So last week I asked for a favor from Teradici and Imprivata; I wanted to actually use a proximity card on a PCoIP Zero Client and see how difficult it was to setup and see how quick it actually worked. They were both very open to this request and rushed me a couple proximity card readers and a card. Thankfully I already have quite a few Samsung Zero Clients (from previous demos) to test them on, so here goes:
Imprivata Onesign:
The setup and install of OneSign couldn't have been easier. One of the options is to download it as a Virtual Appliance which makes installation a snap. In fact the download took longer than any other step in this process (it was 7GB). Once you have the appliance, which comes as an OVF, you just import it, setup an IP address and away you go. From that point on you go through a web interface to configure the rest. My contact at Imprivata supplied me with a quick guide in configuring OneSign for use with a Zero Client. Basically, I just had to connect the appliance to my AD, import the usernames I wanted, setup a policy (IE these people are allowed to authenticate with a prox card), and then I choose to set it up to automatically add Zero Clients as it sees them. Very simple!
Zero Client Configuration:
I use the Teradici Management Console to manage my VMs. I've done plenty of blogs on the MC and I won't make this blog about the MC. However I will state that I had to do zero configuration on the client itself. I just went into the MC changed the profile so that my clients where now setup to talk to the OneSign server instead of my View Connection Server (this is a setting as of Firmware 3.5 and MC 1.7), and within a few minutes my Zero Clients were auto-configured to talk to OneSign.
VM Configuration:
The final peice to this puzzle is the OneSign Agent, which needs to be installed in the VM itself. Now in my lab I'm just using full VMs, not linked clones, so I would be interested to test this in production somewhere to see how it works when you provision VMs out with the OneSign Agent in the master VM. I'm not sure if that's how it's designed to work or not (Imprivata if you are reading please feel free to comment below). I'm sure in the next month or two I'll have an opportunity to test this. In any case, I had to install the agent, which you do by going to the OneSign Virtual Appliance, then rebooting the VM. That's it for the VM.
And done...
After I had all of the above configured, which took me all of 30 minutes, I was able to authenticate using a proximity card. What I really liked is that the login process seemed identical (or slightly faster) than a typical log in. I was suprised because for this to work it talks to the OneSign server before the VCS, but as you will see in the video below it works suprisingly quick.
Video:
http://www.youtube.com/watch?v=2LT3hJG5I_Q
Gunnar Berger
www.gunnarberger.com
