SparkView Admin Manual
- 1. – Overview
- 2. – Installation
- 2.1 – Install J2SE Software Development Kit (JDK)
- 2.2 – Install as a Windows service
- 2.3 – Install as Linux/Unix daemon
- 2.4 – Install as macOS daemon
- 2.5 – Install HTML client on other web servers
- 2.6 – Run SparkView as a container (Docker)
- 2.7 – Install as PWA
- 2.8 – Integrating a license
- 3. – Server configuration
- 3.1 – Gateway
- 3.2 – HTTPS and WSS (WebSocket secure connection)
- 3.3 – Remote Desktop Web Access Portal Integration
- 3.4 – Servers & RDP options
- 3.5 – Users
- 3.6 – Easy printing
- 3.7 – RemoteApp and start a program instead of the whole desktop
- 3.8 – Clipboard redirection and shared clipboard
- 3.9 – Bidirectional audio redirection (RDP)
- 3.10 – File share (uploading and downloading)
- 3.11 – Session Recording and Playback
- 3.12 – Session Shadowing (join or share an active session on gateway)
- 3.13 – Native RDP shadowing (join any active RDP sessions)
- 3.14 – Touch interface (iOS, Android etc)
- 3.15 – Touch remoting
- 3.16 – Hyper-V Console and Enhanced Session Mode
- 3.17 – RDP connection cache/pool
- 3.18 – Symlink (access link)
- 3.19 – Macro recording
- 3.20 - Remote assistance
- 3.21 – RFB (VNC) protocol support
- 3.22 – SSH and Telnet
- 3.23 – Smart Card Redirection
- 3.24 – Scanner redirection
- 3.25 – USB redirection
- 3.26 – OAuth 2.0/Okta integration
- 3.27 – Active Directory, Azure AD, LDAP, RADIUS integration
- 3.28 – Using Java parameters
- 3.28 – Send logs to syslog
- 4. – Administration and usage via UI
- 4.1 – config.html
- 4.2 – file.html
- 4.3 – join.html
- 4.4 – login.html
- 4.5 – player.html
- 4.6 – rdp.html
- 4.7 – report.html
- 4.8 – shadow.html
- 4.9 – ssh.html
- 4.10 – telnet.html
- 4.11 – vnc.html
- 4.12 – Further files and views
- 5. – Further management and configuration
- 5.1 – Session management
- 5.2 – Multi-Monitor
- 5.3 – SMB2 and SFTB file proxy
- 5.4 – Deploy, run and test applications in the cloud
- 5.5 – IP filter (iptables)
- 5.6 – SNMP integration
- 5.7 – SSH authentication with keys
- 6. – API and Plug-In
- 6.1 – Reporting API (query server status, client side JavaScript API)
- 6.2 – RDP library (client side JavaScript API)
- 6.2.1 – RDP parameters
- 6.2.2 – Passing parameters via URL (Connection String)
- 6.2.3 – Passing parameter via object or cookie
- 6.2.4 – Usage of RDP class
- 6.2.5 – Extend RDP: Virtual Channel and Dynamic Virtual Channel
- 6.2.6 – Extend Gateway: Gateway Channel
- 6.3 – Plug-ins (server side Java API)
- 6.4 – HTTP Request API (server side)
- Appendices
- Appendix A – Shortcut keys
- Appendix B – Browser support
- Appendix C – EchoHandler and network check
- Appendix D – configuration example for nginx
- Appendix E – configuration example for Apache Proxy
- Appendix F – configuration for Juniper, Cisco, Dell etc SSL VPN
- Appendix G – SMB path
- Appendix H – Ping
- Appendix I – TrustStore
- Appendix J – Features
- Quick Support
1. – Overview
1.1 – Features
SparkView is a RDP, VNC, SSH, TELNET, SMB2, SFTP proxy (gateway) with HTML5 client. It uses WebSocket, Canvas, Web Audio, local storage and more HTML5 features to implement the Remote Desktop (RDP), RFB (VNC), SSH, SMB2 protocols. It has following advantages compared with traditional (native) clients:
- Zero installation on client side, no Java, no flash, no ActiveX, only HTML and JavaScript.
- Zero maintenance and management on client side. You don’t need to worry about if the user has installed the newest version of SparkView, JRE or flash player.
- Same interface and experience for final users.
- One solution runs on almost all platforms: Windows, Linux, Mac, iOS, Android, BlackBerry and Playbook OS etc.
- Better performance. It’s even faster than the native RDP client.
- More features like session recording, printing, session shadowing with multi-cursors etc.
- Control resource access and redirection in one place (gateway).
- OAuth2, Active Directory, LDAP, RADIUS and Okta integration.
- Connect to Hyper-V console.
- RDP connection pool. Connect to your desktop and RemoteApp instantly. No waiting any more.
- Supports RDP, RFB(VNC), SSH, SFTP, Telnet and SMB2
- Seamless integration with many firewall vendors like F5, Fortigate, Pulse Secure, Sophos, Array Networks, Cisco, Juniper, Dell SSL VPN.
RDP features implemented in SparkView:
- TLS (SSL over RDP) and NLA (Network Level Authentication). CredSSP version 6 (Microsoft CredSSP updates for CVE-2018-0886)
- RemoteApp: it's the first time that you can use RemoteApp everywhere (on a Mac, iPad, Android etc)
- RemoteFX (LAN only)
- Touch remoting on current Windows and Windows Server versions.
- Seamless clipboard redirection which supports plain text, Bitmap, JPG, WMF, RTF and HTML formats.
- Easy printing, don't need to install drivers for client side printers.
- Bring sound to local or leave it on remote computer.
- Remote audio recording.
- File downloading and uploading; Gateway side directory sharing.
- Smart card redirection.
- Lossless bitmap compression, give you the best quality you can get.
- Supports Remote Assistance.
- Client side IME support. You can use client side IME directly (even Microsoft RDC cannot do that)
- International keyboard support.
- VirtualBox RDP video redirection support.
- Supports Multi-Monitor.
- Supports camera redirection.
- Supports scanner redirection.
- Supports native RDP shadowing.
1.2 – Architecture
SparkView basically consists of two components:
-
Gateway
A web socket server and simple web server that is used as a basis and connection node. -
Web resources
The resources are used by the gateway for display and data supply and consist of HTML, CSS, Javascript and JSON files as well as images. The files are installed on the gateway by default, but can also be installed on any web server.
This diagram describes how the components of SparkView work together:
1.3 – What's the difference
SparkView is quite different compared with other similar solutions:
- It is designed to be a replacement of native client, not a complementary solution.
- It is designed for speed. It’s even faster than our Java applet.
- It is feature rich, not feature less compared with native clients.
- SparkView only features:
- RemoteApp (not start program on connection)
- Session Recording/Playback
- Session Shadowing
- Hyper-V console connection
- Network Level Authentication
- Current Windows and Windows Server versions with touch remoting support
- XRDP (Linux) support
- RD Web Access Portal Integration
- OpenID integration
- Support both PostScript and PCL printers.
- Support more audio encodings. 80% less bandwidth usage (when playing audio) compared with other HTML5 solutions.
- Client side IME support. You can use client side IME directly (Microsoft RDC doesn't support client side IME).
2. – Installation
2.1 – Install J2SE Software Development Kit (JDK)
Download the Java 2 Standard Edition (J2SE) JDK version 1.8 or later from one of these sources:
- http://www.oracle.com/technetwork/java/javase/downloads/index.html
- https://developers.redhat.com/products/openjdk/download
- https://www.azul.com/downloads/zulu/
- http://jdk.java.net/
- https://aws.amazon.com/corretto/
Note: Downloading the Java Runtime Environment (JRE) instead is not recommended.
Open JDK 8, 11 and LTS versions are recommended. JRE is not recommended because it’s updated automatically and the old version will be uninstalled. Please install JCE 8 if you are using Java 8: https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Install the JDK according to the instructions included with the release. Set an environment variable JAVA_HOME to the pathname of the directory into which you installed the SDK release:
echo "export JAVA_HOME=/usr/java/default/"> /etc/profile.d/java_home.sh
Verify the Java version you are using by running the following command in a command prompt:
java –version
If your RDP server has Network Level Authentication enabled, the connection may fail depends on what Java version you are using.
Java 1.8: Please install TLS 1.2 Windows update on Windows 7 and Windows 2008:
https://support.microsoft.com/en-us/kb/3080079
2.2 – Install as a Windows service
Download SparkView installer for Windows from:
https://cloud.beyondssl.com/url/sparkviewinstaller
Install SparkView according the instructions of installer. During the installation, you can choose the JRE/JDK you want user if you have multiple JRE/JDK installed. You can also choose the gateway listening port (default is 8080).
If you get the “This app can’t run on your PC” error, you may need to disable Smartscreen functionality and under Windows Updates – Developers: Allow Sideloads Apps.
If you have an IIS instance running on the same machine and you want SparkView listening on port 80 or 443, you must ensure that IIS is not bound to the IP address and port you want to use for the SparkView service. You must set the bindings in the IIS Manager. However, it may also be necessary to change the HTTP service which by default listens on port 80 for all IP addresses. To do this you can use netsh http add iplisten ipaddress=xxx.xxx.xxx.xxx
to instruct the HTTP service to listen on IP addresses not used by the
SparkGateway. Then you can use port 80 on the unused IP Addresses with the SparkGateway.
Change the name of your license file to “license” and copy it to installation directory if you are using the full version. You don’t need a license file for the evaluation version.
You can start the “Welcome” page to connect to a computer or “Configuration” page from the start menu when installation is done.
Add SparkGateway.exe to your firewall exception list.
Make sure you allocate more memory to SparkGateway (in SparkGateway Manger, "Java" tab) if you have more users:
We are using Apache Procrun as a Windows service wrapper, for more information, please check http://commons.apache.org/daemon/procrun.html
2.3 – Install as Linux/Unix daemon
Before installation
- Download SparkView for Linux/Unix: https://cloud.beyondssl.com/url/sparkviewother
- Unzip it to your destination directory. Here we use
/usr/local/bin/SparkGateway
. - Modify gateway.conf to change gateway listening port or other configurations.
Using install script
The installation script "installLinux.sh" is located in the unpacked SparkView folder.
Execute it with sudo and the following command:
sudo sh ./installLinux.sh
Manual installation
Open gateway listening port (80):
-
firewall-cmd --permanent --add-port=80/tcp
,firewall-cmd --reload
- or
-
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
If SparkView can not listen on port 80, 443 or any ports below 1024, you can try this command:
sudo setcap cap_net_bind_service=+epi "readlink -f \"which java\""
Test the gateway in console mode:
java –jar SparkGateway.jar
You can install it as a service if it’s working correctly in console mode:
For Systemd system:
Create file: /etc/systemd/system/SparkGateway.service
with the following contents:
[Unit]
Description=SparkView Service
After=network.target
[Service]
User=yourUserName
WorkingDirectory=/usr/local/bin/SparkGateway
ExecStart=/usr/bin/java -jar /usr/local/bin/SparkGateway/SparkGateway.jar
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
Then notify the systemd fo the new service: systemctl daemon-reload
Service commands:
- Enable the service:
systemctl enable SparkGateway
- Start the service:
systemctl start SparkGateway
- Stop the service:
systemctl stop SparkGateway
- Check the status if the service is not started:
systemctl status SparkGateway
- Uninstall the service:
systemctl disable SparkGateway
Please check the following documentation for SUSE: http://remotespark.com/view/SUSE_Install.txt
For SysVinit init system:
To build the daemon wrapper you will need:
- GNU AutoConf (at least version 2.53)
- An ANSI-C compliant compiler (GCC is good)
- GNU Make
- A Java Platform 2 compliant SDK
yum groupinstall "Development Tools"
(CentOS)
apt-get install build-essentials
(Debian/Ubuntu)
Run the following commands:
cd /usr/local/bin/SparkGateway
tar xvfz commons-daemon-native.tar.gz
cd commons-daemon-1.0.10-native-src/unix
./configure
make
cp jsvc ../..
cd ../..
chmod a+x SparkGateway.sh
Change the name of your license file to “license” and copy it to installation directory if you are using the full version.
Modify gateway.conf file, change listening port and file path according to your installation directory.
Starting the daemon: ./SparkGateway.sh start
Stopping the daemon: ./SparkGateway.sh stop
We are using Apache Jsvc as a Linux/Unix daemon wrapper, for more information, please check http://commons.apache.org/daemon/jsvc.html
The script (SparkGateway.sh) is only tested on CentOS, you may need to change it on other Linux.
Run as a service and start automatically:
cp SparkGateway.sh /etc/init.d/SparkGateway
chmod +x /etc/init.d/SparkGateway
chkconfig --add SparkGateway
chkconfig SparkGateway on
Start the service: service SparkGateway start
Stop the service: service SparkGateway stop
2.4 – Install as macOS daemon
Run the following commands:
-
cd /Library
-
sudo unzip SparkGateway.zip
-
sudo chown username SparkGateway
username should be the login name under which gateway will run -
sudo chgrp admin SparkGateway
-
cd SparkGateway
-
sudo nano start.sh
with following content:
#!/bin/sh SPARK_HOME=/Library/SparkGateway java -jar $SPARK_HOME/SparkGateway.jar -c=$SPARK_HOME/gateway.conf
- Save the file and run
sudo chmod a+x start.sh
- Change the default directory and listening port if port 80 is occupied in gateway.conf:
port = 8080 logfile = /Library/SparkGateway/logs/gateway.log html = /Library/SparkGateway/html license = /Library/SparkGateway/license
- Use
sudo ./start.sh
to test if there are any errors within the script. -
cd /Library/LaunchDaemons
-
sudo nano com.toremote.gateway.plist
with following content:<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.toremote.gateway</string> <key>Disabled</key> <false/> <key>OnDemand</key> <false/> <key>RunAtLoad</key> <true/> <key>ProgramArguments</key> <array> <string>/Library/SparkGateway/start.sh</string> </array> <key>EnvironmentVariables</key> <dict> <key>SPARK_HOME</key> <string>/Library/SparkGateway</string> </dict> <key>StandardErrorPath</key> <string>/Library/SparkGateway/logs/gateway.stderr</string> <key>StandardOutPath</key> <string>/Library/SparkGateway/logs/gateway.stdout</string> <key>UserName</key> <string>_appserver</string> </dict> </plist>
- Service commands:
- Load the service:
sudo launchctl load /Library/LaunchDaemons/com.toremote.gateway.plist
- Unload the service:
sudo launchctl unload /Library/LaunchDaemons/com.toremote.gateway.plist
2.5 – Install HTML client on other web servers
Spark View (the HTML5 Client part) doesn't include any server side logic. You can also install it on any other web servers, like IIS, Apache, Tomcat etc.
Recommended to use Gateway as the web server, or install it in Chrome Web Store.
2.6 – Run SparkView as a container (Docker)
SparkView is fully executable as a container on many platforms. Advantages here are certainly the flexibility and transportability of the installation independently of the data between different systems.
Installation
To install the container, please pull the latest version from the official Docker Hub:
docker pull beyondssl/sparkview
SparkView is then installed inside a new container and has the following special default values:
- Listening ports are 80 and 443 (HTTP and HTTPS with self-signed certificate).
- remoteManage=true (configuration can be accessed from outside the localhost).
- management password is "password"
- Four volumes for configuration and data:
- data (created data from configuration like server and user)
- conf (configuration)
- keystore (certificates and Java keystore)
- logs (log files)
Then go to http://localhost to start the web application.
Configuration
All manual changes should be made within the volumes, otherwise the changes will be reset after a restart. The rest of the configuration is done via the web under /config.html.
Importing a license
Unlike the manual installation of SparkView, the license for the container version should be uploaded via the web. Under /config.html you will find the item "Upload license file" in the "General" tab. Upload your license here and save the configuration. This makes the new license active.
2.7 – Install as PWA
SparkView offers native PWA support from version 1036 and can be installed as such on all operating systems under Google Chrome - including Chromebooks and ChromeOS.
To "install" the PWA on a client, the following steps are necessary:
2.8 – Integrating a license
To integrate a license file into SparkView, please note the following steps:
- Stop SparkView service
- Copy the license file into the SparkView root directory
- Windows default:
C:\Program Files\Remote Spark\SparkGateway
- Linux/macOS default:
/usr/local/bin/SparkGateway
- Windows default:
- Rename the license file to
license
. Important: no file extension! - Start SparkView Service
You can then check the license status via config.html at the bottom:
If the license file is in a different location, please specify this via the corresponding parameter in the gateway.conf file:
# Example for Windows
license = C:\\Program Files\\Remote Spark\\SparkGateway\\licensefile
# Example for Linux/macOS
license = /usr/local/bin/SparkGateway/licensefile
3. – Server configuration
3.1 – Gateway
The gateway can be configured through the gateway.conf file. By default, this is located in the root installation directory of SparkView. All parameters and options are listed below.
The default gateway.conf file as shipped is shown at the bottom of the page.
