Exploring Deployment Options
The InfoConnect Deployment Guide includes best practices, instructions, and other information for a number of deployment environments.
Some content may apply to you regardless of your deployment environment. You may be interested in:
Finding Information Specific to your Deployment Environment
Use these guidelines to find the sections that pertain to your deployment environment.
If you are using... | See |
---|---|
A share that users install from | Setting up a simple deployment in this guide. |
A reference image | Information about how to customize settings in the InfoConnect Help: Getting Started and How Do I? |
Group Policy | Information about how to install and use templates for locking down InfoConnect and instructions for publishing: Control Access to Settings and Controls with Microsoft Group Policy Publish with Active Directory |
Setup.exe | Information about setup and instructions for deploying on the Setup command line: Set up an Environment for Deployment Using InfoConnect Administrative Tools Deploy using the Setup Program |
MSI Command line | Information about prerequisites when deploying with MSI directly. Deploy with MSI |
Host Access Management Server | Information about setting up InfoConnect to use centrally managed sessions. Centrally Manage Sessions |
Configuring Session Files Paths, and Templates
You can create and deploy customized files that allow users to connect to hosts, control how users interact with sessions, and specify default configurations for new sessions, using the following methods:
Customizing Session Files
InfoConnect saves basic terminal session configuration in a session document, which includes connection and terminal settings. You can create session document files that have connection information and other settings and then deploy them independently of your installation.
You can also customize session document files to use custom keyboard maps, controls, themes, and other settings. To customize these settings, see Session Documents.
By default, InfoConnect saves custom settings for QuickPads, keyboard maps, themes, mouse maps, hotspots, and ribbons in separate configuration files that you will need to deploy along with the session document files that reference them. But you can simplify your deployment by saving your session documents as compound session files, which include all of these settings.
Compound Session Document files include all of the customized settings for QuickPads, keyboard maps, themes, mouse maps, hotspots, and ribbons. These files allow you to deploy your sessions without having to deploy dependant files for these settings.
Session Document files save these settings in separate files. If you save sessions using this default, you'll need to make sure that you deploy the custom files to the correct locations as shown in Where to Deploy Customized Files.
Compound files are easier to deploy because you don't have to deploy the supporting files. Regular session files offer more flexibility for sharing common configurations. For example, you can share one keyboard map in several regular session files. With compound session documents, you have to recreate the custom settings in each file.
Note
Not all custom settings are saved in compound session files. For example, settings such as ssh_config and ssh_known_hosts required for Secure Shell connections are not saved in these files.
Configuring Paths
Information required for connecting to ALC, UTS, and T27 hosts is configured in paths, which are saved in the InfoConnect database. An InfoConnect path is a named collection of configuration settings that allows you to connect to a host. In the Airlines products, paths are also used for holding the settings-specific device access in PTR.
Path configuration information is stored in the InfoConnect database. After an administrator has configured paths and deployed InfoConnect with the required transports and a customized database, end users can create sessions using the preconfigured paths.
You can include a customized database as part of your installation. See Paths.
Creating Custom Templates
Templates provide default configurations for connecting to specified file types. Micro Focus InfoConnect Desktop ships with default templates for each of the supported session types included with your product. You can also create and deploy custom templates designed to meet the needs of your users. See Set up Session Templates.
Changing InfoConnect appearance and functionality
You can change the appearance and basic functionality of the main InfoConnect window in a variety of ways, including specifying startup macros and actions.
You can also change the appearance of the window (for example, by opening InfoConnect in TouchUx mode).
For more, see Workspace Settings.
Locking down settings and controls
You can lock down InfoConnect to limit access to settings and controls so that they are not available to users. This allows you to simplify support requirements and resolve security concerns.
To prevent a user from changing a setting, you set the permission level for that setting or control to Restricted. For example, you could restrict the users's ability to modify security settings.
As shown below, the restricted settings are grayed out. The security shield and the Change currently disabled settings link indicate administrative access is required to change them.
For more about locking down settings and controls, see:
-
Control Access to Settings and Controls with InfoConnect Administrative Tools
-
Control Access to Settings and Controls with Microsoft Group Policy
Designing and Creating Secure Solutions
InfoConnect provides support for a number of secure solutions. You can set up InfoConnect to protect your working environment from information theft, and your data from potential damage caused by opening documents from non-trusted sources, using the following methods:
-
Creating secure sessions for data in motion enables secure, encrypted connections using secure protocols such as SSH or TLS.
-
Setting up Information Privacy to mask sensitive data helps enable compliance with PCI-DSS requirements.
-
Defining trusted locations from which you can safely open (and store) documents protects data from potential damage caused by opening documents from non-trusted sources.
-
Setting up macro and API security controls access to the Reflection API.
Creating secure sessions for data in motion
Set up secure sessions for a number of secure protocols including FIPS 140-2 validation, SSL/TLS encryption, SSH, Kerberos, SOCKS, and PKI. To see which options are available with each connection type, see Secure Connections.
PROD_SHORT includes the Reflection Certificate Manager, which you can use to manage PKI certificates for use by InfoConnect sessions. See Digital Certificates and Reflection Certificate Manager.
For more about secure connections, see SSL and TLS Connections and Secure Shell Connections.
Setting up Information Privacy
Set up Information Privacy to help comply with PCI-DSS requirements, including redaction of sensitive data such as credit card or social security numbers.
You can also set up the InfoConnect API to log access to unredacted data.
See Setting up Information Privacy.
Defining trusted locations
Define Trusted Locations to differentiate safe files from potentially harmful files. When a file is in a trusted location, it's files are assumed to be safe. If you try to save a file in a location that is not trusted, InfoConnect warns that it will not be able to reopen the file.
InfoConnect enforces trusted locations by default, so if you want to save sessions in directories that are not default trusted locations, you'll have to define these locations or disable the Trusted Locations feature. See Configure Trusted Locations.
Setting up macro and API security
You can enable or disable the Reflection .NET API, determine whether Reflection legacy macros are supported, and determine which legacy API has preference for the GetObject() method used to retrieve API COM objects.
You can also specify whether to run restricted actions that are initiated through a macro or API call without elevating permissions.
Packaging Custom Files
After you customize session files or the InfoConnect workspace, you can bundle the customized session and settings files into a deployable companion installer package (.msi) to make it easier to deploy to your users. You can deploy companion installer packages separately or you can add them to a customized installation. You can also create and install packages at any time after the initial installation. See Package Sessions and Custom Settings Files.
Customizing the Installation
Create and deploy a transform to customize how InfoConnect is installed on user workstations. As defined by Microsoft, "a transform is a collection of changes applied to an installation. By applying a transform (*.mst) to a base installation package, the installer can add or replace data in the installation database."
For example, by deploying the transform with the InfoConnect base installation package, you can select which features to install.
You can also specify the installation directory or the user data location, change the Remove or Add commands from the Windows Uninstall or change a program list, and change other default settings.
For more about creating transforms, see Create or Modify a Transform.