REMOTE MANAGEMENT


A huge milestone has been accomplished in Porteus Kiosk version 3.3.0: it is possible to centrally manage all your kiosks from a single configuration file stored on the network!

Up until now the kiosk config (presented on the final configuration page in the kiosk wizard) was always embedded in the ISO and burnt on the hard drive/usb stick during system installation. The main advantage of this approach is that system configuration file gets encrypted and stored in a safe, read-only place. Nobody can access it so the kiosk can be exposed on a public netowrk without fear of adverse manipulation.

Such a feature works really well but there are cases where a more flexible solution is needed.

In Porteus Kiosk 3.3.0 we have introduced a new feature which lets you choose how your kiosk config will be handled. You may decide if you want the system settings to be stored in the ISO itself (default action) or downloaded from remote location during each system boot. If you prefer to keep the config on your server then you have to activate a certain option in the wizard and provide a URL pointing to the remote kiosk configuration file.

Contents:

Requirements

Advantages

Setup procedure

Remote Management FAQ

Sample scenarios

More complicated scenarios

Nested configurations

Requirements

a) Web server (http or ftp) which is able to host a plain text file.

UPDATE: Since version 4.1 kiosk configs can be stored directly on the Porteus Kiosk Server. From security point of view its highly recommended to use our Server for remote management tasks.

b) When doing manual edits to the config please make sure it's saved with ANSI or UTF-8 encoding as UTF-16 (sometimes called "Unicode") is not supported in the kiosk.

c) All parameters in the config must be pleaced on new lines and aligned to the left to be recognized by the system.

d) The parameter value (even if it's long e.g. whitelist) must be placed on the same line as the parameter. Line wrapping is not supported.

e) You can add comments to your config on a new line and proceed them with a hash, e.g.

    # First comment

    parameter_one=value1

    # Second comment

    parameter_two=value2


WARNING: comments should not be added to the same line as the parameter as they will be treated as part of it.


f) If you double parameters in the config then only first one will be processed by the system:

    homepage=https://kernel.org

    browser_idle=5

    # This one will be ignored:

    homepage=http://google.com


g) 'kiosk_config=' parameter must be present in your remote config to keep remote management active after system reconfiguration. Sample for web hosted configs:

    kiosk_config=http://domain.com/files/kiosks.txt

and for configs hosted on Porteus Kiosk Server:

    kiosk_config=server://kiosks.txt


h) Optional: SSL + username/password as protection for accessing the config (does not apply to configs stored on Porteus Kiosk Server). Text file containing the kiosk settings will be kept in an unencrypted form (this way you can edit it easily) so it should be secured using web based techniques. You have the opportunity to decide which ones:





Advantages

  • You can manage all your kiosks (5, 30, 100+) from a single configuration file stored on your server.
  • You have the possibility of dividing your kiosks into groups by assigning them different configs (config-A, config-B).
  • There is no need to reinstall the kiosk manually or go through the kiosk wizard anymore. Simply update the remote config and reboot the kiosk so it can download the new parameters during boot.
  • It's possible to rebuild the kiosk config entirely (change networking/proxy, browser and system settings, power saving options, etc ...) so you can easily switch the kiosk profile from for example 'web access PC' to 'digital signage' station.
  • You are able to add/remove additional system components like java, flash, ssh, printing, etc but please mind that the system must be able to access the porteus-kiosk.org website to in order to download additional components.
  • When your kiosks are signed to the 'automatic updates' service then you can take advantage of new functions as soon as they appear in the automatic updates channel. All you have to do is edit the remote config and add a newly introduced parameter to it. If the PC is not signed to 'automatic updates' then you can only edit existing parameters offered by a certain kiosk release.
  • You can frequently update essential system settings like ssh/vnc/proxy passwords (e.g. once a day or week) to improve kiosk security.


  • Setup procedure

    a) boot Porteus Kiosk installation ISO on the target PC

    b) setup network then select 'Launch wizard to create new configuration' on the initial wizard screen

    b) enable 'Remote kiosk management' in the wizard options and provide URL to the place where your config will be stored

    c) select other kiosk options as you like

    d) on the final configuration page in the wizard take a copy the config and send it to your email address or save on removable media

    e) save the config on some hosting server as a plain text file preserving correct URL provided in the wizard

    f) install kiosk and check that it's able to download the config from the network during first boot


    Configuration of additional kiosks:

    a) boot Porteus Kiosk on the target PC

    b) setup the network then select 'Point kiosk to existing remote configuration' on the initial wizard screen and provide URL to the config which is saved already on your server

    c) install the kiosk

    Remote Management FAQ


    In which situations is remote management is useful?