Key | Value |
---|---|
bindAddr | Binding address, if you have multiple IP addresses and want to bind on one of them. If you have IIS running on same machine, you must ensure that it is not bound to the IP address & Port you want to use for the SparkGateway. You must set the bindings in the IIS Manager. However, it may also be necessary to change the HTTP service which by default listens on port 80 for all IP addresses. To do this you can use “netsh http add iplisten ipaddress=xxx.xxx.xxx.xxx” to instruct the HTTP service to listen on IP addresses not used by the SparkGateway. Then you can use port 80 on the unused IP Addresses with the SparkGateway. |
port | Listening port, default is 80. You can let Gateway listen on 2 ports at the same time, e.g. port = 80, 443 |
ssl | Use HTTPS and WSS (WebSocket Secure Connection), default is false. If gateway is listening on 2 port, the parameter can be configured as: ssl = false, true |
credSSP | Network Level Authentication, Value can be "true", "false" or "auto". Default is false. “true” will slow down the connection speed a little bit . It’s not necessary to use NLA if the gateway is connecting to internal RDP hosts only. It’s better to enable credSSP if you are using Microsoft RD Broker for load balancing. "auto" will connect without credSSP at the first time, reconnect with credSSP if the connection failed. |
backlog | How many connections can be queued, default is 50. |
user | Path of user configuration file (JSON format). |
server | Path of RDP hosts configuration file (JSON format). |
html | HTML root directory. |
directoryIndex | Default page for html directory, default is "rdp.html;index.html". |
license | Path of the license file. If you copy the license file named "license" (note that there is no file extension) to the SparkView root directory, it is automatically detected. If it is located elsewhere, please specify the full path of the license file including the file name, e.g. license=C:\\Program Files\\Remote Spark\\SparkGateway\\licensefolder\\license.txt . |
logfile | Path of log file. |
maxbytes | Limit the maximum number of bytes to write to any one log file, default is 30M. |
maxfiles | Log file rotation, the number of log files to use, default is 99. |
logHttpHeader | If log http header, which may contains sensitive information. Default is true. |
converter | Postscript to PDF converter, used for printing. Ghostscript is recommended: http://www.ghostscript.com/download/ Example: C:\\Program Files\\gs\\gs9.04\\bin\\gswin64c.exe |
arguments | Arguments for converter. %1 is output pdf file name. %2 is input ps file name, they'll be replaced by program. Example: -dBATCH -dNOPAUSE -dUseCIEColor -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2 |
plugin | Class name for your plug-in |
pluginFile | The full path of your plug-in jar file |
password | Password for reporting and management API |
remoteManage | Make configuration accessible from everywhere. Default is false. |
mime | Add extra mime types for web server: rdp:application/rdp;conf:text/plain |
stderrLog | Set false to disable logging to stdout/stderr |
keepDays | How many days the temporary files generated by system be kept, default is 1 day |
disk | The name for the shared disk, used for file uploading/downloading |
webfeed | RD Web Feed URL, for RD web access integration |
recording | Session recording, 0: no recording; 1: recording graphic only. 3: recording graphic and audio. |
recdir | Parent directory for session recording files. |
recwarning | Warn user about the recording, default is true |
accessNotInList | if logged in user can access computers which is not in their list (servers.json) or webfeed, default is false |
printer | Printer name, default is “Remote Printer from Client”. You can specify multiple printer names by using “;” as separator, e.g. “Printer1;Printer2”. The first one will always be the default printer. |
printerDriver | Printer driver name |
shadowing | Shadowing switch (if allow joining a session), default is true. |
resetOnJoin | Don't use seamless session shadowing. |
nativeShadowing | Allow native RDP session shadowing, default is false. |
cipherSuites | The cipher suites can be used by SSL encryption. You may want to use some good cipher suites only, for example: SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA You need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for AES 256 cipher suites. http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html |
webAddress | HTTP server web address, used for OpenID login (redirection back). It’s also used on client side for getting real gateway address (client side may not know that if you are using multiple gateways for load balancing). |
clientHost | Customize the host name of the client user. Default is the host name or ip address. You can use following variables in the string: ${hostName}: Host name of the gateway machine. ${hostAddress}: Host address of the gateway machine. ${sequence}: a sequence number ${__ip}: client host name or IP. ${_PARAM_SESSION_ID}: Session GUID. ${_PARAM_NUMERIC_ID}: Session 9 digit number ID. ${any parameter transferred from client side} e.g. clientHost = RS-${__ip}-${sequence} , the result will be RSClientHostName-0, RS-ClientHostName-1, … |
performanceflags | Please check 3.4 RDP Host for more information. You may need this if you are connecting to a Terminal Server/Remote Desktop Session Host. |
remotefx | If enable remtoefx, default is false. RemoteFX is LAN and 32 bit only |
enableLookups | Set to true if you want calls to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled. |
maxCacheTime | How long (minutes) the session can be cached on gateway, default is 0 (RDP session cache on gateway is disabled by default). |
idleUserSession | User session idle timeout, in milliseconds |
mail.smtp.host mail.smtp.port mail.user mail.password mail.from mail.to mail.smtp.auth mail.smtp.starttls.enable |
Email notification when license expire etc, following is for gamil: smtp.gmail.com 587 support@toremote.com xxxx support@toremotec.om xxx@toremote.com true true You can use java -cp SparkGateway.jar com.toremote.gateway.Mailer title message to send a test email. |
licenseAlert | Float value, Email alert when license usage reached this number. If value < 1, it means percentage of your license number; If value > = 1, it means the actual concurrent license number. |
thumbnail.interval | Interval for obtaining thumbnails of RDP session, milliseconds, default is 0 (no thumbnail). Client will not send thumbnail to server if screen is not changed. |
thumbnail.width | Thumbnail width, it must be smaller than 640, default is 0 (no thumbnail) |
copyTimeout | Timeout for clipboard copy operation, milliseconds, default is 3000. You may need to increase this value if your application need to copy very big data. |
savedSessionTimeout | This is the maximum value (milliseconds) for saved session, default is 0, means user cannot save session on gateway. |
confirmJoin | Confirmation needed when a user try to join a session, default is false |
keyStore | Set up keystore or certificate name when ssl is true. For example keystore.jks or cert.pfx .If you are using a certificate (i.e. cert.pfx ), a password is required (see keyStorePassword).If you are using a Java keystore (i.e. keystore.jks ), the password of the keystore must match the one used for the certificate, which is integrated in the keystore. |
keyStorePassword | Keystore or certificate password. If you are using a Java keystore (i.e. keystore.jks), the password of the keystore must match the one used for the certificate, which is integrated in the keystore. |
passwordEncrypted | Encrypt the keystore password and the reporting password, default is false. Please use following command to get encrypted password:java -cp SparkGateway.jar com.toremote.gateway.Encryption MyPassword |
assistance | Enable Remote Assistance, default is false. |
ssh | Enable SSH, default is false. |
ssh.cache | Enable/disable SSH history cache for joined sessions, default is true. |
telnet | Enable TELNET, default is false. |
gatewayId | Used for email notification etc. |
oauth2 | Path of oauth2 providers file (JSON format) |
disabledKeys | Keys (scancode) will not be sent to server, e.g. 219,220 (left and right Windows key); 29+56+211,56+1 will disable Ctrl+Alt+Del and Alt+Esc |
dataEncrypted | If enable encryption on data files: servers.json, users.json, symlink.json. |
webfeedCache | If enable webfeed cache. false to disable it. Default is true. You'll need to restart the gateway after your webfeed content changed if it's true. |
redirectToHttps | Redirect http tranfic to https. Make sure gateway listen on both http and https |
log.level | The value can be an integer or SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST. Check https://docs.oracle.com/javase/8/docs/api/java/util/logging/Level.html for more details |
connectif | Create a new connection if you are joining symlink which doesn’t connect to any hosts. |
randomIp | Use a random ip if your host name has multiple ip address, default is false |
authorization | “Basic”: enable HTTP Basic Authentication, default is null. |
headers | Extra headers for HTTP response, For example: headers = Strict-TransportSecurity: max-age=31536000\r\nContent-Security-Policy: script-src 'self'\r\nXXSS-Protection: 1; mode=block\r\nX-Frame-Options: SAMEORIGIN\r\nX-ContentType-Options: nosniff\r\n |
recFileSize | Limit the size (in bytes) of recording file (auto rotation) |
file.filter | File type filter for file uploading, for example “exe,jar” |
file.maxSize | File size filter (in bytes) for file uploading. |
keepPrinting | Keep the printing results (PDF) on gateway, default is false. |
timeoutWoL | Time out (milliseconds) of Wake on LAN. This will enable WoL if the value is great that 0. |
symlinkOnly | Gateway will only accept aymlink connection if symlinkOnly is true |
symlink | Full path of the symlink definition file, including file name, e.g. C:\\Users\\foobar\\workspace\\data\\symlink.json |
simpleFormatter | Let gateway use SimpleFormatter which is slower but allow you to configure log format. |
pingClient | Ping client interval (ms). CND or proxy may not close the websocket correctly and leave session alive forever on the gateway. You can enable this to fix this kind of issue. This is enabled by default since 5.6. |
sessionRecordParam | You can enable session recording from the browser side (sessionRecord=on) if this is true. Default value is false. |
userGroup | Path of user group configuration file in JSON format. |
serverGroup | Path of server group configuration file in JSON format. |
organization | Customize the connection name for the 2FA app on the mobile device. |
maxRequestBytes | Determines the upper limit for the total size of the request line and the headers. Its default setting is 8KB |
maxPrintTime | Printing conversion timeout, default is 1200000 milliseconds (20 minutes) |
httpCookie | Use HTTP Cookie for file uploading to make it more secure. Default is true. |
fileUnprompted | Files can be download directly without asking user to confirm when user copy a file in RDP server. For example, if the value is “pdf,zip”, when user copy a PDF file, the gateway will prepare the downloading directly without ask use to confirm. Depends on copyFile = true. |
deployment | Enable deployment service. User can deploy, test applications with the deploy agent via SSH, SFTP. |
Prefer keyboard-interactive method on SSH. Default is true. Deprecated, please use ssh.preferInteractive instead. |
|
ssh.preferInteractive | Prefer keyboard-interactive method on SSH. Default is true. |
fileService | Enable SMB2, SFTP file proxy, so user can use file.html to upload/download files from SMB2 share or SFTP server. Disabled by default. |
delSymlinkServer | The related server definition will be deleted too if a symlink is deleted or expired. Default is false. |
trustStore | Trusted certificates for RDP or VNC server (when TLS encrypt is used, credSSP = true in gateway.conf). |
trustStorePassword | Password for trustStore |
fileBlockSize | File transferring block size, default is 524288 bytes(5M). Reduce this value can reduce the bandwidth usage but increase uploading time |
keyDelay | Delay between keys (milliseconds). Default is 0. |
authToken.name | The parameter name in the websocket URL. |
authToken.exec | A path of executable or URL. If gateway found the authToken.name parameter in the websocket url, it’ll execute the exe or HTTP Request. The connection can be only allow if the exe or HTTP Request Status Code is authToken.sucessCode. |
authToken.sucessCode | Integer. |
twoFA | 1: Enable two-factor authentication; 0: Disable (default); 2: Enforce |
twoFAStore | Two-factor authentication storage path. Default is installDir\data\store.data. Make sure you back up this file. It’s encrypted by default. |
rec.timestampSubDir | Enable/disable timestamp sub directory for recdir. Default is true. |
rec.begin.exec | Run an executable before the session is recorded. Arguments: fileName, server, user, sessionId. |
rec.end.exec | Run an executable after the session was recorded. Arguments: fileName, server, user, sessionId. |
file.post | Run an executable after a file was uploaded. For example: file.post = C:\apps\scan.exe %1 %1 will be replaced by the file path of the uploaded file. |
csv.file | Log session information to CSV file. Columns: Id, Server, Client, IP, Browser, Time ,NumericId, User, Domain, Join, Protocol, Symlink, Port, Action (CONNECT/DISCONNECT/LOGIN). |
csv.size | Limit the maximum number of bytes to write the log file, default is 2G. |
vnc.transferCredential, ssh.transferCredential, telnet.transferCredential |
False by default, which disable SSO on VNC, SSH, TELNET connection when SSO is enabled in users.json (transferCredential = true). |
app.id | String, UUID is recommended. Can be used for load balancing. This unique id will be automatically generated if it's not set. |
file.viewable | Boolean, the "View" button on File Manager UI will be removed if it's false. Users then can only see the "Download" button. |
license.limit | Integer, restricts the concurrent session number for testing etc. This value must be smaller than the license number. |
kerberos.realm | String, enables authentication via Kerberos if set. Can be, for example, the DNS domain name in capital letters of an Active Directory. |
http.proxy.enable | Boolean, enable/disable connections through the HTTP proxy. |
readOnly | Boolean. Determines whether the configuration file (gateway.conf) can be changed via API or web config (config.html). Manual changes to the file itself are always possible. Default is false. |
*Please always use absolute file path if you are running Gateway as a service.
Default gateway.conf file:
# Binding address, if you have multiple IP addresses and want bind to one of them, uncomment and change this line
#bindAddr = 192.168.8.4
# Listening port, default is 80 for http and 443 for https (ssl = true)
port = 8080
# Use https and wss (WebSocket Secure connection), better to use 443 as listening port when ssl is true
#ssl = true
# Network Level Authentication (CredSSP), "false" is default, always false in free version
credSSP = auto
# How many client connections can be queued, default is 50
#backlog = 50
# User definition file, default is ./data/users.json. Uncomment this line and add users in this file if you want user log in first before using any rdp host.
#user = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\users.json
# Server definition file, default is ./data/servers.json. Uncomment this line and add RDP hosts here.
#server = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\servers.json
# HTML root directory, default is ./html/. Printed file will be save in sub directory "temp", make sure application have access right on "temp" directory.
html = C:\\Program Files\\Remote Spark\\SparkGateway\\html\\
# Default page for html directory, default is "rdp.html;index.html";
#directoryIndex = rdp.html;index.html
# License file, default is ./license, it's only for paid version
#license = C:\\Program Files\\Remote Spark\\SparkGateway\\license
# Log file, default gateway.log
logfile = C:\\Program Files\\Remote Spark\\SparkGateway\\logs\\gateway.log
# Limit the maximum number of bytes to write to any one log file, default 30M
#maxbytes = 30720000
# Log file rotation, the number of log files to use, default 99
#maxfiles = 99
# Log http header, that may contains sensitive information like password. default is true.
#logHttpHeader = false
# Show warning and error messages to clients. Default is true
#showMessage = false
# Postscript to PDF converter, Ghostscript is recommended: http://www.ghostscript.com/download/
converter = C:\\Program Files\\gs\\gs9.14\\bin\\gswin64c.exe
# Arguments for converter. %1 is output pdf file name. %2 is input ps file name, they'll be replace by program
arguments = -dBATCH -dNOPAUSE -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2
# Plugin = com.toremote.gateway.plugin.SimpleManager
#pluginFile = C:\\Program Files\\Remote Spark\\SparkGateway\\plugin.jar
# Password for configuration, reporting and management API.
#password = yourpassword
# Parent directory for temporary files: downloading/uploading etc
#tmpdir = C:\\apps\\share
# Session recording, 1: recording graphic only, 2 recording graphic and sound
#recording = 1
# Directory for session recording
#recdir = C:\\apps\\share
# Warn user about the recordig, default is true
recwarning = true
# RD Web Feed URL, for RD web access integration
#webfeed = https://192.168.0.50/RDWeb/feed/webfeed.aspx
# If logged in user can access computers which is not in their list (severs.json) or webfeed
accessNotInList = true
# CipherSuites. You may want to only use some strong cipher suites for SSL. You may need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html)
#cipherSuites = SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA
# Printer driver you want to use
#printerDriver = HP LaserJet 4100 Series PCL
# HTTP server web address, used for OpenID login(redirection back). Also used on client side for getting real gateway address (client side may not know that if you are using multiple gateways for load balancing)
#webAddress = http://w-think
# Shadowing switch, default is true, if allow user join sessions
#shadowing = false
# Customize the host name of the client user
#clientHost = RS-${__ip}-${sequence}
# Performance flags for RD Web Access Portal integration only.
#performanceflags = 111
#remotefx = true
# Set to true if you want calls to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled.
#enableLookups = true
# How long (minutes) the session can be cached on gateway, default is 0 (RDP session cache on gateway is disabled by default).
#maxCacheTime = 10
# User session idle time out, in milliseconds
#idleUserSession = 3600000
# Email configuration. Test email with java -cp ..\SparkGateway.jar com.toremote.gateway.Mailer
#mail.smtp.host = smtp.gmail.com
#mail.smtp.port = 587
#mail.user = support@xxx.com
#mail.password = xxxx
#mail.from = support@yyy.om
#mail.to = xxx@xxx.com
#mail.smtp.auth = true
#mail.smtp.starttls.enable = true
#confirmJoin = true
#assistance = true
#ssh = true
#telnet = true
# Certificate for SSL, pfx (PKCS12) format is recommended, use keystore.jks if you prefer Java KeyStore
#keyStore=cert.pfx
#keyStore=keystore.jks
#keyStorePassword = password
#passwordEncrypted = true
#keyStorePassword = OOLZ+pOdZAa3QXanDDksAmMR4pdpVVD2SblIuXe2ztg=
#oauth2 = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\oauth2.json
# Scancodes for disabling keys (219 left windows key, 220 right windows key)
#disabledKeys = 219,220
# Enabling copy files
copyFile = true
You can also use config.html to configure gateway.conf. Use your browser navigate to: http://localhost/config.html.
For security reason, this page can be only accessed from localhost.
3.2 – HTTPS and WSS (WebSocket secure connection)
Recommended to enable HTTPS and WSS. There is a self-signed certificate (keystore.jks) in the installation directory.
- Set
ssl=true
in gatway.conf file. - Set your port to your desired SSL port, like 443:
port=443
- Import your SSL certificate to a Java keystore, please check with your certificate issue and see how to buy and import certificate for Java application server.
- Set up keyStore and keyStorePassword in gateway.conf:
keyStore=D:\\test\\SV\\spark.p12 keyStorePassword=yourPassword
- Java 1.8 recommended which supports more and better cipher suites.
- Java 1.8 supports PKCS12 key store, it’s better to use PKCS12 format directly.
- Self-signed certificate may not work in some cases.
- You can have multiple certificates in the Java key store, but Java will always use the first one by default.
- Disable SSLV3, set sslProtocols = SSLv2Hello,TLSv1 in gateway.conf and restart. You can also add TLSv1.1, TLSv1.2 into it for Java 8.
