes. During this time, users will not be able to login.The new Primary server maintains all functionality of the original Primaryserver. The only difference is that the clients will take longer to connect sinceeach client tries to connect to the original primary server first. The clientmust wait for the first server to timeout before it attempts to connect to thesecond server.Restoring the original Primary server only puts it into failover mode (the rolesare now reversed). Clients cannot connect directly failover servers, so thelonger connection time will persist. If a user tried to connect directly to afailover server, an error message will be displayed:In order to restore the original configuration:20

1. Stop the new Primary server2. Wait for the original Primary server to become the primary again3. Restart the original Failover server, and it will now revert back toits original failover role.Using Cluster ModeIn the event that the Primary server goes down, any of the Monitoring serverscan become the new primary server. Only the Primary server can update thedatabase. However, all servers have equal functionality and can accept userrequests. The user can connect to any active PowerTerm WebConnect serverin the cluster to access published resources. PowerTerm WebConnect serversin a Cluster Mode environment can also be load balanced using a third-partyload balancer.Cluster AdministrationIn the example below, there are three PowerTerm WebConnect Servers in thecluster: Servers 1, 2, and 3. All servers are connected to the centraldatabase. In this configuration, if Server 1 is able to update the database,then both Administrators A and B will have write permission.Users connecting to Monitoring servers (Administrator C) will only be able tosee the current configuration and will not be allowed to make changes. Whenan Administrator connects to a Monitoring server a message is displayed:21

If the Administrator clicks No, the Administration Console will connect to theselected PowerTerm WebConnect server, but will only have read access.The title bar of the Administration Console will indicate that it is inMonitor Mode only.A small, solid blue circle will appear in the lower left hand cornerof the Administration Tool.Clicking on Yes will redirect the Administrator to the Primary server.PtServer.ini ParametersShadowDbSyncFrequencyMinutesSets the synchronization interval of theshadow database. Default: 60CashDbSyncFrequencySeconds Updates interval in seconds for copyingthe database to memory.Default: 60CashDbSyncToleranceSeconds Updates the wait interval in seconds if thedatabase cannot be updated immediately.Default: 5CashDbSyncMaxToleranceSeconds The maximum number of repeats ofCashDbSyncToleranceSeconds to waitbefore updating the database in memory.Default: 60High Availability LimitationsMonitoring of active sessions is not clustered – active sessions aremonitored by each individual PowerTerm WebConnect server.SupportView sessions are not clustered – users and support agentsmust be connect to the same PowerTerm WebConnect server in orderto initiate a SupportView session.Users that are auto-created are always in non-persistent mode.Do not switch the database to a different network location when anyPowerTerm WebConnect servers are connected to it.The DeskView Connection Broker database does not support Clustermode, therefore Failover mode must be used.22

The Load Balancer clustering is handled separately. See chapter onthe PowerTerm WebConnect Load Balancer.There is no indicator in the Administration Console to notify theAdministrator if the cluster database is being used (only Monitoringmode notification is available).Client (View | Client Sessions) functions are disabled on Monitoringservers. Right-clicking on a user in the Sessions list will present anaction menu. However, all functions of this menu are disabled.Remote Attach is not available from any Monitoring server.Local Server Mode and the Shadow DatabaseIn the event that the central database is not available (network failure, lack ofpermissions, etc.), the Administration Console that has write access (Primaryserver) will automatically switch to Monitoring mode. The switch will occurthe next time the server tries to access the database (i.e., a configurationchange needs to be applied). Monitoring mode does not allow updates to thecentral database.A local copy of the main database (shadow database) is stored in eachPowerTerm WebConnect Server and is updated periodically from the centralstore. This database is non-persistent and is lost if the server is shut down.The shadow database is used when the primary database is not available.This allows the servers to start and provide service, but not with the centraldatabase. When the central database becomes available again, theMonitoring servers will update their information from the central store.In a Cluster environment, the first PowerTerm WebConnect server to connectto the central store becomes the Primary server.NOTE The shadow database may be outdated if it has not been updated recently.23

In a Failover environment, there must be a very robust connection to theshared database. If the central database becomes unavailable, all activeusers will no longer be able to access published resources. This errormessage will appear:When a user tries to launch a resource, since the central Downloads folder isunavailable, only an error message will be returned:24

4. POWERTERM WEBCONNECT CLIENTPowerTerm WebConnect supports a variety of client operating systems:Windows 2000 and higherMac OSX 10.5 and higher (Intel only)LinuxWindows User InterfaceApplication ZoneThe PowerTerm WebConnect Application Zone provides a rich client interfacefor accessing published applications and desktops. The Application Zone alsoprovides local desktop integration by placing icons for published resources onthe local desktop and in the local Start menu. The Application Zone uses anagent (ptagent.exe on Windows systems) to acquire the latest configurationand client components from the PowerTerm WebConnect server. ApplicationZone is also available for Mac and Linux systems, but some functionality willbe missing (i.e., desktop shortcut icons).Launching Application Zone from a web browser1) Using a web browser open: http://serveraddress/WebConnect/ApplicationZone.html2) At the login dialog, enter the user‘s credentials (if a domain is notspecified as part of the username, the default domain that is configured onPowerTerm WebConnect will be used).25

3) Click Login4) Once authenticated, the user will be presented with Application Zone.5) All published resources may also be accessed from the systray agent.6) To launch any published application or desktop, double-click on the desiredicon. This launches the RemoteView client on the local device to connect tothe appropriate Terminal Server or virtual desktop.NOTE Only one user can be logged into Application Zone from any system.However, the same user can be logged into multiple systems if AllowConcurrent Machines is enabled.Logout of Application ZoneThere are two methods to logout of Application Zone.1) From the Application Zone File menu, select Logout.2) Right-click on the Application Zone systray icon and select Logout.26

NOTE The Application Zone shortcut format is PowerTermApplication Zone by Ericom. If there are more than one Application Zonerunning with the same organization name, there will be only one desktopshortcut for them. The organization name configuration is done from theMain Configuration (PtServer.ini) OrganizationName setting.Application Center (Windows only)To access the Ericom Application Center, right click on the Application Zonesystray icon and select Options | Switch to Application Center.HINTApplication Center can display published resources from multiplePowerTerm WebConnect environements. The tree based interface makesit easy to browse for desired resources among multiple servers.Since Application Center uses Windows Explorer, it may restart WindowsExplorer as part of the installation process.Once Application Center is loaded and running, published resources can belaunched from a Windows Explorer interface.27

Published resources will be removed from Application Center when the userlogs off Application Zone.A shortcut icon for Application Center will be placed on the end-user‘s desktopfor future use.Application Portal (Windows only)PowerTerm WebConnect provides an ASP-based web interface for accessingpublished applications. The Application Portal uses an agent (ptagent.exe) toacquire the latest client components from the PowerTerm WebConnect server.Launching Application Portal from a web browser1) Using a web browser open the following link and select the ApplicationPortal: http://server-address/WebConnect/start.html2) At the login dialog, enter the user‘s credentials (if a domain is notspecified as part of the username, the default domain that is configured onPowerTerm WebConnect will be used).28

3) Once authenticated, the user will be presented with Application Portal.4) To launch any published application or desktop, click on the desired icon.5) To close the Application Portal session click on Logout to the left of theapplication and desktop icons.Mac OS X User InterfaceApplication ZoneThe Mac based Application Zone is an Add-on feature that is installed separatelyfrom the server. To enable the Mac Application Zone perform the following:1) Download the add-on file from the Ericom FTP site.2) ftp://Support:ericom@ftp.ericom.com/WebConnect/v5.7/mac/MacClient5.7.zip3) Place the contents of the zip file into the PowerTerm WebConnect webdirectory, overwriting the existing files. The default location is C:\ProgramFiles\Ericom Software\WebConnec X.X\web.4) Change the security permissions of all files in the web folder so that thegroup Everyone has Read access.5) Verify that Mac users can now browse to the URL and launch ApplicationZone: http:///webconnect/applicationzone.html6) A login prompt will appear.7) Once logged in, the Application Zone will appear with availableconnections. Any desktop shortcut icons will also appear.NOTE When working in RemoteView on the Mac, to simulate a right mouse clickdepress the control key and then click on the desired object.NOTE When exiting Mac Application Zone, all active connections will be closed.29

Unsupported FeaturesThe following features are not supported by the Mac client: Web ApplicationPortal, SupportView, QuickVNC, Application Center, Universal Printing,Desktop and Start menu shortcut icons, and Messaging.Linux User InterfaceApplication ZoneTo launch the Linux Application Zone perform the following:1) Verify that Linux users can now browse to the URL and launch ApplicationZone: http:///webconnect/applicationzone.html2) A login prompt will appear.3) Once logged in, the Application Zone will appear with availableconnections. Any desktop shortcut icons will also appear.NOTE When exiting Linux Application Zone, all active connections will be closed.Unsupported FeaturesThe following features are not supported by the Linux client: Web ApplicationPortal, SupportView, QuickVNC, Application Center, Universal Printing, Startmenu shortcut icons, and Messaging.30

5. CLIENT DEPLOYMENT OVERVIEWA key feature of PowerTerm WebConnect is its ability to remotely install andupdate client components. Two mechanisms are available to launchPowerTerm WebConnect resources from a web browser:Windows (ActiveX) DownloaderJava DownloaderThe downloader can be modified in the following ways:Place an Application Zone shortcut icon on the user‘s desktopThe installation folder of the client download can be modified.Enable auto-update to ensure that all clients are using the latestversion.Create a custom access page (i.e., use generic users to login).When using the Application Zone and Application Portal, both ActiveX andJava downloaders do not directly launch the requested client. The ApplicationZone/Application portal (ptagent.exe) is launched and then instructed onwhich client to launch based on the user‘s selection. The ApplicationZone/Application portal will then initiate the installation of the requested clientcomponent (i.e., RemoteView/ptrdp.exe).Step 1Step 2Step 3Step 4Step 5• Browse to a PowerTerm WebConnect URL. The web browser installs the PowerTermDownloader. The downloader.js configuration is loaded.• PowerTerm Downloader validates and/or updates the PowerTerm Agent (ptagent.exe) onthe end-user's system with the version on the web server.• PowerTerm Agent receives parameters from the Downloader, and then the web page, anddisplays published resources to the user.• When the user selects a resource, PowerTerm Agent validates/updates the client componenton the end-user's system with the version in the Downloads folder.• Once the client component has been installed/validated, it will be launched and connectedto the requested resource. The Agent parameters will be passed to the client component.31

The DownloaderPowerTerm WebConnect Downloader‘s role is to download, install and launchpre-configured client components through a web browser. There are two suchDownloader types:Windows ActiveX controlo Available for Windows workstations onlyo ActiveX compatible browser required (Internet Explorer)o Permissions to run signed ActiveX components requiredJava appleto Cross platform, compatible with Windows, Mac, and Linuxo Java/JVM is required on the end-user systemo Permissions to run Java applications requiredNOTE The Java Downloader is not compatible with IE on Windows 7 or Vistawhen UAC is enabled (which is the default)If neither Downloader components can be used (i.e., the user‘s browser doesnot support ActiveX and is not Java enabled) the user will be notified and theMSI should be used.Configuring downloader.js ParametersThe downloader.js automatically launches the appropriate Downloader typebased on client‘s properties. Since downloader.js is executed on the clientside, it does not require any special changes on the server-side.NOTE The only requirement to use downloader.js is to enable JavaScript on theclient side.Custom parameters can be passed to downloader.js in order to modify thebehavior of the Downloader components. The downloader.js passes theappropriate values to the Downloader component being used in the properformat. This downloader.js is compatible with most web browsers, includingthe latest versions of Microsoft Internet Explorer, Mozilla Firefox, GoogleChrome, Apple Safari and Opera.Parameters for downloader.js are specified by assigning values to global scriptvariables. The script assigning the values must be executed beforedownloader.js. For this reason it is a good idea to place the script inside the section. Do not set the values in the page‘s onload event handler asthat will execute after downloader.js.The variables that specify values for downloader.js start with PT_ prefix. Hereis an example of a script block that specifies the settings:32

…// Parameters for downloader.jsvar PT_windowsDownloaderURL = "windows/ptdownloader.cab";var PT_ns6DownloaderURL= "Downloader_NS6WS_Signed.jar";var PT_identifyJVM= "windows/IdentifyJVM.class";var PT_javaDownloaderImagesURL= "images";var PT_windowsAgentURL= "./windows/ptagent.cab";var PT_linuxAgentURL= "./linux/ix86/qterm-wc.zip";var PT_server= location.hostname;var PT_agentParameters = " -wc-client " + PT_server + "/SHORTCUT=BOTH /AUTOLOGIN=NO";var PT_clientDst = "";var PT_downloaderLog = "";var PT_selectedConnection = "";var PT_shortcut= true;var PT_useJavaOnIE= true;…NOTE The use of the prefix PT_ make it unlikely that there will be a conflict withglobal variables of any framework that might be used in the web page.Embedding downloader.jsTo use downloader.js in a web page, use the HTML tag to embed areference to it in the page. This reference must be inside the sectionof the page. This section will not generate any visible output to theuser, other than launching a Downloader component.………The src attribute of the tag must specify a valid URL where thedownloader.js file is located. This URL can be either relative, as in theexample above, or absolute.NOTE While it is possible to embed the Downloader components directly into webpages, the preferred method is to use the downloader.js.33

downloader.js SettingsSettings that specify locations, such as PT_windowsDownloaderURL andPT_identifyJVM, are assigned a URL.NamePT_windowsDownloaderURLPT_ns6DownloaderURLPT_identifyJVMPT_javaDownloaderImagesURLPT_windowsAgentURLPT_linuxAgentURLPT_serverPT_agentParametersPT_clientDstPT_downloaderLogPT_selectedConnectionPT_shortcutPT_useJavaOnIEDescriptionLocation of ActiveX DownloaderLocation of Java Downloader – signed JavaAppletLocation of Java applet that determines JVMtype and versionLocation of folder containing images used byJava DownloaderLocation of cab containing the PowerTermWebConnect agent for Windows –PtAgent.exeThe .ver.txt file must be located in the samelocation as the cab fileLocation of zip file containing the PowerTermWebConnect agent for LinuxThe .ver.txt file must be located in the samelocation as the cab fileAddress of the PowerTerm WebConnectserverParameters (PARAMS) passed to the agentwhen it is launchedInstallation destination on end-point devicePath to log file on end-point device.If empty then no log file will be generatedSpecify connection, e.g. id of publishedapplication, to launch.If empty then no connection is launched –instead a list of connections will be displayedby the agent.A Boolean value indicating whether a desktopshortcut to the agent should be created onthe end-point deviceUse Java on Internet Explorer if ActiveX failsto startWindows DownloaderThe advantages of using ActiveX for downloading and installing PowerTermWebConnect clients are:The HTML file is easy to configure.34

Small download size.Does not require any external components beyond the browseritself (such as the JVM).Best control over the download destination.The Windows Downloader can only be activated by a browser that iscompatible with ActiveX technology, such as Microsoft Internet Explorer.The Windows Downloader is a stand-alone executable, PtDownloader.exe, andhas the following COM attributes:GUID – {7EC816D4-6FC3-4C58-A7DA-A770EE461602}ProgID - PowerTerm.DownloaderIt can also be activated by COM compatible applications other than thebrowser, as well as a command prompt.The Windows Downloader has been digitally signed by Ericom Software, andthe signature has been verified by VeriSign. When the browser downloads theWindows Downloader it will display the certificate and ask the user to acceptthe component‘s installation.HINT To avoid the certificate message, place the Web hosting the WindowsDownloader in the browser‘s ―Trusted sites‖ security zone. Alternatively,the user can select always trust content from Ericom Software. Oncetrusted, the certificate will not be displayed again, even if it is updated.Features of the Windows DownloaderDuring installation a progress bar is displayed showing:component‘s total size, percent downloaded, and an estimate ofthe remaining download time.Cancel button to terminate the download.Configurable download destination.Continues to download and install even if the browser is closed.Security notice is presented only once – the same WindowsDownloader can download multiple client types.Once installed, it can download components to locked systems.Optional log file to troubleshoot failed installations.Java DownloaderThe advantages of using the Java downloader are:Cross-platformCross-browser35

Works when security settings do not allow ActiveX.The Java Downloader is a signed Java applet that is compatible with JVM1.4.0 or higher. The Java Downloader should be used when ActiveX is notsupported by the browser or operating system.Ericom Software has digitally signed the Java Downloader, and VeriSign hasverified the signature. When the browser downloads and launches the JavaDownloader it will display the certificate and ask the user to accept thecomponent‘s installation. To bypass this message, place the Web serveraddress (where the Java Downloader is hosted) in the browser‘s ―Trustedsites‖ security zone. Once selected, the certificate will not be shown again,even if updates are downloaded.Features of the Java DownloaderHTTPS protocol supportDownload progress indicator, showing the name and version ofthe component being downloadedConfigurable download destinationThe ability to download components to locked systems (requireswrite access to download destination)Support for side-by-side installation of multiple client versionsError messages and log file to troubleshoot failed installations.The Java Downloader does not connect to PowerTerm WebConnect Server,and thus does not require the user to login. It connects and downloadscomponents from a standard Web server.Using the Java Downloader involves complex JavaScript functions to supportthe user‘s operating system as well as the browser-enabled Java VirtualMachine version. All modifiable parameters are located in the Java Scriptconfiguration file PtAgentSettings.js. The Java Script functions located inPtAgent.js should not be changed.NOTE The Java Downloader uses JavaScript to modify its behavior based on theuser‘s operating system and browser type. Browser scripting must beenabled in order to use the Java Downloader.Using Java Downloader with Internet ExplorerOn Internet Explorer downloader.js will always try the ActiveX Downloaderfirst. The ActiveX Downloader may fail to launch in the following scenarios:ActiveX is disabled by security settingsUser does not accept initial ActiveX installationo The user has 10 seconds to approve the use of ActiveX36

User does not have permissions to install ActiveXUser does not notice browser notification for ActiveX installation ordenies the installation.When the ActiveX method fails and if PT_useJavaOnIE is set to true, thendownloader.js will try to use the Java downloader.NOTE if the ActiveX Downloader is launched, but fails in its operation (i.e., theURL to the agent is incorrect) the Java Downloader will not be used.The Downloader process when ActiveX is denied on Internet Explorer:1. ActiveX Downloader fails to start.a. Verify PT_useJavaOnIE. If it is ‗false‘ then stop.b. Check Java support in the browser. If the browser does notsupport Java then stop.2. Display message asking user to allow Java Downloader.a. If user does not allow Java Downloader use then stop.3. Launch Java DownloaderMSI InstallationPowerTerm WebConnect provides Microsoft Windows Installer packages (MSIfiles) for all its clients. These packages are located on the PowerTermWebConnect server in the AddOns folder. MSI is supported by networkconfiguration management services such as Microsoft Systems ManagementServer (SMS).Each PowerTerm WebConnect client is packaged in a separate MSI to supportboth manual and automated installation. Various settings, such as theinstallation location, can be specified manually via the user interface, or usingstandard command-line parameters.Installing PowerTerm WebConnect clients using MSI is useful when:A network configuration management service such as MicrosoftSMS is being used to deploy software.Security settings prohibit web-based installation of client software.Bandwidth constraints or support requirements dictate astaggered distribution of the client software to the users'workstations.NOTE PowerTerm WebConnect clients installed using the MSI can only bemanually upgraded using the MSI. MSI clients will not automaticallyupdate from PowerTerm WebConnect, even if a newer version of the clientexists on the server.37

PtStart DownloaderPtStart is an application that will download, install, and launch PowerTermWebConnect Application Zone, primarily for thin client devices.Each time PtStart runs, it checks the version of the PowerTerm WebConnectcomponents on the server and compares it with the version of componentspreviously downloaded to the device. If the versions are the same, thenPtStart will run the PowerTerm WebConnect Application Zone. If PtStart findsthat the PowerTerm WebConnect components on the server are of a newerversion, then it will first download and install the newer version, prior torunning the PowerTerm WebConnect Application Zone.The first time PtStart runs it creates a configuration file, PtStart.ini, in thesame folder as the downloader. This file contains the paths to the Installfolder and the Working folder. The final path to these folders may varydepending on the thin client type.It is also possible to define all PtStart.ini values in a parameter file located onthe web server where PowerTerm WebConnect Application Zone isdownloaded from. This parameter file will take precedence over PtStart.ini.The parameter file names are:WebConnect-Client-CE.ini.txt for Windows CE Thin ClientWebConnect-Windows.ini.txt for XPe Thin ClientWebConnect-LINUX.ini.txt for Linux Thin ClientPtStart for XPe Thin ClientNOTE Some thin client device are pre-installed with the ―Ericom PowerTermWebConnect Client‖ shortcut to start the PtStart Client.The default Install and Working folders are:Install folder: C:\Documents and Settings\\ApplicationData\Ericom\Clients\Working folder: C:\WebConnectClient\It is possible to modify the path:Create a text file on the PowerTerm WebConnect server machine:\web\windows\PtStart\WebConnect-Client-Windows.ini.txtThe file syntax is:[General]38

Install-Folder=Working-Folder=PtStart.ini OptionsOptionAddress = | Install-Folder = xxxWorking-Folder = xxxDescriptionThe Web server location or the full path of thePowerTerm WebConnect client ZIP file.If not specified, the user will be prompted forit.The folder where to download the zip andversion files.The folder where to unzip the clientcomponents.PtStart for Linux Thin ClientWhen PtStart for Linux is launched without any parameters, a dialog willappear requesting the PowerTerm WebConnect Server address.Once connected to the PowerTerm WebConnect server, all necessary clientcomponents will be downloaded and the user login prompt will appear.PtStart can be configured to start with command line parameters to automatethe connection and login process.NOTE To launch PtStart on HP Thinconnect Linux devices, request the PtStart.deb package from Ericom supportThe default Install and Working folders are:$HOME/EricomTo modify the path:39

Create a text file on the PowerTerm WebConnect server machine:\web\linux\PtStart\WebConnect-Client-Linux.ini.txtThe file syntax is:Install-Folder=Working-Folder=PtStart command line options(All options start with a double minus ―—―)--thin-client--install-folder=xxx--working-folder=xxx--config-file=xxx--parameters=xxx--locked--log=xxx--pre-font-install=xxx--fonts-folder=xxx--post-font-install=xxx--font-installcommand=xxx--pre-installcommand=xxxThe thin client command, needed to use with font,pre, and post command-line option parameters (seebelow).The folder where to download the zip and version files.The folder where to unzip all the client components.Specifies the full path and name to the PtStart.ini.qterm-wc parameters.Default: noneDoes not save any changes to the PtStart.ini.Default: offFull path and filename to the log file.Default: no loggingRuns before installing the fonts.To install the fonts into the system.Runs in the fonts-folder directory and after the fontsare unpacked there.Full path to the location where the fonts should beunzipped.Default: WORKING-FOLDER/fontsRuns after installing the fonts.Runs before downloading a component.40

--post-installcommand=xxx--version--helpRuns after downloading a component.Returns the version of the PtStart application.Shows these command line options in a Terminalwindow.Parameters limited with the --thin-client command-line optionPre-Install-Command = xxxPost-Install-Command = xxxPre-Font-Install = xxxPost-Font-Install = xxxFont-Install-CommandFonts-Folder = xxxRuns before downloading a component.Runs after downloading a component.Runs before installing the fonts.Runs after installing the fonts.To install the fonts into the system.Runs in the fonts-folder directory and after thefonts are unpacked there.Full path to the location where the fontsshould be unzipped.Default: WORKING-FOLDER/fontsPtStart.ini optionsOptionAddress = | Install-Folder = xxxWorking-Folder = xxxParameters = xxxLog = xxxDescriptionThe Web server location or the full path of thezipped PowerTerm WebConnect client.If not present, the user will be prompted for it.The folder where to download the zip andversion files.The folder where to unzip all the clientcomponents.It is recommended to set the value of/tmp/Ericom for thin clients if the space in thehome directory is limited.qterm-wc parameters.Default: noneFull path and filename to the log file.Default: no logging41

LockedOverride-Command-LineDoes not save any changes to the PtStart.ini.Default: offOverrides all command line options.PtStart for Windows CE ClientSelect Add in the Connection Manager and then enter ―Ericom WebConnectClient‖ to start the Ericom PowerTerm WebConnect Client.The Install and Working folders are by default located:Install folder: …\[persistent foldername]\WebConnect\Working folder: …\WebConnect\The Install folder must be in a persistent location so that the files will be keptafter turning the thin client off.It is possible to modify the path:Create a text file on the PowerTerm WebConnect server machine:\web\Windows\PtStart\WebConnect-Client-CE.ini.txtThe file syntax should be:[General]Install-Folder=Working-Folder=PtStart.ini optionsOptionAddress = | Install-Folder = xxxWorking-Folder = xxxDescriptionThe Web server location or the full pathof the zipped PowerTerm WebConnectclient.If not specified, the user will beprompted for it.The folder where to download the zipand version files.The client components cache folder.42

6. CUSTOM CLIENT PARAMETERSGeneral Client Command Line ParametersCommand line parameters control the behavior of the PowerTermWebConnect clients. All the parameter names are non-case sensitive. Theseparameters are used by PT_agentParameters (downloader.js).( * ) denotes the default value.[ * ] if the designated file is not found, then it will be created.Server's address and port number are in the following format::port or address:portEXAMPLE: :4001, 192.168.0.100:4001If the port number is omitted, the default (4000) is used.Client Parameter OptionsSSL EncryptionLogin Dialog DisplayReconnect Mode/NOSSL - disables SSL./SSL - (*) enables SSL./SSLCERTFILE[=[*]] - explicitly specifies the SSLcertificate filename./SSLCERTPATH[=[*]] - specifies the path for the SSLcertificate./C2S_DLG(*) - displays the Connection-to-Server dialog./NO_C2S_DLG - does not display the Connection-to-Server dialog./RM_NONE (*) - will not reconnect an interruptedsession./RM_ON DEMAND - will reconnect only sessionsconnected through the PowerTerm WebConnect server‘sgateway./RM_WIRELESS - will reconnect any sessionautomatically. All wireless sessions use the PowerTermWebConnect server‘s gateway./RM_INTERACTIVE - enables the client to select themode during login.43

NOSELFUPDATE/USER=/PASS=/SID=/CONNECTION=/DESKTOP(*)/STARTUP/BOTH/EN/FR/DE/IT/ES/CZwhen specified in the command line, the client does notverify whether a newer version is available on theWebConnect server. This command is not passed fromthe Application Zone params to the client params whenthe client is launched.specifies a fixed value for the User Name field. Placingan asterisk in front of the user name will bypass thelogin dialog and use the defined credentialsspecifies a fixed value for the user‘s Passwordspecifies the value for the Session ID fieldspecifies a predefined connection nameplaces a shortcut to the Application Zone executable onthe user‘s desktop. If the shortcut is configured for aspecific user, it will not be valid when copied to anotheruser‘s profile (check the Properties of the shortcut for avalid path to the cached client component).places a shortcut to the connection in the WindowsStartup menuplaces a shortcut to the connection in both the desktopand the Windows Startup menuEnglish (*)FrenchGermanItalianSpanishCzechNOTE The FTP and DFT client do not support command-line parameters becausethey connect directly to the hostClient Self UpdatePowerTerm WebConnect clients are downloaded and installed on demand thefirst time they are invoked. During the download and installation, a progressindicator will be displayed. Client components are not downloaded until theyare used by the end-user.44

PowerTerm WebConnect clients can also update themselves by downloadingnewer versions that have been placed on the PowerTerm WebConnect server.When a client starts up, it compares a checksum of its own CAB file with achecksum of the CAB file in the server‘s Downloads directory. If the twochecksums are different, the client downloads the newer version and restartsitself. If the downloader attempts to update a client while it is active, theuser will be prompted to close the application before the update will takeplace.To place a new client on the server, copy the updated CAB files over to theserver‘s Downloads directory. This mechanism can also be used to revert toold clients. Just copy the older CABs on top of the new ones.Client Failover ConfigurationWhen there are multiple PowerTerm WebConnect servers, the clients can beconfigured to connect to a list of available servers.To configure the client HTML file (i.e. ApplicationZone.html) change theparameter value of the PowerTerm WebConnect server (default:) to a list of PowerTerm WebConnect server. Separate theserver names using a semi-colon.This is also configurable in the downloader.js using the PT_server parameter.EXAMPLE: Admin Console Failover Configuration1. Launch the Administration Tool. The Connect dialog appears.2. Type the WebConnect server names in Host Name.NOTE Separate the list of servers with semi-colons ‗;‘3. Enter other parameters.4. Click Connect.Modifying the Application Zone Command Line ParametersThe Application Zone provides many functions. Certain functions areexecuted based on a command line parameter (such as enabling savedcredentials or launching a specific client). The following parameters can beused either from the Command Line or via HTML to create a customApplication Zone access point:45

AUTOLOGIN=This allows the user to save credentials to a local encrypted file on thesystem. The credentials file will be created in the user‘s application folder(C:\Documents and Settings\\Local settings\ApplicationData\Ericom\). The credentials are saved in an encrypted format that is userand machine specific. Exiting the Application Zone will erase the credentialsbased on the setting AGENT_ExitCleanMode. If the credentials are incorrect,the login dialog will be displayed with the current values pre-entered into thefields, and the Save Credentials box checked. When the user clicks Connectand the logs on to PowerTerm WebConnect successfully, the new values willbe saved to the credentials file, overwriting the exiting one. In this scenario, ifthe user clears the checkbox, the credentials file is deleted.To clear saved credentials right-click on the Agent icon in the system tray andselect Clear Credentials. The possible values for /AUTOLOGIN are:YES – If the credential file exists, the login dialog will not bedisplayed. Otherwise, the login dialog will be displayed.NO - disabledINTERACTIVE - If the credentials file exists, and the user changedthe credentials when the check box is still ON, the user will beasked to save the updated credential information.FIRST INTERACTIVE – (Default setting) If the credential file exists,the login dialog will not be displayed. Otherwise, the login dialogwill be displayed and the Save Credentials check box will bedisplayed.Empty, missing or invalid value - use FIRST INTERACTIVE/RUN=client-idTo run a PowerTerm WebConnect client directly upon calling the ApplicationZone where client-id is one of the following:RemoteView – Terminal Server and VDI accessHostView - Browser-based terminal emulationPrintView – LPD client printer daemonQuickVNC – Connection using the VNC protocolQuickFTP – Secure FTP clientFTP - Secure FTP client stand-alone toolDFT - AS/400 (iSeries) Data File Transfer stand-alone tool46

NOTE When defining a parameter string with both the /RUN and /CONNECTIONparameters - ensure that the connection is supported by the client. If/USER is also defined, make sure that it has access to the specifiedconnection.When using the /RUN command, the client component is launched directly,and Application Zone will not be launched./EXTRA_PARAMS=Additional command line parameters to be passed to the client via theApplication Zone./CALL_ADMINRequests remote desktop shadow assistance from a PowerTerm WebConnectadministrator that is logged in./CALL_SUPPORTRequests remote desktop shadow assistance from a PowerTerm WebConnectsupervisor that is logged in.Create a custom Application Zone title1. From the Administration Tool, go to Files | Configuration | Main.2. Find the ClusterName setting and enter the custom name (i.e., MyWebConnect).3. Close and save the file.4. Restart the PowerTerm WebConnect Server service5. After the restart, all Application Zones will use the new title.47

Modifying the RemoteView Command Line ParametersThe PtAgent receives parameters from the HTML, and is configuredaccordingly. When RemoteView is launched, it will receive any parametersprocessed by the PtAgent and use it as part of its own launch process.Windows DownloaderIn this parameter string, is a macro that is translated by theWindows Downloader into the hostname of the Web server which provided theHTML.Java DownloaderModify the value of the Java Script variable parameters in the correspondinghtml file.For Windows clients edit the file web/windows/RemoteView_J.html.For Linux clients edit file web/linux/ix86/Agent_J.html.Customizing the HostView Command Line ParametersNOTE When starting PowerTerm WebConnect HostView with a specifiedConnection parameter, the New Terminal Session icon and menu item areremoved from the GUI and there is no Connection List displayed.ActiveX DownloaderIn this parameter string, is a built-in command to use theaddress of the web server.Java DownloaderFor Windows clients, edit the file web/windows/HostView_J.html.For Linux clients edit the file web/linux/ix86/Agent_J.html.Customizing the PrintView Command Line ParametersAdditional PrintView-specific parameters/LPD_PORT=port-number48

A valid TCP/IP port number to listen for LPD/LPR commands. (Default: 515)/EXT_NAMES=external-namesA list of up to 9 external names, separated by spaces. They can be referreddynamically in the queue names by the symbol %N, where N is a 1 basedindex in the external names list. Example: if /EXT_NAMES=‖A B C‖ then thequeue name Queue_%2 will be dynamically evaluated as Queu_B because Bis the second (2) item in the external names list.Windows DownloaderJava DownloaderModify the value of Java Script variable parameters in the corresponding htmlfile. For Windows clients edit the file web/windows/PrintView_J.html.Modifying QuickVNC Command Line ParametersWindows DownloaderJava DownloaderModify the value of Java Script variable parameters in the corresponding htmlfile. For Windows clients edit the file web/windows/QuickVNC_J.html.Closing the web browser automatically after Ericom is launchedAdd the following code to the HEAD of the desired web page to closed thebrowser automatically after the PowerTerm WebConnect components aredownloaded and installed (user will be prompted for confirmation).PowerTerm WebConnect setTimeout("window.opener=window;window.close()",300000); …49

In this example, the window is closed after 300000 milliseconds, or 5minutes. Leave enough time for the Ericom components to fully downloadbefore closing the browser. The user will be prompted to close the browser:50

7. POWERTERM WEBCONNECTAPPLICATION PORTALThe Web Application Portal provides a web based interface to accesspublished applications. Popular web browsers are supported: MicrosoftInternet Explorer, Mozilla Firefox, and Apple Safari. The purpose of theApplication Portal is to give users one easy to use interface to accesspublished resources. Thus, some Application Zone features are not available,such as Application Center, Desktop/Start menu icons, and the systray agent.NOTE Application Portal is currently available only for Windows based systems.For Mac and Linux availability, please contact Ericom Support.Published applications are launched directly from the browser by means of anActiveX control or Java applet (the best method is automatically selectedbased on the client operating system and browser type.) The ApplicationPortal is designed to run on Microsoft‘s Internet Information Server (IIS)version 5 or higher.The Application Portal can be deployed on the same system running thePowerTerm WebConnect Server or on a separate server.Application Portal ConfigurationDuring the Application Portal installation process, a COM (ActiveX) objectnamed ComPortal is installed on the Web Server. This COM object isresponsible for communication between the Web Server and the PowerTerm51

