Velocity powered by Wavelink

This page refers to an older version of the product.
View the current version of the User Guide.

Security Settings

The following settings are available on the Host > Security tab of the host profile.

ClosedTE

SSL

Use SSL

Uses SSL to encrypt the information sent to the host. When this option is selected, the Port field for the host profile is changed to 992. You cannot use ConnectPro when SSL is enabled.

Certificate

Valid Certificate

Adds a valid certificate to devices for secure connections with a host. When added, all associated subject and thumbprint information is listed here. The host address shown in the certificate must match the host server location, or else the device will not trust the host.

If no certificate is attached to the host profile, then Velocity refers to the device's certificate store. Certificates already in the certificate store are trusted and do not need to be added to a host profile.

For security purposes, device users are not prompted to trust certificates when connecting to a host. They will only receive an error when a host is not trusted or a certificate is not attached to a host profile.

The certificate extensions supported includes .cer, .crt, and .pem.

You may only attach one certificate to a project.

SSH

Use SSH

Uses SSH to encrypt the information sent to the host. The Velocity Client can use SSH versions 1 and 2 and will automatically select the most secure protocol supported. There is no additional software for SSH on the device, but the host must be configured for SSH. When this option is selected, the Auto Login User and Auto Login Password fields appear and must be filled out and the Port field is changed to 22.

You can select this option or Use SSH Tunnel, but not both.

Use SSH Tunnel

Sets whether or not to use SSH tunneling. If you are using 5250 emulation with SSH, you must use SSH tunneling. When this option is selected, the Auto Login User, Auto Login Password, Tunnel Address, and Tunnel Port fields appear below and the Port field is changed to 22.

You can select this option or Use SSH, but not both.

Auto Login User

The username for accessing the SSH server.

This option is only available when Use SSH or Use SSH Tunnel is selected.

Auto Login Password

The password associated with the SSH username.

This option is only available when Use SSH or Use SSH Tunnel is selected.

Use Private Key

Allows you to distribute an OpenSSH or ssh.com private key to devices to allow them to authenticate with the server. The private key should have a .ppk extension and use either RSA or DSA encryption. Private keys with or without passphrases are supported. When you enable the option, click Add Private Key to add a private key.

Accept New Keys

Determines whether the Client will connect to an SSH server that it doesn't have a public key for. By default, this is set to No. The following options are available: 

No. The Client will connect to a host using one of the known host keys. If you do not provide a known host key, the user is prompted to accept a host key the first time it connects to a server. If the user accepts, the Client stores that key as the accepted known host key and will only connect to a host using that host key from then on. The user will not be prompted to accept any additional known host keys. If the device attempts to connect to an SSH server with a different host key, the connection will fail.

If the user rejects the host key, the session fails to connect. If the user tries the same SSH server again, he is again prompted to accept the host key.

Prompt. The Client will connect to a host that uses one of the known host keys. Each time the Client attempts a connection to an SSH server that doesn’t match one of the known host keys, the Client displays the host fingerprint and prompts the user to accept the host key. If the user accepts, the Client stores the key and will connect that host without prompting from then on. If there is already a known host key, that host key is overwritten when the user accepts a new one.

If the user rejects the host key, the session fails to connect. If the user tries the same SSH server again, he is again prompted to accept the host key.

Yes. The Client will connect to any host using SSH and will not attempt to match the known host keys. The user is not prompted to accept the host key.

Choosing Prompt or Yes may make your environment vulnerable to man-in-the-middle attacks and is not recommended.

Known Host

The host's public key is used to verify the trusted host. When you provide a known host key, devices will only connect to the server if the server has the matching private key.

The known host key should start with the algorithm type. For example, an RSA key starts with ssh-rsa, then has a space, and then the base-64 encoded key.

If the value you have has colons in it, it is the fingerprint and not the public key. This field does not accept the fingerprint.

This field is optional. 

Alternative Known Host

An alternate known host key, in case you have two SSH servers with two different keys and you want the Client to be able to connect to either of them, or if you are changing the SSH host key on your server.

Tunnel Address

The IP address or host name for the SSH tunnel.

This option is only available when Use SSH Tunnel is selected.

Tunnel Port

The TCP port number associated with the Tunnel Address for SSH tunneling.

This option is only available when Use SSH Tunnel is selected.

ConnectPro

Only Use ConnectPro connections

Indicates whether the Velocity Client should only connect to the host through a ConnectPro server. If you enable this checkbox, you cannot select the Use SSL setting in the SSL Settings section.

Server Type

The version number of the ConnectPro server.

Address

The IP address or host name of the server.

Port

The TCP port number on which the proxy server is listening for emulation requests from clients.

Terminate ConnectPro Session

Indicates when the ConnectPro server should terminate the connection to the host.

Possible values include:

Never. The proxy server never terminates the session established with the host. The Client is responsible for manually terminating the session.

OnNetworkError. The proxy server terminates the session with the host when a network error occurs, such as a loss of network connectivity.

OnSessionExit. The proxy server terminates the session with the host when the session is terminated by the Velocity Client. By default, this option is selected.

Always. The proxy server will terminate the session with the host on a network error or when the session is terminated.

Client Reconnects if Unexpectedly Disconnected

Specifies if the Velocity Client will attempt to reconnect if the session with the proxy server is lost and the Client has not received a disconnect message from the proxy server. By default, this is set to Yes.

Reconnect String

Specifies the reconnect string that the device should use when connecting to the host. Alternately, you may configure reconnect strings in ConnectPro.

Use SSL

Uses SSL/TLS to encrypt the information sent to the host. There is no additional software needed for SSL/TLS on Android devices, but the host must be configured for SSL/TLS.

Use Custom Encryption

Uses an Ivanti custom encryption method to encrypt the connection to the ConnectPro server. When you use custom encryption, provide an encryption key in the Key field below.

Key

Specifies a custom encryption key.

ClosedWeb


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other