Screensavers in NoTouch can be used to enhance the end user experience as well as adding a layer of security
Contents
Introduction
A screen saver is a software module that blanks a screen after a certain amount of user inactivity time. Historically, screensavers were also used to draw random patterns or beautiful artwork to prevent burn-in on CRT tubes. Nowadays most people prefer a blank screen which saves CPU power consumption. When the user returns, the screen saver would disappear upon key press or mouse movement.
By employing the VESA DPMS mechanisms, a screensaver may not just blank out the screen by making pixels black - it can also tell the monitor to go to sleep, saving electrical power.
Screen savers that ask for and check password before disappearing are also called locking screen saver or screen locker, if the locking has become their main purpose.
NoTouch supports both blanking (including DPMS) and locking. In fact, VESA DPMS screen blanking is enabled by default with a timeout of 10 minutes. That means if your users leave endpoints on in the night, you will save energy without having to configure anything.
VDI/Remote Desktop screen lock considerations
On any local desktop, be it a Windows PC, Mac or Desktop Linux distribution, a user has to log in before being able to use the system. If the screen gets locked, the local operating system will simply ask for these credentials - username, password and maybe domain - again before unlocking the screen.
In a Thin Client scenario, the user does not authenticate to the local operating system, in our case NoTouch OS, but rather to the connection broker client, e.g. Citrix Receiver, VMware Horizon View client, RDP client, and in consequence to the server-side VDI desktop. Even with username and password being typed in locally, NoTouch will in most case not have access to these data, as the mentioned third-party programs do not share this data with the operating system.
Second, a NoTouch desktop may start multiple connections to multiple servers used by multiple users. Imagine a scenario where one person asks the other, "May I just use this terminal?", and subsequently opens a new connection with his/her own credentials. Now imagine both users walk away for some time and the screen lock should be started. When somebody comes back, which credentials would unlock the screen? Each of the two? The first one, because he "owns" the terminal? The second user's, because he/she had more recent activity? Or none of them, instead a per-machine password that everybody knows (uh!) or nobody knows?
Having said that, in a VDI world locking a screen involves more thoughts than in a plain PC world. However, NoTouch offers some a simple-yet-effective solution: If, in a VDI scenario, a server connection is disconnected, the user can easily reconnect at any time, from any machine and will find the session exactly as it was before disconnecting. There is no performance penalty.
NoTouch approach
NoTouch allows you to blank the screen with or without VESA DPMS, and it allows to disconnect server connections after a certain amount of inactivity time. It also allows to provide a "Lock desktop" icon to users so that they can issue the lock immediately without actually having to wait for the inactivity timeout.
When the inactivity period is over, server sessions will be disconnected and the local system will be free from cached user credentials, thus it will be safe for the user to leave the desktop. When the user returns, he/she can immediately resume to work by starting the session again, a reconnect to the existing session will be done automatically after entering user credentials with all VDI sessions (except Mozilla Firefox which is stateless by default).
With that approach, NoTouch offers perfect screensaving and -locking capability and does not have to compromise security by wiretapping user credential input and storing them locally.
Screensaver/locker parameters
You will find the parameters on the client OS under "Display" -> "Screensaver". In NoTouch Center, these are found in the "Desktop" parameters of a group or client.
Screen blanking
The "Screensaver" parameter contains the time in minutes when the screen should go blank. The "DPMS Off time" parameter contains the time in minutes after that the monitor should be turned in sleep mode by VESA DPMS signaling. Both parameters are set to 10 minutes by default.
Set it to 0 to disable screen blanking at all.
Screen locking
The main parameter controlling screen locking is "Lock action". It can have these values:
- "No action". This is the default. Screen locking is disabled.
- "Close all sessions". This will disconnect all server connections including local web browser after the an idle time in minutes that is given in the "Lock time" parameter.
- "Close ICA sessions". This will disconnect all Citrix ICA sessions of the Citrix/Program Neighborhood connection mode after the an idle time in minutes that is given in the "Lock time" parameter. See Citrix Receiver configuration for details on that mode.
- "Command". A custom shell command will be executed after the an idle time in minutes that is given in the "Lock time" parameter. The custom command is
As described above, the parameter "Lock time" holds the actual inactivity time in minutes - after that time without user activity (key presses and mouse movements) the lock action will "fire".
The "Lock command" parameter can hold a custom Linux shell command. It will only be used when the Lock action is set to "Command".
Lock icon
If the parameter "Show lock icon" is set to "on", an icon will be shown on desktop and in the local start menu that will allow the user to instantly execute the lock action (see above) without having to wait for the inactivity timeout.
The parameter "Lock icon label" allows to set a custom label/description for this lock icon. The default value of this parameter is empty, which would result e.g. in "Lock desktop". You may want to put a descriptive label in your local language in here.
Slideshow screensaver
NoTouch systems (from 2.38 on) can display a slideshow of images as screensaver. The concept is that the images - in JPG format - are placed in a ZIP file on a web server. NoTouch endpoints will, if the feature is activated, download the ZIP file and then display it. Certain parameters allow to fine-tune the way the slideshow is displayed.
You will find several parameters under "Desktop" in NoTouch Center regarding slideshow operation. Working directly on the client, navigate to Display/Screensaver/Slideshow.
- Show slideshow. This is the master switch and will activate or deactivate the slideshow
- ZIP file URL. The fully qualified URL to the ZIP file containing the individual images (in JPG format)
- Activation timeout. The time in minutes when the slideshow should be started.
- Show next image delay. The time in seconds when the next image should be shown (in other words, how long one image should stay on the screen).
- Background color. The screen background color as an RGB triplet, separated by commas. 0,0,0 means Black - 1,1,1 means White.
If you do not have a web server to store the ZIP file available, there is a simple solution: You can use the Stratodesk Virtual Appliance as a webserver: Hosting files (VA)