In XXX FusionAccess Project delivery, customer have IBM Notes mail system that uses iKey 2032 USB stick as smart card that authenticates the user trying to open the IBM Notes on PC and he wants to deliver the same function on TC.
When customer to open the IBM Notes mail application he should do the following:
1) Insert the iKey2032 USB Stick in the PC/laptop
2) Enter the right password
In the project the delivered version was FusionAccess V1R3 which is based on Citrix XenDesktop 5.6 software and the ICA (Independent Computing Architecture) Protocol. One of the advantages of the Citrix ICA Protocol is that it can control dozens of ICA session parameters like Bandwidth, Video performance and deices to be redirected from Client to Virtual machine.
This document covers the configuration needed to fulfill the customer requirement about the iKey2032 operation with the IBM Lotus Notes mail software.
Generally for USB devices, using Linux TC or Windows TC is the same because the driver of the USB mass storage stick is automatically installed on the OS Linux or Windows after inserting the USB, but using iKey2032 is a little different because we need the iKey which is a USB device to be redirected into the VM not as a USB device but as a smart reader token. This is why we should use a Windows TC and install on the Windows the Appropriate 32 bit driver.
1) Get the VID and PID of the iKey by inserting it in your laptop and they is many software that can read the USB parameters such as USB View.. check picture below
2) Use a Windows TC and install the iKey2032 32 bit driver on it and verify that it can be recognized as a token. You can verify if the iKey 2032 is recognized as a token from the driver software. In this case customer have SafeNet iKey driver software, after insert the iKey USB stick if it can managed by the driver and the its ID appears, this means it is recognized as a token.
3) Open DDC Desktop Studio HDX Policies and create a new policy that allows the USB device with VID and PID you already got and closes anything else (In case you want to close MASS Storage USB)
Allow: VID=04B9 PID=1202; Deny:
Apply this policy to the required users.
4) On the VM, open the registry in the path HKEY_LOCAL_MACHINE SOFTWARE Wow6432Node Citrix PortICA GenericUSB and edit the string values as following..
Add in the first line before the DENY statements..
Allow: vid=04B9 pid=1202
5) Restart the VM to ensure it got the latest configured policy and you can verify the USB policy active on the VM from the registry in the path HKEY_LOCAL_MACHINE SOFTWARE Policies Citrix 1 User VCPolicies
6) Install the SafeNet driver on the VM and verify if the iKey can be recognized as a token on the VM too..
7) If yes proceed in the IBM Lotus Notes mail setup and bind the iKey with the mail (IBM installation steps).. After IBM Notes setup is finished, you will be able to use the mail only after inserting the iKey in the TC and type the correct password..
You are requested to type the password..
After Entering the right password you can login to IBM Notes mail..
8) If you unplug the iKey the Notes mail you log the user out and you will notice the message in the notification area saying “A Token has been disconnected”