Feb 24, 2017

VDI and Remote Desktop Solutions for Chromebook

Companies are increasingly introducing or reviewing thin clients, Virtual Desktop Infrastructure (VDI), and Desktop as a Service (Daas) solutions to enhance security and maintain Windows-based legacy applications.
Computers reviewed as thin clients or zero clients are Windows-based thin clients and dedicated OS-based zero clients. These devices are more secure, but less usable (eg, laptop that can be carried around outside the company), and the cost of managing these devices is as high as a regular PC.
The dilemma of thin client adoption is that it is highly secure but not as cheap as you might think. One of the disadvantages is that the thin client of Windows OS or the zero client based on proprietary OS are not utilized very much. (In some cases, a corporate VPN connection may not be possible with a dedicated OS-based zero client solution.) In addition, some companies are demanding that they can work in an offline environment that does not have an Internet connection.
Chromebooks are emerging as new computers that solve this dilemma. Google is announcing a partnership with Citrix and VMware to connect VDI technologies to Chromebook. In addition, each solution-specific remote access app for Chromebook is already available in the Chrome Web Store.

Citrix Solution

Citrix Receiver is client software provided by Citrix. Supports remote access of Windows applications through XenDesktop and XenApp installed on Windows server or desktop. Allows access to applications, desktops, and data from any device, including Chromebook, smartphones, tablets, PCs, and Macs.
This is the screen to access the remote virtual window desktop through Citrix Receiver for Chromebook.

VMware Horizon Client Solution

Windows virtual desktop access via VMware Horizon for Chromebook

Remote Desktop Access Solution - Ericom AccessNow

Ericom has long since developed HTML5-based solutions to connect remote desktops or Windows servers (HTML5-based) without any S/W installed on Chromebook. Many schools and businesses also use it.
Remote Windows server access via Ericom's AccessNow on Chromebook
Example of creating a web page for remote Windows app access using Ericom portal page function

Google's Chrome Remote Desktop Program

Google's free app for Chrome. You can install it for free from the Chrome Web Store.
It is a module that enables mutual remote connection between computers with Chrome browser installed (Windows, Mac, Linux, Smartphone).

Chromebook users can access the Windows desktop to work remotely.

It has two functions.

1). Remote Assistance
  • It is mainly for use when you need to connect to a remote computer to support it.
  • On the other computer, click on "Share" after running Chrome Remote Desktop and pass the access code value to connect using this code value.

2). My Computer
  • You can access remotely My Computer as My Account and connect remotely when needed.
  • When registering my computer, I need to register my PIN number and enter this PIN number when connecting from a remote location.

Remote desktop access to Windows desktop using Chrome desktop module on Chromebook.

For more information for Chrome (Chromebook) Device Management- Author:Advanced Chrome Device Management - Kindle edition  - Paperback/Kindle Edition)

Feb 21, 2017

How to Manage Android apps on Chromebook by Admin Console of G Suite

How to Manage Android apps on Chrome (beta)

Now, you can manage Android apps on Chromebook by an administrator of G Suite or G Suite for Educaion.

Here is the information on how to manage Anroid apps on Chromebook in Admin console.

As an administrator, you can force-install or decide which Android apps users can install on their managed Chrome devices. Users can’t automatically install Android apps. First, you need to enable Android apps for Chrome devices in your domain and approve apps.
If you’re a Chrome for business customer, the managed Google Play Store is available for these Chromebooks using Chrome OS version 53 and later. For Chrome for education, the managed Google Play Store is supported on Chrome OS version 56 and later.
Before you begin
Enable Android apps on Chrome OS for you domain
Android apps on Chrome OS use the Android and Google Play management framework.
If you enable Android apps and the domain already has an Android for business subscription that uses a third party Enterprise Mobility Manager (EMM) (such as VMware AirWatch® or MobileIron), then the existing subscription and EMM combination is used, but other aspects of managing Android apps on Chrome OS are managed through the Google Admin Console.
If you enable Android apps and the domain doesn’t have an Android for business subscription, one is created automatically and Google Device Manager is selected as the EMM.
1.     Sign in to the Google Admin console.
2.     Click Device management.
3.     On the left, click Chrome management.
4.     Click Android application settings.
5.     Select Enable Android applications to be managed through the Admin Console.
You must be a domain administrator to enable this option.
6.     (Optional) Click Billing. Verify that an Android management subscription appears on the billing page.
7.     (Optional) Click Security > Manage EMM provider for Android. Verify that Google Device Manager is listed as your EMM provider. If you already have Google Mobile Management or a third party EMM as your EMM provider, then that provider will be listed, even though Android Apps on Chrome have been enabled.
Note: Enabling Android apps on Chrome OS for your domain does not automatically enable it for individual users. To give users access to the apps you must also enable the apps for organizational units.

