SparkView Admin Manual

1. – Overview

1. – Overview

1.1 – Features

SparkView is a RDP, VNC, SSH, TELNET, SMB2, SFTP proxy (gateway) with HTML5 client. It uses WebSocket, Canvas, Web Audio, local storage and more HTML5 features to implement the Remote Desktop (RDP), RFB (VNC), SSH, SMB2 protocols. It has following advantages compared with traditional (native) clients:

RDP features implemented in SparkView:

1. – Overview

1.2 – Architecture

SparkView basically consists of two components:

  1. Gateway
    A web socket server and simple web server that is used as a basis and connection node.
  2. Web resources
    The resources are used by the gateway for display and data supply and consist of HTML, CSS, Javascript and JSON files as well as images. The files are installed on the gateway by default, but can also be installed on any web server.

This diagram describes how the components of SparkView work together:

beyondssl-sparkview-funktion-en.png

1. – Overview

1.3 – What's the difference

SparkView is quite different compared with other similar solutions:

2. – Installation

2. – Installation

2.1 – Install J2SE Software Development Kit (JDK)

Download the Java 2 Standard Edition (J2SE) JDK version 1.8 or later from one of these sources:

Note: Downloading the Java Runtime Environment (JRE) instead is not recommended.

Open JDK 8, 11 and LTS versions are recommended. JRE is not recommended because it’s updated automatically and the old version will be uninstalled. Please install JCE 8 if you are using Java 8: https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

Install the JDK according to the instructions included with the release. Set an environment variable JAVA_HOME to the pathname of the directory into which you installed the SDK release:

echo "export JAVA_HOME=/usr/java/default/"> /etc/profile.d/java_home.sh

Verify the Java version you are using by running the following command in a command prompt:

java –version

If your RDP server has Network Level Authentication enabled, the connection may fail depends on what Java version you are using.

Java 1.8: Please install TLS 1.2 Windows update on Windows 7 and Windows 2008:
https://support.microsoft.com/en-us/kb/3080079

2. – Installation

2.2 – Install as a Windows service

Download SparkView installer for Windows from:

https://cloud.beyondssl.com/url/sparkviewinstaller

Install SparkView according the instructions of installer. During the installation, you can choose the JRE/JDK you want user if you have multiple JRE/JDK installed. You can also choose the gateway listening port (default is 8080).

If you get the “This app can’t run on your PC” error, you may need to disable Smartscreen functionality and under Windows Updates – Developers: Allow Sideloads Apps.

If you have an IIS instance running on the same machine and you want SparkView listening on port 80 or 443, you must ensure that IIS is not bound to the IP address and port you want to use for the SparkView service. You must set the bindings in the IIS Manager. However, it may also be necessary to change the HTTP service which by default listens on port 80 for all IP addresses. To do this you can use netsh http add iplisten ipaddress=xxx.xxx.xxx.xxx to instruct the HTTP service to listen on IP addresses not used by the SparkGateway. Then you can use port 80 on the unused IP Addresses with the SparkGateway.

Change the name of your license file to “license” and copy it to installation directory if you are using the full version. You don’t need a license file for the evaluation version.

You can start the “Welcome” page to connect to a computer or “Configuration” page from the start menu when installation is done.

Add SparkGateway.exe to your firewall exception list.

Make sure you allocate more memory to SparkGateway (in SparkGateway Manger, "Java" tab) if you have more users:

sparkview-config-memory.png

We are using Apache Procrun as a Windows service wrapper, for more information, please check http://commons.apache.org/daemon/procrun.html

2. – Installation

2.3 – Install as Linux/Unix daemon

Before installation


  1. Download SparkView for Linux/Unix: https://cloud.beyondssl.com/url/sparkviewother
  2. Unzip it to your destination directory. Here we use /usr/local/bin/SparkGateway.
  3. Modify gateway.conf to change gateway listening port or other configurations.

Using install script


The installation script "installLinux.sh" is located in the unpacked SparkView folder.
Execute it with sudo and the following command:
sudo sh ./installLinux.sh

Manual installation


Open gateway listening port (80):

If SparkView can not listen on port 80, 443 or any ports below 1024, you can try this command:
sudo setcap cap_net_bind_service=+epi "readlink -f \"which java\""

Test the gateway in console mode:

java –jar SparkGateway.jar

You can install it as a service if it’s working correctly in console mode:

For Systemd system:

Create file: /etc/systemd/system/SparkGateway.service with the following contents:

[Unit]
Description=SparkView Service
After=network.target
[Service]
User=yourUserName
WorkingDirectory=/usr/local/bin/SparkGateway
ExecStart=/usr/bin/java -jar /usr/local/bin/SparkGateway/SparkGateway.jar
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target

Then notify the systemd fo the new service: systemctl daemon-reload

Service commands:

Please check the following documentation for SUSE: http://remotespark.com/view/SUSE_Install.txt

For SysVinit init system:

To build the daemon wrapper you will need:

yum groupinstall "Development Tools" (CentOS)

apt-get install build-essentials (Debian/Ubuntu)

Run the following commands:

cd /usr/local/bin/SparkGateway
tar xvfz commons-daemon-native.tar.gz
cd commons-daemon-1.0.10-native-src/unix
./configure
make
cp jsvc ../..
cd ../..
chmod a+x SparkGateway.sh

Change the name of your license file to “license” and copy it to installation directory if you are using the full version.

Modify gateway.conf file, change listening port and file path according to your installation directory.

Starting the daemon: ./SparkGateway.sh start
Stopping the daemon: ./SparkGateway.sh stop

We are using Apache Jsvc as a Linux/Unix daemon wrapper, for more information, please check http://commons.apache.org/daemon/jsvc.html

The script (SparkGateway.sh) is only tested on CentOS, you may need to change it on other Linux.

Run as a service and start automatically:

cp SparkGateway.sh /etc/init.d/SparkGateway
chmod +x /etc/init.d/SparkGateway
chkconfig --add SparkGateway
chkconfig SparkGateway on

Start the service: service SparkGateway start
Stop the service: service SparkGateway stop

2. – Installation

2.4 – Install as macOS daemon

Run the following commands:

  1. cd /Library
  2. sudo unzip SparkGateway.zip
  3. sudo chown username SparkGateway username should be the login name under which gateway will run
  4. sudo chgrp admin SparkGateway
  5. cd SparkGateway
  6. sudo nano start.sh with following content:
    #!/bin/sh
    SPARK_HOME=/Library/SparkGateway
    java -jar $SPARK_HOME/SparkGateway.jar -c=$SPARK_HOME/gateway.conf
    
  7. Save the file and run sudo chmod a+x start.sh
  8. Change the default directory and listening port if port 80 is occupied in gateway.conf:
    port = 8080
    logfile = /Library/SparkGateway/logs/gateway.log
    html = /Library/SparkGateway/html
    license = /Library/SparkGateway/license
    
  9. Use sudo ./start.sh to test if there are any errors within the script.
  10. cd /Library/LaunchDaemons
  11. sudo nano com.toremote.gateway.plist with following content:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
      <dict>
        <key>Label</key>
        <string>com.toremote.gateway</string>
        <key>Disabled</key>
        <false/>
        <key>OnDemand</key>
        <false/>
        <key>RunAtLoad</key>
        <true/>
        <key>ProgramArguments</key>
        <array>
      	  <string>/Library/SparkGateway/start.sh</string>
        </array>
        <key>EnvironmentVariables</key>
        <dict>
        <key>SPARK_HOME</key>
        <string>/Library/SparkGateway</string>
        </dict>
        <key>StandardErrorPath</key>
        <string>/Library/SparkGateway/logs/gateway.stderr</string>
        <key>StandardOutPath</key>
        <string>/Library/SparkGateway/logs/gateway.stdout</string>
        <key>UserName</key>
        <string>_appserver</string>
      </dict>
    </plist>
    
  12. Service commands:
2. – Installation

2.5 – Install HTML client on other web servers

Spark View (the HTML5 Client part) doesn't include any server side logic. You can also install it on any other web servers, like IIS, Apache, Tomcat etc.

2. – Installation

2.6 – Run SparkView as a container (Docker)

SparkView is fully executable as a container on many platforms. Advantages here are certainly the flexibility and transportability of the installation independently of the data between different systems.

Installation

To install the container, please pull the latest version from the official Docker Hub:
docker pull beyondssl/sparkview

SparkView is then installed inside a new container and has the following special default values:

Then go to http://localhost to start the web application.

Configuration

All manual changes should be made within the volumes, otherwise the changes will be reset after a restart. The rest of the configuration is done via the web under /config.html.

Importing a license

Unlike the manual installation of SparkView, the license for the container version should be uploaded via the web. Under /config.html you will find the item "Upload license file" in the "General" tab. Upload your license here and save the configuration. This makes the new license active.

2. – Installation

2.7 – Install as PWA

SparkView offers native PWA support from version 1036 and can be installed as such on all operating systems under Google Chrome - including Chromebooks and ChromeOS.

To "install" the PWA on a client, the following steps are necessary:

  1. Navigate to SparkView via Google Chrome
  2. Click on the install icon on the right-hand side of the address bar
  3. Confirm
  4. Done ✔
2. – Installation

2.8 – Integrating a license

To integrate a license file into SparkView, please note the following steps:

  1. Stop SparkView service
  2. Copy the license file into the SparkView root directory
    • Windows default: C:\Program Files\Remote Spark\SparkGateway
    • Linux/macOS default: /usr/local/bin/SparkGateway
  3. Rename the license file to license. Important: no file extension!
  4. Start SparkView Service

You can then check the license status via config.html at the bottom: SparkView license status

If the license file is in a different location, please specify this via the corresponding parameter in the gateway.conf file:

# Example for Windows
license = C:\\Program Files\\Remote Spark\\SparkGateway\\licensefile

# Example for Linux/macOS
license = /usr/local/bin/SparkGateway/licensefile

3. – Server configuration

3. – Server configuration

3.1 – Gateway

The gateway can be configured through the gateway.conf file. By default, this is located in the root installation directory of SparkView. All parameters and options are listed below.

The default gateway.conf file as shipped is shown at the bottom of the page.

Key Value
bindAddr Binding address, if you have multiple IP addresses and want to bind on one of them.

If you have IIS running on same machine, you must ensure that it is not bound to the IP address & Port you want to use for the SparkGateway. You must set the bindings in the IIS Manager. However, it may also be necessary to change the HTTP service which by default listens on port 80 for all IP addresses. To do this you can use “netsh http add iplisten ipaddress=xxx.xxx.xxx.xxx” to instruct the HTTP service to listen on IP addresses not used by the SparkGateway. Then you can use port 80 on the unused IP Addresses with the SparkGateway.
port Listening port, default is 80. You can let Gateway listen on 2 ports at the same time, e.g. port = 80, 443
ssl Use HTTPS and WSS (WebSocket Secure Connection), default is false. If gateway is listening on 2 port, the parameter can be configured as: ssl = false, true
credSSP Network Level Authentication, Value can be "true", "false" or "auto". Default is false. “true” will slow down the connection speed a little bit . It’s not necessary to use NLA if the gateway is connecting to internal RDP hosts only. It’s better to enable credSSP if you are using Microsoft RD Broker for load balancing. "auto" will connect without credSSP at the first time, reconnect with credSSP if the connection failed.
backlog How many connections can be queued, default is 50.
user Path of user configuration file (JSON format).
server Path of RDP hosts configuration file (JSON format).
html HTML root directory.
directoryIndex Default page for html directory, default is "rdp.html;index.html".
license Path of the license file.

If you copy the license file named "license" (note that there is no file extension) to the SparkView root directory, it is automatically detected.

If it is located elsewhere, please specify the full path of the license file including the file name, e.g.
license=C:\\Program Files\\Remote Spark\\SparkGateway\\licensefolder\\license.txt.
logfile Path of log file.
maxbytes Limit the maximum number of bytes to write to any one log file, default is 30M.
maxfiles Log file rotation, the number of log files to use, default is 99.
logHttpHeader If log http header, which may contains sensitive information. Default is true.
converter Postscript to PDF converter, used for printing. Ghostscript is recommended:
http://www.ghostscript.com/download/
Example: C:\\Program Files\\gs\\gs9.04\\bin\\gswin64c.exe
arguments Arguments for converter. %1 is output pdf file name. %2 is input ps file name, they'll be replaced by program.
Example: -dBATCH -dNOPAUSE -dUseCIEColor -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2
plugin Class name for your plug-in
pluginFile The full path of your plug-in jar file
password Password for reporting and management API
remoteManage Make configuration accessible from everywhere. Default is false.
mime Add extra mime types for web server: rdp:application/rdp;conf:text/plain
stderrLog Set false to disable logging to stdout/stderr
keepDays How many days the temporary files generated by system be kept, default is 1 day
disk The name for the shared disk, used for file uploading/downloading
webfeed RD Web Feed URL, for RD web access integration
recording Session recording, 0: no recording; 1: recording graphic only. 3: recording graphic and audio.
recdir Parent directory for session recording files.
recwarning Warn user about the recording, default is true
accessNotInList if logged in user can access computers which is not in their list (servers.json) or webfeed, default is false
printer Printer name, default is “Remote Printer from Client”. You can specify multiple printer names by using “;” as separator, e.g. “Printer1;Printer2”. The first one will always be the default printer.
printerDriver Printer driver name
shadowing Shadowing switch (if allow joining a session), default is true.
resetOnJoin Don't use seamless session shadowing.
nativeShadowing Allow native RDP session shadowing, default is false.
cipherSuites The cipher suites can be used by SSL encryption. You may want to use some good cipher suites only, for example:
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA

You need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for AES 256 cipher suites.
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
webAddress HTTP server web address, used for OpenID login (redirection back). It’s also used on client side for getting real gateway address (client side may not know that if you are using multiple gateways for load balancing).
clientHost Customize the host name of the client user. Default is the host name or ip address. You can use following variables in the string:
${hostName}: Host name of the gateway machine.
${hostAddress}: Host address of the gateway machine.
${sequence}: a sequence number
${__ip}: client host name or IP.
${_PARAM_SESSION_ID}: Session GUID.
${_PARAM_NUMERIC_ID}: Session 9 digit number ID.
${any parameter transferred from client side} e.g. clientHost = RS-${__ip}-${sequence} , the result will be RSClientHostName-0, RS-ClientHostName-1, …
performanceflags Please check 3.4 RDP Host for more information. You may need this if you are connecting to a Terminal Server/Remote Desktop Session Host.
remotefx If enable remtoefx, default is false. RemoteFX is LAN and 32 bit only
enableLookups Set to true if you want calls to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled.
maxCacheTime How long (minutes) the session can be cached on gateway, default is 0 (RDP session cache on gateway is disabled by default).
idleUserSession User session idle timeout, in milliseconds
mail.smtp.host
mail.smtp.port
mail.user
mail.password
mail.from
mail.to
mail.smtp.auth
mail.smtp.starttls.enable
Email notification when license expire etc, following is for gamil:
smtp.gmail.com
587
support@toremote.com
xxxx
support@toremotec.om
xxx@toremote.com
true
true
You can use java -cp SparkGateway.jar com.toremote.gateway.Mailer title message to send a test email.
licenseAlert Float value, Email alert when license usage reached this number. If value < 1, it means percentage of your license number; If value > = 1, it means the actual concurrent license number.
thumbnail.interval Interval for obtaining thumbnails of RDP session, milliseconds, default is 0 (no thumbnail). Client will not send thumbnail to server if screen is not changed.
thumbnail.width Thumbnail width, it must be smaller than 640, default is 0 (no thumbnail)
copyTimeout Timeout for clipboard copy operation, milliseconds, default is 3000. You may need to increase this value if your application need to copy very big data.
savedSessionTimeout This is the maximum value (milliseconds) for saved session, default is 0, means user cannot save session on gateway.
confirmJoin Confirmation needed when a user try to join a session, default is false
keyStore Set up keystore or certificate name when ssl is true. For example keystore.jks or cert.pfx.

