Get a new Trial Serial Number

This option will allow you to request a 30 day trial license with unlimited access. You will be prompt to enter a valid name and e-mail address.

Once you filled this information hit 'Next' and check your in-box for the serial key.

Read More:

· Proxy Activation

· Activate a Serial Number Online

· Activate a Serial Number Offline

This help system was created with an evaluation copy of Help & Manual.

7.1.2.1.3. Activate a Serial Number Online

This is how the "Activate a Serial Number Online" windows looks:

E-mail

Enter the e-mail address you've registered with.

Seria

Enter the serial information we provided you.

Licensing Server URL

If you installed the License Server administrator, enter the License Server URL. Otherwise leave this blank.

If the license information is incorrect, you will see this warning: "The license information is invalid". In this case, please verify the following:

- That you are entering the exact email and Serial number sent to you. The best practice to do this correctly is to copy - paste it, being careful not to include any space after or before.

- That you have a working internet connection. If you intend to install it in a machine with no internet connection, you can try the Manual Activation. If you have internet restrictions because of a proxy, try the Proxy Activation.

If you need additional help, contact us.

If the license information is correct, the License Manager will let you know that "The new license has been installed successfully" and its information will be show in the License Manager.

Read More:

· Proxy Activation

· Get a new Trial Serial Number

· Activate a Serial Number Offline

This help system was created with an evaluation copy of Help & Manual.

7.1.2.1.4. Activate a Serial Number Offline

Manual Activation is an activation option only for those cases when you want to activate Thinfinity® VirtualUI in a machine that has no internet connection, or an internet connection restricted by heavy security policies that block a regular activation.

· If you haven't tried a regular activation, follow these instructions: Activate a Serial Number Online.

· If your internet restrictions are caused by a proxy, follow these instructions: Proxy Activation.

Before you continue with the steps to perform a manual activation, please contact us.

Once you've selected Activate a Serial Number Offline. You will see the following pop up:

Serial

Enter the license Serial number to generate the manual activation key

Generate Manual Key

After you have entered the serial number, press this button to generate the Manual Activation Key.

Manual Activation Key

Manual License

The support team will reply with the Manual License, a code that you will enter in the field above.

Next

Press this button once you have performed the previous steps to complete your license activation.

Read More:

· Proxy Activation

· Get a new Trial Serial Number

· Activate a Serial Number Online

This help system was created with an evaluation copy of Help & Manual.

7.2. Production Server

Thinfinity VirtualUI Server Manager is a tool to administrate the Thinfinity VirtualUI Server. From its interface you can manage applications profiles, permissions and other settings related to Thinfinity VirtualUI Server.

When in development mode, a very similar tool called Development Server Manager is used.

To access Thinfinity VirtualUI Server Manager go to the Start Menu and look for the 'Thinfinity VirtualUI Server Manager' shortcut.

Its main menu has two sub-menus:

File Menu:

The File Menu is composed of the following options:

Save

Click to save any change done on the system Settings.

Exit

Click on this option to exit Thinfinity VirtualUI Server Manager.

Help Menu:

The Help Menu is composed of the following options:

Help

Takes you to the application online guide.

Buy

Takes you to the Cybele Software Buy page.

About Thinfinity VirtualUI

Click on the About to see the application version and build number.

Show Log:

The 'Show log' button in the bottom of the Thinfinity VirtualUI manager will open a file where the server activities, such as connecting and disconnecting, are logged.

Read more:

· The 'General' Tab

· The 'Gateways' tab

· The 'Sessions' tab

· The 'Applications' tab

· The 'Licences' tab

This help system was created with an evaluation copy of Help & Manual.

7.2.1. General

This is how the Thinfinity VirtualUI Server Manager looks in a Standard Mode installation. You will find the following options:

Bind to IP

Use this option to restrict access to the service to one specific IP address. The 'All unassigned' option allows access through all the available IP addresses.

Protocol

Choose between the HTTP and HTTPS protocol.

Port

Choose which port will Thinfinity VirtualUI Server be listening on. If the port is not available, you will see an error message on the status bar.

Show Log

Press to open the file with the Thinfinity VirtualUI log.

Always remember to press 'Apply' in order to save the changes.

Read more:

· Configure HTTP Error Responses

· Managing the SSL Certificate

· HTTPS Security Settings

· The 'Gateways' tab

This help system was created with an evaluation copy of Help & Manual.

7.2.1.1. Configure HTTP Error Responses

You can access configuration for the HTTP Error response pages by pressing this button:

which you will find in the Server Manager General tab, when the protocol is set to HTTPS.

You will be presented with the following dialog:

Status Code

This numeric code indicates the status of the response when a browser tries to access content in Thinfinity VirtualUI. The error responses may be displayed in the client browser.

The HTTP status code may indicate whether a request is successful or unsuccessful, and may also reveal the exact reason that a request is unsuccessful.

Path

Shows the path to the error file that will show in case of a particular status code. The default path is the 'web' directory in the Thinfinity Virtual installation directory.