- You can expand the DK key size to 2048 in Java 8 by adding this Java option:
-Djdk.tls.ephemeralDHKeySize=2048
- You can choose the cipher suites you want to use by setting cipherSuites in gateway.conf. You'll need to install Java Cryptography Extension (JCE) to support all the cipher suites:
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Recommended cipher suites for Java 11:
cipherSuites =
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Recommended cipher suites for Java 8:
cipherSuites =
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
Set up Let’s Encrypt (letsencrypt.org) certificate:
- Apply for the certificate from letsencrypt.org and you’ll get the certificate files: cert.perm, privkey.perm, chain.pem etc in /etc/letsencrypt/live/yourDomain/.
-
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name spark -CAfile chain.pem -caname anyFriendlyName
- Add following entries in gateway.conf:
keyStore=/etc/letsencrypt/live/domain/cert_and_key.p12 keyStorePassword = yourExportPasswordInStep3 ssl = true port = 443
- Restart the gateway.
Renew and update the certificate automatically:
Create a cron job to update check the certificate every day at 2:30AM (crontab -e):
30 2 * * * certbot renew --post-hook "sh /etc/letsencrypt/live/startme.biz/update.sh"
update.sh:
#!/bin/bash
cd /etc/letsencrypt/live/domain/
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name spark -CAfile chain.pem -caname startme -passout pass:mypassword
systemctl stop SparkGateway
systemctl start SparkGateway
exit 0
3.3 – Remote Desktop Web Access Portal Integration
A user can log in with his domain user name and password and get the RemtoeApps or desktops published on the web access portal with the integration.
What you need:
- RemoteApp is published and Web Access is enabled.
- Web Access portal must be in domain.
What you should do:
- Set up the web feed URL of you web access portal in gateway.conf. This URL is your address of your portal + /RDWeb/feed/webfeed.aspx, for example: webfeed = https://sparkview.beyondssl.com/RDWeb/feed/webfeed.aspx
- Use login.html as the start page, set directoryIndex = login.html;rdp.html;index.html in gateway.conf.
- Make sure html directory is configured in gateway.conf. Gateway will save application icons under this directory (in RDWeb subdirectory).
You don’t need to set up RDP hosts or users in servers.json and users.json anymore.
3.4 – Servers & RDP options
Contents:
General information
You can use the servers.json file to define RDP, SSH, VNC, Telnet and HTTP destinations that should be accessible. The options for the individual destinations can also be specified here.
In addition to manual configuration via the servers.json file, you can also use this via the web UI. To do this, navigate with the browser to https://localhost/config.html
. For security reasons, this page can only be accessed from the localhost by default.
You can also organize servers in server groups, which are saved in the serverGroups.json file.
Here is an example of a servers.json file:
{
"type": "NORMALLIST",
"display": true,
"connections": [
{
"id": "Word",
"displayName": "RemoteApp MS Word",
"server": "213.180.85.124",
"icon": "kbd.png",
"protocols": "rdp",
"rdp": {
"username": "demo",
"password": "m9ff.QWE",
"domain": "SERVERSKY",
"remoteProgram": "||WINWORD",
"mapClipboard": true,
"mapDisk": true,
"playSound": 0,
"mapPrinter": true
}
}
]
}
This file is in JSON format, {} means an object, [] means an array.
For a complete list of RDP options, please go to chapter 4.1.
Performance flags
Default value of the performance flags parameter is 111
.
ID | Property | Description |
---|---|---|
0x00000000 | TS_PERF_DISABLE_NOTHING | No features are disabled. |
0x00000001 | TS_PERF_DISABLE_WALLPAPER | Wallpaper on the desktop is not displayed. |
0x00000002 | TS_PERF_DISABLE_FULLWINDOWDRAG | Full-window drag is disabled; only the window outline is displayed when the window is moved. |
0x00000004 | TS_PERF_DISABLE_MENUANIMATIONS | Menu animations are disabled. |
0x00000008 | TS_PERF_DISABLE_THEMING | Themes are disabled. |
0x00000010 | TS_PERF_ENABLE_ENHANCED_GRAPHICS | Enable enhanced graphics. |
0x00000020 | TS_PERF_DISABLE_CURSOR_SHADOW | No shadow is displayed for the cursor. |
0x00000040 | TS_PERF_DISABLE_CURSORSETTINGS | Cursor blinking is disabled. |
0x00000080 | TS_PERF_ENABLE_FONT_SMOOTHING | Enable font smoothing. |
0x00000100 | TS_PERF_ENABLE_DESKTOP_COMPOSITION | Enable desktop composition. |
0x40000000 | TS_PERF_DEFAULT_NONPERFCLIENT_SETTING | Set internally for clients not aware of this setting. |
0x80000000 | TS_PERF_RESERVED1 | Reserved and used internally by the client. |
Example:
111 = PERF_DISABLE_CURSOR_SHADOW | PERF_DISABLE_CURSORSETTINGS | PERF_DISABLE_FULLWINDOWDRAG | PERF_DISABLE_MENUANIMATIONS | PERF_DISABLE_THEMING | PERF_DISABLE_WALLPAPER;
IP ranges
You can also define IP ranges in servers.json, for example:
{
"id": "range1",
"ipRanges": [
{"from": "192.168.0.0", "to": "192.168.0.250"},
{"from": "192.168.56.0", "to": "192.168.56.250"}
]
},
Keyboard layouts
Id | Name |
---|---|
0x00000401 | Arabic (101) |
0x00000402 | Bulgarian |
0x00000404 | Chinese (Traditional) - US Keyboard |
0x00000405 | Czech |
0x00000406 | Danish |
0x00000407 | German |
0x00000408 | Greek |
0x00000409 | US |
0x0000040A | Spanish |
0x0000040B | Finnish |
0x0000040C | French |
0x0000040D | Hebrew |
0x0000040E | Hungarian |
0x0000040F | Icelandic |
0x00000410 | Italian |
0x00000411 | Japanese |
0x00000412 | Korean |
0x00000413 | Dutch |
0x00000414 | Norwegian |
0x00000415 | Polish (Programmers) |
0x00000416 | Portuguese (Brazilian ABNT) |
0x00000418 | Romanian |
0x00000419 | Russian |
0x0000041A | Croatian |
0x0000041B | Slovak |
0x0000041C | Albanian |
0x0000041D | Swedish |
0x0000041E | Thai Kedmanee |
0x0000041F | Turkish Q |
0x00000420 | Urdu |
0x00000422 | Ukrainian |
0x00000423 | Belarusian |
0x00000424 | Slovenian |
0x00000425 | Estonian |
0x00000426 | Latvian |
0x00000427 | Lithuanian IBM |
0x00000429 | Farsi |
0x0000042A | Vietnamese |
0x0000042B | Armenian Eastern |
0x0000042C | Azeri Latin |
0x0000042F | FYRO Macedonian |
0x00000437 | Georgian |
0x00000438 | Faeroese |
0x00000439 | Devanagari - INSCRIPT |
0x0000043A | Maltese 47-key |
0x0000043B | Norwegian with Sami |
0x0000043F | Kazakh |
0x00000440 | Kyrgyz Cyrillic |
0x00000444 | Tatar |
0x00000445 | Bengali |
0x00000446 | Punjabi |
0x00000447 | Gujarati |
0x00000449 | Tamil |
0x0000044A | Telugu |
0x0000044B | Kannada |
0x0000044C | Malayalam |
0x0000044E | Marathi |
0x00000450 | Mongolian Cyrillic |
0x00000452 | United Kingdom Extended |
0x0000045A | Syriac |
0x00000461 | Nepali |
0x00000463 | Pashto |
0x00000465 | Divehi Phonetic |
0x0000046E | Luxembourgish |
0x00000481 | Maori |
0x00000804 | Chinese (Simplified) - US Keyboard |
0x00000807 | Swiss German |
0x00000809 | United Kingdom |
0x0000080A | Latin American |
0x0000080C | Belgian French |
0x00000813 | Belgian (Period) |
0x00000816 | Portuguese |
0x0000081A | Serbian (Latin) |
0x0000082C | Azeri Cyrillic |
0x0000083B | Swedish with Sami |
0x00000843 | Uzbek Cyrillic |
0x0000085D | Inuktitut Latin |
0x00000C0C | Canadian French (legacy) |
0x00000C1A | Serbian (Cyrillic) |
0x00001009 | Canadian French |
0x0000100C | Swiss French |
0x0000141A | Bosnian |
0x00001809 | Irish |
0x0000201A | Bosnian Cyrillic |
Keyboard layout variants
Id | Name |
---|---|
0x00010401 | Arabic (102) |
0x00010402 | Bulgarian (Latin) |
0x00010405 | Czech (QWERTY) |
0x00010407 | German (IBM) |
0x00010408 | Greek (220) |
0x00010409 | United States-Dvorak |
0x0001040A | Spanish Variation |
0x0001040E | Hungarian 101-key |
0x00010410 | Italian (142) |
0x00010415 | Polish (214) |
0x00010416 | Portuguese (Brazilian ABNT2) |
0x00010419 | Russian (Typewriter) |
0x0001041B | Slovak (QWERTY) |
0x0001041E | Thai Pattachote |
0x0001041F | Turkish F |
0x00010426 | Latvian (QWERTY) |
0x00010427 | Lithuanian |
0x0001042B | Armenian Western |
0x00010439 | Hindi Traditional |
0x0001043A | Maltese 48-key |
0x0001043B | Sami Extended Norway |
0x00010445 | Bengali (Inscript) |
0x0001045A | Syriac Phonetic |
0x00010465 | Divehi Typewriter |
0x0001080C | Belgian (Comma) |
0x0001083B | Finnish with Sami |
0x00011009 | Canadian Multilingual Standard |
0x00011809 | Gaelic |
0x00020401 | Arabic (102) AZERTY |
0x00020405 | Czech Programmers |
0x00020408 | Greek (319) |
0x00020409 | United States-International |
0x0002041E | Thai Kedmanee (non-ShiftLock) |
0x0002083B | Sami Extended Finland-Sweden |
0x00030408 | Greek (220) Latin |
0x00030409 | United States-Dvorak for left hand |
0x0003041E | Thai Pattachote (non-ShiftLock) |
0x00040408 | Greek (319) Latin |
0x00040409 | United States-Dvorak for right hand |
0x00050408 | Greek Latin |
0x00050409 | US English Table for IBM Arabic 238_L |
0x00060408 | Greek Polytonic |
0xB0000407 | German Neo |
Keyboard Input Method Editors (IMEs)
Id | Name |
---|---|
0xE0010404 | Chinese (Traditional) - Phonetic |
0xE0010411 | Japanese Input System (MS-IME2002) |
0xE0010412 | Korean Input System (IME 2000) |
0xE0010804 | Chinese (Simplified) - QuanPin |
0xE0020404 | Chinese (Traditional) - ChangJie |
0xE0020804 | Chinese (Simplified) - ShuangPin |
0xE0030404 | Chinese (Traditional) - Quick |
0xE0030804 | Chinese (Simplified) - ZhengMa |
0xE0040404 | Chinese (Traditional) - Big5 Code |
0xE0050404 | Chinese (Traditional) - Array |
0xE0050804 | Chinese (Simplified) - NeiMa |
0xE0060404 | Chinese (Traditional) - DaYi |
0xE0070404 | Chinese (Traditional) - Unicode |
0xE0080404 | Chinese (Traditional) - New Phonetic |
0xE0090404 | Chinese (Traditional) - New ChangJie |
0xE00E0804 | Chinese (Traditional) - Microsoft Pinyin IME 3.0 |
0xE00F0404 | Chinese (Traditional) - Alphanumeric |
3.5 – Users
You can use users.json file to configure: users (name and password), RDP hosts (configured in servers.json) a user can access. User will have to log in when this file was used (starting from login.html)
You can also log in with Google, Yahoo account etc with OAuth 2 integration. For OAuth integration
- You don’t need to enter user name and password in the login.html.
- Make sure the user name in users.json is your email address (Gmail address if you are using Google Account).
- The password in users.json will be ignored, so you can give any passwords to user.
If you don’t need this OAuth integration, you can remove following part from login.html:<a href="/OPENID?id=Google"><img src="google.png" title="Sign in with Google account"/></a>
Please check Chapter 3.22 for more information about OAuth 2.
User will see a list of RDP hosts and applications they can use after logging in:
You can also use config.html to configure users.json. Use your browser and navigate to: http://localhost/config.html. For security reason, this page can be only accessed from localhost. The user name should be your email if you are using OpenID integration (log in with Google Account etc).
The following parameters can be stored when creating a user:
- Name
- Password
- Server, which the user is allowed to access
- Domain user (yes/no)
- Domain server
- Transfer credentials to connection
- Host name (for RDP connections)
You can import users from Active Directory too. These domain users will use active directory authentication and don’t need to have passwords (default is ***).
You can also configure user group, which is saved in userGroups.json by default:
Activate two-factor authentication (2FA)
An authenticator app (e.g. Google Authenticator) is required for use.
- Set
twoFA=1
to activate ortwoFA=2
to force in gateway.conf - The user logs in to SparkView, a QR code appears
- Scan the QR code with the Authenticator app and enter the 6-digit code
Reset second factor (2FA) for individual users
There are 3 ways to reset the second factor for individual users:
Java-Command
To do this, the SparkView service must first be stopped. Then use the following command in the SparkView root directory:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username
For AD users, please use the following command:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"
For Windows users:
java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username
or if AD:
java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"
cURL-Request
The SparkView service must be running for this. Then please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=username" http://sparkview-server.com/CONTROL
For AD users, please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=domain\user.name" http://sparkview-server.com/CONTROL
HTTP request (API)
The SparkView service must be running and a hashed management password must be used. Then please call up the following URL:
http://sparkview-server.com/CONTROL?target=twofa&user=username&gatewayPwd=21232f297a57a5a743894a0e4a801fc3
3.6 – Easy printing
In a traditional RDP environment, you may have to install drivers for client side printers to make printer redirection work. Compared with other solutions, Spark Easy Printing has following benefits:
- Don’t need to install any drivers on RDP host.
- Don’t need to install anything on client side (MS Easy printing needs install .NET Framework 3.5).
- RDP hosts can be any versions of Windows (MS Easy printing need to be Windows 7 and above).
- Using separate channel (via http or https) for printing which will not affect your RDP experience.
- Support all printers, support both PostScript, PCL, PDF and text only (Receipts, Label printer) printers, and printers can have any names. Some application can only work on PCL printers or printers with specific names.
- Support all devices, you can print on Mac, Android, iOS too (MS and Citrix printing can be only used on PC).
- Fewer bandwidth usages.
How Spark View Easy printing works:
- Gateway attaches a universal PostScript printer to RDP host automatically.
- Gateway converts the printing (for PostScript and PCL printers) to PDF file when user print.
- Gateway then sends the PDF file or text (for text only printer) to user.
- User views or prints the PDF/text file in local.
To make printing works, you need to install a PostScript to PDF converter along with Gateway. Ghostscript is recommended and it works on different platforms.
Please also make sure printer redirection is enabled in RDP host.
Install a PostScript Printer (Recommended):
- Set a PostScript to PDF converter in gateway.conf (we use Ghostscript http://www.ghostscript.com/download/ here):
converter = C:\\Program Files\\gs\\gs9.05\\bin\\gswin64c.exe
- Set the arguments for converter in gateway.conf:
arguments = -dBATCH -dNOPAUSE -dUseCIEColor -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2
- Set a PostScript printer driver in gateway.conf (optional):
printerDriver = HP Color LaserJet 8500 PS
- Set a name for the printer in gateway.conf (optional):
printer = My Printer Name
Since version 5.7, the gateway will automatically choose the best available driver. It’s not recommended to set up the printerDriver unless you have special needs.
Install a PCL printer (some applications only work on PCL printer):
- Set a PCL to PDF converter in gateway.conf (we use ghostPCL http://www.ghostscript.com/GhostPCL.html here):
converter = C:\\apps\\ghostpcl-9.05-win32\\pcl6-9.05-win32.exe
- Set the arguments for converter in gateway.conf:
arguments = -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=%1 %2
- Set a PCL printer driver in gateway.conf:
printerDriver = HP LaserJet 4100 Series PCL
- Set a name for the printer in gateway.conf (optional)
printer = My Printer Name
For receipts and label (text only) printers, please add “&textPrinter=on” into the websocket url.
If you got “Unsupported driver Installation” warning on Windows 2003, please change following setting:
Control Panel -> System Properties -> Hardware -> Driver Signing Options -> "Ignore" + "Make this action the system default"
Enable silent printing:
Chrome: "More tools" ->"Create application shortcuts", then edit the just created shortcut, add " -- kiosk-printing" into the target:
Firefox: Type about:config at Firefox. Right click at anywhere on the page and select New > Boolean. Enter the preference name as print.always_print_silent, click OK and select "true" as the value. Restart Firefox.
3.7 – RemoteApp and start a program instead of the whole desktop
There are two ways to start a program:
Start a program on connection use a program as shell of Windows. That means you can only use one program in this session. You’ll need to create 2 sessions to start 2 programs (this user will use two SparkView licenses then). To configure “Start a program on connection” in servers.json file, you need to specify “command” and “directory” options. Please make sure you allow users to start unlisted programs on Windows 2008:
If you are using Windows Server 2012 R2 you can configure this in the Collection properties sheet by using Server Manager. By default, only programs in the RemoteApp Programs list can be started when a user starts a Remote Desktop Services session. You can also use following policy or registry to do the same:
- Policy path:
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
- Scope: Machine Supported on: At least Windows Server 2008
- Registry settings:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal
Services!fAllowUnlistedRemotePrograms
RemoteApp was introduced in RDP 6.1. All RemtoeApps running on client side can share only one session, even you are running thousands of RemoteApps. To configure RemoteApps in servers.json, you need to specify “remoteProgram”, “remoteWorkDir”, and “remoteArgs” options.