If you are using a certificate (i.e. cert.pfx), a password is required (see keyStorePassword).

If you are using a Java keystore (i.e. keystore.jks), the password of the keystore must match the one used for the certificate, which is integrated in the keystore.
keyStorePassword Keystore or certificate password. If you are using a Java keystore (i.e. keystore.jks), the password of the keystore must match the one used for the certificate, which is integrated in the keystore.
passwordEncrypted Encrypt the keystore password and the reporting password, default is false. Please use following command to get encrypted password:
java -cp SparkGateway.jar com.toremote.gateway.Encryption MyPassword
assistance Enable Remote Assistance, default is false.
ssh Enable SSH, default is false.
ssh.cache Enable/disable SSH history cache for joined sessions, default is true.
telnet Enable TELNET, default is false.
gatewayId Used for email notification etc.
oauth2 Path of oauth2 providers file (JSON format)
disabledKeys Keys (scancode) will not be sent to server, e.g. 219,220 (left and right Windows key); 29+56+211,56+1 will disable Ctrl+Alt+Del and Alt+Esc
dataEncrypted If enable encryption on data files: servers.json, users.json, symlink.json.
webfeedCache If enable webfeed cache. false to disable it. Default is true. You'll need to restart the gateway after your webfeed content changed if it's true.
redirectToHttps Redirect http tranfic to https. Make sure gateway listen on both http and https
log.level The value can be an integer or SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST. Check https://docs.oracle.com/javase/8/docs/api/java/util/logging/Level.html for more details
connectif Create a new connection if you are joining symlink which doesn’t connect to any hosts.
randomIp Use a random ip if your host name has multiple ip address, default is false
authorization “Basic”: enable HTTP Basic Authentication, default is null.
headers Extra headers for HTTP response, For example: headers = Strict-TransportSecurity: max-age=31536000\r\nContent-Security-Policy: script-src 'self'\r\nXXSS-Protection: 1; mode=block\r\nX-Frame-Options: SAMEORIGIN\r\nX-ContentType-Options: nosniff\r\n
recFileSize Limit the size (in bytes) of recording file (auto rotation)
file.filter File type filter for file uploading, for example “exe,jar”
file.maxSize File size filter (in bytes) for file uploading.
keepPrinting Keep the printing results (PDF) on gateway, default is false.
timeoutWoL Time out (milliseconds) of Wake on LAN. This will enable WoL if the value is great that 0.
symlinkOnly Gateway will only accept aymlink connection if symlinkOnly is true
symlink Full path of the symlink definition file, including file name, e.g. C:\\Users\\foobar\\workspace\\data\\symlink.json
simpleFormatter Let gateway use SimpleFormatter which is slower but allow you to configure log format.
pingClient Ping client interval (ms). CND or proxy may not close the websocket correctly and leave session alive forever on the gateway. You can enable this to fix this kind of issue. This is enabled by default since 5.6.
sessionRecordParam You can enable session recording from the browser side (sessionRecord=on) if this is true. Default value is false.
userGroup Path of user group configuration file in JSON format.
serverGroup Path of server group configuration file in JSON format.
organization Customize the connection name for the 2FA app on the mobile device.
maxRequestBytes Determines the upper limit for the total size of the request line and the headers. Its default setting is 8KB
maxPrintTime Printing conversion timeout, default is 1200000 milliseconds (20 minutes)
httpCookie Use HTTP Cookie for file uploading to make it more secure. Default is true.
fileUnprompted Files can be download directly without asking user to confirm when user copy a file in RDP server. For example, if the value is “pdf,zip”, when user copy a PDF file, the gateway will prepare the downloading directly without ask use to confirm. Depends on copyFile = true.
deployment Enable deployment service. User can deploy, test applications with the deploy agent via SSH, SFTP.
preferInteractive Prefer keyboard-interactive method on SSH. Default is true.
Deprecated, please use ssh.preferInteractive instead.
ssh.preferInteractive Prefer keyboard-interactive method on SSH. Default is true.
fileService Enable SMB2, SFTP file proxy, so user can use file.html to upload/download files from SMB2 share or SFTP server. Disabled by default.
delSymlinkServer The related server definition will be deleted too if a symlink is deleted or expired. Default is false.
trustStore Trusted certificates for RDP or VNC server (when TLS encrypt is used, credSSP = true in gateway.conf).
trustStorePassword Password for trustStore
fileBlockSize File transferring block size, default is 524288 bytes(5M). Reduce this value can reduce the bandwidth usage but increase uploading time
keyDelay Delay between keys (milliseconds). Default is 0.
authToken.name The parameter name in the websocket URL.
authToken.exec A path of executable or URL. If gateway found the authToken.name parameter in the websocket url, it’ll execute the exe or HTTP Request. The connection can be only allow if the exe or HTTP Request Status Code is authToken.sucessCode.
authToken.sucessCode Integer.
twoFA 1: Enable two-factor authentication; 0: Disable (default); 2: Enforce
twoFAStore Two-factor authentication storage path. Default is installDir\data\store.data. Make sure you back up this file. It’s encrypted by default.
rec.timestampSubDir Enable/disable timestamp sub directory for recdir. Default is true.
rec.begin.exec Run an executable before the session is recorded. Arguments: fileName, server, user, sessionId.
rec.end.exec Run an executable after the session was recorded. Arguments: fileName, server, user, sessionId.
file.post Run an executable after a file was uploaded.
For example: file.post = C:\apps\scan.exe %1
%1 will be replaced by the file path of the uploaded file.
csv.file Log session information to CSV file. Columns: Id, Server, Client, IP, Browser, Time ,NumericId, User, Domain, Join, Protocol, Symlink, Port, Action (CONNECT/DISCONNECT/LOGIN).
csv.size Limit the maximum number of bytes to write the log file, default is 2G.
vnc.transferCredential,
ssh.transferCredential,
telnet.transferCredential
False by default, which disable SSO on VNC, SSH, TELNET connection when SSO is enabled in users.json (transferCredential = true).
app.id String, UUID is recommended. Can be used for load balancing. This unique id will be automatically generated if it's not set.
file.viewable Boolean, the "View" button on File Manager UI will be removed if it's false. Users then can only see the "Download" button.
license.limit Integer, restricts the concurrent session number for testing etc. This value must be smaller than the license number.
kerberos.realm String, enables authentication via Kerberos if set. Can be, for example, the DNS domain name in capital letters of an Active Directory.
http.proxy.enable Boolean, enable/disable connections through the HTTP proxy.
readOnly Boolean. Determines whether the configuration file (gateway.conf) can be changed via API or web config (config.html). Manual changes to the file itself are always possible. Default is false.

*Please always use absolute file path if you are running Gateway as a service.

Default gateway.conf file:

# Binding address, if you have multiple IP addresses and want bind to one of them, uncomment and change this line
#bindAddr = 192.168.8.4

# Listening port, default is 80 for http and 443 for https (ssl = true)
port = 8080

# Use https and wss (WebSocket Secure connection), better to use 443 as listening port when ssl is true
#ssl = true

# Network Level Authentication (CredSSP), "false" is default, always false in free version
credSSP = auto

# How many client connections can be queued, default is 50
#backlog = 50

# User definition file, default is ./data/users.json. Uncomment this line and add users in this file if you want user log in first before using any rdp host.
#user = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\users.json

# Server definition file, default is ./data/servers.json. Uncomment this line and add RDP hosts here.
#server = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\servers.json

# HTML root directory, default is ./html/. Printed file will be save in sub directory "temp", make sure application have access right on "temp" directory.
html = C:\\Program Files\\Remote Spark\\SparkGateway\\html\\

# Default page for html directory, default is "rdp.html;index.html";
#directoryIndex = rdp.html;index.html

# License file, default is ./license, it's only for paid version
#license = C:\\Program Files\\Remote Spark\\SparkGateway\\license

# Log file, default gateway.log
logfile = C:\\Program Files\\Remote Spark\\SparkGateway\\logs\\gateway.log

# Limit the maximum number of bytes to write to any one log file, default 30M
#maxbytes = 30720000

# Log file rotation, the number of log files to use, default 99
#maxfiles = 99

# Log http header, that may contains sensitive information like password. default is true.
#logHttpHeader = false

# Show warning and error messages to clients. Default is true
#showMessage = false

# Postscript to PDF converter, Ghostscript is recommended: http://www.ghostscript.com/download/
converter = C:\\Program Files\\gs\\gs9.14\\bin\\gswin64c.exe

# Arguments for converter. %1 is output pdf file name. %2 is input ps file name, they'll be replace by program
arguments = -dBATCH -dNOPAUSE -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2

# Plugin = com.toremote.gateway.plugin.SimpleManager
#pluginFile = C:\\Program Files\\Remote Spark\\SparkGateway\\plugin.jar

# Password for configuration, reporting and management API.
#password = yourpassword

# Parent directory for temporary files: downloading/uploading etc
#tmpdir = C:\\apps\\share

# Session recording, 1: recording graphic only, 2 recording graphic and sound
#recording = 1

# Directory for session recording
#recdir = C:\\apps\\share

# Warn user about the recordig, default is true
recwarning = true

# RD Web Feed URL, for RD web access integration
#webfeed = https://192.168.0.50/RDWeb/feed/webfeed.aspx

# If logged in user can access computers which is not in their list (severs.json) or webfeed 
accessNotInList = true

# CipherSuites. You may want to only use some strong cipher suites for SSL. You may need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html)
#cipherSuites = SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA

# Printer driver you want to use
#printerDriver = HP LaserJet 4100 Series PCL

# HTTP server web address, used for OpenID login(redirection back). Also used on client side for getting real gateway address (client side may not know that if you are using multiple gateways for load balancing)
#webAddress = http://w-think

# Shadowing switch, default is true, if allow user join sessions
#shadowing = false

# Customize the host name of the client user
#clientHost = RS-${__ip}-${sequence}

# Performance flags for RD Web Access Portal integration only.
#performanceflags = 111

#remotefx = true

# Set to true if you want calls to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled.
#enableLookups = true

# How long (minutes) the session can be cached on gateway, default is 0 (RDP session cache on gateway is disabled by default).
#maxCacheTime = 10

# User session idle time out, in milliseconds
#idleUserSession = 3600000

# Email configuration. Test email with java -cp ..\SparkGateway.jar com.toremote.gateway.Mailer
#mail.smtp.host = smtp.gmail.com
#mail.smtp.port = 587
#mail.user = support@xxx.com
#mail.password = xxxx
#mail.from = support@yyy.om
#mail.to = xxx@xxx.com
#mail.smtp.auth = true
#mail.smtp.starttls.enable = true

#confirmJoin = true
#assistance = true
#ssh = true
#telnet = true

# Certificate for SSL, pfx (PKCS12) format is recommended, use keystore.jks if you prefer Java KeyStore
#keyStore=cert.pfx
#keyStore=keystore.jks
#keyStorePassword = password
#passwordEncrypted = true
#keyStorePassword = OOLZ+pOdZAa3QXanDDksAmMR4pdpVVD2SblIuXe2ztg=

#oauth2 = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\oauth2.json

# Scancodes for disabling keys (219 left windows key, 220 right windows key)
#disabledKeys = 219,220

# Enabling copy files
copyFile = true

You can also use config.html to configure gateway.conf. Use your browser navigate to: http://localhost/config.html.
For security reason, this page can be only accessed from localhost.

sparkview-config.png

3. – Server configuration

3.2 – HTTPS and WSS (WebSocket secure connection)

Set up Let’s Encrypt (letsencrypt.org) certificate:

  1. Apply for the certificate from letsencrypt.org and you’ll get the certificate files: cert.perm, privkey.perm, chain.pem etc in /etc/letsencrypt/live/yourDomain/.
  2. openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name spark -CAfile chain.pem -caname anyFriendlyName
  3. Add following entries in gateway.conf:
    keyStore=/etc/letsencrypt/live/domain/cert_and_key.p12
    keyStorePassword = yourExportPasswordInStep3
    ssl = true
    port = 443
    
  4. Restart the gateway.

Renew and update the certificate automatically:

Create a cron job to update check the certificate every day at 2:30AM (crontab -e):

30 2 * * * certbot renew --post-hook "sh /etc/letsencrypt/live/startme.biz/update.sh"

update.sh:

#!/bin/bash
cd /etc/letsencrypt/live/domain/
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name spark -CAfile chain.pem -caname startme -passout pass:mypassword
systemctl stop SparkGateway
systemctl start SparkGateway
exit 0
3. – Server configuration

3.3 – Remote Desktop Web Access Portal Integration

A user can log in with his domain user name and password and get the RemtoeApps or desktops published on the web access portal with the integration.

What you need:

  1. RemoteApp is published and Web Access is enabled.
  2. Web Access portal must be in domain.

What you should do:

  1. Set up the web feed URL of you web access portal in gateway.conf. This URL is your address of your portal + /RDWeb/feed/webfeed.aspx, for example: webfeed = https://sparkview.beyondssl.com/RDWeb/feed/webfeed.aspx
  2. Use login.html as the start page, set directoryIndex = login.html;rdp.html;index.html in gateway.conf.
  3. Make sure html directory is configured in gateway.conf. Gateway will save application icons under this directory (in RDWeb subdirectory).

You don’t need to set up RDP hosts or users in servers.json and users.json anymore.

Bildschirmfoto 2022-04-05 um 16.16.36.png

3. – Server configuration

3.4 – Servers & RDP options

Contents:


General information

You can use the servers.json file to define RDP, SSH, VNC, Telnet and HTTP destinations that should be accessible. The options for the individual destinations can also be specified here.

In addition to manual configuration via the servers.json file, you can also use this via the web UI. To do this, navigate with the browser to https://localhost/config.html. For security reasons, this page can only be accessed from the localhost by default.

You can also organize servers in server groups, which are saved in the serverGroups.json file.

Here is an example of a servers.json file:

{
  "type": "NORMALLIST",
  "display": true,
  "connections": [
    {
      "id": "Word",
      "displayName": "RemoteApp MS Word",
      "server": "213.180.85.124",
      "icon": "kbd.png",
      "protocols": "rdp",
      "rdp": {
        "username": "demo",
        "password": "m9ff.QWE",
        "domain": "SERVERSKY",
        "remoteProgram": "||WINWORD",
        "mapClipboard": true,
        "mapDisk": true,
        "playSound": 0,
        "mapPrinter": true
      }
    }
  ]
}

This file is in JSON format, {} means an object, [] means an array.

For a complete list of RDP options, please go to chapter 4.1.


Performance flags

Default value of the performance flags parameter is 111.

ID Property Description
0x00000000 TS_PERF_DISABLE_NOTHING No features are disabled.
0x00000001 TS_PERF_DISABLE_WALLPAPER Wallpaper on the desktop is not displayed.
0x00000002 TS_PERF_DISABLE_FULLWINDOWDRAG Full-window drag is disabled; only the window outline is displayed when the window is moved.
0x00000004 TS_PERF_DISABLE_MENUANIMATIONS Menu animations are disabled.
0x00000008 TS_PERF_DISABLE_THEMING Themes are disabled.
0x00000010 TS_PERF_ENABLE_ENHANCED_GRAPHICS Enable enhanced graphics.
0x00000020 TS_PERF_DISABLE_CURSOR_SHADOW No shadow is displayed for the cursor.
0x00000040 TS_PERF_DISABLE_CURSORSETTINGS Cursor blinking is disabled.
0x00000080 TS_PERF_ENABLE_FONT_SMOOTHING Enable font smoothing.
0x00000100 TS_PERF_ENABLE_DESKTOP_COMPOSITION Enable desktop composition.
0x40000000 TS_PERF_DEFAULT_NONPERFCLIENT_SETTING Set internally for clients not aware of this setting.
0x80000000 TS_PERF_RESERVED1 Reserved and used internally by the client.