  • when you are planning to deploy and centrally manage a significant number of kiosks
  • when there is a need to frequently update various kiosk settings like: homepage, wallpaper, ssh password, etc ...
  • when kiosks are located in a remote location and accessing them physically for reinstallation would be troublesome

  • In which situations should this feature NOT be activated?

  • when your kiosk configuration rarely changes
  • when kiosks are placed in an offline location without internet/intranet access
  • when you have no possibility of maintaining a web server which would provide a safe place for the kiosk configs (in some cases 3rd party services like dropbox.com could be used for storing the configs).

  • How do I know which parameters are responsible for certain kiosk functions?

    A full list of currently supported kiosk parameters can be found here. If you need to make broad modifications to the kiosk config it's recommended to run the Kiosk Wizard and use it as a helper to generate your preferred kiosk settings.


    What happens if the remote config isn't available when the kiosk PC boots?

    The system defaults to the last downloaded configuration and displays notification that the remote config was not accessible.


    What does a remote kiosk config look like?

    A remote kiosk config looks exactly the same as a normal config except for the 'kiosk_config=http://domain.com/path/config-A.txt' parameter which must be present.


    I have 10 kiosks assigned to config A and 10 other machines assigned to config B. Is it possible to move 5 kiosks from group A to group B?

    Yes. Please edit remote config-A and change 'kiosk_config=http://domain.com/path/config-A.txt' parameter to 'kiosk_config=http://domain.com/path/config-B.txt' then reboot your 5 PCs. After reconfiguration they will be assigned to config-B.txt so please revert the changes made to config-A (it should point to itself again).


    Can I have each PC assigned to a different config?

    It's totally up to you if you want manage a group of kiosks from one config or prefer to control every unit separately by using different configs.

    Sample scenarios


    REMINDER: After performing an update to the remote config, the kiosk PC must be rebooted so it can reconfigure itself.


    1) There is a need to change the wallpaper in kiosk which would display a new company logo.

    In this case simply update the existing 'wallpaper=' parameter with the new URL:

      wallpaper=http://domain.com/new-image.png

    2) You are running digital signage business and need to update the kiosk homepage every week.

    You have to update 'homepage=' parameter in the kiosk config:

      homepage=http://domain.com/new_link.html

    3) Wifi networking started misbehaving and you need to enable debug mode to generate a system report and call Porteus Kiosk support for help.

    You have to add 'debug=yes' parameter to the config and reboot the PC. Once a system report is handed over to us you can remove 'debug=yes' and during next boot the kiosk will return to its default state.


    4) Your website stopped using flash in favor of a html5 solution and you want to get rid of the flash player component from the kiosk setup.

    You need to update the 'additional_components=' parameter and remove 05-flash.xzm from it. After a reboot the kiosk will reconfigure itself and delete the unwanted module.

    More complicated scenarios


    WARNING: Be careful when changing networking/proxy settings. If something goes wrong then you may loose the control over the kiosk and manual reinstallation will be necessary.


    REMINDER: Please use the Kiosk Wizard to generate new configs when broader changes are required.


    1) Your company bought a printer and you need to add support for it to the kiosk system.

    The following parameters must be added to the config:

      root_password=some_password

      additional_components=existing_components.xzm 10-printing.xzm

      printer_model=some_model

      printer_connection=lpd:/ip_address/queue


    2) The kiosk is installed in an organization where security is a top priority. You need to preserve the ability to login to the kiosk through ssh for system monitoring purposes.

    Best way to handle this would be to setup a scheduled task on your server (e.g. by using cron in Linux) and update the kiosk config file with randomly generated passwords every day. During each boot the kiosk would reconfigure itself with a new password and you can login to it using the last password saved in your remote config file.


    3) You need to move the kiosk to new place where only wireless networking is available.

    In this case you need to replace relevant network settings in the config.


    Old settings:

      connection=wired

      network_interface=eth0

      dhcp=yes


    New settings:

      connection=wifi

      network_interface=wlan0

      dhcp=yes

      wifi_encryption=wpa

      wpa_password=some_password

      ssid_name=AP_name


    Warning: it is necessary to reconfigure the kiosk with new settings when still using the wired connection. Once this is done you can move the PC to a new place so it can start using the wireless connection.


