VISULOX4_ReferenceCard

Events

VISULOX Service Events

Type	Event	Description	Event variable
Login	Multiple login failures detected	Default warning setting for failed login attempts: 5 per minute, 20 per hour and 50 per day	multipleloginfailures
Login	Access PIN accepted	Login with Access PIN accepted	2faPinAccepted
Login	Access PIN requested	Access PIN for login requested	2faPinRequested
Login	Access PIN rejected	Access PIN was rejected	2faPinRejected
Login	OTP requested	One Time Passcode for login requested	otpRequested
Login (Webtop)	Logged out by supervisor	Application session ended by supervisor via VISULOX Cockpit	webtopSessionEndedByAdmin
Application	Application started	Application session has been started with session controller	sessionControllerStarted
Application	Application started (uncontrolled)	Application session has been started without session controller	sessionUncontolledStarted
Application	Application ended	Application session ended	sessionControllerEnded
Application	Session locked	Application session locked	lock
Application	Session unlocked	Application session unlocked	unlock
Application	Session locked by supervisor	Application session locked by supervisor via VISULOX Cockpit	lockedbyadmin
Application	Session unlocked by supervisor	Application session unlocked by supervisor via VISULOX Cockpit	unlockedbyadmin
Application	Ended by supervisor	Application session ended by supervisor via VISULOX Cockpit	sessionEndedByAdmin
Application	Message sent	Message from supervisor is sent via Cockpit to the user	message
Application	Accepted by user	Message, recording, etc. acknowledged by the user	accept
Application	Rejected	Recording rejected by user	reject
Notification	Notification sent	A notification was sent based on the selected script	scriptsend
Access	Access will expire	Warning, that access to applications will expire soon
Access	User request	Access requested by the user	accessRequestedByUser
Application	Remark by user	Session annotation created by the user	annotationByUser
Application	Remark by supervisor	Annotation created by the supervisor in the VISULOX Cockpit for the session	annotationBySupervisor
Cooperation	Assistance request	Request for a cooperation	assistrequested
Cooperation	Assist observe	Assist mode switched to observe	assistobserve
Cooperation	Assist interact	Assist mode switched to interact	assistinteract
Cooperation	Assist Standby	Assist mode switched to standby	assiststandby
Cooperation	Dual Control	Dual Control cooperation started	dualcontrol
Cooperation	Assistance closed	Cooperation closed	assistclosed
Recording	Manual recording	Manual recording of the session started by the supervisor via VISULOX Cockpit	sessionManuallyRecordingStarted
Recording	Recording stopped	Manual recording stopped by the supervisor via VISULOX Cockpit	sessionManuallyRecordingStopped
Recording	Recording started by Policy	Predefined recording started by Application Policy	sessionRecordingStarted
Keyboard control	In use	Input changed to this user	inputFocusChanged
Keyboard control	Inputline	The user entered a line of characters	keyboardControlInputline
Keyboard control	Responsible	Input changed to this user	inputResponsibility
Keyboard control	Idle	Keyboard idle	InputFocusIdle
Keyboard control	Keyboard control started	Keyboard input detection started	keyboardControlStarted
Keyboard control	Keyword detected	Keyword detected by keystroke detection control	keywordDetected
Checkout	Checkout	Session checkout via Cockpit	checkout
Checkout	Checkout with keystrokes	Checkout of the session information in a ZIP file with displayed keystrokes	checkoutwithkeystrokes
Checkout	Report in browser	Report created via Cockpit and displayed in browser	reportGeneratedByGuiBrowser
Checkout	Report via eMail	Report created via Cockpit and sent via eMail	reportGeneratedByGuiEmail
Checkout	Player started	Browser-based player started via Cockpit	player
Checkout	Player with keystrokes started	Browser based player with displayed keystrokes started	playerwithkeystrokes
System	Auto accepted	Accepted automatically by the system	autoaccept
System	Auto rejected	Rejected automatically by the system	autoreject
System	Object created	A VISULOX object has been created	objectNew
System	Object copied	A VISULOX object has been copied	objectCopied
System	Object changed	A VISULOX object has been changed	objectChanged
System	Object deleted	A VISULOX object has been deleted	objectDeleted
System	Object attached	A VISULOX object has been attached	objectAttached
System	Object detached	A VISULOX object has been detached	objectDetached
File Transfer	Synced to folder	Files synchronized with the folder	syncput
File Transfer	Synced to Transit Zone	Files synchronized with the Transit Zone	syncget
File Transfer	Transfer to server	File transferred from Transit Zone to the application server via SFTP/FTP	ftput
File Transfer	Transfer to Transit Zone	File transferred from application server to the Transit Zone via SFTP/FTP	ftget
File Transfer	Upload (internal web page)	File uploaded via internal web page	webput
File Transfer	Download (internal web page)	File downloaded via internal web page	webget
File Transfer	Upload	File uploaded from client into Transit Zone	userput
File Transfer	Download	File transferred from Transit Zone to the client	userget
File Transfer	File checked	Transferred file has been checked	checked
File Transfer	Approved	Transferred file has been approved	approved
File Transfer	File rejected	File rejected after check	rejected
File Transfer	Pending	File not approved yet	pending
File Transfer	Conditionally accepted	File accepted depending on endpoint rules	tmpaccepted

VISULOX PORTAL Service Events

Type	Event	Description	Event variable
Server	Server started	Server has been started / details	serverStart
Server	Server stopped	Server was stopped / details	serverStop
Server	SSL started	VISULOX PORTAL Security SSL has been started	securitySSLStart
Server	SSL stopped	VISULOX PORTAL Security SSL has been stopped	securitySSLStop
Login	Login rejected	VISULOX PORTAL login was rejected for the user / details	loginResultRejected
Login	Login ambigious	Login information ambiguous, common name needed	loginResultAmbiguous
Login	Anonymous login not supported	Login failed, Anonymous login not supported	loginResultAnonymous
Login	Unresolveable user	Login failed, unresolvable user	loginResultUnresolveable
Workspace	Workspace opened	Workspace session has been started / details	webtopSessionStartedDetails
Workspace	Workspace closed	Workspace session has been stopped / details	webtopSessionEndedDetails
Application	Application session started	Application session has been started / details	sessionStartedDetails
Application	Application session stopped	Application session was stopped / details	sessionEndedDetails
VISULOX PORTAL Object	Object modified	VISULOX PORTAL object has been changed	modifySuccess
VISULOX PORTAL Object	Object created	A new VISULOX PORTAL object was created	createSuccess
VISULOX PORTAL Object	Object create failed	Creating an VISULOX PORTALobject failed	createFailure
VISULOX PORTAL Object	Rename successful	VISULOX PORTAL object renamed successfully	renameSuccess
VISULOX PORTAL Object	Object deleted	An VISULOX PORTAL object was deleted	deleteSuccess

Script Interface & Variables

Available script categories

Category	Used as
Notification	These action scripts can be chosen, where application notifications are used (Application Policy).
Pin	These action scripts deliver information for the Multi Factor Authentication (Login Policy).
Report	These are report actions scripts.
Validate	These action scripts can be chosen for validation.
*	These action scripts are available everywhere scripts can be used. The setup provides one script in this category, which allows to dump all variables provided to an action script. This is helpful for testing.

Notification script variables (examples)

The following list contains some useful examples for script variables.

To get the complete list of available variables for a certain action script, the dump script should be used.

Variable	Description
VLXFULLNAME	Full name of the user
VLXSURNAME	Surname of the user
VLXEMAIL	eMail address of the user
VLXSMS	SMS address of the user
VLXOWNER	Owner of the application
VLXGROUPLIST	Group list
VLXUSERPROFILE	Profile of the user
VLXPIN	PIN for Multi Factor Authentication
VLXPIN_FMT	Formatted PIN for Multi Factor Authentication
VLXPIN_SEQUENCE	Sequence number for PIN
VLXPIN_EXPIRATIONTIME	Expiration time with date for the PIN
VLXPIN_LIFETIME	Lifetime for the PIN
VLXPIN_TEXT	PIN text
VLXACCESSPOIN	Access Point
VLXCREATETIME	Creation time
VLXLOG	Path to logs
VLXLOGINUSER	Logged in user
VLXMANAGER	Manager of the user
VLXOBJECT	Name of the object
VLXOWNERID	Owner ID
VLXOWNERSHORT	Short name of the owner
VLXPOLICY	VISULOX policy
VLXREMOTEIP	Remote IP
VLXSMS	SMS of the user
VLXLISTHASH	Hash
VLXCLIENTIP	Client IP address
VLXLANG	Language
VLXSESSIONHOST	Host, where the session was started
VLXCREATETIME_FMT	Time of creation (readable)
VLXSESSIONSTARTTIME	Start time of the sesssion
VLXSESSIONDURATION	Duration of the session
VLXSESSIONDURATION_FMT	Duration of the session (readable)
VLXSESSIONENDTIME	Endtime of the session
VLXSESSIONENDTIME_FMT	Endtime of the session (readable)
VLXAPPLICATION	Application name
VLXRECIPENT	Recipient
VLXTICKETID	Ticket ID of the user
VLXLOGINSCRIPT	Login script
VLXAPPLICATIONUSER	User of the application
VLXBADWORD	Detected keyword in Keyboard recording
VLXEVENTINFO	Event info
VLXCREATEDBY	Created by
VLXCREATEDBYSHORT	Short name of creator

See also:

Exit Codes

In the following table all VISULOX Exit Codes are listed with a short description and the meaning of the code.

Exit code	Short description	Comment
0	SUCCESS	Success
1	FAILURE	Failure
2	WARNING	Warning
3	REJECT	Policy
4	ACCEPT	Policy
5	PASSON	Policy
6	APPLY	Policy
7	EXCLUDE	Policy
8	APPROVAL	Rule
9	ALLOW	Rule
10	ALLOWSPONTAN	Rule
11	ALLOWENDPOINT	Transit rule matches, but endpoint has to be taken into account
12	DENY	Deny action
13	DENYTOOLARGE	Transit: file is too large
14	DENYDIRECTION	Transit: file can not be transferred in this direction
15	DENYFORENDPOINT	Transit: file cannot be handled with this endpoint
16	DENYVIRUS	Transit: file has a virus
17	DENYEMPTY	Transit: file is empty
18	DENYPASSON	Transit: script denies Passon
19	NOMATCHPOLICY	Policy
20	USAGE	Command line usage error
21	DATAERR	Data format error
22	NOINPUT	Cannot open input
23	UNKNOWNUSER	User unknown
24	UNKNOWNHOST	Host name unknown
25	UNAVAILABLE	Service unavailable
26	SOFTWARE	Internal software error
27	LICENSE	License error
28	OSERR	System error (e.g. can't fork)
29	OSFILE	Critical OS file missing
30	CANTCREAT	Can't create (user) output file
31	IOERR	Input/output error
32	TEMPFAIL	Temp failure; user is invited to retry
33	PROTOCOL	Remote error in protocol
34	NOPERM	Permission denied
35	CONFIG	Configuration error
36	INIT	Initialization error
37	SCRIPTERROR	Script execution with error
38	DATABASE	Error during database interaction
39	TIMEOUT	Timeout
40	REGISTRATION	Error on registration
41	XAUTH	Error on setting x11 cookie
42	ZMQERROR	ZeroMQ error
43	CRYPTOERROR	Crypto error
44	STARTREJECTED	Start rejected
45	ALREADYRUNNING	Program already running
46	NOTIMPLEMENTED	Not implemented
47	UNDEFINED	Operation has no defined state yet
48	EXHAUSTED	No resource available anymore
49	LOOKUP	Item not found
50	EMPTY	Unexpected empty result
51	RESTART	Restarting...
52	RETRY	Try again
53	OLDREQUEST	Received reply to a previous request
54	TRANSPORT	Error in transport layer
55	QUORUM	No etcd leader
56	ACCESSPOINTCHECK	Access validation
57	BUSY	Resource temporarily unavailable
100	ACCESSREQUEST	Access Policy Request
200	DISABLED	LDAP cannot get data, because the datasource is disabled
210	APPROVALPASSON	Rule
1000	INFO	Info line in integrity test

Command Line Parameter

VISULOX Command

CODE

visulox <command> [<command-specific args>]

During installation /usr/sbin/visulox is created, which makes it possible to execute the VISULOX Service Command without using the whole path.