Example:
111 = PERF_DISABLE_CURSOR_SHADOW | PERF_DISABLE_CURSORSETTINGS | PERF_DISABLE_FULLWINDOWDRAG | PERF_DISABLE_MENUANIMATIONS | PERF_DISABLE_THEMING | PERF_DISABLE_WALLPAPER;


IP ranges

You can also define IP ranges in servers.json, for example:

{
  "id": "range1",
  "ipRanges": [
    {"from": "192.168.0.0", "to": "192.168.0.250"},
    {"from": "192.168.56.0", "to": "192.168.56.250"}
  ]
},

Keyboard layouts

Id Name
0x00000401 Arabic (101)
0x00000402 Bulgarian
0x00000404 Chinese (Traditional) - US Keyboard
0x00000405 Czech
0x00000406 Danish
0x00000407 German
0x00000408 Greek
0x00000409 US
0x0000040A Spanish
0x0000040B Finnish
0x0000040C French
0x0000040D Hebrew
0x0000040E Hungarian
0x0000040F Icelandic
0x00000410 Italian
0x00000411 Japanese
0x00000412 Korean
0x00000413 Dutch
0x00000414 Norwegian
0x00000415 Polish (Programmers)
0x00000416 Portuguese (Brazilian ABNT)
0x00000418 Romanian
0x00000419 Russian
0x0000041A Croatian
0x0000041B Slovak
0x0000041C Albanian
0x0000041D Swedish
0x0000041E Thai Kedmanee
0x0000041F Turkish Q
0x00000420 Urdu
0x00000422 Ukrainian
0x00000423 Belarusian
0x00000424 Slovenian
0x00000425 Estonian
0x00000426 Latvian
0x00000427 Lithuanian IBM
0x00000429 Farsi
0x0000042A Vietnamese
0x0000042B Armenian Eastern
0x0000042C Azeri Latin
0x0000042F FYRO Macedonian
0x00000437 Georgian
0x00000438 Faeroese
0x00000439 Devanagari - INSCRIPT
0x0000043A Maltese 47-key
0x0000043B Norwegian with Sami
0x0000043F Kazakh
0x00000440 Kyrgyz Cyrillic
0x00000444 Tatar
0x00000445 Bengali
0x00000446 Punjabi
0x00000447 Gujarati
0x00000449 Tamil
0x0000044A Telugu
0x0000044B Kannada
0x0000044C Malayalam
0x0000044E Marathi
0x00000450 Mongolian Cyrillic
0x00000452 United Kingdom Extended
0x0000045A Syriac
0x00000461 Nepali
0x00000463 Pashto
0x00000465 Divehi Phonetic
0x0000046E Luxembourgish
0x00000481 Maori
0x00000804 Chinese (Simplified) - US Keyboard
0x00000807 Swiss German
0x00000809 United Kingdom
0x0000080A Latin American
0x0000080C Belgian French
0x00000813 Belgian (Period)
0x00000816 Portuguese
0x0000081A Serbian (Latin)
0x0000082C Azeri Cyrillic
0x0000083B Swedish with Sami
0x00000843 Uzbek Cyrillic
0x0000085D Inuktitut Latin
0x00000C0C Canadian French (legacy)
0x00000C1A Serbian (Cyrillic)
0x00001009 Canadian French
0x0000100C Swiss French
0x0000141A Bosnian
0x00001809 Irish
0x0000201A Bosnian Cyrillic

Keyboard layout variants

Id Name
0x00010401 Arabic (102)
0x00010402 Bulgarian (Latin)
0x00010405 Czech (QWERTY)
0x00010407 German (IBM)
0x00010408 Greek (220)
0x00010409 United States-Dvorak
0x0001040A Spanish Variation
0x0001040E Hungarian 101-key
0x00010410 Italian (142)
0x00010415 Polish (214)
0x00010416 Portuguese (Brazilian ABNT2)
0x00010419 Russian (Typewriter)
0x0001041B Slovak (QWERTY)
0x0001041E Thai Pattachote
0x0001041F Turkish F
0x00010426 Latvian (QWERTY)
0x00010427 Lithuanian
0x0001042B Armenian Western
0x00010439 Hindi Traditional
0x0001043A Maltese 48-key
0x0001043B Sami Extended Norway
0x00010445 Bengali (Inscript)
0x0001045A Syriac Phonetic
0x00010465 Divehi Typewriter
0x0001080C Belgian (Comma)
0x0001083B Finnish with Sami
0x00011009 Canadian Multilingual Standard
0x00011809 Gaelic
0x00020401 Arabic (102) AZERTY
0x00020405 Czech Programmers
0x00020408 Greek (319)
0x00020409 United States-International
0x0002041E Thai Kedmanee (non-ShiftLock)
0x0002083B Sami Extended Finland-Sweden
0x00030408 Greek (220) Latin
0x00030409 United States-Dvorak for left hand
0x0003041E Thai Pattachote (non-ShiftLock)
0x00040408 Greek (319) Latin
0x00040409 United States-Dvorak for right hand
0x00050408 Greek Latin
0x00050409 US English Table for IBM Arabic 238_L
0x00060408 Greek Polytonic
0xB0000407 German Neo

Keyboard Input Method Editors (IMEs)

Id Name
0xE0010404 Chinese (Traditional) - Phonetic
0xE0010411 Japanese Input System (MS-IME2002)
0xE0010412 Korean Input System (IME 2000)
0xE0010804 Chinese (Simplified) - QuanPin
0xE0020404 Chinese (Traditional) - ChangJie
0xE0020804 Chinese (Simplified) - ShuangPin
0xE0030404 Chinese (Traditional) - Quick
0xE0030804 Chinese (Simplified) - ZhengMa
0xE0040404 Chinese (Traditional) - Big5 Code
0xE0050404 Chinese (Traditional) - Array
0xE0050804 Chinese (Simplified) - NeiMa
0xE0060404 Chinese (Traditional) - DaYi
0xE0070404 Chinese (Traditional) - Unicode
0xE0080404 Chinese (Traditional) - New Phonetic
0xE0090404 Chinese (Traditional) - New ChangJie
0xE00E0804 Chinese (Traditional) - Microsoft Pinyin IME 3.0
0xE00F0404 Chinese (Traditional) - Alphanumeric
3. – Server configuration

3.5 – Users

You can use users.json file to configure: users (name and password), RDP hosts (configured in servers.json) a user can access. User will have to log in when this file was used (starting from login.html)

Bildschirmfoto 2022-04-05 um 12.32.08.png

You can also log in with Google, Yahoo account etc with OAuth 2 integration. For OAuth integration

If you don’t need this OAuth integration, you can remove following part from login.html:
<a href="/OPENID?id=Google"><img src="google.png" title="Sign in with Google account"/></a>

Please check Chapter 3.22 for more information about OAuth 2.
User will see a list of RDP hosts and applications they can use after logging in:

Bildschirmfoto 2022-04-05 um 12.34.19.png

You can also use config.html to configure users.json. Use your browser and navigate to: http://localhost/config.html. For security reason, this page can be only accessed from localhost. The user name should be your email if you are using OpenID integration (log in with Google Account etc).

The following parameters can be stored when creating a user:

You can import users from Active Directory too. These domain users will use active directory authentication and don’t need to have passwords (default is ***).

You can also configure user group, which is saved in userGroups.json by default:

Bildschirmfoto 2022-04-05 um 12.35.36.png


Activate two-factor authentication (2FA)

An authenticator app (e.g. Google Authenticator) is required for use.

  1. Set twoFA=1 to activate or twoFA=2 to force in gateway.conf
  2. The user logs in to SparkView, a QR code appears
  3. Scan the QR code with the Authenticator app and enter the 6-digit code

Reset second factor (2FA) for individual users

There are 3 ways to reset the second factor for individual users:

Java-Command

To do this, the SparkView service must first be stopped. Then use the following command in the SparkView root directory:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username

For AD users, please use the following command:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"

For Windows users:
java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username or if AD:
java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"

cURL-Request

The SparkView service must be running for this. Then please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=username" http://sparkview-server.com/CONTROL

For AD users, please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=domain\user.name" http://sparkview-server.com/CONTROL

HTTP request (API)

The SparkView service must be running and a hashed management password must be used. Then please call up the following URL:
http://sparkview-server.com/CONTROL?target=twofa&user=username&gatewayPwd=21232f297a57a5a743894a0e4a801fc3

3. – Server configuration

3.6 – Easy printing

In a traditional RDP environment, you may have to install drivers for client side printers to make printer redirection work. Compared with other solutions, Spark Easy Printing has following benefits:

  1. Don’t need to install any drivers on RDP host.
  2. Don’t need to install anything on client side (MS Easy printing needs install .NET Framework 3.5).
  3. RDP hosts can be any versions of Windows (MS Easy printing need to be Windows 7 and above).
  4. Using separate channel (via http or https) for printing which will not affect your RDP experience.
  5. Support all printers, support both PostScript, PCL, PDF and text only (Receipts, Label printer) printers, and printers can have any names. Some application can only work on PCL printers or printers with specific names.
  6. Support all devices, you can print on Mac, Android, iOS too (MS and Citrix printing can be only used on PC).
  7. Fewer bandwidth usages.

How Spark View Easy printing works:

To make printing works, you need to install a PostScript to PDF converter along with Gateway. Ghostscript is recommended and it works on different platforms.

Please also make sure printer redirection is enabled in RDP host.

Install a PostScript Printer (Recommended):

  1. Set a PostScript to PDF converter in gateway.conf (we use Ghostscript http://www.ghostscript.com/download/ here):
    converter = C:\\Program Files\\gs\\gs9.05\\bin\\gswin64c.exe
  2. Set the arguments for converter in gateway.conf:
    arguments = -dBATCH -dNOPAUSE -dUseCIEColor -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2
  3. Set a PostScript printer driver in gateway.conf (optional):
    printerDriver = HP Color LaserJet 8500 PS
  4. Set a name for the printer in gateway.conf (optional):
    printer = My Printer Name

Since version 5.7, the gateway will automatically choose the best available driver. It’s not recommended to set up the printerDriver unless you have special needs.

Install a PCL printer (some applications only work on PCL printer):

  1. Set a PCL to PDF converter in gateway.conf (we use ghostPCL http://www.ghostscript.com/GhostPCL.html here):
    converter = C:\\apps\\ghostpcl-9.05-win32\\pcl6-9.05-win32.exe
  2. Set the arguments for converter in gateway.conf:
    arguments = -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=%1 %2
  3. Set a PCL printer driver in gateway.conf:
    printerDriver = HP LaserJet 4100 Series PCL
  4. Set a name for the printer in gateway.conf (optional)
    printer = My Printer Name

For receipts and label (text only) printers, please add “&textPrinter=on” into the websocket url.

If you got “Unsupported driver Installation” warning on Windows 2003, please change following setting:
Control Panel -> System Properties -> Hardware -> Driver Signing Options -> "Ignore" + "Make this action the system default"

Enable silent printing:

Chrome: "More tools" ->"Create application shortcuts", then edit the just created shortcut, add " -- kiosk-printing" into the target:

Capture.PNG

Firefox: Type about:config at Firefox. Right click at anywhere on the page and select New > Boolean. Enter the preference name as print.always_print_silent, click OK and select "true" as the value. Restart Firefox.

3. – Server configuration

3.7 – RemoteApp and start a program instead of the whole desktop

There are two ways to start a program:

Bildschirmfoto 2022-04-05 um 12.55.41.png

Start a program on connection use a program as shell of Windows. That means you can only use one program in this session. You’ll need to create 2 sessions to start 2 programs (this user will use two SparkView licenses then). To configure “Start a program on connection” in servers.json file, you need to specify “command” and “directory” options. Please make sure you allow users to start unlisted programs on Windows 2008:

Bildschirmfoto 2022-04-05 um 12.59.36.png

If you are using Windows Server 2012 R2 you can configure this in the Collection properties sheet by using Server Manager. By default, only programs in the RemoteApp Programs list can be started when a user starts a Remote Desktop Services session. You can also use following policy or registry to do the same:

RemoteApp was introduced in RDP 6.1. All RemtoeApps running on client side can share only one session, even you are running thousands of RemoteApps. To configure RemoteApps in servers.json, you need to specify “remoteProgram”, “remoteWorkDir”, and “remoteArgs” options.

RemoteApp window will be automatically resized (no reconnection needed) when you resize the browser window. Here is a example for setting up RemoteApp in servers.json:

{
  "id": "RemoteAppWord",
  "displayName": "RemoteApp WORD",
  "server": "192.168.8.119",
  "icon": "kbd.png",
  "protocols": "rdp",
  "rdp": {
    "username": "Administrator",
    "mapClipboard": true,
    "password": "password",
    "remoteProgram": "||WINWORD"
  }
},

If you are using alias name of the RemoteApp, please make sure there are || before it.

For a good user experience, it’s better to start program without splash screen, also set time limit for disconnected session on RDSH:

  1. Log on to the terminal server as an administrator.
  2. Start the Local Group Policy Editor. To do this, click Start, click Run, type gpedit.msc, and then click OK.
  3. Locate the following node:
    Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Session Time Limits

Note: The policy settings are also located under User Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Session Time Limits

Please check following links for more information:

Configure RemoteApp RDP settings:

http://technet.microsoft.com/en-us/library/cc733144.aspx
For better performance, you may want to add following lines in the “Custom RDP settings” page:

disable full window drag:i:1
disable menu anims:i:1
disable themes:i:1
disable wallpaper:i:1

Please be aware not all applications can run on RemoteApp and Terminal Server/RDSH environment. You may want to choose a Virtual Machine solution instead or connecting to Hyper-V console. All applications are guaranteed to work with Hyper-V console connection, but it doesn’t audio, video etc advanced RDP features.

3. – Server configuration

3.8 – Clipboard redirection and shared clipboard

You can only copy text, image and html between local and remote because of the browser's restriction, but you can copy anything, including files, between any connected sessions (shared clipboard on gateway).

Spark View can tell you are copying from local or another session and enable shared clipboard automatically.

3. – Server configuration

3.9 – Bidirectional audio redirection (RDP)

Audio redirection must be enabled in the RDP server first.

For microphone redirection, Chrome 53, Edge 12, Firefox 36, Safari 11 and secure context (HTTPS) are required.

playSound=0 to bring remote sound to local.
audioRecord=on to enable microphone redirection.

Settings for microphone in RDSH:

collection-edit.PNG

Group policy:
The path to the group policy is the following:
Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Sesssion Host / Device and Resource Redirection

gpedit.PNG

Please also make sure you “Allow apps to access your microphone” if you are connecting to Windows 10 or 2019:

Bildschirmfoto 2022-04-05 um 13.16.50.png

GPO Path:
Computer Configuration\Policies\Administrative Templates\Windows Components\App Privacy

GPO:
Let Windows apps access the microphone

3. – Server configuration

3.10 – File share (uploading and downloading)

There are two ways to implement file downloading/uploading. One is using temporary directory for every user. The temporary directory will be deleted after user session was terminated. Another is using permanent directory for each RDP host.

Temporary directory

  1. Configure a parent directory in gateway.conf: tmpdir = C:\\apps\\share. You can use ${user} and ${domain} variables in tmpdir since 5.0. This user directory will not be removed automatically if variables are used in tmpdir.
  2. Make sure “Uploading/Downloading files” is selected on client side.
    Bildschirmfoto 2022-04-05 um 13.19.57.png

Permanent directory

  1. Configure disk mapping in servers.json:
    "mapDisk": true,
    "disks": [
      {
        "dosName": "Storage",
        "longName": "Long Display Name",
        "devicePath": "/apps/test/"
      }
    ],
    
    You can use ${user} and ${domain} variables in devicePath since 5.0.
  2. Make sure “Uploading/Downloading files” is selected on client side.

