Transcription
Spark ViewAdministrator’s ManualVersion 6.1.0January 10, 2022Remote Spark Corp. Page 1 of 90
ContentsContents . 21.2.3.Overview . 41.1.Features . 41.2.Architecture . 51.3.What’s the difference . 6Installation . 72.1.Install J2SE Software Development Kit (JDK) . 72.2.Install as a Windows service . 82.3.Install as Linux/Unix Daemon . 92.4.Install as Mac OS X Daemon. 122.5.Install HTML Client on Other Web Servers . 14Server Configuration . 143.1.Gateway . 143.2.HTTPS and WSS (WebSocket Secure Connection) . 213.3.Remote Desktop Web Access Portal Integration . 233.4.RDP, VNC, SSH, TELNET hosts . 243.5.Users . 303.6.Easy Printing . 333.7.RemoteApp and start a program instead of the whole desktop . 383.8.Clipboard redirection and shared clipboard . 423.9.Bidirectional audio redirection (RDP) . 433.10.File share (uploading and downloading) . 46Temporary Directory . 46Permanent Directory . 46Drag and Drop . 483.11.Session Recording and Playback . 493.12.Session Shadowing (Join or share an active session on gateway) . 503.13.Native RDP shadowing (Join any active RDP sessions) . 533.14.Touch Interface (iOS, Android etc). 54Remote Spark Corp. Page 2 of 90
5.3.15.Touch Remoting . 563.16.Hyper-V Console and Enhanced Session Mode . 563.17.RDP Connection Cache/Pool . 573.18.Symlink (Access link) . 583.19.Macro Recording . 603.20.Remote Assistance . 603.21.RFB (VNC) protocol support . 613.22.SSH and Telnet . 623.23.Smart Card Redirection . 643.24.Scanner Redirectio . 653.25.USB Redirection . 653.26.OAuth 2.0/Okta Integration . 653.27.Active Directory, LDAP, RADIUS integration . 674.1.Session Management . 704.2.Multi-Monitor . 704.3.SMB2, SFTB file proxy . 714.4.Deploy, run, test applications in the cloud . 724.5.IP Filter (iptables) . 724.6.SNMP integration . 74API and plug-in . 745.1.Reporting API(Query server status, Client side JavaScript API) . 745.2.Rdp libray (Client side Javascript API) . 755.2.1.Rdp parameters. 755.2.2.Passing parameter via URL. 785.2.3.Passing parameter via object or cookie . 785.2.4.Usage of Rdp class. 795.2.5.Extend RDP: Virtual Channel and Dynamic Virtual Channel . 835.2.6.Extend Gateway: Gateway Channel . 845.3.Plug-ins (Server side Java API). 845.4.HTTP Request API(Server side) . 84Appendix A: shortcut keys . 85Appendix B: browser support . 85Remote Spark Corp. Page 3 of 90
Appendix C: EchoHandler and network check . 86Appendix D: Configuration example for Nginx . 86Appendix E: Configuration example for Apache Proxy . 87Appendix F: Configuration for Juniper, Cisco, Dell etc SSL VPN. 89Appendix G: SMB Path . 89Appendix H: Ping . 90Appendix E: TrustStore . 901.OverviewSpark View is world’s first HTML5 RDP (Remote Desktop Protocol) client which provides end-users withremote access to following RDP hosts: RDP enabled Windows desktops, including: Windows 2000 Server, Windows XP Professional,MCE 2005, Windows Server 2003, Windows Vista Business or Ultimate, Windows Server 2008,Windows 7 Professional, Business or Ultimate, Windows Server 2008, Windows 2012, Windows10, Windows 2016, Windows 2019.Linux desktops with XRDP installed.Any virtual machines under Oracle VM VirtualBox (with Remote Desktop Server enabled).1.1. FeaturesSpark View is a RDP, VNC, SSH, TELNET, SMB2, SFTP proxy (gateway) with HTML5 client. It useWebSocket, Canvas, Web Audio, local storage etc HTML5 features to implement the Remote Desktop(RDP), RFB (VNC), SSH, SMB2 protocols. It has following advantages compared with traditional (native)clients: Zero installation on client side, no Java, no flash, no ActiveX, only HTML and JavaScript.Zero maintenance and management on client side. You don’t need to worry about if user hasinstalled the newest version of Spark View, JRE or flash player.Same interface and experience for final users.One solution runs on almost all platforms: Windows, Linux, Mac, iOS, Android, BlackBerry andPlaybook OS etc.Better performance. It’s even faster than native RDP client.More features like session recording, printing, session shadowing with multi-cursors etc.Control resource access and redirection in one place (Gateway).OAuth2, Active Directory, LDAP, RADIUS, Okta integration.Connect to Hyper-V console.RDP connection pool. Connect to your desktop and RemoteApp instantly. No waiting any more.Supports RDP, RFB(VNC), SSH, SFTP, TELNET, SMB2 .Remote Spark Corp. Page 4 of 90