Available parameters

Command	Description	Additional commands / args
addon	Command Line Interface to VISULOX Addons	cmdconnect, cmdguard, ftclient, host, script, template
admin	Manage the VISULOX Administration	cockpit, action, message, region, timeprofile
archive	Manage VISULOX Archive Node	-node <>, -set
assignments	Check assignments in policies and applications	app, datastore, policy
attach	Attach a node to the VISULOX Cluster	<hostname>, -location, -zone
cluster	Builds a VISULOX Cluster	data, layout, build -f <> \| -template
cockpit	Start of the VISULOX Cockpit	title <>, lang <>, roles <>, grant <>, groupaccess <>,owner <>, ksr, cdm, kiosk, personal
config	Manage the VISULOX configuration	accesspoint, datasources, dump, edit, env, list, locations,logo, mynodename, rebuild, reset, vap
database	Query the VISULOX Database	list, backup, restore, fields, query, integrity, status -vacuum, rename <>, node <>, table <>, timeout <>
datasource	Manage the VISULOX Datasources	add, check, copy, delete, edit, list
detach	Detach a node from the VISULOX Cluster	server <>, timeout <>
end2end	VISULOX end2end check	off, on, status
etcd	Manage ETCD instances	benchmark, client, del, get, instance, member, node, put, test
export	Export from VISULOX	events, files, sessions
integrity	VISULOX Integrity-Check	sys, lib, cmd, users, portal, ulimit, store, recorder, datasources, license
license	Manage the VISULOX License	list, replace, test, usage (-component <users\|sessions\|recorders\|hostcontrols> -unit <week\|month\|year>)
log	Query VISULOX log database	since <>, until <>, loglevel <>, follow
online	VISULOX online status	getpin, fields (list available fields), -i (ignore case), -object <> (owner or group mask), -application <>, -fields <>, sortby <> (sort by field)
otp	Manage the VISULOX OTP configuration	check <>, key, reset <>, set <>
passcache	Manage the VISULOX Passcache	list, fields, edit, delete
ping	Ping local master or designated worker	id <> (outdated)
policy	Command line interface to the VISULOX Policies	external, login, internal, access, application, transit
portal	Attach / detach VISULOX Service from VISULOX PORTAL Service (See also: VISULOX PORTAL ATTACH Command)	array, config, discover, drop, admin, mode, etc (see: VISULOX-PORTAL Command) visulox portal --help shows all available VISULOX PORTAL and VISULOX commands. With visulox portal admin -user <unixuser> a Unix user can be activated as VISULOX Portal Admin ( It is recommended to set a different user than root!)
pwdmgmt	Manage / list account passwords	expired, mustchange, notify <>, warn
report	Command line interface to VISULOX Report	title <>, mctitle <>, name <>, type <>, xslt <>, metadata <>, query <>, tframe <>, -from<>. -to <>, sql <>, lang <>, filename <>, mailto <>, mailsubject <>, maildescription <>, maildescriptionfile <>, archive <>
reset	Reset local cluster state
restart	Restart VISULOX Service (locally) Use with caution, all sg, sc and scx will be stopped.	-service <>, -timeout <>
start	Start VISULOX Service (locally)	debug
status	Query VISULOX status	diskfree, features, load, monitor, next, servers, services, sessions, uptime, usage, users, workers, server <>, serverfilter <>, print, fields <>
stop	Stop VISULOX Service (locally)	id <>
store	Manage the VISULOX store	attach, changed, detach, disable, enable, extras, get, migrate, missing, next, put, status, slot <>
support	Gather information for support (-info: short report)	directory <>, sys, dump, etc, rt, logs, net, integrity, config, tta
transit	Command line interface to VISULOX Transit Zone (list, import)	list, import, owner, path, rtime
version	Display versions of installed VISULOX packages

With -help or -? the detailed options for a basic command can be displayed.

If more parameters are needed for a command, the available options are always displayed by entering the basic command.

General commands

Parameter	Description
-format <value>	Format of output (text,xml,csv,json,tcl) / Default: <text>
-log <value>	Set loglevel to error, verbose, info or debug / Default: <>
-verbose	More messages on stdout
-run	Run an operation (use only on application request)
-stdin	Get arguments from stdin
--	Forcibly stop option processing
-help / -?	Display commands

Usage

The following examples show the usage of the VISULOX Service Command:

Show VISULOX status

CODE

visulox status

Show license information

CODE

visulox license

Replace license

CODE

visulox license replace -file <path to license file>

List sessions

CODE

visulox status sessions
visulox online

List unassigned applications

CODE

visulox database query -sql "select vlxapplication from external_applications WHERE vlxapplicationgroups = '' AND vlxapplicationusers = ''" -format csv -raw

Transit import & list

CODE

visulox transit import -path /tmp/file.txt  -owner "o=Tarantella System Objects/cn=TestUser"
visulox transit list  -owner "o=Tarantella System Objects/cn=TestUser"

Detach VISULOX Node

CODE

visulox detach <vlx-node.domain>

VISULOX PORTAL ATTACH Command

CODE

visulox portal attach [<command-specific args>]

During installation /usr/sbin/visulox is created, which makes it possible to execute the VISULOX Service Command without using the whole path.

Available parameters

Command	Description
-all	Install all (default)
-portal	Modify VISULOX PORTAL only, write configuration
-examples	setup examples
-attach	Attach VISULOX Service to VISULOX PORTAL Service
-expect	Install expect script only
-webtop	Install webtop script only
-jspconfig	Create VISULOX JSP configuration file
-apacheport <value>	Local port to address Apache. If empty, discovered by webservice configuration <>
-externalport <value>	External port to address Apache. If empty, discovered by httpd.conf <>
-serviceonline <value>	Enable/disable Webtop Enhancements <true>
-adminuser <value>	UNIX user for the VISULOX webservice user in VISULOX PORTAL<vlxwebservice> Deprecated! Configuration parameter portal.admin.user should be used instead.
-adminuid <value>	User ID for the VISULOX admin user in VISULOX PORTAL <610> Deprecated! Configuration parameter portal.admin.uid should be used instead.
-adminpwd <value>	Password for the VISULOX admin user in VISULOX PORTAL <generate>
-adminou <value>	OrgUnit for Webservice user cn=<host name>/<adminou> <>
-version <value>	Force VISULOX PORTAL version <>

General commands

Parameter	Description
-format <value>	Format of output (text,xml,csv,json,tcl) / Default: <text>
-verbose	More messages on stdout
-run	Run an operation (use only on application request)
--	Forcibly stop option processing
-help / -?	Display commands

Usage

The following examples show the usage of the attach command:

Attaching VISULOX Service to VISULOX PORTAL Service

CODE

visulox portal attach

This command checks if login-ens is enabled. If this is the case a local user vlxwebservice (610) with group ttaserv (500) was added to the system. A password was also generated and stored secure.

VISULOX-PORTAL Command

CODE

visulox-portal <command> [<command-specific args>]

During installation /usr/sbin/visulox-portal is created, which makes it possible to execute the VISULOX PORTAL Service Command without using the whole path.

Available parameters

Command	Description
array	Creates and manages arrays of VISULOX PORTAL servers
config	Edits array-wide and server-specific configuration
discover	Discover available resources
drop	Drop discovered resources
emulatorsession	Lists and controls emulator sessions
gateway	Manipulates the VISULOX GATEWAY store
help	Displays this list of commands
info	Shows status information for the local server
object	Manipulates objects in the datastore
passcache	Manipulates the password cache
restart	Restarts VISULOX PORTAL services
role	Configures role occupants and their extra webtop links
security	Controls security services, manages certificates
serverrename	Change the server's peer or external DNS name
service	Edits service object configuration
start	Starts VISULOX PORTAL services
status	Shows the current status of VISULOX PORTAL array members
stop	Stops VISULOX PORTAL services
tokencache	Manipulates the token cache
version	Displays versions of installed VISULOX PORTAL packages
webserver	Controls the VISULOX PORTAL Web Server
webtopsession	Lists and controls webtop sessions

With visulox-portal <subcommand> --help the detailed options for a command can be displayed.

If more parameters are needed for a command, the available options are always displayed by entering the basic command.

Usage

The following examples show the usage of the VISULOX-PORTAL Command:

Show VISULOX PORTAL status

CODE

visulox-portal status

Show version information

CODE

visulox-portal version

List webtop sessions

CODE

visulox-portal webtopsession list

List VISULOX Array members

CODE

visulox-portal array list

Join VISULOX Array member

CODE

visulox-portal array join --primary <hostname> --secondary <hostname>

VISULOX-PORTAL OBJECT Command

visulox-portal object

The visulox-portal object command enables you to create, list, edit, and delete objects in the organizational hierarchy.

You can also add and remove assigned applications links, configure application server load balancing for each application, and add and remove group members.

Syntax

CODE

visulox-portal object add_host | add_link | add_mapping | add_member |
delete | edit | list_attributes | list_contents |new_charapp | new_container | 
new_dc | new_doc | new_dynamicapp | new_group | new_host | new_org |
new_orgunit | new_person | new_windowsapp | new_xapp | remove_host | 
remove_link | remove_mapping | remove_member | rename | script

Description

Available subcommands for this command.

CODE

add_host 		Adds application servers to the lst of those that can run an application.
add_link 		Adds assigned applications links.
add_member 		Adds members to a group.
delete 			Permanently deletes objects from the organizational hierarchy.
edit 			Edits attributes for an object
list_attributes Lists attributes of an object.
list_contents 	Lists the contents of container object, such as an OU or an organization.
new_charapp 	Creates character application objects.
new_container 	Creates Active Directory container objects.
new_dc 			Creates domain component objects.
new_doc			Creates document objects.
new_group 		Creates group objects
new_host 		Creates application server objects.
new_org 		Creates organization objects.
new_orgunit 	Creates organizational unit objects.
new_person 		Creates user profile objects.
new_windowsapp 	Creates Windows application objects.
new_xapp 		Creates X application objects
remove_host 	Removes application servers from those that can run an application.
remove_link 	Removes assigned applications links
remove_mapping 	Removes mappings for a dynamic application
remove_member 	Removes members from groups.
rename 			Renames or moves an object.
script 			Runs a batch script of object commands

All commands include a --help option. You can use visulox-portal object subcommand --help to get help on a specific command.

Examples

The following example lists the objects that belong to the organizational unit Sales.

CODE

visulox-portal object list_contents --name "o=Example/ou=Sales"

Naming Objects in the Organizational Hierarchy

When an object is created in the VISULOX Portal Console, any characters can be chosen for the name of the object, apart from backslash (\) or plus (+).

On the command line, if a forward slash is used in an object name, backslash protect is needed, or it has to be escaped. This is because VISULOX Portal interprets the forward slash as a part of the organizational hierarchy.
For example, if an object should be created with the relative name cn=a/b beneath o=organization, the portal tries to create an object called b within o=organization/cn=a.
This fails because o=organization/cn=a does not exist. To create an object with this name, enter cn=a\/b.

On the command line, if the name of an object includes spaces, make sure the name is enclosed in quotes, for example ".../_ens/o=Example Organization".

With the tarantella object command, any name in the local repository is treated as case insensitive.