Uploading files

Choose files or drag files to your remote desktop (anywhere except the cloud icon) after logged in. Click the cloud icon on the top middle of you screen to check the uploading process.

The cloud icon will disappear if you have no operation for a while, click anywhere on the screen to bring it back again.

Downloading files

Click the cloud icon, a file browser dialog will be displayed. You can enter a folder or select a file to download. You can also drag a file to your desktop directly if you are using Chrome.

For best result, please make sure share directory is in another disk or file system.

File share will be disabled if directory is not specified in servers.json and gateway.conf.

The file which is uploading has ".uploading" filename extension. You can delete it or resume the uploading later. Uploading will be cancelled if there is no enough free space on the drive.

Drag & Drop

You can drag a local file to remote computer if the current application supports file copy and paste, e.g. File Explorer, Desktop etc. you need to set copyFile = true in gateway.conf to enable this feature. Spark View will ask you to download the files or directories when you copy files or directories in remote computer.

3. – Server configuration

3.11 – Session Recording and Playback

Spark View can record your session in RDP stream format (.rdpv) and play it anywhere. This format has smallest size and best quality in the world.

You need to configure following 3 properties in gateway.conf:

#session recording, 1 means recording graphic only, no sound. 3 means recording graphic and sound.
recording = 1

#parent directory for session recording
recdir = C:\\apps\\share

#warn user about recording
recwarning = true;

Recording, playback is also supported in VNC, SSH, TELNET sessions.

You can also record session on client side (use recording=on parameter).

Since 4.8.8, Spark View supports seamless session shadowing: no need to reconnect (to rest the client status) when user is joining. The seamless joining may take more time if network is slow. You can go back to the old way by setting resetOnJoin=true in gateway.conf

The player.html can play local recording, and playeremote.html can play a file on the gateway (server side).

Converting recording to MP4:

Download the tool:
http://www.remotespark.com/view/converter.jar

Convert a recording file to mp4 in command line:

java -jar converter.jar -s record.rdpv //convert record.rdpv to record.mp4
java -jar converter.jar -s record.rdpv -d new.mp4 //convert record.rdpv to new.mp4
java -jar converter.jar -h //help

Use the jar file as a library:

import com.toremote.record.converter.VedioConverter;

/**
* @param sourcePath source path of a .rdpv type video file
* @param destinationPath OPTIONAL destination path of the converted .mp4 format video file
* @param acceleration OPTIONAL integer bwtween 0 and 10. The acceleration of the speed up effect
* @param fps OPTIONAL frames per second, default is 25.
* @param imgInterval OPTIONAL the interval in seconds of persisting snapshot pictures, default is 10 seconds.
* @param convertType convert type, 0: default, convert to .mp4 video only; 1: convert to png image files only; 2: convert to both png image files and .mp4 video.
*/

VideoConverter converter = new VideoConverter(srcPath, destPath, speed, timeRational,
imgInterval, convertType);

converter.convert();
3. – Server configuration

3.12 – Session Shadowing (join or share an active session on gateway)

Unlimited users can join/share one existed session via one click if you know the session id:
http://www.remotespark.com/join?id=123456789&name=Admin

The input can be controlled by all users or only one of them. User can require control form other user, or give control to other user.

Spark session shadowing has following advantages compared other solutions:

RemoteApp session shadowing is also supported since 3.4.

Make sure you have following parts in your web page to make the shadowing work if you are using yourselves customized web page:

var info = $id("joinSelect");
if (info) {
	info.onchange = function(e){
		svManager.getInstance().setJoinMode(e.target.value);
	};
}

var control = $id("requestControl");
if (control) {
	control.onclick = function(e){
		svManager.getInstance().requestControl();
    };
}

<div id="appinfo" class="appdlg">
	<img alt="" src="info.png" style="float:left">
	<table>
		<tr>
        	<td align="right"><b>Connected to:</b></td>
            <td><span id="connectingTo"></span><br></td>
		</tr>
		<tr>
        	<td align="right"><b>Session id:</b></td>
	        <td><span id="numericId"></span><br></td>
        </tr>
		<tr>
        	<td align="right"><b>Join mode:</b></td>
            <td>
				<select id="joinSelect">
					<option value="0">Every one can control</option>
					<option value="1">Only one can control</option>
				</select><br>
			</td>
		</tr>
		<tr>
        	<td colspan="2"><b>Join this session with following link:</b><br><aid="joinLink"target="_blank"></a></td>
		</tr>
		<tr>
        	<td></td>
            <td align="right"><input type="button"id="requestControl"value="Request Control" disabled="disabled"/></td>
		</tr>
	</table>
</div>

To disable session shadowing, you can:

<table>
	<tr>
       	<td align="right"><b>Connected to:</b></td>
        <td><span id="connectingTo"></span><br></td>
	</tr>
	<tr>
       	<td align="right"><b>Session id:</b></td>
	    <td><span id="numericId"></span><br></td>
    </tr>
	<tr>
       	<td align="right"><b>Join mode:</b></td>
        <td>
			<select id="joinSelect">
				<option value="0">Every one can control</option>
				<option value="1">Only one can control</option>
			</select><br>
		</td>
	</tr>
	<tr>
       	<td colspan="2"><b>Join this session with following link:</b><br><aid="joinLink"target="_blank"></a></td>
	</tr>
	<tr>
       	<td></td>
        <td align="right"><input type="button"id="requestControl"value="Request Control" disabled="disabled"/></td>
	</tr>
</table>

You can also join a symlink if you only know the symlink id, for example:
http://localhost:8080/join.html?symlink=212a155e-e951-40db-95ea-177183174fa7&gateway=wthink&connectif=true

If connectif=true, it will start a new connection if there is no existing connection with the symlink. This only works on symlink joining and you have to enable it by adding following entry in gateway.conf:

connectif = true

If name parameter was given, the name will be displayed under the cursor:

Bildschirmfoto 2022-04-05 um 14.00.32.png

There are two colors under the name: the first is calculated by the name, the second is calculated by the session id which makes sure every user has a unique color combination.

Using session shadowing

As an user, click the "i" symbol on your desktop: Unbenannt.png

You will see an info window with a session ID, a join mode and a session link: Unbenannt2.png

3. – Server configuration

3.13 – Native RDP shadowing (join any active RDP sessions)

Since 6.0, Spark View can use shadow.html to shadow any active RDP sessions on the RDP server, even they are connected from another RDP client, which is same as the mstsc.exe /v:server /shadow:x /control.

Remote shadowing setting is configured using a Group Policy or by registry modification. You can configure whether you need to request the user confirmation to connect, and whether view or control is allowed in the shadow session.

Target RDP server requirements:
Add rule to allow traffic to SMB/CIFS and RPC

To add a firewall rule to allow TCP/445 (SMB/CIFS) and TCP/135 (RPC):

  1. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security - LDAP > Inbound Rules
  2. Right-click and choose "New Rule"
  3. Choose "Predefined" and "File and Printer Sharing", then click "Next"
    Bildschirmfoto 2022-05-31 um 08.05.58.png
  4. Check the follwing, then click "Next":
    • "File and Printer Sharing (NB-Session-In)"
    • "File and Printer Sharing (SMB-In)"
  5. Select "Allow the connection" and click "Finish"

Bildschirmfoto 2022-05-30 um 09.46.15.png

https://sparkview-server/shadow.html

Bildschirmfoto 2022-04-05 um 14.03.24.png

3. – Server configuration

3.14 – Touch interface (iOS, Android etc)

Spark View can operate on tablets and smart phone devices if you have an html5 browser available.

Following gestures are supported:

Gesture Description Action
longpress.png Long press Right click
flick.png Flick Scroll screen if remote desktop resolution is bigger, otherwise drag
pan.png Pan Drag
2tap.png 2 finger tap Right click
2scroll.png 2 finger scroll Mouse wheel
3tap.png 3 finger tap Show software keyboard (iOS only)
3open.png 3 finger pinch open Maximize window
3close.png 3 finger pinch close Restore window
3left.png 3 finger flick left Previous window
3right.png 3 finger flick right Next window
3down.png 3 finger flick down Minimize all windows
3up.png 3 finger flick up Restore all windows

You can also tap the keyboard icon keyboard.png to activate the software keyboard. IE doesn’t support 3 finger gestures and 2 finger scroll (mouse wheel).

Touchpad mode (relative mouse movement)

Tochpad mode allows you to use whole touch screen as a touch pad. You can use the finger to move the cursor and issue a click on the position of the cursor (not the position you are taping on).

Entering text

You can see a keyboard.png button after you tap anywhere on the screen. Taping on this button will activate the software keyboard and allow you entering text. Some PC keys will also be shown on the left top of your screen:

keys-ctrl-alt-del.png

You can see more PC keys by taping on keys-dots.png:

keys-more.png

Make sure you html page has following part to make PC keys work:

<div id="pc_key">
	<span>Ctrl</span><span>Alt</span><span>Del</span><span>Esc</span><span>...</span>
	<div id="pc_key_more">
		<span>F1</span><span>&larr;</span><span>&uarr;</span><span>&rarr;</span><span>&darr;</span><span>Start</span><span>Alt+F4</span><span>Ctrl+Alt+Del</span>
	</div>
</div>

You can also add any other keys by changing the pc_key div.

3. – Server configuration

3.15 – Touch remoting

Touch Remoting will be enabled automatically when following conditions are met:

3. – Server configuration

3.16 – Hyper-V Console and Enhanced Session Mode

Compared with normal RDP connection, Hyper-V console connection has following pros and cons:

Pros:

Cons (if enhanced session mode is not enabled):

Since Window 2012 R2, Hyper-V console supports enhanced session mode which allow your redirect local resource in Hyper-V console session. To enable enhanced session mode in Spark View, please append ";EnhancedMode=1" to the VM GUID. Please check following link for more information about enhanced session mode:
http://technet.microsoft.com/en-us/library/dn282274.aspx

To connect to Hyper-V console, make sure:

3. – Server configuration

3.17 – RDP connection cache/pool

RDP session may take minutes to start (booting, login, user profile etc) which is unacceptable sometimes. RDP connection Cache/pool allows you see you desktop and RemoteApp instantly.

You can cache a connection on client side and display it when user needs it. Cache on client side is faster and recommended.

You can also cache a connection on gateway side (in a connection pool) too. It’s disabled by default, to enable it, set maxCacheTime to a non-zero value in gateway.conf.

Please check example7.html (under html directory) for usage on client side.

Cache API also make integration more easier, here is what you can do with it:

3. – Server configuration

3.18 – Symlink (access link)

You can create a symlink for a RDP host (must be configured in servers.json first). After you created a RDP server in servers.json, you’ll be able to access it with the server id. Symlink is more secure than server id, and it can be a temporary link (set up valid time) or a permanent link.

You can create a symlink file manual and specify this file in gateway.conf. Here is an example of symlink file:

{
  "symlinks": [
    {
      "id": "3645e6db-7afc-4fff-8ad9-92415aa25db0",
      "resourceId": "demo2",
      "validFrom": "2013-05-14 20:43 MDT",
      "validTime": "5d",
      "parameters": "user=uu&pwd=pp",
      "comment": comment"
    }
  ]
}

The pattern for date format is yyyy-MM-dd HH:mm z.
Please check http://docs.oracle.com/javase/7/docs/api/java/text/SimpleDateFormat.html for more information about this format.

You can send extra parameters to the server by configuring the "parameters" property.

You need to specify the location of the symlink file in gateway.conf:
symlink = C:\\Users\\uuu\\workspace\\data\\symlink.json

You can also configure this using config.html:

Bildschirmfoto 2022-04-05 um 16.24.26.png

On the client side, you'll need to use 'symlink=symlinkId' instead of 'server=yourServer' when creating a connection:
var rdp = new svGlobal.Rdp('ws://gateway/RDP?symlink=symlinkId&mapClipboard=on&...')

You can also join a symlink:
var rdp = new svGlobal.Rdp('ws://gateway/JOIN?symlink=symlinkId&mapClipboard=on&connectif=on&...')

If connectif = on and there is no session established with that symlink, this will create a new connection instead. Make sure you set connectif = on in gateway.conf to enable this feature first.

3. – Server configuration

3.19 – Macro recording

Macro recording can be used on software testing, automated jobs etc. Please add macro.js into your web page and then you can record macro:

Please check the source code of macro.js for more details.

3. – Server configuration

3.20 - Remote assistance

You can provide Remote Assistance with assit.html. With Spark View's cross-platform ability, now you can provide remote assistance from anywhere, and devices:

Bildschirmfoto 2022-04-05 um 16.28.41.png

You can connect to Windows XP, Windows 7, Windows 2008, Window 8, Windows 2012 with SparkView remote assistance. SparkView only accepts invitation file which is generated in version 1 format for now.

3. – Server configuration

3.21 – RFB (VNC) protocol support

You can connect to any VNC server (Linux, Mac etc) with vnc.html. It also supports session shadowing.

Bildschirmfoto 2022-04-05 um 16.30.13.png

3. – Server configuration

3.22 – SSH and Telnet

You can connect to SSH server with ssh.html, and connect to Telnet server with telnet.html:

Bildschirmfoto 2022-04-05 um 16.31.40.png

Bildschirmfoto 2022-04-05 um 16.31.48.png

3. – Server configuration

3.23 – Smart Card Redirection

Since version 5.7, Java applet was deprecated. Smart Card redirection need a small native application (sg_agent.exe for Windows, sg_agent.zip for macOS) running on user’s machine to communicate with Smart Card.

Bildschirmfoto 2022-04-05 um 16.33.41.png

Local hardware (smart card, scanner) redirection needs an agent (native application) running on your computer to acees the local hardware. Please:

  1. Download the agent from your installation: http://localhost:8080/sg_agent.exe
  2. Run the agent and keep it running during the connection (you only need to run the agent once for multiple sessions).
  3. Click the "Open" button to open a new window (bridge.html) to communicate with the agent and keep it open during the connection.

sv_agent.png

You also need to add the "&smartCard=on" parameter to your websocket URL to enable smart card redirection. Use the "&passwordIsPin=on" parameter if you want to transfer password as the PIN of smart card.

If the green smart card icon is displayed in the traybar, the implementation was successful: sv_tray.png


smart card, smartcard, hardware token, hardwaretoken

3. – Server configuration

3.24 – Scanner redirection

Spark View provides two different method for scanner redirection:

  1. Please use the TWAIN Virtual Data Source if your scanner has TWAIN driver and your application supports TWAIN scanner. OR
  2. Please run the SparkScan.exe in RDP server to scan from a local scanner which supports TWAIN, WIA (windows) or ICA (Mac OS) scanner.

Virtual TWAIN Data Source deployment (Need to deploy it on the RDP server first):

  1. Create a directory under windows\windows\twain_32, for example: RemoteSpark
  2. Copy SparkDataSource.ds to this directory:
    windows\windows\twain_32\RemoteSpark\SparkDataSource.ds

    The name of the directory or SparkDataSource.ds can be changed.
    Run SparkScan /? to show the help information.
3. – Server configuration

3.25 – USB redirection

USB redirection is based on WebUSB: https://wicg.github.io/webusb/. Please check your browser compatibility: https://developer.mozilla.org/en-US/docs/Web/API/USB#browser_compatibility.

3. – Server configuration

3.26 – OAuth 2.0/Okta integration

You need to register your application before you use OAuth 2.0 integration.