Type

Shows the Thinfinity VirtualUI action in the event of an error status code:

- Send file: Thinfinity VirtualUI will show an error page located physically in the server's computer.

- Redirect: Thinfinity VirtualUI will redirect the page to any web page indicated in the configuration.

Add

Press this button to add a new Custom Error page. Read more about this below.

Edit

Press this button to edit an existing Custom Error Page. Read more about this below.

Remove

Press this button to remove a selected Custom Error Page.

If you choose to add or edit a Custom Error Page, you will be presented with the following dialog:

Status Code

Enter the Status Code number that you want to configure.

Response Action

Choose whether Thinfinity VirtualUI will show a page that is stored locally or will redirect the user to another web page.

Insert Content from file into the error response

Choose this option if you want Thinfinity VirtualUI to show a static page locally stored in your Thinfinity VirtualUI server. Complete the file path by selecting the file you want to show with the button.

Response with a 302 redirect

Choose this option if you want Thinfinity VirtualUI to redirect users to a web page. Type the Absolute URL to this web page in the field below

Press OK to save the changes.

Read more:

· Managing the SSL Certificate

· HTTPS Security Settings

· The 'Gateways' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.1.2. Managing the SSL Certificate

An SSL certificate is an effective way to secure a website against unauthorized interception of data. At its simplest, an SSL Certificate is used to identify the website and encrypt all data flowing to and from the Certificate holder's web site. This makes all exchanges between the site and its visitors 100 percent private.

Access the SSL certificates configuration by pressing this button:

you will find it in the Server Manager General tab when the protocol is set to HTTPS.

Managing the SSL Certificate

A valid SSL certificate is included with the Thinfinity VirtualUI Server installation. This allows you to encrypt all communications with the product's default certificate. However, browsers will tipically show a security warning. Your communications are encrypted, but the browser notices the name on the certificate is not your company's. You may want to create your own certificate to identify your company and avoid this.

1. There are two ways of creating your own SSL certificate:

a. Creating A self-signed certificate

b. Using A CA Certificate

2. Once you already have your certificate files, go to the Thinfinity VirtualUI Server Settings 'General' tab.

3. Click on the 'Manage Certificate' option.

4. On this screen you should inform the location of the certificate files, as follows:

Certificate File

Inform the path to the certificate file.

CA File

If the certificate is issued by a unknown CA, you should fill in the pathname to the CA certificate.

Private Key

You should inform the pathname to the certificate private key file.

Pass Phrase

Inform the password that was used, if any, when the private key was generated.

Note: The path names can be absolute (C:\MyCertPath\UserThisCert.pem) or relative to the path where Thinfinity VirtualUI Server is installed (\cert\UserThisCert.perm).

Read more:

· The Default Embedded Certificate

· A Self-Signed Certificate

· A CA Certificate

· HTTPS Security Settings

· The 'Gateways' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.1.2.1. The Default Embedded Certificate

A certificate called "self-signed.pem" is included with the Thinfinity VirtualUI Server installation. You will find it inside the \cert directory, located inside the Thinfinity VirtualUI Server application path.

If you want to use this default certificate you should have the files set as the image below:

You'll find these settings inside the Thinfinity VirtualUI Server Settings 'General' tab, by clicking on the 'Manage certificate' button.

Because this certificate is not issued by a known Certificate Authority (CA), the web browsers will warn you they can not verify its authority.

Read more:

· A Self-Signed Certificate

· A CA Certificate

· HTTPS Security Settings

· The 'Gateways' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.1.2.2. A Self-Signed Certificate

This option is used to create your own self-sign certificate.

1. Go to the Thinfinity VirtualUI Server Settings 'Security' tab.

2. Press the 'Manage certificate' button.

3. Press the 'Create a self-signed certificate' button.

4. Fill in the form below with your organization data:

Country Code

The two letter country code of the International Organization for Standardization (ISO 3166)

State

Full unabbreviated name of the state or province your organization is located.

Locality

Full unabbreviated name of the city where your organization is located.

Organization

The name your company is legally registered under.

Organizational Unit

Use this field to differentiate between divisions within an organization.

Common Name

The domain name or URL you plan to use this certificate with.

E-Mail Address

Company e-mail address.

Bits

We recommend using a 2048 length key.

5. The 'Common Name' field should be filled with the server+domain that will be used to access Thinfinity VirtualUI Server (ThinfinityVirtualUI.mycompany.com).

6. Press 'Create'.

7. Select the location where you want the certificate to be stored.

8. The application will start using this self-signed certificate created by you.

Because this certificate is not issued by a known Certificate Authority (CA), the web browsers will warn you they can not verify its authority.

Read more:

· A CA Certificate

· HTTPS Security Settings

· The 'Gateways' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.1.2.3. A CA Certificate

In order to use this option you will have to get a certificate from a known Certificate Authority (CA). Some CA examples are GoDaddy, VeriSign, Thawte, GeoTrust and Network Solutions.