When you create or rename an object, the case used is preserved. However, other commands, such as the tarantella webtopsession and tarantella emulatorsession commands, are case sensitive.

visulox-portal object add_host

Adds application servers to the list of those that can run an application, for application server load balancing.

Syntax

CODE

visulox-portal object add_host { --name obj... --host hobj... } | --file file

Description

Available options for this command.

CODE

--name 	The names of application objects you want to configure load balancing for.
--host 	The names of application server objects you want to add to the load balancing pool.
--file 	A file containing a batch of commands to configure application server load balancing.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example adds the application server rome to the load balancing pool for the application Slide-o-Win.

CODE

visulox-portal object add_host --name "o=applications/cn=Slide-o-Win" --host "o=appservers/ou=Sales/cn=rome"

The following example adds the group WinHosts to the load balancing pool for the applications Write-o-Winand Slide-o-Win.
Load balancing is performed across all the application servers in WinHosts.

CODE

visulox-portal object add_host --name "o=applications/cn=Write-o-Win" "o=applications/cn=Slide-o-Win" --host "o=appservers/cn=WinHosts"

visulox-portal object add_link

Adds assigned applications links for an object.

Syntax

CODE

visulox-portal object add_link { --name obj... --link lobj... } | --file file

Description

Available options for this command.

CODE

--name 	The names of objects you want to add assigned applications links for.
--link 	The names of assigned applications links you want to add.
--file 	A file containing a batch of commands to add assigned applications links.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example adds the Write-o-Win application to Violet Carson's assigned applications.

CODE

visulox-portal object add_link --name "o=Example/ou=Sales/cn=Violet Carson"  --link "o=applications/cn=Write-o-Win"

The following example adds the group Applications to the assigned applications of the organizational units Sales and Marketing.
Everyone who inherits assigned applications from one of these OUs, for example, they belong to that OU and inherit assigned applications from parent
is selected for their user profile object, sees all the applications in the group in their assigned applications.

CODE

visulox-portal object add_link --name "o=Example/ou=Sales" --name "o=Example/ou=Marketing" --link "o=applications/cn=Applications"

visulox-portal object add_member

Adds objects to groups.

Syntax

CODE

visulox-portal object add_member { --name obj... --member mobj... } | --file file

Description

Available options for this command.

CODE

--name 		Specifies the names of group objects you want to add members for.
--member 	Specifies the names of objects you want to add to the groups.
--file 		Specifies a file containing a batch of commands to add group members.

CODE

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example adds the Write-o-Win application to the group Applications.

CODE

visulox-portal object add_member --name "o=applications/cn=Applications" --member "o=applications/cn=Write-o-Win"

The following example adds the three application server objects rome, brussels, and berlin to the group WinHosts.
This group can be added to an application's Hosting applications Servers Tab to perform load balancing between the application servers.
From the command line, use visulox-portal object add host.

CODE

visulox-portal object add_member --name "o=appservers/cn=WinHosts" --member "o=appservers/ou=Sales/cn=rome" \
"o=appservers/cn=brussels" "o=appservers/ou=Marketing/cn=berlin"

visulox-portal object delete

Permanently deletes objects from the organizational hierarchy.

Syntax

CODE

visulox-portal object delete { --name obj [ --children ] } | --file file

Description

Available options for this command.

CODE

--name 		Specifies the name of the object you want to delete.
--children 	When deleting organizational units, Active Directory containers or domain components, confirms that you want to 
			delete the object and all objects that belong to it, recursively. As a afeguard, it is impossible to delete an 
			organizational unit, Active Directory container or domain component without specifying --children.
--file 		Specifies a file containing a batch of commands to delete objects.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example removes the user profile object for Violet Carson.

CODE

visulox-portal object delete --name "o=Example/ou=Sales/cn=Violet Carson"

The following example deletes the organizational unit Sales.

CODE

visulox-portal object delete --name "o=Example/ou=Sales" --children

visulox-portal object edit

Edits the attributes of an object in the organizational hierarchy.

Syntax

CODE

visulox-portal object edit { --name obj { --attribute [value] }... } | --file file

Description

Available options for this command.

CODE

--name 						Specifies the name of the object you want to edit the attributes of.
{--attribute [value]}... 	Specifies the attribute names you want to edit, and their new values.
							The valid attributes depend on the type of object. 
							See the visulox-portal object new_object_type documentation for the appropriate list.
							For example, when editing attributes for an application object you can specify --displayusing 
							to edit the attribute. If you omit value for an attribute, it is deleted from the object.
--file 						Specifies a file containing a batch of commands to edit attributes.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example changes the “Inherit Assigned Applications from Parent” attribute for the organizational unit Sales.

CODE

visulox-portal object edit --name "o=Example/ou=Sales" --inherit false

visulox-portal object list_attributes

Lists the attributes of an object in the organizational hierarchy.

Syntax

CODE

visulox-portal object list_attributes { --name obj [ --attribute... ]} | --file file

Description

Available options for this command.

CODE

--name 						Specifies the name of the object you want to list the attributes of.
{--attribute [value]}... 	Specifies the attribute names you want to list. The valid attributes depend on the type of object. 
							See the visulox-portal object new_object_type documentation for the appropriate list.
							For example, when listing attributes for an application object you can specify --displayusing to edit the attribute.
--file 						Specifies a file containing a batch of commands to list attributes.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example lists all attributes for the Sales organizational unit.

CODE

visulox-portal object list_attributes --name "o=Example/ou=Sales"

The following example lists the Email Address and Login attributes for the user profile object for Rusty Spanner.

CODE

visulox-portal object list_attributes --name "o=Example/ou=IT/cn=Rusty Spanner" --email –enabled

visulox-portal object list_contents

Lists the objects that belong to a container object in the organizational hierarchy, such as an organization or organizational unit (OU).

Syntax

CODE

visulox-portal object list_contents { --name obj }| --file file

Description

Available options for this command.

CODE

--name 	Specifies the name of the object you want to list the contents of.
--file 	Specifies a file containing a batch of commands to list object contents.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example lists all the objects within the organizational unit Sales.

CODE

visulox-portal object list_contents --name "o=Example/ou=Sales"

visulox-portal object new_charapp

Creates one or more character application objects.

Syntax

CODE

visulox-portal object new_charapp {
--name obj
--emulator scocon|vt420|wyse60
--termtype type
--width pixels
--height pixels
[ --description text ]
[ --app pathname ]
[ --args args ]
[ --appserv obj... ]
[ --method telnet|ssh ]
[ --resumable never|session|always ]
[ --maxinstances 0|instances ]
[ --displayusing independent|kiosk ]
[ --maximize true|false ]
[ --cols cols ]
[ --lines lines ]
[ --icon icon_name ]
[ --hints hint...]
[ --font courier|helvetica|timesroman ]
[ --fontsize points ]
[ --fixedfont true|false ]
[ --autowrap true|false ]
[ --cursor off|block|underline ]
[ --statusline none|indicator|hostmessages|standard|extended ]
[ --scrollstyle line|multiple|smooth ]
[ --border normal|indented|raised ]
[ --answermsg message ]
[ --appkeymode true|false ]
[ --keypad numeric|application ]
[ --cursorkeys application|cursor ]
[ --escape 7-bit|8-bit ]
[ --codepage 437|850|852|860|863|865|8859-1|8859-2|Multinational|Mazovia|CP852 ]
[ --ldapusers user_dn... ]
[ --ldapgroups group_dn... ]
[ --ldapsearch search_string... ]
[ --loadbal default|cpu|memory|sessions ]
[ --compression automatic|on|off ]
[ --env setting... ]
[ --login script ]
[ --keymap keymap ]
[ --attributemap attrmap ]
[ --colormap colormap ]
[ --resumetimeout mins ]
[ --windowclose suspendsession|endsession ]
[ --ssharguments args ]
} | --file file

Description

Available options for this command.

CODE

--name 			The common name of the object in the datastore.
--emulator 		The type of emulation required for the application.
--termtype 		The terminal type required for the application.
--width 		The width of the application, in pixels.
--height 		The height of the application, in pixels.
--description 	A text description of the object.
--app 			Full path name of the application.
--args 			The command-line arguments to use when starting the application.
--appserv 		The application servers that can run the application.
--method 		The mechanism used by the VISULOX Portal server to access the application server and start the application.
--resumable 	Resumability behavior for the application.
--maxinstances 	The maximum number of instances of the application a user can run simultaneously.
--displayusing 	How the application is displayed to the user.
--maximize 		The initial size of the application.
--cols 			The number of columns in the terminal window.
--lines 		The number of lines in the terminal window.
--icon 			Workspace icon for the application.
--hints 		String containing additional name-value data for the application.
--font 			Determines the font family used within the terminal window for the application
--fontsize 		Defines the font size in the terminal window.
--fixedfont 	Uses the font size specified by --fontsize for the terminal window.
--autowrap 		Determines the behavior when a user types characters extending beyond the right edge of the terminal window.
--cursor 		Cursor style used for the application.
--statusline 	Specifies the type of status line.
--scrollstyle 	The scroll behavior of the terminal window.
--border 		The border style for the terminal window.
--answermsg 	Defines the message to return when an inquiry is sent from the application server to the emulator.
--appkeymode 	Determines whether the application can change the codes generated by keys on the keyboard.
--keypad 		Specifies the behavior of the cursor keys
--cursorkeys 	Specifies the behavior of the cursor keys.
--escape 		Specifies how escape sequences are sent from the emulator to the application server.
--codepage 		The code page to use for the emulator.
--ldapusers 	Assigns the application to the specified LDAP users.
--ldapgroups 	Assigns the application to the specified LDAP groups.
--ldapsearch 	Assigns the application to the users that match the LDAP search criteria.
--loadbal 		Load balancing algorithm to use.
--compression 	Whether the AIP protocol compresses commands for transmission.
--env 			Environment variable settings needed to run the application.
--login 		The login script used to start the application.
--keymap 		Path name of a keyboard map file.
--attributemap 	The attribute map to use for the application.
--colormap 		The color map to use for the application.
--resumetimeout Number of minutes the application is resumable for.
--windowclose 	Effect on application session of closing the main application window.
--ssharguments 	Command-line arguments for the ssh client.
--file 			Batch file used to create multiple objects within the organizational hierarchy.

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a character application object for the application Pers-o-dat.
The application can be run on the application servers prague and london. Application server load balancing decides which application server to use.

CODE

visulox-portal object new_charapp --name "o=applications/cn=Pers-o-dat" --emulator vt420 --termtype vt220 \
--width 400 --height 300 --app /bin/persodat --appserv "o=appservers/cn=prague" "o=appservers/ou=IT/cn=london"

visulox-portal object new_container

Creates one or more Active Directory container objects.

Syntax

CODE

visulox-portal object new_container { --name obj } | --file file

Description

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new Active Directory container object with name Users, within the example.com domain components.

CODE

visulox-portal object new_container --name "dc=com/dc=example/cn=Users"

The following example creates two Active Directory container objects using a batch script defined as a “here-document”. You can alternatively store the batch script in a file, and reference it using --file filename.

CODE

visulox-portal object new_container --file - <<EOF
--name "dc=com/dc=example/cn=Users"
--name "dc=com/dc=example/cn=Applications"
EOF

visulox-portal object new_dc

Creates one or more domain component objects.

Syntax

CODE

visulox-portal object new_dc { --name obj } | --file file

Description

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new domain component object with name com, at the top level of the organizational hierarchy.

CODE

visulox-portal object new_dc --name "dc=com"

The following example creates two domain component objects using a batch script defined as a “heredocument”.

You can alternatively store the batch script in a file, and reference it using --file filename.

CODE

visulox-portal object new_dc --file - <<EOF
--name "dc=com"
--name "dc=com/dc=example"
EOF

visulox-portal object new_doc

Creates one or more document objects.