WebConnect Server. The ComPortal files are installed in the \ComPortaldirectory on the Web Server.NOTE ASP processing may be disabled by default on Microsoft IIS. ThePowerTerm WebConnect installation checks for ASP, and attempts toenable it if it is disabled. If the Application Portal does not work properly,verify that ASP is enabled.Running ComPortal on 64-bit (x64) web serversIn order run/host Application Portal 64-bit versions of Windows Server (2003x64, 2008 x64, 2008 R2) the web server must be configured to run 32 bitapplications.To enable 32 bit applications in IIS:On the x64 Windows Server running IIS, go to Application PoolsRight click on DefaultAppPool and select Advanced SettingsChange Enable 32-bit Applications to TrueRestart IIS, or open a command prompt and run IISRESETThis can also be set from the command line (cmd.exe).52

1) Enter the following: cd c:\Inetpub\AdminScripts2) Run the following command: cscript.exe adsutil.vbs setW3SVC/AppPools/Enable32BitAppOnWin64 "true"3) If the command is successful, Enable32BitAppOnWin64 will be set to True.The ComPortal.iniThe PowerTerm WebConnect Application Portal loads the configurationparameters from ComPortal.ini during its initial loading. The ComPortal.ini filecan be edited using a text editor. However, any changes made to theparameters will not take effect until the ComPortal object is reloaded by theWeb Server. To reload ComPortal.ini - reset IIS Server by running IISResetusing the command prompt.ComPortal ParametersServer=… denotes the properties of a connection to a PowerTermWebConnect server. Multiple PowerTerm WebConnect Server records can bedefined in the Comportal.ini file.A Server record is reference by the portal‘s LoggedIn.asp page in thePtUser.Authenticate function. This allows multiple Portals to reside on thesame server and reference a common Comportal.ini. Here is an example ofhow a server record is configured in a portal‘s LoggedIn.asp page:For each PowerTerm WebConnect Server, a pool of special portal sessions ismaintained by the ComPortal component. Sessions from this pool are used toobtain information from the PowerTerm WebConnect server. These Portalsessions are not associated with any specific user; instead they can retrieveinformation for any user connected to the Application Portal.The Portal sessions are stateless and each session that is processing a serviceis busy until the service is completed. The availability of the Portal services53

depends on the number of Web sessions that require Portal services as well asthe size of the session pool. Increasing the number of sessions in the pool willimprove availability, but will also increase the load on the PowerTermWebConnect Server and the web server.Address – is the address and port of the PowerTerm WebConnect Server towhich ComPortal will connect to. Default is localhost:4000.CustomAddress - address and TCP port of the PowerTerm WebConnect Serverin relation to the Web browser (client). If not specified, then the default IPaddress of the PowerTerm WebConnect Server will be used.If there are external clients connecting to an internal PowerTerm WebConnectserver via Application Portal, add the PowerTerm WebConnect Server externalIP to this list.If the CustomAddress=71.86.93.111, 71.86.93.111 represents the external IPof the PowerTerm WebConnect serverMultiple addresses are separated by semicolons with no spaces. Add the portnumber to the end of the string as shown below:CustomAddress=66.252.166.135;demo.ericom.com;172.0.1.1:443CustomAddress=66.252.166.135;demo.ericom.com;172.0.1.1:4000In this example, there are multiple CustomAddress definitions for multipleports. Note that the port number is added once, only to the end of the string.After changing the settings run IISRESET from the command prompt.SSL-Certificate – the location of the PowerTerm WebConnect Server's SSLcertificate, if available. This certificate will be used to authenticatecommunication between the web server and the PowerTerm WebConnectServer. The default is empty which indicates that there is no SSL certificateand server authentication will not take place.Initial-Instances – the number of sessions that will be connected to thePowerTerm WebConnect Server at the initial start. Default is 0.Min-Instances - minimum number of sessions that will be generated andconnected to the PowerTerm WebConnect Server. Cannot be less than Initial-Instances. If it is set to a value less than Initial-Instances, then Initial-Instances will be set to Min-Instances. Default is 0.Max-Instances - the maximum number of sessions that can concurrently beconnected to the PowerTerm WebConnect Server. Default is 10.The last three parameters specify the size limits of the pool of sessionsconnected to a specific PowerTerm WebConnect Server and the pool‘s initialsize.Watch-Frequency-Seconds - at the end of this period of time, the pool willcheck that there are at least Min-Instances number of sessions connected tothe WebConnect server. If the number of sessions in the pool is less than Min-54

Instances, the pool manager will create additional pool sessions. There maybe more than one [Server=…] record section in order to define more than onePowerTerm WebConnect Servers. Each record corresponds to a session pool.Default is 15.Logging ParametersComPortal can generate a log file to assist in identifying problems. TheComPortal.LOG log file resides in the same folder as the ComPortal.dll file.[General] section - this contains the common configuration attributes.MaxLogFileSizeK—maximum size of the LOG file, in kilobytes. is 1 MB (1024KB).MaxLogBackups—maximum number of log file backups saved, in kilobytes.LogFlags is 10.Run - general software workflow flags.All of the following are services provided by the WebConnectPortal client:Authenticate.GetConnectionsList.GetLoginTicket.AddLoginVariable.GetServerAddress.GetPreferenceValue.SetPreferenceValue.GetConnectionIcon.All—log all the above services and is equivalent to specifyingAuthenticate GetConnectionsList GetLoginTicket.NOTE The default setting is Run All.The “< Portal >” Special UserFor portal connections PowerTerm WebConnect Server uses a special usernamed < Portal >. This user is used for the communication between the WebServer and the PowerTerm WebConnect Server, regardless of the useractually logged into the Application Portal. < Portal > has special attributesand should not be used to manually log in to PowerTerm WebConnect.55

To disable Portal access open the Main Configuration file (PtServer.ini) andset [Server]UsePortalUser to False.NOTE < Portal > user must not be modified or deleted. If this user is deleted -all PowerTerm WebConnect portal clients that are connected will be shutdown. Until the user is recreated, Portal clients will not be able tolog on. In order to recreate the user, the parameter [Server]UsePortalUser must be set to True.Installing Application Portal on PowerTerm WebConnect ServerThe default WebConnect Server installation installs the Application Portal onthe same system as the PowerTerm WebConnect server.In this installation scenario there is no need to modify any ComPortal.iniparameters. The default parameters of the ComPortal.ini point to localhost,which is the PowerTerm WebConnect server.Installing Application Portal on a web serverIf the Application Portal is installed on a system other than one runningPowerTerm WebConnect Server, the following parameter in the MainConfiguration (PtServer.ini) [Portal] section must be modified accordingly:Machines - enter the IP address(es) or the name(s) of the web(IIS) server(s). By default this is set to localhost. To specifymultiple Web servers separate each address with a semi-colon ‗;‘.It is also possible to add additional [Server] record sections within theComPortal.ini file to define additional PowerTerm WebConnect servers.EXAMPLE:ComPortal.ini using multiple WebConnect Servers:56

Modifying the PortalTo manually modify the portal settings, navigate to its source folder.NOTE Before making any changes, backup the current files for easy recovery incase an error is made during editing.Certain images can be replaced (in the Images directory) to modify or brandthe Portal. Portal text can be modified under the index.asp and main.aspfiles.57

Configuring the Session TimeoutThe Application Portal timeout setting has to be set in two places:Internet Information Services (IIS)Launch the Internet Information Services (MMC snap-in).Right-click on Default Web SiteClick on the Home Directory tabClick on Configuration… and then the Options tab Set the Session timeout value. The maximum is 1440 minutes (24hours).Application Portal Main.aspOpen \web\AppPortal\Global.asaNear the top of the file, edit the line:Session.Timeout = 20Set the Session timeout value (defined in minutes). The maximumvalue is 1440 minutes (24 hours).TroubleshootingExamine the PtServer.ini file found in the \Database directory andverify the settings under [Server Connection Points Table].Examine the ComPortal.ini file found in the \ComPortal directoryfor correct settings, in particular the Server name and IP address.Try restarting the IIS Server by running the IISreset command.Remember to enable 32 bit applications on x64 web servers58

ocscript.exe adsutil.vbs setW3SVC/AppPools/Enable32BitAppOnWin64 "true"If users are receiving a "Service Unavailable" message, re-registerASP.NET using the command prompt:oC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -iExamine the ComPortal.LOG file found in the \ComPortal directoryfor an indication of where the attempted communication mighthave failed. Communication failures are indicated by rows startingwith *** ERROR *** or *** WARNING ***. Any services showinglong elapsed times should be investigated.LOG file samplesCannot find WebConnect Server: This error is caused by the ComPortal.iniparameters pointing to an incorrect WebConnect Server address. An sampleof the LOG file showing this error displayed below.**********************************************************************06/09/25 09:21:14.259 | 820 | C:/Program Files/Ericom Software/WebConnect5.6/ComPortal/openssl.dll loaded| Version: 0.9.7.10| Built : 06/01/15 14:49:4806/09/25 09:21:25.934 | 820 | Service 'Authenticate' started.06/09/25 09:21:25.949 | f28 | Connecting to server 'demo20031', port 4000...06/09/25 09:21:28.409 | f28 | *** ERROR *** [1095]| Cannot connect to server:| NO_DATA error encountered calling'gethostbyname' (#11004)| The requested name is valid, but no data of theWeb server is not in Machines list: This error occurs when the Web Serveraddress is not defined in the PtServer.ini file. There will also be an entry inthe Intruder Record showing ―Unknown user ‖.**********************************************************************06/09/25 09:25:16.445 | 880 | The login request was sent06/09/25 09:25:16.476 | 880 | Login rejected:| State : 5| Reason: The access of user '< PORTAL >' to isdenied.| Please contact your system administrator.User does not exist: This error is caused when the UsePortalUsers inthe PtServer.ini file is False. There will be an entry under Intruders showing―Unknown user ‖.**********************************************************************06/09/25 09:30:02.832 | 790 | Starting the pre-identification handshake...06/09/25 09:30:04.381 | 790 | Sending the login request...06/09/25 09:30:04.397 | 790 | The login request was sent06/09/25 09:30:04.397 | 790 | Login rejected:| State : 4| Reason: The user '< PORTAL >' is not defined.59

8. ADMINISTRATION TOOLThe PowerTerm WebConnect Administration Console manages publishedresources, user sessions, and server configuration.Launching the Administration ToolThere are several methods to launch the Administration Tool:From PowerTerm WebConnect Server‘s Start menu selectPrograms | Ericom Software | PowerTerm WebConnect x.x |PowerTerm WebConnect Administration ToolRun the Administration Console using ActiveX (IE required):http://10.10.1.1/webconnect/windows/administrationtool_x.htmlRun the Administration Console using Java installer (Javarequired):http://10.10.1.1/webconnect/windows/administrationtool_j.htmlDouble-click PtAdmin.exe, located in the bin directory of thePowerTerm WebConnect application folder.NOTE You can pass the port number to the Administration Console as acommand line parameter, using the following syntax: -port=port-numberHINT―C:\Program Files\Ericom Software\PowerTermWebConnect\bin\PtAdmin.exe‖ –port=778When launching the Administration Console for the first time the Connectiondialog appears with the user ―Administrator‖ entered as the username. Thereis no initial password, just click Connect to login.In the Connection dialog, the Host Name appears as localhost. This is correctonly if the Administration Console is being launched from the PowerTermWebConnect server. If the PowerTerm WebConnect server is running from adifferent machine, enter its IP address/host name.NOTE If multiple administrators are connecting to the Administration Tool frommultiple RDP sessions on the same Terminal Server, make sure to go theAdministrator user‘s Properties and enable Allow Concurrent Machines.Each RDP session is counted as a unique session.60

Quick Access ScreenPublish Multiple Applications, opens the Publish MultipleApplications wizard.Configure Load Balancer, opens PowerTerm WebConnect LoadBalancer Administration Tool.Create a Host Connection, opens the Add Connection dialog.Configure Directory Services, opens the Directory Services dialog.Administration Console InterfaceThe Administrator Console is comprised of the following components:Menu bar: used to modify and refresh the information tables, launch wizardsto publish applications and desktops, manage objects, etc.Toolbar: icons to launch commonly used functions.Information panes: shows properties and real-time information for users,groups, connections, sessions and intruders.Properties dialogs: used to modify existing object and server settings.Viewing Users, Groups, and ConnectionsTo display the Users pane select View | Users or click its icon from thetoolbar.To display the Groups pane select View | Groups or click its icon from thetoolbar.61

To display the Connections pane select View | Connections or click its iconfrom the toolbar.Modifying the View PaneMost information panes uses a table structure to display relevant information.Useful information panes include:Client SessionsAdministrative SessionsIntrudersUsersGroupsConnectionsEach table row represents an object, queue, or session, while each columnrepresents a property or a piece of runtime information about the object.Additional rows are added when new objects are created. In some views, newrows are added when new queues are generated or sessions established.Changing Column Width and OrderThe width of columns can be changed manually, or automatically expanded toshow the entire contents of the column.Column divider on the column title bar:NOTE To see the contents of a column without resizing it, position the mouseover a column title, or a certain line, to see a tool-tip with the full text.Manually change column widthMouse-click the column divider and move (drag-and-drop) it right or left toadjust.Automatically expand a columnRight-click on the column title.62

NOTE If the column is empty, the right-click will have the opposite effect: thecolumn will be narrowed to the smallest widthChange the position of a columnClick the column‘s title and drag and drop it to the desired position.Hide a columnCertain columns may be hidden so the table only shows desired propertysettings or status information. Mouse-click the column divider and move(drag-and-drop) it left until the column is hidden. A hidden column may berevealed by clicking the same divider and moving to the right.NOTE Columns that are not visible are actually set to a width of 0 (zero).Sorting TablesTables can be sorted by clicking the column‘s title. The column that is clickedwill become the primary sorting field. When clicking another column, that fieldwill become the primary sorting field and the previously selected column willbecome the secondary field. When several objects have the same value forthe primary field, those objects are sorted by the secondary field.The Administrator UserThe Administrator user is a local PowerTerm WebConnect account. This is notthe local system or domain administrator account. The password is initiallyempty and should be changed immediately. Change the Administrator‘spassword by opening its property page and clicking Password>>>.Initially, the Administrator user can only login to the Administration Consolefrom the PowerTerm WebConnect server. To change this, go to theAdministrator‘s property page and change the Access Limit Mode to Unlimited.HINTIt is recommended to launch the Administration Console from aworkstation so it does not consume resources from the PowerTermWebConnect server. Only do this after the Access Limit Mode has been setto Unlimited. To allow multiple administrators to login, check AllowConcurrent Machines.Closing the Administration ToolTo close the Administration Console select Action | Exit. A confirmation dialogwill appear. Click Yes to close the application.NOTE Closing the Administration Console does not stop the PowerTermWebConnect Server service.63

Useful FunctionsEnvironment VariablesPowerTerm WebConnect provides environment variables to configureadvanced features of the server. Environment variables can be defined on fora user, group, connection, or the PowerTerm WebConnect Server.The Environment Variables window shows all defined variables for PowerTermWebConnect, whether they are defined for users, groups, or the server object.See the Appendix for a full list of available environment variables.Creating a new Environment Variable1. Double-click or right-click on the desired User or Group and selectProperties. The Properties dialog appears. Define server valuesusing Server | Configuration.2. Click . The Define Environment Variable dialog appears.3. Type the new environment variable‘s name and set its value.4. Set the encryption type.5. Click OK and the new environment variable will appear in the list.NOTE Environment variables can be copied and pasted between different userand group properties. However, only one dialog can be open at a time.64

Modifying Existing Environment VariablesOpen the Environment Variables Window by selecting View | EnvironmentVariables. Double-click on the variable to be modified. Make anymodifications and click OK to apply.NOTE Non-persistent LDAP user objects cannot have Environment Variablesadded to them.Load License (Server menu)Use this function to load newly entered activation keys.Refreshing the Information TablesInformation view data can be set to refresh at a fixed interval or manually.Refresh all information tables manuallySelect View | Refresh I/O Information or press F5.Set the automatic refresh intervalSelect Server | Configuration. Set the refresh time interval underAdministrator | Auto Refresh Freq.NOTE For servers that contain many objects, enabling automatic refresh mayresult in additional network traffic and reduce the performance of both theserver and the Administration Tool. In such cases, increase the automaticrefresh interval, or disable the automatic refresh function.Update WebConnect with Active Directory dataSelect Server | Refresh ActiveDirectory Information.65

Sending/Receiving Files from PowerTerm WebConnect ServerThis feature provides file transfer between the WebConnect server and theAdministrator‘s computer (the computer on which the Administration Consoleis running).To receive a file from the server select Files | Get File. The Get File dialogappears. Browse the Folders for the desired file. Check Open to open thelocal copy using its associated application when received. Click OK.Copied files are placed into a temporary folder under the user‘s ApplicationData folder in the Ericom/ptadmin subdirectory.To send files to the server select Files | Put Files. The Select Files to Put onServer dialog appears. Select one or more files and click Open. The Put Filesdialog appears. Select the target folder on the server for the file(s)destination. Click OK and the files will be transferred to the server.Administration Console ParametersThe administrator can configure shortcuts to the Administration Console usingcommand line parameters. The parameters are optional.-user=user-name-pass=password-host=hostname-port=port=numberUser‘s account name on the PowerTerm WebConnectServer.Enter question mark (?) to sign in with the usercurrently logged into the system (the account mustexist in the Administration Tool).Enter an asterisk (*) to bypass the login dialog.User‘s password on the PowerTerm WebConnect Server.PowerTerm WebConnect Server‘s host name.PowerTerm WebConnect Server‘s port number.PATH ―D:\Ericom\PtAdmin.exe‖ –host=117.18.75.89 –port=778 –user=‖Lee‖66

9. DIRECTORY SERVICESPowerTerm WebConnect integrates with LDAP based Directory Services (DS)such as Microsoft‘s Active Directory and Novell‘s eDirectory. Please consultwith Ericom if other LDAP sources will be used.PowerTerm WebConnect authenticates users by identifying the DS User objectand then applying the standard DS User authentication.The syntax for Active Directory users is user@domain.The syntax for eDirectory users is user.path.domain.When a user logs in to PowerTerm WebConnect:The domain specified by the user is used.If no domain is specified, the default is used.If there is no default, the authentication will fail.NOTE PowerTerm WebConnect supports both two-way and one-way domaintrusts. Untrusted domains are also supported.Local PowerTerm WebConnect DatabasePowerTerm WebConnect provides a built-in directory framework in case athird-party directory service is not available. The Administrator user is a builtinuser.Administration Console Connection ProcessPowerTerm WebConnect requires read access to the Directory Service. Toenable the ability to change user‘s password, modify access is required. ThePowerTerm WebConnect Server can connect to the Directory Service by oneof the following:Directly to the Domain Controller/Server where the DS is stored.Available when the computer running the Administration Consoleis running on the same trusted network as the host of the DS.Via the WebConnect server SSL gateway.Used when the computer running the Administration Console isconnecting from outside the trusted network.The use of SSL provides enhanced security, but does so at the expense ofincreased traffic overhead and degradation of the connection response time.67

Once the connection to the DS database has been established, the PowerTermWebConnect Server is able to authenticate Users using the DS.Connection to a Directory ServicesConnect PowerTerm WebConnect to an existing Directory Services:1. Launch the Administration Tool.2. Select Server | Directory Services.If there is already a default DS identity defined, this will bediscovered and displayed in the list automatically.3. Clicking New create a new DS entry. Highlighting one of theexisting DS‘s will allow the administrator to view and modifyproperties, delete the DS from the list, or test the connection.4. Select one of the Domains from the Default Domain drop-down listwhich will be used as the default Domain for PowerTermWebConnect Users to log in. Click Close.Defining a default domain enables users to log in without having to specifythe domain name as part of their login user name. PowerTerm WebConnectwill automatically use the default domain when no domain is specified as partof the login.Adding a new Directory Services instance:1. Launch the Administration Tool.2. Select Server | Directory Services.3. In the Directory Services window click New.68

STOP When creating a new DS with the same name as an existing DS, a warningmessage will be displayed. If the warning is ignored, PowerTermWebConnect will create a new DS with the existing name with the additionof ―_1‖ as a suffix. To create a new instance of the DS click ―Yes‖, to editthe existing DS click No. The name of the domain is reflected in the nameof the User, for example, if the domain name is ericom.local_1, Users willto log in to this domain using a name of the form john@ericom.local_1.4. Enter the address using the server name or IP address, and theTCP port to be used. If SSL is used to connect, this address mustbe a name and cannot be an IP address.5. Select the connection type from the drop-down list. SelectingSpecify credentials requires a valid User name and Password thatcan query the Directory Service. Selecting Windows authentication(Kerberos) will log in to the DS using the current Windowscredentials.6. Click Connect.69

When PowerTerm WebConnect is properly connected to the DS, the Name,Vendor and Base DN (root tree Distinguished Name) of the DS will bedisplayed.NOTE Connecting to an eDirectory DS anonymously will allow the AdministrationConsole to read the user and group objects. When connectinganonymously to a Microsoft Active Directory DS, the AdministrationConsole will not be allowed to browse the DS objects.Adding Base DN’s for use with PowerTerm WebConnect1. Click on the Details of the Base DN button to display the resourcesstored within the DS.Select desired organizational units (OU) for use with PowerTermWebConnect. This enables the search for specific users to befaster and also allows PowerTerm WebConnect to reject users thatare not a part of the selected OU‘s.NOTE The default is to search the entire tree, which may be slow with largerdirectories2. Highlight desired OU‘s and click Add to add the OU‘s to theSelected Base DNs list. Multiple OU‘s may be added. Double clickon an OU to display the child branches and objects.3. When all required resources have been added to the Selected BaseDNs list, change the order in which they should be searched byusing the Up and Down buttons. The best practice is to place themost commonly used OU‘s at the top of the order.70

Parameter combinationsThe following connection options are available.TypeAnonymousUse SSL(Port)ServerGateway(Port)DefaultPortUse SSL andGateway XSpecifycredentialsWindowsauthentication(Kerberos) XX X XHINT The default port for LDAP is 389 and the default port for SSL LDAP is 636Certain Active Directory configurations require that Specify credentials beused. If your user logins are taking longer than expected (i.e. more than 30seconds) configure the following:1. Use Specify Credentials and enter a user account that can querythe directory server.2. Open the Main Configuration and set Filter=use_server_cred underthe [LdapDomain=1] section.3. Restart the PowerTerm WebConnect Server serviceUsing Novell eDirectoryClient ConfigurationWhen there is an Active Directory server and an eDirectory server configuredin PowerTerm WebConnect, the Application Zone (ptagent) must run with theparameter /nodomain.NOTE /domain is not required when Novell eDirectory is the only directoryservices being used.Defining the Novell eDirectory domain base nameFor a user with the following DN:cn=user1ou=Usersou=SaleDepartment71

ou=NDSOrgIf only the root of the tree is referenced (NDSOrg) in the base DN, the userwill need to enter user1.Users.SaleDepartment.NDSOrg to log in.If Users.SaleDepartment.NDSOrg is added to the base DN, the user has toenter user1.NDSOrg to log in.If NDSOrg is defined as the default domain name, the user has to enter user1to log in.72

10. UNDERSTANDING USERS, GROUPS, ANDCONNECTIONSPowerTerm WebConnect User ObjectThe user object represents one person (or entity) in the PowerTermWebConnect database. There are three types of user objects.PowerTermWebConnect UserNon-persistent DS UserPersistent DS UserDefined within the PowerTerm WebConnectdatabase. All credentials and rights are stored in thedatabase.Defined from a Directory Services. Only listed inPowerTerm WebConnect while the user is active. Allcredentials and rights are stored in the directoryservice.Defined within the PowerTerm WebConnect databaseby import from a directory service. All credentialsand rights are stored in the directory service. Usersare periodically synched with the directory serviceinformation.Built-in User ObjectsSeveral built-in PowerTerm WebConnect user objects are supplied with theAdministration Tool.Used by SupportView for support requests. The attributes of this user cannotbe modified.Used by the PowerTerm WebConnect portal component. The attributes of thisuser cannot be modified.Used by the Agent to install the PowerTerm WebConnect components. Theattributes of this user cannot be modified.73

AdministratorDefault PowerTerm WebConnect Administrator user. This account is used tologin to the Administration Tool. By default there is no password, it isrecommended to change the Administrator‘s password, and not leave empty.NOTE To allow Administrators to login from machines other than the console, addthe IP address of the desired machine to the Allow Access list. Changingthe Access Limit Mode to Unlimited will allow access from any machine.Default AutoCreated User TemplateThis user serves as the template for all users that are automatically createdfrom a Directory Service (i.e., Microsoft Active Directory). The attributes ofthis user can be modified.ExampleA sample user. This user‘s password is example.GuestUsed to allow temporary access. This is a restricted user that cannot requestTech-support or Administrator support. By default there is no password.Auto-Created usersPowerTerm WebConnect has the ability to generate user objects on the flywhen using a directory service such as Microsoft Active Directory. Thisfeature is enabled by default.Creating UsersTo create a user:Select Actions | New | User. The Add User dialog is displayed.To modify user properties:1. Double-click the desired user or right-click on the desired user andselect Properties.2. Modify the necessary properties.3. Click OK.To delete a user:1. Select the desired user and right-click Delete or select Action |Delete. A confirmation message is displayed.74

2. Click OK.To disable a user:1. Select the desired user and right-click Properties or select Action |Properties.2. Clear the Enabled checkbox.3. Click OK.NOTE If the user‘s default group is disabled, the user will be disabled as well,even if the user object is set as enabled. However, if the user is disabled, itremains disabled even if the group is enabled.To enable a user again after disabling it:1. Select the desired user and right-click Properties or select Action |Properties.2. Select the Enabled checkbox.3. Click OK.4. The User‘s default group must be enabled.Using the Add User / User Properties DialogThe User Properties dialog (called the Add User dialog when you are creatinga new user) consists of the following:User properties fieldsEnvironment variables tableSettings buttonMemo button: Opens a text to type notes about the object.Sessions button: Shows existing sessions of the user.Up and down arrows: Clicking these arrows switches to theprevious (up) or next (down) user, as sorted in the Users pane.NOTE The arrows are not displayed in the Add User dialog, when creating a newuser.OK and Cancel buttons: Save or discard your changes(respectively), and close the dialog.75

Changing User’s SettingsTo change the user’s client settings:1. Select the desired user and right-click Properties or select Action |Properties.2. Click the Settings button. The Settings dialog is displayed.3. Make the necessary modifications.4. Click OK to close the Settings dialog.5. Click OK. The new modifications take effect.NOTE Client settings that are not configured at the user level are inherited fromthe user‘s default group and server settings.PowerTerm User Object PropertiesThe user object contains values to define credentials, linked connections,group membership, system permissions, and allowed access methods. Certainuser properties can be defined explicitly using the Properties dialog, or theycan be inherited from groups or the server group.NOTE Although these properties apply to directory services users, most do notrequire configuration. Default values can be used with directory services.There are four types of User properties:Standalone propertiesThese are properties that can only be defined at the user level. They cannotbe inherited from the group or server. An example is the User Name property.PropertyUser NameAliasActive Directory PathUse Network PasswordPasswordDescriptionThe unique name of the objectAn alternative name or ID for the user forinformational purposesActive Directory Path for the user if it existsWhen checked, the directory services password isenabled. When cleared, the Password button isenabled. Click it to enter the PowerTermWebConnect password.The user‘s password. Ignored if Network Passwordis used.76

Free UserAllow ConcurrentMachinesRightsAccess Limit ModeMemo(Emulation only) Enables the user to specify theconnection properties.Determines if the user is allowed to log onsimultaneously from multiple computers.Sets the user typeUnlimited: specifies that the user can access theserver from any computer.User: specifies that the user can access the serverfrom a computer specified in Allow Access From.Group: specifies that the user can access theserver from a computer specified in User‘s Group.Both: both the User and Group rules are applied.Opens an editor to type notes about the objectShared propertiesThese are properties that are referenced in more than one object. Forexample, the User‘s Connections property defines which connections areattached to the user object. When a connection is added, the Owner propertyin the connection object and user object are changed.Property Description Property shared withUser‘s Groups(PowerTermWebConnect GroupsOnly)User‘s ConnectionsInherited propertiesSelect a group from theAvailable Groups box andclick the right-arrow tomake the user a memberof the group. Double clicka group in the User‘sGroups box to make it theuser‘s Default group.Select a connection fromthe Available Connectionsbox and click the rightarrowto make the userthe owner of theconnection.Groups. Once a Groupis assigned, the userwill appear in theGroup‘s User list.Connection. Once aConnection is assigned,the user will appear inthe Connection‘s Userlist.These are properties that can be defined at the user level, but also defined atthe group or server level. If they are not explicitly defined at the user level,77

these properties are inherited from the user‘s default group. If they are alsonot defined at the group level, they are inherited directly from the Server.PropertySettingsMax. ConcurrentSessionsMax. LPD QueuesHighest ReconnectModeEnvironmentVariablesDescriptionThis button opens a dialog to modify emulation settingsSpecifies the maximum number of concurrent sessions.The value ‗0‘ will use the value in the group‘s entry. If thegroup value is also ‗0‘, then the program uses the defaultvalue in the MaxUserQuota field located in the [Server]section of the Main Configuration (PtServer.ini).Specifies the maximum number of LPD queues. The value‗0‘ will use the value in the group‘s entry. If the groupvalue is also ‗0‘, then the program uses the default valueof the server object‘s Default LPD Queues property.Specifies the rule according to which the user is allowed toreconnect to the PowerTerm WebConnect server:None: Reconnect disabledDefault: Use the default group settingOnDemand: reconnect is only performed via the GatewayWireless: reconnect is performed via the GatewayAdvanced PowerTerm WebConnect settingsGeneral propertiesThese are always inherited from the user‘s group and/or from the server,regardless of what is defined in the user object. The user-level setting doesnot override the properties explicitly set at the group/server level.Property Description InheritanceUser‘s ConnectionsEnabledAllow Access FromIn addition to the connections thatare explicitly defined for the user,Group connections are permittedto the user as well.If the default group is disabled(the Enable checkbox in the GroupProperties dialog is not selected),the user object inherits this settingand becomes disabled as well.In addition to the connectionsources explicitly define here, theConnectionsGroupGroup78

EnvironmentVariablesClient InactivityTimeout* (serverobject)Max. Sessions*(server object)Max. LPD Queues*(server object)Max IntrusionAttempts* (serverobject)Intruders DisableTimeout* (serverobject)Background BitmapFileuser object inherits computers andaddresses from its groups as well.Environment variables that are notexplicitly defined for the user areinherited from the groups andserver.Specifies the inactivity timeout forall clients.Specifies the maximum number ofPowerTerm sessions that can beopened simultaneously.The maximum number of LPDqueues that this user will beallowed to have.Maximum number of unsuccessfullogin attempts before the user islocked out.The amount of time thePowerTerm WebConnect Serverwill refuse a login after detectingan intruder.(Emulation only) Sets backgroundimage of HostView.Group and ServerServerServer: the user‘sMax. ConcurrentSessionparameter mustbe lower than theMax. Sessionsdefined on theserver.Server: the user‘sMax. LPD Queuesparameter mustalways be lowerthan the Max. LPDQueues definedon the server.Always inheritedfrom ServerServerServer: if the userruns the HostViewclient, this imagewill be displayedas thebackground.* Does not appear in the User Properties/Add User dialog, as it cannot bedefined per-user. This property is defined using the Server Configurationdialog.79

Adding a User to a Group and Setting its Default GroupEvery user must belong to at least one group. Users inherit general propertiesfrom the groups to which they belong. Users optionally inherit properties fromtheir default group, unless they have these properties explicitly defined.NOTE The server object‘s Default Group parameter defines a default group forusers who do not have one selected. If you do not explicitly select adefault group for a user, it will acquire the Default Group defined at theserver level (see chapter ‎0).Assign Users to GroupsIn the User Properties dialog1. Select the desired user and right-click Properties or select Action |Properties. The User Properties dialog appears.2. Select the desired group that the user will be affiliated with andclick the right-arrow.3. Click OK.In the Group Properties dialog1. Select the desired group and right-click Properties or select Action| Properties. The Group Properties dialog appears.2. Select the members to be included in this group from the AvailableUsers list: Highlight the desired member and click the right-arrowor click the multiple right-arrows to select all the members.3. The desired member(s) appear in the Group User‘s list.4. Click OK.Remove Users from GroupsIn the User Properties dialog1. Select the desired user and right-click Properties or select Action |Properties.2. Select the desired group from which the user will be disaffiliated,and click the left-arrow.3. Click OK.In the Group Properties dialog1. Select the desired member to be excluded from this group fromthe Group‘s Users list.2. Click the left-arrow. The desired member appears in the AvailableUsers list.80

3. Click OK.Set a default group for a user1. Select the desired user and right-click Properties or select Action |Properties. The User Properties dialog appears.2. Double-click on the group that you want to be the default group.An red arrow appears adjacent to the selected group signifyingdefault group.NOTE Double-click to clear the default designation.PowerTerm WebConnect User RightsA PowerTerm WebConnect user object will be one of three types: Client,Supervisor, and Administrator.The following table explains the differences between each type:Components/User Rights Client Supervisor AdministratorAccess PowerTerm WebConnectclients: HostView, RemoteView,PrintView, QuickVNC, etc.Request support from otherAdministrators or Supervisors loggedon to PowerTerm WebConnectProvide support to other PowerTermWebConnect usersAdd/Modify/Delete user profiles viathe Administration ToolYes Yes YesYes Yes YesNo Yes YesNo No YesSupport Active Directory/LDAP Yes No NoTesting a UserThe Administration Console allows you to connect as a user, and test theaccess options, client settings, and available connections. The user‘spassword is required to test a connection. While you can view the user‘ssettings using the Properties dialogs and the information panes, it issometimes useful to test the user experience for yourself, either directly after81

creating a user object, after making changes to a user object, or in responseto a user‘s request or complaint.1. Select the desired user and right-click Test. The Login dialogappears.2. Type in the Password, if required.3. Select Reconnect Mode, if required.4. Click Login. The PowerTerm emulation appears and connects tothe desired host.Connection ObjectThe connection defines a resource on a host server. A connection objectcontains information on the host type, protocol used, target application, etc.PowerTerm WebConnect supports three distinct areas of hosts: TerminalServices, VDI and legacy access.To access a connection, it must be assigned to a user or group object. Thisobject becomes the connection‘s owner. A connection can only be owned byone object at a time, so a connection intended for multiple users should beassigned to a group, which contains the desired users.NOTE A connection can be assigned to the Server which will give any user accessto it.A connection can also be owned by another connection (which becomes itsparent connection). When the parent connection is executed, the childconnection is launched automatically. Child connections do not inherit settingsfrom the parent connection.Group ObjectsThe group object contains a group of users with similar permissions (forexample, members of the same department). This makes it easier to classifyand find similar users. When a user object belongs to a group, it will inheritsome or all of its properties from the group. Any property not explicitlydefined in the user object is taken from the user‘s group. Settings defined atthe user level will override the settings at the group level.EXAMPLE – Configuration InheritanceGroup A is defined to allowed concurrent sessions. If parameter was notdefined explicitly for each user, all group members will inherit this setting. IfUser A of Group A is defined to not allow concurrent sessions, the user-levelsetting overrides the group setting. User A is not allowed concurrentsessions.82