RemoteApp window will be automatically resized (no reconnection needed) when you resize the browser window. Here is a example for setting up RemoteApp in servers.json:
{
"id": "RemoteAppWord",
"displayName": "RemoteApp WORD",
"server": "192.168.8.119",
"icon": "kbd.png",
"protocols": "rdp",
"rdp": {
"username": "Administrator",
"mapClipboard": true,
"password": "password",
"remoteProgram": "||WINWORD"
}
},
If you are using alias name of the RemoteApp, please make sure there are || before it.
For a good user experience, it’s better to start program without splash screen, also set time limit for disconnected session on RDSH:
- Log on to the terminal server as an administrator.
- Start the Local Group Policy Editor. To do this, click Start, click Run, type gpedit.msc, and then click OK.
- Locate the following node:
Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Session Time Limits
Note: The policy settings are also located under User Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Session Time Limits
Please check following links for more information:
- http://en.wikipedia.org/wiki/Remote_Desktop_Services#RemoteApp
- http://technet.microsoft.com/en-us/library/cc753112(v=ws.10).aspx
- http://technet.microsoft.com/en-us/library/cc730673(WS.10).aspx
Configure RemoteApp RDP settings:
http://technet.microsoft.com/en-us/library/cc733144.aspx
For better performance, you may want to
add following lines in the “Custom RDP settings” page:
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:1
disable wallpaper:i:1
Please be aware not all applications can run on RemoteApp and Terminal Server/RDSH environment. You may want to choose a Virtual Machine solution instead or connecting to Hyper-V console. All applications are guaranteed to work with Hyper-V console connection, but it doesn’t audio, video etc advanced RDP features.
3.8 – Clipboard redirection and shared clipboard
You can only copy text, image and html between local and remote because of the browser's restriction, but you can copy anything, including files, between any connected sessions (shared clipboard on gateway).
Spark View can tell you are copying from local or another session and enable shared clipboard automatically.
- Some browsers can only access local clipboard when you are doing copy/paste, so you'll have to use keyboard (Ctrl+C/V) instead of Copy/paste menu. Right click (context menu) copy is only supported on Chrome and IE. Right click paste is only supported on IE.
- You'll see a copy dialog to ask you copy the content again on browsers which doesn't support right click copy/paste.
- On Mac, you'll need to use Command key instead of Ctrl key.
3.9 – Bidirectional audio redirection (RDP)
Audio redirection must be enabled in the RDP server first.
For microphone redirection, Chrome 53, Edge 12, Firefox 36, Safari 11 and secure context (HTTPS) are required.
playSound=0
to bring remote sound to local.audioRecord=on
to enable microphone redirection.
Settings for microphone in RDSH:
Group policy:
The path to the group policy is the following:
Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Sesssion Host / Device and Resource Redirection
Please also make sure you “Allow apps to access your microphone” if you are connecting to Windows 10 or 2019:
GPO Path:
Computer Configuration\Policies\Administrative Templates\Windows Components\App Privacy
GPO:
Let Windows apps access the microphone
3.10 – File share (uploading and downloading)
There are two ways to implement file downloading/uploading. One is using temporary directory for every user. The temporary directory will be deleted after user session was terminated. Another is using permanent directory for each RDP host.
Temporary directory
- Configure a parent directory in gateway.conf:
tmpdir = C:\\apps\\share
. You can use${user}
and${domain}
variables in tmpdir since 5.0. This user directory will not be removed automatically if variables are used in tmpdir. - Make sure “Uploading/Downloading files” is selected on client side.
Permanent directory
- Configure disk mapping in servers.json:
You can use ${user} and ${domain} variables in devicePath since 5.0."mapDisk": true, "disks": [ { "dosName": "Storage", "longName": "Long Display Name", "devicePath": "/apps/test/" } ],
- Make sure “Uploading/Downloading files” is selected on client side.
Uploading files
Choose files or drag files to your remote desktop (anywhere except the cloud icon) after logged in. Click the cloud icon on the top middle of you screen to check the uploading process.
The cloud icon will disappear if you have no operation for a while, click anywhere on the screen to bring it back again.
Downloading files
Click the cloud icon, a file browser dialog will be displayed. You can enter a folder or select a file to download. You can also drag a file to your desktop directly if you are using Chrome.
For best result, please make sure share directory is in another disk or file system.
The file which is uploading has ".uploading" filename extension. You can delete it or resume the uploading later. Uploading will be cancelled if there is no enough free space on the drive.
Drag & Drop
You can drag a local file to remote computer if the current application supports file copy and paste, e.g. File Explorer, Desktop etc. you need to set copyFile = true in gateway.conf to enable this feature. Spark View will ask you to download the files or directories when you copy files or directories in remote computer.
3.11 – Session Recording and Playback
Spark View can record your session in RDP stream format (.rdpv) and play it anywhere. This format has smallest size and best quality in the world.
You need to configure following 3 properties in gateway.conf:
#session recording, 1 means recording graphic only, no sound. 3 means recording graphic and sound.
recording = 1
#parent directory for session recording
recdir = C:\\apps\\share
#warn user about recording
recwarning = true;
Recording, playback is also supported in VNC, SSH, TELNET sessions.
You can also record session on client side (use recording=on
parameter).
Since 4.8.8, Spark View supports seamless session shadowing: no need to reconnect (to rest the client status) when user is joining. The seamless joining may take more time if network is slow. You can go back to the old way by setting resetOnJoin=true in gateway.conf
The player.html can play local recording, and playeremote.html can play a file on the gateway (server side).
Converting recording to MP4:
Download the tool:
http://www.remotespark.com/view/converter.jar
Convert a recording file to mp4 in command line:
java -jar converter.jar -s record.rdpv //convert record.rdpv to record.mp4
java -jar converter.jar -s record.rdpv -d new.mp4 //convert record.rdpv to new.mp4
java -jar converter.jar -h //help
Use the jar file as a library:
import com.toremote.record.converter.VedioConverter;
/**
* @param sourcePath source path of a .rdpv type video file
* @param destinationPath OPTIONAL destination path of the converted .mp4 format video file
* @param acceleration OPTIONAL integer bwtween 0 and 10. The acceleration of the speed up effect
* @param fps OPTIONAL frames per second, default is 25.
* @param imgInterval OPTIONAL the interval in seconds of persisting snapshot pictures, default is 10 seconds.
* @param convertType convert type, 0: default, convert to .mp4 video only; 1: convert to png image files only; 2: convert to both png image files and .mp4 video.
*/
VideoConverter converter = new VideoConverter(srcPath, destPath, speed, timeRational,
imgInterval, convertType);
converter.convert();
3.12 – Session Shadowing (join or share an active session on gateway)
Unlimited users can join/share one existed session via one click if you know the session id:
http://www.remotespark.com/join?id=123456789&name=Admin
The input can be controlled by all users or only one of them. User can require control form other user, or give control to other user.
Spark session shadowing has following advantages compared other solutions:
- Fully based on RDP protocol (no VNC involved), has better performance and using fewer bandwidth.
- Every joined user can see other user’s mouse movements.
- Two join mode: Every one can control or only one can control at a time.
- Even sessions on Windows XP, Windows 7, xrdp can be joined too.
- Unlimited user can join one session, depends on the ability of you gateway.
RemoteApp session shadowing is also supported since 3.4.
Make sure you have following parts in your web page to make the shadowing work if you are using yourselves customized web page:
var info = $id("joinSelect");
if (info) {
info.onchange = function(e){
svManager.getInstance().setJoinMode(e.target.value);
};
}
var control = $id("requestControl");
if (control) {
control.onclick = function(e){
svManager.getInstance().requestControl();
};
}
<div id="appinfo" class="appdlg">
<img alt="" src="info.png" style="float:left">
<table>
<tr>
<td align="right"><b>Connected to:</b></td>
<td><span id="connectingTo"></span><br></td>
</tr>
<tr>
<td align="right"><b>Session id:</b></td>
<td><span id="numericId"></span><br></td>
</tr>
<tr>
<td align="right"><b>Join mode:</b></td>
<td>
<select id="joinSelect">
<option value="0">Every one can control</option>
<option value="1">Only one can control</option>
</select><br>
</td>
</tr>
<tr>
<td colspan="2"><b>Join this session with following link:</b><br><aid="joinLink"target="_blank"></a></td>
</tr>
<tr>
<td></td>
<td align="right"><input type="button"id="requestControl"value="Request Control" disabled="disabled"/></td>
</tr>
</table>
</div>
To disable session shadowing, you can:
- Set shadowing = false in gateway.conf
- Remove following part from the web page (optional):
<table>
<tr>
<td align="right"><b>Connected to:</b></td>
<td><span id="connectingTo"></span><br></td>
</tr>
<tr>
<td align="right"><b>Session id:</b></td>
<td><span id="numericId"></span><br></td>
</tr>
<tr>
<td align="right"><b>Join mode:</b></td>
<td>
<select id="joinSelect">
<option value="0">Every one can control</option>
<option value="1">Only one can control</option>
</select><br>
</td>
</tr>
<tr>
<td colspan="2"><b>Join this session with following link:</b><br><aid="joinLink"target="_blank"></a></td>
</tr>
<tr>
<td></td>
<td align="right"><input type="button"id="requestControl"value="Request Control" disabled="disabled"/></td>
</tr>
</table>
You can also join a symlink if you only know the symlink id, for example:
http://localhost:8080/join.html?symlink=212a155e-e951-40db-95ea-177183174fa7&gateway=wthink&connectif=true
If connectif=true, it will start a new connection if there is no existing connection with the symlink. This only works on symlink joining and you have to enable it by adding following entry in gateway.conf:
connectif = true
If name parameter was given, the name will be displayed under the cursor:
There are two colors under the name: the first is calculated by the name, the second is calculated by the session id which makes sure every user has a unique color combination.
Using session shadowing
As an user, click the "i" symbol on your desktop:
You will see an info window with a session ID, a join mode and a session link:
Send this link or the session ID to your Administrator who will join your session for help by using this ID:
3.13 – Native RDP shadowing (join any active RDP sessions)
Since 6.0, Spark View can use shadow.html to shadow any active RDP sessions on the RDP server, even they are connected from another RDP client, which is same as the mstsc.exe /v:server /shadow:x /control.
Remote shadowing setting is configured using a Group Policy or by registry modification. You can configure whether you need to request the user confirmation to connect, and whether view or control is allowed in the shadow session.
Target RDP server requirements:
- Enable remote control: Run gpedit.msc -> Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Connections and enable the policy "Set rules for remote control of Remote Desktop Services user sessions"
Instead of enabling the policy, you can set the necessary value in the DWORD registry parameter Shadow in the HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services registry key. The allowed values are:
0 – disable remote control;
1 — full control with user’s permission;
2 — full control without user’s permission;
3 — view session with user’s permission;
4 — view session without user’s permission.
By default, this registry parameter is not set and the shadow connection is performed in full control mode with user permissions. - Enable file and printer sharing
- Enable native RDP session shadowing ("nativeShadowing = true" in gateway.conf)
- Make sure that SMB port 445 is open in the firewall and the RDP server
Add rule to allow traffic to SMB/CIFS and RPC
To add a firewall rule to allow TCP/445 (SMB/CIFS) and TCP/135 (RPC):
- Go to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security - LDAP > Inbound Rules
- Right-click and choose "New Rule"
- Choose "Predefined" and "File and Printer Sharing", then click "Next"
- Check the follwing, then click "Next":
- "File and Printer Sharing (NB-Session-In)"
- "File and Printer Sharing (SMB-In)"
- Select "Allow the connection" and click "Finish"
https://sparkview-server/shadow.html
3.14 – Touch interface (iOS, Android etc)
Spark View can operate on tablets and smart phone devices if you have an html5 browser available.
Following gestures are supported:
Gesture | Description | Action |
---|---|---|
Long press | Right click | |
Flick | Scroll screen if remote desktop resolution is bigger, otherwise drag | |
Pan | Drag | |
2 finger tap | Right click | |
2 finger scroll | Mouse wheel | |
3 finger tap | Show software keyboard (iOS only) | |
3 finger pinch open | Maximize window | |
3 finger pinch close | Restore window | |
3 finger flick left | Previous window | |
3 finger flick right | Next window | |
3 finger flick down | Minimize all windows | |
3 finger flick up | Restore all windows |
You can also tap the keyboard icon to activate the software keyboard. IE doesn’t support 3 finger gestures and 2 finger scroll (mouse wheel).
Touchpad mode (relative mouse movement)
Tochpad mode allows you to use whole touch screen as a touch pad. You can use the finger to move the cursor and issue a click on the position of the cursor (not the position you are taping on).
Entering text
You can see more PC keys by taping on :
Make sure you html page has following part to make PC keys work:
<div id="pc_key">
<span>Ctrl</span><span>Alt</span><span>Del</span><span>Esc</span><span>...</span>
<div id="pc_key_more">
<span>F1</span><span>←</span><span>↑</span><span>→</span><span>↓</span><span>Start</span><span>Alt+F4</span><span>Ctrl+Alt+Del</span>
</div>
</div>
You can also add any other keys by changing the pc_key div.
Recommended browsers:
- Android: Chrome and Firefox.
- iOS: Safari.
- Playbook: Stock browser.
- Windows: Chrome, Firefox, IE10 and Safari
- Mac OS: Chrome, Firefox, and Safari.
- Linux: Chrome and Firefox.
3.15 – Touch remoting
Touch Remoting will be enabled automatically when following conditions are met:
- RDP host is Window 8 or Windows 2012 and
- Local device has multi-touch ability and
- Minimum screen resolution of local device is 1024x768
3.16 – Hyper-V Console and Enhanced Session Mode
Compared with normal RDP connection, Hyper-V console connection has following pros and cons:
Pros:
- Don’t need a network for the VM, don’t need to have RDP enabled. Only need the VM GUID for connection.
- Same as a physical computer, Good for testing and some applications which cannot run under normal RDP.
- Don't require Terminal Services CALs.
Cons (if enhanced session mode is not enabled):
- Limited RDP features, no resource redirection.
- Not all resolutions can be supported; can only change the resolution in Windows.
Since Window 2012 R2, Hyper-V console supports enhanced session mode which allow your redirect local resource in Hyper-V console session. To enable enhanced session mode in Spark View, please append ";EnhancedMode=1" to the VM GUID. Please check following link for more information about enhanced session mode:
http://technet.microsoft.com/en-us/library/dn282274.aspx
To connect to Hyper-V console, make sure:
- Enable CredSSP (Network Level Authentication) in gateway.conf.
- The server address is the Hyper-V server address; User name, password, and domain are all for Hyper-V server, not for the VM you are connecting to. Also be aware default listening port of Hyper-V console is 2179 instead of 3389. To connect to a VM, all you need is the VM GUID.
- Install Microsoft Virtual Machine Integration Services into the VM; disable cursor shadow (important) in the VM. It’s better to adjust your computer for best performance.
3.17 – RDP connection cache/pool
RDP session may take minutes to start (booting, login, user profile etc) which is unacceptable sometimes. RDP connection Cache/pool allows you see you desktop and RemoteApp instantly.
You can cache a connection on client side and display it when user needs it. Cache on client side is faster and recommended.
You can also cache a connection on gateway side (in a connection pool) too. It’s disabled by default, to enable it, set maxCacheTime to a non-zero value in gateway.conf.
Please check example7.html (under html directory) for usage on client side.
Cache API also make integration more easier, here is what you can do with it:
- Your application send http request to the gateway to create a connection and this connection will be cached on gateway:
http://gateway/CACHE?server=hypervServer&port=2179&user=uu&pwd=pp&domain=dd&CACHEID=mycacheid&CACHETIMEOUT=1&CACHEPOLICY=0&DUPLICATE=off&gatewayPwd=5f4dcc3b5aa765d61d8327deb882cf99&width=800&height=600"
In this request, CACHETIMEOUT is 1 minute, CACHEPOLICY=0 means gateway will do nothing if this cache is popped out. DUPLICATE=off means there is only one cache item under one id. You'd better using UUID as CACHEID. gatewayPwd is the MD5 hash of password configured in gateway.conf, 5f4dcc3b5aa765d61d8327deb882cf99 is the MD5 hash of “password”. - On the client side, you can create an RDP connecting by: Using the JS library directly in your web page: new svGlobal.Rdp("ws://gateway/RDP?CACHEID=mycacheid&... or using rdpdirect.html: http://gateway/rdpdirect.html?gateway=yourgatewayaddress&CACHEID=mycacheid
3.18 – Symlink (access link)
You can create a symlink for a RDP host (must be configured in servers.json first). After you created a RDP server in servers.json, you’ll be able to access it with the server id. Symlink is more secure than server id, and it can be a temporary link (set up valid time) or a permanent link.
You can create a symlink file manual and specify this file in gateway.conf. Here is an example of symlink file:
{
"symlinks": [
{
"id": "3645e6db-7afc-4fff-8ad9-92415aa25db0",
"resourceId": "demo2",
"validFrom": "2013-05-14 20:43 MDT",
"validTime": "5d",
"parameters": "user=uu&pwd=pp",
"comment": comment"
}
]
}
The pattern for date format is yyyy-MM-dd HH:mm z
.
Please check http://docs.oracle.com/javase/7/docs/api/java/text/SimpleDateFormat.html for more information about this format.
You can send extra parameters to the server by configuring the "parameters" property.
You need to specify the location of the symlink file in gateway.conf:
symlink = C:\\Users\\uuu\\workspace\\data\\symlink.json
You can also configure this using config.html:
On the client side, you'll need to use 'symlink=symlinkId' instead of 'server=yourServer' when creating a connection:var rdp = new svGlobal.Rdp('ws://gateway/RDP?symlink=symlinkId&mapClipboard=on&...')
You can also join a symlink:var rdp = new svGlobal.Rdp('ws://gateway/JOIN?symlink=symlinkId&mapClipboard=on&connectif=on&...')
If connectif = on
and there is no session established with that symlink, this will create a new connection instead. Make sure you set connectif = on
in gateway.conf to enable this feature first.