Syntax

CODE

visulox-portal object new_doc {
--name obj
--url url
[ --description text ]
[ --newbrowser true|false ]
[ --icon icon_name ]
[ --hints hint...]
[ --ldapusers user_dn... ]
[ --ldapgroups group_dn... ]
[ --ldapsearch search_string... ]
} | --file file

Description

Available options for this command.

CODE

--name 			The name of the document object.
--url 			URL displayed when document object link is clicked.
--description	A text description of the object.
--newbrowser 	Displays the document in a new browser window.
--icon 			Workspace icon for the application.
--hints 		String containing additional name-value data for the application.
--ldapusers 	Assigns the application to the specified LDAP users.
--ldapgroups 	Assigns the application to the specified LDAP groups.
--ldapsearch 	Assigns the application to the users that match the LDAP search criteria.
--file 			A file containing a batch of commands to configure application server load balancing.

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new document object named PhoneList.

CODE

visulox-portal object new_doc \
--name "o=applications/ou=Finance/ou=Administration/cn=Phone List" \
--url http://newyork.example.com \
--newbrowser false

The following example creates two document objects using a batch script defined as a “here-document”. You can alternatively store the batch script in a file, and reference it using --file filename.

CODE

visulox-portal object new_doc --file - <<EOF
--name "o=applications/ou=Finance/ou=Administration/cn=Phone List"
--url http://newyork.example.com
--newbrowser false
--name "o=applications/cn=Example web site"
--url http://www.example.com
--newbrowser true
EOF

visulox-portal object new_group

Creates one or more group objects.

Syntax

CODE

visulox-portal object new_group {
--name obj
[ --description text ]
[ --member obj... ]
[ --ldapusers user_dn... ]
[ --ldapgroups group_dn... ]
[ --ldapsearch search_string... ]
} | --file file

Description

Available options for this command.

CODE

--name 			The name of the group object.
--description 	A text description of the object.
--member 		Member of the group object.
--ldapusers 	Assigns the application to the specified LDAP users.
--ldapgroups 	Assigns the application to the specified LDAP groups.
--ldapsearch 	Assigns the application to the users that match the LDAP search criteria.
--file 			A file containing a batch of commands to configure application server load balancing.

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new group object with common name WinHosts, belonging to the organization object appservers.
The group's members are the application server objects for the application servers rome, brussels, and berlin.

CODE

visulox-portal object new_group --name "o=appservers/cn=WinHosts" \
--member "o=appservers/ou=Sales/cn=rome" "o=appservers/cn=brussels" \
"o=appservers/ou=Marketing/cn=berlin"

The following example creates three group objects using a batch script defined as a “here-document”. The groups have no members. You can use “visulox-portal object add member” to add members

later from the command line. You can alternatively store the batch script in a file, and reference it using --file filename.

CODE

visulox-portal object new_group --file - <<EOF
visulox-portal object new_host
--name "o=appservers/cn=WinHosts"
--name "o=appservers/cn=UNIXHosts"
--name "o=applications/cn=Applications"
EOF

visulox-portal object new_host

Creates one or more of the following objects:

Application server.
Dynamic application server.
Oracle VM hypervisor host.
VirtualBox hypervisor host.

Syntax

For an application server object, use the following syntax:

CODE

visulox-portal object new_host {
--name obj
[ --address address ]
[ --description text ]
[ --ntdomain dom ]
[ --available true|false ]
[ --auth trytta|nevertrytta|default ]
[ --location location ]
[ --hostlocale ll_tt ]
[ --maxcount count ]
[ --userassign spec ]
[ --sgdpermittedauthtypes types ]
} | --file file

For a dynamic application server object, use the following syntax:

CODE

visulox-portal object new_host {
--name obj
--dynamic
[ --description text ]
[ --auth trytta|nevertrytta|default ]
[ --vsbclass classname ]
[ --vsbparams params ]
[ --sgdpermittedauthtypes types ]
} | --file file

For an Oracle VM hypervisor host object, use the following syntax:

CODE

visulox-portal object new_host {
--name obj
--address address
--ovm
[ --description text ]
[ --available true|false ]
[ --auth trytta|nevertrytta|default ]
[ --vmsubnet network-address/mask ]
[ --ovmtags tag... ]
[ --ovmpools pool... ]
[ --ovmservers server-name... ]
[ --vmnames vm-name... ]
[ --vmostypes os-type... ]
[ --maxcount count ]
[ --userassign spec ]
[ --sgdpermittedauthtypes types ]
} | --file file

For a VirtualBox hypervisor host object, use the following syntax:

CODE

visulox-portal object new_host {
--name obj
--address address
--vbox
[ --description text ]
[ --available true|false ]
[ --auth trytta|nevertrytta|default ]
[ --vmsubnet network-address/mask ]
[ --vboxgroups group... ]
[ --vmnames vm-name... ]
[ --vmostypes os-type... ]
[ --maxcount count ]
[ --userassign spec ]
[ --sgdpermittedauthtypes types ]
} | --file file

Description

Available options for this command.

CODE

--name 					The names of objects you want to add assigned applications links for.
--address 				Network address of the application server. For hypervisor hosts, enter the web services URL.
--dynamic 				Create a dynamic application server.
--ovm 					Create an Oracle VM hypervisor host.
--vbox 					Create a VirtualBox hypervisor host.
--description 			A text description of the object.
--ntdomain 				The Windows domain used for application server authentication.
--available 			Specifies whether applications can run on this application server.
--auth 					Specifies the policy for authenticating users on the application server, if no password is already cached for that server.
--location 				String describing the location of the application server. Used for load balancing.
--hostlocale 			Default language setting for the application server.
--vsbclass 				Fully qualified class name for the virtual server broker (VSB). Dynamic application servers only.
--vsbparams 			Parameters passed to the VSB. Dynamic application servers only.
--vmsubnet 				Connect only to VMs which use an IP address on the specified subnet. Oracle VM hypervisor hosts and VirtualBox hypervisor hosts only.
--ovmtags 				Tags used for VM selection criteria. Oracle VM hypervisor hosts only.
--ovmpools 				Server pool names used for VM selection criteria. Oracle VM hypervisor hosts only.
--ovmservers 			Oracle VM Server names used for VM selection criteria. Oracle VM hypervisor hosts only.
--vmnames 				VM names used for VM selection criteria. Oracle VM hypervisor hosts and VirtualBox hypervisor hosts only.
--vmostypes 			Operating system (OS) types used for VM selection criteria. Oracle VM hypervisor hosts and VirtualBox hypervisor hosts only.
--vboxgroups 			Oracle VM VirtualBox groups used for VM selection criteria. VirtualBox hypervisor hosts only.
--maxcount 				Maximum number of application sessions that can be run concurrently on the application server.
--userassign 			Specifies the users that can run applications on the application server.
--sgdpermittedauthtypes Specifies the authentication methods which are allowed for this application server.
--file 					A file containing a batch of commands to add assigned applications links.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example creates a new application server object with common name paris, belonging to the organizational unit object Finance, which must already exist.

CODE

visulox-portal object new_host --name "o=appservers/ou=Finance/cn=paris" \
--address paris.example.com --auth default --location Europe-north

The following example creates a new dynamic application server object MyBroker that uses the Userdefined VISULOX Portal broker.

CODE

visulox-portal object new_host --dynamic --name "o=appservers/cn=MyBroker" \
--vsbclass com.sun.sgd.vsbim.UserDefinedSGDBroker

The following example creates a new dynamic application server object MyVDIBroker that uses the VDI broker. A list of preferredhosts is configured for the broker.

CODE

visulox-portal object new_host --dynamic --name "o=appservers/cn=MyVDIBroker" \
--vsbclass com.oracle.sgd.vsbim.OracleVDIVirtualServerBroker \
--vsbparams "preferredhosts=\"https://vdihost1.com:1802/client,https://vdihost2.com:1802/client,https://vdihost3.com:1802/client\""

The following example creates a new Oracle VM hypervisor object ovm1 that connects to the Oracle VM Manager host ovm-mgr.example.com on TCP port 7002.
Only VMs which have a tag of marketing or sales are used by VISULOX Portal.

CODE

visulox-portal object new_host --ovm --name "o=appservers/cn=ovm1" \
--address "https://ovm-mgr.example.com:7002/ovm/core/wsapi/rest" --ovmtags "marketing,sales"

The following example creates a new Oracle VM hypervisor object ovm1 that connects to the Oracle VM Manager host ovm-mgr.example.com on TCP port 7002.
Only VMs which have an IP address on the specified subnet are used by VISULOX Portal.

CODE

visulox-portal object new_host --ovm --name "o=appservers/cn=ovm1" \
--address "https://ovm-mgr.example.com:7002/ovm/core/wsapi/rest" --vmsubnet 192.0.2.0/24

The following example creates a new VirtualBox hypervisor object vbox1 that connects to the Oracle VM VirtualBox host vbox.example.com.
Only VMs which are members of the Oracle VM VirtualBox groups support or sales are used by VISULOX Portal.

CODE

visulox-portal object new_host --vbox --name "o=appservers/cn=vbox1" \
--address "https://vbox.example.com:18083" --vboxgroups "support,sales"

The following example creates three application server objects using a batch script defined as a “here-document”.
Alternatively, you can store the batch script in a file, and reference it using --file filename.

CODE

visulox-portal object new_host --file - <<EOF
--name "o=appservers/ou=Finance/cn=paris"
--address paris.example.com
--name "o=appservers/cn=brussels"
--address brussels.example.com
--name "o=appservers/ou=IT/cn=london"
--address london.example.com
EOF

visulox-portal object new_org

Syntax

Creates one or more organization objects.

CODE

visulox-portal object new_org {
--name obj
[ --description text ]
[ --conntype type_spec... ]
[ --cdm drive_spec... ]
[ --userprintingconfig true|false ]
[ --mapprinters 2|1|0 ]
[ --pdfenabled 1|0 ]
[ --pdfviewerenabled 1|0 ]
[ --pdfdriver driver_name ]
[ --pdfisdefault 1|0 ]
[ --pdfviewerisdefault 1|0 ]
[ --links obj... ]
[ --editprofile 2|1|0 ]
[ --clipboard 2|1|0 ]
[ --serialport 2|1|0 ]
} | --file file

Description

Available options for this command.

CODE

--name 					The name of the organization object in the VISULOX Portal datastore.
--description 			A text description of the object.
--conntype 				The connections that are allowed between the client device and the VISULOX Portal server.
--userprintingconfig 	Enables user-specific printing configuration.
--mapprinters 			The client printers users can print to when printing from Windows applications.
--pdfenabled 			Enables users to print using the VISULOX Portal “Universal PDF Printer” printer when printing from Windows applications.
--pdfviewerenabled 		Enables users to print using the VISULOX Portal “Universal PDF Viewer” printer when printing from Windows applications.
--pdfdriver 			The printer driver to use for VISULOX Portal PDFprinting when printing from Windows applications.
--pdfisdefault 			Sets the VISULOX Portal “Universal PDF Printer” printer as the client's default printer when printing from Windows applications.
--pdfviewerisdefault 	Sets the VISULOX Portal “Universal PDF Viewer” printer as the client's default printer when printing from Windows applications.
--links 				Defines assigned applications links.
--editprofile 			Whether users can create and edit profiles for use with the Native Client.
--clipboard 			Whether users can use copy and paste in Windows or X application sessions.
--serialport 			Whether users can access the serial ports on a client device from a Windows application.
--file 					Batch file used to create multiple objects within the organizational hierarchy.

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new organization object with name Example.
Connections for all users in the organization are secure (SSL-based) unless the OU or user profile objects are configured to give a different type of connection.

CODE

visulox-portal object new_org --name "o=Example" --conntype '*:*:SSL'

The following example creates two organization objects using a batch script defined as a “here-document”.
You can alternatively store the batch script in a file, and reference it using --file filename.