Similar to the User object, the Group object contain values to define:credentials, linked connections, group membership, system permissions, andallowed access methods. Certain group properties can be defined explicitlyusing the Properties dialog, or they can be inherited from the server group.Standalone propertiesThese are properties that can only be defined at the group level. They cannotbe inherited from the server. An example is the Group Name property.PropertyGroup NameAliasEnabledHighest ReconnectModeAllow Access FromAccess Limit ModeMemoDescriptionUnique identifier for the objectAn alternative name or ID for the user for informationalpurposesSpecifies whether the group is activeSpecifies which Reconnect mode to useSpecifies the machines from which the user is allowedto access to PowerTerm WebConnect.Format – IP address, IP Scope, User Name, all entriesare separated by semi-colons.Unlimited: specifies that the user can access the serverfrom any computer.User: specifies that the user can access the server froma computer specified in Allow Access From.Group: specifies that the user can access the serverfrom a computer specified in User‘s Group.Both: both the User and Group rules are applied.Opens a text editor to type notes about the objectShared PropertiesShared properties are reference by more than one object at a time.Property Description Propertyshared withGroup‘s UsersSelect a user from the Available Usersbox and click the right-arrow to makethe user a member of the group. Use themultiple right-arrows to add all theUsers83

Group‘sConnectionsusers.Select a connection from the AvailableConnections box and click the rightarrowto make the group the owner ofthe connection. Use the multiple rightarrowsto associate all the unaffiliatedconnections to this group. The group‘smembers can select one of theconnections shown here (or one of theconnections inherited from other groupsand the server) when logging in.ConnectionsOptionally-Inherited PropertiesOptionally-inherited properties can be defined at the group level, but also atthe server level. If they are not explicitly defined at the group level (using theAdd Group or Group Properties dialog), these properties are inherited fromthe ―master group‖ – the server object.Property Description InheritanceSettingsMax. ConcurrentSessionsMax. LPD QueuesThis button opens a dialog tomodify settings for the group‘susersSpecifies the maximum number ofconcurrent sessions that this has.The value ‗0‘ instructs the programto use the value specified(maximum number of concurrentconnections) in the User‘s defaultgroup. If this value is also ‗0‘, thenthe program uses the default valuein the MaxUserQuota field located inthe [Server] section of thePtServer.ini file. Other values willoverride the default value.Stipulates maximum number of LPDqueues that this user will beallowed to have at any particulartime. Enter ‗0‘ to revert to thedefault group‘s setting (or theserver‘s setting).If settings are notdefined here then allsettings will beinherited from theserver.Enter ‗0‘ to inheritthis property valuefrom the serverobject‘s DefaultSessions property.Enter ‗0‘ to inheritthis property‘s valuefrom the server‘sobject‘s Default LPDQueues property.84

EnvironmentVariablesThis table allows you to create andedit free-text variables that havenumerous uses. Environmentvariables added here are defined onthe group level.Environmentvariables that aredefined both hereand in the user‘sdefault group (or onthe server) areoptionally inherited.If you do not definethem explicitly here,they are inheritedfrom the group.Groups and ConnectionsA group, like a user, can own a connection object. When a connection isaffiliated to a group, all of the group‘s members can use that connectionobject to connect to the host.Every connection is owned by a specific user, a group of users or by theserver object (see below). When a connection is owned by a specific user,only that user is allowed to use that connection. When a connection is ownedby a group only users belonging to that group can use that connection. Inother words, you define how a user communicates with a host, and whichremote applications that user can access, by affiliating the user object to aconnection object. Another way to do this is to affiliate a connection to agroup of users to which the specific user belongs.Using Built-in Group ObjectsSeveral default group objects are predefined in the PowerTerm WebConnectserver. These groups may be modified based on the administrator‘s needs.Novice Users (Default) – least permissionsAdvanced UsersExpert UsersSuper Users – most permissionsDisabling a GroupWhen disabling or deleting a group object, all the users of the group will beblocked from accessing PowerTerm WebConnect. In order to re-enable usersfrom a deleted group, a new default group must be assigned to them.NOTE If a group is disabled, all its users are inherently disabled. However,disabling a user does not affect anything on its groups.85

Right-click the desired group and select Properties. The GroupProperties dialog appears.Check the Enable checkbox to enable, clear the checkbox todisable. Click OK.The Server Object – the "Master Group"The server object has a dual function: to define PowerTerm WebConnectserver-related settings, and to set the defaults for all objects. Groupssettings that are not explicitly defined are inherited from the ServerConfiguration. The server object can be set as the owner for specificconnections. Such connections become available to all the users.NOTE If a setting is not explicitly defined at the group level, the group's usersinherit the default settings from the server object. Settings defined at theconnection object level override the settings at the server levels. However,if the setting is explicitly defined at the user level, the user's settingoverrides all the other settings.General Properties at the Server LevelCertain properties are defined at the server object and are automaticallyinherited by all users.For example: the Max. Intrusion Attempts parameter defines the number oftimes a user can enter a wrong password before being blocked, is defined atthe server level and is automatically inherited by all users in the system. Youcannot modify this parameter for specific users or groups.The Server Object as a Fallback OptionThe server object is a ―master group‖ to which all groups and users belong.By default, the server‘s properties effect the entire system and all the users.However, this is often not the case. Groups do not inherit server options ifthey have these options explicitly defined, and users can also have explicitlydefined properties that override the server defined properties.Essentially, this means that the server object is a fallback option. Any―optionally inherited‖ properties you neglect to define in a group or user –either intentionally or by mistake – will be taken from the server.The consensus is that server properties should be as widely applicable aspossible. Try to define settings that will be the most appropriate for mostusers because most users are likely to inherit at least some of them duringtheir system lifetime.86

Server Object PropertiesThe server object has properties that define linked connections and allowedaccess methods for users. These properties can be divided into two types:Optionally-inherited properties: Groups and users inherit theseproperties unless you specify otherwise. Settings explicitly definedin a group or user object override these server-level settings.General properties: Groups and users always inherit these. Theseproperties cannot be defined per-group or per-user (i.e. they canonly be defined in the server object, using the ServerConfiguration dialog).The following table lists and explains the server object‘s properties. The―Type‖ column details how each property is inherited by groups and users.Property Description TypeClient InactivityTimeoutSpecifies the time limit for any client‘sinactivity after which the server closesthe connection.GeneralMax. Sessions Specifies the maximum number of General87

Max LPD QueuesAdministratorAuto RefreshFreq.Intruders: Max.AttemptsIntruders: DisableTimeoutconcurrent sessions that a user can openSpecifies the maximum number ofregistered LPD queues that a user candefine.Specifies the interval in which theAdministration Tool‘s AutoRefresh willrefresh the screen.Specifies the maximum number of loginattempts the user can perform to thePowerTerm WebConnect server beforebeing regarded as an intruder and belocked out for a set time duration.Specifies the amount of time (inminutes) that the PowerTermWebConnect server refuses to login avalid user after detecting an intruder.General-GeneralGeneralDefault Group Initial Default Group Users who donot have adefault groupdefined willuse thisvalue.BackgroundBitmap FileServer‘sConnectionsEnvironmentalVariablesSets a background bitmap for clients thatsupport this feature.Connections available to the server.Server related Environment Variables.These Environment Variables can beaccessed from the login scripts.GeneralGeneral. Allusers canaccess theserver‘sconnections.Environmentalvariables thatare notdefined in anygroup or userobject act likegeneralproperties,and areinherited byall users.88

Object HierarchyServer (Master Group) settings are applied first upon login.Group settings are applied nextConnection settings are applied nextUser settings are applied last and these will overwrite any previous settingsthat were configured.Example: Object relationships and hierarchyIn the example above there are two users belonging to the Sales group, threebelonging to the Accounts group, and one user, Bob, belonging to both. Allusers belong to the Master Group – the server. There are five connectionswith different owners (indicated by dotted lines). Connection A belongs to the―Sales‖ group, B belongs to the user Ned, C and D belong to the ―Accounts‖group, and E belongs to the server. In this scenario:John has access to the following:oooconnection A, because he belongs to the ―Sales‖ groupconnection E because he belongs to the ―Master Group‖(the server)John inherits his default settings from the ―Sales‖ groupand ―Master Group‖.Ned has access to the following:ooconnection B because he owns it.connections A as a member of the ―Sales‖ group89

ooconnection E because he belongs to the ―Master Group‖(the server).Ned inherits default settings from the ―Sales‖ group and―Master Group‖.Bob belongs to two groups and to the server and has access to thefollowing:ooall connections shown (except B, which ONLY Ned owns).Bob inherits default settings from his default group, whichcan be either ―Accounts‖ or ―Sales‖.Implementing Access PolicyWhen designing the PowerTerm WebConnect infrastructure consider thesequestions:Which users should have access to PowerTerm WebConnectresources?Do all the users have similar needs, or are there groups of userswith distinct access needs?How will changes in personnel and their groups affect the accesspolicy?What type of applications will be published?Initial ConfigurationThe following procedure is a general guideline that explains how to defineusers and groups at the initial configuration1. Define administrator‘s attributes and privileges. Create anyadditional administrator users.2. Determine if PowerTerm WebConnect built-in groups will be used.Modify them if needed.a. Create additional groups as needed.3. Assign built-in users to desired groups4. Determine if Directory Services will be used.a. Directory Services users will always be assigned to thePowerTerm WebConnect Default Group (Server |Configuration| Default Group).5. Assign any PowerTerm WebConnect users to desired groups6. Create connections and applications90

7. Assign connections and applications to groups or usersGeneric UsersIn some cases authentication into PowerTerm WebConnect is not required.For example, the published application has its own authentication system, andan additional login is not desired. By using generic users, all users willconnect to the PowerTerm WebConnect environment with the same ―generic‖account. Any applications and desktops published to the generic user will beaccessible without a login. The generic user credentials are configured in theclient HTML parameter line as /USER and /PASS.HINTWhen using generic users, to ensure single sign-on between WebConnectand the Terminal Server, ensure that the generic user also has an accounton all Terminal Servers (same username and password).User Object Properties: To Define or Not?When to Define User SettingsSpecific users who need different settings from the others in their group musthave user-defined settings. When user groups are fairly heterogeneous, andusers need unique configuration, define settings in the PowerTerm Useraccount and create notes using the Memo function. User defined settingshave the highest precedence and will follow the user regardless of its groupassignments.When to Inherit Properties from Groups/ServerIf users have no properties explicitly defined, simply add them to a group andthey assume the properties of the group. Defining settings at the Group levelwill reduce administrative overhead and settings only need to be defined for afew groups rather than many users.HINTDirectory Services users should be configured inherit settings from itsDefault Group and the Server.91

11. DEPLOYING APPLICATIONS ANDDESKTOPS WITH TERMINAL SERVICESOverviewThe RemoteView component of PowerTerm WebConnect enables access tosessions running on Windows Terminal Servers or any desktop accepting RDPconnections. Use RemoteView to connect to Microsoft Terminal Servers (2003or later), Citrix XenApp (with RDP mode enabled), and Windows basedworkstations accepting RDP connections. Two protocols are available forRemoteView connections: RDP and Blaze (accelerated RDP). Two modes ofaccess are available:Full Desktop – the user connects to the entire remote desktop of thehost. This mode is useful for these scenarios:oooEnd users connecting from a thin client to a remote desktop todo all work.End users connecting to a remote desktop that is locked downand regulated by the corporate IT department.Administrators connecting to a server to manage it.Seamless windows – the user only sees the application that is selected,without the entire desktop. Seamless applications are useful when:oooEnd users only need access to a specific applicationAdministrators want to hide the remote desktop and restrictaccess to certain OS functions on the host (i.e., restarting theserver).PowerTerm Terminal Server Agent must be installed on anyTerminal Servers that will be used with PowerTerm WebConnectSeamless windows.NOTE Seamless windows are not available for 16 bit applications.Ericom Terminal Server AgentThe Terminal Server Agent (TSAgent) must be installed on every TerminalServer that will be managed by PowerTerm WebConnect. The behavior of theTSAgent can be modified using settings in the registry or via PowerTermWebConnect environment variables. Some values can be defined only usingthe registry, some only using environment variables, and some using both.The order of precedence is:92

Registry under HKEY_CURRENT_USER \SOFTWARE\EricomSoftware\PtTSAgent (highest)Registry under HKEY_LOCAL_MACHINE\SOFTWARE\EricomSoftware\PtTSAgentPTWC environment variable at user levelPTWC environment variable at group levelPTWC environment variable at connection levelPTWC environment variable at server level (lowest)NOTE On x64 servers, the Ericom PtTSAgent key is underHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EricomSoftware\PtTSAgentEnv VarNameReg NameRegTypeDefault ValueDescription- LogLevel DWORD 0 Logging flagsbitmask:1 – events2 – msgs sent4 – msgsreceived8 – debug- LogFolder String %USERPROFILE% Location wherelog is written. Logis alwaysPtTSAgent.log- LogUser String ―‖ Logging only forset userRDP_RedirectSchemesRedirectSchemesString ―‖ A delimited list ofprotocols toredirectRDP_RedirectExcludeRDP_ScriptFolder- String ―‖ Domains and IPranges to excludefrom redirection- String .\Scripts Folder of eventscriptsRDP_SkipSta SkipStartu DWORD 0 Set to 1 to skip93

tup p Windows startupsin True SeamlessRDP_LogoffDisconnectedRDP_LogoffDelaySecondsLogoffDisconnectedLogoffDelaySecondsDWORD 0 Set to 1 to logoffdisconnectedsessionsDWORD 300 (5 * 60) How quickly toend a TrueSeamless session(min value = 30)- NoLoadBalancerAgent- LoadBalancerAgentPortDWORD 0 Set to 1 to notconnect to localLB AgentDWORD 4040 Port to connect tolocal LB AgentRDP_PerformanceFlagsRDP_BehaviorFlagsPerformanceFlagsBehaviorFlagsDWORD 0 Performance flagsbitmask:1 – higherpriority forforeground app2 – make seethroughwindowsopaqueDWORD 0 Behavior flagsbitmask:1 – Don‘t disablescreen-saver2 – Change bringwindow toforegroundbehaviorRDP_MacFlagsMacFlags DWORD 0 Mac client flagsbitmask:1 – No windowshadow0x10000 – hidebackgroundowned windows94

Troubleshooting the TSAgentIn the event of problems related to the TS Agent (i.e., seamless windows arenot appearing properly) a debug log is required for Ericom Support todiagnose the issue.To create the debug log, the following Registry keys must be updated:LogLevel – set to ‗F‘LogFolder – by default this key is not present in the Registry andis set to %USERPROFILE%.NOTE To make the log files easier to find, set the LogFolder toC:\Temp\%USERPROFILE%. Make sure that all users being logged havewrite access to C:\Temp or the configured directory.At the point where the problem appears, copy/paste the log and send it toEricom. Ending the log at the point where the problem occurs will expeditethe troubleshooting process. Send the log and a description (i.e., screenshot)of the problem to tech.support@ericom.com.Ericom Remote BrowserThe Application Publishing wizard requires Ericom Remote Browser to beinstalled on at least one Terminal Server. The Remote Browser is a servicethat passes information on browsed files, display names, icons, and linkparameters to the PowerTerm WebConnect server. The Remote Browser isincluded with the PowerTerm TS Agent installer.Session SharingTo streamline Terminal Server license and resource usage, multiple seamlessapplications can share the same RDP session. When sessions are shared, auser does not have to login multiple times to run multiple seamlessapplications. The login process is one of the most resource consumingoperations of Terminal Services and should be reduced where possible, sosession sharing is enabled by default.Session Sharing is enabled when these settings are the same betweenlaunched connections: Server setting, User credentials, and Domain setting.The Connection Type setting of connection is not taken into account.Therefore, if a connection using Direct connection is launched, and thenanother connection defined as Gateway is launched, session sharing is95

performed using the Direct mode (the Connection type of the secondconnection is ignored during Session Sharing).To improve the use of Session Sharing:All Terminal Servers should have the same applications installed.This ensures that the Terminal Server that is already active willhave additional applications that will be launched.The Load Balancer will track which Terminal Servers host whichapplications. If the user selects an application that is not availableon the active Terminal Server, it will be launched using the LoadBalancer‘s selection.The address of the Terminal Server has to be specified in exactlythe same format for all the published applications. This willhappen automatically if the Load Balancer is used.The user has to login to the Terminal Server with the samecredentials (username and domain), specified in the same format.This will happen automatically for published applications that areconfigured to use the PowerTerm WebConnect credentials.The published applications need to have the same Direct/Gatewaysetting.A difference in the Drive Mapping setting does not disable SessionSharing, but this setting is not shared between applications.To disable Session Sharing set the environment variableRDP_DisableSessionSharing to 1.Following SessionsTerminal Server sessions can be configured to ―follow‖ users when they moveto different workstation. This feature is useful for users that need to accesstheir applications and data while roaming to different locations (i.e., doctorsmoving from one patient room to another.) When Following Sessions isenabled, sessions will follow users based on their WebConnect user name.NOTE If the connection is not configured to use WebConnect credentials, and theuser has manually logged on the TS‘s with different credentials, SessionFollowing will not work, and a new session will be opened instead.The feature is configured globally by modifying RDPTerminalSessionFollowMein the Main Configuration file (PtServer.ini). To enable the feature, set thevalue to True (on).The Terminal Server(s) should be configured to Restrict each user for onesession only (this is the Windows default). This is configured in the RDPConfiguration settings.96

PublishingThere are three types of publishing modes. All follow similar steps throughthe publishing wizard; however, some will have more configuration optionsthan others. This chapter will explain how to publish a single application andthen explain which steps to follow for Multiple Application Publishing and FullDesktop Publishing.Publish a single Windows applicationFrom the Administration Tool, select Action | New | Windows Application. Thiswizard will publish one application at a time.Publishing Wizard StepsStep 1: Determine the application publishing targetWhat to PublishApplication – publish an applicationDocument – publish a document, the default application (on thehost) will be used to launch the document.URL – publish a URL, the default web browser (on the host) will beused to launch the document.97

Installation TypePreinstalled – an application that is already installed on a host.Streamed – an application that will be delivered to the host from aMicrosoft App-V streaming serverPublish fromTerminal Server – the host is a Terminal Server (select this)Virtual Desktop – the host is a Virtual DesktopLocal Desktop – the host is the end-user‘s workstation (MicrosoftWindows XP and higher only)oPrefer Local Desktop – the selected application will belaunched from the end-user‘s local desktop. If theapplication is not available on the local desktop, then it willbe launched from the Terminal Server as a seamlessapplication.Step 2: Configure the Application propertiesApplication - Enter the path of the application to be published(i.e., C:\Windows\notepad.exe.)If necessary, configure the Working Directory and Parameterssettings. Parameters are command line values that can be passedto the configured application.98

To assign this application to a sub-folder, enter the Place Icon inFolder name. Sub-folders are separated with a ‗\‘oEXAMPLE: If the administrator enters―Accessories\System‖, the published application will beplaced in a folder named Accessories and a subfolder underAccessories named System.To select an application using a graphical interface click thebrowse button . This will launch a dialog to connect to aserver running the PowerTerm Remote Browser.oThe Remote Browser will display applications available viathe Terminal Server‘s Start Menu. After selecting thebrowse button enter the Terminal Server's IP address andPort number of the system running the Remote Browser.oAt the application selection dialog, either navigate to theapplication by clicking on a drive letter or select theapplication from the Programs menu.ooAfter selecting an application, all relevant files will beautomatically completed.EXAMPLE: Resulting screen after selecting MicrosoftWindows Media Player:99

Step 3: Set Extensions redirection for the applicationWhen a user launches a local file with an associated published extension, thepublished application will be used to open the file. To configure extensionredirection, select all desired extension formats and check Overwrite LocalDefinitions. This feature is only available from Windows-based clients.NOTE Checking Overwrite Local Definitions will overwrite the definitions for thatfile extension if it exists on the local system. This behavior may notalways be desired when publishing applications (such as Microsoft Word).For example, users working from a home system may not want tooverwrite the local definitions if they cannot save files from the publishedapplication back to their local hard drive.100

Step 4: Set User AccessShortcut icons for the published application will be placed in the locations thatare checked.Desktop – Places published shortcut icon on the end-user‘sdesktop.Start Menu - Places published shortcut icon on the end-user‘sStart Menu, under a folder named PowerTerm Application Zone.Start Menu/Programs - Places published shortcut icon on the enduser‘sStart Menu, under the Programs folder.To use a custom icon, click Choose Icon and select the desiredicon. Select Browse to display icons from a different file.Step 5: Set Appearance PropertiesThe dialog sets appearance characteristics of the published application.101

Color Quality – sets the desired color depth of the publishedapplication.NOTE When Session Sharing is enabled, the color depth of the first applicationlaunched is used. Subsequent applications will use the first application‘scolor quality regardless of its own setting. To ensure that a certain colorquality is always used, disable Session Sharing.Seamless typeooPrefer Microsoft Seamless – where possible, use Microsoft‘sseamless engine. If not available, Ericom‘s seamlessengine will be used. Microsoft‘s seamless requiresWindows XP SP3 or higher on the client end and WindowsServer 2008 or higher on the Terminal Server.Always Use True Seamless –uses Ericom‘s seamlessengine.NOTE Ericom Seamless does not support systray icon redirection for publishedapplications (i.e., Communicator systray will not appear in the localsystray). Ericom Seamless is generally more stable than MicrosoftSeamless.oWhen running applications that require administrativeprivileges on Vista / 2008 / 7 / R2 an elevation screen isdisplayed. Microsoft seamless will display the elevationscreen for the first application in the session if it isrequired. However, it will not display the elevation screenfor other applications in the same session (where sessionsharing is enabled. Ericom True Seamless will properlydisplay the elevation screen for any application launchedduring the session. For this reason it is recommended touse Ericom True Seamless when publishing applicationsthat require elevation.Run mode determines the state of the window when theapplication is first launched. Available settings are: Normal,Maximized, Minimized.102

Step 6: PerformanceConnection speed - choose the value that matches the slowestconnection on the network. This will automatically determine theoptimization settings. Preset settings can be manually adjusted.Windows Drag Behavior - Select Show outline only for betterperformance (since window content is not displayed duringdragging, there is less network overhead.)Enable Ericom Blaze – Check this setting to enable Ericom BlazeRDP WAN acceleration (see chapter on Ericom Blaze). Select thedesired Blaze setting from the drop down menu.Step 7: RequirementsThis dialog sets redirection settings of local resources. Resources available forredirection are sound, printers, serial ports, Smart Cards, and disk drives.NOTE Ericom Blaze 1.4 does not support Serial Port and Smart Card redirectionStep 8: Set the Connection TypesThe most commonly used connections types are explained on the dialog box.The Advanced setting presents a list of built-in and custom Connection Pointsthat can be used as the connection type for the published resource.The Smart External setting is not commonly used. When this setting isenabled, clients on the internal network (same subnet as the PowerTermWebConnect server) will use Gateway mode, while clients connecting fromexternal locations will use Direct mode.103

Step 9: Set the Server sourceUse all Servers (default) – the published application will belaunched from any Terminal Server managed by the LoadBalancer. Ensure that the application is installed properly on eachTerminal Server configured under the Load Balancer.Specify Servers - select from a list of servers available in the LoadBalancer. Only selected servers will be included as part of theload balancing process.oSelecting Show only servers with this application will showthe servers where the application is installed.To bypass the Load Balancer, select Specify and enter the addressand port number of the desired Terminal Server to launched theapplication from.104

Step 10: Select Owner(s) for the published application.The Owners dialog assigns the connection to users or groups. The user andgroup may be a PowerTerm WebConnect object or Directory Service object.To assign the connection to a Directory Service object, click theAdd/Remove Objects button.NOTE Ensure that the Directory Service is properly configured or an errormessage will be returned:ooooThe Add/Remove Objects dialog will appear. Navigatethrough the domain and select the desired objects to add.Click the Show users setting to display users under aselected OU. Click the Add button to add selected objects.Click Close when complete.Once Directory Services objects are selected, thePowerTerm Owner will automatically change to DirectoryServices Access Only.Applications may be published to OUs, Groups or Users.Groups may be members of one or more Groups, whereasOUs may belong to only one OU.To assign the connection to a WebConnect Owner, click theChange button. Select the desired WebConnect object to assignas the owner (only one per connection).105

Step 11: Set the Execution RulesExecution Rules limits how many instances of the published application can berun (also known as application limiting). This is useful in preventing morethan allotted licenses of a certain application from being launched.Click Edit Rules to create or modify rules.Click Add to add a new ruleConfigure the ruleo Executable: enter the executable to be managedo Mode: enter the criteria used for countingo Limit: enter the limit of running processes/usersTo apply the rule, select it from the drop down list and clickNext/Finish to continue.Step 12: InformationThe Information screen displays a summary of the configuration. Click theAdvanced button to configure advanced functions for the connection. Bydefault, the user‘s credentials and password are passed from ptagent to theremote host (i.e., Terminal Server). Passing of credentials can be modifiedunder the Advanced dialog.106

To disable credentials pass-thru from ptagent, uncheck UserWebConnect User Credentials.oTo pass predefined credentials, enter the desiredusername/password.To disable the passing of the Domain information, uncheck UserDefault Domain.oTo pass a predefined domain, enter the desired domainname.To disable the connection uncheck EnableEnter any environment variables that will be specific for thisconnection.Click Finish and the published application will automatically appearin the Connection list and in the Application Zone for any activeuser that has access to the published resource.Publish Multiple Windows applicationsThis wizard will publish multiple applications at the same time. Use thisfeature to save time when publishing similar applications (i.e., applicationspart of the Microsoft Office suite).Step 1: Select the Browsing SourcePreinstalled – applications that are already installed on a host.Streamed –applications that will be delivered to the host from aMicrosoft App-V streaming server107

Upon selecting Preinstalled Application, an application selection list will bedisplayed. Select the applications to be published and click Next to continue.The wizard will display these steps from the Publishing a Single Applicationsection: 4, 5, 6, 7, 8, 9, 10, and 12.Publish a Full DesktopThis wizard will publish a Full Desktop session. To begin publishing selectAction | New | Remote Windows Desktop.108

Step 1: Enter the Target and DescriptionName Displayed – this is the name for the desktop connection thatwill be displayed to the user.Place Icon in Folder - To assign this application to a sub-folder,enter the Place Icon in Folder name. Sub-folders are separatedwith a ‗\‘.Terminal Server – select this to publish a desktop session from aTerminal ServerVirtual Desktop – select this to publish a desktop session from aVirtual DesktopThe Remote Desktop wizard will display these steps from the Publishing aSingle Application section: 4, 5, 6, 7, 8, 9, 10, and 12.URL RedirectionURL redirection is a feature that intercepts URL requests on the TerminalServer, and redirects that request to the client device running RemoteViewand ptagent.NOTE When a user clicks a URL in a document running on a Terminal Server, bydefault the browser would be launched from the Terminal Server. WithURL redirection enabled, the browser will open on the client device instead.109

Step 1Step 2Step 3• User Selects URL in a published resource• URL Request Intercepted by the TS Agent• URL is sent to the user's device to belaunched locallyUse URL redirection to:Reduce server load - running the browser on the client offloadsthe resource usage from the server. This is especially useful forweb pages that contain streaming video or audio.Improve performance - Data streams flow directly between theclient and URL source. RDP (which is not ideal for streamingcontent) is bypassed.Allow access - The Terminal Servers may not have access to thedesired content. Some types of content downloads may be moreappropriate for the client rather than the server (i.e., downloadedmusic files).Better security – Prevent malicious web content from beingdownloaded onto the Terminal Servers.ConfigurationAny URL type may be redirected. A URL is a standard method to denoteresource locations, and has the format: host/resource-pathURL Redirection supports the following schemes:httphttpsftptelnetgophernewsnntpmmsHyper Text Transfer Protocol (web content)Hyper Text Transfer Protocol Secured (via SSL)File Transfer ProtocolOpen an interactive terminal window with a telnet serverFile transfer with gopher server.Usenet newsgroupsUSENET news using NNTPMicrosoft Multimedia Messaging Service110

tspitmsReal Time Streaming ProtocoliTunes Music Store (Apple Music downloads)By default, URLs are not redirected. In order to enable redirection, theRDP_RedirectSchemes Environment Variable must be defined on thePowerTerm WebConnect server. This Environment Variable contains adelimited list of the schemes to redirect. Only URLs that uses schemesspecified in RDP_RedirectSchemes will be redirected. RDP_RedirectSchemescan be defined for a specific user, a group of users, a connection, or the entireserver. To redirect all types of URLs enter all for RDP_RedirectSchemes.Excluding a URL from redirectionIn some cases certain URL‘s should not be redirected (i.e., an intranet site).Add an Environment Variable RDP_RedirectExclude to specify which URLsshould be excluded. RDP_RedirectExclude is a delimited list of the hostaddresses to exclude.Host names specified in RDP_RedirectExclude are compared to the URLaddresses from right to left (i.e., if "ericom.com" is specified inRDP_RedirectExclude it will match http://ericom.com, but alsohttp://www.ericom.com and ftp://ftp.ericom.com).IP addresses are compared left to right so 126.0.1 will matchhttp://126.0.1.10 and also http://126.0.1.20.NOTE Exclusion based on IP address is performed only if the IP address isexplicitly specified in the URL. IP Exclusion is not performed if the hostname is used in the URL instead of the corresponding IP.Restrictions and LimitationsURL Redirection is only available with RemoteView. Redirection has beenverified to work with Microsoft Internet Explorer on both the Terminal Serverand the client.Installing a web browser or mail client on the Terminal Server after theTerminal Server Agent has been installed may disrupt the redirectionmechanism. In such a case, uninstall both the Terminal Server Agent and thenew browser or mail client and reinstall the new browser or mail client beforethe Terminal Server Agent.Restricting the user from making any changes in the registry on the TerminalServer, even in HKEY_CURRENT_USER, may cause the redirection mechanismto redirect every URL, regardless of the values in RDP_RedirectSchemes andRDP_RedirectExclude. (For standard Windows configurations, even restrictedusers have permissions to modify certain sections of the registry).111

Exclusion based on IP address is performed only if the IP address is explicitlyspecified in the URL. Exclusion based on IP address is not performed if a hostname is used in the URL, even if the host name maps to the configured IPaddress.The redirection mechanism does not verify that the client supports aparticular URL type or has Internet connection. Before redirecting a URLensure that users will have access to it from their local devices.URLs that are opened inside an application‘s browser control or using InternetExplorer's COM interface will not be redirected.Viewing Application Publishing PropertiesTo view the properties and status of a published resource on PowerTermWebConnect - double-click the desired connection (published application ordesktop) from the Connections view. The Application Properties dialog will bedisplayed. The Application Properties dialog will display all settings that wereconfigured during the publishing wizard (i.e., Display Name, type ofconnection, the host source, etc.)Microsoft App-V IntegrationPowerTerm WebConnect supports application streaming and applicationvirtualization through tight integration with Microsoft App-V. PowerTermWebConnect enables easy publishing of App-V packages and supportsstreaming to end-point devices, Terminal Servers, virtual desktops and BladePCs. The packaged applications can be launched from a web interface(Application Portal), a rich client interface (Application Zone), and fromDesktop and Start Menu shortcuts.PowerTerm WebConnect enhances App-V with features such as two-factorauthentication, desktop integration with remote clients, centralizedmanagement, usage reporting and remote support.PowerTerm WebConnect supports Microsoft App-V 4.5. For more informationabout Microsoft App-V visit:http://www.microsoft.com/systemcenter/appv/infrastructure.mspxRequirementsThe App-V Client must be pre-installed on the Terminal Server orend-user system running the streamed application. PowerTermWebConnect does not deploy or update the App-V client.Configure the App-V client with Add Applications permission for allmachines (Properties | Permissions tab of the App-V client).112

Verify that App-V is working properly by itself before integratingwith PowerTerm WebConnect. This will make it easier to identifyand resolve App-V specific issues.App-V Client Configuration on Terminal ServersPerform the following when planning to stream applications from App-V toTerminal Servers. Streaming applications to Terminal Servers expeditesdeployment and standardization of applications.Once the App-V client is installed, define the publishing servers.Applications that appear in the Applications list of the App-V client will bestreamed to the Terminal Server ready for publishing and usage.Associations are published in one of two ways:113

1. Defining a Publishing Server and configuring App-V client to poll theconfiguration (upon user login / auto-refresh interval)2. Defining a Publishing Server and configuring App-V server to push theconfiguration (upon user login / auto-refresh interval)File associations that were created during the App-V sequencing process willbe automatically updated on the Terminal Server.On the client-side machine, it is also possible to update the clients fileassociations to launch the published application when a user double-clicks ona local file. This is achieved by setting the required file associations duringthe publishing wizard.App-V Client Configuration on End User SystemsStreaming applications to the end-user‘s device expedites standardization ofapplications and may result in better performance.When working in this manner, the App-V client MMC GUI will be in read-onlymode: no shortcuts are created and file associations are managed by the App-V client. This ensures that there will be no conflicts with PowerTermWebConnect. Publishing servers do not have to be defined.114

Configuring the App-V Server in PowerTerm WebConnectOpen the Administration tool and go to Server | Streaming. There are threeoptions:Configure App-V Database Connection: opens Windows ODBCwizard for configuring the connection string to the App-Vdatabase. This setting will be saved into the PowerTermWebConnect server environment variableAppV_DatabaseConnectionString.Refresh App-V Package List: forces an immediate refresh with theApp-V databaseAuto Connect to Database: If enabled, the connection (and theretrieval of the package list) will be performed automatically eachtime the application publishing wizard is opened.NOTE PowerTerm WebConnect Administration Tool must have network access toApp-V database in order to view the available packages and publish App-Vapplications.Select Configure App-V Database Connection and enter the parameters forthe App-V server. Expand the options section and select the name of yourApp-V database (the default is ―APPVIRT‖). Once the server is configured, theAppV_DatabaseConnectionString will be automatically populated.115