Provider Registering Address
Google https://support.google.com/cloud/answer/6158849
Windows Live Connect https://account.live.com/developers/applications
http://msdn.microsoft.com/en-us/windowslive/ff769489.aspx

Please use http(s)://gatewayAddress/oauth2callback for redirect URI.

You'll get client id and client secret after the registration, and set up them in the oauth2.json configuration file. You can specify the location of oauth2.json in gateway.conf.

Example of oauth2.json:

{
  "providers" : [{
    "name" : "Google",
    "client_id" : "650561938988-t2r66k1ms3hpoi3k1e2g7l2adlarau8s.apps.googleusercontent.com",
    "client_secret" : "-D-nhxWn2E97tZWWLg5IQ6Ak",
    "request_uri" : "https://accounts.google.com/o/oauth2/auth",
    "redirect_uri" : "http://localhost/oauth2callback",
    "access_token_uri": "https://oauth2.googleapis.com/token",
    "auth_uri": "/login_chrome.html",
    "scope": "openid email"
  },
  {
    "name" : "Live",
    "client_id" : "0000000040133A31",
    "client_secret" : "p9WwBr2Pyrq6mtaeZCwTSwqbIF39Br3Z",
    "request_uri" : "https://login.live.com/oauth20_authorize.srf",
    "redirect_uri" : "http://www.remotespark2.com/oauth2callback",
    "access_token_uri": "https://login.live.com/oauth20_token.srf",
    "scope": "wl.emails",
    "profile_uri": "https://apis.live.net/v5.0/me"
  }]
}

Okta SSO

To enable SSO, Spark View application need to be configured as trusted application (Resource Owner Password Flow):
https://developer.okta.com/docs/guides/implement-password/overview/

You don’t need to configure request_uri, redirect_uri , and profile_uri for Okta.
Here is an example for Okta:

{
  "providers": [
    {
      "name" : "okta",
      "client_id" : "0000000040133A31",
      "client_secret" : "p9WwBr2Pyrq6mtaeZCwTSwqbIF39Br3Z",
      "access_token_uri": " https://dev-160206.okta.com/oauth2/v1/token",
      "scope": "openid email"
    }
  ]
}

Then login from http://yourGateway/login_okta.html.

3. – Server configuration

3.27 – Active Directory, Azure AD, LDAP, RADIUS integration

Create configuration files easily

Click here to go to the customizer for the integration of authentication services. Fast, simple, secure. No data is stored on the server!

To the customizer →

You can authenticate your users against Active Directory, LDAP or RADIUS server. Please configure your users.json as followings:

Active Directory or LDAP

{
  "source": {
    "type": "AD",
    "properties": {
      "server": "192.168.12.128:389", //can also be specified without the port
      "domain": "mydomain.com",
      "groups": "sales, support",
      "transferCredential": false
    }
  }
}

You can let gateway fetch servers from the AD. The following example will fetch all the servers from the "otherLoginWorkstations" attribute:

{
  "source": {
    "type": "AD",
    "properties": {
      "server": "192.168.12.128:389",
      "domain": "mydomain.com",
      "groups": "sales, support",
      "transferCredential": false,
      "serversAttr": "otherLoginWorkstations"
    }
  }
}

Gateway can also change AD user password if:

  1. AD has SSL enabled.
  2. Export the AD certificate (Public key only) in Base-64 encoded X.509 file format.
  3. Import the AD certificate to Java keystore with following commands:
    cd JRE\bin (use JDK\bin instead if JRE is not found, for example, OpenJDK11).
    keytool -importcert -alias "anyName" -keystore \lib\security\cacerts -storepass changeit -file "C:\Users\username\Desktop\exported.cer"
    
    Please check Microsoft Tech Community Blog for more details on how to setup LDAPS on Windows.
  4. users.json:
    {
      "source": {
        "type": "AD",
        "properties": {
          "server": "192.168.12.128:389",
          "secProtocol": "tls",
          "domain": "mydomain.com",
          "groups": "sales, support",
          "transferCredential": false,
          "serversAttr": "otherLoginWorkstations"
        }
      }
    }
    
    "tls" or "ssl" can be used for the security protocol (secProtocol).

LDAP debugging

Get LDAP debug logs

If errors occur when trying to connect via LDAP, the following Java parameter can be stored in order to obtain more error information and logging for LDAP:
-Dcom.sun.jndi.ldap.connect.pool.debug=all

Please enter the parameter in SparkView in the Control Panel:
SCR-20240108-jaek.png


Prevent unmatched name issue

If the LDAP server is specified via an IP address and not the host name, unmatched name issues may occur. To prevent this, set the following Java parameter:
-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

RADIUS

{
  "source": {
    "type": "RADIUS",
    "properties": {
      "server": "192.168.12.128",
      "port": "1812",
      "accountingPort": "1813",
      "sharedSecret": "test123"
    }
  }
}

The sharedSecret can be gateway wide, can also be passed from the client side. Please check the source code of login.html for more information.

You also need to configure the servers in servers.json.

Azure AD

The Azure AD connection is essentially an OAuth2 connection. You can find more information about OAuth2 here.

To connect Azure AD, you need to create a JSON file (e.g. providers.json) with the following content, or extend an existing OAuth2 JSON file:

{
  "providers" : [
    {
      "name" : "Live",
      "client_id" : "40e0b9e5-a534-4bbe-98d2-f3ff0139b67f",
      "client_secret" : "UVH8Q~_e3MxQknUYzbo.bSy_lYafDBO_-R8pTWaCt",
      "request_uri" : "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
      "redirect_uri" : "https://www.mygateway.com/oauth2callback",
      "access_token_uri": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
      "scope": "openid profile email"
    }
  ]
}

Please replace https://www.mygateway.com with the address of your SparkView server.

In the gateway.conf file, this file must then be linked (if not already done with an existing file):

oauth2 = C:\\data\\oauth\\providers.json

Please note that the endpoint name "common" in the URL may be different for you. You can find more information about this here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints

3. – Server configuration

3.28 – Using Java parameters

In some cases, the use of Java parameters during or before the start of SparkView is useful or necessary.
Depending on the system, these must be entered as follows:

Windows

Enter the parameters in the SparkView control panel under the "Java" tab one below the other.


Linux/MacOS

Enter the parameters directly with the start command, e.g.

java -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -jar SparkGateway.jar
3. – Server configuration

3.28 – Send logs to syslog

SparkView can collect and forward logs under Linux via syslog. This requires a few adjustments on the part of SparkView and on the server.

Adjustments SparkView:

Create the file logging.properties in the SparkView root directory. You can also copy an existing one from the JRE/lib directory and customize it by adding the following lines at the end:

.level= INFO
handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
# Syslog logger
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.facility = local0
com.agafua.syslog.SyslogHandler.port = 514
com.agafua.syslog.SyslogHandler.hostname = vmuser-xubuntu1604

Then add the Java VM argument to the command that starts SparkView:

-Djava.util.logging.config.file=yourSparkViewFolder/logging.properties

Adjustments Server (Ubuntu):
  1. Edit the file "/etc/rsyslog.conf" and comment/activate the following two lines:
    module(load="imudp")
    input(type="imudp" port="514")
    
  2. Go to the directory "/etc/rsyslog.d" and create a new file "60-java.conf" (the name can be chosen arbitrarily) with the following content:
    local0.* /var/log/gateway.log
    
  3. Restart the syslog service: sudo service rsyslog restart

4. – Administration and usage via UI

4. – Administration and usage via UI

4.1 – config.html

After opening the /config.html page, you have the possibility to configure all the important settings in SparkView.

Quick overview of the individual topics:

If you access the page from the localhost, no password is required to start the configuration. Outside the localhost, the management password must be entered.

Below you will find a descriptive overview of the different settings areas (tabs here). The name corresponds to the attribute name that can be written directly to the gateway.conf file.

Gateway

Name in config.html Attribute in gateway.conf Type Default Description
SSL (https and wss) ssl boolean false Enable/disable HTTPS/WSS. Can be true and false
Port (Default is 80 or 443) port number 8080 Port on which SparkView is running
Binding Address bindAddr string "localhost" Bind SparkView to a fixed IP address
Network Level Authentication credSSP boolean false Enable/disable NLA. Can be true, false or auto
Path of License File license string "./license" Full path to license file, including file name. Only for paid version.
Upload License File Upload a license file
HTML Root Directory html string "./html/" HTML root directory. Printed files are stored in the "temp" subdirectory. Please make sure that SparkView has read and write permissions.
Default Web Page directoryIndex string "rdp.html;index.html" Default page (inside the HTML directory) that is displayed after opening SparkView.
Path of Log File logfile string "gateway.log" Full path to log file, including file name.
Size of Single Log File (bytes) maxbytes number 30720000 Maximum size of a log file (please specify in bytes)
Maximum number of Log Files maxfiles number 99 Maximum number of log files.
Log HTTP header logHttpHeader boolean true Log HTTP header. This may contain sensitive information such as passwords.
PDF Converter converter string Full path to the Postscript to PDF converter. Ghostscript (https://ghostscript.com/releases) is recommended.
PDF Converter Arguments arguments string "-dBATCH -dNOPAUSE -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2" Arguments for the Postscript to PDF converter. %1 is the name of the output PDF file. %2 is the name of the input PS file.
Plugin Class plugin string Class name for a custom plugin.
Administration Password (for reporting API etc) password string "password" Management password for configuration, reporting and API.
Enable Remote Management/Configuration remoteManage boolean false Enable/disable remote management from outside the localhost.
Temporary directory (for downloading/uploading) tmpdir string Parent directory for temporary files.
Days of temporary files are kept keepDays number 1 How many days temporary files should be kept by the system.
RD Web Access Webfeed webfeed string Remote desktop web feed URL, for RD web access integration.
Session Recording recording number Enable/disable session recording. Can be 1 (record graphics only) or 2 (record graphics and sound)
Directory for saving session recordings recdir string Directory for saved session recordings.
Warn user about session recording recwarning boolean true Warn users about session recording.
Access Not-In-List computers after logged in accessNotInList boolean false Whether users can reach computers and servers that are not shared with them or in the web feed.
Name of Redirected Drive disk string Name for the shared disk, used for file upload/download.
Name of Redirected Printer printer string "Remote Printer from Client"
Connections are queued (Backlog) backlog number 50 How many client connections can be queued.
User Definition File user string "./data/users.json" Full path of the users definition file, including file name.
Server Definition File server string "./data/servers.json" Full path of the servers definition file, including file name.
Gateway Web Address webAddress string HTTP address of the web server for OpenID login (redirect). Also in use for client side to get the real gateway address (in case of multiple gateways and load balancing).
Host Name of Client User clientHost string Customize the host name of the client user. For more information and possible parameters see section 3.1, "clientHost".
Rdp Session Performance Flags performanceflags number 111 RDP performance flags. Please see section 3.4 for more information.
RemoteFX remotefx boolean false Enable/disable RemoteFX. Works only with LAN and 32 bit.
DNS Lookups enableLookups boolean false Enable to make calls perform DNS lookups to get the actual hostname of the remote client. Disable to skip DNS lookups and instead return the IP address in the form of a string (which improves performance).
Session cache time (minutes, 0 = disable session cache) maxCacheTime number 0 How long sessions should be cached on the gateway (in minutes). 0 disables the RDP session cache.
Email SMTP Host mail.smtp.host string SMTP host for outgoing emails. You can use java -cp SparkGateway.jar com.toremote.gateway.Mailer title message to send a test email.
Email SMTP Port mail.smtp.port number SMTP port for outgoing emails
Email User mail.user string SMTP user for outgoing emails
Email Password mail.password string SMTP password for outgoing emails
Email From mail.from string Outgoing emails: From
Email to mail.to string Outgoing emails: To
Email SMTP Authentication mail.smtp.auth boolean Server requires authentication
Email TLS mail.smtp.starttls.enable boolean Enable/disable STARTTLS
Symlink symlink string Full path of the symlink definition file, including file name.
License Usage Alert (Email) licenseAlert number (float) Receive an alert by email when the license usage value reaches this value:

Value < 1: Usage value as a percentage of the current license. (e.g.: 0.75 = when 75% usage is reached).

Value > 1: Value in use as actual concurrent connections (e.g.: 394 = if 394 concurrent connections in use).
Interval of thumbnail (milliseconds) thumbnail.interval number 0 Interval for receiving thumbnails of the RDP session (in milliseconds). If 0, the client will not send a thumbnail to the server if there are no changes.
Width of thumbnail thumbnail.width number 0 Thumbnail width (in pixels), must be smaller than 640. 0 = no thumbnail.
Copy timeout (milliseconds) copyTimeout number 3000 Timeout for clipboard redirection (in milliseconds). This value should be increased if you need to copy very large data in your application.
Path of Key Store keyStore string Full path of the keystore file, including file name. Set up keystore or certificate name when ssl is true. For example keystore.jks or cert.pfx.

If you are using a certificate (i.e. cert.pfx), a password is required (see keyStorePassword).

If you are using a Java keystore (i.e. keystore.jks), the password of the keystore must match the one used for the certificate, which is integrated in the keystore.
Password of Key Store keyStorePassword string Keystore or certificate password. If you are using a Java keystore (i.e. keystore.jks), the password of the keystore must match the one used for the certificate, which is integrated in the keystore.
Password Encryption passwordEncrypted boolean false Encrypt the keystore, management and reporting password. Please use following command to get encrypted password:

java -cp SparkGateway.jar com.toremote.gateway.Encryption MyPassword
Remote Assistance assistance boolean false Enable/disable remote assistance.
SSH ssh boolean false Enable/disable SSH.
TELNET telnet boolean false Enable/disable Telnet.
Disable Burst License disableBurstLicense boolean false Enable/disable burst license model.
License status Displays the current license status.

Server

Here you can see a list of all created servers. If you want to add a new server, just click the "Add" button.

To edit an existing server, simply click on the edit icon (1 in the image), to delete a server, click on the delete icon (2 in the image):

SCR-20230317-ifrq.png

After you click the "Add" button to add a new server, you will get a modal window with the following settings options and tabs. The entries can be included directly in the servers.json in addition to the UI version.