CODE

visulox-portal object new_org --file - <<EOF
--name "o=Example"
--name "o=Example Services"
EOF

visulox-portal object new_orgunit

Creates one or more organizational unit (OU) objects

Syntax

CODE

visulox-portal object new_orgunit {
--name obj
[ --description text ]
[ --inherit true|false ]
[ --conntype type_spec... ]
[ --cdm drive_spec... ]
[ --userprintingconfig 1|0 ]
[ --mapprinters 2|1|0 ]
[ --pdfenabled 1|0 ]
[ --pdfviewerenabled 1|0 ]
[ --pdfdriver driver_name ]
[ --pdfisdefault 1|0 ]
[ --pdfviewerisdefault 1|0 ]
[ --links obj... ]
[ --editprofile 2|1|0 ]
[ --clipboard 2|1|0 ]
[ --serialport 2|1|0 ]
} | --file file

Description

The following table shows the available options for this command.

CODE

--name 					The name of the organizational unit object in the VISULOX Portal datastore.
--description 			A text description of the object.
--inherit 				Whether the assigned applications for the object also includes the assigned applications for the object's parent.
--conntype 				The connections that are allowed between the client device and the VISULOX Porion servers.
--userprintingconfig 	Enables user-specific printing configuration.
--mapprinters 			The client printers users can print to when printing from Windows applications.
--pdfenabled 			Enables users to print using the VISULOX Portal “Universal PDF Printer” printer when printing from Windows applications.
--pdfviewerenabled 		Enables users to print using the VISULOX Portal “Universal PDF Viewer” printer when printing from Windows applications.
--pdfdriver 			The printer driver to use for VISULOX Portal PDF printing when printing from Windows applications.
--pdfisdefault 			Sets the VISULOX Portal “Universal PDF Printer” printer as the client's default printer when printing from Windows applications.
--pdfviewerisdefault 	Sets the VISULOX Portal “Universal PDF Viewer” printer as the client's default printer when printing from Windows applications.
--links 				Defines the assigned applications for an object.
--editprofile 			Whether users can create and edit profiles for use with the Native Client.
--clipboard 			Whether users can use copy and paste in Windows or X application sessions.
--serialport 			Whether users can access the serial ports on a client device from a Windows application.
--file 					Batch file used to create multiple objects within the organizational hierarchy.

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new OU object with the name IT, belonging to the organization object Example, which must already exist.
This OU inherits assigned applications from its parent, the organization object.
Connections for all users in the OU are secure (SSL-based) unless their user profile objects are configured to give a different type of connection.

CODE

visulox-portal object new_orgunit --name "o=Example/ou=IT" --inherit true --conntype '*:*:SSL'

The following example creates three OU objects using a batch script defined as a “here-document”.
The OU Administration belongs to the OU Finance, just created. You can alternatively store the batch script in a file, and reference it using --file filename.

CODE

visulox-portal object new_orgunit --file - <<EOF
--name "o=Example/ou=IT"
--name "o=Example/ou=Finance"
--name "o=Example/ou=Finance/ou=Administration"
EOF

visulox-portal object new_person

Creates one or more user profile objects.

Syntax

CODE

visulox-portal object new_person {
--name obj
--surname surname
[ --description text ]
[ --user user ]
[ --email name@domain ]
[ --ntdomain dom ]
[ --inherit true|false ]
[ --shared true|false ]
[ --enabled true|false ]
[ --conntype type_spec... ]
[ --cdm drive_spec... ]
[ --keymap keymap ]
[ --bandwidth limit ]
[ --links obj... ]
[ --userprintingconfig 1|0 ]
[ --mapprinters 2|1|0 ]
[ --pdfenabled 1|0 ]
[ --pdfviewerenabled 1|0 ]
[ --pdfdriver driver_name ]
[ --pdfisdefault 1|0 ]
[ --pdfviewerisdefault 1|0 ]
[ --editprofile 2|1|0 ]
[ --clipboard 2|1|0 ]
[ --serialport 2|1|0 ]
} | --file file

Description

Available options for this command.

CODE

--name 					The common name of the object in the VISULOX Portal datastore.
--surname 				The surname, or family name, for the user profile.
--description 			A text description of the object.
--user 					The user name for the user profile. This is typically their UNIX system user name.
--email 				The email address for the user profile.
--ntdomain 				The Windows domain used for application server authentication.
--inherit 				Whether the assigned applications for the object also includes the assigned applications for the object's parent.
--shared 				Whether the user profile object is used by a single user, or can be shared by multiple users in the form of a “guest” account.
--enabled 				Whether someone can log in using this user profile object.
--conntype 				Defines the connections that are allowed between the client device and the VISULOX Portal server.
--bandwidth 			The maximum bandwidth this person can use for applications.
--links 				Defines the assigned applications for an object.
--userprintingconfig 	Enables user-specific printing configuration.
--mapprinters 			The client printers users can print to when printing from Windows applications.
--pdfenabled 			Enables users to print using the VISULOX Portal “Universal PDF Printer” printer when printing from Windows applications.
--pdfviewerenabled 		Enables users to print using the VISULOX Portal “Universal PDF Viewer” printer when printing from Windows applications.
--pdfdriver 			The printer driver to use for VISULOX Portal PDF printing when printing from Windows applications.
--pdfisdefault 			Sets the VISULOX Portal “Universal PDF Printer” printer as the client's default printer when printing from Windows applications.
--pdfviewerisdefault 	Sets the VISULOX Portal “Universal PDF Viewer” printer as the client's default printer when printing from Windows applications.
--editprofile 			Whether users can create and edit profiles for use with the VISULOX Portal Client.
--clipboard 			Whether users can use copy and paste in X or Windows application sessions.
--serialport 			Whether users can access the serial ports on a client device from a Windows application.
--file 					Batch file used to create multiple objects within the organizational hierarchy.

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new user profile object for Indigo Jones. Indigo inherits assigned applications from the organization object.

CODE

visulox-portal object new_person --name "o=Example/cn=Indigo Jones" \
--surname Jones --user indigo --email indigo@example.com --inherit true

The following example creates three user profile objects using a batch script defined as a “here-document”.
You can alternatively store the batch script in a file, and reference it using --file filename.

CODE

visulox-portal object new_person --file - <<EOF
--name "o=Example/cn=Indigo Jones" --surname Jones
--name "o=Example/ou=IT/cn=Bill Orange" --surname Orange
--name "o=Example/ou=Finance/cn=Mulan Rouge" --surname Rouge
EOF

visulox-portal object new_windowsapp

Creates one or more Windows application objects.

Syntax

CODE

visulox-portal object new_windowsapp {
--name obj
--width pixels
--height pixels
[ --description text ]
[ --winproto wts|none ]
[ --ntdomain dom ]
[ --app pathname ]
[ --args args ]
[ --appserv obj... ]
[ --workingdir dir ]
[ --resumable never|session|always ]
[ --displayusing independent|kiosk|seamless ]
[ --maxinstances 0|instances ]
[ --maximize true|false ]
[ --scalable true|false ]
[ --depth 8|16|24/32 ]
[ --icon icon_name ]
[ --hints hint...]
[ --compression automatic|on|off ]
[ --execution automatic|inorder|optimized ]
[ --interlaced automatic|on|off ]
[ --enhancedgraphics 1|0 ]
[ --delayed true|false ]
[ --login script ]
[ --protoargs args ]
[ --resumetimeout mins ]
[ --middlemouse ms ]
[ --dpi monitordpi ]
[ --loadbal default|cpu|memory|sessions ]
[ --ldapusers user_dn... ]
[ --ldapgroups group_dn... ]
[ --ldapsearch search_string... ]
[ --clipboardlevel level ]
[ --windowclose suspendsession|endsession ]
[ --cdm drive_spec... ]
[ --appprintingconfig 1|0 ]
[ --mapprinters 2|1|0 ]
[ --pdfenabled 1|0 ]
[ --pdfviewerenabled 1|0 ]
[ --pdfdriver driver_name ]
[ --pdfisdefault 1|0 ]
[ --pdfviewerisdefault 1|0 ]
[ --allowkioskescape true|false ]
[ --swmopts true|false ]
[ --console 1|0 ]
[ --remotewindowkeys true|false ]
[ --disablewallpaper 1|0 ]
[ --disablefullwindowdrag 1|0 ]
[ --disablemenuanimations 1|0 ]
[ --disabletheming 1|0 ]
[ --disablecursorshadow 1|0 ]
[ --disablecursorsettings 1|0 ]
[ --enablefontsmoothing 1|0 ]
[ --noprintprefs 1|0 ]
[ --remoteaudio 1|0 ]
[ --enhancednetworksecurity 1|0 ]
[ --ssoauth 2|1|0 ]
} | --file file

Description

The following table shows the available options for this command.

CODE

--name 						The common name of the object in the VISULOX Portal datastore.
--width 					The width of the application, in pixels.
--height 					The height of the application, in pixels.
--description 				A text description of the object.
--winproto 					Whether to run the Windows application from an application server using Remote Desktop Protocol.
--ntdomain 					The Windows domain to use for the application server authentication process.
--app 						Full path name of the application.
--args 						The command-line arguments to use when starting the application.
--appserv 					The application servers that can run the application.
--workingdir 				Working directory to be used by the application.
--resumable 				Resumability behavior for the application.
--displayusing 				How the application is displayed to the user.
--maxinstances 				The maximum number of instances of the application a user can run simultaneously.
--maximize 					The initial size of the application.
--scalable 					Scale the application to fit the window in which it is displayed.
--depth 					Color depth for the application.
--icon 						Workspace icon for the application.
--hints 					String containing additional namevalue data for the application.
--compression 				Whether the AIP protocol compresses commands for transmission.
--execution 				Whether the AIP protocol always executes commands in order, or optimizes commands for performance reasons.
--interlaced 				Enables interlaced image transmission.
--enhancedgraphics 			Enables enhanced graphics for the application's display.
--delayed 					Enables delayed updates of the application's display.
--login 					The login script used to start the application.
--protoargs 				Command-line arguments used for the VISULOX Portal Remote Desktop Client.
--resumetimeout 			Number of minutes the application is resumable for.
--middlemouse 				Timeout for emulating a middle mouse button click using a twobutton mouse.
--dpi 						Monitor resolution that VISULOX Portal reports to X applications.
--loadbal 					Load balancing algorithm to use.
--ldapusers 				Assigns the application to the specified LDAP users.
--ldapgroups 				Assigns the application to the specified LDAP groups.
--ldapsearch 				Assigns the application to the users that match the LDAP search criteria.
--clipboardlevel 			Clipboard security level for the application.
--windowclose 				Effect on application session of closing the main application window.
--appprintingconfig 		Enables application-specific printing configuration.
--mapprinters 				The client printers users can print to when printing from the application.
--pdfenabled 				Enables users to print using the VISULOX Portal “Universal PDF Printer” printer when printing from the application.
--pdfviewerenabled 			Enables users to print using the VISULOX Portal “Universal PDF Viewer” printer when printing from the application.
--pdfdriver 				The printer driver to use for VISULOX Portal PDF printing when printing from the application.
--pdfisdefault 				Sets the VISULOX Portal “Universal PDF Printer” printer as the client's default printer when printing from the application.
--pdfviewerisdefault 		Sets the VISULOX Portal “Universal PDF Viewer” printer as the client's default printer when printing from the application.
--allowkioskescape 			Enables a pull-down header for kiosk mode applications.
--swmopts 					Enables local window hierarchy for applications displayed in seamless windows mode. Needed for compatibility with some Borland applications.
--console 					Starts the application in console mode, also called remote administration mode.
--remotewindowkeys 			Sends window management key strokes to the remote session.
--disablewallpaper 			Disables background wallpaper. This can improve performance.
--disablefullwindowdrag 	Disables the option to show the contents of a window when it is moved. This can improve performance.
--disablemenuanimations 	Disables transition effects for menus and tooltips. This can improve performance.
--disabletheming 			Disables themes for the application. This can improve performance.
--disablecursorshadow 		Disables the mouse pointer shadow. This can improve performance.
--disablecursorsettings 	Disables mouse pointer schemes and customizations. This can improve performance.
--enablefontsmoothing 		Enables font smoothing for text in the application. This can improve text readability, but can affect performance.
--noprintprefs 				Disables caching of printer preferences, such as paper size and page orientation.
--remoteaudio 				Leaves audio at the remote application server.
--enhancednetworksecurity 	Uses enhanced security, such as Transport Layer Security (TLS) or Network Level Authentication (NLA) using CredSSP.
--ssoauth 					Uses single sign-on authentication for the application.
--file 						Batch file used to create multiple objects within the organizational hierarchy.