Publishing an App-V applicationUse the Administration Console‘s publishing wizard to publish an App-Vapplication.At Step 1, select Streamed Application and select Microsoft App-V. Next, setthe publish source:Terminal Server: the App-V application is streamed to a TerminalServer, which can then be published to the end user.Virtual Desktop: the App-V application is streamed to a virtualdesktop, which can then be published to the end user.Local Desktop: the App-V application is streamed to the end user‘ssystem directly. The streamed application can run in off-linemode, however, PowerTerm WebConnect is required to launch thestreamed application.116

At Step 2, specify the App-V application to be published by selecting from thedrop down list. Click the Refresh button to obtain the current application list.The name for the application will be automatically populated from the App-Vdatabase, what the user will see on the shortcut can be changed by changingthe display name. Enter a subfolder name if desired.If the drop down list is empty, click the refresh button, if this fails check yourApp-V connection settings.At Step 3 a list of extensions will be displayed. The extension list is obtainedfrom the App-V server. This list will only be visible for App-V applications thatare streamed to a Terminal Server or virtual desktop.NOTE App-V applications that are streamed to the Local Desktop have theirextensions managed by the App-V client.Publishing App-V applications require Session Sharing so complete theremaining of the steps of the wizard similarly for all App-V applications.Launching App-V published applicationsLaunching published App-V applications are just like launching TerminalServer based applications. The user simply has to point and double-click thedesired application.Streaming applications to the end-user’s deviceApp-V applications may be streamed directly to the end-user‘s device usingany of the Ericom user interfaces, such as Application Zone. For users whoare working on the internal LAN, applications may be streamed using theRTSP protocol.117

For users connecting over the Internet, configure App-V streaming to useHTTP or HTTPS. If packages were created using RTSP, use the WebConnectvariable RDP_AppV_DefContentPath to override the setting in the App-Vdatabase. The OSD files will need to be manually changed to HTTP/HTTPS.The process of streaming applications from the App-V server to the client isperformed solely by App-V, the PowerTerm WebConnect Gateway is not used.Related Environment VariablesAppV_DatabaseConnectionString – contains the connection string to the AppVDatabase. This value is automatically populated by configuring Server |Streaming | Configure App-V Database Connection.RDP_AppV_DefContentPath (optional) - This allows an administrator tooverride the path specified in the App-V database for OSD files (ignore what isspecified in the App-V database.) This value defines the path to App-Vcontent folder and gives the Administrator the flexibility to override the pathcontained in the existing packages without the need to change them.The variable can be defined using a UNC path, this is the default setting forApp-V known as RTSP (applicable if all users are within the organization) oran HTTP path (applicable for users located outside the organization).For example, setting this to: RTSP://AppV:554/content/ will override thelocation specified in the App-V database and look in the above locationinstead.RDP_AppV_SFT_SOFTGRIDSERVER – When the App-V client is installed, itcreates a variable named AppV_SFT_SOFTGRIDSERVER. This value containsthe name of the App-V server. Once set, this variable is automatically passedto the client when the user logs into Application Zone. By default, App-VPackage Sequencer uses the ―SFT_SOFTGRIDSERVER‖ Windows variableinside the package which represents the address of the streaming server orload balancing device. App-V requires that this variable will be configured onall App-V client machines. This WebConnect variable is the equivalent of theWindows environment variable. RemoteView will set theSFT_SOFTGRIDSERVER variable on all App-V enabled machines for internaland external users. Setting this environment variable requires administratorprivileges.NOTE After this variable is set, the user‘s machine must be restarted.118

12. CONFIGURING POWERTERM LOADBALANCERThe PowerTerm WebConnect Load Balancer is designed to distribute userrequests evenly in an Ericom Terminal Server farm and avoid resourcebottlenecks. The Load Balancer is comprised of three components:PowerTerm WebConnect Load Balancer Server gathers real-timeinformation from the Terminal servers and routes incoming usersrequests to the least loaded server.PowerTerm WebConnect Load Balancer Agent provides the LoadBalancer with resource usage information of the server it isrunning on.PowerTerm WebConnect Load Balancer Administration Consolemanages settings associated with the Load Balancer. All settingsare stored in a XML formatted configuration file(LoadBalancer.xml).Load Balancing Process OverviewStep 1Step 2Step 3Step 4• End-user logs in to PowerTerm WebConnect Server and is authenticated.• Once validated, the user is presented with a list of available applications and desktops availablefrom the Terminal Servers.• When the user selects an application or desktop, PowerTerm Load Balancer will find the leastloaded Terminal server based on information provided by the Load Balancer Agent on eachTerminal Server.• PowerTerm Load Balancer will provide the connection details of the target machine.• PowerTerm WebConnect Server will provide the session attributes.Step 5• The user is connected to the assigned application or desktop using RemoteView.119

InstallationPowerTerm WebConnect Load Balancer is automatically installed with the FullInstallation option of the installer.To install PowerTerm WebConnect Load Balancer Administration Console afterPowerTerm WebConnect Server has already been installed, go to \WebConnect5.X\AddOns\LoadBalancerAdmin\LoadBalancerAdmin.msi.NOTE Microsoft .NET Framework v3.5 SP1 must be installed on the Load Balancerserver. This is also required to use the Load Balancer Admin Tool. .NET 4is not compatible with PowerTerm WebConnectPowerTerm Load Balancer ServerThe PowerTerm WebConnect Load Balancer server runs as a Windows service.By default, PowerTerm WebConnect Load Balancer server listens over TCPport 4010. This can be modified using the command line or XML and cannotbe changed via the PowerTerm WebConnect Load Balancer AdministrationTool.NOTE Load Balancer Administration Console must be closed when updating theXMLThe PowerTerm WebConnect Load Balancer Agent is regularly collectinginformation about the server it is loaded on and reports the gathered data tothe Load Balancer server at a pre-determined interval. If no information isreceived from a Terminal server within a five minute interval, the TerminalServer is classified unavailable in the PowerTerm WebConnect Load Balancer.120

Starting/Stopping the Load Balancer serviceThe PowerTerm WebConnect Load Balancer runs as a service and can bestarted and stopped using the Services MMC plug-in (services.msc).Starting and Stopping the Load BalancerFrom the server running the PowerTerm WebConnect Load Balancer Serverrun services.msc. Next, right-click on the PowerTerm WebConnect LoadBalancer Server, and select the desired operation.121

Modifying PowerTerm WebConnect Load Balancer's PortThe Load Balancer‘s port can be modified under the service‘s properties.Changing the Load Balancer portFrom the server running the PowerTerm WebConnect Load Balancer Serverrun services.msc. Right-click on the PowerTerm WebConnect Load BalancerServer, and select Properties. Modify the Load Balancer's port by entering thedesired port number in Start parameters.Backing up the Load Balancer configurationAll settings are saved into the LoadBalancer.xml file. To back up theconfiguration, simply copy this file to an alternate location. To restore/importsaved load balancer settings, simply copy this file back to the Load Balancerfolder and restart the service.122

Clustering the Load BalancerFor the Load Balancer to operate in Cluster mode, use the Load BalancerAdministration Console to specify the path of the cluster (shared) database.All servers that will use the shared database need Full permissions to accessthe Configuration file path.Configuring the Cluster Path1. Open PowerTerm Load Balancer Administration Tool.2. Go to Configuration | File Location. Under the Actions pane, selectChange File Location.3. Select Specify Path and enter the location of the centrally shareddirectory of the database (XML file).4. Click OK.123

NOTE Cluster mode can only be enabled if the full network path is defined in thePtServer.ptr file; and the PtServer.ini file is defined with the local path tothe license file.If the full network path is defined in the PtServer.ptr file, but thePtServer.ini file is defined with the network path to the license file, thePowerTerm ® WebConnect Server will operate in Failover mode.PowerTerm Load Balancer AgentPowerTerm WebConnect Load Balancer Agent (PtLoadBalancerAgent.exe) isinstalled along with the PowerTerm Terminal Server Agent. PowerTermWebConnect Load Balancer Agent runs as a Windows service and must beinstalled on every Terminal Server that will be part of the Ericom PowerTermWebConnect farm.PowerTerm WebConnect Load Balancer Agent sends resource information tothe Load Balancer Server at least once every 5 minutes, or when there is a5% or greater change in any of the Load Balancing Criteria. All relatedactivity is tracked in the log file (PtLoadBalancerAgent.log). The ten mostrecent logs are saved (named as PtLoadBalancerAgent.bck-XX.log).NOTE A new log is created each time the service is started, or when the log sizeexceeds 1MB.PowerTerm WebConnect Load Balancer listens over TCP port 4020, but theport can be changed either via the command line or via the registry.PowerTerm Load Balancer Administration ToolPowerTerm WebConnect Load Balancer Administration Console(PtLoadBalancerAdmin.exe) is used to view and set all of the Load Balancer'sparameters and attributes.NOTE The Load Balancer Administration Console is an MMC snap-in moduleSTOP The Load Balancer Administration Console is not compatible with .Net 4Using the PowerTerm WebConnect Load Balancer Administration Tool, theadministrator determines the how the balancing criteria is applied across theTerminal Server farm. The Load Balancer Admin Console may be launchedfrom the Start | Programs | Ericom Software | PowerTerm WebConnect | LoadBalancer folder or by click its icon from the Administration Tool.124

Connecting to Load BalancerTo connect to a Load Balancer Server launch the Load Balancer ToolAdministration Console and right-click Load Balancer and select Connect.A Connect dialog will appear.Enter the address and port of the Load Balancer Server and click OK toconnect.Adding Terminal ServersAutomatic DiscoveryPowerTerm WebConnect Load Balancer Server sends broadcast messages toall Terminal servers. If a Load Balancer Agent is running on a server, it willbe detected and added to the PowerTerm WebConnect Load Balancer serverlist if the Automatic search is enabled under Server Search.125

NOTE Clearing the setting will remove any active server from the load balancerlist that was added with the discovery featureTerminal servers that have been found via automatic search will be displayedin blue text, as shown here:NOTE PowerTerm WebConnect Load Balancer broadcasts do not work acrosssubnetsPermanent ModeA server added via automatic discovery can be converted to permanent mode.A permanent server is one that is not managed by automatic discovery. Ifautomatic discovery is disabled, permanent servers will not be removed. If aserver is permanent, but not connected, PowerTerm Load Balancer will try toreconnect every 30 seconds.NOTE Automatically discovered servers cannot be removed manually from the listunless it has been set to Permanent.126

Manually Adding ServersAdditional servers can be manually added to the PowerTerm WebConnectLoad Balancer list by selecting Add. Enter the server address when promptedto add a new server. All manually added servers are permanent mode.If any added server does not have the Load Balancer Agent running, it will bedisplayed as Not Connected.Viewing Server PropertiesDouble click on any Terminal Server in the load balancer list to view itsproperties:Disable LoginsTo prevent logins to any server in the list, highlight the desired server andselect Disable Logins.A Terminal Server that is disabled will be set to Busy and displayed in gray.To enable logins in a disabled Terminal Server, click Enable Logins.127

Removing Manually Added ServersTo remove a server from the load balancer list - highlight the desired serverand select Remove.The administrator will be prompted to confirm removal of the server. SelectYes to remove the server. The server can be added back in the future.NOTE When a server is removed from the Load Balancer, it will also be removedfrom ALL connections that explicitly use it.LoggingThere are two different types of Load Balancer log files:Standard - traces how the different servers connect and disconnect toPowerTerm WebConnect Load Balancer.Verbose - traces all activity on PowerTerm WebConnect Load Balancer, suchas connection history, packet sizes, etc.To enable logging, Launch the PTLB Administration Console and selectConfiguration | Log file. The current log file will be displayed. To change thelogging setting, select Change Log Level.128

PowerTerm WebConnect Load Balancer server generates a log file in thecurrent directory (PtLoadBalancerServer.log). The last ten log files are savedand named PtLoadBalancerServer.bck-01.log, PtLoadBalancerServer.bck-02.log etc.NOTE Every time the service is started or the log size of 1MB is reached, a newlog is created.Optimizing the Load BalancerOnrush BlockingWhen a fresh server is brought online into a load balanced environment, thetendency is to send all user logins to the new server as it is the least loaded.The onrush of logins will overwhelm the new server and cause a "black-hole"effect. An onrush situation is where users will be unable to connect to theTerminal Server, and the server may even crash.To avoid onrushing, PowerTerm WebConnect Load Balancer can be configuredto only allow a specific number of clients to connect during a set interval.This will balance the amount of logins directed toward any specific server andeliminate access problems associated with onrush activity.129

Configuring Onrush BlockingSelect Criteria from the Configuration menu and select Change OnrushBlocking. Enter the values for the total amount of users that can connectduring any given interval.Setting the Balancing CriteriaThe Balancing Criteria is a set of parameters that defines the most eligibleTerminal Server for user access. To change the criteria calculation go toConfiguration | Criteria | Change Calculation Definitions.Built-In Load Balancing OptionsValueMemory Driven(default)CPU OnlyMemory OnlySessions OnlyDefinitionMemory is given the most emphasis among the criteriaCPU is the sole emphasis among the criteriaMemory is the sole emphasis among the criteriaThe number of sessions is the sole emphasis among thecriteriaCustom Balancing ConfigurationThe administrator can decide (by adjusting the two bars) what percentage ofthe Memory, CPU and Sessions will be used to set the load balancing criteria.130

The Memory Limit for Calculation balances the memory calculation between allTerminal Servers. If one server has a much more memory than others in thelist, this setting does not give it an advantage over the other servers. Thisvalue is substituted for the machine's memory size when calculating theserver's rank. The result is better user distribution between all listed servers.Setting the Server Exclusion CriteriaA server is disqualified from user access if it exceeds any of the specifiedvalues in CPU usage or Sessions, or does not reach the required AvailableMemory level. This is in contrast to the Balancing Criteria which determinesthe eligibility of a server to accept requests.Configuring Server Exclusion CriteriaSelect Configuration | Criteria | Change Exclusion Criteria.Specify the CPU usage (in percentage) that when exceeded will disqualify theserver from receiving user connections.Specify the minimum Available Memory (in MB) that when reached willdisqualify the server from receiving user connections.Specify the Concurrent Session count that when exceeded will disqualify theserver from receiving user connections.131

Configuring Agent Sampling SettingsThe Load Balancer Agent on each Terminal Server collects sampling data(CPU, Memory, or Number of Sessions) for transmission to the Load BalancerServer. An average of these samplings is calculated for the specified durationof the Sampling Period.Configuring the Sampling SettingsSelect Configuration | Criteria | Change Agents Settings. Specify the amountof time (in seconds) in for sampling period on which the average will be basedon.Configuring the Notification ThresholdThis is the percentage in the server's criteria that must change (between theprevious and current sampling) before a notification is sent to the LoadBalancer server. If there is a significant change in the Threshold percentagesince the last sampling period, a notification is sent to the Load Balancer.NOTE If no notification is sent within five minutes from a Terminal Server, theLoad Balancer Server will classify it as unavailble.132

13. DEPLOYING DESKTOPS WITH VDIPowerTerm WebConnect DeskView is the built-in VDI connection broker forusers to access remote desktops over PowerTerm WebConnect. WithPresentation Virtualization, all users have access to applications and desktopson a multi-user operating system provided by a Microsoft Terminal Server.Desktop Virtualization is the concept of delivering applications and desktopsfrom a dedicated (private) operating system hosted on virtual machines andphysical machines. The connection broker grants each user access to his orher own desktop session. Each session is an isolated environment, so, if afailure should occur on one machine (physical or virtual) it will not affect anyof the other machines. DeskView also provides the ability to create custompools of desktops for flexible deployment possibilities.PowerTerm WebConnect DeskView consists of the following components:PowerTerm WebConnect DeskView Server is the connection brokerservice that interfaces between PowerTerm WebConnect Serverand the servers hosting the desktops.PowerTerm Connection Broker Administration Console is theadministrative interface for configuring PowerTerm WebConnectDeskView Server.PowerTerm WebConnect Server provide necessary functions forDeskView related to licensing, authentication, and publishingcharacteristics.DefinitionsPoolDeskViewVirtual DesktopEricom ToolsPCoIPA collection of desktops with similar traits (i.e., similarapplications installed on each, same OS, etc.).PowerTerm WebConnect‘s built-in connection brokerAny instance of a user workstation. This can be a VMWarevirtual machine, Hyper-V virtual machine, ParallelsVirtuozzo container, PCoIP desktop, etc.An agent that is installed on each virtual or physicalmachine. It communicates with the DeskView server.PC over IP protocol by Teradici133

Getting Started with VDIStep 1Step 2Step 3Step 4Step 5Step 6Step 7• Verify that Requirements are met• Install PowerTerm WebConnect Full Option• Launch the Connection Broker Admin Tool• Configure the DeskView settings (i.e., directory service)• Add Hosts• Install Ericom Tools on desired virtual desktops• Add and configure Pools• Assign entitlements to Pools and desktops• Instruct users on how to login from Application Zone, Application Portal, or PCoIPclient• When the user selects a pool, DeskView will connect the user to an assigned desktop• Connection Broker Admin Tool: make changes to pool and entitlement settings• PowerTerm WebConnect Admin Tool: make changes to publishing and Blaze settingsPowerTerm Connection Broker Administration Tool, is used to configuresettings related to VDI and managed systems (including PCoIP devices). Thisconsole manages the PowerTerm WebConnect DeskView service. Use thisconsole to manage functions related to user entitlements, virtual desktopconfiguration, and PCoIP device administration.PowerTerm WebConnect Administration Tool, manages publishing ofapplications and desktops. Manual deployment of VDI pools may beperformed using this tool.RequirementsThe server hosting DeskView and PowerTerm WebConnect must be runningWindows 2003 or higher. 800 MB of free hard-disk space must be allocatedto PowerTerm WebConnect Server and 256 KB of RAM for each active sessionMicrosoft .NET Framework v3.5 SP1 must be installed on thePowerTerm WebConnect server.STOP .NET 4 is not compatible with PowerTerm WebConnectFor Web Portal Access: Enable IIS role on the server134

The server‘s Computer Browser service must be running.For VDI: Connection and login information for desired hypervisorsInstallationPowerTerm WebConnect DeskView is automatically installed with the FullInstallation option of the PowerTerm WebConnect installer.To install DeskView manually after PowerTerm WebConnect Server hasalready been installed, go to \WebConnect 5.X\AddOns\DeskView VDI and runDeskViewServerSetup.msi and DeskViewAdminSetup.msi.Ericom ToolsEricom Tools (VmAgent) is an agent that is installed on each virtual orphysical machine. It communicates with the DeskView server and relaysimportant information about the machine‘s status. Once Ericom Tools isconfigured and running, use the Connection Broker Administration Console toverify that the Ericom Tools status is Connected. Once Connected the virtualmachine will be available for user access.NOTE Virtual machines must be added to a pool in the Connection Broker beforeit can be accessed by end-users.Windows Virtual Desktop ConfigurationRequirementsOperating Systems Supported: Windows XP and higherEricom Tools Installer Package Files: The latest Ericom Tools for Windowspackages can be downloaded from the AddOns folder: \Program Files(x86)\Ericom Software\WebConnect 5.7\AddOns\DeskView VDI32 bit operating systems: EricomTools.MSI64 bit operating systems: EricomTools_64.MSIInstallation InstructionsRun the Ericom Tools MSI on the virtual desktop. Enter the address of thePowerTerm WebConnect DeskView server. Ericom Tools for Windows can alsobe deployed centrally from the Administration Console if the followingconditions exist:The IP address of the virtual desktop is detected by DeskView135

The Domain administrator account configured under DeskView hasaccess to install applications on the virtual desktopCentralized DeploymentEricom Tools can be deployed to any virtual desktop using the ConnectionBroker Administration Console. Right-click the desired virtual desktop andselect Install Ericom Tools. Ericom Tools can only be deployed centrally if theIP address of the virtual desktop is recognized by the broker and the domainadministrator (configured under Options | Network tab) has rights to installapplications on the local desktop.HINTIf the virtual desktop is not part of a Domain, the domain administratormay not have access to install applications.Linux Virtual Desktop ConfigurationRequirementsOperating Systems Supported:Ubuntu Desktop 8.04 and higherRedHat Enterprise 5 and higherFedora 10 and higherCentOS 5 and higherGnome or KDE Window Managers – One of these are required on the LinuxDesktopPCoIP or XRDP connectivity to the Linux desktop is required.PCoIP is a proprietary protocol created by Teradici. It allowsgraphics-rich desktop connectivity from Teradici clients to theLinux Desktop. PCoIP requires proper hardware support on boththe host and client.XRDP is an Open Source RDP server implementation created bythe xrdp project at SourceForge. For more information visit:http://xrdp.sourceforge.net/. Please see ―Installation Instructions‖in the next section for instructions on how to install XRDP.scrot or import – Either scrot or import is required. These applications are usedby Ericom Tools for Linux to take screenshots of the Linux desktop session andthen send them to the Connection Broker for remote monitoring purposes.Ericom Tools Installer Package Files: actual names may differ in version andrelease numbers. The latest Ericom Tools for Linux packages can bedownloaded from the AddOns folder: \Program Files (x86)\EricomSoftware\WebConnect 5.7\AddOns\DeskView VDI136

Ubuntu Ericom Tools Installer - etl0.2.3-1ubuntu1_i386.debRedHat Enterprise, Fedora, or CentOS - etl-0.2.3-1.i386.rpmXRDP Installation InstructionsUbuntu (9.04 and above):$ sudo apt-get install tightvncserver xrdp$ sudo update-rc.d xrdp defaults$ sudo /etc/init.d/xrdp startUbuntu (versions under 9.04):$ cd /tmp$ sudo apt-get install tightvncserver$ wget ftp://linuxvmagent:linuxvmagent@ftp.ericom.com/xrdp_0.4.0-deb.tar.gz $ tar xvzf xrdp_0.4.0-deb.tar.gzNOTE Use of XRDP is governed by GPLv2+, which can be found athttp://xrdp.sourceforge.net$ sudo dpkg –i xrdp_0.4.0~dfsg-3_i386.deb$ sudo update-rc.d xrdp defaults$ sudo /etc/init.d/xrdp startFedora:$ cd /tmp$ sudo yum install vnc-server xrdp$ sudo chkconfig xrdp on$ sudo service xrdp startRedHat Enterprise/CentOS:$ cd /tmp$ wget ftp://linuxvmagent:linuxvmagent@ftp.ericom.com/vnc-server-4.1.2-rpm.tar.gz$ tar xvzf vnc-server-4.1.2-rpm.tar.gzNOTE Use of vnc-server is governed by GPL, which can be found athttp://www.realvnc.com$ wget ftp://linuxvmagent:linuxvmagent@ftp.ericom.com/xrdp-0.5.0-rpm.tar.gz$ tar xvzf xrdp-0.5.0-rpm.tar.gz137

$ sudo rpm –ivh vnc-server-4.1.2-14.el5.i386.rpm$ sudo rpm –ivh xrdp-0.5.0-0.el5.i386.rpm$ sudo chkconfig xrdp on$ sudo service xrdp startInstalling Ericom ToolsUbuntu:$ sudo dpkg -i etl0.2.3-1ubuntu1_i386.debRedHat Enterprise, Fedora, CentOS:$ sudo rpm -ivh etl-0.2.3-1.i386.rpmPlease run /etc/etl/postinst$ sudo /etc/etl/postinstEricom Tools Initial Configuration (Gnome Example)After the installation of Ericom Tools, the administrator will be prompted forinitial configuration. The questions below will be displayed, sample answersare in bold.This will install Ericom Tools for GNU/LinuxPress `Enter` to continue and Ctrl+C to cancelOriginal Gnome Display Manager Configuration backed up to /etc/gdm/gdm.confcustom-backup.etlWhat Display Manager do you use? On Ubuntu the default is GDM, but you may berunning KDM as well.Hit `g` + `Enter` for GDM, `k` + `Enter` for KDMg Registering with GDM...Enter Server's IP address:10.0.0.1Enter Server's Port (just hit 'Enter' to use the default 4045):This program runs as daemon - you need to reboot this machine in order to startit.Do you want to reboot now? Hit `y` + `Enter` for yes, anything else to cancel:y 138

The table below describes the configuration options for Ericom Tools for Linux.This file is located in the path /etc/etl/etl_config.cfg. If the file is notavailable, it can be generated by running the script /etc/postinst.Parameter Name Description Default ValueCommand used by the Ericom Tools toConnectCommand detect remote user connections.netstat -antp | grepXvnc | grepESTABLISHED | wc -lDebugLevelKeepaliveListenerIPListenerPortServerIPServerIPSecondServerPortUseScrotUseSysEventsUserTimeOutVNCCommandxdmstartxdmstopDisplay information about the program.Values range from least information to the 0most information. Range: 0..2Amount of time in seconds to send theDeskView Server keepalive packet. 15The IP address where Ericom Tools isinstalled. Do not modify. 127.0.0.1The port used to communicate with theDeskView server 4045The IP address of the DeskView serverThe IP address of an alternate Deskviewserver. This is used for failover.Determined UponInstallationDetermined UponInstallationThe port used to communicate with theDeskView server 4045Enable the use of the scrot program tosend screen shots of the desktop to the 0DeskView server. If the value is 0, theapplication will use Image Magick'sdisplay command. One of theseapplications must be installed separatelyfor the screen shot feature to besupported. Range: 0..1Set to 1 if user console and ssh remotelogins should count as occupying the 0Linux Desktop. Range: 0..1The length time in seconds to allow auser to be idle before automatically 0terminating the user's session. A value of0 disables this feature.The command to run for VNC support.(Not yet supported.)x11vnc -q -bg -passwdThe command to run to start the WindowManager upon logging into the LinuxDesktop.The command to run to stop the WindowManager upon logging off the LinuxDesktop.Determined UponInstallationDetermined UponInstallation139

Connection Broker Administration ToolThe DeskView Connect Broker Administration Console is an MMC snap-inmodule used to manage the connection broker settings.Connection Broker Admin Console PanesNOTE All objects under Managed Hosts and Pools will be listed alphabetically.PaneToolbarHosts/PoolsHosts/DesktopsActionPropertiesDescriptionWindow pane functionsTree view of available hosts and poolsDetailed view of configured hosts and virtual desktopsList of available actions for selected objectDisplays Properties associated to the selected objectHosts/Desktops PaneRight click on the Status bar to select settings to displayColumnNameUnique IdentifierDescriptionThe desktop‘s nameA unique ID assigned to the desktop140

Power StateThe status of the desktop‘s power stateRunning, desktop is activeStopped, desktop is currently in a stopped statePaused, desktop is currently in a suspended stateMissing, desktop is not found on the host.Ericom ToolsUserIP AddressDNS NameOperating SystemLogin StatusLogin UserHostHost TypeStateMAC AddressOwnersCurrent ActionDisplays status of Ericom Tools agent.Running, Tools are activeDisconnected, Tools were previously connected, but iscurrently disconnected.Unknown, Tools never connected.Active user of the desktopThe desktop‘s IP addressThe desktop‘s DNS addressThe desktop‘s operating system typeUnknown, the information is not foundDisplays the desktop‘s user status.Logout, the user is logged out.Connect/Disconnect, the user is logged in andconnected/disconnected.Only available when Ericom Tools is installed.Last logged in userOnly available when Ericom Tools are installed.Displays the name given to the host.Displays the virtualization host type.Displays status of the desktop on the virtualizationhostConnected, the desktop is foundDisconnected, the desktop is not found (may bedeleted)MAC address of the desktopDisplays current owners of the desktopDisplays any current actions that are applied on the141

desktop by DeskViewMore…Show dialog to configure the columnsProperties PaneFieldGeneralEntitlementsSystem InformationMachine ResourcesRecent TasksDescriptionDisplays the desktop‘s detailsDisplays the users/MACs/computers that have beassigned to this desktop.Displays the system detailsDisplays the memory and CPU resourcesDisplays tasks applied to the selected object byDeskViewDeskView Server OptionsTo configure settings associated with DeskView Server, right click onPowerTerm WebConnect DeskView and select Options.TabGeneralNetworkLog FilesPCoIPWYSE PluginAdministratorsDescriptionFailover and Refresh Interval Settings.Configure domain administrators. Specify the networksearch range. Enable FTP server.Configure server logging criteria.Configure PCoIP configuration for PCoIP enabled hosts.Enable and configure WYSE Plugin settings.Configure Administrators for DeskViewConfiguring Directory Services in DeskViewDirectory Services must be configured in DeskView to assign user and groupobjects to DeskView-managed desktops and pools. This is also required forPCoIP user/group assignments. Add desired directory services (domains)using the PTWC DeskView Options | Network | General dialog.142

NOTE All VDI assignments are managed using the PTWC Connection BrokerAdministration Console, not the PTWC Administration ConsoleEricom PowerTerm WebConnect DeskView uses Microsoft Negotiate to peekthe security support provider.http://msdn.microsoft.com/enus/library/ms721625(v=VS.85).aspx#_security_security_support_provider_glyWhen PowerTerm WebConnect is running on the same domain that the LDAPserver is running on, Microsoft Kerberos is used. In Kerberos (version 5) thepassword is not sent over network the network at all. Seehttp://msdn.microsoft.com/en-us/library/aa378157(v=VS.85).aspx – this isthe best security protocol on a Windows OS.If the VDI server is not running on a system that belongs to the domain,NTLM or simple binding is used.Managed HostsTo add a VDI host for management by DeskView, right click on ManagedHosts and select Add Host.This will start a wizard to configure a new VDI host.143

VDI Host Selection•Select the type of host to be addedHost Description•Enter a name for the host (see supported platforms)•Enter a description for the host (optional)Host Configuration•Enter the connection parameters for the host•Certain hosts require credentials to connect to themDefault Pool•Set a default pool if desired•A Default Pool contains all machines of its HostSupported PlatformsVMware ESX/ESXiVMware vCenterParallelsMicrosoft Hyper-V R2Microsoft SCVMMConfiguration parametersWeb service address (https:///sdk)Username/PasswordWeb service address (https:///sdk)Username/Passwordhttps://:4646Domain Username/PasswordDomainHost-routed configuration is not supportedDNS/IP of the Hyper-V machineDomain account that can access the hostServer name or IP144

XenServerOracle VMXen based hypervisorsEnomalyServer name or IPRoot username/passwordServer‘s agent URL and Port (https://:8899)Oracle VM Oracle Agent username/passwordDriverTransportsServer AddressUsername/PasswordPortPathExtra Parameters (if any)Web service address (http://:8080/)Username/PasswordHost MenuRight-clicking on a Host will display a menu.NOTE The Host menu may vary based on the type of host selected.Menu itemPropertiesReconnectAdd FolderDeleteRefreshDescriptionOpens the Host PropertiesReconnects to selected hostCreates a subfolder for the host - makes it easier toarrange virtual desktops with similar traitsDeletes the selected hostRefreshes the selected host145

Machine PropertiesVirtual Machine/Desktop specific settings can be set from its Properties page.To access the Properties page, right click on the desired machine/desktop andselect Properties.General tabDisplays status information of the selected machine/desktop. Use this pageto perform the following functions: change the assigned Pool of the machine,Start, Stop, Suspend, Resume, edit Memo, and Enable.EntitlementsDisplays ownership information of the selected machine/desktop. Use thispage to perform the following functions: Remove current user assignment,Add Users, Add Computer, Add PCoIP client, Add MAC Address objects.The Alternative Machine setting assigns an alternate virtual machine/desktopto be the failover desktop. If the primary machine/desktop is unavailable,users will be automatically redirected to the Alternative Machine. Themachine/desktop specified as the Alternative Machine must be contained in aPool, although the user requiring access does not need to be explicitlyassigned to the Alternative Machine‘s pool. The feature is useful for PCoIPusers who need a backup desktop in case of mechanical failure of theirprimary PCoIP host desktop.When the primary host is down upon user connection, DeskView will try tostart it with a wake-on-lan (magic) packet. If the machine is not active after30 seconds, the Alternative Machine will be launched as the failover desktop.System Information and Recent TasksDisplays detailed information on the machines characteristics and past events.Machine ConfigurationA Machine Configuration defines the parameters that will be used in theSysprep process when a virtual desktop is cloned. This enables cloneddesktops to be created with necessary characteristics and settings and starton the network without causing conflicts with existing desktops. MultipleMachine Configurations may be created to serve different purposes.NOTE Ensure that Machine Configurations are only applied on desktops that areproperly licensed and activated. Applying a Machine Configuration on anexpired operating system will cause the Sysprep operation to fail.Step 1: Starting the Machine Configuration Creation ProcessRight click on Machine Configuration and select Add.146

To create a new configuration, select Create configuration from scratch. Anew configuration can also be created using the settings from an existingconfiguration.Step 2: Set the identification parametersEnter the Configuration Name and select the Windows operating system thatwill be used. Three operating systems are available: Windows XP, Windows7, and Parallels Virtuozzo Container.147

Step 3: Set the default name and organizationStep 4: Enter the Windows product key to be used for the clonesNOTE Double check that a valid key is entered hereStep 5: Enter the password for the Administrator accountEnter the current local Administrator password used by the template desktop.This is used to login to the desktop to apply the Sysprep operation.Step 6: Join the desktop to a workgroup or domain148

Step 7: Set the desktops computer nameTwo options are available. Either use the hypervisor‘s name as part of thecomputer name or enter a custom string. The custom string can only be ninecharacters. The suffix of the computer name will consist of a dash and fivedigits. The Computer Name has a maximum of 15 characters.Step 8: Set the time zone for the desktopStep 9: Set the Run Once commandThis is useful where additional commands need to be launched the first timeWindows starts.149

Step 10: Set the Machine Configuration process timeoutThe Machine Configuration process will stop after the specified amount of timehas elapsed.Editing or Deleting a Machine ConfigurationRight click on a Machine Configuration to edit its Properties or delete it.Applying a Machine Configuration to an existing DesktopTo apply a Machine Configuration to an existing Desktop, right click on thedesired desktop and select Machine Configuration.NOTE When applying a Machine Configuration, a Sysprep is performed to thedesktop and certain characteristics are changed (i.e. Computer name).The local Administrator account is also changed. Back up important databefore applying a new Machine Configuration.Select the desired Machine Configuration and continue. Monitor the progressunder the Desktop‘s Recent Tasks.During the Machine Configuration process, the desktop will reboot.NOTE The preparation and Sysprep process can be monitored in more detail byusing to the hypervisor‘s management tool and connecting to the consoleof the target desktop. The configuration process may have halted if anerror was encountered (i.e. invalid Product Key is entered by the MachineConfiguration).150