The CA will ask you for a "certificate request". Create one following the next steps:

1. Go to the Thinfinity VirtualUI Server Settings 'Security' tab.

2. Press the 'Manage certificate' button.

3. Click on the 'Create a certificate request' button.

4. Fill in the form below with your organization data:

Country Code

The two letter country code of the International Organization for Standardization (ISO 3166)

State

Full unabbreviated name of the state or province your organization is located.

Locality

Full unabbreviated name of the city where your organization is located.

Organization

The name your company is legally registered under.

Organizational Unit

Use this field to differentiate between divisions within an organization.

Common Name

The domain name or URL you plan to use this certificate with.

E-Mail Address

Company e-mail address.

Bits

We recommend using a 2048 length key.

5. The 'Common Name' field should be filled with the server+domain that will be used to access Thinfinity VirtualUI server (ThinfinityVirtualUI.mycompany.com)

6. Press 'Create' and the application will generate two files.

7. The first window will ask you for a location to keep the private key file: "Where do you want the private key file to be stored".

a. Inform a name for your private key.

b. Select a place to keep it safe.

c. Press the 'Save' button.

8. The second window will ask you for a location to keep the request file: "Where do you want the request file to be stored.".

a. Inform a name for the request file.

b. Select a directory where you can find the file later on to send to the CA.

c. Press the 'Save' button.

9. The first file is the certificate private key. It should always be kept safe with you.

10. Send only the request file to the CA.

After the CA validation process, place the certificate they sent to you in the Thinfinity VirtualUI Server cert directory and inform the path to the files on Thinfinity VirtualUI Server Manager, Manage Certificate option (Certificate file, CA file and Private Key).

Read more:

· HTTPS Security Settings

· The 'Gateways' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.1.3. HTTPS Security Settings

You can access the HTTPS Security Settings by pressing this button:

which you will find in the Server Manager General tab, when the protocol is set to HTTPS.

You will be presented with the following dialog:

Encryption Methods

Select the HTTPS encryptions methods you want Thinfinity VirtualUI to support.

Default

Select which of the supported HTTPS encryption method is the default. When a connection is made with a browser that doesn't support the default encryption method, Thinfinity VirtualUI will negotiate the security with other supported encryption methods on this list.

Read more:

· The 'Gateways' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.2. Gateways

In the Thinfinity VirtualUI Manager 'Gateways' tab you will find the following options:

Network ID

The network ID identifies this installation. Thinfinity VirtualUI Servers that want to share their resources through one or more Gateways must match their Network ID.

Press this button to see and/or change the Network ID. The default value is a random string but you can change it to something more descriptive.

Gateway List

A list of the gateways that a user can connect to in order to access this server's resources.

For a typical installation, with no load balancing architecture, leave it blank.

Add

Remove

Remove a selected gateway from the Gateway List.

Check out the Scaling and Load Balancing section to learn about more options.

Read more:

· The 'RDS' Tab

· The 'Applications' Tab

· The 'Licenses' Tab

· Scaling and Load Balancing

This help system was created with an evaluation copy of Help & Manual.

7.2.3. Sessions

In the Thinfinity VirtualUI Manager 'Sessions' tab you will find the following options:

Standard Mode Installation:

Run under the logged-on user account

Check this option to enable Thinfinity VirtualUI to run applications under the logged in user in the Thinfinity VirtualUI landing page.

Run under this account

Check this option to enable Thinfinity VirtualUI to run applications under a specific user.

User name

Enter the username for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under.

Password

Enter the password for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under.

Test

Test the credentials entered to verify that the username and password are correct and can access RDS.

Load Balancing Mode Installation:

Run under the logged-on user account

Check this option to enable Thinfinity VirtualUI to run applications under the logged in user in the Thinfinity VirtualUI landing page.

Run under this account

Check this option to enable Thinfinity VirtualUI to run applications under a specific user.

User name

Enter the username for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under.

Password

Enter the password for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under.

Test

Test the credentials entered to verify that the username and password are correct and can access RDS.

Mode

Multiple Browser per Session

Select this option to run multiple applications in the same RDS Session.

One Browser per Session

Select this option to run applications on individual RDS Sessions. This improves performance but at a higher resource cost.

Always remember to press 'Apply' in order to save the changes and restart the VirtualUI services.

Read more:

· The 'Applications' Tab

· The 'Licenses' Tab

· Scaling and Load Balancing

This help system was created with an evaluation copy of Help & Manual.

7.2.4. Applications

The 'Applications' tab will allow you to configure the applications' locations and settings as well as the user permissions to access them.

Application List

This list shows the available applications. You can enable or disable them by checking the box to the left of the name.

Add

Press this button to add a new application.

Edit

Select an application and press this button to edit it.

Remove

Select an application and press this button to remove it.

Allowed users and groups for selected profile

See here the allowed users or group(s) of users for the selected application. If you want to change the permissions, edit the application.

Database path

Path to the profile database.

Always remember to press 'Apply' in order to save the changes.