Seamless integration with F5, Array Networks, Cisco, Juniper, Dell SSL VPN.RDP features implemented in Spark View: TLS (SSL over RDP) and NLA (Network Level Authentication). CredSSP version 6 (MicrosoftCredSSP updates for CVE-2018-0886);RemoteApp. It's the first time that you can use RemoteApp everywhere (on a Mac, iPad,Android etc.).RemoteFX (LAN only)Touch remoting on Windows 8 and Windows 2012.Seamless clipboard redirection which supports plain text, bitmap, JPG, WMF, RTF and HTMLformats.Easy printing, don't need to install drivers for client side printers.Bring sound to local or leave it on remote computer.Remote audio recording.File downloading and uploading; Gateway side directory sharing.Smart card redirection.Lossless bitmap compression, give you the best quality you can get.Supports Remote Assistance.Client side IME support. You can use client side IME directly (Even Microsoft RDC cannot dothat).International keyboard support.VirtualBox RDP video redirection support.Supports Multi-Monitor.Supports camera redirection.Supports scanner redirection.Supports native RDP shadowing.1.2. ArchitectureSpark View includes 2 components: Gateway, which is a WebSocket server and simple web server.Web resources (HTML files, CSS, JavaScript, images), which can be installed on Gateway or anyother web servers.This diagram describes how the components of Spark View work together:Remote Spark Corp. Page 5 of 90
You can also install gateway in RDP host.1.3. What’s the differenceSpark View is quite different compared with other similar solutions: It is designed to be a replacement of native client, not a complementary solution. It is designed for speed. It’s even faster than our Java applet. It is feature rich, not feature less compared with native clients. Spark View only features:oRemoteApp (not Start program on connection)oSession Recording/PlaybackoSession ShadowingoHyper-V console connectionoNetwork Level AuthenticationoWindows 8 and 2012 with touch remoting support,oXRDP (Linux) supportoRD Web Access Portal IntegrationRemote Spark Corp. Page 6 of 90
2.oOpenID integrationoSupport both PostScript and PCL printers.oSupport more audio encodings. 80% less bandwidth usage (when playing audio)compared with other HTML5 solutionsoClient side IME support. You can use client side IME directly (Microsoft RDC doesn'tsupport client side IME).InstallationGateway is a Java application and can be installed on almost all operational systems. Web resources foSpark View are pure HTML and JavaScript, so it can be installed on Gateway(which is also a web server)or any other web servers.2.1. Install J2SE Software Development Kit (JDK)Download the Java 2 Standard Edition (J2SE) JDK, release version 1.8 or later, .com/corretto/NOTE: Downloading the Java Runtime Environment (JRE) instead is not recommended.Install the JDK according to the instructions included with the release.Set an environment variable JAVA HOME to the pathname of the directory into which you installed theSDK release:echo "export JAVA HOME /usr/java/default/" /etc/profile.d/java home.shVerify the Java version you are using, run following command in a command prompt:java –versionOpen JDK 8, 11 and LTS versions are recommended. JRE is not recommended because it’s updatedautomatically and the old version will be uninstalled. Please install JCE 8 if you are using Java ownloads/jce8-download-2133166.htmlIf your RDP server has Network Level Authentication enabled, the connection may fail depends on whatJava version you are using.Remote Spark Corp. Page 7 of 90
Java 1.8: Please install TLS 1.2 Windows update on Windows 7 and Windows 92.2. Install as a WindowsserviceDownload Spark Gateway installer for Windows installer.exeInstall Spark Gateway according the instructions of installer. During the installation, you can choose theJRE/JDK you want user if you have multiple JRE/JDK installed. You can also choose the gateway listeningport (default is 8080).If you have “This app can’t run on your PC” error, you may need to disable Smartscreen functionalityand under Windows Updates – Developers: Allow Sideloads Apps.If you have IIS running on same machine and you want Spark Gateway listening on port 80 or 443, youmust ensure that IIS is not bound to the IP address & Port you want to use for the