Virtual Desktop CloningPowerTerm WebConnect DeskView provides a simple interface to cloneexisting virtual machines. Standard cloning and linked cloning are supported.NOTE Hardware based virtual desktops (i.e., PCoIP hosts) cannot be clonedStep 1•Select an existing virtual desktop to be used as the template•Once a machine is set as a template, it cannot be turned on in the futureStep 2Step 3•Install Ericom Tools on the template if it is not present•Verify that the virtual desktop is ready for cloning•Right click on the virtual Desktop and select CloneLinked CloningLinked cloning is only supported with: VMware vCenter, VMware ESX,Microsoft SCVMM, Microsoft Hyper-V, and Parallels. All clones with Parallelsand ESX are linked.Cloning for Parallels does not execute sysprep on the container images.Ericom Tools (VmAgent) will receive a command to add the container to thedomain. When selecting a sysprep configuration – DeskView will only takethe domain information and the name of OS information from the sysprepconfiguration.NOTE: When using linked clones with VMware vCenter it is not possible to use avCenter template as the source image for cloning. Only standard cloningcan use vCenter templates as the source image.Step 1: Starting the Cloning processSelect the desktop that will be used as the template and make sure it is in theStopped state. Right-click on the selected desktop and click on Clone.151

Step 2: Set the parameters for the CloneSet the Base Name; this will be the prefix in the name for everycloned desktop.Set whether this clone operation will be to create a single clone ormultiple clones.Set whether linked cloning will be used. This is on by default.Diff-Disks are used with Microsoft Hyper-V in this example.Step 3: Select the datastore where the clone will be saved to.152

Step 4: Select the Machine Configuration (optional)Click Finish to being the cloning process. Look under the Recent Tasks tomonitor the progress of the clone creation.Once the Clone creation is completed, the status will change to Success.The application of the Machine Configuration may take a few minutes tocomplete. The preparation duration will depend on the amount of resourcesavailable to the new desktop.NOTE The preparation and Sysprep process can be monitored in more detail byusing to the hypervisor‘s management tool and connecting to the consoleof the target desktop. The configuration process may have halted if anerror was encountered (i.e. invalid Product Key is entered by the MachineConfiguration).Remote SharingAny active machine running Ericom Tools is eligible for Remote Sharingsupport. Remote Sharing enables an administrator to connect and shadow adesktop being managed by the Connection Broker Administration Console. Tostart a Remote Sharing session, right click on the desired desktop and selectRemote Sharing.153

Only desktops that are Powered On and have Ericom Tools Connected areavailable for Remote Sharing.NOTE Remote Sharing is based on the VNC protocol. Desktops must have theincoming VNC port (5900) enabled in order to accept Remote Sharingsessions.LoggingAll DeskView Administration console functions are logged in the file namedDeskViewAdmin.log. The DeskViewAdmin.log file is created under the Ericomfolder in the user profile.On Windows 7, 2008, and higher the path will be::\Users\\AppData\Local\Ericom\DeskViewAdminOn Windows XP and 2003 the path will be::\Documents and Settings\\LocalSettings\Application Data\Ericom\DeskViewAdminAll DeskView Server service operations are logged in the file namedDeskViewServer.log. The DeskViewServer.log is created under theDeskViewServer folder where PowerTerm WebConnect is installed.PowerTerm WebConnect Administration Console and VDIPowerTerm WebConnect Administration Console manages a few importantfunctions for VDI sessions.NOTE When PowerTerm WebConnect Administration Console is launched for thefirst time, the Connection dialog is displayed with the user ―Administrator‖.No password is required to login, but this should be changed immediately.NOTE By default, the Administration Console will deny connection attempts fromany system other than the local machine. This is set by the Access LimitMode.154

Change publishing configuration for RDP sessionsVirtual desktops can be accessed via the Application Zone and ApplicationPortal. To change the desktop characteristics (i.e., color depth) modify theProperties of the desktop pool under the Connections list. All publishedproperties are configured here (i.e., sub-folders, icons, redirection settings,etc.)Enable Directory ServicesIn order for PowerTerm WebConnect to work with Active Directory or LDAPbased users and groups, use the Administration Console to link to theDirectory Server. Go to Server | Directory Services and verify that desireddomains are on the list. Click New to add additional domains.Using PoolsPools provide a method to arrange devices into logical groups for assignmentto users. For example, virtual desktops hosting a sensitive HR application canbe added to the HR Pool. The HR Pool is then assigned only to an ―HR‖ groupin the Active Directory. Only users part of the ―HR‖ group will have access tothe HR specific desktops when logging into PowerTerm WebConnect.Creating a PoolStep 1: Creating a PoolTo create a pool, right-click Pools and select Create Pool. The Create Poolwizard will start. Enter a Pool name (this is displayed to end-users) and adescription (optional).STOP The name of Pool is restricted by length (max 9) and by valid characters(no spaces, no underscores...).155

Auto-sizing pool names must not be longer then 15 character and must notcontains some special characters. For example, if a pool is namedSCVMMpool, new virtual machines will be named SCVMMPool_00001,SCVMMPool_00002. Since a Windows Computer name is limited to 15characters, nine characters are allocated for the name and six areallocated to the counter value.Step 2: Specify the Assignment Type and DurationStatic, resources in this pool are manually mapped to users,computers, or PCoIP clients. Each device in the pool must beallocated to a user or device in order for it to be accessed.Dynamic, a free resource in the pool will be assigned to the userwhen the pool is launched. This enables a fixed group of virtualdesktops to be shared among users. Enable Auto-sizing Pools ifdesired (see section on Auto-sizing Pools)Persistent, once the user receives an available resource, it will bemapped permanently to the user until the Administrator resets theassignment.Non-Persistent, the assigned resource is locked during use, butwill be available to the next user once the current user logs off.Users can be allowed to connect to more than one virtual desktopwithin a pool.Step 3: Configure EntitlementsClick Add to browse your directory service for desired users and groups thatwill have access to this pool. Click Add PCoIP Client to assign a specificPCoIP Client to have access to the pool.Step 4: User PrivilegesThis setting will assign configured owners (from Entitlements) to the virtualmachine‘s local Power Users or Administrators group. Select Do not add tobypass this setting.Step 5: AvailabilityHours marked in blue are times where virtual desktops in the pool may beaccessed. To deny access, select the desired hour(s) and click the white boxnext to Deny . Selected boxes will turn white.To allow, access select the desired hour(s) and click the blue box next toGrant. Selected boxes will turn blue.156

Step 6: Not in use stateDeskView can stop or suspend machines that are not in use to make betteruse of server resources. This feature is not available for all host platforms(i.e., managed machines).NOTE The time it takes to connect a user to a stopped or suspended machine willbe longer as the user will have to wait for the virtual machine to power on.Enter a value greater than 0 for Machines in Started state to ensure thatan active machine is always available.Step 7: Logoff/Disconnect EventSimilar to the Not in use state, a Logoff event will stop or suspend a virtualmachine when the user logs off. DeskView can also logoff the user from avirtual desktop if the user has been idle for a set period of time. To set theidle timeout check The guest account will log off box and set the Idle Time.Check the Suspend the machine on disconnect checkbox to suspend thevirtual machine when a user disconnects from the virtual desktop (RDPdisconnect is different than a log off – the session remains active for a periodof time).Step 8: Add MachinesFinally, assign which virtual machines will be a member of the pool. To addvirtual machines, select (highlight) desired machines from the lower list andpress the Addbutton.To remove machines from the pool, select (highlight) desired machines fromthe upper list and press the Removebutton.Click Finish to complete the pool creation process.157

NOTE All machines of the same pool should have very similar characteristics, orbe identical, to maintain a consistent user experience.Auto Resizing PoolsAuto Resizing pools will ensure that enough machines are running at anygiven time. Virtual machines that are generated using an auto-sizing pool willbe linked clones if the hypervisor supports it.NOTE Hardware based virtual desktops (i.e., PCoIP hosts) cannot be members ofan Auto Resizing PoolConfiguring an Auto Resizing PoolDuring the Pool creation process, the Auto Sizing option can be enabled byselecting the checkbox.158

Step 1• Select the template to be used for new desktops• Determine the pool specificationsStep 2• Specify the datastore on the host where newdesktops will be storedStep 3• Select the desktop configuration to be used• Specify how machine machines to create in parallelVirtual Desktop Assignment OptionsA virtual desktop may be assigned to one or more owners. Only owners inthe Entitlements list can access the machine. There are two layers of securityfor virtual desktops: pool level and object level (higher precedence). If thereare no entitled owners listed under the object, the desktop is accessible bythe owners of the pool.Fixed Seating: Assign a MAC address as OwnerThe MAC address of selected computers/devices may be assigned directly to avirtual desktop. This allows a ―fixed seating‖ association where the virtualdesktop may be accessed only from predetermined locations. More than oneclient device may be assigned to any virtual desktop.1. Right click the desktop and select Properties.2. Select the Entitlements tab.3. Click Add MAC Address and enter the MAC address of the clientmachine to assign.Fixed Seating: Assign a DNS Name as OwnerThe DNS Name of selected computers/devices may be assigned directly to avirtual desktop. This allows a ―fixed seating‖ association where the virtualdesktop may be accessed only from predetermined locations. More than oneclient device may be assigned to any virtual desktop.159

1. Right click the desktop and select Properties.2. Select the Entitlements tab.3. Click Add DNS Name and enter the DNS name of the clientmachine to assign.Free Seating: Assign a Directory Service object as OwnerSelected users and groups based on a directory service may be assigneddirectly to the virtual desktop. This allows a ―free seating‖ association wherethe desktop may be accessed only by assigned users from any location. Morethan one user or group may be assigned to any virtual desktop.1. Right click the desktop and select Properties.2. Select the Entitlements tab.3. Click Add Users and enter the name of the directory service objectto assign.Creating a Simple VDI ImplementationDeskView is designed to help administrators implement a VDI environmenteasily without high costs or complexity. This section explains how toimplement a VDI environment with basic components.RequirementsVDI Server(s) running a desktop hosting platform: VMware ESXi,Microsoft Hyper-V R2, or Parallels VirtuozzoServer to run PowerTerm WebConnectVirtual Desktops configured for deployment and ready for cloning.Ericom Tools must be installed on the desktop to be used as thetemplate.160

VDI in 5 StepsStep 1Step 2Step 3Step 4Step 5•Add a new host to DeskView•All desktops running on the host will be displayed•Create a Machine Configuration to be used for all newly deployed desktops•Sysprep is used to apply a Machine Configuration to a newly created desktop•Create an Auto-sizing Pool to hold the desktops•Select the desired Machine Configuration for new machines•Add and configure Directory Services in DeskView•Assign users and groups to the Pool•Users connect using the Application Portal or Application Zone•User selects desired Pool and a desktop will be providedIn this sample implementation, DeskView is the only management platformrequired to configure a fully functional VDI environment,No additional costly management tools are requiredVirtual desktops are centrally brokered. DeskView provides thefollowing functions:ooooAutomatically create new machines when neededAssign desktops on a temporary or permanent basisSuspend or power off machines when not in useRestrict access to Pools to only certain hours of the dayAdditional hosts can be easily added in DeskView to increase scalabilityof virtual desktops.Creating a Remote PC Access SolutionUse DeskView to build a secure remote PC access solution. Physical PC‘s canbe represented as virtual desktops in DeskView. As users connect toPowerTerm WebConnect, only allowed desktop pools will be displayed. As theuser selects a desired pool, DeskView will connect to user to the destinationPC for secured remote access.161

Step 1Step 2Step 3Step 4Step 5• Add a Managed Physical host to DeskView using the Add Host wizard• Add physical desktops and clients to the host• Create Pools to hold the desktops.• Add and configure Directory Services in DeskView• Assign devices, users, and/or groups to the Pool• Install Ericom Tools• Users can also connect using Application Portal or Application Zone162

14. CREATING A PC-OVER-IP BROKERPowerTerm WebConnect DeskView is a connection broker to manage accessbetween PCoIP Portals (clients) and hosts.Step 1Step 2Step 3Step 4Step 5• Add a PCoIP host to DeskView using the Add Host wizard• Add PCoIP desktops and clients to the host• Create Pools to hold the desktops.• Add and configure Directory Services in DeskView• Assign devices, users, and/or groups to the Pool• Install Ericom Tools if necessary• Users can now connect from PCoIP clients• Users can also connect using Application Portal or Application ZoneNOTE PCoIP devices can only be managed by one connection broker (also knownas a CMS). If you have multiple PCoIP brokers running on the network,make sure that a PCoIP device does not appear in more than one broker.Step 1: Adding PCoIP clients and hostsRight-click Managed Hosts and select Add Host, the Add a New Host wizardwill appear. Specify PCo-IP Managed Machines as the Host Provider and clickNext.Enter a Display Name and a description (optional). Click Next. The DisplayName is a reference label used in the Connection Broker AdministrationConsole and will not be displayed to end-users.Specify a Default Pool if desired (optional). A Default Pool allocates all devicesof the host into one pool. Devices within a host linked to a Default Pool cannotbe assigned to any other pools. This can be changed later under the host‘sProperties. Click Finished and the new Host will be added.The PCoIP host will initially be empty. To populate devices in the host list, usethe built-in SLP Discovery feature. Right-click the PCoIP host and selectDiscovery | Find PCoIP Hosts/Clients. The PCoIP Devices dialog appears163

displaying available devices.Select the hosts/clients to be added and click OK. The devices will appearunder the PCoIP Host/Client list.NOTE SLP-based discovery is not designed for multi-subnet environments. Formulti-subnet support use DNS-SRV based Discovery. Information on thismay be found in the Teradici user guide. When DNS-SRV based discoveryis used, devices will automatically appear in the PCoIP host list. Manualconfiguration is not required in the Ericom Connection Broker.Step 2: Using Pools to deploy desktopsPools are used to arrange PCoIP devices into logical groups. To accessresources, end-users simply connect from a PCoIP client or login toPowerTerm WebConnect from a workstation. The dynamic assignmentfeature of DeskView allows a group of users to share a common group ofdevices. For example, if there are 100 agents in a call center, but only 10users are active at any time, assign the 100 users to a pool of 10 devices.This feature eliminates the need to manage mappings for every user.Static assignment of PCoIP clients to hostsPCoIP clients may be statically assigned to hosts. Static assignment mapsPCoIP clients directly to PCoIP hosts. More than one client can be assigned toa host. Perform the following to create static assignments.1. Right-click the desired machine (host) and select Properties.2. Select the Entitlements tab.164

3. Click Add PCoIP Client to select a client to assign to the host.4. Select the desired client and press Select.5. Click OK. The Owner will be assigned.When a user connects from an assigned PCoIP client, it will connect to thehost as mapped in the Connection Broker.NOTE The PCoIP host must be allocated in a static pool in order to accept staticconnections from PCoIP clients.Username access without using Ericom ToolsFor scenarios where Ericom Tools cannot be installed on the PCoIP host,username access (free seating) is still supported. Go to the DeskView Options| PCoIP | General. Check PCoIP hosts do not contain Ericom Tools.NOTE When Ericom Tools is not running on the PCoIP host, the host will not beavailable for RDP access via PowerTerm WebConnect.Selecting a PCoIP desktops in a PoolA PCoIP pool can be configured such that the user can select a specific PCoIPhost within the pool. To configure this, use the pool‘s Assignment Typeproperty page and check the feature to enable machine selection (User isallowed to select a specific machine). When the user selects the Pool, a list ofPCoIP hosts contained in the pool will be displayed for user selection.Step 3: Assign hosts and pools to users and groupsAssign desktops and pools to users and devices. Determine if Fixed or Freeseating should be used.165

HINTFixed seating connections (PCoIP client is manually mapped to a PCoIPhost) will mirror the PCoIP host exactly. System POST and BIOSinformation is accessible when using Fixed seating assignments. Thismethod can also be useful for troubleshooting.Free seating connections (users/groups are mapped to PCoIP hosts andpools) will only connect users to PCoIP hosts where the operating systemis ready. In most cases, this method is more secure and reliable becausethe end user will not have access to POST/BIOS information and will onlyconnect to a PCoIP virtual desktop that is ready for use.Step 4: Ericom ToolsEricom Tools relay important information about the machine back to thePowerTerm WebConnect server. It is recommended to install Ericom Tools(but not required) in each virtual or physical machine that will be managed byPowerTerm WebConnect. The Ericom Tools installer (vmagent.msi) is locatedon the PowerTerm WebConnect server in \AddOns\DeskView VDI folder (default installation folder isC:\Program Files\Ericom Software\WebConnect 5.6).Step 5: Connecting to the PCoIP Host DesktopOnce PowerTerm DeskView has been configured, users can connect usingtheir PCoIP clients (also known as portals).Static Mapped PCoIP ClientsIf the PCoIP client is configured for Static mapping, only a Connect button willappear. When the user clicks Connect, the PCoIP client will be connected tothe PCoIP host as assigned in DeskView.Dynamic Mapped PCoIP ClientsIf the PCoIP client does not have a static mapping assigned, a username logindialog will appear:A user must enter a username/password/domain to login. The username mustbe located within one of Domains configured under PowerTerm WebConnect"Directory Services". When the user is authenticated, one of the following willhappen:166

If the entered credentials are invalid, the login will be denied and theprompt will reappear.If the user only has access to one desktop, the PCoIP client will beconnected automatically to the PCoIP host desktop.If the user has access to more than one pool, a list of pools will bedisplayed. Once the user selects the desired Pool, a connection will bemade to a machine within the selected pool.HINTIf you see a ―No Machines are available‖ error check the following:Verify that PCoIP Host operating system is not logged in by another user.Verify that Ericom Tools is installed on the PCoIP Host.Verify that CurrentOwner is empty, or is assigned correctlyApplication Zone and Application PortalPCoIP desktops may also be accessed via Application Zone or ApplicationPortal. When a user logs into Application Zone or Application Portal and hasaccess to a PCoIP device, an icon will be displayed. Double click a desireresource to launch it.NOTE When selecting a PCoIP pool from the Application Zone – RDP will be usedas the protocol. PCoIP is only available when both the client and hostdevice supports PCoIP.167

Administering PCoIP DevicesPowerTerm WebConnect DeskView provides management functions for PCoIPdevices. To access the PCoIP management features, right-click on PowerTermWebConnect DeskView and select Options and then click PCoIP. PCoIPdevices communicate to PowerTerm WebConnect DeskView (also known asthe PCoIP CMS) over port 50000.GeneralSLP DiscoveryCheck Enable SLP Auto-Discovery to use SLP to find all available PCoIPdevices on the network (subnet). SLP cannot traverse subnets.To perform a manual SLP search, click Find all PCoIP Hosts or PCoIP Clients.NOTE Only PCoIP devices that are not registered with DeskView will be listed inthe search results.SecurityPowerTerm WebConnect DeskView can force all PCoIP devices to use apredetermined password for firmware access. Enter a value for BrowserPassword to set the password for all devices. Pushing one firmware passwordsecures all managed devices with a consistent password and saves time insetting the password manually at each device.Additional FunctionsEricom Tools is not required for PCoIP connections, although certainfunctionality will be lost. To ignore the presence of Ericom Tools, check PCoIPhosts do not have to contain Ericom Tools.The client can be configured to automatically connect to an assigned host andbypass the Connect button. This is useful for kiosk stations where the clientdevice should always be displaying the desktop of the host.168

Allow Connections to host only via broker will block any PCoIP portal fromconnecting to a PCoIP host without using the broker. This is for enhancedsecurity by ensuring that all PCoIP connections are managed.Amulet Hotkey Quad Monitor SupportQuad monitor configuration is supported with Amulet Hotkey PCoIP clients.To add a PCoIP client supporting Quad monitor:1. Add the desired PCoIP client to DeskView. Only the Primary PCoIPdevice will be displayed. Verify the MAC address by going to theProperties of the device.2. Manually add the IP address of the secondary PCoIP device.Firmware3. The second PCoIP device of the client will not be displayed in theDeskView Administration Console. It will automatically be mappedto existing entry of the primary PCoIP device. Once both PCoIPdevices are added for the PCoIP client, Quad monitor support willbe enabled.When the DeskView connection broker is used to deploy firmware, all PCoIPdevices will use the same firmware version. Firmware is deployed using theFTP protocol. The FTP server containing the firmware file is defined under FTPSettings.169

NOTE PowerTerm WebConnect includes a built-in FTP server. The default FTPfolder is located at :\Program Files\Ericom Software\WebConnect5.7\DeskViewServer\ftproot. To view the contents use a browser andnavigate to ftp://

15. ENHANCEMENTS FOR TS AND VDIEricom BlazeIntroductionEricom Blaze provides end-users with an enhanced remote computingexperience on slower networks: WAN, broadband, and air-cards. This isachieved by significantly accelerating and compressing Microsoft RemoteDesktop Protocol (RDP). The results are higher frame rates, improvedresponse times, and smoother screen updates. Ericom Blaze works with anyx86 or x64 based host system that supports RDP, including Windows TerminalServers, remote physical desktops and VDI based desktops.Ericom Blaze Client ConfigurationEricom Blaze is enabled for each published Windows application and desktop.During the publishing wizard, the administrator will be prompted to set theBlaze settings under the Performance dialog box. For an existing connection,this screen is accessed by right clicking on the Connection, selectingProperties, and going to the Performance view.By default, Blaze is disabled. To enable Blaze, check the Enable checkbox andselect the desired performance/quality setting.171

Ericom Blaze Acceleration / Quality SettingsModerate/Highest – Perfect quality (lossless compression).Appropriate when exact image rendering is required.Good/Very High – Minimal image quality loss.Fast/High – Slightly less quality, slightly greater acceleration thanBest.Very Fast/Good – Balanced quality and performance, ideal formost cases.Fastest/Fair – Lower quality but better performance. Appropriatewhen bandwidth is limited, especially when using graphic intensiveapplications.Manual Server ConfigurationWhen manually defining an address for the server under the Servers view,verify that the Port number is set to 3399 (the Blaze port).NOTE The Blaze port must be set to 3399, this cannot be modified.Ericom Blaze Server InstallationOnce Blaze is enabled, this connection will connect using the default Blazeport of 3399. Ensure that the destination desktop has the Blaze serverinstalled and that the firewall allows incoming connections over the Blazeport. The Blaze Server installation is located in the AddOns\Blaze folder asEricomBlazeServer.msi. This is installed once on a Terminal Server or oneach virtual desktop.172

Single Sign-on from WorkstationPowerTerm WebConnect supports single sign-on (SSO) using the same username and password credentials as those used when logging into the end user’sdesktop. The SSO feature streamlines the users’ access process by reusingcredentials that are already accepted and reduces the number of times they mustsign on.Client ConfigurationThe SSO feature is enabled by installing an MSI on each user’s workstation. TheMSI can be found under the AddOns\SSO folder:PtSSOLogon32.msi – use this for 32 bit operating systemsPtSSOLogon64.msi – use this for x64 operating systemsWeb server ConfigurationIn order to use SSO, the client parameters must include /USER=##. Thisparameter will force the ptagent component to use the credentials providedby the SSO component.NOTE Users without the SSO component installed can still sign on normally withthe /USER=## parameterUnified DesktopUnified Desktop is a feature that displays the remote Start bar on the localdesktop. The end-user will see two Start bars: one for local and one forremote. This allows the end user to access both local and remote applicationsat the same time from the local desktop. Unified Desktop saves time togglingback and forth between desktops (as experienced when using a Full Desktop).On non-Windows clients, the Unified Desktop presents a Windows interface(Start bar) alongside a Linux or Mac interface.Publishing a Unified Desktop connectionStart the Remote Windows Desktop wizard from the Administration Tool.At Step 3 of the wizard select UnifiedDesktop for the Screen size.173

Users selecting a Unified Desktop connection will see just the Start bar of theremote session rather than the entire desktop.True Multimedia Experience/Reverse SeamlessEricom True Multimedia Experience (TME) is a new paradigm for desktop andapplication publishing. TME is also known as reverse seamless applications.With TME, certain applications that are launched from the remote TS/VDIdesktop will be launched locally. The local application will appear in theremote session as a seamless window, hence, the term ―reverse seamless‖.All windowing functions are maintained: z-order of overlapping windows,windows taskbar, and ATL+TAB dialog. TME works with Terminal Servicesand VDI sessions.The benefit of using TME is that for certain resource intensive applications(i.e., multimedia), the execution is offloaded to the local device. Forstreaming media, TME also reduces network traffic between the local deviceand the TS/VDI environment.CASE Problem: A new point of sale application has been deployed in a VDIenvironment and a series of training videos are available from Web. Whenusers login to their VDI based desktops in the morning, they all play thevideos about the same time to learn how to use the new software.There will be extreme network congestion and CPU overload when video isplayed in each VM instance and video performance will be very poor.174

Solution: The Ericom PowerTerm WebConnect administrator will publishthe links to the videos as Reverse Seamless Applications. When userslogin, they will click the video links on their VDI desktop: videos will belaunched in a local media player or browser.Video processing is performed locally and network traffic is directlybetween the local system and web server. Network and server overload isavoided!Configuring Reverse Seamless SessionsStart the Remote Windows Desktop wizard from the Administration Tool.At Step 3 of the wizard select Reverse Seamlessfor the Screen size.Users launching a Reverse Seamless connection will see a standard FullDesktop session. However, these sessions support the function to redirectapplication execution to the local device (reverse seamless applications.)Adding a Reverse Seamless ApplicationReverse seamless configuration requires some careful planning. The TSAgentprovides an API to scripts and executables. This API includes a method toinstruct the TSAgent to execute a command locally. Each application that175

needs to be redirected needs to be configured as a VB script. The script filemust end with a .vbs extension.Sample VB Script to launch notepad using reverse seamless:Dim tsagentSet tsagent = WScript.CreateObject("PowerTerm.TSAgent")tsagent.Redirect "notepad.exe"NOTE On x64 servers, create a link to explicitly use the 32-bit scripting engine.Launch wscript.exe with the .vbs file as the parameter (this can beconfigured as a shortcut). Here is a sample command line:c:\windows\syswow64\wscript.exe C:\IS.vbsIf the client cannot perform the stated command (i.e., notepa), an errormessage will appear:NOTE Verify that a command is valid by entering it into the Terminal Server‘sRun dialog. If the application launches successfully, then the command(and its path) can be used as the tsagent.Redirect value.The scripts must be placed on each users (host) desktop (i.e., VDI desktop).The files must be placed in a folder where the user has Execute permissions.On the user‘s desktop, create a shortcut link for each script file and in theCreate Shortcut dialog browse to the script file to select it as the shortcuttarget. To change the icon of the shortcut: right-click on the shortcut andselect Properties and Change Icon. Select the desired icon for the applicationshortcut.On Terminal Servers, place the shortcuts in the All Users\Desktop folder andmake sure that the script directory is accessible by all required users. ForVDI, the shortcuts and scripts must be manually copied on to each desktop.176

16. UNIVERSAL PRINTINGIntroductionRemote printing with a Terminal Server environment can sometimes becomeproblematic for the following reasons:Network traffic overhead of large print jobs transmitted from theTerminal Server‘s Print Manager to the local printer causesprinting to be very slow.The need to install each user‘s printer drivers on every TerminalServers is cumbersome. If a required printer driver is notinstalled on a Terminal Server, the user may not be able to printlocally from that server.Each time a printer driver needs to be updated, the administratormust perform the update on each Terminal Server; the user hasno control.Universal Printing is a type of redirected printing where a single (universal)printer component is installed on each Terminal server and end user clientdevice. On the Terminal Servers, a server component receives the user‘sprint request and redirects it to the user‘s printer agent (connected to thelocal printer). This form of printing simplifies printer driver management andimproves the performance associated with locally redirected print jobs.PowerTerm WebConnect integrates seamlessly with two universal printingoptions:Net2PrintertriCerat ScrewDriversSupported universal print solutions will work with both PowerTermWebConnect Direct and Gateway modes. The client software is available forboth 32 and 64 bit platforms, and supports USB, LPT, serial, and TCP/IPconnected printers.NOTE Both universal printer solutions support most Microsoft Windows operatingsystems. Both solutions do not support RemoteView for Linux, Mac, orWindows CE (use standard printer redirection instead).177

Using Net2Printer with PowerTermWebConnectNet2Printer installers are bundled with the PowerTerm WebConnect Serverinstallation. The installers for the Net2Printer components are located in theAddOns\Net2Printer folder in the PowerTerm WebConnect application folder.These include the installers for both the Terminal Servers and clients.Terminal Server InstallationTo use Net2Printer Universal Printing, install NPSetupRDPServerEricom.exe oneach Terminal Server that will be managed by PowerTerm WebConnect. WhenNet2Printer is enabled, PowerTerm WebConnect will install the Net2Printerclient automatically on each user‘s system when RemoteView is launched.The printers will be mapped by Net2Printer during the logon process to theTerminal Server.Enabling Net2PrinterTo configure Environment Variables for Net2Printer Universal Printing:1. Launch PowerTerm WebConnect Administration Tool.2. Select Server | Configuration. The Server Configuration dialogopens.3. Set Net2PrinterUniversalPrintingVersion to 1.4. Set PRIV_UniversalPrinting to 1.5. Set RDP_DisableUniversalPrinting to 0.6. Click OK.If Net2Printer is properly installed, the user will see a yellow Net2Printersystray icon when the Net2Printer client is properly connected to theNet2Printer server.NOTE if the icon is white, the client was unable to connect to the server.Once Net2Printer is active, additional configuration of the client can beperformed by right clicking the yellow Net2Printer icon and selectingConfiguration.Standalone InstallationIf RemoteView is installed using the MSI installer, then the appropriateNet2Printer Client MSI must also be used.178

UsageWhen launching any RemoteView session with Net2Printer enabled, theNet2Printer systray icon will appear on the user‘s local system.StatusDescriptionNet2Printer is running, but not connected – not ready to printNet2Printer is running and connected – ready to printWhen the icon is yellow (active), right click on it to open an action menu.Menu ItemConfigurationStatusStatisticsSupportAboutDescriptionSelect which local printer to redirect to the RemoteViewsession. Set the default printer to be redirected. AccessAdvanced Options page.Displays the status of the Net2Printer connectionDisplays how many jobs have been processed by Net2PrinterDisplays the log activity. Set the logging level to Debug tocapture additional information for technical support.Clear Log = Clears the current log contentsSave Log = Saves the log contents into a fileDisplays the version number of Net2Printer being usedNOTE The Net2Printer icon will remain active even after all RemoteView sessionsare closed. RemoteView sessions will remain open based on the settingRDP_LogOffDelaySeconds. Net2Printer will deactivate once the RDPsession is closed.To configure the Net2Printer RDP Server component, open Net2Printer RDPAdmin from the Start Menu.179

Under the License Server tab enter the address of the Net2Printer RDPlicensing server, or activate a license on the current server.On the second tab configure the printer settings, such as the namingconvention of the printers that will appear into RDP sessions. As the PrinterPrefix is updated, the Example window will change to reflect how it wouldappear to the end user.It is recommended to configure Net2Printer to hide any printers that it createsfrom other users on the same Terminal Server. This will prevent users fromprinting to someone else‘s printer. It is also recommended to disable theTerminal Server‘s internal Printer Redirection feature from this dialog box.180

The SMTP Server tab enables users to email PDF printouts. By printing to theNet2Printer object named ―Email‖, users can email the PDF output of the printjob. Enter te network‘s SMTP server IP/DNS name, port, and if required, avalid SMTP username and password.Licensing and ActivationNet2Printer licenses are not included with PowerTerm WebConnect. In orderto purchase Net2Printer licenses please contact Ericom Software.TroubleshootingIf there are issues with Net2Printer functionality, send Ericom the debug log.Using the user account that installed Net2Printer (i.e., local Administrator) dothe following. Enable debugging on the printer service by going to Start |Programs | Net2Printer RDP | Services | Configure ServicesDouble click on the Net2Printer RDP Printer Service and changethe Parameters value to:-remove_orphan_printers -run_as_service -set_logging_level=DebugPress OK to restart the service. Existing sessions will lose theirprinting functionality temporarily, so perform this when users arenot printing (off-hours).Using triCerat ScrewDrivers with PowerTermWebConnectThe triCerat ScrewDrivers installers are included with PowerTermWebConnect. The installers for the ScrewDriver components will be located inthe AddOns\triCerat folder in the PowerTerm WebConnect server folder. Theserver component needs to be installed on each Terminal Server. The clientcomponent is used for manual installations on client systems. When triCerat181

is enabled, its client components are automatically downloaded along with thePowerTerm WebConnect client components.NOTE triCerat ScrewDrivers may be installed and used independently ofPowerTerm WebConnect as well.Terminal Server InstallationTo enable universal printing on a Terminal Server, the appropriateScrewDriver server component must be installed. The ScrewDriver serverinstallation includes a Control Panel Applet that can be used to configure itsfunctionality. Each Terminal Sever installation needs to be managedindependently. Please refer to the triCerat ScrewDriver documentation andonline help for further details.Enabling ScrewDriversConfigure the following Environment Variables to enable triCerat printing:1. Launch PowerTerm WebConnect Administration Tool.2. Select Server | Configuration - the Server Configuration appears.3. Set PRIV_UniversalPrinting to 1.4. Set RDP_DisableUniversalPrinting to 0.5. Set TriceratUniversalPrintingVersion to 1 and click OK.If triCerat ScrewDrivers is properly installed, the user will see a redscrewdriver systray icon when the RemoteView session is established.Standalone InstallationIf RemoteView is installed using the MSI installer, then the appropriateScrewDriver Client MSI must also be used. If a ScrewDriver plugin hasalready been installed on the client device prior to the RemoteViewinstallation, RemoteView will detect and use the existing plugin.If RemoteView succeeds in loading the plugin, it will disable the RDP control―Redirect Printers‖ property in order to avoid using duplicate printers on theTerminal Server.triCerat Printers Configuration ToolIf the triCerat client is installed using the MSI, the triCerat ClientConfiguration Tool will be available from the user‘s Windows Control Panel.1. Open the Windows Control Panel.2. Click triCerat Client Configuration.182

If the triCerat client is installed using the PowerTerm WebConnect URL, theConfiguration Tool is accessed using the published application‘s Start bar icon:1. Right-click on the Start bar icon and select Ericom Software fromthe menu list.2. Select Printers Configuration Tool.When working with a Full Desktop window, the Printers Configuration Tool isaccessed by clicking Options | Printers Configuration Tool.The Printers Configuration Tool is also accessible from the Application Zone.Licensing and ActivationtriCerat licenses are not included with PowerTerm WebConnect. In order topurchase triCerat licenses please contact Ericom Software.Using Microsoft Easy Print with PowerTermWebConnectPowerTerm WebConnect supports Easy Print in most scenarios whereMicrosoft RDP (mstsc.exe) will support it. On the client end, MS Windows XPSP3 or higher is required. On the server end, MS Windows 2008 or higher isrequired. Consult Microsoft documentation on how to configure Easy Print.NOTE Ericom‘s RemoteView client (PTRDP.exe) uses a 32-bit Microsoft RDPcontrol to support Easy Print. RemoteView currently does not support EasyPrint from Windows x64 operating systems.183