3.19 – Macro recording
Macro recording can be used on software testing, automated jobs etc. Please add macro.js into your web page and then you can record macro:
- var recorder = new MacroRecorder(rdp);
- recorder.start();//start recording
- recorder.stop();//stop recording
- recorder.play(); //playback
- recorder.stopPlay();//stop playing
- recorder.getScript();//get playback script
Please check the source code of macro.js for more details.
3.20 - Remote assistance
You can provide Remote Assistance with assit.html. With Spark View's cross-platform ability, now you can provide remote assistance from anywhere, and devices:
You can connect to Windows XP, Windows 7, Windows 2008, Window 8, Windows 2012 with SparkView remote assistance. SparkView only accepts invitation file which is generated in version 1 format for now.
- Remote Assistance session cannot be joined.
- Remote Assistance is disabled by default. Please set assistance = true in gateway.conf to enable it.
3.21 – RFB (VNC) protocol support
You can connect to any VNC server (Linux, Mac etc) with vnc.html. It also supports session shadowing.
3.22 – SSH and Telnet
You can connect to SSH server with ssh.html, and connect to Telnet server with telnet.html:
- You can also join SSH and Telnet sessions.
- Telnet doesn't support local echo.
3.23 – Smart Card Redirection
Since version 5.7, Java applet was deprecated. Smart Card redirection need a small native application (sg_agent.exe for Windows, sg_agent.zip for macOS) running on user’s machine to communicate with Smart Card.
Local hardware (smart card, scanner) redirection needs an agent (native application) running on your computer to acees the local hardware. Please:
- Download the agent from your installation: http://localhost:8080/sg_agent.exe
- Run the agent and keep it running during the connection (you only need to run the agent once for multiple sessions).
- Click the "Open" button to open a new window (bridge.html) to communicate with the agent and keep it open during the connection.
You also need to add the "&smartCard=on" parameter to your websocket URL to enable smart card redirection. Use the "&passwordIsPin=on" parameter if you want to transfer password as the PIN of smart card.
If the green smart card icon is displayed in the traybar, the implementation was successful:
smart card, smartcard, hardware token, hardwaretoken
3.24 – Scanner redirection
Spark View provides two different method for scanner redirection:
- Please use the TWAIN Virtual Data Source if your scanner has TWAIN driver and your application supports TWAIN scanner. OR
- Please run the SparkScan.exe in RDP server to scan from a local scanner which supports TWAIN, WIA (windows) or ICA (Mac OS) scanner.
Virtual TWAIN Data Source deployment (Need to deploy it on the RDP server first):
- Create a directory under windows\windows\twain_32, for example: RemoteSpark
- Copy SparkDataSource.ds to this directory:
windows\windows\twain_32\RemoteSpark\SparkDataSource.ds
The name of the directory or SparkDataSource.ds can be changed.
RunSparkScan /?
to show the help information.
3.25 – USB redirection
USB redirection is based on WebUSB: https://wicg.github.io/webusb/. Please check your browser compatibility: https://developer.mozilla.org/en-US/docs/Web/API/USB#browser_compatibility.
- Add "&mapUSB=on" parameter to your websocket URL to enable it.
- It only works on secure contexts (HTTPS only).
- Feature Policy is needed if the session is running in iframe:
<iframe allow="usb; fullscreen"></iframe>
- The client try to display all the available USB devices to use. If you want specific device only, you can set up the USB files in appcfg.js:
usb: {filters:[{vendorId:0x2341}]}
- List of USB ID’s: http://www.linux-usb.org/usb.ids
3.26 – OAuth 2.0/Okta integration
You need to register your application before you use OAuth 2.0 integration.
Provider | Registering Address |
---|---|
https://support.google.com/cloud/answer/6158849 | |
Windows Live Connect | https://account.live.com/developers/applications http://msdn.microsoft.com/en-us/windowslive/ff769489.aspx |
Please use http(s)://gatewayAddress/oauth2callback
for redirect URI.
You'll get client id and client secret after the registration, and set up them in the oauth2.json configuration file. You can specify the location of oauth2.json in gateway.conf.
Example of oauth2.json:
{
"providers" : [{
"name" : "Google",
"client_id" : "650561938988-t2r66k1ms3hpoi3k1e2g7l2adlarau8s.apps.googleusercontent.com",
"client_secret" : "-D-nhxWn2E97tZWWLg5IQ6Ak",
"request_uri" : "https://accounts.google.com/o/oauth2/auth",
"redirect_uri" : "http://localhost/oauth2callback",
"access_token_uri": "https://oauth2.googleapis.com/token",
"auth_uri": "/login_chrome.html",
"scope": "openid email"
},
{
"name" : "Live",
"client_id" : "0000000040133A31",
"client_secret" : "p9WwBr2Pyrq6mtaeZCwTSwqbIF39Br3Z",
"request_uri" : "https://login.live.com/oauth20_authorize.srf",
"redirect_uri" : "http://www.remotespark2.com/oauth2callback",
"access_token_uri": "https://login.live.com/oauth20_token.srf",
"scope": "wl.emails",
"profile_uri": "https://apis.live.net/v5.0/me"
}]
}
Okta SSO
To enable SSO, Spark View application need to be configured as trusted application (Resource Owner Password Flow):
https://developer.okta.com/docs/guides/implement-password/overview/
You don’t need to configure request_uri, redirect_uri , and profile_uri for Okta.
Here is an example for Okta:
{
"providers": [
{
"name" : "okta",
"client_id" : "0000000040133A31",
"client_secret" : "p9WwBr2Pyrq6mtaeZCwTSwqbIF39Br3Z",
"access_token_uri": " https://dev-160206.okta.com/oauth2/v1/token",
"scope": "openid email"
}
]
}
Then login from http://yourGateway/login_okta.html.
3.27 – Active Directory, Azure AD, LDAP, RADIUS integration
✅ Create configuration files easily
Click here to go to the customizer for the integration of authentication services. Fast, simple, secure. No data is stored on the server!
You can authenticate your users against Active Directory, LDAP or RADIUS server. Please configure your users.json as followings:
Active Directory or LDAP
{
"source": {
"type": "AD",
"properties": {
"server": "192.168.12.128:389", //can also be specified without the port
"domain": "mydomain.com",
"groups": "sales, support",
"transferCredential": false
}
}
}
You can let gateway fetch servers from the AD. The following example will fetch all the servers from the "otherLoginWorkstations" attribute:
{
"source": {
"type": "AD",
"properties": {
"server": "192.168.12.128:389",
"domain": "mydomain.com",
"groups": "sales, support",
"transferCredential": false,
"serversAttr": "otherLoginWorkstations"
}
}
}
Gateway can also change AD user password if:
- AD has SSL enabled.
- Export the AD certificate (Public key only) in Base-64 encoded X.509 file format.
- Import the AD certificate to Java keystore with following commands:
Please check Microsoft Tech Community Blog for more details on how to setup LDAPS on Windows.cd JRE\bin (use JDK\bin instead if JRE is not found, for example, OpenJDK11). keytool -importcert -alias "anyName" -keystore \lib\security\cacerts -storepass changeit -file "C:\Users\username\Desktop\exported.cer"
- users.json:
"tls" or "ssl" can be used for the security protocol (secProtocol).{ "source": { "type": "AD", "properties": { "server": "192.168.12.128:389", "secProtocol": "tls", "domain": "mydomain.com", "groups": "sales, support", "transferCredential": false, "serversAttr": "otherLoginWorkstations" } } }
LDAP debugging
Get LDAP debug logs
If errors occur when trying to connect via LDAP, the following Java parameter can be stored in order to obtain more error information and logging for LDAP:
-Dcom.sun.jndi.ldap.connect.pool.debug=all
Please enter the parameter in SparkView in the Control Panel:
Prevent unmatched name issue
If the LDAP server is specified via an IP address and not the host name, unmatched name issues may occur. To prevent this, set the following Java parameter:
-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
RADIUS
{
"source": {
"type": "RADIUS",
"properties": {
"server": "192.168.12.128",
"port": "1812",
"accountingPort": "1813",
"sharedSecret": "test123"
}
}
}
You also need to configure the servers in servers.json.
Azure AD
The Azure AD connection is essentially an OAuth2 connection. You can find more information about OAuth2 here.
To connect Azure AD, you need to create a JSON file (e.g. providers.json
) with the following content, or extend an existing OAuth2 JSON file:
{
"providers" : [
{
"name" : "Live",
"client_id" : "40e0b9e5-a534-4bbe-98d2-f3ff0139b67f",
"client_secret" : "UVH8Q~_e3MxQknUYzbo.bSy_lYafDBO_-R8pTWaCt",
"request_uri" : "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
"redirect_uri" : "https://www.mygateway.com/oauth2callback",
"access_token_uri": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
"scope": "openid profile email"
}
]
}
Please replace https://www.mygateway.com
with the address of your SparkView server.
In the gateway.conf file, this file must then be linked (if not already done with an existing file):
oauth2 = C:\\data\\oauth\\providers.json
Please note that the endpoint name "common" in the URL may be different for you. You can find more information about this here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints
3.28 – Using Java parameters
In some cases, the use of Java parameters during or before the start of SparkView is useful or necessary.
Depending on the system, these must be entered as follows:
Windows
Enter the parameters in the SparkView control panel under the "Java" tab one below the other.
Linux/MacOS
Enter the parameters directly with the start command, e.g.
java -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -jar SparkGateway.jar
3.28 – Send logs to syslog
SparkView can collect and forward logs under Linux via syslog. This requires a few adjustments on the part of SparkView and on the server.
Adjustments SparkView:
Create the file logging.properties
in the SparkView root directory. You can also copy an existing one from the JRE/lib directory and customize it by adding the following lines at the end:
.level= INFO
handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
# Syslog logger
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.facility = local0
com.agafua.syslog.SyslogHandler.port = 514
com.agafua.syslog.SyslogHandler.hostname = vmuser-xubuntu1604
Then add the Java VM argument to the command that starts SparkView:
-Djava.util.logging.config.file=yourSparkViewFolder/logging.properties
Adjustments Server (Ubuntu):
- Edit the file "/etc/rsyslog.conf" and comment/activate the following two lines:
module(load="imudp") input(type="imudp" port="514")
- Go to the directory "/etc/rsyslog.d" and create a new file "60-java.conf" (the name can be chosen arbitrarily) with the following content:
local0.* /var/log/gateway.log
- Restart the syslog service:
sudo service rsyslog restart
4. – Administration and usage via UI
4.1 – config.html
After opening the /config.html page, you have the possibility to configure all the important settings in SparkView.
Quick overview of the individual topics:
If you access the page from the localhost, no password is required to start the configuration. Outside the localhost, the management password must be entered.
Below you will find a descriptive overview of the different settings areas (tabs here). The name corresponds to the attribute name that can be written directly to the gateway.conf file.
Gateway
Name in config.html | Attribute in gateway.conf | Type | Default | Description |
---|---|---|---|---|
SSL (https and wss) | ssl | boolean | false | Enable/disable HTTPS/WSS. Can be true and false |
Port (Default is 80 or 443) | port | number | 8080 | Port on which SparkView is running |
Binding Address | bindAddr | string | "localhost" | Bind SparkView to a fixed IP address |
Network Level Authentication | credSSP | boolean | false | Enable/disable NLA. Can be true, false or auto |
Path of License File | license | string | "./license" | Full path to license file, including file name. Only for paid version. |
Upload License File | Upload a license file | |||
HTML Root Directory | html | string | "./html/" | HTML root directory. Printed files are stored in the "temp" subdirectory. Please make sure that SparkView has read and write permissions. |
Default Web Page | directoryIndex | string | "rdp.html;index.html" | Default page (inside the HTML directory) that is displayed after opening SparkView. |
Path of Log File | logfile | string | "gateway.log" | Full path to log file, including file name. |
Size of Single Log File (bytes) | maxbytes | number | 30720000 | Maximum size of a log file (please specify in bytes) |
Maximum number of Log Files | maxfiles | number | 99 | Maximum number of log files. |
Log HTTP header | logHttpHeader | boolean | true | Log HTTP header. This may contain sensitive information such as passwords. |
PDF Converter | converter | string | Full path to the Postscript to PDF converter. Ghostscript (https://ghostscript.com/releases) is recommended. | |
PDF Converter Arguments | arguments | string | "-dBATCH -dNOPAUSE -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2" | Arguments for the Postscript to PDF converter. %1 is the name of the output PDF file. %2 is the name of the input PS file. |
Plugin Class | plugin | string | Class name for a custom plugin. | |
Administration Password (for reporting API etc) | password | string | "password" | Management password for configuration, reporting and API. |
Enable Remote Management/Configuration | remoteManage | boolean | false | Enable/disable remote management from outside the localhost. |
Temporary directory (for downloading/uploading) | tmpdir | string | Parent directory for temporary files. | |
Days of temporary files are kept | keepDays | number | 1 | How many days temporary files should be kept by the system. |
RD Web Access Webfeed | webfeed | string | Remote desktop web feed URL, for RD web access integration. | |
Session Recording | recording | number | Enable/disable session recording. Can be 1 (record graphics only) or 2 (record graphics and sound) | |
Directory for saving session recordings | recdir | string | Directory for saved session recordings. | |
Warn user about session recording | recwarning | boolean | true | Warn users about session recording. |
Access Not-In-List computers after logged in | accessNotInList | boolean | false | Whether users can reach computers and servers that are not shared with them or in the web feed. |
Name of Redirected Drive | disk | string | Name for the shared disk, used for file upload/download. | |
Name of Redirected Printer | printer | string | "Remote Printer from Client" | |
Connections are queued (Backlog) | backlog | number | 50 | How many client connections can be queued. |
User Definition File | user | string | "./data/users.json" | Full path of the users definition file, including file name. |
Server Definition File | server | string | "./data/servers.json" | Full path of the servers definition file, including file name. |
Gateway Web Address | webAddress | string | HTTP address of the web server for OpenID login (redirect). Also in use for client side to get the real gateway address (in case of multiple gateways and load balancing). | |
Host Name of Client User | clientHost | string | Customize the host name of the client user. For more information and possible parameters see section 3.1, "clientHost". | |
Rdp Session Performance Flags | performanceflags | number | 111 | RDP performance flags. Please see section 3.4 for more information. |
RemoteFX | remotefx | boolean | false | Enable/disable RemoteFX. Works only with LAN and 32 bit. |
DNS Lookups | enableLookups | boolean | false | Enable to make calls perform DNS lookups to get the actual hostname of the remote client. Disable to skip DNS lookups and instead return the IP address in the form of a string (which improves performance). |
Session cache time (minutes, 0 = disable session cache) | maxCacheTime | number | 0 | How long sessions should be cached on the gateway (in minutes). 0 disables the RDP session cache. |
Email SMTP Host | mail.smtp.host | string | SMTP host for outgoing emails. You can use java -cp SparkGateway.jar com.toremote.gateway.Mailer title message to send a test email. | |
Email SMTP Port | mail.smtp.port | number | SMTP port for outgoing emails | |
Email User | mail.user | string | SMTP user for outgoing emails | |
Email Password | mail.password | string | SMTP password for outgoing emails | |
Email From | mail.from | string | Outgoing emails: From | |
Email to | mail.to | string | Outgoing emails: To | |
Email SMTP Authentication | mail.smtp.auth | boolean | Server requires authentication | |
Email TLS | mail.smtp.starttls.enable | boolean | Enable/disable STARTTLS | |
Symlink | symlink | string | Full path of the symlink definition file, including file name. | |
License Usage Alert (Email) | licenseAlert | number (float) | Receive an alert by email when the license usage value reaches this value: Value < 1: Usage value as a percentage of the current license. (e.g.: 0.75 = when 75% usage is reached). Value > 1: Value in use as actual concurrent connections (e.g.: 394 = if 394 concurrent connections in use). |
|
Interval of thumbnail (milliseconds) | thumbnail.interval | number | 0 | Interval for receiving thumbnails of the RDP session (in milliseconds). If 0, the client will not send a thumbnail to the server if there are no changes. |
Width of thumbnail | thumbnail.width | number | 0 | Thumbnail width (in pixels), must be smaller than 640. 0 = no thumbnail. |
Copy timeout (milliseconds) | copyTimeout | number | 3000 | Timeout for clipboard redirection (in milliseconds). This value should be increased if you need to copy very large data in your application. |
Path of Key Store | keyStore | string | Full path of the keystore file, including file name. Set up keystore or certificate name when ssl is true. For example keystore.jks or cert.pfx .If you are using a certificate (i.e. cert.pfx ), a password is required (see keyStorePassword).If you are using a Java keystore (i.e. keystore.jks ), the password of the keystore must match the one used for the certificate, which is integrated in the keystore. |
|
Password of Key Store | keyStorePassword | string | Keystore or certificate password. If you are using a Java keystore (i.e. keystore.jks ), the password of the keystore must match the one used for the certificate, which is integrated in the keystore. |
|
Password Encryption | passwordEncrypted | boolean | false | Encrypt the keystore, management and reporting password. Please use following command to get encrypted password:java -cp SparkGateway.jar com.toremote.gateway.Encryption MyPassword |
Remote Assistance | assistance | boolean | false | Enable/disable remote assistance. |
SSH | ssh | boolean | false | Enable/disable SSH. |
TELNET | telnet | boolean | false | Enable/disable Telnet. |
Disable Burst License | disableBurstLicense | boolean | false | Enable/disable burst license model. |
License status | Displays the current license status. |
Server
Here you can see a list of all created servers. If you want to add a new server, just click the "Add" button.
To edit an existing server, simply click on the edit icon (1 in the image), to delete a server, click on the delete icon (2 in the image):
After you click the "Add" button to add a new server, you will get a modal window with the following settings options and tabs. The entries can be included directly in the servers.json in addition to the UI version.