Spark Gateway. Youmust set the bindings in the IIS Manager. However, it may also be necessary to change the HTTP servicewhich by default listens on port 80 for all IP addresses. To do this you can use “netsh http add iplistenipaddress xxx.xxx.xxx.xxx” to instruct the HTTP service to listen on IP addresses not used by theSparkGateway. Then you can use port 80 on the unused IP Addresses with the SparkGateway.Change the name of your license file to “license” and copy it to installation directory if you are using thefull version. You don’t need a license file for the evaluation version.You can start the “Welcome” page to connect to a computer or “Configuration” page from the Startmenu when installation is done.Add SparkGateway.exe to your firewall exception list.Make sure you allocate more memory to SparkGateway (in SparkGateway Manger, "Java" tab) if youhave more users:Remote Spark Corp. Page 8 of 90
We are using Apache Procrun as a Windows service wrapper, for more information, please 2.3. Install as Linux/Unix DaemonDownload Spark Gateway for teway.zipUnzip it to your destination directory; here we use /usr/local/bin/SparkGateway.Modify gateway.conf to change gateway listening port or other configurations.Open gateway listening port (80):firewall-cmd --permanent --add-port 80/tcpfirewall-cmd --reloadoriptables -A INPUT -p tcp --dport 80 -j ACCEPTIf SparkGateway can not listen on port 80, 443 or any ports below 1024, you can try this command:sudo setcap cap net bind service epi readlink -f \ which java\ Remote Spark Corp. Page 9 of 90
Test the gateway in console mode:Java –jar SparkGateway.jarYou can install it as a service if it’s working correctly in console mode:For Systemd system:Create file: /etc/systemd/system/SparkGateway.service with the following contents:[Unit]Description Spark View ServiceAfter network.target[Service]User yourUserNameWorkingDirectory /usr/local/bin/SparkGatewayExecStart /usr/bin/java -jar sExitStatus 143[Install]WantedBy multi-user.targetThen notify the systemd fo the new service: systemctl daemon-reloadEnable the service: systemctl enable SparkGatewayStart the service: systemctl start SparkGatewayStop the service: systemctl stop SparkGatewayCheck the status if the service is not started: systemctl status SparkGatewayUninstall the service: systemctl disable SparkGatewayPlease check the following documentation for SUSE:http://remotespark.com/view/SUSE Install.txtRemote Spark Corp. Page 10 of 90
For SysVinit init system:To build the daemon wrapper you will need: GNU AutoConf (at least version 2.53) An ANSI-C compliant compiler (GCC is good) GNU Make A Java Platform 2 compliant SDKyum groupinstall "Development Tools" (CentOS)apt-get install build-essentials (Debian/Ubuntu)Running following commandscd /usr/local/bin/SparkGatewaytar xvfz commons-daemon-native.tar.gzcd kecp jsvc ./.cd ./.chmod a x SparkGateway.shChange the name of your license file to “license” and copy it to installation directory if you are using thefull version.Modify gateway.conf file, change listening port and file path according to your installation directory.Starting the daemon./SparkGateway.sh startStopping the daemon./SparkGateway.sh stopWe are using Apache Jsvc as a Linux/Unix daemon wrapper, for more information, please checkhttp://commons.apache.org/daemon/jsvc.htmlThe script (SparkGateway.sh) is only tested on CentOS, you may need to change it on other Linuxs.Run as a service and start automaticallycp SparkGateway.sh /etc/init.d/SparkGatewayRemote Spark Corp. Page 11 of 90
chmod x /etc/init.d/SparkGatewaychkconfig --add SparkGatewaychkconfig SparkGateway onStart the service: service SparkGateway startStop the service: service SparkGateway stop2.4. Install as Mac OS X Daemon1. cd /Library2. sudo unzip SparkGateway.zip3. sudo chown username SparkGatewayusername should be the login name under which gateway will run4. sudo chgrp admin SparkGateway5. cd SparkGateway6. sudo nano start.sh with following content:#!/bin/shSPARK HOME /Library/SparkGatewayjava -jar SPARK HOME/SparkGateway.jar -c SPARK HOME/gateway.conf7. Save the file and run sudo chmod a x start.sh8. Change the default directory and listening port if port 80 is occupied in gateway.conf:port 8080logfile /Library/SparkGateway/logs/gateway.loghtml /Library/SparkGateway/htmllicense /Library/SparkGateway/license9. use sudo ./start.sh to test if there are any errors within the script.10. cd /Library/LaunchDaemonsRemote Spark Corp. Page 12 of 90