17. TERMINAL EMULATION WITH HOSTVIEWIntroductionPowerTerm WebConnect HostView provides Terminal Emulation for legacyservers (i.e., IBM AS/400, UNIX, AIX, etc.) The following features of theterminal emulator can be modified centrally using the Administration Tool:Menus and menu options: Entire menus or specific menucommands can be hidden from specific users.Screen attributes such as display colors, number of rows andlines, cursor shape, and tab stops can be configured differently foreach user and group type.Function buttons: There are two types of function buttons. PowerPad is a floating panel of buttons that the user can positionmanually on the screen. Soft Buttons are functions Buttons (SoftKeys) that are fixed to the bottom of the emulation screen.Keyboard mapping: Traditional terminal keys can be mapped tothe physical system keyboard. Keyboard mapping also mapsautomated functions (also known as macros).Configuring Legacy ConnectionsLegacy host connections are configured using the Administration Tool.Creating a Legacy Host Connection1. Select Action | New | Host Connection. The New Connection dialogappears.184

2. Configure the legacy host‘s Connection properties:3. Click OK and the new connection will be created and added to thelist of connections. Any user that has been assigned to theconnection will also see it in their Application Zone automatically.Copy a connection based on an existing one:1. Select a Connection to be copied and right-click it; then selectCopy. The Copy Connection dialog will appear.2. Type in a new Connection Name.3. Click OK. The new connection will be created and the ConnectionProperties dialog will appear.4. Make necessary modifications. Verify that the Display Name isunique and then enable the connection.5. Click OK. The new connection appears with its own uniqueproperties in the Connection pane.NOTE A copied connection is initially disabled. It must be manually enabled forusers access it.185

Testing a connection:1. Right-click on the connection in the Connections pane and selectTest. The Login dialog appears.2. Provide a valid password and click OK. The desired hostconnection will be launched.NOTE Testing the connection helps ensure that it is working properly beforedeployment to end-users.Modifying connection settings:1. Select the desired connection and right-click it; then selectProperties. Or, select Action | Properties. The ConnectionProperties dialog is displayed.2. Make any modifications.3. Click OK. The new modifications will take effect.Legacy Connection PropertiesConnection Name: Unique identifier used by PowerTermWebConnectDisplay Name: Title of the connection displayed to the end-user.This value does not have to be unique, although it isrecommended to avoid end-user confusion.Settings button: Displays the Settings dialog which configures theemulation window‘s appearance and behavior.Key Mapping button: Drag and drop keyboard mapping feature.Power Pad button: Programmable buttons to map commands andscripts.Login Script: Opens a text window to add scripts to be run aftercommunication is established by the emulation client.Memo button: Opens a text file to track information for theconnection.Publishing button: Determines where to place shortcut icons onthe user‘s desktop.Up and down arrows: Clicking these arrows switches to theprevious (up) or next (down) object.NOTE The arrows are not displayed in the Add Connection dialog when youcreate a new connection.186

NOTE If the next connection is a RemoteView connection, the Properties page willbe displayed.OK and Cancel buttons: Save or discard your changes(respectively), and close the dialog box.Deleting a connection1. Select a Connection to be deleted and right-click it; then selectDelete. A confirmation message appears.2. Click Yes to delete the connection permanently.Disabling a connection1. Select a Connection to be disabled and right-click it; then selectProperties. The Connection Properties dialog appears.2. Clear the Enabled checkbox.3. Click OK. The connection is now disabled.Enabling a disabled connection1. Select a Connection to be enabled and right-click it; then selectProperties. The Connection Properties dialog appears.2. Select the Enabled checkbox.3. Click OK. The connection is enabled.NOTE When a connection is deleted or disabled the user will no longer be able toaccess it. If the connection will be used at a later point, disable theconnection rather than delete it. A disabled connection can be re-enabled.NOTE If a parent connection is disabled, its child connection will also be implicitlydisabled. (A child connection is a connection that has another connectionas its owner.)PowerTerm WebConnect HostView SettingsTo configure settings at the user level:1. Double-click the desired User. The Properties dialog is displayed.2. Click the Settings button. The Terminal Setup dialog is displayed.3. Configure desired settings.To configure settings at the group level:1. Double-click the desired Group. The Properties dialog is displayed.187

2. Click the Settings button. The Terminal Setup dialog is displayed.3. Configure desired settings.To configure settings at the connection level:1. Double-click the desired Connection. The Properties dialog isdisplayed.2. Click the Settings button. The Terminal Setup dialog is displayed.3. Configure desired settings.To configure settings at the server level:1. Select Server | Default Settings. The Terminal Setup dialog isdisplayed.2. Configure desired settings.Keyboard MappingIt may be necessary to map host terminal keys to the PC keyboard toproperly emulate the original terminal. Any keyboard key may be configuredto emulate a key, macro, or script. The keyboard mapping definitions arestored in a file with the same name as the current terminal setup file, but withthe extension .ptk. For example, the default keyboard mapping definitionsare stored in a file named ptdef.ptk. The setup files are stored on thePowerTerm WebConnect server. End-users can load their own settings if theyhave the proper permissions (i.e., member of Super Users group).To view key mapping configuration:1. Right click on the connection to be configured and selectProperties. The Connection Properties dialog will appear.2. Click the Key Mapping button.3. Move the mouse over the different keys. The bottom line of thedialog shows the corresponding PC and terminal keys.HINTPoint to the ―t‖ key of the VT keyboard and the corresponding PC key ―T‖will be displayed. Use this to track existing key mappings.To map a PC key with a host key:Using the Key Mapping window, drag a key from the upper Terminal Keyboardto the desired key on the lower PC Keyboard.Click the key on the terminal keyboard to display additional keyoptions.188

HINTClick the key and the alphabet keys on the terminal keyboard willbe displayed in upper case. These keys can also be assigned or mapped.To map combinations of Alt, Ctrl, and Shift keysUsing the Key Mapping window, click any combination of , , or key on the PC Keyboard.Drag the desired key from the Terminal Keyboard to the desired keycombination on the PC Keyboard.To copy a PC key to another PC keyUsing the Key Mapping window, hold the key while dragging thedesired PC key to the PC key to be mapped. Both keys now have the samefunctionality.To replace a PC key with another PC keyUsing the Key Mapping window, drag the desired PC key onto the PC key thatwill be replaced (mapped).To restore a PC key to the default valueUsing the Key Mapping window, drag the desired PC key to the wastebasketicon. This restores the default function of the PC key.To restore the default keyboard mapping of all mapped keysUsing the Key Mapping window, click the Clear All button.To assign a script command (macro) to a PC keyPower Pad1. Using the Key Mapping window, right-click a key on the PCkeyboard to be assigned, and select Enter Script Commands. ThePC Button dialog appears.2. Enter the script (PSL) command and click OK. The PC key has nowbeen assigned a script command.The Power Pad is a floating keypad with programmable buttons. The buttonsare by default named F1, F2, F3, etc., with a few default functions, such asClear, Enter, and Insert. The number of displayed buttons and their namescan be modified.The Power Pad can be defined at the server's level or at the connection level.189

To open the Power Pad & Function Buttons at Server’s LevelSelect Server | Default Power Pad. Configure as needed.To open the Power Pad & Function Buttons at Connection Level1. Select the HostView connection to be configured.2. Right-click the connection and select Properties. The ConnectionProperties dialog appears.3. Click the Power Pad button. The Power Pad & Function Buttonsdialog will appear.To program the Power Pad1. Double-click the row/column line for the button to beprogrammed. The Power Pad Button dialog appears.2. Enter its Description and Script Command.HINTTo hide the PSL command, add an asterisk to the beginning of thecommand.3. Click OK.To reset the Power Pad1. Click the Clean Power Pad button.2. Click Yes at the confirmation prompt to restore the default values.To adjust the number of buttons in the Power PadEnter the desired number of Rows and Columns to appear in the Power Pad.NOTE There is a maximum of 10 rows and 10 columns in the Power Pad. Thedefault is 9 rows and 4 columns.190

Custom Background Bitmap for HostViewAdd a custom background image in HostView1. Select Files | Put Background Bitmap. The Select BackgroundBitmap File dialog will appear.2. Find and select the desired bitmap file.3. Select the desired file and click Open. The custom bitmap is nowconfigured as the Server default.To change the background image:1. Go to Server | Configuration2. Set the Background Bitmap File NameLPD Printing with PrintViewPrintView queues are used to launch an LPD printer daemon on the end-user‘ssystem. The PrintView queue becomes an available printer for the legacy hostto print to. This allows host print jobs to be sent to the user‘s local printer.Host ConfigurationTo print directly to the PrintView LPD queue, configure the (legacy) hostsystem to point to the IP address/hostname of the local workstation runningthe PrintView client. Specify the PowerTerm WebConnect PrintView queuename as the queue name on the host.To print to PrintView using the PowerTerm WebConnect server as a gateway,set the LPD-ListenPort to in the Main Configuration (PtServer.ini)file. To print to an LPD client via the PowerTerm WebConnect Gateway, pointthe host LPR to the queue name with the format:\EXAMPLE:127.0.0.1\Example1Configuring the ListenPortThe ListenPort is the port used by the PowerTerm WebConnect server toaccept jobs and other commands from the LPR. These commands are routedto the destination LPD queue hosted by PowerTerm WebConnect PrintView.The default value is the standard LPD port 515 when using the gateway.192

or 0 means LPD/LPR gateway support is disabled. Restart thePowerTerm WebConnect Server service for the settings to take effect.Create a PrintView Queue manually1. Select Files | Defaults | PtLpd.ini. The PtLpd.ini file is displayed ina text editor.2. Copy the following lines and paste them to the bottom of the file.[Queue=]AccessFrom=AccessMode=UnlimitedAppendFormFeed=FalseDevice=Enabled=TrueEscapePrefix=EscapeSuffix=HoldPrinting=FalseTranslateLineFeed=False3. Change the user name to the user name being configured.4. Select File | Save.Using PrintViewEnd users can launch PrintView using the Application Zone or ApplicationPortal. From the Application Zone click Options | Run Component | PrintView.For Application Portal users, if PrintView is enabled, users will see a PrintViewicon under the Actions menu.When PrintView is launched, the user will see all available queues.When closing the PrintView Queues window, PrintView will continue to run anda systray indicator will be displayed ( ).193

18. Secure FTP and QuickFTPSecure FTP and QuickFTP are two FTP clients included with PowerTermWebConnect. Both use the same FTP engine and user interface, but arelaunched differently by the user. QuickVNC is centrally managed by thePowerTerm WebConnect server, so some settings are not configurable by theend-user.NOTE Both FTP clients only support Windows operating systemsLaunching QuickFTPPublished QuickFTP connections will appear in the user‘s Application Zone orApplication Portal once assigned.QuickFTP connections are configured and published by the PowerTermWebConnect Administration Console. The publishing steps are very similar topublishing a HostView connection.To begin, in the Administration Console go to Action | New | Host Connection.Select Remote Desktop Access and FTP as the Communication type.Configure the settings as desired and click OK to create the new FTPconnection.STOP All QuickVNC connections MUST have a username and passwordpredefined. This cannot be entered manually by the end-user.194

Launching Secure FTPThe Secure FTP Client can be launched using one of three methods:1) Select Secure FTP from the Application Portal2) Select Secure FTP from the Application Zone Options | Run Componentmenu:3) Select Secure FTP from the Application Zone systray Options menu:195

Using Secure FTP and QuickFTPStep 1: Start PowerTerm FTP ClientStep 2: Enter the session parameters using the Settings menu(SecureFTP ONLY).Step 3: Enter the Connection Parameters (SecureFTP ONLY).Click the Connect button to set connection parameters. Define the connectionparameters for a session, or select a previously defined connection profilefrom the connection list.To save a connection profile for future use, type a profile name in theDescription field and click Add. Once saved, the connection profile isdisplayed in the Connection List. To select a connection profile, click on aprofile name in Connection List.Step 4: Connect to an FTP Site (SecureFTP ONLY)Click the Connect button to connect to the desired FTP site.Step 5: Transfer filesStart by selecting Copy or Append (Default is Copy).196

ToolbarNewOpenServicesSavePreferencesFileTransferSetupConnectLogWindowCloseCreate a new configuration fileOpen an existing configuration fileDisplay the FTP log; refresh the file list in both the local andremote directory; open the Connect dialog.Saves a configuration fileDisplays current session preferencesSelect options for data conversion.Enter connection parameters for file transferDisplays FTP session detailsExit the FTP client198

19. REMOTE SHADOWING WITH QUICKVNCPowerTerm WebConnect's QuickVNC allows users to securely connect to thedesktop of any remote system running a VNC server (listener). Platforms thatsupport VNC server include: Microsoft Windows, Mac OS X, and Linux.Multiple QuickVNC sessions may be established to the same server.QuickVNC can be useful in the following scenarios:Remote sever administration and maintenanceOnline Training. Multiple users can connect to the same machinerunning the VNC listener.Collaboration ToolRemote technical supportPowerTerm WebConnect QuickVNC provides the viewer side component of aVNC connection. The VNC server is installed independent from PowerTermWebConnect and can be downloaded from the Internet.NOTE QuickVNC client only works from Windows-based systemsConfiguring a QuickVNC client connection1. Select Action | New | Host Connection2. To configure an existing connection, right-click on the connectionand select Properties. The Add Connection dialog appears.199

3. Enter the Connection Name. Names are not case-sensitive,however they must be unique.4. Enter the Display Name. This will be displayed to end-users5. For Category select Remote Desktop Access.6. For Communication Type select VNC.7. Set the Owner of the connection. Click the AD Groups button toassign the connection to a directory service object if desired.8. Enter the Host name or IP address of VNC Host (listener).9. Enter the Password for the VNC connection (optional). If apassword is not specified, the user will be prompted for apassword when the connection is established. This password mustmatch that of the VNC server and has a maximum of eight (8)characters.Type the Port Number for the VNC server; the default is 5900.10. Specify the Display Number for the VNC connection. Default is 0.11. Check Full Screen for the session to display in full screen ratherthan in a window.12. Check View Only to prevent the user from interacting with thehost. This is useful for remote monitoring and training.Connecting to a QuickVNC Session1. Use Application Zone or the Application Portal to access publishedQuickVNC sessions.2. When a QuickVNC connection is launched, the user may beprompted for a password (this appears when the password is notpreset in the connection‘s properties).3. Once the session is established, the end-user will be able to viewthe remote desktop running the VNC server.4. A QuickVNC Toolbar will appear at the top of the screen. Thistoolbar provides useful functions (i.e., file transfer) that can beapplied to the active session.200

Running a VNC serverUltraVNC is compatible with QuickVNC. Running the server is as simplerunning the executable winvnc.exe on a Windows host. More information canbe found on the uVNC website: http://www.uvnc.com/NOTE A password must be set for the VNC server and it must not exceed eightcharacters.Ending a QuickVNC Session1. The host can end the QuickVNC session by clicking on the VNCsystray icon and selecting Kill or Close.2. The user can end the QuickVNC session by clicking the closebuttonCreating a Training Session with QuickVNCStep 1Step 2Step 3• Install and run a VNC server on trainer's system• Set a password (up to 8 characters)• Publish a connection to the trainer's system• Assign the connection to desired users/groups• Instruct trainees to login to PowerTerm WebConnect to accessthe published connection201

20. REMOTE ASSISTANCE WITHSUPPORTVIEWPowerTerm WebConnect SupportView is a built in component that enablesend-users to request technical assistance from an Administrator or Supervisorlevel user. When a SupportView session is established, theadministrator/supervisor can "shadow" the desktop of a PowerTermWebConnect end-user. Once connected, the administrator has access toremotely control the mouse and keyboard along with the user. The user candisconnect the administrator at any time. SupportView can be very useful inthe following scenarios:Remote Support: End-users can request support for anyapplication on their desktop.One-to-one Collaboration Tool: End-users can request supportfrom colleagues to work on a project together on the samedesktopRemote Training: End-users can request support from a trainer toreceive training on their applications.NOTE SupportView only works from Windows-based client systemsSupport Request OverviewStep 1Step 2Step 3Step 4Step 5• End-user requests SupportView assistance through PowerTermWebConnect or a web page.• PowerTerm WebConnect processes the end-user's request and presentsa list of available administrators/supervisors that can provide support.• The user selects a desired administrator/supervisor and waits foracknowledgement.• Once the administrator/supervisor accepts the request, a SupportViewsession is established.• Once the session is established, the administrator/supervisor will beable to operate on the desktop along with the end-user.202

Requesting a SupportView SessionEnd users can request support through one of the following features:Application ZoneSysTray AgentApplication ZoneApplication PortalSupportView websitehttp:///webconnect/windows/supportview_x.htmlOnce the administrator accepts the SupportView session the connection isnegotiated and established between the two systems. When the SupportViewAgent appears, the Administrator/Supervisor will be able to view and controlthe end-user’s desktop. The user will also be notified that the support session isaccepted.When the end-user requests a SupportView session from a webpage, thesession will be established with the user.204

Accepting a SupportView SessionA SupportView request prompt will appear on an Administrator‘s/Supervisor‘sdesktop when a user has requested support.Click OK to accept the user‘s request. Once accepted, SupportView will detectwhether Gateway mode should be used.If Gateway mode is enabled, the Administrator/Supervisor will be notified.When the SupportView session is established, the end-user‘s desktop willappear along with the SupportView function toolbar.To end the session, simply closethe SupportView Window.Remote Attach using Administration ToolPowerTerm WebConnect Administrators have the ability to remotely shadow anyWindows based desktop where a PowerTerm WebConnect component is running.Attaching to a remote system1. Login to the Administration Tool2. Select View | Client Sessions. The Session dialog appears.3. Right-click on the desired user and select Attach.4. At the Verify Permissions prompt, enter the Administrator‘sPassword.205

5. Click Verify. The user will see a notification message and have 30seconds to reject the remote session.6. If the end-user clicks OK, or after 30 seconds have passed, theAdministrator will start shadowing the user‘s desktop.7. At the conclusion of the session, a notification message will appearon the user‘s desktop displaying duration information.206

21. MESSAGINGThe PowerTerm WebConnect administrator can send a message to specific orall users logged into PowerTerm WebConnect.Send MessageToMessageDistributionModeReply ModeField DefinitionsSpecifies the recipient of the messageSpecifies the text of the messageSingle per machine: a user will receive the message onlyonce on a machine, even if there are multiple sessions.All clients: the message is broadcast to every sessions (i.e. ifthe user has 5 sessions open, 5 messages will be displayed).Specifies what action the recipient(s) can take.Reply, the recipient is expected to reply.Optional reply, the recipient has the option to reply.No reply, the recipient does not have the option to reply.Sending a message to a user1. Highlight the user(s) that will receive the message using theAdministration Tool‘s user‘s window.2. Select Action | Send Message. Alternatively right-click SendMessage. The Send Message dialog appears with the designatedMessage recipient.NOTE You can add additional recipients by typing their names in the To text box.3. Type the text of your message in the Message box.4. Specify the Distribution and Reply Mode.5. Click Send. The message is sent to the designated recipient(s).207

OR1. Right-click and select All Sessions.2. Select the user/group and right-click Send Message. The SendMessage dialog box appears with the designated Messagerecipient.3. Type the text of your message in the Message box.4. Specify the Distribution mode.5. Click Send. The message is sent to the designated recipient(s).Sending a message to a group1. Select the group to receive the message.2. Select Action | Send Message. Alternatively, right-click and selectSend Message. The Send Message dialog appears with thedesignated Message recipient.NOTE You can add additional recipients by typing their names in the To text box.3. Type the text of your message in the Message box.4. Specify the Distribution and Reply Mode.5. Click Send. The message is sent to the designated grouprecipients.Send a message to all users1. Select Server | Send Message to All Users. The Send Messagedialog appears with the designated message recipient.2. Type the text of your message in the Message box.3. Specify the Distribution and Reply Mode.4. Click Send. The message is sent to all the users.208

22. OPTIMIZING PERFORMANCEThis chapter provides best practice recommendations for optimizingPowerTerm WebConnect and Terminal Server performance.Using a Dedicated ServerFor optimal performance, install PowerTerm WebConnect on a dedicatedserver. Installing PowerTerm WebConnect on a server with heavy load willadversely affect performance of the server. PowerTerm WebConnect shouldnot be installed on a server running any of the following:Microsoft Active Directory or any other directory serviceMicrosoft Exchange or any other mail serverMicrosoft Terminal Server or Citrix Presentation ServerCorporate Web serverAny server under constant heavy loadNOTE For prototypes and small to medium sized deployments, installingPowerTerm WebConnect on a Terminal Server is most practical.Running PowerTerm WebConnect separate from the Web ServerThe PowerTerm WebConnect installer assumes that there is a web server onthe same system. It is possible to host the web folder on a web serverexternal to the PowerTerm WebConnect server.Memory ResourcesFor optimal performance ensure that the PowerTerm WebConnect hassufficient resources. It is important to allocate sufficient memory for thePowerTerm WebConnect server, and to ensure that the server does not needto use the virtual memory swap file.Use the server‘s Performance Monitor to monitor the system‘s performanceand resource usage over time. Inspect memory related statistics such asMemory\Pages/sec and Memory\Page Faults/sec. High values indicate thatmore RAM is needed as memory is constantly swapped to and from the disk.209

Alternate Connection PointsThe default installation assigns the main connection point to the first known IPaddress of the computer and port 4000. These values are specified in theAddress and PortNo entries of the [ConnectionPoint=name] section, in theserver‘s Main Configuration (PtServer.ini).Additional connection points can be added by simply copying an existingconnection point and modifying the values. Connection points allowconnections to the PowerTerm WebConnect server through additional ports.EXAMPLE – in this connection point the server address is configured as126.1.1.177 and the port of 443 will be used to accept connections toPowerTerm WebConnect. Only SSL connections will be accepted via this port.[ConnectionPoint=Secured]Address=126.1.1.177PortNo=443SSL-Required=TrueLoginRequestTimeoutSeconds=10EchoTestFrequencySeconds=60EchoTestTimeoutSeconds=30KeepAlive=FalseUseConnectingMachineName=TrueHINTWhen adding a new connection point, ensure that the server firewall allowstraffic though the new port. Also verify that there is not another serviceon the server already using the port.After configuring Connection Points, restart the PowerTerm WebConnectServer service.PowerTerm WebConnect Server's ProcessPriorityA process' priority determines how much CPU resources the operating systemallocates to the process, relative to other processes running on the computer.Processes with a higher priority are allocated more CPU time and thereforeoften execute more quickly than processes with a lower priority.Set the server’s process prioritySet the entry [Server]ProcessPriority=priority-name in the server‘s Mainconfiguration file (PtServer.ini).210

The supported priority-name values are:NormalHighRealtime When PowerTerm WebConnect is run as a service(default), the process priority is High. When run as a regularprogram, the process priority will be Normal.Under normal conditions, do not change the server‘s process priority.Best Practices for a Healthy EnvironmentDo not use vendor-supplied defaults for system passwords andother security parametersEricom recommends changing the password for the PowerTerm WebConnectAdministration Console immediately after installation. The default password is.Uninstall unused applications from Terminal ServersKeep Terminal Servers optimized by not installing extraneous applications.Uninstall applications that are no longer used. Terminal Servers are accessedby many users each day and should be optimized to run applications that areneeded the most.Use and regularly update anti-virus software or programsAn Ericom PowerTerm WebConnect Terminal Server environment stores alldata within the datacenter. Anti-virus applications and signatures only needto be updated on easily accessible Terminal Servers rather than on manyhard-to-reach (and manage) end-user workstations.Virtualize servers to ease the backup and rollback processBefore making significant changes to any server (i.e. upgrading WebConnect)take a snapshot of the server. This will create an image of a ―working‖ serverand provide a simple method of rolling back the server.Develop and maintain secure systems and applicationsAn Ericom PowerTerm WebConnect Terminal Server environment stores alldata within the datacenter (minimizes impact of critical data loss due toequipment theft). Centralized data sources are easier to maintain and secure.Manage redirection features to meet security standards; such as disabling fileupload and download to the Terminal Server.211

23. IMPLEMENTING ACCESS SECURITYAn effective server access solution must ensure that critical computingsystems are not compromised. This is especially important when access tothese systems is extended beyond the local network to areas not managed bythe IT department. PowerTerm WebConnect provides features to secureaccess to published applications and desktops.Encrypting with SSLPowerTerm WebConnect uses Secure Socket Layer (SSL) for establishingsecure communication between the PowerTerm WebConnect server and theclients.PowerTerm WebConnect supports three levels of communication security:Unsecured (No SSL): Communication between the server and the client is notsecured by PowerTerm WebConnect. For example, Telnet communication istransmitted as clear text, including user names and passwords.Encryption without Authentication (Anonymous SSL): SSL is used forencryption only. The client will not verify the PowerTerm WebConnect server'sidentity. This is the default security level used by PowerTerm WebConnect.Fully Secured (SSL with Server Certificate): SSL is used to both authenticatethe server when communication is established, and to encrypt thecommunication data stream. In order to use this level of security, a certificateand primary key, must be placed on the server. The client will access a copyof the certificate from a source (file system, a Web server, or an FTP server)and will use it to verify the server's certificate. The certificate can also bedownloaded from the PowerTerm WebConnect server and saved on theclient's machine upon receiving confirmation from the end-user.NOTE The security level of the communication between the PowerTermWebConnect server and clients, does not affect the security of directconnections between clients and hosts. Direct connections are independentof PowerTerm WebConnect security and handled by its protocol (i.e., RDP).Configuring No SSL Security LevelClient side configurationAdd the following parameter to the command line (i.e.,ApplicationZone.html): /NOSSLServer side configurationUsing the Administration Tool, go to File | Configuration | Main (PtServer.ini).212

Set SSL_Required= to False. This will allow the server to accept unsecuredclient connections.To verify that no SSL is used, go to the About dialog on the client side (i.e.,Application Zone) and there will be no lock icon .NOTE To disable compression set UseCompression=FalseConfiguring Anonymous SSL Security LevelClient side configurationAdd the following parameter to the command line (i.e.,ApplicationZone.html): /SSLServer side configurationVerify that the pair of security files (PTS.crt and PTS.key) are not in the samefolder as PtServer.exe. If they are located in the same folder, the server willuse them for authentication. If they are not in the folder, the server will useanonymous SSL.Using the Administration Tool, go to File | Configuration | Main (PtServer.ini).Set SSL_Required= to True. Now PowerTerm WebConnect will only acceptSSL connections.To verify that SSL is used, go to the About dialog on the client side (i.e.,Application Zone) and verify the presence of the lock icon.Configuring SSL with Certificate Security LevelClient side configurationAdd the following parameter to the command line (i.e.,ApplicationZone.html): /SSLCERTFILE or /SSLCERTPATH/SSLCERTFILE is used to reference specific certificate files./SSLCERTPATH is used to reference a folder containing one or more certificatefiles.The certificate filename or path is configured as follows:213

SSLCERTFILE=filename or /SSLCERTPATH=pathNOTE The certificate path is not searched recursivelyUsing multiple certificatesBoth command line parameters can reference multiple files or paths:/SSLCERTFILE=‖file1;file2;file3‖/SSLCERTPATH=‖path1;path2;path3‖Server sideVerify that the pair of security files (PTS.crt and PTS.key) are placed in thesame folder as PtServer.exe. If they are not in the folder, the server will useanonymous SSL.Using the Administration Tool, go to File | Configuration | Main (PtServer.ini).Set SSL_Required= to True. Now PowerTerm WebConnect will only acceptSSL connections.NOTE The first time the certificate files are placed in the server‘s folder (andanytime they are replaced) the PowerTerm WebConnect Server servicemust be restarted.If the server‘s certificate does not match the certificate file referenced by/SSLCERTFILE, or is not located in a directory referenced by /SSLCERTPATH,the connection is rejected.To override this operation place an asterisk (*) in front of the certificate filename, or directory path. In this case, if the file does not exist or does notmatch the server‘s certificate, the server‘s certificate is presented to the user.If the user accepts the certificate, it is saved and the connection will beestablished. If a file name is provided without specifying a folder, the file willbe saved to Ericom-folder/certificates.NOTE Distributing a certificate in this manner is less secure than manuallyplacing them on the client computer (there is no way to verify the sourceof the certificate.)If the SSLCERTFILE file name is not specified, a search in the default folderwill be conducted for the following:ServerName=ServerIP-ServerPort.crtExample:steven= 127.0.3.37-4000.crtEricom-folder is a private user folder. It is located under the user‘s profile(i.e., C:/Documents and Settings /User-Account-Name/ApplicationData/Ericom)214

For certificate authentication, place the CA certificate in the web side rootfolder and specify its path in the following manner:https://webserver/WebConnectV.v/server.crtExample: https://www.customer.com/WebConnect5.1/server.crtTo verify that SSL is used, go to the About dialog on the client side (i.e.,Application Zone) and verify the presence of the lock icon.SSL with Server Certificate (Administrative Access)In the Connect dialog of the Administration Tool, the Administrator canconnect to a server without a certificate. During a connection attempt, adialog will appear stating the file name and path of the certificate that theAdministration Console failed to find.The administrator can choose one of the following options:Reject this certificateAccept this certificateAccept and Save this certificate to the specified server locationEnabling FIPS Compliancy in RDPFIPS compliancy is supported by the RDP protocol. This is a vital featurewhen sensitive data (i.e., credit card information) is sent over publicnetworks. FIPS is enabled using the Terminal Services (Remote Desktop)Host Configuration.To enable FIPS Compliancy on Windows 2003 Terminal Servers:Open Terminal Services Configuration.Double click on RDP-Tcp and go to the General tab.Change the Encryption level to FIPS Compliant.215

To enable FIPS Compliancy on Windows 2008/R2 Terminal Servers:Open Remote Desktop Session Host Configuration.Double click on RDP-Tcp and go to the General tab.Change the Encryption level to FIPS Compliant.NOTE Blaze connections do not support FIPS.216

24. RADIUS AND RSA ® AUTHENTICATIONPowerTerm WebConnect supports integration with RSA SecurID or Radiusbased security platforms to add two-factor authentication.Two-factor authentication increases assurance that the user connecting to thesystem is properly sanctioned. By requiring two ―factors‖ (usually a passwordand PIN), there is a lesser chance that an unsanctioned user can hack into theenvironment.PowerTerm WebConnect Server ConfigurationGo to the Main Configuration (PtServer.ini), and navigate to the ConnectionPoint section. The parameter AuthenticationMethod can have one of threevalues:RegularRsaSecurIDRadiusSingle-factor authentication based on the user‘s credentialsTwo-factor authentication using the RSA SecurIDTwo-factor authentication using the Radius based systemTo handle the user‘s name between the two-factor authentication server andthe user database, the parameter Use_userPrincipalName should be set toTrue or False (default). This parameter is set in the Main Configuration(PtServer.ini) under the Misc section.True gives the user‘s full name (i.e. user name including location).False gives just the user‘s name (i.e., name@company.local will beauthenticated with name.)RSA SecurIDWhen using RSA SecurID, the user authenticates to the PowerTermWebConnect server by entering a PIN and tokencode. The clientcommunication is encrypted using SSL. PowerTerm WebConnect server thentransmits the user‘s PIN and tokencode to the RSA Authentication server forauthentication. If the credentials are properly authenticated, the user will belogged in to PowerTerm WebConnect.217

Agent Host ConfigurationTo enable communication between PowerTerm WebConnect and the RSAAuthentication Manager / RSA SecurID appliance, an Agent Host record mustbe added to the RSA Authentication Manager database. The Agent Host recordmust include the PowerTerm WebConnect server in its database.To create the Agent Host record, obtain the following information:Host name of PowerTerm WebConnect ServerIP Addresses of PowerTerm WebConnect ServerWhen adding the Agent Host Record, configure the PowerTerm WebConnectas Net OS.NOTE Hostnames within the RSA Authentication Manager / RSA SecurIDappliance must resolve to a valid IP addresses on the local network.Please refer to RSA Security documentation for additional information oncreating, modifying and managing Agent Host records.218

PowerTerm WebConnect Configuration for RSACopy sdconf.rec that was generated by the RSA AuthenticationManager to windows/system32 of the PowerTerm WebConnectserver.Configure PowerTerm WebConnect to authenticate to RSAAuthentication Manager.ooLaunch the PowerTerm WebConnect Administration Consoleand go to the Files | Configuration | Main to access theMain Configuration (PtServer.ini)In the [ConnectionPoint=Internet] section set the optionAuthenticationMethod=RsaSecurID. This setting specifiesthat connections to this Connection Point will beauthenticated with RSA SecurID.Restart the PowerTerm WebConnect Server service.Go to applicable published application‘s Advanced section(applicable applications are those that will be used by usersauthenticating with RSA/Radius). Uncheck the option UseWebConnect User Credentials. Place %u in the Username field,and %X”Network Password” in the Password field.NOTE There is a space between ―Network‖ and ―Password‖RadiusRadius configuration and usage is similar to RSA.1. Launch the PowerTerm WebConnect Administration Console andgo to the Main Configuration (PtServer.ini)2. In the [ConnectionPoint=Internet] section set the optionAuthenticationMethod=Radius. This setting specifies that219

connections to this Connection Point will be authenticated withRadius.3. Configure settings for the Radius connectionRadius_serverRadius_portRadius_sec_timeoutRadius_retriesRadius_secretAddress of the Radius server(UDP) port that the Radius server islistening on. Default: 1812timeout to wait for response from theRadius server. Default: 2number of times to retry sending of theauthentication request if a timeout occur.Default: 3Radius server‘s secret password4. Restart the PowerTerm WebConnect Server service.NOTE PowerTerm WebConnect Server only supports one Radius server at a timeUser AccessWhen users launch the Application Zone they should log in with the two-factorcredentials (PIN and tokencode).NOTE RSA and Radius authentication is only available with the Application Zone.Neither are available with the Web Application Portal.New users that do not have a PIN should login with just the tokencode andwill be prompted to create a new PIN.220

If no PIN is entered, another prompt will appear.If the user does not enter a PIN, one can be created automatically. The userwill see a message similar to this:Press OK to acknowledge the creation of the PIN.During the login, the tokencode may expire during the authentication. Whenthis happens, the user will be prompted to re-enter the password (PIN andtokencode) with an updated tokencode.221

RADIUS for PCoIP DevicesPowerTerm WebConnect DeskView supports RADIUS authentication fromPCoIP clients. This section explains how to configure DeskView to useRADIUS for client authentication.1. Open and login to the PowerTerm WebConnect Connection BrokerAdministration Tool.2. Right click on PowerTerm WebConnect DeskView and selectOptions.3. Click Network and add the Radius Domain if it is not alreadypresent.4. Click PCoIP and select the Authentication button222

5. Select Radius and enter the parameters for the desired RADIUSserver6. Certain RADIUS servers require that the user enter the domainprefix or UPN - check the appropriate box if needed7. Click OK and use a configured PCoIP client to test the RADIUSlogin223