Name in config.html | Attribute in servers.json | Type | Default | Description |
---|---|---|---|---|
ID | id | string | ID for the server, must be unique. | |
Display Name | displayName | string | Display name for the server | |
Server | server | string | Host name or IP address of the server | |
Icon | icon | string | Image file for the server, which is displayed as an icon in the SparkView portal. Please specify the full path incl. filename here. | |
Protocols | protocols | string | "rdp" | Protocols to use for the server. It is recommended to set a new server entry for each protocol. |
RDP
Name in config.html | Attribute in servers.json | Type | Default | Description |
---|---|---|---|---|
Port | port | number | 3389 | RDP port to use |
User | username | string | User name (optional, since solved via users/users.json) | |
Password | password | string | Password (optional, since solved via user/users.json) | |
Domain | domain | string | Domain where the RDP server is located | |
Console session | console | boolean | false | Establish console session with RDS |
VirtualBox RDP or xrdp | legacyMode | boolean | false | Use XRDP instead of RDP protocol. Can be used for legacy servers and applications, or Linux distributions. |
Keyboard Layout | keyboard | number | Keyboard layout to use. See chapter 3.4 for a layout list. | |
Color Depth | color | number | 16 | Zu verwendende Farbtiefe |
Minimum Width | minWidth | number | Minimum width of the remote RDP window. Normally, this field should not be filled in, because the dimensions are detected automatically. | |
Minimum Height | minHeight | number | Minimum height of the remote RDP window. Normally, this field should not be filled in, because the dimensions are detected automatically. | |
Start Program on Connection | command | string | After the connection is established, directly launch an installed program on the remote desktop/server. | |
Start in following folder | directory | string | Start the program to be launched in a specified folder. | |
RemoteApp Exe or file | remoteProgram | string | Start only one application via RemoteApp instead of an entire desktop environment. Please specify the entire path incl. file name. | |
RemoteApp Arguments | remoteArgs | string | Arguments to be transferred to the starting RemoteApp | |
Wake On Lan Mac Address | mac | string | Mac address of the allowed Wake On Lan device. Empty/not set = no Wake On Lan. | |
Wake On Lan Broadcast IP | macIP | string | Broadcast IP address of the allowed Wake On Lan devices | |
Clipboard Redirection | mapClipboard | boolean | false | Enable/disable clipboard redirection |
Sound Redirection | playSound | number | 0 | Enable/disable sound playback. 0 = Play sound on this computer; 1 = Do not play sound; 2 = Play sound on the remote computer. |
Audio Recording | audioRecord | boolean | false | Recording of all audio tracks of the remote computer. |
RDP 6.1 Decompression | decompressingRDP61 | boolean | false | Enable/disable RDP 6.1 Compression. The RDP 6.1 bulk compression technique produces better compression ratios than the RDP 6.0 bulk compressor, but also consumes significantly more memory, which can affect scalability of multi-user servers. This compressor is only used for server-to-client traffic (it is not used for client-to-server traffic). |
Printer Redirection | mapPrinter | boolean | false | Activate/deactivate (virtual) printer forwarding. |
Session Recording | sessionRecord | number | 0 | Enable/disable session recording. 0 = no session recording; 1 = record graphics only; 3 = record graphics and sound. |
Drive Redirection | mapDisk | boolean | false | Enable/disable disk redirektion. |
Drive 0 - Dos Name | disks.dosName | string | For the 1st disk: DOS name | |
Drive 0 - Path | disks.devicePath | string | For the 1st plate: Full path to the plate | |
Drive 0 - Actions | disks.actions | number | 7 | For the 1st plate: permissions in the octal procedure |
Drive 1 - Dos Name | disks.dosName | string | For the 2nd disk: DOS name | |
Drive 1 - Path | disks.devicePath | string | For the 2nd plate: Full path to the plate | |
Drive 1 - Actions | disks.actions | number | 1 | For the 2nd disk: enable/disable redirect |
Drive 2 - Dos Name | disks.dosName | string | For the 3rd disk: DOS name | |
Drive 2 - Path | disks.devicePath | string | For the 3rd plate: Full path to the plate | |
Drive 2 - Actions | disks.actions | number | 1 | For the 3rd disk: enable/disable redirect |
Performance Flags | performanceflags | number | 111 | Performance flags for this connection. For more information about the performance flags, see chapter 3.4. |
Network Level Authentication (credSSP) | credSSP | number | 0 | Enable/disable NLA. 0 = no NLA; 1 = enable NLA; 2 = automatically detect NLA based on server settings. |
RemoteFX (32 bit color only) | remotefx | boolean | false | Enable/disable RemoteFX. RemoteFX only works with a color depth of 32 bit and under LAN. |
Smart Card Redirection | smartCard | boolean | false | Enable/disable Smart Card Redirection. |
Camera Redirection | mapCamera | boolean | false | Enable/disable camera/webcam redirection. |
USB Redirection | mapUSB | boolean | false | Enable/disable USB Redirection. |
Load Balance Info | loadBalanceInfo | string | Load balance information for the use of multiple gateways. | |
Single Sign-on | sso | boolean | true | Use single sign-on for this specific server/connection. |
VNC
Name in config.html | Attribute in servers.json | Type | Default | Description |
---|---|---|---|---|
Port | port | number | 5900 | VNC port to use |
Password | password | string | Password (optional, since solved via user/users.json) | |
Encoding | encoding | number | 16 | Coding for the VNC connection. Can be 16 (ZRLE), 7 (Raw) or 0 (Tight). |
JPEG Quality | quality | number | 5 | Quality of the transferred images (in JPEG format). Significantly affects the performance. |
ZIP/Tight Compression | compression | number | 6 | Level of compression. Significantly affects the performance. |
Use CopyRect encoding | UseCopyRect | boolean | true | Enables/disables CopyRect Encoding. The CopyRect encoding is efficient when something is being moved. CopyRect could also be used to efficiently transmit a repeated pattern. |
Colors | color | number | 32 | Displayed colors during the VNC connection. 256 colors should be used for slow connections with limited bandwidth. |
Share the server | share | boolean | true | Share the session with other viewers. |
Clipboard redirection | mapClipboard | boolean | true | Enables/disables clipboard redirection. |
Session Recording | sessionRecord | number | 0 | Enable/disable session recording. 0 = no session recording; 1 = record graphics only; 3 = record graphics and sound. |
SSH
Name in config.html | Attribute in servers.json | Type | Default | Description |
---|---|---|---|---|
Port | port | number | 22 | SSH port to use |
User | username | string | User name (optional, since solved via user/users.json) | |
Password | password | string | Password (optional, since solved via user/users.json) | |
Font Size | fontSize | number | 13 | Font size used in the displayed terminal. |
Clipboard | mapClipboard | boolean | true | Enables/disables clipboard redirection. |
Session Recording | sessionRecord | number | 0 | Enable/disable session recording. 0 = no session recording; 1 = record graphics only; 3 = record graphics and sound. |
Key File | keyfile | string | Full path to the key file in PEM format incl. file name. For more information on SSH authentication via keys, see chapter 5.7. | |
Password of Key File | keyfilePwd | string | Key file password | |
Terminal Type | terminalType | string | "xterm" | Terminal type |
Telnet
Name in config.html | Attribute in servers.json | Type | Default | Description |
---|---|---|---|---|
Port | port | number | 23 | Telnet port to use |
Font Size | fontSize | number | 13 | Font size used in the displayed terminal. |
Clipboard | mapClipboard | boolean | true | Enables/disables clipboard redirection. |
Session Recording | sessionRecord | number | 0 | Enable/disable session recording. 0 = no session recording; 1 = record graphics only; 3 = record graphics and sound. |
HTTP
Name in config.html | Attribute in servers.json | Type | Default | Description |
---|---|---|---|---|
Scheme | scheme | string | "https" | Scheme used. Only HTTP and HTTPS are possible here for the time being. |
Port | port | number | 443 | HTTP/S port to use |
Path | path | string | Full path to the application/page within the HTTP/S page. |
User
With SparkView, you basically have several options to integrate users:
- Local user database
- Connection through Azure AD, Active Directory or LDAP
- Connection through RADIUS
You can use config.html to import users from an Active Directory (once) and create users manually from the beginning. Please make connections to Azure AD, Active Directory, LDAP or RADIUS directly in the users.json file. For the sake of simplicity, there is a SparkView Customizer that creates the users configurations for the users.json file.
Click here to get to the customizer →
Import users
To import users from Active Directory, enter all the details in the fields provided and then click the Import Active Directory Users button. In addition to an organizational unit (OU), you can also define a group (5) from which the users are to be imported. You can also assign servers to the new users during import (8) so that this does not have to be done manually for each user.
Add users manually
To add users manually, click the "Add" button. Then you have the following configuration options. The name corresponds to the attribute name, which can be written directly to the users.json file.
Name in config.html | Attribute in users.json | Type | Default | Description |
---|---|---|---|---|
Name | name | string | Username (recommended without special characters and spaces) | |
Password | password | string | Password of the user. If it is a domain user, enter *** as the password. |
|
Servers | servers | array | Shared servers for the user. Enter the server IDs comma-separated and without spaces, or select them from the list. | |
Domain user | isDomainUser | boolean | false | Specify whether the user is a domain user. |
Domain Server | domainServer | string | Full address of the domain server | |
Transfer Credential to Connection | transferCredential | boolean | false | Forward connection data to the connecting targets. For this purpose, the user name and password entered here must match the access data on the target device. |
Host Name (RDP) | clientHost | string | Displayed name of the client/user for RDP connections. |
Edit/delete users
In the list view, users can be edited via the edit icon (1) and deleted via the delete icon (2).
Symlink
Symlinks can be created and used for direct connection of targets. The symlinks are stored inside SparkView in the /data/symlink.json
file. Click the "Add" button to add a new symlink. You will then get a modal window again with the following configuration options:
Name in config.html | Attribute in symlink.json | Type | Default | Description |
---|---|---|---|---|
ID | id | string | Dynamic value | Unique ID of the symlink. This ID is generated automatically and should not be changed. |
Password | password | string | Password that is given to the symlink as a parameter. | |
Resource (Server) | resourceId | string | ID of the target system. Can be entered manually or selected from the list. | |
Valid From | validFrom | string | Validity of the symlink: From when | |
Valid Time | validTime | string | Validity period of the symlink, e.g. "2d". y = year; M = month; d = day h = hour; m = minute. | |
or Valid To | validTo | string | Alternatively to the validity period: Until when | |
Parameters for target | parameters | string | Additional parameters for the symlink. To be entered in URL-encoded form (e.g. user=userName&domain=local). | |
Comment | comment | string | Comment that is displayed in the edit view. | |
Access link | Using the Access link, you can call the symlink directly from the form and the symlink does not have to be saved first. |
In the list view, symlinks can be edited via the edit icon (1) and deleted via the delete icon (2).
Session
In SparkView können Sie über den Session-Tab alle aktiven Session beobachten. Außerdem können Sie über eine JavaScript Konsole Nachrichten an einzelne oder alle Session schicken:
sparkConfig.notify('My message');
→ Sendet eine Nachricht an alle aktiven Sessions.
sparkConfig.notify('My message', [123456789, 123456788]);
→ Sendet eine Nachricht an die aktiven Sessions „123456789“ und „123456788“.
Server Group
Individual servers can be grouped into server groups for better and easier organization. The created server groups are stored in SparkView in the /data/servergroups.json
file.
To add a new server group, click the "Add" button. You will then get a modal window again with the following configuration options:
Name in config.html | Attribute in servergroups.json | Type | Default | Description |
---|---|---|---|---|
Name | name | string | Name of the server group | |
Servers | servers | array | Servers to be entered into the server group. The server IDs are entered comma-separated, or selected with the help of the list. |
In the list view, server groups can be edited via the edit icon (1) and deleted via the delete icon (2).
User Group
Individual users can be grouped into user groups for better and easier organization. User groups can be given access to server groups. The created user groups are stored in SparkView in the /data/usergroups.json
file.
To add a new user group, click the "Add" button. You will then get a modal window again with the following configuration options:
Name in config.html | Attribute in usergroups.json | Type | Default | Description |
---|---|---|---|---|
Name | name | string | User group name | |
Users | users | array | Users to be entered into the user group. The user IDs are entered comma-separated, or selected with the help of the list. | |
Server Groups | servers | array | Server groups to which the user group should have access. The server group IDs are entered comma-separated, or selected with the help of the list. |
In the list view, user groups can be edited via the edit icon (1) and deleted via the delete icon (2).
4.2 – file.html
You can use the /file.html page to establish a secure connection to an SMB2 or SFTP destination. All file operations can then be performed through the currently used browser, you do not need a separate client.
After you open the page, you have the following configuration options:
- File server (Host name or IP address)
- Server type (SMB2 or SFTP)
- Port
- Username
- Password
- Domain
- SMB share
- Directory on the target server
4.3 – join.html
You can join an existing session as a support or spectator via the /join.html page. You will receive the join ID from the session owner. The session owner can view the session information via the small "i" icon at the top of the screen:
The session owner can also specify whether you can control the session or not.
4.4 – login.html
You can log in to SparkView via the /login.html page.
Logging in can be done via various services:
- Local user database (config.html → Users)
- Active Directory, Azure AD, LDAP or RADIUS
- OAuth 2.0/Okta
🎨 Customization desired?
You want to have your login screen customized to your company/brand? No problem, just contact us by creating a ticket.
4.5 – player.html
You can use the /player.html page to play previously recorded session recordings from localhost. For security reasons, access to this page is limited to the localhost. If you want to play recordings from outside the localhost, please use the /playeremote.html page.
4.6 – rdp.html
The /rdp.html page is the heart of the SparkView installation and can be used to connect to a remote RDP server. The connection runs entirely within the browser used, thanks to SparkView.
⚠️ Important!
Normally, the connection to RDP servers and applications is controlled via the portal. The direct call of the /rdp.html should only be used if a target is to be addressed once or temporarily and not saved.
After you open the page, you have the following options to configure the connection to the desired destination:
Tab „General“:
- Ability to upload an .rdp file to establish the connection
- Computer (IP address or host name of the target system)
- Port
- Username
- Password
- Domain
- Keyboard layout
- Connect to a console session
Tab „Display“:
- Width of the remote desktop (= displayed size in the browser on the current screen)
- Height of the remote desktop (= displayed size in the browser on the current screen)
- Color depth
- Disable remote cursor
Tab „Local“:
- Timezone
- Remote audio playback
- Remote audio recording
- Enable/disable clipboard rediretion
- Enable/disable printer rediretion
- Enable/disable drive rediretion
- Shared drive name
- Enable/disable camera rediretion
- Enable/disable USB rediretion
- Enable/disable smart card rediretion
- Enable/disable scanner rediretion
Tab „Programs“:
Optionally, a program or a dedicated RemoteApp of the RDP server can be opened directly after the connection is established. This can prevent access to the "normal desktop", for example.
- Start program on connection
- Program path and file name
- Startfolder
- RemoteApp
- Exe or file
- Arguments
Tab „Advanced“:
- Show desktop background
- Enable/disable font smoothing
- Enable/disable desktop composition
- Show window contents while dragging
- Enable/disable menu and window animation
- Enable/disable visual styles
- Enable/disable persistent bitmap caching
- Enable/disable RemoteFX (32 bit color and LAN only)
- Enable/disable session recording
- Enable/disable RDP 6.1 decompression
- Load balancing information
- Hyper-V VM ID (you can connect to a Hyper-V console. The default listening port of Hyper-V console is 2179)
- Connected computer name
Tab „Multi-Monitor“:
To use the multi-monitor feature of SparkView, please follow these steps:
- Open a new window for each monitor. Please use the "Open" button in the multi-monitor tab.
- Set all windows to be used to full screen
- Enter your connection data and click on "Connect".
4.7 – report.html
On the /report.html page you have the opportunity to get important and up-to-date information about the usage and license of the current SparkView server.
Enter the management password under the gateway address and click the desired button to get the corresponding result/statistic:
Get Report
Get the current number of (concurrent) sessions on the SparkView server.
Get License
Get information about the currently imported license:
- Maximum number of concurrent connections
- Expiration date
- Licensor
- Licensee
- Aktuelle Gateway-Version (Hauptversionen)
4.8 – shadow.html
By calling the /shadow.html page, you can join an existing RDP session and view it, or even control it.
Please note the requirements that must prevail on the RDP server for session shadowing to work:
- Start
gpedit.msc
and call the following directory:
Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Connections - Activate the policy "Rules for remote control of Remote Desktop Services user sessions"
- Enable file and printer sharing
After opening the page, you have the following options:
- RDP server (IP address or host name of the RDP server)
- Username
- Password
- Domain
- Enable control over the session
- Enable silent mode. This will not notify the main user of the session that shadowing is taking place.
4.9 – ssh.html
The direct call to ssh.html can be used to quickly establish direct SSH connections to remote destinations via SparkView. Please note that a responsive SSH server must be running on the target system.
SparkView supports authentication via username/password or via public key. To enable public key authentication, please follow the instructions in 5.7 - SSH authentication with keys.
After opening the page, you have the following options:
Tab "General":
- Computer (IP address or host name of the target system)
- Port
- Username
- Password
Tab "Advanced":
- Clipboard redirection
- Font size
- Terminal type
- Session recording
- SFTP activation
- Certificate file
- Certificate passphrase
- Allowed commands
4.10 – telnet.html
The direct call to telnet.html can be used to quickly establish direct telnet connections to remote destinations via SparkView. Please note that a responsive telnet server must be running on the target system.
After opening the page, you have the following setting options:
Tab "General":
- Computer (IP-Adresse oder Hostname des Zielsystems)
- Port
Tab "Advanced":
- Clipboard redirection
- Font size
- Session recording
4.11 – vnc.html
The direct call to vnc.html can be used to quickly establish direct VNC connections to remote targets via SparkView. Please note that a responsive VNC server must be running on the target system.