Name in config.html Attribute in servers.json Type Default Description
ID id string ID for the server, must be unique.
Display Name displayName string Display name for the server
Server server string Host name or IP address of the server
Icon icon string Image file for the server, which is displayed as an icon in the SparkView portal. Please specify the full path incl. filename here.
Protocols protocols string "rdp" Protocols to use for the server. It is recommended to set a new server entry for each protocol.
RDP
Name in config.html Attribute in servers.json Type Default Description
Port port number 3389 RDP port to use
User username string User name (optional, since solved via users/users.json)
Password password string Password (optional, since solved via user/users.json)
Domain domain string Domain where the RDP server is located
Console session console boolean false Establish console session with RDS
VirtualBox RDP or xrdp legacyMode boolean false Use XRDP instead of RDP protocol. Can be used for legacy servers and applications, or Linux distributions.
Keyboard Layout keyboard number Keyboard layout to use. See chapter 3.4 for a layout list.
Color Depth color number 16 Zu verwendende Farbtiefe
Minimum Width minWidth number Minimum width of the remote RDP window. Normally, this field should not be filled in, because the dimensions are detected automatically.
Minimum Height minHeight number Minimum height of the remote RDP window. Normally, this field should not be filled in, because the dimensions are detected automatically.
Start Program on Connection command string After the connection is established, directly launch an installed program on the remote desktop/server.
Start in following folder directory string Start the program to be launched in a specified folder.
RemoteApp Exe or file remoteProgram string Start only one application via RemoteApp instead of an entire desktop environment. Please specify the entire path incl. file name.
RemoteApp Arguments remoteArgs string Arguments to be transferred to the starting RemoteApp
Wake On Lan Mac Address mac string Mac address of the allowed Wake On Lan device. Empty/not set = no Wake On Lan.
Wake On Lan Broadcast IP macIP string Broadcast IP address of the allowed Wake On Lan devices
Clipboard Redirection mapClipboard boolean false Enable/disable clipboard redirection
Sound Redirection playSound number 0 Enable/disable sound playback. 0 = Play sound on this computer; 1 = Do not play sound; 2 = Play sound on the remote computer.
Audio Recording audioRecord boolean false Recording of all audio tracks of the remote computer.
RDP 6.1 Decompression decompressingRDP61 boolean false Enable/disable RDP 6.1 Compression. The RDP 6.1 bulk compression technique produces better compression ratios than the RDP 6.0 bulk compressor, but also consumes significantly more memory, which can affect scalability of multi-user servers. This compressor is only used for server-to-client traffic (it is not used for client-to-server traffic).
Printer Redirection mapPrinter boolean false Activate/deactivate (virtual) printer forwarding.
Session Recording sessionRecord number 0 Enable/disable session recording. 0 = no session recording; 1 = record graphics only; 3 = record graphics and sound.
Drive Redirection mapDisk boolean false Enable/disable disk redirektion.
Drive 0 - Dos Name disks.dosName string For the 1st disk: DOS name
Drive 0 - Path disks.devicePath string For the 1st plate: Full path to the plate
Drive 0 - Actions disks.actions number 7 For the 1st plate: permissions in the octal procedure
Drive 1 - Dos Name disks.dosName string For the 2nd disk: DOS name
Drive 1 - Path disks.devicePath string For the 2nd plate: Full path to the plate
Drive 1 - Actions disks.actions number 1 For the 2nd disk: enable/disable redirect
Drive 2 - Dos Name disks.dosName string For the 3rd disk: DOS name
Drive 2 - Path disks.devicePath string For the 3rd plate: Full path to the plate
Drive 2 - Actions disks.actions number 1 For the 3rd disk: enable/disable redirect
Performance Flags performanceflags number 111 Performance flags for this connection. For more information about the performance flags, see chapter 3.4.
Network Level Authentication (credSSP) credSSP number 0 Enable/disable NLA. 0 = no NLA; 1 = enable NLA; 2 = automatically detect NLA based on server settings.
RemoteFX (32 bit color only) remotefx boolean false Enable/disable RemoteFX. RemoteFX only works with a color depth of 32 bit and under LAN.
Smart Card Redirection smartCard boolean false Enable/disable Smart Card Redirection.
Camera Redirection mapCamera boolean false Enable/disable camera/webcam redirection.
USB Redirection mapUSB boolean false Enable/disable USB Redirection.
Load Balance Info loadBalanceInfo string Load balance information for the use of multiple gateways.
Single Sign-on sso boolean true Use single sign-on for this specific server/connection.
VNC
Name in config.html Attribute in servers.json Type Default Description
Port port number 5900 VNC port to use
Password password string Password (optional, since solved via user/users.json)
Encoding encoding number 16 Coding for the VNC connection. Can be 16 (ZRLE), 7 (Raw) or 0 (Tight).
JPEG Quality quality number 5 Quality of the transferred images (in JPEG format). Significantly affects the performance.
ZIP/Tight Compression compression number 6 Level of compression. Significantly affects the performance.
Use CopyRect encoding UseCopyRect boolean true Enables/disables CopyRect Encoding. The CopyRect encoding is efficient when something is being moved. CopyRect could also be used to efficiently transmit a repeated pattern.
Colors color number 32 Displayed colors during the VNC connection. 256 colors should be used for slow connections with limited bandwidth.
Share the server share boolean true Share the session with other viewers.
Clipboard redirection mapClipboard boolean true Enables/disables clipboard redirection.
Session Recording sessionRecord number 0 Enable/disable session recording. 0 = no session recording; 1 = record graphics only; 3 = record graphics and sound.
SSH
Name in config.html Attribute in servers.json Type Default Description
Port port number 22 SSH port to use
User username string User name (optional, since solved via user/users.json)
Password password string Password (optional, since solved via user/users.json)
Font Size fontSize number 13 Font size used in the displayed terminal.
Clipboard mapClipboard boolean true Enables/disables clipboard redirection.
Session Recording sessionRecord number 0 Enable/disable session recording. 0 = no session recording; 1 = record graphics only; 3 = record graphics and sound.
Key File keyfile string Full path to the key file in PEM format incl. file name. For more information on SSH authentication via keys, see chapter 5.7.
Password of Key File keyfilePwd string Key file password
Terminal Type terminalType string "xterm" Terminal type
Telnet
Name in config.html Attribute in servers.json Type Default Description
Port port number 23 Telnet port to use
Font Size fontSize number 13 Font size used in the displayed terminal.
Clipboard mapClipboard boolean true Enables/disables clipboard redirection.
Session Recording sessionRecord number 0 Enable/disable session recording. 0 = no session recording; 1 = record graphics only; 3 = record graphics and sound.
HTTP
Name in config.html Attribute in servers.json Type Default Description
Scheme scheme string "https" Scheme used. Only HTTP and HTTPS are possible here for the time being.
Port port number 443 HTTP/S port to use
Path path string Full path to the application/page within the HTTP/S page.

User

With SparkView, you basically have several options to integrate users:

You can use config.html to import users from an Active Directory (once) and create users manually from the beginning. Please make connections to Azure AD, Active Directory, LDAP or RADIUS directly in the users.json file. For the sake of simplicity, there is a SparkView Customizer that creates the users configurations for the users.json file.
Click here to get to the customizer →

Import users

To import users from Active Directory, enter all the details in the fields provided and then click the Import Active Directory Users button. In addition to an organizational unit (OU), you can also define a group (5) from which the users are to be imported. You can also assign servers to the new users during import (8) so that this does not have to be done manually for each user.

SCR-20240116-ipfg.png

Add users manually

To add users manually, click the "Add" button. Then you have the following configuration options. The name corresponds to the attribute name, which can be written directly to the users.json file.

Name in config.html Attribute in users.json Type Default Description
Name name string Username (recommended without special characters and spaces)
Password password string Password of the user. If it is a domain user, enter *** as the password.
Servers servers array Shared servers for the user. Enter the server IDs comma-separated and without spaces, or select them from the list.
Domain user isDomainUser boolean false Specify whether the user is a domain user.
Domain Server domainServer string Full address of the domain server
Transfer Credential to Connection transferCredential boolean false Forward connection data to the connecting targets. For this purpose, the user name and password entered here must match the access data on the target device.
Host Name (RDP) clientHost string Displayed name of the client/user for RDP connections.
Edit/delete users

In the list view, users can be edited via the edit icon (1) and deleted via the delete icon (2).

SCR-20240116-iqkz.png

Name in config.html Attribute in symlink.json Type Default Description
ID id string Dynamic value Unique ID of the symlink. This ID is generated automatically and should not be changed.
Password password string Password that is given to the symlink as a parameter.
Resource (Server) resourceId string ID of the target system. Can be entered manually or selected from the list.
Valid From validFrom string Validity of the symlink: From when
Valid Time validTime string Validity period of the symlink, e.g. "2d". y = year; M = month; d = day h = hour; m = minute.
or Valid To validTo string Alternatively to the validity period: Until when
Parameters for target parameters string Additional parameters for the symlink. To be entered in URL-encoded form (e.g. user=userName&domain=local).
Comment comment string Comment that is displayed in the edit view.
Access link Using the Access link, you can call the symlink directly from the form and the symlink does not have to be saved first.

In the list view, symlinks can be edited via the edit icon (1) and deleted via the delete icon (2).

SCR-20230317-lvxu.png

Session

In SparkView können Sie über den Session-Tab alle aktiven Session beobachten. Außerdem können Sie über eine JavaScript Konsole Nachrichten an einzelne oder alle Session schicken:

sparkConfig.notify('My message');
→ Sendet eine Nachricht an alle aktiven Sessions.

sparkConfig.notify('My message', [123456789, 123456788]);
→ Sendet eine Nachricht an die aktiven Sessions „123456789“ und „123456788“.

Server Group

Individual servers can be grouped into server groups for better and easier organization. The created server groups are stored in SparkView in the /data/servergroups.json file.

To add a new server group, click the "Add" button. You will then get a modal window again with the following configuration options:

Name in config.html Attribute in servergroups.json Type Default Description
Name name string Name of the server group
Servers servers array Servers to be entered into the server group. The server IDs are entered comma-separated, or selected with the help of the list.

In the list view, server groups can be edited via the edit icon (1) and deleted via the delete icon (2).

SCR-20230317-lmtz.png

User Group

Individual users can be grouped into user groups for better and easier organization. User groups can be given access to server groups. The created user groups are stored in SparkView in the /data/usergroups.json file.

To add a new user group, click the "Add" button. You will then get a modal window again with the following configuration options:

Name in config.html Attribute in usergroups.json Type Default Description
Name name string User group name
Users users array Users to be entered into the user group. The user IDs are entered comma-separated, or selected with the help of the list.
Server Groups servers array Server groups to which the user group should have access. The server group IDs are entered comma-separated, or selected with the help of the list.

In the list view, user groups can be edited via the edit icon (1) and deleted via the delete icon (2).

SCR-20230317-lona.png

4. – Administration and usage via UI

4.2 – file.html

You can use the /file.html page to establish a secure connection to an SMB2 or SFTP destination. All file operations can then be performed through the currently used browser, you do not need a separate client.

After you open the page, you have the following configuration options:

4. – Administration and usage via UI

4.3 – join.html

You can join an existing session as a support or spectator via the /join.html page. You will receive the join ID from the session owner. The session owner can view the session information via the small "i" icon at the top of the screen:



The session owner can also specify whether you can control the session or not.

4. – Administration and usage via UI

4.4 – login.html

You can log in to SparkView via the /login.html page.
Logging in can be done via various services:

🎨 Customization desired?

You want to have your login screen customized to your company/brand? No problem, just contact us by creating a ticket.

Create support ticket →

4. – Administration and usage via UI

4.5 – player.html

You can use the /player.html page to play previously recorded session recordings from localhost. For security reasons, access to this page is limited to the localhost. If you want to play recordings from outside the localhost, please use the /playeremote.html page.

4. – Administration and usage via UI

4.6 – rdp.html

The /rdp.html page is the heart of the SparkView installation and can be used to connect to a remote RDP server. The connection runs entirely within the browser used, thanks to SparkView.

⚠️ Important!

Normally, the connection to RDP servers and applications is controlled via the portal. The direct call of the /rdp.html should only be used if a target is to be addressed once or temporarily and not saved.

After you open the page, you have the following options to configure the connection to the desired destination:

Tab „General“:

Tab „Display“:

Tab „Local“:

Tab „Programs“:
Optionally, a program or a dedicated RemoteApp of the RDP server can be opened directly after the connection is established. This can prevent access to the "normal desktop", for example.

Tab „Advanced“:

Tab „Multi-Monitor“:
To use the multi-monitor feature of SparkView, please follow these steps:

  1. Open a new window for each monitor. Please use the "Open" button in the multi-monitor tab.
  2. Set all windows to be used to full screen
  3. Enter your connection data and click on "Connect".
4. – Administration and usage via UI

4.7 – report.html

On the /report.html page you have the opportunity to get important and up-to-date information about the usage and license of the current SparkView server.

Enter the management password under the gateway address and click the desired button to get the corresponding result/statistic:

Get Report
Get the current number of (concurrent) sessions on the SparkView server.

Get License
Get information about the currently imported license:

4. – Administration and usage via UI

4.8 – shadow.html

By calling the /shadow.html page, you can join an existing RDP session and view it, or even control it.

Please note the requirements that must prevail on the RDP server for session shadowing to work:

  1. Start gpedit.msc and call the following directory:
    Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Connections
  2. Activate the policy "Rules for remote control of Remote Desktop Services user sessions"
  3. Enable file and printer sharing

After opening the page, you have the following options:

4. – Administration and usage via UI

4.9 – ssh.html

The direct call to ssh.html can be used to quickly establish direct SSH connections to remote destinations via SparkView. Please note that a responsive SSH server must be running on the target system.

SparkView supports authentication via username/password or via public key. To enable public key authentication, please follow the instructions in 5.7 - SSH authentication with keys.

After opening the page, you have the following options:

Tab "General":

Tab "Advanced":

4. – Administration and usage via UI

4.10 – telnet.html

The direct call to telnet.html can be used to quickly establish direct telnet connections to remote destinations via SparkView. Please note that a responsive telnet server must be running on the target system.

After opening the page, you have the following setting options:

Tab "General":

Tab "Advanced":

4. – Administration and usage via UI

4.11 – vnc.html

The direct call to vnc.html can be used to quickly establish direct VNC connections to remote targets via SparkView. Please note that a responsive VNC server must be running on the target system.

After opening the page, you have the following settings options:

Tab "General":

Tab "Advanced":

For connections through the VMware HTML Console, please use the yoursparkview.com/vmware.html page. For more information, see 4.13 - vmware.html.

4. – Administration and usage via UI

4.12 – Further files and views

assist.html

Join an existing session for support via this file. Please note that the partner will provide you with the file, as well as the username and password. The invitation file is created by the help seeker via the file msra.exe and should be in the format .msrcIncident.


cname.html

Works with the gateway.conf parameter asHost. If this parameter is set to on, the value of the HTTP header host is set as the server. For example, if you call https://server1/cname.html, an RDP connection to server1 is automatically established. This can be useful when multiple virtual hosts are in use.


faq.html

Learn more about errors that can occur during installation, configuration, and ongoing operation. The notes shown here largely apply to older and legacy versions of SparkView.


joinssh.html

Join an existing SSH session as an outsider using the session ID and a freely assignable name. You receive the session ID from the host of the session to be joined. The host can also choose whether you have read-only or control rights.


jointelnet.html

Join an existing Telnet session as an outsider using the session ID and a freely assignable name. You receive the session ID from the host of the session to be joined. The host can also choose whether you have read-only or control rights.


joinvnc.html

Join an existing VNC session as an outsider using the session ID and a freely assignable name. You receive the session ID from the host of the session to be joined. The host can also choose whether you have read-only or control rights.


keyboard.html

Test the keyboard layout that is currently being used for input here. This allows you to match country and keyboard settings with servers and remote hosts for smooth operation.


monitor.html

This page works analogously to the multi-monitor function of the /rdp.html page and should not be called manually. Please always make multi-monitor connections via the portal or the /rdp.html.


monitordashboard.html

🚧 Experimental feature

This feature is still under development and therefore still in productive mode. Please use with caution!

The monitoring dashboard can be used to view and analyze past actions of the following areas:

The views of the scopes can be filtered by user, start time, end time and hostname if required.


new.html

View version changes and release notes for major versions of SparkView here. Similarly, you can find a granular changelog at /release.txt.


playeremote.html

View previously recorded footage here, even from outside your network. The normal player.html works only from localhost for security reasons, the playeremote.html from anywhere.


rail.html

Open a RemoteApp within another RemoteApp in the same session.


sessiondashboard.html

View all active sessions of the current gateway here. You can filter and sort the sessions.


sshdirect.html

Connect directly to an SSH server here without going through the SparkView dashboard.


sso.html deprecated

Used in older versions to verify credentials via SSO and then forward traffic. These features are now integrated in the login.html and rdpdirect.html files/views, making the sso.html obsolete and should no longer be used.


vmware.html

Provides the ability to establish a direct (VNC) connection to a VMware HTML Console via SparkView. Please note that the callback is done via the /vnc.html file.

5. – Further management and configuration

5. – Further management and configuration

5.1 – Session management

You can use config.html to check session status, terminate or join a session on the gateway:

Bildschirmfoto 2022-04-05 um 17.07.39.png

5. – Further management and configuration

5.2 – Multi-Monitor

You’ll have to open a new browser window for every monitor because you can not span a full screen browser window on multi monitors.