25. JUNIPER ® SSL VPN INTEGRATIONJuniper Network‘s SSL VPN solution, in conjunction with Ericom‘s PowerTermWebConnect, provides secured remote access to mission critical applications,ensuring a cohesive and complete Server Based Computing environment.Using a dedicated SSL VPN remote access platform will result in significantlybetter performance over the built-in SSL Gateway because encryption andgateway overhead is completely offloaded from the Ericom servers. Theconfiguration instructions in this chapter is based on Juniper version 6.0R6.SSL VPN ConfigurationTo configure ActiveX Parameter Rewriting (Rewriting specific to Ericom‘sWebConnect):From the Juniper IVE browse to Users | Resource Policies | Web | ActiveXParametersAdd: Class Id: 7EC816D4-6FC3-4C58-A7DA-A770EE461602Parameters: Src / Rewrite URL and response (Static and dynamic HTML)WSAM ConfigurationTo configure WSAM to tunnel PowerTerm WebConnect‘s application traffic andensure that the proper users have access:From the Juniper IVE, browse to: Users | User Roles | | SAM |Applications1. Add Server: server.widgets.com (the WebConnect Server name )2. PowerTerm Port(s): 4000 (or the custom port number)224

3. From the IVE browse to Users | Resource Policies | SAM | AccessControl | Resources: server.widgets.com:4000(:)4. Configure the ―Allowed Servers‖5. Set up Selective Rewriting policy, within the Juniper IVE, browseto Users | Resource Policies | Web | Selective Rewriting6. Add the server to the Initial Rewrite Policy7. Define the roles that the policy applies to.8. Select Rewrite content (auto-detect content type).9. Server gets added to Resources as: http://server.widgets.com:*/*225

JSAM ConfigurationTo configure JSAM to tunnel PowerTerm WebConnect‘s application traffic andensure that the proper users have access:1. From the Juniper IVE, browse to: Users | User Roles | | General | Overview2. Scroll down to Access features section3. Select Secure Access Manager | Java version4. From the Juniper IVE, browse to: Users | User Roles | | SAM | Options5. Select Java SAM6. Configure JSAM Port Forwardinga. From the Juniper IVE, browse to: Users ResourceProfiles SAM Client Applicationsb. Select New Profilec. Set Type to JSAMd. Set Application to Custome. Set name to something descriptive, such as ―PowerTermWebConnect Servers‖f. Add your PowerTerm WebConnect Server and TerminalServers to the JSAM Port Forwarding section. ThePowerTerm WebConnect Server port is 4000, and TerminalServer ports are 3389.g. Select ―Save and Continue‖226

h. Select the Roles for this Resource Profile to be applied toand Add them to the Select Roles area. Click SaveChanges‖.Portal ConfigurationTo enable the PowerTerm WebConnect Portal, first create the bookmark forthe User Role. Part of this process also involves verifying that the user has227

proper access to the website and related web links. The bookmarks andaccess rules should look similar to the following:Users | User Roles | | Web | Bookmarkshttp://server.widgets.com/webconnect/portal/windows/index.aspUsers | Resource Policies | Web | Web ACLhttp://server.widgets.com:80/webconnect/*Now configure PowerTerm WebConnect to allow connections from the JuniperSSL VPN.1. Browse to the WebConnect DataBase folder. (Usually in―X:\Program Files\Ericom Software\WebConnect\DataBase‖, where―X‖ is the drive letter in which PowerTerm WebConnect isinstalled.)2. Open PtServer.ini and search for Machines=localhost;127.0.0.1.3. Add the server address to this line(Example: Machines=localhost;127.0.0.1;juniper.testdomain.com)4. Search for the section beginning with: [ConnectionPoint=Internet]5. Add this line at the end of this section: CheckIPMatch=False6. Restart the PowerTerm WebConnect Server Server service.NOTE If not configured properly, users will receive an error stating CredentialToken Error.Configuring Single Sign-OnNOTE: Juniper Advanced License is required for SSO Form POST in the IVEplatform.Configure the HTML Form POST to enable Single-Sign-on from the SSL VPN tothe PowerTerm WebConnect portal.1. Users | Resource Policies | Web | SSO Form POST2. Resource:http://server.widgets.com:80/webconnect/portal/windows/index.asp228

3. POST to URL:http://server.widgets.com/webconnect/portal/windows/LoggedIn.aspooooLogin / Login / Not modifiabledomain / widgets / Not modifiableusername / / Not modifiablepassword / / Not modifiableAdditional Useful PoliciesAutopolicy: Web Access Control:http://server.widgets.com:80/webconnect/portal/windows/*oAllowAutopolicy: Caching:http://server.widgets.com:80/webconnect/portal/windows/*oNo-CacheAutopolicy: Rewriting Options: No rewriting (use JSAM)http://server.widgets.com 80ohttp://server.widgets.com 3389 Launch JSAMAutopolicy: Web Compressionhttp://server.widgets.com:80/webconnect/portal/windows/*oDo not compress229

26. MONITORING AND AUDIT TRAILSMonitoring Online ActivityThe Administration Console provides information about user status andactivities. This information is presented in two ways:By connection source: view status for computers, users, or groups.By sessions: view information about active client sessions.Status Information for Computers, Users, and GroupsThree views report by connection source: the Users pane, filtered by RuntimeInformation; the Groups pane, filtered by Runtime Information; and theMachines window.Identification Information FieldsThe Users pane, Groups pane, and Machines window, each show runtimeinformation for different characteristics of a connection source. The followingtable lists and explains all the runtime information fields, and indicates whichare shown in each window (a √ indicates that the window shows the field).Fields displayed in the Users pane pertain to individual users; fields in theGroups pane pertain to all the users in a specific group; and fields in theMachines window pertain to all the users accessing the server from a specificcomputer.Column Description User Group MachinesIP AddressSessionsCountFirstEntranceLastEntranceLoginsHistoryIP address of the remoteclient.Total number of sessions thatare currently used by thegroup.The date and time of the loginof the user.The date and time of the lastlogin of the user.The number of loginsperformed by the user.- - √√ √ √√ - -√ √ -√ - √230

Output BytesInput BytesOutputMessagesInputMessagesActive UsersCountThe total bytes of applicationtraffic that were sent to theclient.The total bytes of applicationtraffic that were received fromthe client.The total of applicationpackets that were sent to theclient.The total of application packetthat were received from theclient.The total number of thegroup‘s users that arecurrently active.√ - -√ - -√ - -√ - -- √ -Show Preset Columns TypesRight-click an object (not the column title) and select ColumnsSelect one of the following sets of information: Basic, Identification, I/OInformation.Viewing Active SessionsIn the Client Sessions view, a new entry is created each time a user connectsto PowerTerm WebConnect and opens a new session (i.e., RemoteView,HostView, etc.)The fields in session information table are divided into two groups: staticfields that identify the session and I/O Information fields that show realtimeinformation about the session (until it ends).231

Viewing sessions for a userRight-click on the desired user and click Sessions.ORRight-click on the user object and select Properties. The User Properties dialogwill be displayed. Click the Sessions button.View sessions opened by all users of a groupRight-click the desired group and click Sessions.ORRight-click on the group object and select Properties. The Group Propertiesdialog will be displayed. Click the Sessions button.View sessions opened by all usersSelect View | Client Sessions or click the icon.Viewing administrative sessionsThe Administrative Sessions window displays the online activity of users thathave administrator status. Every entry in the table represents oneadministrator session, so if an administrator logs on twice, two lines areadded.Select Views | Administrative Sessions or click the icon.Viewing intruders listThe Intruders window shows suspected attempts at breaching PowerTermWebConnect. Every entry in the table represents an instance where a usereither:Attempted to connect using HTTP, or through an incorrect port.Entered a wrong password.Entered an unknown username.Entered a correct username and password, but connected from an IP orcomputer not specified in the user or group Allowed List.Attempted to connect from two different computers, although the AllowConcurrent Machines is disabled.232

After several intruder attempts, users are blocked temporarily. The number ofattempts and the time period of blocking are defined in the Intruders fields ofthe Server Configuration dialog.In addition to showing suspected intrusion attempts, the Intruders windowallows the administrator to remove restrictions on users. The administratorcan also prevent users from being detected as an intruder in the future.To open the Intruders view select View | Intruders or click the icon.HINTTo remove a user restriction right-click the desired user entry in theintruders table and select Allow. The allowed user will now be able to loginto PowerTerm WebConnect using correct credentials.Viewing Status for PrintView (LPD) QueuesThe PrintView LPD Client allows transparent printing (i.e. passes allcharacters, including escape sequences that arrive at the port directly to theprinter without translation) from the host server to a printer. The host sendsprint jobs from certain queues to the PrintView Client, running on a PC thathas access to a local printer.PrintView queues corresponding to the host‘s queues must be defined on thePrintView Client, and then registered with the PowerTerm WebConnect server.The PrintView Queues window shows runtime information on all print queuesregistered with the server. To open the PrintView Queues view, open theAdministration Console and select View | PrintView Queues.Viewing Current Server StatisticsThe Deployment and Performance Statistics dialog, displays currentinformation (i.e., license count) for the PowerTerm WebConnect server. Toopen the Deployment and Performance Statistics dialog in the AdministrationTool, select Server | Deployment and Performance Statistics.NOTE To refresh the information under Deployment and Performance Statistics,close and reopen the dialog window.233

Event Viewer AccessInformation related to server‘s operation will be tracked in the server‘s EventViewer. The Administration Console provides a shortcut to the WindowsManagement Console Event Viewer. Select Tools | Event Viewer.System LogsEach start of the PowerTerm WebConnect server or starter service generatestwo new (standard) log files, PtServer.LOG and PtStarter.LOG. PowerTermWebConnect maintains backup versions of these log files. They are named inthe format: exename.LOG.bck-00N.PtServer.LOG represents the general log file of the PowerTerm WebConnectserver.PtStarter.LOG represents the log file of the PowerTerm WebConnect starter.Failover History records the Failover state transition of PowerTermWebConnect servers working in Failover modeError log, is an Excel CSV document detailing errors from the PtServer log.System Information log, tracks periodic system checks, gatheringinformation about the server-starter processes.Communication Events log, logs the LOGIN, LOGOUT, LOGIN-LOST,RECONNECT, etc. caused by client sessions (not administrative sessions).The last log message contains the ―~‖ character. If the maximum log file sizeis reached, then the last line contains the ―^‖ character, indicating that anynew log messages will be written at the start of the new log file.Viewing the PowerTerm WebConnect Server logSelect Files | LOG files | Server | Standard Log.Viewing the Failover logSelect Files | LOG files | FAILOVER History.LOG.Viewing Audit TrailsThe Audit Trail is a chronological record of the PowerTerm WebConnect useractivities. This includes user login, application/desktop access, and othervarious actions. To view the audit trail using the Administration Tool: selectFiles | LOG files | Audit Trail. An editor supporting CSV is required to view thefile (i.e., Microsoft Excel, Notepad, etc.)234

Audit Trail OptionsThe Main Configuration (PtServer.ini) has a setting to define Audit Trailoptions. AuditTrail_Options can be configured with the following parameters:* /LAYOUT= Establishes the layout modeMINIMAL (default)FULL* One of /TITLE, /NOTITLE or/TITLE=…* One of /READ_ONLY or/READ_WRITEEnables/disables/specifies the usage of thecolumn titles row./TITLE The default column titles will be used(default)./NOTITLES Column titles will not be used./TITLE=… The supplied list of column titleswill be used. The very first character will beused as separator.Establishes the write permission mode of thefile when it will be closed at midnight.Default: /READ_ONLY* /DIR= Specifies the folder of the audit trail output,.By default the Audit Trail (PtAT.dll) createsfiles in the folder /Audit Trail.The value specified by /DIR= maycontain the logical folders and.* /FILETITLE= Specifies the file title format of the audit trailoutput, other than the default. By default thePtAT.dll creates files name PtAT- . The followingplaceholders are available: Year with century, as decimalnumber. Year without century, as decimalnumber (00-99). Month as decimal number (01-12). Abbreviated month name. Full month name. Abbreviated weekday name.235

Full weekdayname. Day of month as decimalnumber (01-31). PowerTerm WebConnectserver‘s computer name.* /EXT= Specifies the file extension of the audit trailoutput, other than the default. By default thePtAT.dll creates files of CSV type.* One of /DAILY, /WEEKLY or/MONTHLYEstablishes the file replacement (renewal)mode./DAILY The file will be replaced at midnight(default)./WEEKLY The file will be replaced onMondays at midnight./MONTHLY The file will be replaced atmidnight on the 1 st of the month.236

27. RECONNECT FEATURESPowerTerm WebConnect includes four types of Reconnect features to ensurethat end users have high availability to the PowerTerm WebConnectresources.TypeApplication Zone ReconnectSession ReconnectBlaze ReconnectNetwork ReconnectClients supportedApplication ZoneRDP RemoteView sessionsBlaze RemoteView sessionsHostView, PrintView, QuickVNC sessionsApplication Zone ReconnectWhen an active Application Zone loses connectivity to its PowerTermWebConnect server, it will automatically try to reconnect to the server. TheApplication Zone systray icon will start blinking when it attempts to reconnect.Right-clicking on the systray Agent gives the user options to force a Retry orto Quit the Application Zone.Once the network connection is re-established and the Application Zoneproperly reconnects to the PowerTerm WebConnect server, the Systray Agentwill stop blinking and remain solid.Two common cases where the Application Zone loses connectivity:The PowerTerm WebConnect server is shut downThe client system loses network connectivity to the PowerTermWebConnect server.237

Session ReconnectWhat is a Disconnected Session?Disconnected Terminal Server sessions are user sessions on the TerminalServer that contain active applications, but not currently connected to by aclient. Sessions may be become disconnected for various reasons, such as:A network fault or any loss of communication.The Administrator disconnects the session.The user disconnects the session or closes the RDP client withoutlogging out of the session.Disconnected sessions have a finite lifespan as defined by a timeout periodset on the Terminal Server (configured by the administrator). At the end ofthis timeout period, the session will automatically be reset. A user canreconnect to disconnected Terminal Server sessions as long as it is active.NOTE PowerTerm WebConnect Session Reconnect does not require or use theMicrosoft Session Directory service. As a result, Enterprise versions ofWindows server is are required.Client UsageDisconnected Sessions are reconnected by just launching a new application.When a user is logged in to the Application Zone and has a disconnectedsession assigned, the following icon may also appear in the Application Zoneand the systray agent:A balloon message will also appear displaying “Power Term WebConnectApplication Zone. You have disconnected sessions. Right click the icon inorder to resolve them.”Right clicking on the disconnected icon will provide three options to the user:Reconnect allClose allHide notificationReconnect to all disconnect sessionsClose all disconnected sessionsHide the disconnect icon and do nothingNOTE The user can only reconnect to disconnected sessions belonging to it.Double-clicking the icon will reconnect the user to an active session. The iconwill no longer be displayed if the user hides it or if there are no longer anydisconnect sessions.238

Logging off a user using the Administration ConsoleTo close a disconnected session:1. Launch the Administration Tool.2. Click on the Terminal Server Sessions button. A list of allactive Terminal Server sessions will be displayed,including the disconnected ones.3. Select the disconnected session(s) to be closed. Use the Ctrl keyfor multiple selections.4. Right-click on the selected session(s) and select Log OffDisconnected Sessions (or Log Off All Disconnected Sessions).5. Click on Yes to confirm.NOTE Disconnected Session Reconnect is only available for sessions createdthrough PowerTerm WebConnect and the Load Balancer.NOTE Disconnected Session Reconnect Network Reconnect is only available fromWindows clients. This feature is not available for users connecting fromMac or Linux systems.Blaze ReconnectEricom Blaze sessions use a different reconnect mechanism built into theclient component. During a network interruption, the Blaze session willattempt to reconnect to the active session. During the reconnect process theuser will be presented with a dialog box with the number of connectionattempts. The user may stop the reconnection attempts by clicking theCancel button.Network ReconnectNetwork Reconnect will automatically resume sessions that have beeninterrupted by a network disruption.239

There are three available modes:NoneOnDemandWirelessWill not reconnect an interrupted session.Will reconnect only sessions connected through thePowerTerm WebConnect server‘s gateway.Will reconnect any session automatically. All wirelesssessions use the PowerTerm WebConnect server‘sgateway.The Network Reconnect configuration process consists of the following:Configure the PowerTerm WebConnect Server to use NetworkReconnect (Network Reconnect is disabled by default).Specify which PowerTerm WebConnect objects have permissionsto use Network Reconnect.Configure the client parameters to use Network ReconnectWhen the user launches a PowerTerm WebConnect component,the reconnect mode is activated for the session.Enabling the Network ReconnectNetwork Reconnect is disabled by default. Configuration to the server andclient components are necessary to enable Network Reconnect.Server Configuration for Reconnect ModeTo begin, set the Default Reconnect Mode. Thiswill be the default value when Network Reconnectmode is not configured in objects that have higherprecedence.1. Select Server | Configuration.2. Select the desired Default Reconnect Mode.When the Highest Reconnect Mode is set as , the Server‘s value willbe used.To set the Reconnect mode for a group:1. Right-click on the desired group and select Properties. The GroupProperties will appear.HINTHINTThe default group of the server is Novice Users and its Reconnect Mode isNone by default. This must be changed to enable Network Reconnect.Non-persistent users do not belong to a group by default. Assign a Defaultgroup to the Default AutoCreated User to set the Reconnect Mode.240

2. Select the Highest Reconnect Mode.To set the Reconnect mode for a user:1. Right-click on the desired user and select Properties. The GroupProperties will appear.NOTE For Non-persistent users, the Reconnect Mode must be set at the grouplevel2. Select the Highest Reconnect Mode.NOTE The user setting has the highest precedence.Main Configuration Settings (PtServer.ini)LastSentMessagesMaxCountWhen Network Reconnect is used in Wireless mode, PowerTerm WebConnecttracks the packets for every connection and saves them so any lost data canbe restored after a reconnection.If the value of LastSentMessagesMaxCount is too low the server may fail toreconnect because there is not enough data stored. However, if the value istoo high, Network Reconnect may consume too much memory from thePowerTerm WebConnect server.The default value (64 packets per connection point) should not be modified.Every time the server fails to reconnect, it automatically increases theLastSentMessagesMaxCount value. After a few failed connections,LastSentMessagesMaxCount will be automatically adjusted to an optimalvalue.Client Configuration for Reconnect ModeTo enable Network Reconnect in a PowerTerm WebConnect component, addone of the parameters listed below to the command line, or in thecorresponding HTML file (i.e., ApplicationZone.html).Client Parameters for Reconnect Mode:/RM_NONE (*)/RM_ON DEMAND/RM_WIRELESS/RM_INTERACTIVE - enables the user to select the mode during login(HostView and PrintView clients only).Once a component is connected to the server, the activated Reconnect modeappears in the bottom right of the About dialog:241

If the Reconnect mode is not displayed, Network Reconnect is disabled.If the network connection is interrupted during a session enabled withNetwork Reconnect, a connection dialog will appear while the client attemptsto reconnect to the server.242

28. UPGRADE INSTRUCTIONSAn existing installation of PowerTerm WebConnect can be easily upgradedusing the installer. The existing license will be maintained on the serverduring the upgrade process. A PowerTerm WebConnect installation orupgrade requires administrative access to the server.NOTE If PowerTerm WebConnect Server and the web server components areinstalled on separate machines, the Ericom web components will also needto be updated on the web server.Uninstall the Current InstallationThe best approach to upgrading the server is to first uninstall the currentversion. The licensing will be maintained on the server and the configurationfiles will be backed up as part of the uninstallation process. Stop thePowerTerm WebConnect Server service before running the uninstaller. Touninstall PowerTerm WebConnect, remove the application using the ControlPanel | Add/Remove Programs (or Uninstall Programs link). At the firstinstaller prompt select Remove.STOP If you have made changes to the contents of the web folder, back up thisfolder manually now. It is not backed up automatically.Backup the Previous InstallationManual Backup: simply copy the application folder to a backup drive.The default path is \Program Files\EricomSoftware\WebConnect X.XAutomatic Backup: During the uninstallation ofthe current version, the administrator will beprompted to back up the current configuration.Simply specify a path for the backup files.243

Four configuration folders will be backed up: Database, DeskViewAdmin,DeskViewServer, and Load Balancer.NOTE The PowerTerm Terminal Server agent and companion services do notneed to be uninstalled before the upgrade.Install the new versionFirst, complete a fresh installation of the new version. Once the installation iscompleted, import the previously backed up configuration.1. Go to Start | Programs | Ericom Software | PowerTermWebConnect | PowerTerm WebConnect Upgrade Utility2. Click Yes to the warning message. All existing configuration willbe overwritten during this procedure.3. Click Yes to stop the Server service. All active users will bedisconnected.4. Click Yes when prompted to use previous settings, and select thedesired PtServer.ini file to import. Click OK to continue.After the settings are imported, restart the PowerTerm WebConnect Serverservice for the settings to take effect.244

Updating Ericom and Terminal ServersWhen applying server updates (i.e., Windows update) the Ericom environmentshould be updated off hours during a period with little impact to the endusers.Update the Terminal Servers first, and begin with servers that have nousers logged in. Once the initial set of Terminal Servers is updated, updatethe Terminal Servers that have users logged on them, but send a broadcastmessage warning of possible server reboot. Once Terminal Servers areupdated, apply the updates to the PowerTerm WebConnect servers.Updating Terminal ServersEnsure that there are no users on the system before applyingupdatesIf there are idle users present, inform them that the server will berestarted for maintenance (send a message using Terminal ServerManager or call the user). Use the Terminal Server Manager tologoff any active users.Stop the Load Balancer agent service so new users will not logon.245

Apply necessary updatesReboot the server if required, or restart the Load Balancer Agentservice once the updates are completedRDP to the server to ensure that it still accepts connections. TestPowerTerm WebConnect access.Updating PowerTerm WebConnectEnsure that there are no users logged into PowerTermWebConnect before applying updates.If there are idle users present, inform them that the server will berestarted for maintenance (send a message using the Admin Toolor call the user). Use the Admin Tool to logoff any active users.Apply necessary updates.Reboot the server if required. Reboot the Database server firstand then the WebConnect servers immediately afterwards.After the reboot, login to PowerTerm WebConnect Admin Tool on aserver to ensure that everything is operating properly.If PowerTerm WebConnect is using Cluster mode, login to theAdmin Tool on the second WebConnect server and verify that theMonitor-mode message appears (this means that the servers arerunning in cluster mode). If the Monitor-mode message does notappear, verify that the Database server has rebooted properly.Updating the LoadBalancer.xml fileOpen the XML file and verify that the XML path is correct (updatethe version number in the path): XMLFilePath="C:\Program Files(x86)\Ericom Software\WebConnect 5.7\Load Balancer\">Updating web servers (optional)Optional: copy the ptagent.ver.txt and ptagent.cab from thePowerTerm WebConnect server‘s ..\web\windows directory to thecorresponding directory on the web server. This is not requiredbecause if the PowerTerm WebConnect server‘s ptagent (inDownloads folder) do not match with the client‘s, it will beupdated using the PowerTerm WebConnect server‘s version. Thisensures that the client‘s ptagent will always be using the versionfrom the PowerTerm WebConnect‘s Downloads directory.246

29. Appendix A – EnvironmentVariablesThis chapter covers all available environment variables that can be configuredwith PowerTerm WebConnect. Environment variables may be configured forusers, groups, connections, and the server.NOTE An empty value indicates that there is no initial valueVariable name Values DescriptionAGENT_AllowMultipleAGENT_ExitCleanModeAGENT_SysTrayAGENT_UserViewMode1 = onDefault: 1Upgrade: emptyDoNothingCleanCredentialsCleanApplicationsCleanAll = Removescredentials and all thecreated shortcuts.Disable = The user cannotexit the agent.Default: empty = CleanAllRegularHoldUpHideDefault: empty = Thecommand line value will beused.UserDefinedClassicAppCenterPrivilege to run multiple agentsfor the same user (fromdifferent IPs).Specifies which ApplicationZone components to removeupon exit.The state of the ApplicationZone systray agent.UserDefined (or empty) -This is the default value for thevariable. The Application Zone willuse the user’s current view (“Classic”by default).Classic - The user is forced to workwith the “Classic” view only (The“Switch to Application Center View”menu option is disabled).247

DOWNLOADS_DisableLPD_AutoReloginAnywayLPD_AutoReloginFrequencySecondsLPD_SocketReadTimeoutSecondsUpdates = Only the updatesare disabled (missing filesare downloaded).NewFiles = Only themissing files are disabled(updates are allowed).All = The downloadfunctionality is fullydisabled.Any other value =Download fully enabled.Default value: empty1 or TRUE = The PrintViewclient tries to re-login evenif there are queues thatsupport direct accesss also.Default: emptyRange 10 – 3000 (zero) to disableDefault: 305Default: 30AppCenter or ApplicationCenter -The user is forced to work with the“Application Center” view only (The“Switch to Classic View” menu optionis disabled).This environment variable has higherprecedence over the /SNE flag whichsets the mode in ptagent.Client download permissions.Only relevant ifLPD_AutoReloginFrequencySeconds value >0.Specifies the frequency of there-login attempts when theconnection to PowerTermWebConnect server was lost.The timeout of reading fromthe socket while processing ajob.MODE_SessionOverlap Default: empty Sets the session overlap modefor the very first session.PRIV_ChangePassword1 = OnDefault: emptyEnables the user to modifyhis/her password.PRIV_CopyToFile 1Default: emptyEnables the user to copy thescreen contents to a file.PRIV_CreateShortcut Default: empty Enables the user to create a248

shortcut.PRIV_FileTransfer Default: empty Enables the user to use theFile Transfer of the HostViewclients.PRIV_Keyboard 1Default: emptyPRIV_KeyboardMap 1Default: emptyPRIV_Online 1Default: emptyPRIV_PowerPad 1Default: emptyEnables the user to openand/or save the keyboardmapping of the emulatorclients.Enables the user to viewand/or modify the keyboardmapping of the emulatorclients.Enables the user to switch theemulator client off/on line.Enables the user to modify,open and/or save the Powerpad and Function buttons ofthe emulator clients.PRIV_RunDFT Default: empty Enables the user to runEricom‘s DFT utility.PRIV_RunFTP Default: empty Enables the user to runEricom‘s FTP utility.PRIV_RunLPD Default: 1 Enables the user to runPowerTerm WebConnectPrintView client.PRIV_RunQuicFTP Default: 1 Enables the user to runPowerTerm WebConnectQuickFTP client.PRIV_RunRDP Default: 1 Enables the user to runPowerTerm WebConnectRemoteView client.PRIV_RunSupport Default: 1Upgrade: 1Enables the user to runPowerTerm WebConnectSupportView client.PRIV_RunVNC Default: 1 Enables the user to runPowerTerm WebConnectQuickVNC client.PRIV_Script Default: empty Enables the user to run PSLcommands and scripts, to edit249

PRIV_SendImage_BitsPerPixelPRIV_SendImage_MaxSizeKPRIV_SendMessage0, 4, 8, and 16Default: 4Default: 320 = off1 = single messaging target2 = multiple messagingtargetsDefault: emtpyand to record them.The maximum resolution of theDesktop bitmap image to beattached to a message. 0(zero) means than no imagecan be attached.The maximum size (in kB) ofthe compressed Desktopbitmap image. 0 (zero) meansthan no size limitation isapplied.Enables the user to use themessaging facility ofPowerTerm WebConnect.PRIV_Setup Default: empty Enables the user to modifyand/or save the setup of theemulator clients.PRIV_TerminalCanCreateShortcutDefault: emptyFor sessions running on aTerminal Server. Onlyevaluated ifPRIV_CreateShortcut isenabled.PRIV_Trace (empty) Enables the user to use thetrace facility of the emulatorclients.PRIV_UniversalPrintingDefault: emptyUpgrade: emptyEnables the user to use theUniversal Printing feature ofthe RDP client.PRIV-NewTerminalWindow1 Enables the user to open anew emulator client.RDP_AuthenticationLevelRDP_CutFullUserNameDefault: 01 = onDefault: 0Specifies Terminal Serverauthentication level (seeMicrosoft documentation)Remove ―@...‖ from username leaving only theunqualified name250

RDP_DisableCompressionRDP_DisablePrintScreenKeyRDP_DisableSessionSharingRDP_DisableUniversalPrintingRDP_ForceSeamless1 = onDefault: 01 = onDefault: 0Upgrade: empty1 = onDefault: 0Upgrade: emptyDefault: 1Upgrade: 1MS-SeamlessEricom-SeamlessDefault: emptyDisable RDP bulk compressorDisables the PrintScreenfunction in RemoteViewsessions.Disables the Session Sharingof RemoteView sessions.Disables the Universal Printingfeature of RDP client.Force MS Seamless(RemoteApp) or Ericom TrueSeamless regardless ofconnection settings and hosttype.RDP_FullScreenMonitor Default: 0Primary Monitor: 1Secondary Monitor: 2Determines if a Full Desktopsession will run in multimonitoror open in a presetmonitor.RDP_LogOffDelaySecondsRDP_PreTsAgentExeRDP_RedirectSchemesRDP_RedirectExcludeRDP_ScriptFolderRDP_Suppress_Service_Stopped_Message…Default:900 (seconds)Default: emptyUpgrade: emptyDefault: emptyUpgrade: emptyDefault: emptyUpgrade: emptyPath to scripts folder (i.e.,\\fileserver\scripts)1 = onDefault: 0Sets the RDP logoff timeoutfrom the point where the userexits Application Zone.Name of file to run beforerunning the TSAgent.Specifies what protocols toredirect, like http, https, etc.Specifies what URLs not toredirect.Sets an alternate location forthe script folderSuppress error message ifconnection to server is lostRDP_WithExplorer 1 = on Run with hidden Windows251

RDP_WaitCursorSupport_ERICOMDefault: 01 = onDefault: 0Default:tech.support@ericom.comExplorer in seamless session.Useful for: Publishing foldersand apps that don‘t workwithout ExplorerTurns local cursor to anhourglass whenever mousebutton is pressed. Improvesperceived response time forslow connections.Not supported by Blaze.Specifies the To e-mailparameter to be used by theSendEmailToSupport facility ofthe Administration Tool.Support_MailBcc Default: empty Specifies the Bcc e-mailparameter to be used by theSendEmailToSupport facility ofthe Administration Tool.Support_MailBodyDefault: The attached filecontains material requiredby Ericom to reconstructthe situation for which theuser is requestingassistance.Specifies the Body e-mailparameter to be used by theSendEmailToSupport facility ofthe Administration Tool.Support_MailCc Default: empty Specifies the Cc e-mailparameter to be used by theSendEmailToSupport facility ofthe Administration Tool.Support_MailSubject Default: empty Specifies the Subject e-mailparameter to be used by theSendEmailToSupport facility ofthe Administration Tool.Support_MailToTerminalLanguageDefault:tech.support@ericom.comR, REGIONAL orREGIONALS = Evaluates thecurrent user‘s regionalsettings.E or ENGLISH = EnglishterminalSpecifies the e-mail address ofEricom SupportSpecifies the terminallanguage (code page set) forHostView.252

TriceratUniversalPrintingVersionUSE_CLIENT_HostViewW2H_LoginDisabledReasonW2H_SupportAcceptedW2H_SupportRejectedByUserW2H_SupportRejectedOnTimeoutH = RTL languages terminal?, I or INTERACTIVE = Asksthe user for his preference.Default: emptyDefault: emptyUpgrade: emptyDefault: emptyEnables the user to use theversion of triCerat plug-inclient. Used for multipletriCerat plug-in clients support.Replaces USE_CLIENT_activexand USE_CLIENT_exeIf not empty, any newemulator client will be loggedoff immediately, displaying thespecified text.The text sent to the clientrequesting support when therequest is accepted.The text sent to the clientrequesting support when therequest is rejected explicitly bythe support.The text sent to the clientrequesting support when therequest is rejected due to thetimeout being exceeded.253

30. Appendix B – AdministrationConsoleAction MenuCommand/SubmenuNewToolbarButtonDescriptionOpens the Publish Application and theRemote Desktop wizards, as well asthe Add User/Group/Host Connectiondialogs.Quick Access DialogLaunches the Quick Access dialog.Copy - Copies the object‘s property definitionresulting in a mirror copy except forthe name, which must be unique.Delete - Deletes the selected object.Shut Down - Shuts the selected object down.Send Message - Enables you to write an instantmessage and send it to the selectedobject‘s members.Properties - Opens the object‘s properties dialog.Sessions - Displays the active sessions that arerelated to the selected object.Exit - Exits the Administration Tool.Server MenuCommand/SubmenuConnect/DisconnectConfigurationDefault SettingsDescriptionConnects/Disconnects the Administration Consolefrom the server.Opens the server‘s configuration dialog.Opens the Property pages where you can define the254

default settings for all users in the system.Default Power PadMemoDeployment &Performance StatisticsRefresh ActiveDirectoryInformationReload the LicenseDirectory ServicesSend Message to AllUsersOpens the Power Pad & Function Buttons dialog.Opens a Notepad so you can write text file memos.Displays the Deployment & Performance Statisticswindow.Manually refreshes the Active Directory Tree data.(Automatic refresh will occur at a pre-determineddaily time.)Refreshes the license file.Opens the Directory Services dialog.Opens the Send Message dialog to send an instantmessage to all the system users.Send E-Mail to All users Opens the default e-mail application to send an e-mail to all the system users.Attach Server‘s MachineStart ServerShut Down ServerAttaches to a user‘s session upon request.Starts PowerTerm WebConnect Server.Shuts PowerTerm WebConnect Server down butdoes not close Administration Console(recommended method).View MenuCommand/SubmenuConnectionsUsersGroupsToolbarButtonDescriptionExpands the Connections pane andhides the other two panes.Expands the Users pane and hidesthe other two panes.Expands the Groups pane and hidesthe other two panes.All Views - Displays all three panes.Environment Variables - Opens the Environment Variableswindow, with all the environmentvariables in the system.255

Client SessionsAdministrative SessionsTerminal Server SessionsDisplays real-time information forcurrent Client sessions.Displays real-time information forcurrent Administrative sessions.Displays real-time information forcurrent Terminal Server sessions.PrintView Queues - Displays real-time information forcurrent PrintView queues.Machines - Displays real-time information formachines currently in session.IntrudersDisplays all Intruder attempts.Refresh I/O InformationRefreshes runtime information in allthe Administration Tool‘s tables.Auto Refresh I/O Information - Activates automatic refresh, definedin the Server properties.Files MenuCommand/SubmenuConfigurationDescriptionFive configuration files (PtServer*.ini) that are locatedin the \DataBase directory:Main, contains the definitions of all the entities used byPowerTerm WebConnect Server, except for the hostconnecter that are contained in thePtServer_Connections.ini file.Users, contains the definitions of all the user entitiesused by PowerTerm WebConnect Server.Groups, contains the definitions of all the group entitiesused by PowerTerm WebConnect Server.User/Group links, contains the definitions of all theuser-to-group links used by PowerTerm WebConnectServer.Connections, contains the definitions of all theconnection entities used by PowerTerm WebConnectServer.256