Read more:

· Application Profile

· Weblink Profile

· The 'Licenses' Tab

· Scaling and Load Balancing

This help system was created with an evaluation copy of Help & Manual.

7.2.4.1. Application Profile

When you edit or add an application profile you will be presented with this screen below.

The radio button 'Application' must be checked.

These are the profile properties you can edit:

Name

Use this field to change the application name.

Virtual Path

The Virtual Path will create a unique URL address for this connection. The complete path will consist of: http(s)://ip:port/VirtualPath/. The users can then create a web shortcut to this connection in particular and bypass the Thinfinity VirtualUI web interface.

Home Page

Choose the landing HTML page for the application.

Open

Press this button to look for the Home Page.

Access Key

Icon

Click on the Icon gray box to load an image to be associated with the profile. The image will be presented along with the profile name on the web interface profiles selection.

Application/Web link

Select the Application option to have a regular profile that gives access to an application.

If you select the Web link radio button, this profile will behave like a Web Hyperlink.

Default Application

Check this option to make this profile the default application: the authenticated user will connect to this profile directly instead of choosing between the available profiles. The rest of the profiles can be accessed by their Virtual Path.

The properties located inside the tabs will be described throughout the next subtopics.

Read more:

· The 'General' Tab

· The 'Credentials' Tab

· The 'Permissions' Tab

· Weblink Profile

This help system was created with an evaluation copy of Help & Manual.

7.2.4.1.1. General

In the Application Profile Editor 'General' tab you will find the following options:

Program path and file name

Specify the complete path that gives access to the application executable file.

Arguments

Application arguments.

Start in the following folder

Inform a context directory for the application set on the 'Program path and file name' field.

Resolution

Choose from the available list of resolutions including 'Fit to browser window' and 'Fit to screen', ideal for hiding the browser and working on a full screen mode.

Browser rules file

Reconnection Timeout

Set a timeout in minutes if you want Thinfinity VirtualUI Server to wait this period before killing the application once the browser has been closed.

Timeout 0 will kill the application immediately after the browser has been closed.

Read more:

· The 'Credentials' Tab

· The 'Permissions' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.4.1.2. Credentials

In the Thinfinity VirtualUI Application Editor 'Credentials' tab, you should inform the mode for logging into the specified application:

Use server's account

Use the same credentials entered in the 'Sessions' tab.

Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials

Use the authenticated

credentials

Use the same credentials entered in the browser for Thinfinity VirtualUI (specified in the 'Permissions' tab).

Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials.

Use these

credentials

Complete the credentials used to access the computer.

Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials.

Read more:

· The 'Permissions' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.4.1.3. Permissions

Select the users that will access this application. If you don't select any user, this application will not be accessed.

These are the options you will find on the Application Profile Editor 'Permissions' tab:

Allow anonymous access

Check this option to make this application available without any authentication. Use this option if you want this profile to be available for everyone. This means that everybody accessing Thinfinity VirtualUI will have access to this application. Checking this option will disable the Add and Remove buttons.

Add

Press 'Add' to access the windows dialog for selecting Active Directory users.

Remove

Press 'Remove' to remove a user for this profile.

If you want a user or a user group to access more than one application, you need to create more application profiles and then add this user to each profile.

The authenticated user will be able to choose from the available application profiles on the Web interface.

Read more:

· Weblink Profile

This help system was created with an evaluation copy of Help & Manual.

7.2.4.1.4. Restrictions

In the Thinfinity VirtualUI Application Editor 'Restrictions' tab, you can white list or black list the IP addresses which are allowed to connect to the configured application.

No restrictions

No restriction over which IP Addresses will be able to connect to the application.

Allow only from these IPs

Allow connections from the listed IP Addresses.

Block connections from these IPs

Block connections from the listed IP Addresses.

Add

Add an IP Address to the list

Remove

Remove an IP Address from the list

Read more:

· The 'Credentials' Tab

· The 'Permissions' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.4.1.5. Access Hours

In the Thinfinity VirtualUI Application Editor 'Access Hours' tab, you can define the day and time your application will be available to your users.

Access Permitted

Define which day and hour the application will be available.

Access Denied

Define which day and hour the application will be disabled.

Read more:

· The 'Credentials' Tab

· The 'Permissions' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.4.1.6. Authentication metods

In the Thinfinity VirtualUI Application Editor 'Authentication Methods' tab, you can define which application will be available after authenticating to Thinfinity.

The Authentication Methods available in the list are those configured in the 'Authentication' tab of the VirtualUI Server Manager.

No restrictions

No restriction on the authentication method used.

Only users authenticated with these methods

Only the users authenticated with the selected methods will be able to see and connect to the configured application.

Read more:

· The 'Credentials' Tab

· The 'Permissions' Tab

This help system was created with an evaluation copy of Help & Manual.

When you edit or add a Web Link profile you will be presented with the screen below.

The 'Web Link' radio button must be marked.

These are the profile properties you can edit:

Name

Use this field to change the profile name.