After opening the page, you have the following settings options:
Tab "General":
- Computer (IP address, hostname or websocket address of the target system)
- Port
- Username
- Password
Tab "Advanced":
- Encoding
- Color settings
- Server sharing
- Clipboard redirection
- Session recording
For connections through the VMware HTML Console, please use the yoursparkview.com/vmware.html page. For more information, see 4.13 - vmware.html.
4.12 – Further files and views
assist.html
Join an existing session for support via this file. Please note that the partner will provide you with the file, as well as the username and password. The invitation file is created by the help seeker via the file msra.exe
and should be in the format .msrcIncident
.
cname.html
Works with the gateway.conf parameter asHost
. If this parameter is set to on
, the value of the HTTP header host
is set as the server. For example, if you call https://server1/cname.html
, an RDP connection to server1
is automatically established. This can be useful when multiple virtual hosts are in use.
faq.html
Learn more about errors that can occur during installation, configuration, and ongoing operation. The notes shown here largely apply to older and legacy versions of SparkView.
joinssh.html
Join an existing SSH session as an outsider using the session ID and a freely assignable name. You receive the session ID from the host of the session to be joined. The host can also choose whether you have read-only or control rights.
jointelnet.html
Join an existing Telnet session as an outsider using the session ID and a freely assignable name. You receive the session ID from the host of the session to be joined. The host can also choose whether you have read-only or control rights.
joinvnc.html
Join an existing VNC session as an outsider using the session ID and a freely assignable name. You receive the session ID from the host of the session to be joined. The host can also choose whether you have read-only or control rights.
keyboard.html
Test the keyboard layout that is currently being used for input here. This allows you to match country and keyboard settings with servers and remote hosts for smooth operation.
monitor.html
This page works analogously to the multi-monitor function of the /rdp.html page and should not be called manually. Please always make multi-monitor connections via the portal or the /rdp.html.
monitordashboard.html
🚧 Experimental feature
This feature is still under development and therefore still in productive mode. Please use with caution!
The monitoring dashboard can be used to view and analyze past actions of the following areas:
- Recordings and playbacks
- Keyboard inputs
- applications
- File transfers
- prints
- User events
- Attack events
- License events
The views of the scopes can be filtered by user, start time, end time and hostname if required.
new.html
View version changes and release notes for major versions of SparkView here. Similarly, you can find a granular changelog at /release.txt
.
playeremote.html
View previously recorded footage here, even from outside your network. The normal player.html works only from localhost for security reasons, the playeremote.html from anywhere.
rail.html
Open a RemoteApp within another RemoteApp in the same session.
sessiondashboard.html
View all active sessions of the current gateway here. You can filter and sort the sessions.
sshdirect.html
Connect directly to an SSH server here without going through the SparkView dashboard.
sso.html deprecated
Used in older versions to verify credentials via SSO and then forward traffic. These features are now integrated in the login.html and rdpdirect.html files/views, making the sso.html obsolete and should no longer be used.
vmware.html
Provides the ability to establish a direct (VNC) connection to a VMware HTML Console via SparkView. Please note that the callback is done via the /vnc.html
file.
5. – Further management and configuration
5.1 – Session management
You can use config.html to check session status, terminate or join a session on the gateway:
5.2 – Multi-Monitor
You’ll have to open a new browser window for every monitor because you can not span a full screen browser window on multi monitors.
- Go to the "Multi-Monitor" tab, click "Open" to open a new browser window
- Move the new window to the second screen and make it full screen.
- Make the current browser window full screen and connect.
5.3 – SMB2 and SFTB file proxy
Spark Gateway can also act as a SMB2/SFTP file proxy. User can access their SMB share, SFTB files with file.html with the following advantages:
- No need to expose your SMB, SFTB server.
- Protected with TLS encryption.
- No need to expose RPC, pipe access with SMB.
- Easily integration file access with our HTML5 interface and library.
5.4 – Deploy, run and test applications in the cloud
Deploy and test your application in cloud can cumbersome. You need:
- Create bastion for individual work stream or project.
- Manage a lot of bastion hosts and user account is really painful.
- Security is always a problem for those bastion hosts.
Take advantage of our Spark Gateway proxy, SSH and SFTP feature. We developed a native agent which will work with the gateway to make this a lot easier. Please check our Deploy applications in cloud with SparkView.
5.5 – IP filter (iptables)
You can set up IP filters for SparkView.
First, save you ip filters into a JSON file. Here is the format of the IP filter configuration file:
{
"zoneRules": {
"HTTP_API": {
"allow": true,
"ranges": [
{
"from": "192.168.12.100",
"to": "192.168.12.200"
},
{
"from": "169.254.84.132"
}
]
},
"TCP": {
"allow": true,
"ranges": [
{
"from": "192.168.12.100",
"to": "192.168.12.200"
},
{
"from": "192.168.12.10",
"to": "192.168.12.20"
},
{
"from": "169.254.84.132"
}
]
}
}
}
Then, you need to specify the location of this file in gateway.conf:iptables=C:\\workspace\\data\\iptables.json
There are 3 zones available in SparkView:
- "TCP" is used to control TCP connections
- "HTTP_API" is used to control the HTTP API usage
- "CONFIG" is used to control the config.html
Rules for accessing config.html:
- Always accessible from the localhost
- Accessible from anywhere if
remoteManage=true
in gateway.conf and correct password is provided - Accessible if
remoteManage=false
and source IP is allowed in iptables
5.6 – SNMP integration
Configuration in gateway.conf:
#agent address and port:
snmp.address.get-set = udp:192.168.1.68/1161
snmp.mib.prop.file = /SparkGateway/snmp/snmp-agent-mib.properties
nmp.table.size.limits.prop.file = /SparkGateway/snmp/snmp-agent-table-size-limits.properties
# percentage of license usage to send alert
snmp.license.usage.warning.percentage=0.5
Please check other MIB configuration files in installDir\snamp.
5.7 – SSH authentication with keys
To be able to authenticate to a created target system via SSH using public and private keys, the following steps must be followed, which will be described in more detail later:
- Generate an SSH key
- Copy the key to a server
- Test the key
- Optional: convert private key to .pem format
- Include the key in SparkView
1. Generate an SSH key
With OpenSSH, an SSH key is created using ssh-keygen. In the simplest form, just run ssh-keygen and answer the questions. The following example illustates this.
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sparkview/.ssh/id_rsa): mykey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in mykey.
Your public key has been saved in mykey.pub.
The key fingerprint is: SHA256:GKW7yzA1J1qkr1Cr9MhUwAbHbF2NrIPEgZXeOUOz3Us sparkview@demo
The key's randomart image is:
+---[RSA 2048]----+
|.*++ o.o. |
|.+B + oo. |
| +++ *+. |
| .o.Oo.+E |
| ++B.S. |
| o * =. |
| + = o |
| + = = . |
| + o o |
+----[SHA256]-----+ #
Creating a key pair (public key and private key) only takes a minute. The key files are usually stored in the ~/.ssh directory.
2. Copy the key to a server
Once an SSH key has been created, the ssh-copy-id
command can be used to install it as an authorized key on the server. Once the key has been authorized for SSH, it grants access to the server without a password.
Use a command like the following to copy SSH key:ssh-copy-id -i ~/.ssh/mykey user@host
This logs into the server host, and copies keys to the server, and configures them to grant access by adding them to the authorized_keys file. The copying may ask for a password or other authentication for the server.
Only the public key is copied to the server. The private key should never be copied to another machine.
3. Test the key
Once the key has been copied, it is best to test it:
ssh -i ~/.ssh/mykey user@host
The login should now complete without asking for a password. Note, however, that the command might ask for the passphrase you specified for the key.
4. Optional: convert private key to .pem format
If you do not have the private key in pem format and/or SparkView shows an error message like the following ...
SEVERE: Invalid PEM structure, '-----BEGIN...' missing
java.io.IOException: Invalid PEM structure, '-----BEGIN...' missing
at com.trilead.ssh2.crypto.PEMDecoder.parsePEM(SourceFile:183)
at com.trilead.ssh2.crypto.PEMDecoder.decode(SourceFile:429)
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(SourceFile:175)
at com.trilead.ssh2.Connection.authenticateWithPublicKey(SourceFile:335)
at com.trilead.ssh2.Connection.authenticateWithPublicKey(SourceFile:428)
at com.toremote.websocket.ssh.SSHWrapper.connect(SourceFile:109)
at com.toremote.websocket.ssh.SSHRunner.run(SourceFile:165)
... you should convert the private key to the correct format. To do this, you can run the following command:
ssh-keygen -f mykey -m pem -p && cat mykey > mykey.pem
You may need to re-enter the passphrase for the key. The command creates a pem version of the private key and then copies it to a key file named "mykey.pem".
5. Include the key in SparkView
To finally use the key with SparkView, copy the previously created file "mykey.pem" into the root directory of SparkView. Then you enter the location of the key in the server configuration:
When you connect to the server afterwards, you only need to enter the SSH username and the connection will be authenticated and established automatically. Alternatively, you can forward the credentials from the user, but the SparkView user name and the SSH user name must be the same.
6. – API and Plug-In
6.1 – Reporting API (query server status, client side JavaScript API)
Include "gateway.js" in your web page:
var gw = new Gateway("192.168.9.118");
gw.login("password");
gw.report(); //output to console
gw.report(callback); //output to callback method
gw.checkLicense(callback2); //check license status
function callback(obj) {
if (obj.error) {
console.log("Error on getting report:" + obj.error);
return;
}
var c, cs = obj.connections;
var len = cs.length;
console.log("\nTotal connections:" + len);
for ( var i = 0; i < len; i++) {
c = cs[i];
console.log("connection " + i + " ------");
console.log("clientIp: " + c.clientIp);
console.log("clientAgent: " + c.clientAgent);
console.log("server: " + c.server);
console.log("startTime: " + c.startTime);
}
}
We also have a Java command line tool available for the same purpose. Please download it from our website.
We also have WebSocket client available which can be used to communicate with our gateway or other WebSocket servers.
6.2 – RDP library (client side JavaScript API)
Further links to the coresponding subpages:
- 6.2.1 – RDP parameters
- 6.2.2 – Passing parameter via URL
- 6.2.3 – Passing parameter via object or cookie
- 6.2.4 – Usage of RDP class
- 6.2.5 – Extend RDP: Virtual Channel and Dynamic Virtual Channel
- 6.2.6 – Extend Gateway: Gateway Channel
6.2.1 – RDP parameters
Parameter | Value |
---|---|
gateway | BindString, address and listening port of the gateway. For example: 192.168.0.8:443 |
server | String, address of the RDP host. |
port | Integer, RDP listening port. Optional, default is 3389 |
user | String, user name (Windows User). |
pwd | String, password for user name. |
domain | String, domain name |
keyboard | Integer, keyboard layout, default is 0x409 (US) |
useConsole | Boolean, connecting to console session/Admin mode. Default is false. |
legacyMode | Boolean, connecting to xrdp or VirtualBox RDP |
width | Integer, screen width of RDP session. Default is 800 |
height | Integer, screen height of RDP session. Default is 600 |
server_bpp | Integer, color depth of RDP session. Default is 16 |
playSound | Integer, Default is 1: Do not play sound; 0: bring sound to local; 2: leave sound on remote computer. |
startProgram | String, "shell": start a program on connection; "app": start a RemoteApp |
command | Command for “Start a program on connection (startProgram=shell)” |
directory | Directory for running command (startProgram=shell) |
exe | Program or file for RemoteApp (startProgram=app) |
args | Arguments for RemoteApp (startProgram=app) |
background | Boolean, default is false, disable background. |
smoothfont | Boolean, default is false, disable font smoothing. |
contents | Boolean, default is false, disable full windows drag. |
animation | Boolean, default is false, disable menu animations. |
composition | Boolean, default is false, disable desktop composition. |
styles | Boolean, default is false, disable theming. |
mapClipboard | Boolean, default is false, disable clipboard rediretioin. |
mapPrinter | Boolean, default is false, disable printer redirection. |
mapDisk | Boolean, default is false, disable disk redirection. |
touchpad | Boolean, default is false, touchpad mode (relative mouse movement, touch interface only). |
waWidth | Work area width for RemoteApp, Default value is the screen width. You may want to change it if you display app in a iframe. |
waHeight | Work area height for RemoteApp. Default value is the screen height. You may want to change it if you display app in a iframe. |
printer | Printer name. You can specify multiple printer names by using “;” as seperator, e.g. “Printer1;Printer2”. The first one will always be the default printer. |
useSSL | Use WSS (WebSocket secure connection), only used by Rdp2 class. |
timezone | The client time zone name. Please check the values you can use in rdp.html |
loadBalanceInfo | Load balance information |
vmid | Hyper-V VM GUID, For example: B3D5444C-2611-405A-9CA0-7AA8DA94DF0B, it’s for Hyper-V console connection. |
minWidth | Minimum width, some applications can only work on a minimum resolution |
minHeight | Minimum height, some applications can only work on a minimum resolution |
connectType | Connecting type: CONNECTION_TYPE_MODEM 1 Modem (56 Kbps) CONNECTION_TYPE_BROADBAND_LOW 2 Low-speed broadband (256 Kbps - 2 Mbps) CONNECTION_TYPE_SATELLITE 3 Satellite (2 Mbps - 16 Mbps with high latency) CONNECTION_TYPE_BROADBAND_HIGH 4 High-speed broadband (2 Mbps - 10 Mbps) CONNECTION_TYPE_WAN 5 WAN (10 Mbps or higher with high latency) CONNECTION_TYPE_LAN 6 LAN (10 Mbps or higher) Default value is 5. |
shareClipboardId | Connections will same shareClipboardId will use shared clipboard on gateway. User can copy anything among these connections |
shareClipboard | on: enabled shared clipboard, it’s enabled by default if mapClipboard is on. |
symlink | Id of the created symlink. |
sessionRecord | 0: no session recording, 1: recording grphic only (no sound), 3 means recording graphic and sound. This can only be configured in pluign |
__record_name | Recording file name. This can only be configured in pluign before version 4.8.8. |
recording | on: record session on client side |
audioRecord | on: enable remote audio recording |
pingInterval | Seconds for ping |
soundPref | 0: low quality sound; 1: high quality sound |
smartcard | on: enable smart card redirection |
passwordIsPin | Use password as the pin of smart card |
name | Show the name on the cursor on joined users |
mac | Computer MAC address for Wake on LAN. Need to enable it in gateway.conf (timeoutWoL) |
macIP | Network broadcast ip address for WoL. |
decompressingRDP61 | Enable RDP6.1 compression. |
portCheckTimes | Gateway will check if the port is open before connecting |
portCheckInterval | Interval of checking open port in ms. |
copyToLocal | on: user can copy data to local from remote. It can be used to disable bi-directional copy/paste |
copyToRemote | on: user can copy data to remote from local. It can be used to disable bi-directional copy/paste |
copyTextOnly | on: user can only copy plain text. |
textPrinter | on: redirect a text only printer (for receipts, label printers) |
mapCamera | Boolean, default is false, enable webcam redirection. Enable it in RDP server with Group Policy: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection > Do not allow supported Plug and Play device redirection: Disabled |
scanner | Boolean, default is false, enable scanner redirection. |
6.2.2 – Passing parameters via URL (Connection String)
URL components
❗️ Important
Please use "on" and "off" for Boolean value if you are using URL to pass parameters.
Basically, a RDP connection string consists of the following main components:
[protocol]://[domain]/rdpdirect.html?[parameters]
The parameters are the same as the parameters that can be set in servers.json for each target system. Please note the correct URL encoding (see below)! Link paramters with the ampersand (&
). A parameters list can be found here.
Some example parameters can be:
&keyboard=1031
&fullBrowser=Full%20browser
&fullScreen=Full%20screen
&server_bpp=16
&timezone=W.%20Europe%20Standard%20Time
&playSound=0
&soundPref=0
&mapClipboard=on
&mapPrinter=on
&mapDisk=on
&startProgram=noapp
&smoothfont=on
The correct URL encoding:
If characters are to be transmitted as values that have special meaning in the context of a URL, they must be encoded.
Example: name=SparkView Server
becomes name=SparkView%20Server
.
For correct encoding, an online tool can also be applied for help: https://meyerweb.com/eric/tools/dencoder/.
Example connection string:
A minimal connection string can look like this:
https://mygateway.com/rdpdirect.html?server=192.168.12.55&port=3389&gateway=mygateway.com
Connecting to desktop
var parameters = "server=192.168.0.2&user=admin&pwd=" + encodeURIComponent("&=@#");
//use encodeURIComponent to escape special characters in value
var width = 800, height = 600, server_bpp = 16;
varr = new svGlobal.Rdp("http://" + gateway + "/RDP?" + parameters, width, height, server_bpp);
r.addSurface(new svGlobal.LocalInterface());
r.run();
Connecting to RemoteApp in current window
You only need to add some extra parameters:
parameters += encodeURIComponent("startProgram=app&exe=||EXCEL");
Connecting to RemoteApp in a new window
varparameters = "server=192.168.0.2&user=admin&pwd=" + encodeURIComponent("&=@#");
//use encodeURIComponent to escape special characters in value
parameters += encodeURIComponent("startProgram=app&exe=||EXCEL");
var width = 800, height = 600, server_bpp = 16;
var r = svManager.getInstance(); //try use the existed session.
if (r == null){
r = new svGlobal.Rdp(protocol + gw + "/RDP?" + s, width, height, server_bpp);
}
var rail = window.open("rail.html");
function onSurfaceReady(surface){
r.addSurface(surface);
r.startApp(frmConn["exe"].value, frmConn["args"].value, "");
};
rail.svOnSurfaceReady = onSurfaceReady;
r.run();
6.2.3 – Passing parameter via object or cookie
Rdp2 class can be used to replace Rdp class. You can pass a object to Rdp2:
varobj = {gateway: "192.168.0.2", server:"192.168.0.8", user: "user"};
var r = new svGlobal.Rdp2(obj);
Rdp2 class will create an object from cookies if obj is undefined. If value of the document.cookie is "gateway=192.168.0.2;server=192.168.0.8;user=user", Rdp2 will create a object automatically for connection.