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new Windows application object for the application Write-o-Win. The application runs on the application server rome.

CODE

visulox-portal object new_windowsapp --name "o=applications/cn=Write-o-Win" \
--width 1000 --height 800 --app c:\\programs\\apps\\write.exe \
--appserv "o=appservers/ou=Sales/cn=rome"

visulox-portal object new_xapp

Creates one or more X application objects.

Syntax

CODE

visulox-portal object new_xapp {
--name obj
--width pixels
--height pixels
[ --description text ]
[ --app pathname ]
[ --args args ]
[ --appserv obj... ]
[ --method telnet|ssh ]
[ --resumable never|session|always ]
[ --endswhen lastclient|windowmanager|windowmanageralone|nowindows|loginscript|loginscriptnowindows ]
[ --maxinstances 0|instances ]
[ --displayusing clientwm|independent|kiosk ]
[ --variablerootsize true|false ]
[ --maximize true|false ]
[ --scalable true|false ]
[ --depth 8|16|24|16/8|24/8|8/16|8/24 ]
[ --icon icon_name ]
[ --hints hint...]
[ --clipboardlevel level ]
[ --roottype default|custom ]
[ --rootcolor color ]
[ --compression automatic|on|off ]
[ --execution automatic|inorder|optimized ]
[ --quality automatic|best|24|21|18|16|15|12|9|6 ]
[ --interlaced automatic|on|off ]
[ --enhancedgraphics 1|0 ]
[ --delayed true|false ]
[ --ldapusers user_dn... ]
[ --ldapgroups group_dn... ]
[ --ldapsearch search_string... ]
[ --loadbal default|cpu|memory|sessions ]
[ --env setting... ]
[ --login script ]
[ --winmgr command... ]
[ --resumetimeout mins ]
[ --middlemouse ms ]
[ --force3button true|false ]
[ --windowclose notifyapp|killapp|suspendsession|endsession ]
[ --dpi monitordpi ]
[ --keepopen true|false ]
[ --share true|false ]
[ --securityextension true|false ]
[ --ssharguments args ]
[ --unixaudiopreload true|false ]
[ --remotewindowkeys true|false ]
[ --allowkioskescape true|false ]
[ --allowsshdowngrade true|false ]
[ --ssoauth 2|1|0 ]
} | --file file

Description

Available options for this command.

CODE

--name 					The common name of the object in the VISULOX Portal datastore.
--width 				The width of the application, in pixels.
--height 				The height of the application, in pixels.
--description 			A text description of the object.
--app 					Full path name of the application.
--args 					The command-line arguments to use when starting the application.
--appserv 				The application servers that can run the application.
--method 				The mechanism used by the VISULOX Portal server to access the application server and start the application.
--resumable 			Resumability behavior for the application.
--endswhen 				When the application session ends.
--maxinstances 			The maximum number of instances of the application a user can run simultaneously.
--displayusing 			How the application is displayed to the user.
--variablerootsize 		Resize the root window to match the size of the user's screen.
--maximize 				The initial size of the application.
--scalable 				Scale the application to fit the window in which it is displayed.
--depth 				Color depth for the application
--icon 					Workspace icon for the application.
--hints 				String containing additional name-value data for the application.
--clipboardlevel 		Clipboard security level for the application.
--roottype 				Appearance of the root window.
--rootcolor 			Color of the root window
--compression 			Whether the AIP protocol compresses commands for transmission.
--execution 			Whether the AIP protocol always executes commands in order, or optimizes commands for performance reasons.
--quality 				The effective color depth displayed on client devices.
--interlaced 			Enables interlaced image transmission.
--enhancedgraphics 		Enables enhanced graphics for the application's display.
--delayed 				Enables delayed updates of the application's display.
--ldapusers 			Assigns the application to the specified LDAP users.
--ldapgroups 			Assigns the application to the specified LDAP groups.
--ldapsearch 			Assigns the application to the users that match the LDAP search criteria.
--loadbal 				Load balancing algorithm to use.
--env 					Environment variable settings needed to run the application.
--login 				The login script used to start the application.
--winmgr 				The Window Manager to use for the application.
--resumetimeout 		Number of minutes the application is resumable for.
--middlemouse 			Timeout for emulating a middle mouse button click using a two-button mouse.
--force3button 			Specifies that the application only supports a 3-button mouse.
--windowclose 			Effect on application session of closing the main application window.
--dpi 					Monitor resolution that VISULOX Portal reports to X applications.
--keepopen 				Keep open the connection used to start the application.
--share 				Enables resource sharing for similar application sessions.
--securityextension 	Enables the X Security Extension for the application.
--ssharguments 			Command-line arguments for the ssh client.
--unixaudiopreload 		Enables the VISULOX Portal audio redirection library.
--remotewindowkeys 		Sends window management key strokes to the remote session.
--allowkioskescape 		Enables a pull-down header for kiosk mode applications.
--allowsshdowngrade 	Enables VISULOX Portal to try an X11 connection instead of SSH, when X11 forwarding is not configured or working.
--ssoauth 				Uses single sign-on authentication for the application.
--file 					Batch file used to create multiple objects within the organizational hierarchy.

To batch-create multiple objects, use the --file option. Use the other options to create a single object.

Examples

The following example creates a new X application object for the application XFinance. The application can be run on the application servers paris, bonn, or lisbon. Application server load balancing decides which one to use.

CODE

visulox-portal object new_xapp --name "o=applications/ou=Finance/cn=XFinance" \
--width 1000 --height 800 --app /usr/local/bin/xfinance \
--appserv "o=appservers/ou=Finance/cn=paris" \
"o=appservers/ou=Finance/cn=bonn" "o=appservers/cn=lisbon"

visulox-portal object remove_host

Removes application servers from the list of those that can run an application, for application server load balancing.

Syntax

CODE

visulox-portal object remove_host { --name obj... --host hobj...} | --file file

Description

Available options for this command.

CODE

--name 		Specifies the names of application objects you want to configure load balancing for.
--host 		Specifies the names of application server objects you want to remove from the load balancing pool.
--file 		Specifies a file containing a batch of commands to configure application server load balancing.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example removes the application server rome from the load balancing pool for the application Slide-o-Win.

CODE

visulox-portal object remove_host --name "o=applications/cn=Slide-o-Win" \
--host "o=appservers/ou=Sales/cn=rome"

The following example removes the group WinHosts from the load balancing pool for the applications Write-o-Win and Slide-o-Win.
Load balancing is no longer performed across all the application servers in WinHosts.

CODE

visulox-portal object remove_host --name "o=applications/cn=Write-o-Win" \
"o=applications/cn=Slide-o-Win" --host "o=appservers/cn=WinHosts"

visulox-portal object remove_link

Removes assigned applications links for an object.

Syntax

CODE

visulox-portal object remove_link { --name obj... --link lobj...} | --file file

Description

Available options for this command.

CODE

--name		Specifies the names of objects you want to remove links for.
--link 		Specifies the names of objects you want to remove links for.
--file 		Specifies a file containing a batch of commands to remove links for.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example removes the Write-o-Win application from the assigned applications for Violet Carson.

CODE

visulox-portal object remove_link --name "o=Example/ou=Sales/cn=Violet Carson" --link "o=applications/cn=Write-o-Win"

The following example removes the group Applications from the assigned applications of the organizational units Sales and Marketing.
Everyone who inherits assigned applications from one of these OUs no longer sees all the applications in their assigned applications.
For example, if they belong to that OU and is selected for their user profile object. However, they may still see an application if it is inherited from elsewhere.

CODE

visulox-portal object remove_link --name "o=Example/ou=Sales" \
"o=Example/ou=Marketing" --link "o=applications/cn=Applications"

visulox-portal object remove_mapping

Removes type-application mappings for a dynamic application object.

Syntax

CODE

visulox-portal object remove_mapping {--name obj --mappingtype [type]} | --file file

Description

Available options for this command.

CODE

--name 			The name of the dynamic application object.
--mappingtype 	Type of mapping to be removed.
--file 			A file containing a batch of commands to remove mappings.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example removes a mapping for the windows type from a dynamic application object with common name winApp.

CODE

visulox-portal object remove_mapping --name "o=applications/cn=winApp" --mappingtype windows

The following example removes a mapping for the solaris type from a dynamic application object named desktopApp.

CODE

visulox-portal object remove_mapping --name "o=applications/cn=desktopApp" --mappingtype solaris

visulox-portal object remove_member

Removes objects from groups.

Syntax

CODE

visulox-portal object remove_member { --name obj... --member mobj...} | --file file

Description

Available options for this command.

CODE

--name 		Specifies the names of group objects you want to remove members from.
--member 	Specifies the names of objects you want to remove from the groups.
--file 		Specifies a file containing a batch of commands to remove group members.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example removes the Write-o-Win application from the group Applications.

CODE

visulox-portal object remove_member --name "o=applications/cn=Applications" --member "o=applications/cn=Write-o-Win"

The following example removes the three application server objects rome, brussels, and berlin from the group WinHosts.

CODE

visulox-portal object remove_member --name "o=appservers/cn=WinHosts" \
--member "o=appservers/ou=Sales/cn=rome" "o=appservers/cn=brussels" \
"o=appservers/ou=Marketing/cn=berlin"

visulox-portal object rename

Renames or moves an object in the organizational hierarchy.

Syntax

CODE

visulox-portal object rename { --name obj... --newname newobj...} | --file file

Description

The following table shows the available options for this command.

CODE

--name 		Specifies the name of the object you want to rename or move.
--newname 	Specifies the new name of the object.
--file 		Specifies a file containing a batch of commands to rename or move objects.

Make sure you quote any object names containing spaces, for example, "o=Example Organization".

Examples

The following example renames the user profile object for Elizabeth Blue to Liz Blue.

CODE

visulox-portal object rename --name "o=Example/ou=Sales/cn=Elizabeth Blue" \
--newname "o=Example/ou=Sales/cn=Liz Blue"

The following example moves Ginger Butcher between the organizational units IT and Sales.

CODE

visulox-portal object rename --name "o=Example/ou=IT/cn=Ginger Butcher" \
--newname "o=Example/ou=Sales/cn=Ginger Butcher"

visulox-portal object script

Runs a batch script of visulox-portal object commands, or enables commands to be run interactively.

Syntax

CODE

visulox-portal object script

Description

The batch script consists of standard visulox-portal object commands, one per line, without the visulox-portal object prefix. For example, use edit rather than visulox-portal object edit.
The batch script can use a back slash (\) to break commands across multiple lines. Lines beginning with a hash (#) are treated as comments and ignored.

If you need to include quotes (") or a backslash (\) character in any of the values for the commands, you must backslash protect them. For example, to use "c:\\Program Files" as a value for the --args option, type the following: --args "\"c:\\Program Files\""

The command reads from standard input. For example, you can use a “here-document” to run a batch script:

CODE

visulox-portal object script <<EOF
commands
EOF

If standard input is empty, you can run visulox-portal object commands interactively.