Virtual Path

The Virtual Path will create a unique URL address for this connection. The complete path will consist of: http(s)://ThinfinityVirtualUIDomain:port/VirtualPath/. The users can then create a web shortcut to this connection in particular and bypass the Thinfinity VirtualUI web interface.

Access Key

Icon

Click on the Icon gray box to load an image to be associated with the application. The image will be presented along with the application name on the web interface.

Web link /

Application profile

Select the Weblink option to have a profile that connects to a Web link. These links will be shown along with all the other applications on the Thinfinity VirtualUI start page.

Default Application

Check this option to make this profile the default application: the authenticated user will connect to this profile directly instead of choosing between the available profiles. The rest of the profiles can be accessed by their Virtual Path.

Web URL

Inform in this field the URL that you want this application profile to connect to.

Get Icon

Retrieve an icon from the specified Web URL to be used in the web link profile

The properties located inside the other tabs will be described throughout the next subtopics.

Read more:

· The 'Permissions' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.4.2.1. Permissions

Select the users that will access this application profile. If you don't select any users, this profile will not be available from the Web interface.

These are the options you will find under the 'Permissions' tab:

Allow anonymous access

Check this option to make this application available without any authentication. Use this option, if you want this profile to be available for everyone. This means that everybody accessing Thinfinity VirtualUI home page will see this profile. Checking this option will disable the Add and Remove buttons.

Add

Press 'Add' to access the windows dialog for selecting Active Directory users.

Remove

Press 'Remove' to remove a user for this application profile.

If you want a user or a user group to access more than one application, you need to create more profiles and then add this user to each profile.

The authenticated user will be able to choose from the Web interface which application s/he will connect to.

Read more:

· The 'Licenses' Tab

This help system was created with an evaluation copy of Help & Manual.

7.2.5. Authentication

The 'Authentication' tab will allow you to choose the authentication methods to access VirtualUI.

Choose your authentication method(s) in the 'Method' tab:

Authentication methods

This list shows the available authentication methods. You can enable or disable them by checking the box to the left of the name.

Add

Press this button to add a new authentication method. Each method presented will open a new form for you to fill in the relevant information.

Edit

Select an authentication method and press this button to edit it.

Remove

Select an authentication method and press this button to remove it.

Allow anonymous access

Check this to allow anonymous access. This means that users can access anonymous access profiles without any kind of authentication.

Use standard browser authentication dialog

Check this to use the standard browser authentication dialog. When this is unchecked, users will authenticate through the VirtualUI web login.

Read more:

· The Mappings Tab

· Oauth2 Methods Field Reference

This help system was created with an evaluation copy of Help & Manual.

7.2.5.1. Mappings

The 'Mappings' tab of the 'Authentication' tab is where you will map all the credentials of methods other than Windows Logon to Windows Active Directory user so they can be authenticated against the profiles.

Switch base

The 'Mappings' tab can show information in two different ways to ease your mapping process. By pressing the 'Switch base' button, you select whether you prefer to see a list of your authentication ID masks above, that you will map with the Associated User(s)/Group(s) Access below, or a list of Associated Permissions for Active Directory User(s) or Group(s) above that you will map to authentication IDs below. This doesn't change the way it works, only the way it is shown. You might want to think that a certain authentication method username has several Active Directory groups it's associated with and thus choose to see the authentication method usernames above; or you might prefer to see, for example, a list of Active Directory users and link each of them with several authentication method usernames. You can try, and even go back and forth as you add users and decide which way works best for you. Switching the base doesn't change the users nor their mapping.

Authentication ID Mask

This list shows your authentication ID Masks. This means that you can either use an authentication ID, or a mask that matches only some of the username's characters (the rest are represented with *).

Associated Permissions

This list shows the Active Directory user(s) and/or group(s) associated with authentication ID masks.

Enabled

Use this checkbox to enable or disable a particular authentication ID mask (only available when the Authentication ID Masks box is shown above)

Add

Use this button in the box above to add a new authentication ID mask or a new Active Directoy user or group.

Use this button in the box below after selecting an authentication ID mask, Active Directory user or group in the box above, to associate an Active Directory user or group or authentication ID mask, respectively, in the box below.

Remove

Use this button in the box above to remove an authentication ID mask or an Active Directory user or group. Bear in mind that this will also remove the mapping (use the 'Enabled' checkbox to disable it temporarily).

Use this button in the box below to remove the mapping of an Active Directory user or group or authentication ID mask to the authentication ID mask or Active Directory user or group selected in the box above.

This help system was created with an evaluation copy of Help & Manual.

7.2.5.2. Radius Authentication Method Settings

When you use RADIUS as an authentication method, you need to set some parameters:

Name

Choose a name to identify this authentication method.

Server IP

Enter the RADIUS Server IP

Port

Enter the RADIUS Port

Shared Secret

Enter the RADIUS Shared Secret

Authentication Type

Choose your authentication type. The 'EAP' option stands for all the EAP authentication methods.

Test Configuration

Press this button to communicate with RADIUS and test the information entered in the above fields to see if it is correct.