Install Android apps on Chrome devices
1.     Sign in to the Google Admin console.
2.     Click Device management nd then Chrome management nd then App management.
3.     Use the App Type filter setting to display Android Apps.
4.     Use the Type filter setting to display My Configured Apps or Approved Android Apps.
5.     Click dd Approve Android Apps.
6.     Search for, and click the app you’d like to approve.
7.     Click Approve.
8.     To accept the app permissions on behalf of your organization, click Approve.
9.     Click Ok.
You can also approve apps in managed Google Play.
1.     Sign in to managed Google Play, using a managed Google Play administrator account.
2.     Search for, and click the app you’d like to approve.
3.     Click Approve.
4.     To accept the app permissions on behalf of your organization, click Approve.
5.     Click Ok.
6.     (Optional) To view a list of all approved apps for your organization, click My company apps from the Apps menu.
The Google Play for business help center contains detailed information on how to manage apps and app licenses for use in your organization.
You can specify the type of installation available for each of your approved apps. You can create a subset of apps that users can choose to install, and also create a different subset of apps that the system automatically installs for every user in the organizational unit.
Force the installation of approved apps
From the list of apps you approved in managed Google Play, you can choose a subset that the system automatically installs for every user in the organizational unit. When the user logs into the device, the system automatically starts to download these apps.
Note: This policy is independent of any other Android phone or tablet policy you have in place with a third-party EMM. That means that you can have one set of apps configured to force-install on your Android phones and tablets using a third party EMM, and a different set of apps configured to force-install on Chromebooks using the Admin Console.
1.     Sign in to the Google Admin console.
2.     Click Apps.
3.     Click Additional Google services.
4.     Click Chrome management.
5.     Click App Management.
6.     On the left, select Android Apps from the App Type filter menu.
7.     Click the app you want to configure.
8.     Click User settings.
9.     On the left, select the relevant OU from the Orgs tree.
10.   Turn on Force installation.
11.   Turn on Pin to taskbar.
12.   Click Save.
Note: While the apps are being downloaded, the user can see a STOP button. If they press it the download is stopped. Another attempt at installation is made at the next login and install attempts will continue until the apps are successfully installed or until the app is no longer part of the list of apps that are force-installed.

Allow the installation of approved apps
If you don’t want to force the installation of apps you can create a list of apps that your users can voluntarily choose to install. The apps must be selected from the apps that you have approved in managed Google Play.
Note: If your organization is using a third-party EMM to manage Android phones or tablets, this option is not available to you. If the EMM has joined managed Google Play, the user sees the store layout as designed by the EMM in the managed Google Play store on their Chromebook.
If the EMM has not joined managed Google Play, the user sees an empty managed Google Play store on their Chromebook, and the only way for them to get Android apps is to configure the forced installation of approved apps.
1.     Sign in to the Google Admin console.
2.     Click Apps.
3.     Click Additional Google services.
4.     Click Chrome management.
5.     Click App Management.
6.     On the left, select Android Apps from the App Type filter menu.
7.     Click the app you want to configure.
8.     Click User settings.
9.     On the left, select the relevant OU from the Orgs tree.
10.   Turn on Allow installation.
11.   Click Save.
Apps configured to allow installation, appear in the Store home section of the managed Google Play store on the users’ dev
Before you let Google Play Store be installed on Chrome devices, make sure you’ve approved and configured apps for users. Otherwise, they might see an empty Google Play Store on their device.
1.     Sign in to the Google Admin console.
2.     Click Device management.
3.     On the left, click Chrome management.
4.     Click User Settings.
5.     On the left, select the organization to which you want to apply the settings. Learn more.
6.     Go to the Android applications section, select Allow from the Android applications on Chrome Devices (BETA) menu.
7.     At the bottom, click Save.
Settings typically take effect in minutes. But they might take up to an hour to apply for everyone.