Examples

The following example adds the group Applications to the organizational units Sales and Marketing, and sets the Sales OU's attribute to false.

CODE

visulox-portal object script <<EOF
add_link
--name "o=Example/ou=Sales"
"o=Example/ou=Marketing"
--link "o=Example/cn=Applications"
edit
--name "o=Example/ou=Sales" --inherit false
EOF

VISULOX-GATEWAY Command

CODE

visulox-gateway <command> [<command-specific args>]

During installation /usr/sbin/visulox-gateway is created, which makes it possible to execute the VISULOX GATEWAY Command without using the whole path.

Available parameters

Command	Description
start	Start VISULOX GATEWAY
stop	Stop VISULOX GATEWAY
restart	Restart VISULOX GATEWAY
config	Configuration options: create, list, edit, enable, disable
server	Server options: add, add-array, remove, list, list-array
status	Show VISULOX GATEWAY status
version	Show VISULOX GATEWAY version
sslcert	Export, print sslcert
sslkey	Import, export sslkey
cert	Export the VISULOX GATEWAY certificate
clientcert	Import, list, remove clientcert
key	Import private key and its corresponding certificate
patch	Add, remove, list VISULOX GATEWAY patches
connection	List connections
support	VISULOX Gateway Support Report

With visulox-gateway <subcommand> --help the detailed options for a command can be displayed.

If more parameters are needed for a command, the available options are always displayed by entering the basic command.

Usage

The following examples show the usage of the VISULOX-GATEWAY Command:

Show VISULOX GATEWAY status

CODE

visulox-gateway status

Show version information

CODE

visulox-gateway version

List VISULOX PORTAL Servers / certificates

CODE

visulox-gateway server list

Show VISULOX GATEWAY configuration

CODE

visulox-gateway config list

Add the VISULOX Portal Array on external Gateway

CODE

visulox-gateway server add-array --name osgd --serverurl <https://fqdn of the primary portal server>

Integrity-Check

The Integrity-Check is started automatically during installation of VISULOX to make sure, that all requirements are met for a properly running system.

However Integrity-Check can also be used in an already running environment for diagnose purpose.

Integrity-Check can be started via the visulox command:

CODE

visulox integrity

In the quiet mode no shell output and no log entries in /tmp/visulox-integrity.log are written.

Only the Integrity-Check exit code will be returned:

CODE

visulox integrity -quiet

Available Integrity-Check commands

Command	Description
-sw	Check of online software status
-vlx	Check the VLX Services and cluster ports
-sys	Check the system environment
-lib	Check for missing libs
-cmd	Check command for missing libraries
-disk	Check disk
-users	Check VISULOX transit users
-portal	Check the VISULOX PORTAL Service
-cert	Check certificates within VISULOX and VISULOX PORTAL
-store	Check store
-recorder	Check recorder
-datasources	Check datasources
-assignments	Check datastore assignments and dynamic applications
-license	Check license
-policies	Check policies (VISULOX must be online)
-index	Check index
-scripts	Check scripts
-x11forward	Check x11forward
-gate	Check gate config
-mail	Check mail configuration

General commands

Command	Description
-format <value>	Format of output (text,xml,csv,json,tcl) <text>
-verbose	More messages on stdout
--	Forcibly stop option processing
-help	Print this message
-?	Print this message

Usage

CODE

visulox integrity

Please wait ....
Integrity-Check: amitego engineering  - in house license / beta2-3.1.1 / 2016-07-12 12:46:32 UTC
    -----------------------------------------------------------------------------------
    | option   | cat                                    | info           | returnCode |
    -----------------------------------------------------------------------------------
    | -license | check                                  | Evaluation     | WARNING(2) |
    | -sys     | Script /opt/visulox/tools/filecheck.sh | not configured | WARNING(2) |
    | -sys     | Script /opt/visulox/tools/event.sh     | not configured | WARNING(2) |
    | -portal  | 5.60 Warnings                          | see logfile    | WARNING(2) |
    -----------------------------------------------------------------------------------

ExitCode: WARNING
Check the warnings. For more information see /tmp/visulox-integrity.log

Only warnings and errors are displayed by default. All Integrity checks can be shown with the -verbose parameter.

visulox integrity -portal

CODE

    ---------------------------------------------------------------------------
    | option  | cat              | info                          | returnCode |
    ---------------------------------------------------------------------------
    | -portal | core             | PORTAL 5.60                   | SUCCESS(0) |
    | -portal | connect          | yes                           | SUCCESS(0) |
    | -portal | webtop           | ok                            | SUCCESS(0) |
    | -portal | var              | security-xsecurity ok         | SUCCESS(0) |
    | -portal | var              | xpe-maxsessions ok            | SUCCESS(0) |
    | -portal | var              | xpe-maxusers ok               | SUCCESS(0) |
    | -portal | role             | administrator is root         | WARNING(2) |
    | -portal | array            | P: mp-vlx32-ol7.tbsol.de      | SUCCESS(0) |
    | -portal | security-gateway | mp-vlx32-ol7.tbsol.de is good | SUCCESS(0) |
    ---------------------------------------------------------------------------

visulox integrity -cert

CODE

   -------------------------------------------------------------------------------------------------
    | option | cat       | info                                                        | returnCode |
    -------------------------------------------------------------------------------------------------
    | -cert  | SSL-CERT  | issuer  =  /C=de/ST=de/O=amitego/CN=test.tbsol.de           | SUCCESS(0) |
    | -cert  | SSL-CERT  | subject = test.tbsol.de                                     | SUCCESS(0) |
    | -cert  | SSL-CERT  | serial  = EA8628EF3B3A7F44                                  | SUCCESS(0) |
    | -cert  | SSL-CERT  | from    = 2016-12-16 09:12                                  | SUCCESS(0) |
    | -cert  | SSL-CERT  | until   = 2017-12-16 09:12                                  | SUCCESS(0) |
    | -cert  | SSL-CERT  | remain  = 360d 21h                                          | SUCCESS(0) |
    | -cert  | PEER-CERT | issuer  =  /CN=mp-ol6u3-devel.tbsol.de CA Cert              | SUCCESS(0) |
    | -cert  | PEER-CERT | subject = test.tbsol.de CA Cert                             | SUCCESS(0) |
    | -cert  | PEER-CERT | serial  = 9F3D8E05D8800F22                                  | SUCCESS(0) |
    | -cert  | PEER-CERT | from    = 2013-07-15 12:20                                  | SUCCESS(0) |
    | -cert  | PEER-CERT | until   = 2023-07-13 12:20                                  | SUCCESS(0) |
    | -cert  | PEER-CERT | remain  = 2395d 23h                                         | SUCCESS(0) |
    | -cert  | SSL-CA    | issuer  =  /C=de/ST=de/O=amitego/CN=test.tbsol.de           | SUCCESS(0) |
    | -cert  | SSL-CA    | subject = test.tbsol.de                                     | SUCCESS(0) |
    | -cert  | SSL-CA    | serial  = EA8628EF3B3A7F44                                  | SUCCESS(0) |
    | -cert  | SSL-CA    | from    = 2016-12-16 09:12                                  | SUCCESS(0) |
    | -cert  | SSL-CA    | until   = 2017-12-16 09:12                                  | SUCCESS(0) |
    | -cert  | SSL-CA    | remain  = 360d 21h                                          | SUCCESS(0) |
    -------------------------------------------------------------------------------------------------

Integrity check with the parameter -cert shows the status of the both VISULOX PORTAL certificates. PEER-CERT and SSL-CERT.

The serials can be displayed on the local VISULOX GATEWAY with the command visulox-gateway server list and have to match with the serials of the VISULOX PORTAL certificates.

Integrity check shows a warning, when the lifetime is lower than 30 days or an error when the lifetime is expired.

visulox integrity -disk

CODE

Please wait ...Integrity-Check: VISULOX EVALUATION / xdevelopment / development
    ------------------------------------------------------------------------------------------
    | option | cat          | info                                              | returnCode |
    ------------------------------------------------------------------------------------------
    | -disk  | Diskspace    | ok in base (base threshold at 2.0GB has 39.67GB)  | SUCCESS(0) |
    | -disk  | Diskspace    | ok in var (var threshold at 5.0GB has 39.67GB)    | SUCCESS(0) |
    | -disk  | Diskspace    | ok in data (data threshold at 20.0GB has 39.67GB) | SUCCESS(0) |
    | -disk  | Diskspace    | ok                                                | SUCCESS(0) |
    | -disk  | DB Partition | ok fileserver.tbsol.de:/home/users/xxx            | SUCCESS(0) |
    | -disk  | DB Partition | needs atleast 157.30MB - has 39.67GB              | SUCCESS(0) |
    ------------------------------------------------------------------------------------------
ExitCode: SUCCESS

Among the checks also the diskspace for the database is checked. VLX_DATADIR must have at least 2.5 of size of the database available because VACUUM creates a copy of the database.

For example: a 4GB database needs 6 GB free diskspace. The diskspace is checked with integriy check.

Troubleshooting

VISULOX PORTAL connect failure

On servers, where VISULOX Service is installed together with VISULOX PORTAL Service, the connection to the VISULOX PORTAL Service can be checked with a small tool:

CODE

/opt/visulox/lib/utils/sgd.tcl check

Check connections
    ---------------------------------------------------------------------------------------------------------------------------
    |                                          scottasessionid |                                           scottasessionowner |
    ---------------------------------------------------------------------------------------------------------------------------
    | test-ol6u5.tbsol.de:1434362892796:1108252004568201775 | {.../_ens/o=Tarantella System Objects/ou=Visulox/cn=test-ol6u5} |
    ---------------------------------------------------------------------------------------------------------------------------

The following command reinstalls the necessary VISULOX PORTAL Service components on the server and mostly fixes connection errors:

CODE

visulox portal attach

VISULOX PORTAL Service warnings

More details can be found in visulox-integrity.log. The Java tuning values should be adjusted for the environment.
Mostly, the following settings will be adequate:
- tuning-jvm-initial: 1024
- tuning-jvm-max: 2048
- tuning-jvm-scale: 150

Adjust the values, with:

CODE

visulox-portal config edit --tuning-jvm-initial 2048 
visulox-portal config edit --tuning-jvm-max 2048 
visulox-portal config edit --tuning-jvm-scale 150

The following VISULOX PORTAL Service default values should also be checked:

- sessions-timeout-always
- sessions-timeout-session
- webtop-session-idle-timeout

Changes of VISULOX PORTAL Service configurations is known to VISULOX after "visulox portal attach -portal".