This help system was created with an evaluation copy of Help & Manual.

7.2.5.3. Oauth 2.0 Authentication Method Settings

When you use OAuth 2.0 as an authentication method, you need to set some parameters.

For predefined methods (Google, Facebook, LinkedIn, Dropbox), the only parameters you will need are the client ID and shared secret

Name

Choose a name to identify this authentication method.

Virtual Path

Type a Virtual Path. If you access your Thinfinity VirtualUI URL followed by the virtual path:

http(s)://ip:port/virtualPath

the application will attempt to log in with this method.

Client ID

Enter your authentication provider Client ID, generated while configuring your account integration.

Client Secret

Your authentication provider's Client Secret generated while configuring your account integration.

In the 'Server' tab of the Authentication Method Settings, you will find that the fields are completed by default for the predefined methods. Like Google in this case:

When you add an Oauth 2.0 method that is not predefined, you will need to complete these fields.

Authorization URL

Enter here the URL where your authentication provider can be reached to request authorization.

Authorization parameters

Additional parameters for the authorization URL

Token Validation Server URL

Enter your authentication provider's token validation server URL.

Profile Information server URL

Enter your authentication provider's information server URL.

Login username value returned in JSON

The name of the login username field as returned in a JSON from you authentication provider.

This help system was created with an evaluation copy of Help & Manual.

7.2.5.3.1. Configure OAuth with Auth0

This tutorial will show you how to enable 2FA using Auth0 with Thinfinity VirtualUI .

Auth0 Guardian mobile application is required for 2FA.

1) Create a new application on Auth0’s administrator site, and chose “Single Page Web Application”

2) Copy your Client ID and Client Secret :

3) In the “Allowed Callback URL” , you need to add the URL that you are going to use to authenticate, and the VirtualPath of the Authentication Method ( OAuth by default )

4) To enable 2FA , click on the “Multifactor Auth” and enable “Push Notifications” :

5) Open the Thinfinity VirtualUI Server manager , navigate to the authentication tab , press “Add” -> ”OAuth2.0” -> ”Other”.

6) Add the following information :

This information can be verified in the “Endpoints” tab under Advanced Settings in the Application you created on Auth0’s interface.

Click on “OK” after you entered the information.

7) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.

Add the email address of the Auth0 user you want to validate and press “Ok”.

Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User

After you add the appropriate mappings, click on the “Apply” button.

8) Navigate to the Thinfinity’s landing page, and you should see the “Login With OAuth” option listed as an Authentication Method.

This help system was created with an evaluation copy of Help & Manual.

7.2.5.3.2. Configure OAuth with Okta

How to set up multifactor authentication to your environment or virtualized application.

In this quick tutorial, we will show how to properly configure Okta OAuth 2.0 for Thinfinity Remote Desktop Server and Thinfinity VirtualUI.

1) Navigate to your Okta space, go to the Applications tab, and create a new application using the “Create New App” button :

2) Select OpenID Connect as the Authentication Method :

3) Give the application a name, and type in the URL you use to reach Thinfinity. Then press “Save”.

4) You should be redirected to the Application Settings. In here, press the “General” button, and edit the “Login information”.

Configure the “Initiate login URI” field, by adding the Thinfinity’s website address and “/Okta” at the end of the URL.

5) Copy and past both Client ID and Client Secret for future references :

6) Click on the “Assignments” tab and add your users to the Application :

7) Now , open either the Thinfinity Remote Desktop Server Manager or the Thinfinity VirtualUI Manager and navigate to the “Authentication” tab. Click on OAuth 2.0 and choose “Other”.

8) Enter your Client ID and Client Secret :

9) Click on the “Server” tab and add the following parameters :

Authorization URL: https://[MyOktaSpace].okta.com/oauth2/v1/authorize

Parameters: scope=openid+profile&state=okta

Token Validation Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/token

Profile Information Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/userinfo

Login username value in returned Json: preferred_username

You’ll also need to change the name of the Authentication Method to “Okta” ( Or to the URL you configure in the Initiate Login URI )

Press “OK” after you finish configuring the Authentication Method

10) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.

Add the email address of the Okta user you want to validate and press “Ok”.

Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User

After you add the appropriate mappings, click on the “Apply” button.

11) Navigate to the Thinfinity’s landing page, and you should see the “Login With Okta” option listed as an Authentication Method.

This help system was created with an evaluation copy of Help & Manual.

7.2.5.4. External DLL Authentication Method Settings

When you use your own customized external DLL as an authentication method, you only need to set the DLL.

Name

Choose a name to identify this authentication method.

External Authentication Provider

Select the DLL of your external authentication method.

Read more:

· Authentication API

This help system was created with an evaluation copy of Help & Manual.

7.2.5.5. Duo Authentication Method Settings

When you use Duo as an authentication method, you need to set some parameters.

Integration Key

Enter your authentication provider Integration Key, generated while configuring your account integration.

Secret Key

Your authentication provider's Secret Key generated while configuring your account integration.