6.2.4 – Usage of RDP class
Properties:
Name | Type | Description |
---|---|---|
appTimeout | Int | Close the RemoteApp if no Windows found after this period, default is 800 ms. |
displayMsg | Boolean | If display error or warning message, default is true |
reconnectOnResize | Boolean | If reconnect when resize the browser window, default is true |
reconnectTimes | Int | Automatically reconnecting time,default 0. |
sessionTimeout | Int | Close the session disconnection if no RemoteApp running after this period. Default value is 3000 (3 seconds). You may want to make it longer, so user can use the current session for new RemoteApp. |
windowState | Int | State of RemoteApp main window, 3: always maximized, 0: controlled by user |
openLink | Boolean | Display a web link button when user copy a web link in remote computer, default is true |
sessionInfo | Object | Current session information. Including following properties: sessionId, userName, domain etc. |
remoteAppLogin | Boolean | If display login details when using RemoteApp, default is true |
setTitle | Boolean | If allow client to change browser title, default is true, the browser title will be set as the RDP host name. |
Methods:
Name | Description |
---|---|
close() | Close current RDP session |
exeAppCmd(cmd) | Execute command on current RemoteApp, cmd (Int) values: 0xF020: Minimize the window 0xF030: Maximize the window 0xF060: Close the window 0xF100: Display the windo’s system menu 0xF120: Restore the window |
mouseDown(x, y, button) | Send mouse down to RDP host. X, Y: mouse position, button: which button, same as event.button. |
mouseUp(x, y, button) | Send mouse up to RDP host. |
mouseMove(x, y) | Send mouse move to RDP host. |
pauseSession(numericId, pause) | Pause a session output, pause: true or false. Pause all joined sessions if numericId is 0 |
running() | Check if connected to a RDP session |
setAudioBuffer(seconds) | Audio buffer size, default is 2.0 seconds |
writeKeyCode(down, keyCode) | Send browser keyCode to RDP host. “down”: Boolean |
writeText(txt, interval, doneCallback) | Send Unicode to RDP host. RDP server could ignore some characters if the client is sending them too fast. Please use the optional interval and call back arguments. |
writeRawInput(input) | Send raw keyboard, mouse events to RDP host. Please use |
onactivity event to get the raw input events. | |
writeKeyComb(keys, interval, doneCallback) | Write any key combinations like “Ctrl+Alt+Del”. if interval > 0, every key stroke (down or up) will be sent with delay. |
notify(message, sessionIDArray) | Send message to other session. sessionIDArray is optional. If sessionIDArray is not given, this will send message to all other joined and main session. If sessionIDArray is provided, it will send message to sessions with the given ID. For example: [id1, id2, id3]. The id can be the 9 digit number id or the GUID. |
saveSession(info) | This will leave the session open on the gateway, so you can connect to it later from same or different device. For example: saveSession({save: true, timeout:5, id: xxxx}) will leave the session open for 5 minutes on gateway with id xxxx. You can connect to this cached session with the given id. Please check 3.14 for more information about cached session. You can also use plugin to save session. This feature will be disabled if savedSessionTimeout in gateway.conf is 0. |
startPing(interval, noResponTime) | Start to ping the gateway when the session is idle. Interval: seconds. noResponTime: seconds, time limit for no response. onnoresponse event will be fired if this value reached, default is 0 will never fire onnoresponse event. |
setJoinMode(mode) | 0: Every one can control; 1: Only one can control; 2: Only one can control (others can move mouse) |
setJoinCloseMode(mode) | 0: close all joined sessions after initiated session is closed; 1: leave all joined sessions open even initiated session is closed. |
writeClipboard(text, type) | dp.writeClipboard('Plain text'); rdp.writeClipboard('<h>Header</h>', 'text/html'); var reader = new FileReader(); reader.onloadend = function (e) { if (e.target.readyState == FileReader.DONE) { var imgB64 = hi5.Base64.enc(new Uint8Array(e.target.result)); rdp.writeClipboard(imgB64, 'image/png'); } }; reader.readAsArrayBuffer(blob); |
sendKeyboardSynchronize(scroll, numlock, capital) | Turn off/on lock key state on remote computer. |
Events:
Name | Description |
---|---|
onclose(expected) | Fired when RDP session is closed. Expected is true if the session is closed by user (log off) or administrators. Please be aware, the Rdp object will be released and cannot be reused after this event. |
onerror(error) | Fired on an error. Use error.name, error.message to get error details. |
onloggedin() | Fired when user logged in (It's not supported by xRDP and VirtualBox RDP) |
beforeupload(file, path) | Fired before uploading a file: file: File object path: file absolute path or name if path cannot be obtained. Return true if it's processed and prevent default behavior happening. |
onfileuploaded(fileName) | Fired after a file was uploaded |
onuploaded() | Fired after all files were uploaded |
onsessionjoin(appInfo) | Fired when a new user joined the session. appInfo has following properties: numericId: the 9 digit id __ip: joined user’s hone name or ip address name: if provided Return true will override the default behavior. |
onsessionexit(sessionInfo) | Fired when a joined user existed the session. Return true will override the default behavior. |
ongivecontrol() | Fired when current user can control the session. Return true will override the default behavior. |
ontakebackcontrol() | Fired when current user cannot control the session anymore |
onrequirecontrol() | Fired when another require current user to control the session. |
onremoteappstart(e) | Fired after a RemoteApp was started, you can get the RemoteApp id from e.id which is like: {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe |
onactivity(input) | Fired after a client activity was sent to the server (Mouse, keyboard events). Input (string) is the mouse and keyboard event. You can use writeRawInput to send them to the RDP host. |
onurlredirection(URL) | Fired when an URL was copied on remote computer |
ontitlechange(title) | Fired when client before change the browser title. You can return a new title in this event. |
onsessionstart(sessionInfo) | sessionInfo is same as the sessionInfo property |
onservercopy(strValue) | Fired when copying from remote to local. strValue is in “mimeType;value” format, for example: “text/plain;textCopied”. |
onrequestcredential(info) | Fired when wrong credential was given and credSSP is enabled on gateway). Return true will override the default behavior. Info object has following properties: domain: server’s FQDN domain name nbDomain: server’s NetBIOS domain name nbComputer: server’s NetBIOS computer name |
onprintingready(printJob) | Return true will override the default behavior. printJob has following properties: link: the PDF file link printerName: target printer name printerDriver: target printer driver name |
onresolutionchange(width, height) | Fired when resolution of RDP session changes. |
onnoresponse() | Need to be used with startPing(interval, missTimes) |
onLockKeyState({"capsLock": capsLock, "numLock": numLock, "scrollLock": scrollLock) |
6.2.5 – Extend RDP: Virtual Channel and Dynamic Virtual Channel
You can create multiple virtual channels and dynamic virtual channels on client side using JavaScript (you can only create one VC before 4.0):
var r = new svGlobal.Rdp(protocol + gw + "/RDP?"+ s, w, h, server_bpp);
var vc = new r.VirtualChannel(); //Use r.DynamicChannel to create a dynamic virtual channel
vc.name = "CUST";
vc.process = function(buffer){
console.log(buffer.getByte());
console.log(buffer.getLittleEndian16());
};
vc.onopen = function(){
var data = new Array(7);
var rb = new RdpBuffer(data, 0, 7);
rb.setByte(1);
rb.setLittleEndian16(345);
rb.setLittleEndian32(567);
rb.markEnd();
vc.send(rb);
};
r.addChannel(vc);
Virtual Channel is used to communicate with RDP host. You also need to write a plugin for the RDP host. Please check followings for more information:
- http://msdn.microsoft.com/en-us/library/aa383546(v=vs.85).aspx
- http://www.codeproject.com/Articles/16374/How-to-Write-a-Terminal-Services-Add-in-in-Pure-C
6.2.6 – Extend Gateway: Gateway Channel
You can create multiple gateway channels to create a communication layer between client browser and the gateway:
var gvc = new r.GatewayChannel();
gvc.name = "gwc";
gvc.process = function(buffer){
console.log(buffer.getByte());
console.log(buffer.getLittleEndian16());
};
gvc.onopen = function(){
var data = new Array(7);
var rb = new RdpBuffer(data, 0, 7);
rb.setByte(3);
rb.setLittleEndian16(45);
rb.setLittleEndian32(678);
rb.markEnd();
gvc.send(rb);
};
r.addGatewayChannel(gvc);
On gateway side, you class must extend com.toremote.gateway.plugin.AbstractGatewayChannel and register it with the same name using HandlerManager.registerChannel(). Please check the plugin example for more information.
6.3 – Plug-ins (server side Java API)
Your plug-in must implement com.toremote.gateway.plugin.ManagerInterface. With the plugin, you can do authentication integration, session querying and reporting, RemoteApp management and RDP virtual channel extensions, player integration, new websocket protocol handler etc. Please download our plugin example project for more information:
http://www.remotespark.com/Plugin.zip
6.4 – HTTP Request API (server side)
You can use HTTP request to create server, symlink dynamically if you don't want to write a plug-in.
Create servers on gateway:
http://gatewayAddress/SERVER?id=serverId&displayName=Name&server=hostName&gatewayPwd=pas swordInGateway.conf&...
gatewayPwd is hexadecimal MD5 hash of the password which is configured in gateway.conf. Please check 5.2.1 for other parameters you can use.
Create symlink on gateway:
http://gatewayAddress/SYMLINK?symlink=symlinkId&server=existingServerId&validTime=20m& gatewayPwd=passwordInGateway.conf&...
You can also use "validFrom", "validTo" parameters. Please check http://www.remotespark.com/view/doc/com/toremote/gateway/connection/SymLink.html for more information.
To delete a server or symlink, add "&action=delete" to the URL; To update a server or symlnk, add "&action=update" to the URL.
HTTP request will return status code 200 if operation succeeded, 500 if operation failed.
For more details, please check the Integration Guide.
Appendices
Appendix A – Shortcut keys
-
CTRL+ALT+END
Brings up the Windows Security dialog box. -
ALT+PAGE UP
Switches between programs from left to right. -
ALT+PAGE DOWN
Switches between programs from right to left. -
ALT+INSERT
Cycles through the programs in the order they were started. -
ALT+HOME
Displays the Start menu. -
ALT+DELETE
displays the system menu.
Appendix B – Browser support
Browser | Minimum version | Comments |
---|---|---|
Mozilla Firefox | 11.0 | Audio redirection: 51 |
Google Chrome | 16.0 (Desktop), 18.0 (Android) | Audio redirection: 49 |
Apple Safari (Desktop and iOS) | 6.0 | Audio redirection: 10 (recording is not supported) |
Internet Explorer | 10.0 | Audio redirection: Flash player (recording is not supported) |
Opera | 12.0 | Audio redirection: 43 |
Edge | 14.0 | Audio redirection: 14.0 |
Appendix C – EchoHandler and network check
There is an EchoHandler on the gateway which can be used to check network connectivity and latency. Please check the NetworkChecker tool in rdp.page.js. This can be used to check the network latency between browser and gateway.
Appendix D – configuration example for nginx
server {
listen 80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.8.2;
}
location ~ /LIST|/RDP|/VNC|/LOGIN|/GATEWAY|/PLAY|/CONF|/JOIN|/SSH|/TELNET|/ECHO {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://192.168.8.2;
proxy_buffering off;
tcp_nodelay on;
}
}
Appendix E – configuration example for Apache Proxy
<VirtualHost *:443>
ServerName spark.gateway.com
DocumentRoot C:/Apache24/htdocs/reverseproxy
RequestHeader unset Accept-Encoding
Header Set MCOE-Gateway "spark.gateway.v1"
Header set Content-Security-Policy-Report-Only "default-src https://spark.gateway.com; \
script-src https: 'unsafe-inline'; \
style-src https: 'unsafe-inline'; \
img-src data: https://spark.gateway.com; \
connect-src wss: https://spark.gateway.com; \
report-uri https://myserver.com/csp-report-master/report.php;"
CustomLog "c:/apache24/logs/spark_access.log" common
ErrorLog "c:/apache24/logs/spark_error.log"
SSLEngine on
SSLProxyEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES: RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCACertificateFile "c:/sslcerts/startcom.crt"
SSLCertificateFile "c:/sslcerts/spark.gateway.com.crt"
SSLCertificateKeyFile "c:/sslcerts/private.key"
ProxyRequests Off
ProxyPreserveHost Off
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLCharsetOut UTF-8
SetOutputFilter INFLATE;proxy-html;DEFLATE
# For SparkView WebSocket
ProxyPass "/LIST" "wss://internal.spark.gateway/LIST"
ProxyPass "/RDP" "wss://internal.spark.gateway/RDP"
ProxyPass "/GATEWAY" "wss://internal.spark.gateway/GATEWAY"
ProxyPass "/CONF" "wss://internal.spark.gateway/CONF"
ProxyPass "/LOGIN" "wss://internal.spark.gateway/LOGIN"
ProxyPassReverse "/LIST" "wss://internal.spark.gateway/LIST"
ProxyPassReverse "/RDP" "wss://internal.spark.gateway/RDP"
ProxyPassReverse "/GATEWAY" "wss://internal.spark.gateway/GATEWAY"
ProxyPassReverse "/CONF" "wss://internal.spark.gateway/CONF"
ProxyPassReverse "/LOGIN" "wss://internal.spark.gateway/LOGIN"
ProxyPass / https://internal.spark.gateway/
ProxyPass / wss://internal.spark.gateway/
ProxyPassReverse / https://internal.spark.gateway/
ProxyPassReverse / wss://internal.spark.gateway/
</VirtualHost>
Must work with mod_proxy and mod_proxy_wstunnel.
Appendix F – configuration for Juniper, Cisco, Dell etc SSL VPN
It's very easy if the VPN supports WebSocket. You just need to create a web application resource profile (bookmark) or application offloading and specify the URL of the gateway.
Make sure you update SparkView to 4.8.6 or later which improved the compatibility of SSL VPN.
You can enable HTTP Basic Authentication in SparkView for VPN SSO integration (set authorization = Basic in gateway.conf).
SparkView also supports HTTP Post integration. Please specify your URL as http://yourGateway/CONNECT. Please also check html\examplePost.html for reference.
Appendix G – SMB path
SMB Path can also be used for recording, drive redirection etc., for example:
recdir = smb://domain;username:password@sparkcloud/ShareName/path
tmpdir = smb://domain;username:password@sparkcloud/ShareName/path
Variables can also be used in drive direction path (tmpdir):
tmpdir = smb://${domain};${user}:${pwd}@sparkcloud/ShareName/path
Appendix H – Ping
You can enable Ping on client side by setting pingInterval (seconds) parameter, or use rdp.startPing(interval). The client will only send ping package when the session is idle.
This is helpful if there is idle timeout configuration in user’s environment (routers, firewall, proxy etc). The client can also immediately notice a network disconnection.
Appendix I – TrustStore
When you RDP server or VNC server are using TLS encryption. You can allow user connect to trusted server only:
- Export the certificate from the server (Public key only). For RDP server, run “certlm.msc”, Click “Remote Desktop” -> Certificates. Right click on the certificate, “All Tasks -> Export”.
- Import the certificate to a trustStore:
keytool -import -file C:\cascerts\rdpserver.cer -alias rdpserver -keystore myTrustStore.jks
- Set trustStore location and trustStorePassword in gateway.conf
- Restart the gateway.
- “unable to find valid certification path to requested target” message will be displayed to end user (also in the gateway log).
Appendix J – Features
Feature list for the different versions of SparkView:
Community | Professional | Enterprise | |
---|---|---|---|
Explore SparkView | For SMEs and institutions | For highly scalable solutions | |
# of concurrent connections | 2 | unlimited | unlimited |
RDP audio redirection | |||
Clipboard redirection | |||
RDP multi monitor | |||
RDP printer redirection | |||
SSH/SFTP | |||
Wake on LAN (WoL) | |||
Network Level Authentication (NLA) | |||
Active Directory/LDAP/Radius | |||
RDP RemoteApp | |||
RDP microphone redirection | |||
RDP camera redirection | |||
RDP drive redirection | |||
RDP scanner redirection | |||
RDP smart card redirection | |||
RDP USB redirection | |||
HTTP Proxy | |||
RemoteFX | |||
Session Shadowing | |||
Telnet | |||
VNC | |||
Two-factor authentication | |||
Burst license | |||
RDP Hyper-V console | |||
Monitoring dashboard | |||
SAML/OAuth2 | |||
Session Recording | |||
VMWare Console | |||
RDP Native Shadowing/Remote Assistant | |||
SMB2 File Proxy | |||
SNMP | |||
Syslog |
For more information on pricing, please visit our distributor's product page.
Quick Support
1. – Configure correct log files
Log files are essential in identifying errors and fixing them.
To create log files with all the necessary information, please proceed as follows:
- Delete all existing log files in the log directory (usually under
.../[installation directory]/logs
). - Set the log level to the fine setting (entry in the gateway.conf file:
log.level = FINE
) - Reproduce the error
- Save the newly created gateway.log file
🛟 Do you need support?
Create a ticket at any time to get the fastest possible support from beyond SSL at helpdesk.beyondssl.com.
2. – Get correct browser console output
The browser console output can get helpful troubleshooting information.
Please note in advance that this help is based on the Google Chrome browser. In principle, the steps are also possible in other browsers, but may differ from the usability.
Get the browser console output:
- Open a new browser window
- Open the console in the developer tools:
- Windows:
Ctrl + Shift + J
- Mac:
Cmd + Option + J
- Windows:
- Enable the "Preserve log upon navigation" function
- Navigate in the browser to the page/place where the error occurs
- Reproduce the error
- Export the output of the browser console
- Right-click in the output window
- Save as ...
- → Save
🛟 Do you need support?
Create a ticket at any time to get the fastest possible support from beyond SSL at helpdesk.beyondssl.com.