You can use Nymi Lock Control on Windows thick clients and through Windows Terminal Service from an HP Thin Pro or IGEL.
Nymi Bluetooth Endpoint defines Received Signal Strength Indicator(RSSI) parameters that control how the solution detects and responds to BLE taps.
How you modify the RSSI parameters depends on the operating system:
- On Windows thick clients, edit the C:\Nymi\Bluetooth_Endpoint\nbe.toml file in administrator mode.
- On HP Thin Pro, edit the /usr/bin/nbe.toml file.
- On IGEL, in UMS, navigate to and define the partition parameters.
Edit the RSSI values. The following table provides a list of supported RSSI parameters, their default values and the purpose of each parameter as outlined in the following table.
For IGEL, specify all RSSI parameter names in capital letters.
| RSSI Parameter | Default Value | Description |
|---|---|---|
| rssi_window_tap | 10 |
This determines the duration the Nymi Band must be within tap-distance of the BLE radio antenna to complete a tap. A larger value increases the duration required to perform and decrease the sensitivity. |
| rssi_window_long | 50 |
This determines the frequency that Nymi Bluetooth Endpoint checks the distance between the BLE radio antenna and the Nymi Band. Nymi Bluetooth Endpoint tracks trends in these changes to trigger a Nymi Lock Control action, such as keep unlocked when present, lock when away, or unlock when present. |
| rssi_tap_threshold |
-42 (must be 0 or negative) |
This determines the range at which a tap event will occur. A smaller negative value means a closer distance to the BLE antenna. BLE tap is disabled by default (value = 0). Enter a non-zero, negative number to enable BLE tap. Nymi recommends an RSSI value of -42. If the Nymi Band maintains a minimum distance specified by rssi_tap_threshold, for the duration of time that is defined by rssi_window_tap, a BLE tap is performed. |
| rssi_cutoff_close |
-70 (must be 0 or negative) |
This determines the outer range of the close distance-threshold (excluding tap distance) for Nymi Lock Control. Enter 0 to bypass the proximity functionality of Nymi Lock Control. If the Nymi Band maintains a close distance to the BLE radio antenna and the RSSI values measured are within the rssi_cutoff_close value, Nymi Lock Control keeps the user terminal unlocked. If the Nymi Band moves away from the BLE radio antenna, and the RSSI values measured are on a decreasing trend and goes from the rssi_cutoff_close value to the rssi_cutoff_far value, Nymi Lock Control locks the user terminal. |
| rssi_cutoff_far |
-83 (must be negative) |
This determines the outer range of the far distance-threshold (excluding tap distance) for Nymi Lock Control. If the Nymi Band moves towards the BLE radio antenna, and the RSSI values measured are on an increasing trend and goes from the rssi_cutoff_far value to the rssi_cutoff_close value, Nymi Lock Control unlocks the user terminal. |
The following figure provides an example of the Partition Parameters window in UMS with each RSSI value.
After you save the changes, restart the Nymi Bluetooth Endpoint, which reloads the parameter settings.
Setting the Nymi Bluetooth Endpoint ID Format
In addition to the RSSI parameters, you can configure the format of the endpoint ID that Nymi Bluetooth Endpoint uses to identify a user terminal. The endpoint ID uniquely identifies the Nymi Bluetooth Endpoint to the applications that connect to it. By default, the endpoint ID is the IPv4 address of the user terminal, which is suitable for most environments.
In some environments, more than one user terminal can be assigned the same IP address — for example, when terminals connect over VPNs, or when multiple sites use overlapping IP subnets that reach the corporate network through NAT. In these environments the IP address alone may not be unique, which can cause an application to connect to the wrong Nymi Bluetooth Endpoint and lead to data integrity issues. To prevent this ambiguity, you can configure the endpoint ID to be derived from the hostname, or from the hostname combined with the IP address.
You set the endpoint ID format with the ENDPOINT_ID_MODE environment variable. The following table lists the supported formats, their values, and the purpose of each format.
| ENDPOINT_ID_MODE environment Value | Description |
|---|---|
|
IP (default) |
The endpoint ID is the IPv4 address of the user terminal. Suitable for most environments. |
| HOSTNAME |
The endpoint ID is the hostname of the user terminal, as reported by the operating system. Allows the IP address of the terminal to change (for example, when switching to a different Wi-Fi network) while maintaining connectivity. |
| HOSTNAME_IP |
The endpoint ID is the hostname and the IPv4 address of the user terminal. Provides the maximum protection against endpoint ID conflicts. |
Table 2. Endpoint ID Formats
The ENDPOINT_ID_MODE environment variable is supported in CWP 1.20.2 and later. When the variable is not set, Nymi Bluetooth Endpoint uses the default IP format.
To set the endpoint ID format:
- Set the environment variable ENDPOINT_ID_MODE to the required format (for example, ENDPOINT_ID_MODE=HOSTNAME_IP) on each user terminal and on each computer that runs a connecting application. You can use Active Directory group policy to apply this setting to all computers at once. Computers that run a connecting application include, for example, RDP or Citrix servers with the PAS-X Client or Evidian Client installed.
- Restart the computer so that the new setting takes effect. If Nymi Bluetooth Endpoint is the only Nymi component installed, restarting Nymi Bluetooth Endpoint is sufficient.
Apply the same endpoint ID format consistently across all user terminals and connecting applications. A mismatch between components can cause BLE tap to work unreliably. When you change the format on an existing deployment, apply the change during a maintenance window.
Comments
0 commentsPlease sign in to leave a comment.