API Hostname

Your authentication provider's API Hostname generated while configuring your account integration.

AKey

Automatically configured by VirtualUI

In the following topic we'll cover how to properly configure DUO as an authentication method using Thinfinity VirtualUI :

How to configure DUO

This help system was created with an evaluation copy of Help & Manual.

7.2.5.5.1. How to configure DUO

To configure DUO’s Two-Factor authentication, please follow these steps :

On DUO’s Web Interface :

1) Navigate to the Applications tab on Duo's administrator website :

2) Click on "Protect an Application" :

3) Create a new "Web SDK" application and click on "Protect this Application" :

4) Copy the Integration Key, Secret Key, and API Hostname :

5) Now open the Thinfinity Remote Desktop Server Manager, navigate to the "Authentication" tab , click on "Add" and "DUO" :

6) Copy the Integration Key, Secret Key, and API Hostname provided by DUO , then click "OK" and "Apply" :

7) Navigate to the Thinfinity login page , select "Use DUO" as a method of authentication, and enter valid credentials :

8) Now , you will be given the change to authenticate using a valid DUO authentication method :

Once you validate your account , you will be redirected to the index page with the Duo user validated.

.

This help system was created with an evaluation copy of Help & Manual.

7.2.5.6. SAML Authentication Method Settings

When you use Duo as an authentication method, you need to set some parameters.

Service Identifier

Service Certificate file

Service Certificate Password

Identification ID

Sign Authentication Request

Single Sign/On Service URL

Sign-Out URL

Partner Certificate File

In the following topic we'll cover how to properly configure SAML with Okta as an authentication method using Thinfinity VirtualUI :

Configure SAML with Okta

This help system was created with an evaluation copy of Help & Manual.

7.2.5.6.1. Configure SAML with Okta

In this quick tutorial, we will show how to properly configure Okta SAML for Thinfinity Remote Desktop Server.

1) Navigate to your Okta space, go to the Applications tab, and create a new application using the “Create New App” button :

2) Chose “SAML 2.0” as the Authentication Method.

3) Assign a name to the application.

4) Configure the “Single sign-on URL” and “Audience URI” .

The “Single Sign-on URL” address should be the following : https://[MyThinfinityWebSite]/SAMLAssertionConsumerService

The Audience URI should be the URI used to connect to Thinfinity : https://[MyThinfinityWebSite]/

5) Choose the Feeback options that applies to your application :

6) Now that the application is created, it should redirect you to the “Settings” window. Click on “View Setup Instructions” for further information :

In here you will get the “Identity Provider Single Sign-on URL”, the Identity Provider Issuer, and the Certificate provided by Okta.

7) Now, open the Thinfinity Remote Desktop Server Manager or Thinfinity VirtualUI Server manager, navigate to the “Authentication” tab, press the “Add” option and click on “SAML” :

8) In here, you will have to add the different values provided by Okta in order to enable SAML :

Service Identifier = Audience URI (SP Entity ID)

Service Certificate File = Your certificate’s file.

Service Certificate Password = Your certificate’s password.

Identificacion Entity ID = Identity Provider Issuer

Single Sign-On Service URL = Identity Provider Single Sign-On URL

Sign-Out URL = This value is optional.

Partner Certificate File = X.509 Certificate provided by Okta.

Below you’ll find an example on how it should look like :

After you finish adding all those values, press “Ok”.

10 ) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.

Add the email address of the Okta user you want to validate and press “Ok”.

Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User

After you add the appropriate mappings, click on the “Apply” button.

11) Navigate to the Thinfinity’s landing page, and you should see the “Login With SAML” option listed as an Authentication Method.

This help system was created with an evaluation copy of Help & Manual.

7.2.5.6.2. Configure SAML with Centrify

On the Centrify’s Admin Portal.

1) Click on “Apps” -> “Web Apps” :

2) Click on “Custom” and next to SAML, press “Add”

3) Give your application a name , and click on the “Trust” tab .

Click on “Manual Configuration” , and copy the IdP Entity ID , and download the certificate provided by Centrify.

4) Then copy the “Single Sign on URL” , and the “Single Logout URL” :

5) Now , on the “Service Provide Configuration” , click on “Manual Configuration” and configure the following :

After doing these changes, click on the “Save” button.

6) Now we need to configure Thinfinity with all this information .

Open the Server Manager and navigate to the “Authentication” tab, press “Add” , and then SAML :

7) Now we must configure the connection itself :

· Service identifier = https://YourThinfinitySite:[Port]

· Service Cert File = [Path_To_Your_Certificate]

· Service Cert Pass = [Certificate_Password]

· Identification Entity = [IdP Entity ID / Issuer]

· Single Sing on Service URL = [Single Sign on URL]

· Sign-out URL = [Single Logout URL]

· Partnet Cert File = [Certificate Provided by Centrify]

Once you configured it properly , click “Ok” and then “Apply”

8) Now go the Thinfinity landing page and you should see the “Login with SAML” option now available to use.

This help system was created with an evaluation copy of Help & Manual.