DefaultsLOG filesPut BackgroundBitmapGet FilePut FilePtDef.pts, contains the default setup attributes used byPowerTerm WebConnect clients.ByPass.pts, contains the setup attributes that willoverwrite any other setup settings. (The default filesupplied with the PowerTerm WebConnect installation isempty.)CommDef.ini, contains the default communicationattributes used by PowerTerm WebConnect clients.PtLpd.ini, is used by PtServer.exe as the defaultPowerTerm WebConnect PrintView client configurationtemplate.LoginToWebConnect.psl, is the script that runs everytime a client has successfully logged in to PowerTermWebConnect Server.The log files are circular text files. Each execution of theserver or starter opens a new log file. PowerTermWebConnect maintains backup versions of these logfiles: Server, Starter, FAILOVER History.LOG, Audit TrailTakes the specified file and creates a special file thatcan be associated as an emulation session‘sbackground.Imports files from the server to the local workstation.Exports files from the local workstation to the server.Tools MenuCommand/SubmenuToolbarButtonDescriptionRun Event Viewer - This Microsoft utility will display thepertinent log information for theserver‘s machine to which you arelogged on.Run FTP Client - Launches the FTP client, which providesa convenient way to transfer files.Run HostView - Allows you to emulate the user‘ssession and connection and therebyconduct a test on it.Run PrintView - Launches the PrintView Queues windowthat shows definition and runtime257

information on all the print queuesregistered with the server.Run RemoteView - Runs the selected RDP connection andallows you to test it.Run QuickVNC - Runs the selected VNC connection andallows you to test it.Open Application ZoneRuns the Application Zone.Run Load BalancerAdministration ToolLaunches PowerTerm WebConnect LoadBalancer Administration Tool.Open File - Enables you to open files.Options MenuCommand/SubmenuToolbarStatus BarUse Tooltips on ListHeaderUse Tooltips on ListRowsGrid Style ViewsUse Monospaced FontViewsSynchronize Updateswith the ServerUpdate Mode of theDisplayPostpone Display‘sUpdates While EditingDescriptionDisplays the toolbar providing easy accessibility forthe frequently used features of the AdministrationTool.Displays the status bar at the bottom of theAdministration Console main screen in which statusmessages and prompts can be shown.Enables tips on list header when the text istruncated.Enables tool tips on list rows when the text istruncated.Toggles the grid style mode of all the views.Toggles the mono-spaced font mode of all the views.Determines whether the actions taken by theAdministration Console are simultaneously updatingthe server. (NOTE This might slow down work,bringing it to a halt.)Determines how frequently the screen should berefreshed, i.e. immediately, time delayed, ormanually.Delays the updating of the display while you areediting the object‘s properties.258

PropertiesUse Empty DefaultPasswordView EncryptedVariable‘s ValuesDynamic ConnectionAttribute Text ColorToggles explicit empty password requirement.Toggles the encrypted variable‘s values mode of allthe views.Determines the title color of the Dynamic ConnectionAttribute fields.Help MenuCommand/SubmenuHelp TopicsChartsSend Mail to SupportAbout theAdministration ToolDescriptionLaunches the Administration Console online help.Displays the HostView, SupportView, and PrintViewclient data flow diagrams.Launches your local email application and starts a newmessage addressed to Ericom SupportDisplays the current version of Administration Tool, andEricom contact information.Information PanesThe following sections detail the fields of the various Information panes. Youcan view different types of information by right-clicking the pane.Connections PaneFieldConnection NameDisplay NameAlternate ConnectionDescriptionThe connection‘s unique name.A display name for the connection that is notnecessary unique.Specifies another connection to be used if thisconnection fails to connect to the host.259

CreatedModifiedOwnerEnabledUsage TypeTargetNetworkTerminal TypeTerminal ModelComm-TypeSecurityDate and time the connection was created.Date and time the connection was last modified.Specifies the connection‘s owner.Specifies if the connection is activated or not.Specifies how the connection will be used:Hidden, can only be activated from a login script.Child, owned by another connection.Regular, a regular connection.Owner, a regular connection which, when closed, willautomatically shut down all associated connections(child connections, connections opened by the loginscript, etc.).Specifies the connection‘s target.Specifies the connection point type.Specifies the terminal type.Specifies the terminal model.Specifies the communication protocol used by thehost. (Different protocols will display differentparameters required.)Specifies the security protocol used by the host.Users PaneFieldUser NameAlias NamePathDescriptionThe user‘s unique name.An alternative name or id for the user that is notnecessarily unique.Specifies the AD path that identifies users for260

PowerTerm WebConnect.AuthenticationCreatedModifiedRightsDefault GroupFreeAccess Limit ModeAccess FromConcurrent MachinesEnabledMax. ConcurrentSessionsMax. PrintViewQueuesHighest ReconnectModeSessions CountFirst EntranceLast EntranceLogins History CountOutput BytesInput BytesOutput MessagesSpecifies authentication type.Date and time the user was created.Date and time the user was last modified.Specifies the user‘s administrative rights.The user‘s default group.Specifies the user‘s connection accessibility.Specifies the access level.Specifies the machines or IP addresses from which theuser is allowed to access PowerTerm WebConnect.Specifies that the user is allowed to log onsimultaneously from multiple computers.Specifies if the user is active.The maximum number of concurrent sessions that theuser may have.The maximum number of PrintView queues that the useris allowed to have at any given time.Specifies the reconnect level.The total number of sessions currently being used bythe user.The date and time of the first login of the user since theserver was activated.The date and time of the last login of the user since theserver was activated.The number of logins for a particular user since theserver was activated.The total bytes of application traffic that were sent to allthe clients used by this user since the server wasactivated.The total bytes of application traffic that were receivedfrom all the clients used by this user since the serverwas activated.The total number application messages that were sentto all the clients used by this user since the server wasactivate.261

Input MessagesThe total number of application messages that werereceived from all clients used by the user.Groups PaneFieldGroup NameCreatedModifiedEnabledMax. Concurrent SessionsMax. PrintView QueuesHighest Reconnect ModeAllow Access FromActive Users CountSessions CountFirst EntranceLast EntranceDescriptionThe group‘s unique name.Date and time the group was created.Date and time the group was last modified.Specifies if the group is activated.Specifies the maximum number of concurrentsessions that the members of the group mayhave.Specifies the maximum number or PrintViewqueues that the members of the group may haveat any particular time.Specifies the reconnect level.Specifies the machines or IP addresses fromwhich the user is allowed to access PowerTermWebConnect.The total number of group members that arecurrently active.The total number of session that are currentlybeing used by the entire group.The date and time of the first login of any groupmember, since the server was activated.The date and time of the last login of any groupmember, since the server was activated.262

Client Sessions WindowFieldSIDIDUserUser‘s Alias NameGroupIP AddressMachine/AccountDomainSeat GUIDOperating SystemVersionLicenseViaTypeAuthentication ModeSecurityActingConnection TargetStarted atReconnect ModeDescriptionSession identification as specified by the remote client.Unique internal identification.The session user‘s unique name.An alternative name or id for the session user that is notnecessarily unique.The group currently associated with the session.The remote client‘s IP address.The remote machine‘s name and the user‘s accountname in the remote operating system.Specifies the client‘s domain.Specifies the client‘s workplace ID.The operating system used by the client.Specifies the PowerTerm WebConnect client‘s currentversion.Specifies the license number.The connection point through which the remote clienthas connected to the server.An asterisk (*) after ‗ActiveX‘ indicates that the server isused as a gateway between the host and the remoteclient.Specifies authentication type.The security type used between the remote client andthe host.The text name that reveals the target to which the clientis connected.Specifies where the client is connected to.Date and time of when the client started the connection.The user‘s reconnect level.263

Reconnect Up-ToReconnects CountLast OutputLast InputOutput BytesInput BytesOutput MessagesInput MessagesOutput Packet Max.SizeInput Packet Max.SizeChannel Input Max.SizeGateway Input Max.Buffered I/O CountThe maximum times the client can try to reconnect.The amount of times the client tried to reconnect.Date and time of last transmission output.Date and time of last transmission input.The total bytes of application traffic that were sent tothe session.The total bytes of application traffic that were receivedfrom the session.The total of application packets that were sent to thesession.The total of application packets that were received fromthe session.The maximum size of an output packet.The maximum size of an input packet.The maximum packet size that has passed through thechannel.The maximum packet size that has passed through thegateway.The number of bottlenecks that resulted from sendingdata to the session.Administrative Sessions WindowFieldUserUser‘s Alias NameIDIP AddressMachine/AccountDescriptionThe session user‘s unique name.An alternative name or id for the session user that isnot necessarily unique.The user‘s ID.The user‘s IP address.The remote machine name and the user‘s account264

name in the remote operating system.DomainSeat GUIDOperating SystemViaAuthentication ModeActingStarted atReconnect ModeLast OutputLast InputOutput BytesInput BytesOutput MessagesInput MessagesOutput Packet Max.SizeInput Packet Max.SizeChannel Input Max.SizeGateway Input Max.SizeBuffered I/O CountReconnect Up-ToReconnects CountSpecifies the administrator‘s domain.Specifies the administrator‘s workplace ID.The operating system used by the administrator.The connection point through which the remoteclient has connected to the server.Specifies authentication type.The text name that reveals the target to which theclient is connected.The date and time of client‘s login to the server.The user‘s reconnect level.Date and time of last transmission output.Date and time of last transmission input.The total bytes of application traffic that were sentto the session.The total bytes of application traffic that werereceived from the session.The total of application packets that were sent to thesession.The total of application packets that were receivedfrom the session.The maximum size of an output packet.The maximum size of an input packet.The maximum packet size that has passed throughthe channel.The maximum packet size that has passed throughthe gateway.The number of bottlenecks that resulted fromsending data to the session.The maximum times the administrator can try toreconnect.The amount of times the administrator tried toreconnect.265

Terminal Server SessionsFieldUser NameUser‘s Alias NameTerminal ServerSession IDStatusTS DomainTS UserCommand LineFirst Connection NameWebConnect ServerDescriptionThe session user‘s unique name.An alternative name or id for the session user thatis not necessarily unique.Specifies the connectedThe terminal server unique id number.Specifies if the connection is active ordisconnected.The terminal server‘s domain name.The terminal server‘s user name.Specifies RemoteView‘s command line.The name of the application that first started thesession.Specifies through which PowerTerm WebConnectserver the application is connected.PrintView Queues WindowFieldQueue NameUser NameUser‘s Alias NamePrintView Client IDEnabledDescriptionThe name of the PrintView queue.The name of the user.An alternative name or id for the user that is notnecessarily unique.Specifies the client‘s ID.Indicates if the queue is activated.266

Routed CommandsRouted BytesFirst CommandLast CommandThe number of jobs that the queue received.The number of bytes routed through the server.The time of the first command that was received fromPowerTerm WebConnect Server for this queue.The time of the last command that was received fromPowerTerm WebConnect Server for this queue.Machines WindowFieldIP AddressNameOS AccountSeat GUIDIntruders CountSessions CountFirst LoginLast LoginLogin HistoryCountLost Logins CountDescriptionThe remote client‘s IP address.The machine name.The user‘s account name in the remote operating system.Specifies the machine‘s workplace ID.The number of intruders currently detected.The total number of sessions that are currently beinglogged in from this machine.Date and time of the first login from this machine.Date and time of the last login from this machine.The number of logins.The number of unintentionally disconnected logins.Intruders WindowFieldUser NameDescriptionThe intruder‘s user name.267

MachineReasonAttempts CountIntrusions CountFirst AttemptLast AttemptThe intruder‘s machine name.The reason the intruder was detected.The number of times an intruder attempted to login toPowerTerm WebConnect Server.The number of times the intruder was punished forattempting to enter the system.The date and time of first try to enter the system.The date and time of last try to enter the system.Properties DialogsUser Properties DialogFieldUser NameAlias NameActive Directory PathDescriptionThe user‘s unique name.An alternative name or id for the user that is notnecessarily unique.Identifies users for PowerTerm WebConnect.268

Use Network PasswordPasswordAvailableGroups/UnlinkedConnectionsUser‘s Groups/User‘sConnectionsEnabledFree UserAllow ConcurrentMachinesMax. ConcurrentSessionsMax. PrintView QueuesRightsHighest Reconnect ModeAccess Limit ModeAllow Access FromEnvironment VariablesSettingsMemoSessionsHelpSpecifies that PowerTerm WebConnect Serverauthenticates the user with the network.Specifies a user password, unique for PowerTermWebConnect Server.Lists all the groups and free connections that theuser can be a member of.Lists all the groups and connections affiliated withthe user.Activates the user. (Only active users can connectto the server.)Allows the user to connect to any accessible hostand to specify connection properties.Allows the user to log on simultaneously frommultiple machines.Specifies the maximum number of concurrentsessions the user may have.Specifies the maximum number or PrintViewqueues the user may have at any particular time.Specifies the user‘s administrative rights, if at all.Specifies the reconnect level.Specifies the access level.Specifies the machines or IP addresses from whichthe user is allowed to access PowerTermWebConnect.Specifies variable names and associated values forthe specific user.Opens the Terminal Setup dialog to modify clientsettings for the user.Opens a text file to enter free-form informationabout the user.Opens the Sessions information pane for the user.Opens PowerTerm WebConnect AdministrationConsole online help.269

Group Properties DialogFor a more detailed description of the features, see chapter Error! Referenceource not found..SettingGroup NameInternal IDAvailable Users/UnlinkedConnectionsGroup‘s Users/Group‘s ConnectionsEnabledMax. Concurrent SessionsMax. PrintView QueuesDescriptionThe group‘s unique name.An alternative name or id for the userthat is not necessarily unique.Lists all the users and free connectionsthat can belong to the group.Lists all the users and connectionsaffiliated with the group.Activates the group.Specifies the maximum number ofconcurrent sessions the members of thegroup may have.Specifies the maximum number orPrintView queues that the members of270

the group may have at any particulartime.Highest Reconnect ModeAllow Access FromEnvironment VariablesSettingsMemoSessionsHelpSpecifies the reconnect level.Specifies the machines or IP addressesfrom which the user is allowed to accessPowerTerm WebConnect.Specifies variable names and associatedvalues for the group members.Opens the Terminal Setup dialog tomodify client settings for the groupmembers.Opens a text file to enter free-forminformation about the group.Opens the Sessions information pane forthe group.Opens PowerTerm WebConnectAdministration Console online help.271

Connection Properties DialogFieldConnection NameDisplay NameEnabledUsage TypeOwnerDescriptionThe connection‘s unique name.A display name for the connection that is not necessaryunique.Activates the connection.Specifies how the connection will be used:Hidden, can only be activated from a login script.Child, owned by another connection.Regular, a regular connection.Owner, a regular connection which, when closed, willautomatically shut down all associated connections(child connections, connections opened by the loginscript, etc.).Specifies the connection‘s owner.272

Alternate ConnectionLD GroupsCategoryTerminal TypeTerminal ModelCommunication TypeNetwork NameEnvironmentalVariablesSettingsKey MappingPower PadLogin ScriptMemoHelpSpecifies another connection to be used if thisconnection fails to connect to the host.Opens the Add/Remove Objects for New Connectiondialog.Specifies whether the connection belongs to a legacyhost or to an SBC resource using RDP or VNC protocols.Specifies terminal emulation type.Specifies terminal emulation model.Specifies the communication protocol used by the host.(Different protocols will display different parametersrequired.)Specifies the connection point type. Network names aredefined in the PtServer_Connections.ini file. The threepredefined modes are:Gateway, connections accesses the host via Gatewaymode.No Gateway, connections accesses the host via Directmode.Public, connections accesses the host via Gatewaymode if Reconnect is used. Otherwise connections willaccess the host via Direct mode.Specifies variable names and associated values for theconnection.Opens the Terminal Setup dialog to modify clientsettings for the connection.Opens the Keyboard Mapping dialog to enable mappingkeys with desired character or script.Opens the Power Pad & Function Buttons dialog todefine Power Pad and Function buttons.Opens the Login Script.psl in Notepad to be edited as atext file.Opens a text file to enter free-form information aboutthe connection.Opens PowerTerm WebConnect Administration Consoleonline help.273

Server Configuration DialogSettingClient Inactivity TimeoutDefault Reconnect ModeSessions: MaxSessions: DefaultPrintView Queues: MaxPrintView Queues: DefaultAdministrator Auto RefreshFreq.Intruders: Max. AttemptsDescriptionSpecifies the inactivity timeout for all clients.Specifies the default reconnect level.Specifies the maximum session limit for allclients.Specifies the default session limit for allclients.Specifies the maximum number ofRemoteView queues that a user is allowed tohave at any given time.Specifies the default RemoteView queue auser is allowed to have at any given time.Specifies the time interval for theAdministration Tools auto refresh feature.The number of times a user can try to loginbefore it is considered to be an intruder.274

Intruders: Disable TimeoutDefault GroupBackground Bitmap File NameUnlinked ConnectionsServer‘s ConnectionsEnvironment VariablesSpecifies the amount of time in minutes thatPowerTerm WebConnect Server refuses tologin a valid user after detecting an intruder.Specifies the default group for users thathave no specified default group on userlevel.Sets a background bitmap for clients thatsupport this feature.Lists all the free connections that can belongto the server.Lists all the connections affiliated with theserver.Specifies variable names and associatedvalues for the server.Settings Dialog (for Emulation Clients)Emulation, displays supported terminal emulations and enablesyou to select a terminal type.General, defines parameters for the terminal emulation type.275

Display, (non-IBM emulations only) defines display settings for theemulation window.Keyboard, defines keyboard setup parameters.Printer, defines printer parameters.Tabs, (VT emulations only) defines tab stops in the work area.Colors, defines color settings for the emulation window.NOTE The Emulation type that you select changes the tabs (property pages)displayed in the Terminal Setup dialogGeneral tabOptionNRC SetUPS SetDescriptionDetermines the communication and keyboardcharacter set for 7-bit data only.Determines the communication and keyboardcharacter set for 8-bit data only8 bit Controls This option is only enabled when UPS Set isspecifies as Code Page 437 and up.Disable, determines if 0x80 to 0xAF are displayedcharacters.Enable, determines if 0x80 to 0xAD are controlcharacters.0x9B, all characters are displayed character except0x9B, which is a control character.OnlineNew LineCR->CRLFUse 8 Bit Data CharactersUser Defined Keys LockedEquivalent to Terminal | On Line (Off Line).Determines whether the key generatesonly a carriage return or a carriage return/line feecombination.Adds a line feed after each single carriage return(one that has no line feed following it) when inslave printing mode.Select this parameter if the communication data isin 8-bit character format. Clear it for 7-bitcharacters. When cleared, the 8 th bit is truncated.If you receive 7-bit data, you can convert it to 8-bit data for printing on the slave printer.Determines whether applications on the hostsystem can override your user-defined keys276

(UDKs) when you have defined a function key thatconflicts with how the host wants to use this key.UDKs let you use a single key for multiplekeystrokes. 256 bytes are available to program the15 UDKs. The key definitions are loadedsequentially (from F6 to F20) so that if you reachthe 256-byte limit, more definitions cannot beloaded.Locked, prevents UDKs from being overridden.Unlocked, allows UDKs to be overridden.Cursor KeysKeypadCursor couplingStatus LineLabel LineShow Response TimeDetermines the behavior of the four arrow keys.Normal, generates ANSI-standard controlsequences for moving the cursor.Application, generates modify application programfunctions.Determines the effects of the numeric keypad onyour keyboard.Numeric, keypad keys insert number.Application, keypad keys generate controlsequences that can be used by some applications.NumLock, enables or disables the NumLockkeyboard function in respect to the above Numericand Application modes.Vertical, determines whether the user window panswith the cursor when the cursor moves past thetop or bottom border of the user windows.Page, determines if a new page appears in thedisplay when the cursor moves to a new page.None, displays an emulation screen without thestatus line.Indicator, displays the status line.Host Writable, displays the status line sent by thehost.Displays a status line on the top and bottom line ofthe emulation screen.Displays the number of seconds that elapsedbetween the time data was sent to the host andthe host response time.277

ID$=5BCursor RulerCursorAppearanceHLLAPI NamesCode PageAlternate SizeDetermines the ID returned by the emulationprogram to the host. Make sure the ID isunderstood by the host application.Determines whether the character 5B represents a‗$‘ or a cents sign.For RTL languages only.Select Visible to display full-screen, vertical orhorizontal lines a as cursor ruler (cross hair guide).Cross Hair, displays the cursor ruler as a horizontaland vertical line.Horizontal, displays the cursor ruler as a horizontalline only.Vertical, displays the cursor ruler as a vertical lineonly.Controls the cursor appearance and functionality:Block/Underline/Visible/Blink, controls the cursorappearance.Ins Change, when selected it enables toggling thecursor between underline and block appearance,by clicking the Ins (insert) button.Power GUI, displays data in a window with 3D look& feel. Use system fonts larger than 10 pt forbetter results.Show Frame, places a frame around the text areaof the emulation.Specifies the name of an HLLAPI session.Short/Long, enables you to specify the short andthe long HLLAPI nameSpecifies the host and PC/Terminal (keyboard)terminal character sets.Enable, select to override the terminal alternatesize with a specific size.Rows/Columns, type the required number.Display tabOptionDescription278

Reverse Display ColorsAuto-wrap CharactersHistory Scroll BarCursor RulerCursorCtrl CharactersPower GUIShow FrameDimensionsReverses the text and background colors in thework area.Wraps words at the end of a line and the cursormoves to the next line.Displays the vertical history scroll bar along theright edge of the emulation screen, which enablesyou to scroll through the data displayed previouslyon the screen. Selecting Clear History from the Editmenu can erase the History buffer.Select Visible to display full-screen, vertical orhorizontal lines a as cursor ruler (cross hair guide).Cross Hair, displays the cursor ruler as a horizontaland vertical line.Horizontal, displays the cursor ruler as a horizontalline only.Vertical, displays the cursor ruler as a vertical lineonly.Controls the cursor appearance and functionality:Block/Underline/Visible/Blink, controls the cursorappearance.Ins Change, when selected it enables toggling thecursor between underline and block appearance, byclicking the Ins (insert) button.Display, displays the control characters.Interpret, performs the regular terminal behavior asaffected by control characters.Displays data in a window with 3D look & feel. Usesystem fonts larger than 10 pt for better results.Places a frame around the text area of theemulation.Determines the number of characters (columns) perdisplayed line, and the number of lines to bedisplayed in the work area. Characters are scaledaccording to the selected values. Type a differentvalue in the Other box instead of choosing one ofthe standard options (80 and 13).Limit Font Size, allows PowerTerm fonts to use onlythe optimal font size, especially for frames.279

Not recommended for normal text on large screens.ScrollingEnabling Soft FontsDetermines the pace at which data is displayed inthe work area as it arrives. If you select Jump, youshould also determine the Jump Scroll Speed that ismeasured in number of line units where the higherthe value, the faster the scrolling.Unlimited, displays data without delayingcommunication.Page, scrolls data by full screens.Smooth, is equivalent to a Jump Scroll Speed of 1.Enables you to work with VT soft fonts. The fontswill be loaded from the host application.Keyboard tabOptionCapslock ModeBackspace Key SendsDeleteBackspace DeletesAuto RepeatKey ClickWarning BellDescriptionDetermines the behavior of the Caps Lock key.Caps (Unix), locks alphabet keys on main keypad inuppercase.Shift, locks alphabet and numeric keys on mainkeypad in shift setting. Pressing the shift button onyour keyboard will release shift-lock mode.Reverse (Win), has the same behavior as CapsLock, however pressing the shift button on yourkeyboard reverses the caps operation.Always On, enables you to toggle to a differentapplication and turn Caps Lock mode off. On returnto the emulation client it will automatically revert toCaps Lock on.Determines whether the key sends‗Delete‘ or an actual backspace.Select to delete characters by pressing the key on the keyboard.Repeatedly displays the character which key isbeing continuously pressed down.Gives off a click sound when you press a key on thekeyboard.Determines whether the terminal sounds a bell tone280

when receiving the ―bell‖ (ASCII 7) character. (Foroperating errors, mail messages, etc.)Margin BellLock Numeric FieldsTypeaheadAutomatic Reset KeyNumpad Decimal SendsCommaUse Emulator Alt KeysLocal EchoUse VT Keyboard ModeNon SNA System WaitAnswerback MessageDetermines whether the terminal sounds a bell tonewhen the cursor reaches the right margin.Determines whether the keyboard is locked whenyou try to enter non-numeric data.Types data ahead, before the host responds.If the keyboard is locked, a reset key sequence isgenerated prior to when you click on the tab key toadvance to the next field.Specifies that the Numeric Pad‘s decimal key sendsa comma instead of a decimal.Select to make an key perform the terminaloperation even if Windows OS has an operationmapped to the same key.Determines whether keyboard input is displayed(echoed) on your screen.Select, to display the keyboard input even if thehost system does not echo your input.Clear, to send the keyboard input to the hostsystem without being displayed on the screen(unless, invariably, the host system automaticallyechoes the characters).Changes your keyboard into a Digital VT keyboardmode. In this mode, the PC keyboard operates asclose to a VT keyboard as possible, and takes fulladvantage of LK450 Digital keyboards.Determines whether the System Wait in the IBM3270 emulation will act as a System Wait in a non-SNA terminal.Specifies an answerback message and its display.Clear, deletes its message.Conceal, hides the message without deleting it.Printer tabOptionPrint DeviceDescriptionAllows you to select a printing output channel.281

None, no destination was assigned. The DeviceName is disabled. Printer data is received by theterminal, but discarded (not printed).Device, senses printing to the device youdesignate in the Device name text box. This can bea device such as COM1, COM2, COM3, etc. in theDevice Name text box, you can also specifycommunication parameters, for example: COM1:9600,8File, sends printing to the file specified in the FileName text field.AUX, sends printing to the auxiliary port.Append Form FeedLF -> CRLFPrint Line Graphics asTextDevice NameFile NamePrint Screen DataConversionSlave Printer DataConversionSlave Printer Job DelimiterAdds a form feed (page eject) after each printingjob.Adds a line feed after each single carriage return(one that has no line feed following it) when inslave printing mode.Converts line graphics to text. This speeds upprinting on a slow dot-matrix printer.Specifies the printing device. Enabled when youselect Device in Print Device.Default: LPT1Specifies the file name. Enabled when you selectFile in Print Device.File Creation, determines whether you wantAppend or Overwrite mode.Converts data to Host or UTF-8 character sets orprints in Graphics mode.None, does not convert data.Text mode is designated by selecting Host, UTF-8character sets or None.Converts data to Host or UTF-8 character sets orprints in Graphics mode.None, does not convert data.Text mode is designated by selecting Host, UTF-8character sets or None.Specifies the job delimiter character that will divide282

the data into print jobs, thus disabling the escapesequences arriving from the host application.Delay for Print Closing(Seconds)The command to close the printer queue is delayedby the number of seconds that you determine. Thiscommand only takes effect if no open command isissued in the meantime. Important for printing tocut sheet printer (for example, inkjets/lasers) andnetwork printers.Tabs tabOptionTabs StopsSet EveryClear AllDescriptionClick anywhere within the Tab Stops area to set tab stopsmanually.Sets the tab stops at even intervals according to thenumber specified in the adjacent field.Clears all tab stops.Colors tabOptionPreview boxEnable UnderlineEnable BlinkColoring methoddropdown listDescriptionShows the result of your selections.Enables underlined characters.For data transmitted from the host with the Underlineattribute, clear to disable displaying data with theunderline.Enables blinking.For data transmitted from the host with the Blinkattribute, clear to disable blinking data.Default, uses the default color type for each emulationtype:-VT and Siemens – Attribute & ANSI colors-ANSI and HP – ANSI colors-All others – Attribute colors (i.e. not affected bysetting to a different value).Attribute, colors based on the attributes. For example,you can select different colors for bold, for underline,and for bold/underline.ANSI, colors based on host-defined colors. Forexample, the host sends ―red foreground on blue283

ackground‖ however you can select the default ANSIcolor. Different attribute do not affect colors.Attribute & ANSI, uses both Attribute and ANSI colorsas explained above.Column SeparatorANSI 8 Color ModeColor FrameSelect AttributeTextBackgroundBitmap FilenameDisplays a period as a column separator in fields withthe column separator attribute.A regular terminal has 16 colors (8 colors with theBold attribute applied to them and 8 colors without).The Background color never has the bold attribute(therefore it is ―dark‖) while the Text (foreground) isalways mapped to the color with the Bold (bright,light) attribute.Selected, each entity (text, background) can have anyof the 8 colors mapped to them.Cleared, each entity (text, background) can have anyof the 16 colors mapped to them.Select to draw a frame on the screen.Select the attribute for which you want to defineforeground and background colors. Attributes changeaccording to the emulation type you selected in theConnection properties dialog. Generally, the attributeof the entire screen is Normal. The color for theNormal attribute determines the color of the entirework area.Select the color that will apply to the text (foreground)of the display.Select the color that will apply to the background ofthe text.Specify a bitmap file as the screen background.284

31. APPENDIX C – TECHNICAL SUPPORTError MessageReason1) The address of the applicationshortcut does not match that ofthe Application Zone or Portal.Check that the Comportal.iniAddress= field contains thecorrect PTWC address.2) There is secondary ticket loginattempt performed byApplication Portal (although theuser is already logged in).3) The network socket has changed(i.e., a VPN is established to thesame network) - restore theoriginal connection or log offEricom and relogin.1) The WebConnect Server is down2) The WebConnect Server is notreachable3) The WebConnect server is now inFailover modeThe VDI desktop that is being accessedis not in a Pool. Add the desktop to anew or existing poolOnly one user can be logged intoApplication Zone on a system. In thismessage, the user ―Example‖ is tryingto logon from a system where anApplication Zone is already running foranother user.The user is connected to a WebConnectserver in Failover mode and the shareddatabase is no longer available. Restorethe shared database to resolve.The Downloads directory is inaccessible.Verify that the directory is reachablefrom the WebConnect Server service.The credentials entered are notauthorized, verify the spelling of theusername and password.285

Technical Support Debug LogsHINTEnding the log at the point where the problem occurs will expedite thetroubleshooting process. If Ericom Support cannot identify the occuranceof the problem, new logs will be requested.PowerTerm WebConnect ServerIn the event of problems related to the PowerTerm WebConnect Server (i.e.,connections are lost) the PtServer.log debug log is required for EricomSupport to diagnose the issue.To create the debug log, open the Main Configuration (PtServer.ini) andmodify the LogFlags parameter; all values are separated by a space.Values used to track user activity: Run, Load, Clients, Connect and PrintView,Values used for debugging purposes: DbgLoadConn, DbgLoadGroup,DbgLoadUser, DbgLogin.PowerTerm WebConnect ClientIn the event of problems related to the PowerTerm WebConnect client (i.e.,applications are not being launched) the ptagent.log and ptrdp.log is requiredfor Ericom Support to diagnose the issue.To create the debug log, add the parameter /LOG to the ptagent commandline or HTML. The ptagent.log will be created upon login, and the ptrdp.logwill be generated upon launching of a published application or desktop. OnWindows 7, the logs are located at C:\Users\\AppData\Local\EricomPowerTerm Terminal Server AgentIn the event of problems related to the TS Agent (i.e., seamless windows arenot appearing properly) a debug log is required for Ericom Support todiagnose the issue.To create the debug log, the following Registry keys must be updated:LogLevel – set to ‗F‘LogFolder – by default this key is not present in the Registry andis set to %USERPROFILE%.NOTE To make the log files easier to find, set the LogFolder toC:\Temp\%USERPROFILE%. Make sure that all users being logged havewrite access to C:\Temp or the configured directory.286

PowerTerm Load BalancerIn the event of problems related to the Load Balancer (i.e., one TS server isnot receiving connections), send the PtLoadBlanacerServer.log and theLoadBalancer.XML file to Ericom Support for review. Specify the names of theaffected servers.Error messageThe connection to the LoadBalancer has been lost.Failed to add the server.Host is not found.ExplanationThe Load Balancer Server service may havestopped. Restart the service.A server with the same address exists.The server that was specified does not exist.Reporting issues to Ericom Technical SupportTo expedite handling of technical support requests, send the followinginformation in the initial request correspondence.1. Send relevant logs based on the nature of the problem (i.e., ptrdplog for client related problems or tsagent.log for seamless windowappearance issues).2. Send the Main Configuration file (ptserver.ini). For VDI users,send the Database.XML file.3. Provide the steps to reproduce the problem. If the problem isaffecting only a certain application, provide a download link to anevaluation version of the application so Ericom Support may loadit for testing and verification.4. Provide a recording of the problem if possible.5. Provide bitmaps of any error messages or the problem itself.6. Inform Ericom Support if the problem is widespread to all users, oronly affecting certain users. If just certain users, is there acommon characteristic among the users (i.e., part of the sameActive Directory OU).7. Email all pertinent information requested above totech.support@ericom.com and a support ticket will be generated.Any missing information will result in a delay in handling of theticket as more information may be requested.287

About EricomEricom ® Software is a leading provider of Application Access and VirtualizationSolutions. Since 1993, Ericom has been helping users access business-criticalapplications running on a broad range of Microsoft ® Windows ® TerminalServers, Virtual Desktops, Blade PCs, legacy hosts, and other systems. Ericomprovides concrete business value by helping organizations realize the benefitsof their IT investments. With offices in the United States, United Kingdom,EMEA, India and China, Ericom also has an extensive network of distributorsand partners throughout North America, Europe, Asia, and the Far East. Ourexpanding customer base is more than 30 thousand strong, with over 7million installations.For more information on our products and services, contact us at the locationnearest to you. Code: Doc180610And visit our web site: http://www.ericom.comNorth America Western Europe InternationalEricom Software Inc. Ericom Software (UK) Ltd. Ericom Software Ltd.231 Herbert Avenue, Bldg. #4 11a Victoria Square 8 Hamarpeh StreetCloster, NJ 07624 USA Droitwich, Worcestershire Har Hotzvim Technology ParkTel +1 (201) 767 2210 WR9 8DE United Kingdom Jerusalem 91450 IsraelFax +1 (201) 767 2205 Tel +44 (0) 845 644 3597 Tel +972 (2) 591 1700Toll-free 1 (888) 769 7876 Fax +44 (0) 845 644 3598 Fax +972 (2) 571 4737Email info@ericom.com Email info@ericom.co.uk Email info@ericom.com288