"Administrator is root" warning

The warning can be disabled by adding a new administrator to VISULOX PORTAL:
Add a user

CODE
```
useradd <name of the new portal administrator>
passwd <name of the new portal administrator> 
```
Add the new administrator to the VISULOX PORTAL administrators

CODE
```
visulox-portal object edit --name "/o=tarantella system objects/cn=administrator" --user admin
```
After changes to the VISULOX PORTAL, VISULOX needs to be reregistered

CODE
```
 visulox portal attach
```
Doing a VISULOX Integrity-Check again, the warning has disappeared. root can be removed from the administrators list.

event.sh and filecheck.sh missing

The files event.sh.template and filecheck.sh.template in /opt/visulox/tools/ must be copied to event.sh and filecheck.sh, if needed.
The correct permission (0550 / vlx:vlxgroup) has to be set as well for these files.
CODE
```
cd /opt/visulox/tools
cp events.sh.tmplate events.sh
cp filecheck.sh.template filecheck.sh
chown vlx: events.sh filecheck.sh
chmod 0550 events.sh filecheck.sh
```

Glossary

Expression	Description
3PA	Third Party Authentication / 3rd Party Authentication
Access Branding	With Access Branding it is possible to display different login page designs for different users according to their access point.
Access Management	Enhanced VISULOX Concept for administrating the access of users
AD	Active Directory
AIP	Adaptive Internet Protocol: Client communication protocol from the VISULOX PORTAL Service
Ambiguous login	The situation where an authentication mechanism has found more than one match for a user and cannot distinguish between them without further information from the user
Annotation	A short text, that can be entered before a recorded session is confirmed, during a recorded session or in VISULOX Cockpit / Archive for closed sessions
API	Application Programming Interface
Application server	A server which provides applications, that can be accessed via the VISULOX PORTAL
Application session	See: emulator session
Args	The arguments an application is started with
Assist / Assistance	See: Assisting Cooperation
Assisting cooperation	Within the VISULOX Cockpit, the user can select an application and press assist to join the application. The owner of the application selects the cooperation mode
Chapter	A chapter equals 20 minutes film of a recorded session
CLI	Command Line Interface
CMD	The command / path an application is started with
Cooperation	When two or more users are watching or working with the same application in realtime on their own desktop
Cooperation master	The user, who has started the application (owner) will be the master of this application in a Cooperation
Cooperation member	A user, who is not owner of an application and who is not able to switch the cooperation modes
Cooperation modes	On hold: Member is assigned to a Cooperation, but does not participate Observe: Member is able to watch the Cooperation application, but can not interact Interact: Member can interact with the application
CP	Short form for Cooperation
Datastore	Internal VISULOX PORTAL Service database, where all defined objects (users, hosts, applications) are stored. A VISULOX PORTAL Array replicates the datastore between all members simultaneously
DMZ	Demilitarized zone (Perimeter zone)
DSI	Directory Service Integration
Dual Control	Cooperation enforcing a real four-eye-principle
ELU	Extended License Usage - When ELU has expired, its not possible to start more recorders or display more users than allowed under MD / Status, max users / recorders
Emulator session	The running session, when an application is started with the Workspace on an application server
Expect script	VISULOX PORTAL connection script started during the launch of an application
External DNS name	The name by which an VISULOX PORTAL Server is known to a client device. A VISULOX PORTAL Server can have multiple external DNS names.
File Exchange	File Transfer web access for transferring files between a client and the Transit Zone for users without access to the VISULOX PORTAL
File Transfer Client	VISULOX Component for transferring files securely from Transit Zone to application servers and back
Film	Summary of the recorded chapters
Forced authentication	When VISULOX PORTAL prompts for a user name or password, by displaying an authentication dialog box For example, if a user holds down the Shift key when clicking on an application's link on the Workspace
FQDN	Fully Qualified Domain Name - The full name of a system, containing its hostname and its domain name. For example: portal.visulox.com, where portal is the hostname of a server, and visulox.com is the domain name
Group Access	Group Access is used to define an Access Policy for a specific list of users. This is needed when users are working together in a project and the project is represented by a group object in the repository
Host object	Host objects can be assigned to File Transit, Command Guard and Command Connect groups.
Host Connect	See: VISULOX Command Connect / VISULOX Command Guard
IAR	Intelligent Array Routing
ICA	Independent Computing Architecture: Client communication protocol from Citrix
Integrity-Check	Tool to check the VISULOX components and services
Internal / external message	The VISULOX Service supplies an external message for the login page and an internal message for the user's Workspace
Kiosk mode	VISULOX PORTAL display mode, where an application is displayed in full-screen
LDAP	Lightweight Directory Access Protocol
LDAPS	Lightweight Directory Access Protocol over SSL. Used for secure connections to an LDAP directory.
LID	Short form for License ID - Contains the date, the license started
Management Console	See: VISULOX Cockpit
MFA	Multi Factor Authentication
Native Client	A VISULOX PORTAL component that can be installed on client devices. The client maintains communication with the VISULOX PORTAL Server and is required to run applications The Native Client is provided by Oracle.
NEP	Short form for Network Entry Point
Network Entry Point	See: RIP
NFS	Network File System
Notifications	Implemented notification system for access, Workspace / File Transfer and emulator sessions in the VISULOX Services
Object	A self-contained entity, defined by a number of attributes and values. VISULOX PORTAL Objects have different types, such as an X application. The available attributes for each type are defined by a schema
One Time Passcode	The One Time Passcode is used for authentication and will become invalid after usage. A provided OTP is based on a secret key and the time via a smartphone APP
Organization object	A VISULOX PORTAL Object used to represent the top level of an organizational hierarchy. Organization objects can contain OU= or user profile objects. Organization objects have an O= naming attribute.
Organizational hierarchy	The collection of objects in the VISULOX PORTAL Datastore, descending from one or more organization or domain component objects. Represents the collection of people, application servers, and applications within an organization.
Organizational unit object	A VISULOX PORTAL Object used to distinguish different departments, sites, or teams in an organizational hierarchy. Organizational unit (OU) objects can be contained in an organization or domain component object. Organizational unit objects have an OU= naming attribute
OTP	Short form for One Time Passcode
Peer DNS name	The name by which an VISULOX PORTAL Server is known to other VISULOX PORTAL Servers in the same array
Primary server	The VISULOX PORTAL Server that acts as the authoritative source for global information, and maintains the definitive copy of the VISULOX PORTAL Datastore
RDP	Remote Desktop Protocol: Client communication protocol from Microsoft
Remote IP	Remote IP address, the information, from where a client request is coming
Report	The VISULOX Service is collecting data about workspacesessions, emulatorsessions, recordings and cooperations. The information can be clearly arranged in reports. In VISULOX Cockpit a variety of possible reports can be created on several pages
Resume	To redisplay an application session that has been suspended. See also: suspend
RIP	Short form for Remote IP address
RVA	Remote Vendor Access
S & M	Short form for Support and Maintenance
Secondary server	An array member that is not the primary server. The primary server replicates information to secondary servers.
Session	The VISULOX PORTAL generates a session for any X11 or RDP application, which has an unique session ID
SIEM	Security Information and Event Management
SOX	Short form for Sarbanes-Oxley Act
SSL certificate	A digital passport that establishes credentials on the web. In VISULOX PORTAL Service, allows client devices to trust the identity of a VISULOX PORTAL Server
Suspend	To pause an application session. A suspended application is not closed, it can be resumed. See also: resume
TAP	Short form for Temporary Access PIN, part of the Multi Factor Authentication (MFA)
TCC	Short form for Tarantella Client Component: Component for login into the VISULOX PORTAL via Native Client
TCL	Programming Language. Most of the VISULOX products are based on TCL
Temporary Access PIN	VISULOX method for the Multi Factor Authentication (MFA)
TFN	Tarantella Full Naming, X.500 format to address a VISULOX PORTAL object
Transit Zone	Zone, where files are transferred from/to application servers/clients
VAP	Short form for Virtual Access Point
Virtual Access Point	VISULOX method to get an independent URL of the VISULOX Access Nodes for reliability and Workspace balancing
VISULOX Access Node	Node running the VISULOX PORTAL Service and the VISULOX Service
VISULOX Base	Single VISULOX Node
VISULOX Cluster	Two or more VISULOX Nodes, that are joined together because of scalability, redundancy and load balancing
VISULOX Cockpit	Central VISULOX application to control sessions, access, recording, cooperations and to generate reports
VISULOX Command Connect	VISULOX component, which provides the possibility to connect to multiple hosts and to open an X-Client on these hosts. The connection method can be SSH, RDP or telnet. Former: Host Connect
VISULOX Command Guard	VISULOX component, which provides the possibility to connect to multiple hosts and to open an X-Client on these hosts Command Guard has command level controls for the application. It allows and denies the usage of certain commands by the user Additionally server side scripts can be issued either to multiple endpoints or to a single one
VISULOX Common Access Platform	The whole environment, that is built with the VISULOX GATEWAY, VISULOX Portal Service, VISULOX Service and databases
VISULOX Data	VISULOX Database and VISULOX Filestore
VISULOX Filestore	File system which stores the films. 5 MByte per user and per hour. Recommended for VISULOX is a local disk with 150-250 GB, for VISULOX Archive Node depending on the lifetime of films, up to x TB on a NAS/SAN storage
VISULOX GATEWAY	The VISULOX GATEWAY is a proxy server designed to be deployed in front of a VISULOX PORTAL Array in a demilitarized zone (DMZ). This enables the VISULOX PORTAL Array to be located on the internal network of an organization. Additionally, all connections can be authenticated in the DMZ before any connections are made to the VISULOX PORTAL servers in the array. The VISULOX GATEWAY manages load balancing of HTTP connections for the VISULOX PORTAL Servers in the array.
VISULOX Host Connect	See: VISULOX Command Connect
VISULOX Hotfix	Tool to check the software status in the cluster, backup and apply hotfixes
VISULOX keystroke recording with analyzing engine	In this recording mode all user keyboard interactions are registered and can be checked for unwanted entries (analyzing engine)
VISULOX Node	Node running the VISULOX Service to control sessions, films and recorders
VISULOX PAM	VISULOX Privileged Access Management
VISULOX PORTAL Array	Two or more VISULOX Access Nodes, that are joined together because of scalability, redundancy and load balancing
VISULOX PORTAL Benchmark	Tool to create a defined number of demo-users, who log into the VISULOX PORTAL and start recorded applications automatically. All settings can be configured easily within a GUI
VISULOX PORTAL Console	Web-based management console for the VISULOX PORTAL Service (Former: Administration Console)
VISULOX PORTAL Web Server	A pre-built web server installed and configured along with the VISULOX PORTAL Service, contains Apache, mod_ssl for HTTPS support, and Tomcat for Java Servlet and JSP support
VISULOX PORTAL Web Services	An API collection that allows developers to build their own applications to work with the VISULOX PORTAL Service. The APIs can be used to authenticate users, launch applications, and interact with the VISULOX PORTAL Datastore
VISULOX Revision Server	VISULOX Node which replicates the production database into Revision Server database and transfers the films from the production filestore into the Revision Server filestore (also known as Archive Server)
VISULOX Service Group	See: VISULOX Cluster
VISULOX Short Support Report	A Short Support Report to send via eMail created with visulox support -info. The Short Support Report should be sent to the VISULOX Support Team every time a new Support Request is opened
VISULOX Support Report	Package generated by the visulox support command, containing all information, necessary for support
VISULOX Transit Area	File Transfer component embedded in the Workspace to transfer files between client and Transit Zone
VISULOX Transit Mapping	To setup the VISULOX Transit Zone on Unix application servers, that are not a VISULOX Node, an RPM file is available for installation.
VISULOX Videolog Player	Player to view the recorded films inside the VISULOX Cockpit or checked out films in a browser
VISULOX Webservice User	Each VISULOX Service needs this user in the datastore to read the webservices on the VISULOX Access Nodes. The VISULOX webservice user has to be setup once in the datastore
VISULOX_Setup.xls	Excel-sheet, which has to be filled out in the planning phase by the responsible project leader, together with the amitego consultant
vlxMode	VISULOX variable set in the VISULOX PORTAL Console
VLX Password SelfService	Active Directory (AD) and Oracle Unified Directory (OUD) users are able to change their password by themselves with this appliction assigned.
Webtop	In the current version, the Webtop is called the Workspace. A Workspace is the term used to describe a user's applications, documents, and desktops. See: Workspace
WM	Short form for Window Manager
Workspace	The Workspace is displayed after logging into the VISULOX PORTAL. It is a special web page, that lists the applications that are assigned to the user
Workspace balancing	VISULOX load balancing mechanism including a virtual access point
Workspace session	The running session, after a user has logged into the VISULOX PORTAL via browser or Native Client
X11 forwarding	The process of forwarding, or tunneling, the windows of a remotely started X application to a client desktop
X Window System	A distributed window system for UNIX platform operating systems, based on the X11 protocol. Also called X11, or X Windows
X.509 certificate	See: SSL certificate