Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
436
Views
0
Helpful
2
Replies

Remote Thin Terminal Administration with AnyConnect

Phil Butterworth
Level 1
Level 1

‎02-15-2016 03:23 AM

Hello,

we're about to roll out AnyConnect to our remote users, but supporting or upgrading our thin clients is a bit troublesome. Anyone any experience with this or recommendations?

Thin clients have their own proprietary OS. Users have no rights to write onto the box per se. AnyConnect tries an auto-connect once the user logged in to the box.

In order to upgrade the device, the user needs to log out from the box without killing the VPN session. An admin then logs in, sets the box to allow write operations and restarts it in order for that change to take effect.

As the user will again be autoconnected the same process of logging out of the box with VPN persistent has to be performed. The admin can now upgrade the box etc. and set it to read only again when done. Then another restart is necessary.

The whole process is really cumbersome. Anyone any ideas how to make it more user friendly? A user with admin/write rights is a no-go.

Cheers...

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-15-2016 11:04 AM

Do the boxes support running a privileged shell or command?

If so, you could create a magic user called "upgrade".  Have the users login as "upgrade" once, and then have AnyConnect start a command to run a privileged shell, and run the upgrade.  If you can't do the upgrade directly perhaps you can download the image and add it to the devices startup sequence to run once, and then have the script reboot the system.  Something like that anyway.

Another option is a box swap.  Prep 5 devices with the new client.  Swap them out, and then prep the next batch.

0 Helpful

Phil Butterworth
Level 1
Level 1
In response to Philip D'Ath

‎02-22-2016 05:20 AM

Thanks for the reply Philip. The boxes are set to auto-login so although the idea of an "upgrade" user is good, we'd still need the auto-logged in user to log out again and log in as "upgrade". Plus the user would need to know the "upgrade" user's password. As the "upgrade" account has admin rights, our security team wouldn't agree with this. Swapping the box for an upgrade would be very time consuming. We're talking about a few hundred boxes. So unfortunately not an option.
0 Helpful
Customers Also Viewed These Support Documents