11. sudo nano com.toremote.gateway.plist with following content: ?xml version "1.0" encoding "UTF-8"? !DOCTYPE plist PUBLIC "-//Apple Computer//DTD st-1.0.dtd" plist version "1.0" dict key Label /key string com.toremote.gateway /string key Disabled /key false/ key OnDemand /key false/ key RunAtLoad /key true/ key ProgramArguments /key array string /Library/SparkGateway/start.sh /string /array key EnvironmentVariables /key dict key SPARK HOME /key string /Library/SparkGateway /string /dict key StandardErrorPath /key string /Library/SparkGateway/logs/gateway.stderr /string key StandardOutPath /key Remote Spark Corp. Page 13 of 90
string /Library/SparkGateway/logs/gateway.stdout /string key UserName /key string appserver /string /dict /plist 9. load the service:sudo launchctl load nload the service:sudo launchctl unload .5. Install HTML Client on Other Web ServersSpark View (the HTML5 Client part) doesn't include any server side logic; you can also install it on anyother Web Servers, like IIS, Apache, Tomcat etc.Recommended to use Gateway as the web server, or install it in Chrome Web Store.3.Server Configuration3.1. GatewayYou can configure gateway by editing gateway.conf file, here is a list of all options:KeybindAddrportsslcredSSPValueBinding address, if you have multiple IP addresses and want to bind on oneof them.If you have IIS running on same machine, you must ensure that it is notbound to the IP address & Port you want to use for the SparkGateway. Youmust set the bindings in the IIS Manager. However, it may also be necessaryto change the HTTP service which by default listens on port 80 for all IPaddresses. To do this you can use “netsh http add iplistenipaddress xxx.xxx.xxx.xxx” to instruct the HTTP service to listen on IPaddresses not used by the SparkGateway. Then you can use port 80 on theunused IP Addresses with the SparkGateway.Listening port, default is 80. You can let Gateway listen on 2 ports at thesame time, e.g. port 80, 443Use HTTPS and WSS (WebSocket Secure Connection), default is false. Ifgateway is listening on 2 port, the parameter can be configured as: ssl false, trueNetwork Level Authentication, Value can be "true", "false" or "auto". DefaultRemote Spark Corp. Page 14 of 90
rinterDrivershadowingcipherSuitesis false. “true” will slow down the connection speed a little bit . It’s notnecessary to use NLA if the gateway is connecting to internal RDP hosts only.It’s better to enable credSSP if you are using Microsoft RD Broker for loadbalancing. "auto" will connect without credSSP at the first time, reconnectwith credSSP if the connection failed.How many connections can be queued, default is 50.Path of user configuration file (JSON format).Path of RDP hosts configuration file (JSON format.HTML root directory.Default page for html directory, default is "rdp.html;index.html".Path of license file.Path of log file.Limit the maximum number of bytes to write to any one log file, default is30M.Log file rotation, the number of log files to use, default is 99.If log http header, which may contains sensitive information. Default is true.Postscript to PDF converter, used for printing. Ghostscript is ample: C:\\Program Files\\gs\\gs9.04\\bin\\gswin64c.exeArguments for converter. %1 is output pdf file name. %2 is input ps filename, they'll be replaced by program.Example: -dBATCH -dNOPAUSE -dUseCIEColor -dPDFSETTINGS /printer sDEVICE pdfwrite -q -sOutputFile %1 %2Class name for your plug-inThe full path of your plug-in jar filePassword for reporting and management APIAdd extra mime types for web server: rdp:application/rdp;conf:text/plainSet false to disable logging to stdout/stderrHow many days the temporary files generated by system be kept, default is 1dayThe name for the shared disk, used for file uploading/downloadingRD Web Feed URL, for RD web access integrationSession recording, 0: no recording; 1: recording graphic only. 3: recordinggraphic and audio.Parent directory for session recording files.Warn user about the recording, default is trueif logged in user can access computers which is not in their list (servers.json)or webfeed, default is falsePrinter name, default is “Remote Printer from Client”. You can specifymultiple printer names by using “;” as separator, e.g. “Printer1;Printer2”.The first one will always be the default printer.Printer driver nameShadowing switch (if allow joining a session), default is true.The cipher suites can be used by SSL encryption. You may want to use somegood cipher suites only, for example:SSL RSA WITH RC4 128 MD5, SSL RSA WITH RC4 128 SHA,SSL RSA WITH 3DES EDE CBC SHA,Remote Spark Corp. Page 15 of 90