  1. Go to the "Multi-Monitor" tab, click "Open" to open a new browser window
  2. Move the new window to the second screen and make it full screen.
  3. Make the current browser window full screen and connect.
5. – Further management and configuration

5.3 – SMB2 and SFTB file proxy

Spark Gateway can also act as a SMB2/SFTP file proxy. User can access their SMB share, SFTB files with file.html with the following advantages:

Bildschirmfoto 2022-04-05 um 17.11.42.png

5. – Further management and configuration

5.4 – Deploy, run and test applications in the cloud

Deploy and test your application in cloud can cumbersome. You need:

Take advantage of our Spark Gateway proxy, SSH and SFTP feature. We developed a native agent which will work with the gateway to make this a lot easier. Please check our Deploy applications in cloud with SparkView.

5. – Further management and configuration

5.5 – IP filter (iptables)

You can set up IP filters for SparkView.

First, save you ip filters into a JSON file. Here is the format of the IP filter configuration file:

{
  "zoneRules": {
    "HTTP_API": {
      "allow": true,
      "ranges": [
        {
          "from": "192.168.12.100",
          "to": "192.168.12.200"
        },
        {
          "from": "169.254.84.132"
        }
      ]
    },
    "TCP": {
      "allow": true,
      "ranges": [
        {
          "from": "192.168.12.100",
          "to": "192.168.12.200"
        },
        {
          "from": "192.168.12.10",
          "to": "192.168.12.20"
        },
        {
          "from": "169.254.84.132"
        }
      ]
    }
  }
}

Then, you need to specify the location of this file in gateway.conf:
iptables=C:\\workspace\\data\\iptables.json

There are 3 zones available in SparkView:

Rules for accessing config.html:

  1. Always accessible from the localhost
  2. Accessible from anywhere if remoteManage=true in gateway.conf and correct password is provided
  3. Accessible if remoteManage=false and source IP is allowed in iptables
5. – Further management and configuration

5.6 – SNMP integration

Configuration in gateway.conf:

#agent address and port:
snmp.address.get-set = udp:192.168.1.68/1161
snmp.mib.prop.file = /SparkGateway/snmp/snmp-agent-mib.properties
nmp.table.size.limits.prop.file = /SparkGateway/snmp/snmp-agent-table-size-limits.properties

# percentage of license usage to send alert
snmp.license.usage.warning.percentage=0.5

Please check other MIB configuration files in installDir\snamp.

5. – Further management and configuration

5.7 – SSH authentication with keys

To be able to authenticate to a created target system via SSH using public and private keys, the following steps must be followed, which will be described in more detail later:

  1. Generate an SSH key
  2. Copy the key to a server
  3. Test the key
  4. Optional: convert private key to .pem format
  5. Include the key in SparkView

1. Generate an SSH key

With OpenSSH, an SSH key is created using ssh-keygen. In the simplest form, just run ssh-keygen and answer the questions. The following example illustates this.

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sparkview/.ssh/id_rsa): mykey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in mykey.
Your public key has been saved in mykey.pub.
The key fingerprint is: SHA256:GKW7yzA1J1qkr1Cr9MhUwAbHbF2NrIPEgZXeOUOz3Us sparkview@demo
The key's randomart image is:
+---[RSA 2048]----+
|.*++ o.o.        |
|.+B + oo.        |
| +++ *+.         |
| .o.Oo.+E        |
|    ++B.S.       |
|   o * =.        |
|  + = o          |
| + = = .         |
|  + o o          |
+----[SHA256]-----+ #

Creating a key pair (public key and private key) only takes a minute. The key files are usually stored in the ~/.ssh directory.

2. Copy the key to a server

Once an SSH key has been created, the ssh-copy-id command can be used to install it as an authorized key on the server. Once the key has been authorized for SSH, it grants access to the server without a password.

Use a command like the following to copy SSH key:
ssh-copy-id -i ~/.ssh/mykey user@host

This logs into the server host, and copies keys to the server, and configures them to grant access by adding them to the authorized_keys file. The copying may ask for a password or other authentication for the server.

Only the public key is copied to the server. The private key should never be copied to another machine.

3. Test the key

Once the key has been copied, it is best to test it:

ssh -i ~/.ssh/mykey user@host

The login should now complete without asking for a password. Note, however, that the command might ask for the passphrase you specified for the key.

4. Optional: convert private key to .pem format

If you do not have the private key in pem format and/or SparkView shows an error message like the following ...

SEVERE: Invalid PEM structure, '-----BEGIN...' missing

java.io.IOException: Invalid PEM structure, '-----BEGIN...' missing
	at com.trilead.ssh2.crypto.PEMDecoder.parsePEM(SourceFile:183)
	at com.trilead.ssh2.crypto.PEMDecoder.decode(SourceFile:429)
	at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(SourceFile:175)
	at com.trilead.ssh2.Connection.authenticateWithPublicKey(SourceFile:335)
	at com.trilead.ssh2.Connection.authenticateWithPublicKey(SourceFile:428)
	at com.toremote.websocket.ssh.SSHWrapper.connect(SourceFile:109)
	at com.toremote.websocket.ssh.SSHRunner.run(SourceFile:165)

... you should convert the private key to the correct format. To do this, you can run the following command:

ssh-keygen -f mykey -m pem -p && cat mykey > mykey.pem

You may need to re-enter the passphrase for the key. The command creates a pem version of the private key and then copies it to a key file named "mykey.pem".

5. Include the key in SparkView

To finally use the key with SparkView, copy the previously created file "mykey.pem" into the root directory of SparkView. Then you enter the location of the key in the server configuration:


When you connect to the server afterwards, you only need to enter the SSH username and the connection will be authenticated and established automatically. Alternatively, you can forward the credentials from the user, but the SparkView user name and the SSH user name must be the same.

6. – API and Plug-In

6. – API and Plug-In

6.1 – Reporting API (query server status, client side JavaScript API)

Include "gateway.js" in your web page:

var gw = new Gateway("192.168.9.118");

gw.login("password");
gw.report(); //output to console
gw.report(callback); //output to callback method
gw.checkLicense(callback2); //check license status

function callback(obj) {
  if (obj.error) {
    console.log("Error on getting report:" + obj.error);
    return;
  }
  var c, cs = obj.connections;
  var len = cs.length;
  console.log("\nTotal connections:" + len);
  for ( var i = 0; i < len; i++) {
    c = cs[i];
    console.log("connection " + i + " ------");
    console.log("clientIp: " + c.clientIp);
    console.log("clientAgent: " + c.clientAgent);
    console.log("server: " + c.server);
    console.log("startTime: " + c.startTime);
  }
}

We also have a Java command line tool available for the same purpose. Please download it from our website.

We also have WebSocket client available which can be used to communicate with our gateway or other WebSocket servers.

6. – API and Plug-In

6.2 – RDP library (client side JavaScript API)

6. – API and Plug-In

6.2.1 – RDP parameters

Parameter                                                                                                                                        Value
gateway BindString, address and listening port of the gateway.
For example: 192.168.0.8:443
server String, address of the RDP host.
port Integer, RDP listening port. Optional, default is 3389
user String, user name (Windows User).
pwd String, password for user name.
domain String, domain name
keyboard Integer, keyboard layout, default is 0x409 (US)
useConsole Boolean, connecting to console session/Admin mode. Default is false.
legacyMode Boolean, connecting to xrdp or VirtualBox RDP
width Integer, screen width of RDP session. Default is 800
height Integer, screen height of RDP session. Default is 600
server_bpp Integer, color depth of RDP session. Default is 16
playSound Integer, Default is 1: Do not play sound; 0: bring sound to local; 2: leave sound on remote computer.
startProgram String, "shell": start a program on connection; "app": start a RemoteApp
command Command for “Start a program on connection (startProgram=shell)”
directory Directory for running command (startProgram=shell)
exe Program or file for RemoteApp (startProgram=app)
args Arguments for RemoteApp (startProgram=app)
background Boolean, default is false, disable background.
smoothfont Boolean, default is false, disable font smoothing.
contents Boolean, default is false, disable full windows drag.
animation Boolean, default is false, disable menu animations.
composition Boolean, default is false, disable desktop composition.
styles Boolean, default is false, disable theming.
mapClipboard Boolean, default is false, disable clipboard rediretioin.
mapPrinter Boolean, default is false, disable printer redirection.
mapDisk Boolean, default is false, disable disk redirection.
touchpad Boolean, default is false, touchpad mode (relative mouse movement, touch interface only).
waWidth Work area width for RemoteApp, Default value is the screen width. You may want to change it if you display app in a iframe.
waHeight Work area height for RemoteApp. Default value is the screen height. You may want to change it if you display app in a iframe.
printer Printer name. You can specify multiple printer names by using “;” as seperator, e.g. “Printer1;Printer2”. The first one will always be the default printer.
useSSL Use WSS (WebSocket secure connection), only used by Rdp2 class.
timezone The client time zone name. Please check the values you can use in rdp.html
loadBalanceInfo Load balance information
vmid Hyper-V VM GUID, For example: B3D5444C-2611-405A-9CA0-7AA8DA94DF0B, it’s for Hyper-V console connection.
minWidth Minimum width, some applications can only work on a minimum resolution
minHeight Minimum height, some applications can only work on a minimum resolution
connectType Connecting type:

CONNECTION_TYPE_MODEM 1
Modem (56 Kbps)

CONNECTION_TYPE_BROADBAND_LOW 2
Low-speed broadband (256 Kbps - 2 Mbps)

CONNECTION_TYPE_SATELLITE 3
Satellite (2 Mbps - 16 Mbps with high latency)

CONNECTION_TYPE_BROADBAND_HIGH 4
High-speed broadband (2 Mbps - 10 Mbps)

CONNECTION_TYPE_WAN 5
WAN (10 Mbps or higher with high latency)

CONNECTION_TYPE_LAN 6
LAN (10 Mbps or higher)

Default value is 5.
shareClipboardId Connections will same shareClipboardId will use shared clipboard on gateway. User can copy anything among these connections
shareClipboard on: enabled shared clipboard, it’s enabled by default if mapClipboard is on.
symlink Id of the created symlink.
sessionRecord 0: no session recording, 1: recording grphic only (no sound), 3 means recording graphic and sound. This can only be configured in pluign
__record_name Recording file name. This can only be configured in pluign before version 4.8.8.
recording on: record session on client side
audioRecord on: enable remote audio recording
pingInterval Seconds for ping
soundPref 0: low quality sound; 1: high quality sound
smartcard on: enable smart card redirection
passwordIsPin Use password as the pin of smart card
name Show the name on the cursor on joined users
mac Computer MAC address for Wake on LAN. Need to enable it in gateway.conf (timeoutWoL)
macIP Network broadcast ip address for WoL.
decompressingRDP61 Enable RDP6.1 compression.
portCheckTimes Gateway will check if the port is open before connecting
portCheckInterval Interval of checking open port in ms.
copyToLocal on: user can copy data to local from remote. It can be used to disable bi-directional copy/paste
copyToRemote on: user can copy data to remote from local. It can be used to disable bi-directional copy/paste
copyTextOnly on: user can only copy plain text.
textPrinter on: redirect a text only printer (for receipts, label printers)
mapCamera Boolean, default is false, enable webcam redirection. Enable it in RDP server with Group Policy: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection > Do not allow supported Plug and Play device redirection: Disabled
scanner Boolean, default is false, enable scanner redirection.
6. – API and Plug-In

6.2.2 – Passing parameters via URL (Connection String)

URL components

❗️ Important

Please use "on" and "off" for Boolean value if you are using URL to pass parameters.

Basically, a RDP connection string consists of the following main components:

[protocol]://[domain]/rdpdirect.html?[parameters]

The parameters are the same as the parameters that can be set in servers.json for each target system. Please note the correct URL encoding (see below)! Link paramters with the ampersand (&). A parameters list can be found here.

Some example parameters can be:

&keyboard=1031
&fullBrowser=Full%20browser
&fullScreen=Full%20screen
&server_bpp=16
&timezone=W.%20Europe%20Standard%20Time
&playSound=0
&soundPref=0
&mapClipboard=on
&mapPrinter=on
&mapDisk=on
&startProgram=noapp
&smoothfont=on

The correct URL encoding:

If characters are to be transmitted as values that have special meaning in the context of a URL, they must be encoded.
Example: name=SparkView Server becomes name=SparkView%20Server.

For correct encoding, an online tool can also be applied for help: https://meyerweb.com/eric/tools/dencoder/.

Example connection string:

A minimal connection string can look like this:

https://mygateway.com/rdpdirect.html?server=192.168.12.55&port=3389&gateway=mygateway.com

Connecting to desktop

var parameters = "server=192.168.0.2&user=admin&pwd=" + encodeURIComponent("&=@#");
//use encodeURIComponent to escape special characters in value
var width = 800, height = 600, server_bpp = 16;
varr = new svGlobal.Rdp("http://" + gateway + "/RDP?" + parameters, width, height, server_bpp);
r.addSurface(new svGlobal.LocalInterface());
r.run();

Connecting to RemoteApp in current window

You only need to add some extra parameters:

parameters += encodeURIComponent("startProgram=app&exe=||EXCEL");

Connecting to RemoteApp in a new window

varparameters = "server=192.168.0.2&user=admin&pwd=" + encodeURIComponent("&=@#");
//use encodeURIComponent to escape special characters in value
parameters += encodeURIComponent("startProgram=app&exe=||EXCEL");
var width = 800, height = 600, server_bpp = 16;
var r = svManager.getInstance(); //try use the existed session.
if (r == null){
  r = new svGlobal.Rdp(protocol + gw + "/RDP?" + s, width, height, server_bpp);
}
var rail = window.open("rail.html");
function onSurfaceReady(surface){
  r.addSurface(surface);
  r.startApp(frmConn["exe"].value, frmConn["args"].value, "");
};
rail.svOnSurfaceReady = onSurfaceReady;
r.run();
6. – API and Plug-In

6.2.3 – Passing parameter via object or cookie

Rdp2 class can be used to replace Rdp class. You can pass a object to Rdp2:

varobj = {gateway: "192.168.0.2", server:"192.168.0.8", user: "user"};
var r = new svGlobal.Rdp2(obj);

Rdp2 class will create an object from cookies if obj is undefined. If value of the document.cookie is "gateway=192.168.0.2;server=192.168.0.8;user=user", Rdp2 will create a object automatically for connection.

6. – API and Plug-In

6.2.4 – Usage of RDP class

Properties:

Name                                                                               Type                           Description
appTimeout Int Close the RemoteApp if no Windows found after this period, default is 800 ms.
displayMsg Boolean If display error or warning message, default is true
reconnectOnResize Boolean If reconnect when resize the browser window, default is true
reconnectTimes Int Automatically reconnecting time,default 0.
sessionTimeout Int Close the session disconnection if no RemoteApp running after this period. Default value is 3000 (3 seconds). You may want to make it longer, so user can use the current session for new RemoteApp.
windowState Int State of RemoteApp main window, 3: always maximized, 0: controlled by user
openLink Boolean Display a web link button when user copy a web link in remote computer, default is true
sessionInfo Object Current session information. Including following properties: sessionId, userName, domain etc.
remoteAppLogin Boolean If display login details when using RemoteApp, default is true
setTitle Boolean If allow client to change browser title, default is true, the browser title will be set as the RDP host name.