    4) Your website has been updated and contains videos encoded with a codec which Firefox can not handle natively but Google Chrome can.

    Since verion 3.4.0 of Porteus Kiosk it is possible to swap the browser between Mozilla Firefox and Google Chrome. In order to exchange the browser you need to add/edit following parameter to your config:


    Old setting:

      browser=firefox

    New setting:

      browser=chrome

    Warning: Google Chrome does not support functions which are marked as *Firefox only* in the wizard. Please run the wizard to find out which functions (kiosk parameters) are not compatible with Chrome browser.

    Nested configurations


    WARNING: This section is for advanced users only. If you are having problems with nested configurations then please use separate configs for each kiosk which needs to be configured with different parameters.


    Since version 3.5.0 of Porteus Kiosk it's possible to use one remote config for all your kiosks even if their configuration is different. The main advantage is that in case of making configuration changes you need to edit a single file instead of multiple ones and also have a clear view which settings apply to which kiosks.


    Requirements and rules:

    a) You must create a [[ GLOBAL ]] section in your config containing parameters which apply to all kiosks. If the [[ GLOBAL ]] string is not present in the config then nested configrations won't work.

    b) For each kiosk with different parameters you must create a [[ PCID ]] section in the config. Porteus Kiosk FAQ explains how to find the PC identification number at this link.

    c) Parameters in the [[ PCID ]] section are parsed until empty line.

    d) Parameters from the [[ PCID ]] section take priority over parameters included in the [[ GLOBAL ]] section.

    e) If PC IDs are pleaced one under another then defined parameters apply to each of them.

    f) Letters in the PCID string must be capital.


    Sample config with nested configurations enabled:


      [[ GLOBAL ]]

      kiosk_config=http://192.168.1.15/config.txt

      connection=wired

      dhcp=yes

      browser=firefox

      homepage=https://kernel.org

      root_password=toor

      additional_components=05-flash.xzm 08-ssh.xzm


      #Louisville 1

      [[ B-51-32D-29-37 ]]

      homepage=https://domain.com

      wallpaper=http://porteus-kiosk.org/public/wallpapers/sample.jpg


      #Kent 1, 2, 3

      [[ 0-7C-7D7-1E-20 ]]

      [[ 0-71-EF9-C8-20 ]]

      [[ 0-74-EF5-C3-23 ]]

      browser=chrome

      homepage=https://www.google.ie

      additional_components=08-ssh.xzm


    Explanation:

    All kiosks have the same configuration definied in the [[ GLOBAL ]] section of the config:

    - wired connection with dhcp enabled

    - homepage set to kernel.org

    - Adoble Flash player and ssh access enabled


    Kiosk with ID: B-51-32D-29-37 uses different homepage and wallpaper.


    Kiosks with ID: 0-7C-7D7-1E-20, 0-71-EF9-C8-20 and 0-74-EF5-C3-23:

    - use Chrome browser instead of Firefox

    - have the homepage set to google.ie

    - only ssh component is activated (Chrome has Pepper flash embedded so Adoble Flash is not necessary)


    Example of incorrectly created kiosk config:


    1. __[[ GLOBAL ]]
    2. connection=wired
    3. dhcp=yes
    4. browser=firefox
    5. homepage=https://kernel.org
    6. root_password=toor
    7. additional_components=05-flash.xzm 08-ssh.xzm
    8. [[ B-51-32D-29-37 ]]
    9. homepage=https://domain.com # Some comment here
    10. wallpaper=http://porteus-kiosk.org/public/wallpapers/sample.jpg
    11. [[ 0-7c-7d7-1e-20 ]]
    12. [[ 0-71-EF9-C8-20 ]]
    13. [[ 0-74-EF5-C3-23 ]]
    14. browser=chrome
    15. homepage=https://www.google.ie
    16. additional_components=08-ssh.xzm

    Explanation:

    - '[[ GLOBAL ]]' string is not aligned to the left

    - 'kiosk_config=' parameter is missing

    - line 10 has a comment which is placed on the same line as the 'homepage=' parameter (comment will be treated as part of the parameter)

    - line number 11 is empty and will cause that 'wallpaper=' parameter to be ignored (parameters in the PC ID section are parsed until empty line)

    - line number 14 has PCID with lower case letters - this kiosk wont be recognized


    Please take advantage of this feature and provide feedback necessary for improving it.