SSL DHE DSS WITH 3DES EDE CBC SHA,SSL DHE RSA WITH 3DES EDE CBC SHA,TLS DHE RSA WITH AES 128 CBC SHA,TLS DHE DSS WITH AES 128 CBC SHA,TLS RSA WITH AES 128 CBC SHA,TLS DHE RSA WITH AES 256 CBC SHA,TLS DHE DSS WITH AES 256 CBC SHA,TLS RSA WITH AES 256 CBC SHAYou need to install Java Cryptography Extension (JCE) Unlimited StrengthJurisdiction Policy Files for AES 256 cipher TP server web address, used for OpenID login(redirection back). It’s alsoused on client side for getting real gateway address (client side may notknow that if you are using multiple gateways for load balancing).clientHostCustomize the host name of the client user. Default is the host name or ipaddress. You can use following variables in the string: {hostName}: Host name of the gateway machine. {hostAddress}: Host address of the gateway machine. {sequence}: a sequence number { ip}: client host name or IP. { PARAM SESSION ID}: Session GUID. { PARAM NUMERIC ID}: Session 9 digit number ID. {any parameter transferred from client side}e.g. clientHost RS- { ip}- {sequence} , the result will be RSClientHostName-0, RS-ClientHostName-1, performanceflagsPlease check 3.4 RDP Host for more information. You may need this if youare connecting to a Terminal Server/Remote Desktop Session Host.remotefxIf enable remtoefx, default is false. RemoteFX is LAN and 32 bit onlyenableLookupsSet to true if you want calls to perform DNS lookups in order to return theactual host name of the remote client. Set to false to skip the DNS lookupand return the IP address in String form instead (thereby improvingperformance). By default, DNS lookups are disabled.maxCacheTimeHow long (minutes) the session can be cached on gateway, default is 0 (RDPsession cache on gateway is disabled by default).idleUserSessionUser session idle timeout, in millisecondsEmail notification when license expire etc, following is for ail.smtp.authtruemail.smtp.starttls.enable trueRemote Spark Corp. Page 16 of 90
ntingresetOnJointimeoutWoLsymlinkOnlyYou can use “java -cp SparkGateway.jar com.toremote.gateway.Mailer titlemessage” to send a test email.Float value, Email alert when license usage reached this number. If value 1,it means percentage of your license number; If value 1, it means theactual concurrent license number.Interval for obtaining thumbnails of RDP session, milliseconds, default is 0(no thumbnail). Client will not send thumbnail to server if screen is notchanged.Thumbnail width, it must be smaller than 640, default is 0 (no thumbnail)Timeout for clipboard copy operation, milliseconds, default is 3000. You mayneed to increase this value if your application need to copy very big data.This is the maximum value (milliseconds) for saved session, default is 0, meansuser cannot save session on gateway.Confirmation needed when a user try to join a session, default is falseSet up key store position when ssl is trueKey store passwordEncrypt the key store password and the reporting password, default is false.Please use following command to get encrypted password:java -cp SparkGateway.jar com.toremote.gateway.Encryption MyPasswordEnable Remote Assistance, default is false.Enable SSH, default is false.Enable TELNET, default is false.Used for email notification etc.Path of oauth2 providers file (JSON format)Keys (scancode) will not be sent to server, e.g. 219,220 (left and right Windowskey); 29 56 211,56 1 will disable Ctrl Alt Del and Alt EscIf enable encryption on data files: servers.json, users.json, symlink.json.If enable webfeed cache. false to disable it. Default is true. You'll need to restartthe gateway after your webfeed content changed if it
Jan 10, 2022 · Spark View is a RDP, VNC, SSH, TELNET, SMB2, SFTP proxy (gateway) with HTML5 client. It use WebSocket, Canvas, Web Audio, local storage etc HTML5 features to implement the Remote Desktop (RDP), RFB (VNC), SSH, SMB2 protocols. It has followi