7.2.6. License Manager

The license manager option is found in the License tab of Thinfinity VirtualUI Server Manager. Use this manager to check your licensing status, activity, add or remove your licenses.

Read more:

· License Activation

This help system was created with an evaluation copy of Help & Manual.

7.2.6.1. License Activation

This is how the License Manager should look once your license is registered:

Select

If you registered several serials on this server, press this button to select the key you wish to use.

Add

Press this button to enter your license information.

Remove

Press this button if you wish to deactivate the license on this machine. This will allow you to use the license somewhere else, or to re use the license after reinstalling Windows.

Close

Press this button to close the License Manager

Activity

Here you can verify in real time the amount of users consuming a license.

Pressing the 'Add' button will open the Product Registration Wizard:

Read More:

· Proxy Activation

· Get a new Trial Serial Number

· Activate a Serial Number Online

· Activate a Serial Number Offline

This help system was created with an evaluation copy of Help & Manual.

7.2.6.1.1. Proxy Activation

In order to register your license behind a proxy server you must register it using the Licensing Server administrator, for more information please contact support@cybelesoft.com.

Read More:

· Get a new Trial Serial Number

· Activate a Serial Number Online

· Activate a Serial Number Offline

This help system was created with an evaluation copy of Help & Manual.

7.2.6.1.2. Get a new Trial Serial Number

This option will allow you to request a 30 day trial license with unlimited access. You will be prompt to enter a valid name and e-mail address.

Once you filled this information hit 'Next' and check your in-box for the serial key.

Read More:

· Proxy Activation

· Activate a Serial Number Online

· Activate a Serial Number Offline

This help system was created with an evaluation copy of Help & Manual.

7.2.6.1.3. Activate a Serial Number Online

This is how the "Activate a Serial Number Online" windows looks:

E-mail

Enter the e-mail address you've registered with.

Seria

Enter the serial information we provided you.

Licensing Server URL

If you installed the License Server administrator, enter the License Server URL. Otherwise leave this blank.

If the license information is incorrect, you will see this warning: "The license information is invalid". In this case, please verify the following:

- That you are entering the exact email and Serial number sent to you. The best practice to do this correctly is to copy - paste it, being careful not to include any space after or before.

- That you have a working internet connection. If you intend to install it in a machine with no internet connection, you can try the Manual Activation. If you have internet restrictions because of a proxy, try the Proxy Activation.

If you need additional help, contact us.

If the license information is correct, the License Manager will let you know that "The new license has been installed successfully" and its information will be show in the License Manager.

Read More:

· Proxy Activation

· Get a new Trial Serial Number

· Activate a Serial Number Offline

This help system was created with an evaluation copy of Help & Manual.

7.2.6.1.4. Activate a Serial Number Offline

Manual Activation is an activation option only for those cases when you want to activate Thinfinity® VirtualUI in a machine that has no internet connection, or an internet connection restricted by heavy security policies that block a regular activation.

· If you haven't tried a regular activation, follow these instructions: Activate a Serial Number Online.

· If your internet restrictions are caused by a proxy, follow these instructions: Proxy Activation.

Before you continue with the steps to perform a manual activation, please contact us.

Once you've selected Activate a Serial Number Offline. You will see the following pop up:

Serial

Enter the license Serial number to generate the manual activation key

Generate Manual Key

After you have entered the serial number, press this button to generate the Manual Activation Key.

Manual Activation Key

Manual License

The support team will reply with the Manual License, a code that you will enter in the field above.

Next

Press this button once you have performed the previous steps to complete your license activation.

Read More:

· Proxy Activation

· Get a new Trial Serial Number

· Activate a Serial Number Online

This help system was created with an evaluation copy of Help & Manual.

7.3. Gateway

The Gateway Manager is a tool to configure gateway options in a Load Balancing scenario.

Install Thinfinity VirtualUI as a Gateway Role and look for the 'Thinfinity VirtualUI Gateway' shortcut in the Start Menu.

Its main menu has two sub-menus:

File Menu:

The File Menu is composed of the following options:

Save

Click to save any change done on the system Settings.

Close

Click on this option to exit Thinfinity VirtualUI Gateway Manager.

Help Menu:

The Help Menu is composed of the following options:

About Thinfinity VirtualUI

Click on the About to see the application version and build number.

The General tab presents the following options:

Bind to IP

Use this option to restrict access to the service to one specific IP address. The 'All unassigned' option allows access through all the available IP addresses.

Protocol

Choose between the http and https protocol.

Port

Choose which port will Thinfinity VirtualUI Gateway be listening on. If the port is not available, you will see an error message on the status bar.

Network ID

The network ID identifies this gateway services installation. Thinfinity VirtualUI Servers that want to share their resources through this this gateway must match this Network ID.

Press this button to see and/or change the Network ID. The default value is a random string but you can change it to something more descriptive.

Show Log

Press to open the file with the Thinfinity VirtualUI log.

This help system was created with an evaluation copy of Help & Manual.

Last updated