For more information for Chromebook Management- https://goo.gl/IMl8Bu  - Paperback/Kindle Edition)


Feb 19, 2017

[Chromebook Security] How to protect your Chromebook safetly

Chromebook Security

Chromebook provides multiple layers of protection using the principle of "defense in depth." Even if one of the layers of protection is disabled, the other layers remain in effect, so take precautions to protect your data, you can use the Internet a little more peace of mind.
The following security features are built into your Chromebook:
Auto update
The most effective protection against malware is to keep all software up-to-date and to apply the latest security fixes. Existing operating systems provide different software components from different vendors, and update mechanisms and user interfaces are different, which can be difficult to manage. Chromebook automatically manages updates, so they always run the latest and most secure version.
On a Chromebook, all web pages and applications run in a restricted environment called a "sandbox." So when you visit an infected webpage on your Chromebook, it will not affect anything else on your computer, including other tabs or apps. The threat is being blocked.
Self-Test Booting
Your Chromebook will continue to be protected even if malware penetrates the sandbox environment. Every time you start your Chromebook, it will perform a self-check called "self-test boot." If it detects that a system has been misconfigured or damaged in any way, it usually self-heals itself without any extra effort and reverts the Chromebook to a new operating system.
Data Encryption
When you use the web app on your Chromebook, all your important data is stored securely in the cloud. Files such as download, cookies, and browser cache files may remain on some computers. Accessing these files is very difficult on Chromebooks that encrypt data using tamper-resistant hardware.
Recovery mode
If you experience a problem with your Chromebook, you can simply press a button or use keyboard shortcuts to enter recovery mode and restore your operating system to a safe version without errors.

Check out the video below to learn more about the simple and essential steps you can take to improve your security while on the go.
Sometimes a link or email leads to a fake site that locks the browser. These sites are called "robbery sites" or "rogue sites," and make you think that users should pay to continue using their computers. This is not true. After a few simple steps, you can unlock your Chrome browser and use your Chromebook again as usual.
Unlock Chrome browser
  1. Select your Chromebook from this list and follow the instructions to reset your Chromebook. If your Chromebook is not listed, press Refresh + Power on your keyboard.
  2. When you sign in to your Chromebook and open the Chrome browser, the Restore window opens.
  3. Click the X in the top right corner to close the window.
  4. Note: Do not click Restore. Clicking Restore will reopen the malicious webpage and lock your browser.
  5. Open a few websites and make sure your browser is working properly.

Securing your Wi-FI Network

If your browser is still locked, learn more about restoring your Chromebook.
Learn more - Chromebook Security

Two-step verification for enhanced security

Gmail and G Suite provide a one-step verification to sign in with the user's email address and password most often used to sign in, and two-step verification to enter the verification code (SMS message / Google OTP / Security key).

2-step verification is the safest way to increase security when using a Google account. Even if user accounts and passwords are leaked, it is the safest method because once again you need to authenticate (send text / Google OTP / Security key) at login.

Why do I need 2-step verification?
  • If you use a public PC in a public place, such as an Internet cafe, and log in to Gmail, your account may be automatically saved on the exposed or borrowed PC and leaked to others. 2-step verification prevents this.
  • When presenting from outside, it prevents the leakage of account information if you log in using a PC other than your own PC.
  • Sometimes Gmail accounts are leaked, preventing you from paying for game items in the Google Play Store without your knowledge.
  • Prevent unauthorized use of your Gmail account information through your smartphone
In addition to this, you need to prevent your account information from being leaked for various reasons. To protect you from such information leakage, we offer 2-step verification.

There are four different 2-step verification methods we offer.
  1. Send verification codes to voice or SMS messages
  2. Use a one-time password with the Google Authenticator app
  3. Backup code - use 10 disposable codes
  4. Use the USB security key

How to set up 2-step verification

  1. Log in to Gmail and click 'My Account'

  1. My Account> Sign-In & Security
& security.png

  1. Sign-In & Security > 2 Step Verification
2 step verification.png

  1. 2 Step Verification > Security Key, Voice or Text Message

An example of using 'security key' for 2-step verification.

I'm using a security key for 2-step verification. This is a security key product certified by Google. Yubico's FIDO U2F key is purchased and used. When I login to Gmail, I need to authenticate to this security key in 2-step, and I login after I press the key with the blue light on the USB port. Once authenticated, my Chromebook does not require a security key for 30 days. When I work on someone else's computer, or open a new incognito window and ask for my security key when I sign in to Gmail.

For more information- https://goo.gl/IMl8Bu  - Paperback/Kindle Edition)