Methods:

Name                                                                                                                                                                                                                                                                                                                                                                                                   Description
close() Close current RDP session
exeAppCmd(cmd) Execute command on current RemoteApp, cmd (Int) values:
0xF020: Minimize the window
0xF030: Maximize the window
0xF060: Close the window
0xF100: Display the windo’s system menu
0xF120: Restore the window
mouseDown(x, y, button) Send mouse down to RDP host. X, Y: mouse position, button: which button, same as event.button.
mouseUp(x, y, button) Send mouse up to RDP host.
mouseMove(x, y) Send mouse move to RDP host.
pauseSession(numericId, pause) Pause a session output, pause: true or false. Pause all joined sessions if numericId is 0
running() Check if connected to a RDP session
setAudioBuffer(seconds) Audio buffer size, default is 2.0 seconds
writeKeyCode(down, keyCode) Send browser keyCode to RDP host. “down”: Boolean
writeText(txt, interval, doneCallback) Send Unicode to RDP host. RDP server could ignore some characters if the client is sending them too fast. Please use the optional interval and call back arguments.
writeRawInput(input) Send raw keyboard, mouse events to RDP host. Please use
onactivity event to get the raw input events.
writeKeyComb(keys, interval, doneCallback) Write any key combinations like “Ctrl+Alt+Del”. if interval > 0, every key stroke (down or up) will be sent with delay.
notify(message, sessionIDArray) Send message to other session. sessionIDArray is optional. If sessionIDArray is not given, this will send message to all other joined and main session. If sessionIDArray is provided, it will send message to sessions with the given ID. For example: [id1, id2, id3]. The id can be the 9 digit number id or the GUID.
saveSession(info) This will leave the session open on the gateway, so you can connect to it later from same or different device. For example: saveSession({save: true, timeout:5, id: xxxx}) will leave the session open for 5 minutes on gateway with id xxxx. You can connect to this cached session with the given id. Please check 3.14 for more information about cached session. You can also use plugin to save session. This feature will be disabled if savedSessionTimeout in gateway.conf is 0.
startPing(interval, noResponTime) Start to ping the gateway when the session is idle. Interval: seconds. noResponTime: seconds, time limit for no response. onnoresponse event will be fired if this value reached, default is 0 will never fire onnoresponse event.
setJoinMode(mode) 0: Every one can control; 1: Only one can control; 2: Only one can control (others can move mouse)
setJoinCloseMode(mode) 0: close all joined sessions after initiated session is closed; 1: leave all joined sessions open even initiated session is closed.
writeClipboard(text, type) dp.writeClipboard('Plain text');
rdp.writeClipboard('<h>Header</h>', 'text/html');
var reader = new FileReader();
reader.onloadend = function (e) {
if (e.target.readyState == FileReader.DONE) {
var imgB64 = hi5.Base64.enc(new Uint8Array(e.target.result));
rdp.writeClipboard(imgB64, 'image/png');
}
};
reader.readAsArrayBuffer(blob);
sendKeyboardSynchronize(scroll, numlock, capital) Turn off/on lock key state on remote computer.

Events:

Name                                                                                         Description
onclose(expected) Fired when RDP session is closed. Expected is true if the session is closed by user (log off) or administrators. Please be aware, the Rdp object will be released and cannot be reused after this event.
onerror(error) Fired on an error. Use error.name, error.message to get error details.
onloggedin() Fired when user logged in (It's not supported by xRDP and VirtualBox RDP)
beforeupload(file, path) Fired before uploading a file:

file: File object
path: file absolute path or name if path cannot be obtained.

Return true if it's processed and prevent default behavior happening.
onfileuploaded(fileName) Fired after a file was uploaded
onuploaded() Fired after all files were uploaded
onsessionjoin(appInfo) Fired when a new user joined the session. appInfo has following properties:

numericId: the 9 digit id
__ip: joined user’s hone name or ip address
name: if provided

Return true will override the default behavior.
onsessionexit(sessionInfo) Fired when a joined user existed the session.
Return true will override the default behavior.
ongivecontrol() Fired when current user can control the session.
Return true will override the default behavior.
ontakebackcontrol() Fired when current user cannot control the session anymore
onrequirecontrol() Fired when another require current user to control the session.
onremoteappstart(e) Fired after a RemoteApp was started, you can get the RemoteApp id from e.id which is like:

{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe
onactivity(input) Fired after a client activity was sent to the server (Mouse, keyboard events). Input (string) is the mouse and keyboard event. You can use writeRawInput to send them to the RDP host.
onurlredirection(URL) Fired when an URL was copied on remote computer
ontitlechange(title) Fired when client before change the browser title. You can return a new title in this event.
onsessionstart(sessionInfo) sessionInfo is same as the sessionInfo property
onservercopy(strValue) Fired when copying from remote to local. strValue is in “mimeType;value” format, for example: “text/plain;textCopied”.
onrequestcredential(info) Fired when wrong credential was given and credSSP is enabled on gateway). Return true will override the default behavior. Info object has following properties:

domain: server’s FQDN domain name
nbDomain: server’s NetBIOS domain name
nbComputer: server’s NetBIOS computer name
onprintingready(printJob) Return true will override the default behavior. printJob has following properties:

link: the PDF file link
printerName: target printer name
printerDriver: target printer driver name
onresolutionchange(width, height) Fired when resolution of RDP session changes.
onnoresponse() Need to be used with startPing(interval, missTimes)
onLockKeyState({"capsLock": capsLock, "numLock": numLock, "scrollLock": scrollLock)
6. – API and Plug-In

6.2.5 – Extend RDP: Virtual Channel and Dynamic Virtual Channel

You can create multiple virtual channels and dynamic virtual channels on client side using JavaScript (you can only create one VC before 4.0):

var r = new svGlobal.Rdp(protocol + gw + "/RDP?"+ s, w, h, server_bpp);
var vc = new r.VirtualChannel(); //Use r.DynamicChannel to create a dynamic virtual channel
vc.name = "CUST";
vc.process = function(buffer){
  console.log(buffer.getByte());
  console.log(buffer.getLittleEndian16());
};
vc.onopen = function(){
  var data = new Array(7);
  var rb = new RdpBuffer(data, 0, 7);
  rb.setByte(1);
  rb.setLittleEndian16(345);
  rb.setLittleEndian32(567);
  rb.markEnd();
  vc.send(rb);
};
r.addChannel(vc);

Virtual Channel is used to communicate with RDP host. You also need to write a plugin for the RDP host. Please check followings for more information:

6. – API and Plug-In

6.2.6 – Extend Gateway: Gateway Channel

You can create multiple gateway channels to create a communication layer between client browser and the gateway:

var gvc = new r.GatewayChannel();
gvc.name = "gwc";
gvc.process = function(buffer){
  console.log(buffer.getByte());
  console.log(buffer.getLittleEndian16());
};
gvc.onopen = function(){
  var data = new Array(7);
  var rb = new RdpBuffer(data, 0, 7);
  rb.setByte(3);
  rb.setLittleEndian16(45);
  rb.setLittleEndian32(678);
  rb.markEnd();
  gvc.send(rb);
};
r.addGatewayChannel(gvc);

On gateway side, you class must extend com.toremote.gateway.plugin.AbstractGatewayChannel and register it with the same name using HandlerManager.registerChannel(). Please check the plugin example for more information.

6. – API and Plug-In

6.3 – Plug-ins (server side Java API)

Your plug-in must implement com.toremote.gateway.plugin.ManagerInterface. With the plugin, you can do authentication integration, session querying and reporting, RemoteApp management and RDP virtual channel extensions, player integration, new websocket protocol handler etc. Please download our plugin example project for more information:

http://www.remotespark.com/Plugin.zip

6. – API and Plug-In

6.4 – HTTP Request API (server side)

You can use HTTP request to create server, symlink dynamically if you don't want to write a plug-in.

Create servers on gateway:

http://gatewayAddress/SERVER?id=serverId&displayName=Name&server=hostName&gatewayPwd=pas swordInGateway.conf&...

gatewayPwd is hexadecimal MD5 hash of the password which is configured in gateway.conf. Please check 5.2.1 for other parameters you can use.

http://gatewayAddress/SYMLINK?symlink=symlinkId&server=existingServerId&validTime=20m& gatewayPwd=passwordInGateway.conf&...

You can also use "validFrom", "validTo" parameters. Please check http://www.remotespark.com/view/doc/com/toremote/gateway/connection/SymLink.html for more information.

To delete a server or symlink, add "&action=delete" to the URL; To update a server or symlnk, add "&action=update" to the URL.

HTTP request will return status code 200 if operation succeeded, 500 if operation failed.

For more details, please check the Integration Guide.

Appendices

Appendices

Appendix A – Shortcut keys

Appendices

Appendix B – Browser support

Browser Minimum version Comments
Mozilla Firefox 11.0 Audio redirection: 51
Google Chrome 16.0 (Desktop), 18.0 (Android) Audio redirection: 49
Apple Safari (Desktop and iOS) 6.0 Audio redirection: 10 (recording is not supported)
Internet Explorer 10.0 Audio redirection: Flash player (recording is not supported)
Opera 12.0 Audio redirection: 43
Edge 14.0 Audio redirection: 14.0
Appendices

Appendix C – EchoHandler and network check

There is an EchoHandler on the gateway which can be used to check network connectivity and latency. Please check the NetworkChecker tool in rdp.page.js. This can be used to check the network latency between browser and gateway.

Appendices

Appendix D – configuration example for nginx

server {
  listen 80;
  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://192.168.8.2;
  }
  location ~ /LIST|/RDP|/VNC|/LOGIN|/GATEWAY|/PLAY|/CONF|/JOIN|/SSH|/TELNET|/ECHO {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://192.168.8.2;
    proxy_buffering off;
    tcp_nodelay on;
  }
}
Appendices

Appendix E – configuration example for Apache Proxy

<VirtualHost *:443>
  ServerName spark.gateway.com
  DocumentRoot C:/Apache24/htdocs/reverseproxy
  RequestHeader unset Accept-Encoding
  Header Set MCOE-Gateway "spark.gateway.v1"
  
  Header set Content-Security-Policy-Report-Only "default-src https://spark.gateway.com; \
    script-src https: 'unsafe-inline'; \
    style-src https: 'unsafe-inline'; \
    img-src data: https://spark.gateway.com; \
    connect-src wss: https://spark.gateway.com; \
    report-uri https://myserver.com/csp-report-master/report.php;"
    
  CustomLog "c:/apache24/logs/spark_access.log" common
  ErrorLog "c:/apache24/logs/spark_error.log"
  
  SSLEngine on
  SSLProxyEngine On
  SSLProtocol ALL -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:  RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
  
  SSLCACertificateFile "c:/sslcerts/startcom.crt"
  SSLCertificateFile "c:/sslcerts/spark.gateway.com.crt"
  SSLCertificateKeyFile "c:/sslcerts/private.key"
  
  ProxyRequests Off
  ProxyPreserveHost Off
  ProxyHTMLEnable On
  ProxyHTMLExtended On
  ProxyHTMLCharsetOut UTF-8
  SetOutputFilter INFLATE;proxy-html;DEFLATE
  
  # For SparkView WebSocket
  ProxyPass "/LIST" "wss://internal.spark.gateway/LIST"
  ProxyPass "/RDP" "wss://internal.spark.gateway/RDP"
  ProxyPass "/GATEWAY" "wss://internal.spark.gateway/GATEWAY"
  ProxyPass "/CONF" "wss://internal.spark.gateway/CONF"
  ProxyPass "/LOGIN" "wss://internal.spark.gateway/LOGIN"
  
  ProxyPassReverse "/LIST" "wss://internal.spark.gateway/LIST"
  ProxyPassReverse "/RDP" "wss://internal.spark.gateway/RDP"
  ProxyPassReverse "/GATEWAY" "wss://internal.spark.gateway/GATEWAY"
  ProxyPassReverse "/CONF" "wss://internal.spark.gateway/CONF"
  ProxyPassReverse "/LOGIN" "wss://internal.spark.gateway/LOGIN"
  
  ProxyPass / https://internal.spark.gateway/
  ProxyPass / wss://internal.spark.gateway/
  
  ProxyPassReverse / https://internal.spark.gateway/
  ProxyPassReverse / wss://internal.spark.gateway/
</VirtualHost>

Must work with mod_proxy and mod_proxy_wstunnel.

Appendices

Appendix F – configuration for Juniper, Cisco, Dell etc SSL VPN

It's very easy if the VPN supports WebSocket. You just need to create a web application resource profile (bookmark) or application offloading and specify the URL of the gateway.

Make sure you update SparkView to 4.8.6 or later which improved the compatibility of SSL VPN.

You can enable HTTP Basic Authentication in SparkView for VPN SSO integration (set authorization = Basic in gateway.conf).

SparkView also supports HTTP Post integration. Please specify your URL as http://yourGateway/CONNECT. Please also check html\examplePost.html for reference.

Appendices

Appendix G – SMB path

SMB Path can also be used for recording, drive redirection etc., for example:

recdir = smb://domain;username:password@sparkcloud/ShareName/path
tmpdir = smb://domain;username:password@sparkcloud/ShareName/path

Variables can also be used in drive direction path (tmpdir):

tmpdir = smb://${domain};${user}:${pwd}@sparkcloud/ShareName/path

Appendices

Appendix H – Ping

You can enable Ping on client side by setting pingInterval (seconds) parameter, or use rdp.startPing(interval). The client will only send ping package when the session is idle.

This is helpful if there is idle timeout configuration in user’s environment (routers, firewall, proxy etc). The client can also immediately notice a network disconnection.

Appendices

Appendix I – TrustStore

When you RDP server or VNC server are using TLS encryption. You can allow user connect to trusted server only:

Appendices

Appendix J – Features

Feature list for the different versions of SparkView:

Community Professional Enterprise
Explore SparkView For SMEs and institutions For highly scalable solutions
# of concurrent connections 2 unlimited unlimited
RDP audio redirection
Clipboard redirection
RDP multi monitor
RDP printer redirection
SSH/SFTP
Wake on LAN (WoL)
Network Level Authentication (NLA)
Active Directory/LDAP/Radius
RDP RemoteApp
RDP microphone redirection
RDP camera redirection
RDP drive redirection
RDP scanner redirection
RDP smart card redirection
RDP USB redirection
HTTP Proxy
RemoteFX
Session Shadowing
Telnet
VNC
Two-factor authentication
Burst license
RDP Hyper-V console
Monitoring dashboard
SAML/OAuth2
Session Recording
VMWare Console
RDP Native Shadowing/Remote Assistant
SMB2 File Proxy
SNMP
Syslog

For more information on pricing, please visit our distributor's product page.

Quick Support

Quick Support

1. – Configure correct log files

Log files are essential in identifying errors and fixing them.

To create log files with all the necessary information, please proceed as follows:

  1. Delete all existing log files in the log directory (usually under .../[installation directory]/logs).
  2. Set the log level to the fine setting (entry in the gateway.conf file: log.level = FINE)
  3. Reproduce the error
  4. Save the newly created gateway.log file

🛟 Do you need support?

Create a ticket at any time to get the fastest possible support from beyond SSL at helpdesk.beyondssl.com.

Quick Support

2. – Get correct browser console output

The browser console output can get helpful troubleshooting information.

Please note in advance that this help is based on the Google Chrome browser. In principle, the steps are also possible in other browsers, but may differ from the usability.

Get the browser console output:

  1. Open a new browser window
  2. Open the console in the developer tools:
    • Windows: Ctrl + Shift + J
    • Mac: Cmd + Option + J
  3. Enable the "Preserve log upon navigation" function
    • Click on the upper cogwheel in the upper right corner
      SCR-20230313-mwmy.png
    • Activate the "Preserve log upon navigation" function
      SCR-20230313-mwyl.png
  4. Navigate in the browser to the page/place where the error occurs
  5. Reproduce the error
  6. Export the output of the browser console
    • Right-click in the output window
    • Save as ...
    • → Save

🛟 Do you need support?

Create a ticket at any time to get the fastest possible support from beyond SSL at helpdesk.beyondssl.com.